Custom security plugin
I have a task where I need to implement Plugin that signs, does revocation check and timestamps PDF document. Currently I am investigating DocSign example that came with SDK.
I know that Acrobat Reader users can't sign doduments unless the document that is presented to Reader is 'enabled' for signing in Reader. Can this setting be changed programmaticaly in Reader ? If yes, what API call I need to investigate....
Also I am wondering whether default security library (Adobe.PPklite) is able to do revocation checking through OCSP or do I really need to implement a Plugin of my own ? I need to do forced revocation check. When signing document with my custom plugin I need to set up flags for this purpose, right ?
Also I am wondering in what API call I need to bring up UI that shows Windows cert store certs ?
No, you can't change Reader to sign any document. It can only sign those that are enabled. If your customers need to sign ANY PDF, then they need to purchase Acrobat.
Yes, Acrobat & Reader support both CRL and OCSP revocation checking for signatures that are created with the appropriate filters. Validation will take these things into account and you can ask Acrobat (via APIs) to validate a single signature or all signatures on a document and retrieve the results.
I would read the Windows SDK documentation for how to work with it...
Similar Messages
-
Unable to login using OAM Custom Authentication Plugin
Hi,
I have a problem with OAM Custom Authentication Plugin, My Plugin is Activate successfully. When try to login from Access Manager SSO login page, it is unable to login. I am getting followiing message in the log file.
I am return ExecutionStatus.SUCCESS from my Java code and I have only one step where I have attached Plugin and my Steps Orchestration is
On Success -> Success
On Failure -> Failure
On Error -> Failure
Jun 12, 2013 9:06:22 AM oracle.security.am.controller.MasterController processEvent
INFO: Master Controller: processing Event:process_creds.
Jun 12, 2013 9:06:22 AM oracle.security.am.controller.MasterController processEvent
INFO: Master Controller: Event processing finished :process_creds with status fail.
Jun 12, 2013 9:06:22 AM oracle.security.am.controller.MasterController processEvent
INFO: Master Controller: processing Event:is_resource_protected.
Jun 12, 2013 9:06:22 AM oracle.security.am.engines.enginecontroller.AuthzEngineController processEvent
INFO: Processing Event is_resource_protected
Jun 12, 2013 9:06:22 AM oracle.security.am.engines.enginecontroller.AuthzEngineController processEvent
INFO: Is Resource Protected status : success
Jun 12, 2013 9:06:22 AM oracle.security.am.controller.MasterController processEvent
INFO: Master Controller: Event processing finished :is_resource_protected with status success.
Jun 12, 2013 9:06:22 AM oracle.security.am.controller.MasterController processEvent
INFO: Master Controller: processing Event:check_valid_session.
Jun 12, 2013 9:06:22 AM oracle.security.am.engines.enginecontroller.sso.SSOEngineController processEvent
INFO: Processing Event check_valid_session
Jun 12, 2013 9:06:22 AM oracle.security.am.engines.enginecontroller.sso.SSOEngineController processEvent
INFO: Processing Event check_valid_session
Jun 12, 2013 9:06:22 AM oracle.security.am.controller.MasterController processEvent
INFO: Master Controller: Event processing finished :check_valid_session with status fail.
Jun 12, 2013 9:06:22 AM oracle.security.am.controller.MasterController processEvent
INFO: Master Controller: processing Event:process_creds.
Jun 12, 2013 9:06:22 AM oracle.security.am.engines.enginecontroller.credcollect.CredCollectEngineController handleProcessCredentials
INFO: Successfully validated the submitted credentials.
Jun 12, 2013 9:06:22 AM oracle.security.am.controller.MasterController processEvent
INFO: Master Controller: Event processing finished :process_creds with status success.
Jun 12, 2013 9:06:22 AM oracle.security.am.controller.MasterController processEvent
INFO: Master Controller: processing Event:validate_creds.
Jun 12, 2013 9:06:22 AM oracle.security.am.engines.enginecontroller.AuthnEngineController processEvent
INFO: Processing Event validate_creds
Jun 12, 2013 9:06:22 AM oracle.security.am.engines.enginecontroller.authn processEvent
INFO: Policy ID : DB User Authentication Scheme
Jun 12, 2013 9:06:22 AM oracle.security.am.engine.authn.internal.controller.AuthenticationEngineControllerImpl validateUser
INFO: Authentication Scheme Id: DB User Authentication Scheme.
Jun 12, 2013 9:06:22 AM oracle.security.am.engine.authn.internal.controller.AuthenticationEngineControllerImpl validateUser
INFO: Runtime Authentication Scheme: Scheme name: = DB User Authentication Scheme
Scheme Challenge URL: = http://idmlab.tigerit.com:14100/oam/server/
Scheme Challenge Mec: = FORM
Scheme Challenge Par: = {contextType=default, username=string, contextValue=OAM, password=sercure_string, challenge_url=/pages/login.jsp}
Authentication Module Name: = DB Authentication module
Jun 12, 2013 9:06:22 AM oracle.security.am.engine.authn.internal.executor.AuthenticationSchemeExecutor execute
INFO: Authentication Module Factory Class: DB Authentication module.
Jun 12, 2013 9:06:22 AM oracle.security.am.common.diagnostic.DiagnosticUtil getDynamicPath
INFO: DiagnosticUtil: enetered getDynamicPath
Jun 12, 2013 9:06:22 AM oracle.security.am.engines.common.adapters.OAMLoggerImpl info
INFO: Registering collector at runtime.
Jun 12, 2013 9:06:22 AM oracle.security.am.common.diagnostic.impl.MetricHierarchy getOrCreateCollector
INFO: Collector already exists, reusing existing.
Jun 12, 2013 9:06:22 AM oracle.security.am.common.diagnostic.DiagnosticUtil getDynamicPath
INFO: DiagnosticUtil: enetered getDynamicPath
Jun 12, 2013 9:06:22 AM oracle.security.am.engines.common.adapters.OAMLoggerImpl info
INFO: Registering collector at runtime.
Jun 12, 2013 9:06:22 AM oracle.security.am.common.diagnostic.impl.MetricHierarchy getOrCreateCollector
INFO: Collector: ["PluginPhaseEvent.oracle.security.am.plugin.diagnostic.PluginPhaseEvent@6d6a08fb":" Collector : OAMS/OAM/Plugin/AUTHN/Plugin_SamplePlugin/PluginLocate
Type : PHASE_EVENT
Metrics : 511
LogLevel : OFF
EnableRate : false EnablePersistence : false"], registered at runtime.
Jun 12, 2013 9:06:22 AM oracle.security.am.engines.common.adapters.OAMLoggerImpl info
INFO: Registering collector at runtime.
Jun 12, 2013 9:06:22 AM oracle.security.am.common.diagnostic.impl.MetricHierarchy getOrCreateCollector
INFO: Collector already exists, reusing existing.
User Name: test and Password : test
Authentication Successfull return ExecutionStatus.SUCCESS
Jun 12, 2013 9:06:22 AM oracle.security.am.engine.authn.internal.controller.AuthenticationEngineControllerImpl validateUser
INFO: Result of Authentication Scheme Execution: false.
Jun 12, 2013 9:06:22 AM oracle.security.am.controller.MasterController processEvent
INFO: Master Controller: Event processing finished :validate_creds with status fail.
Jun 12, 2013 9:06:22 AM oracle.security.am.controller.MasterController processEvent
INFO: Master Controller: processing Event:check_authn_retry.
Jun 12, 2013 9:06:22 AM oracle.security.am.controller.MasterController processEvent
INFO: Master Controller: Event processing finished :check_authn_retry with status success.
Jun 12, 2013 9:06:22 AM oracle.security.am.controller.MasterController processEvent
INFO: Master Controller: processing Event:cred_collect.
Jun 12, 2013 9:06:22 AM oracle.security.am.engines.enginecontroller.credcollect.CredCollectEngineController handleCollectCredentials
INFO: Processing Event cred_collect
Jun 12, 2013 9:06:22 AM oracle.security.am.engines.enginecontroller.credcollect.CredCollectEngineController handleCollectCredentials
INFO: Credential collection process success.
Jun 12, 2013 9:06:22 AM oracle.security.am.controller.MasterController processEvent
INFO: Master Controller: Event processing finished :cred_collect with status success.
Jun 12, 2013 9:06:22 AM oracle.security.am.controller.MasterController processEvent
INFO: Master Controller: processing Event:PBL_return.
Jun 12, 2013 9:06:22 AM oracle.security.am.controller.MasterController processEvent
INFO: Master Controller: Event processing finished :PBL_return with status success.
Can anyone help me regarding this issue.
Thanks
Tamim KhanHi,
Little update about authentication plugin, please see the log file below, Result of Authentication Scheme Execution:true, now but, still the cookie is LOGGEDOUTCONTINUE and still I am unable to login.
Jun 19, 2013 1:51:44 PM oracle.security.am.common.controller.util.BasicCacheHandler sync
INFO: Cache data sync:InProcess for request -414941018507193158;
Jun 19, 2013 1:51:44 PM oracle.security.am.common.controller.util.BasicCacheHandler sync
INFO: Cache data sync:Success for request -414941018507193158;
Jun 19, 2013 1:51:44 PM oracle.security.am.controller.MasterController processEvent
INFO: Master Controller: processing Event:process_creds.
Jun 19, 2013 1:51:44 PM oracle.security.am.engines.enginecontroller.credcollect.CredCollectEngineController handleProcessCredentials
INFO: Successfully validated the submitted credentials.
Jun 19, 2013 1:51:44 PM oracle.security.am.controller.MasterController processEvent
INFO: Master Controller: Event processing finished :process_creds with status success.
Jun 19, 2013 1:51:44 PM oracle.security.am.controller.MasterController processEvent
INFO: Master Controller: processing Event:validate_creds.
Jun 19, 2013 1:51:44 PM oracle.security.am.engines.enginecontroller.AuthnEngineController processEvent
INFO: Processing Event validate_creds
Jun 19, 2013 1:51:44 PM oracle.security.am.engines.enginecontroller.authn processEvent
INFO: Policy ID : DB Authentication Scheme
Jun 19, 2013 1:51:44 PM oracle.security.am.engine.authn.internal.controller.AuthenticationEngineControllerImpl validateUser
INFO: Authentication Scheme Id: DB Authentication Scheme.
Jun 19, 2013 1:51:44 PM oracle.security.am.engine.authn.internal.controller.AuthenticationEngineControllerImpl validateUser
INFO: Runtime Authentication Scheme: Scheme name: = DB Authentication Scheme
Scheme Challenge URL: = http://idmlab.tigerit.com:14100/oam/server/
Scheme Challenge Mec: = FORM
Scheme Challenge Par: = {contextType=external, username=string, contextValue=/oam, password=sercure_string, challenge_url=http://192.168.1.220:14100/ssologin/ssologin.jsp}
Authentication Module Name: = DB Authentication Module
Jun 19, 2013 1:51:44 PM oracle.security.am.engine.authn.internal.executor.AuthenticationSchemeExecutor execute
INFO: Authentication Module Factory Class: DB Authentication Module.
Jun 19, 2013 1:51:44 PM oracle.security.am.common.diagnostic.DiagnosticUtil getDynamicPath
INFO: DiagnosticUtil: enetered getDynamicPath
Jun 19, 2013 1:51:44 PM oracle.security.am.engines.common.adapters.OAMLoggerImpl info
INFO: Registering collector at runtime.
Jun 19, 2013 1:51:44 PM oracle.security.am.common.diagnostic.impl.MetricHierarchy getOrCreateCollector
INFO: Collector already exists, reusing existing.
Jun 19, 2013 1:51:44 PM oracle.security.am.common.diagnostic.DiagnosticUtil getDynamicPath
INFO: DiagnosticUtil: enetered getDynamicPath
Jun 19, 2013 1:51:44 PM oracle.security.am.engines.common.adapters.OAMLoggerImpl info
INFO: Registering collector at runtime.
Jun 19, 2013 1:51:44 PM oracle.security.am.common.diagnostic.impl.MetricHierarchy getOrCreateCollector
INFO: Collector already exists, reusing existing.
User Name: test and Password : test
Set 1st Responce
Set 2nd Responce
Set 3rd Responce
Setting cookie
Authentication Successfull return ExecutionStatus.SUCCESS
Jun 19, 2013 1:51:44 PM oracle.security.am.common.diagnostic.DiagnosticUtil getDynamicPath
INFO: DiagnosticUtil: enetered getDynamicPath
Jun 19, 2013 1:51:44 PM oracle.security.am.engines.common.adapters.OAMLoggerImpl info
INFO: Registering collector at runtime.
Jun 19, 2013 1:51:44 PM oracle.security.am.common.diagnostic.impl.MetricHierarchy getOrCreateCollector
INFO: Collector already exists, reusing existing.
Jun 19, 2013 1:51:44 PM oracle.security.am.engine.authn.internal.controller.AuthenticationEngineControllerImpl validateUser
INFO: Result of Authentication Scheme Execution: true.
Jun 19, 2013 1:51:44 PM oracle.security.am.controller.MasterController processEvent
INFO: Master Controller: Event processing finished :validate_creds with status fail.
Jun 19, 2013 1:51:44 PM oracle.security.am.controller.MasterController processEvent
INFO: Master Controller: processing Event:check_authn_retry.
Jun 19, 2013 1:51:44 PM oracle.security.am.controller.MasterController processEvent
INFO: Master Controller: Event processing finished :check_authn_retry with status success.
Jun 19, 2013 1:51:44 PM oracle.security.am.controller.MasterController processEvent
INFO: Master Controller: processing Event:cred_collect.
Jun 19, 2013 1:51:44 PM oracle.security.am.engines.enginecontroller.credcollect.CredCollectEngineController handleCollectCredentials
INFO: Processing Event cred_collect
Jun 19, 2013 1:51:44 PM oracle.security.am.engines.enginecontroller.credcollect.CredCollectEngineController handleCollectCredentials
INFO: Credential collection process success.
Jun 19, 2013 1:51:44 PM oracle.security.am.controller.MasterController processEvent
INFO: Master Controller: Event processing finished :cred_collect with status success.
Jun 19, 2013 1:51:44 PM oracle.security.am.controller.MasterController processEvent
INFO: Master Controller: processing Event:PBL_return.
Jun 19, 2013 1:51:44 PM oracle.security.am.controller.MasterController processEvent
INFO: Master Controller: Event processing finished :PBL_return with status success.
Jun 19, 2013 1:51:44 PM oracle.security.am.common.controller.util.BasicCacheHandler sync
INFO: Cache data sync:InProcess for request -414941018507193158;
Jun 19, 2013 1:51:44 PM oracle.security.am.common.controller.util.BasicCacheHandler sync
INFO: Cache data sync:Success for request -414941018507193158;
Can anyone help me please.
Thanks
Tamim Khan -
Custom secure views report is not restricting the data
Hi,
I have created few custom secure views reports and in which I have used the per_people_f , per_assignments_f secure views but when I am running this report from different responsibilities like (US Resp, UK Resp) it is producing the same number of records. From US resp it should produce the US employees and from UK it should produce the UK employees but this is not happening currently.it is a simple sql script which I registered as sql*plus executable.
Can any one suggest if I am missing some thing? Urgent help would be appreciated.
Thanks,
AshishPl post details of OS, database and EBS versions. How have you implemented security ? What kind of concurrent program are you using ? Pl provide details. Also see these MOS Docs
How To Enable Hr Security on Custom Reports? (Doc ID 369345.1)
Understanding and Using HRMS Security in Oracle HRMS (Doc ID 394083.1)
Need Custom Security Profile To Restrict Based On Employees Organization (Doc ID 445142.1)
HTH
Srini -
Errors encountered while using a Custom Security Realm on a Platform Domain
Hi,
We have created a WebLogic Platform Domain. A WebLogic Portal application(Portal
7.0) and some Web Service apps are running on this domain.
We have created a Custom Security Realm b'cos of our application requirements
and now when I startup the Platform Domain, I see lot of errors.
Some of the errors typically are
"<Jan 16, 2003 4:07:02 PM EST> <Error> <HTTP> <101256> <The run-as user: wlisystem,
for the servlet: ApplicationView for the webapp: /WLI_AI_Workshop_Control_Web,
could not be resolved to a valid user in the system. Please check if the user
exists.
javax.security.auth.login.LoginException: Authentication Failed: User wlisystem
denied in Realm Adapter realm weblogic"
or
Unable to deploy EJB: wlai-eventprocessor-ejb.jar from wlai-eventprocessor-ejb.jar:weblogic.ejb20.WLDeploymentException:
weblogic.ejb20.interfaces.PrincipalNotFoundException: Authentication Failed: User
wlisystem denied in Realm Adapter realm weblogic
Do we have to create any predefined user accounts in the Security Store to get
rid of these errors. I would appreciate if anyone can suggest some tips or workarounds
for configuring or creating a Custom Security Realm for Web Logic Platform Domain.
Thanks
VikramHello Vikram,
Are you using the new WLS 7.0 security framework? It is not supported for
Portal 7.0. For Portal 7.0 apps you have to use compatibility mode (6.x
style) security.
Ture Hoefner
BEA Systems, Inc.
www.bea.com
"Vikram Datla" <[email protected]> wrote in message
news:3e273015$[email protected]..
>
Hi,
We have created a WebLogic Platform Domain. A WebLogic Portalapplication(Portal
7.0) and some Web Service apps are running on this domain.
We have created a Custom Security Realm b'cos of our applicationrequirements
and now when I startup the Platform Domain, I see lot of errors.
Some of the errors typically are
"<Jan 16, 2003 4:07:02 PM EST> <Error> <HTTP> <101256> <The run-as user:wlisystem,
for the servlet: ApplicationView for the webapp:/WLI_AI_Workshop_Control_Web,
could not be resolved to a valid user in the system. Please check if theuser
exists.
javax.security.auth.login.LoginException: Authentication Failed: Userwlisystem
denied in Realm Adapter realm weblogic"
or
Unable to deploy EJB: wlai-eventprocessor-ejb.jar fromwlai-eventprocessor-ejb.jar:weblogic.ejb20.WLDeploymentException:
weblogic.ejb20.interfaces.PrincipalNotFoundException: AuthenticationFailed: User
wlisystem denied in Realm Adapter realm weblogic
Do we have to create any predefined user accounts in the Security Store toget
rid of these errors. I would appreciate if anyone can suggest some tips orworkarounds
for configuring or creating a Custom Security Realm for Web Logic PlatformDomain.
>
Thanks
Vikram -
SQL Query in Custom Security when creating Security Profile
Hello all,
I've created a security profile with Custom security and provided a simple query in Custom Security tab-
PERSON.PERSON_ID = FND_GLOBAL.EMPLOYEE_ID
Custom security option is "Restrict the people visible to each user using this profile"
I am not able to see the record as expected.
If I Hardcode the person ID "PERSON.PERSON_ID = 13449" with "Restrict the people visible to each user using this profile", I am able to see the record.
If I Hardcode the person ID "PERSON.PERSON_ID = 13449" with "Restrict the people visible to this profile", I am able to see the record after running PERSLM and same is in PER_PERSON_LISTS.
Am I correct in checking with FND_GLOBAL.EMPLOYEE_ID?
(This was mentioned in system administrator guide :
"+Oracle HRMS assesses the custom security when the user signs on. In addition, the custom security code can include references to user specific variables, for example, fnd_profile.value() and fnd_global.employee_id.+"
docs.oracle.com/cd/E18727_01/doc.121/e13509/T2096T2098.htm).
I have tried with FND_GLOBAL.USER_ID / FND_PROFILE.VALUE('USER_ID') / :ASG_ID (seeded query has a join with this bind variable) - not happening.
I've given options as below :
Employees = None
Contingent Worker = Restricted
Applicant = None
Contacts = All
Candidates = All
All other options - Defaulted
Thanks,
SumanthResolved this - One cannot see self's employee record in the form for which this is setup.
Hence the below query though correct in syntax did not show any data.
PERSON.PERSON_ID = FND_GLOBAL.EMPLOYEE_ID
My original requirement was that all employees belonging to one's Organization should be displayed, and this is working fine with an updated query for the same.
Thanks,
Sumanth -
How to pass custom cookie from report builder application to SSRS Custom Security Extension?
We want to implement SSRS in SaaS model. We implemented Custom Security extension in order to authenticate users from other application. When user enters username/password, i would like to authenticate the user in other application and it will return some data which can be used for autherization. I am expecting the same set of data will be accessible during all autherization calls.
Currently we are implementing this in Report Builder application. I couldn't able to persist the information in cookie. Report builder removes all the cookies exceprt one cookie which is used by report server.Is there any way to share the information in all reportbuilder autherization calls in same session?if you have your own data extension, you can using
HttpContext.Current.Application.Add("yourkey",
yourdata);
to save your data, but the issue I met it the key, I cannot find a key depended on report builder. If I use username, if the user open 2 report builder, both of them will get the same key and same data, but at this case the data should be different.
I hope it will help you. -
How to create custom report plugin using child region report metadata
Hi,
I want to ask for help on how to create custom report plugin using child region report metadata. My idea is to create a child region, a classic report and set the condition to never.
Then i will query the child report metadata from apex view and use it to create a custom report like using jquery jq-grid. Any idea how i can create a process that will use the child report
metadata? I dont know how i can create a process just like how apex work, how apex render report, coz i want it to be control using the standard apex report attribute. This plugin will
render according to the child report attribute.
Is there anybody here had ever done this?Hi Nicolette,
Thanks for the reply. I know where to find the metadata, just asking for idea on how the rendering process will be.
Start from determining column heading, column order until finish rendering the report. The same way how apex
render the classic report.
Previously this imy my rendering process:
FUNCTION GETCOLUMN(P_REGION IN APEX_PLUGIN.T_REGION,
P_PLUGIN IN APEX_PLUGIN.T_PLUGIN,
P_VALUE IN VARCHAR2) RETURN SYS.DBMS_SQL.DESC_TAB2 IS
VSQLHANDLER APEX_PLUGIN_UTIL.T_SQL_HANDLER;
VCOLCOUNT NUMBER;
VCOLNAMES VARCHAR2(2000);
VAJAXIDENTIFIER VARCHAR2(100);
VPAGESIZE TYPEATTR := P_REGION.ATTRIBUTE_04;
VJSCODE VARCHAR2(32767);
BEGIN
VSQLHANDLER := APEX_PLUGIN_UTIL.GET_SQL_HANDLER(P_SQL_STATEMENT => 'select * from s_emp',
P_MIN_COLUMNS => 1,
P_MAX_COLUMNS => 999,
P_COMPONENT_NAME => P_REGION.ID);
VCOLCOUNT := VSQLHANDLER.COLUMN_LIST.COUNT();
FOR I IN 1 .. VCOLCOUNT LOOP
VCOLNAMES := VCOLNAMES || '{name: "' ||
UPPER(VSQLHANDLER.COLUMN_LIST(I).COL_NAME) || '",';
END LOOP;
APEX_PLUGIN_UTIL.FREE_SQL_HANDLER(VSQLHANDLER);
RETURN VSQLHANDLER.COLUMN_LIST;
EXCEPTION
WHEN OTHERS THEN
APEX_PLUGIN_UTIL.FREE_SQL_HANDLER(VSQLHANDLER);
RAISE;
END GETCOLUMN;
So this is how i get the header for my report plugin. The same method is use to get the value / data for each column. This process is work. So now
i want to extend my plugin so that i will use all attributes from the child report to render my plugin. So the column header, column order, all will depend
on the child report. And the column display condition is set, it will also check the condition before render the column. Sounds like i want to reinvent
the normal apex rendering process but this is what i want to achieve.
I need help to find the correct logic for my render process. Don't want too much for starting, just want to render the plugin correctly, same with child report,
same columns alias, column ordering and column conditional display.
Thanks,
akulala -
Custom security provider exception
Good day, colleagues. I want to raise an old topic.
I use custom security provider exceptions:
-AccountExpiredException
-AccountLockedException
However, the login() method only captures FailedLoginException
try
CallbackHandler pwcall = new weblogic.security.URLCallbackHandler(user, pass.getBytes("UTF-8"));
subject = weblogic.security.services.Authentication.login(pwcall);
weblogic.servlet.security.ServletAuthentication.runAs(subject, request);
catch (javax.security.auth.login.LoginException e) {
e.printStackTrace();
javax.security.auth.login.FailedLoginException: [Security:090304]Authentication Failed: User ...
at weblogic.security.providers.authentication.LDAPAtnLoginModuleImpl.login(LDAPAtnLoginModuleImpl.java:240)
at com.bea.common.security.internal.service.LoginModuleWrapper$1.run(LoginModuleWrapper.java:110)
at java.security.AccessController.doPrivileged(Native Method)
I found similar questions IdentityAssertion custom exception, FailedLoginException asked many years ago for WLS 9.2
Their solution (wlp.propogate.login.exception.cause=true) does not work for WLS 10.3.
How to propagate original LoginException?
Or exception message only.I did it! look closely to source code:
javax.security.auth.login.LoginContext:875
if (moduleStack[i].entry.getControlFlag() == AppConfigurationEntry.LoginModuleControlFlag.REQUISITE) {
// if REQUISITE, then immediately throw an exception
if (methodName.equals(ABORT_METHOD) || methodName.equals(LOGOUT_METHOD)) {
if (firstRequiredError == null)
firstRequiredError = le;
} else {
throwException(firstRequiredError, le);
} else if (moduleStack[i].entry.getControlFlag() == AppConfigurationEntry.LoginModuleControlFlag.REQUIRED) {
// mark down that a REQUIRED module failed
if (firstRequiredError == null)
firstRequiredError = le;
} else {
// mark down that an OPTIONAL module failed
if (firstError == null)
firstError = le;
javax.security.auth.login.LoginContext:922
// we went thru all the LoginModules.
if (firstRequiredError != null) {
// a REQUIRED module failed -- return the error
throwException(firstRequiredError, null);
} else if (success == false && firstError != null) {
// no module succeeded -- return the first error
throwException(firstError, null);
} else...
I set Control flag: OPTION to DefaultAuth (was REQUIRED)
and order it after my LoginModule. (restart required!)
Now I catch my exceptions %) -
What is the best way to deploy/update custom security realm classes to WLS 6.0?
From the WLS 6.0 console, I see that I can specify the Java class that
implements my custom security realm but I am wondering what is the best way
to deploy/update this code. I don't see a way to do this from the console.
Does this mean that I have to manually copy the class files over that
implement my custom security realm?Thanks Danut,
A jar file seems to be a good way to package it up but it sounds like it
still needs to be manually copied to each Weblogic server install directory
post-installation and whenever it is updated. I thought it would be nice to
be able to deploy/update the custom security realm by uploading it through
the Console just as you can with web applications and EJBs.
Brian
"Danut Prisacaru" <[email protected]> wrote in message
news:3aba2db0$[email protected]..
You have to have your Custom Realm class in the class path. I usually havea
jar file with all the Custom Realm classes and that jar I copy it in thelib
folder. Then I modify "startWebLogic.cmd" and I add to the classpath
".\lib\CustomRealm.jar"
set
CLASSPATH=.;.\lib\weblogic_sp.jar;.\lib\weblogic.jar;.\lib\CustomRealm.jar;
>
Be aware that in order to have you custom realm besides creating thecustom
realm using the console you also have to create a custom caching andchoose
that one as your default caching realm.
Here is how the security settings are looking in my "config.xml"
<CustomRealm Name="CustomRealm"
RealmClassName="Custom.appserver.weblogic.security.CustomRealm"/>
<CachingRealm BasicRealm="CustomRealm" CacheCaseSensitive="true"
Name="CustomCachingRealm"/>
<Realm CachingRealm="CustomCachingRealm" FileRealm="wl_default_file_realm"
Name="wl_default_realm"/>
<FileRealm Name="wl_default_file_realm"/>
<Security GuestDisabled="false"
Name="mydomain" PasswordPolicy="wl_default_password_policy"
Realm="wl_default_realm"/>
Danut -
Access to IPortalComponentRequest in custom security manager
Hi All,
I am implementing a custom security manager. For my requirements, I need IPortalComponentRequest object in the security manager class. Can anyone give me a clue to get the request object in security manager implementation.
Regards,
YogaHi Romano,
I tried this. Its returning mysapsso2 cookie and authentication_schema cookie. But not retuning any custom cookies added to the response from any other application.
What I have tried to achieve is:
1. When a user login and authentication suceeds, I will add a custom cookie to the response.
2. Get the custom cookie added in the security manager class and do manipulations to check whether the user is authenticated.
Using the method you have suggested, I was not able to get any custom cookies added in other applications.
I tried the code using resource context(resource context obtained form IUser) as suggested in other threads,
HttpServletRequest request = (HttpServletRequest) resourceContext.getObjectValue("http://sapportals.com/xmlns/cm/httpservletrequest");
But this API returns null.
Any way to achieve?
Regards
Yoga -
We are migrating a JSF 1.2 application to JSF 2.0. Earlier we have developed a custom security by extending BodyTagSupport. In JSF 2.0 I have replaced BodyTagSupport with TagSupport and no compilation issues. In my taglib.xml if I configure this Tag with a handler-class[Which is how it was earlier] While running I am getting a class cast exception of not able to cast to TagHandler and If I configure this tag as component[I extended UIComponentELTag] I am getting error message as not able to cast to UIComponent.
Has any one developed a custom security tag, for examle check user role and if allowed dynamically display set of buttons or skip the particualr body part completely. By doStartTag()[EVAL_BODY_INCLUDE/SKIP_BODY]?
Edited by: user11864278 on Apr 14, 2011 1:07 PMWe are not extending TagHandler, I am trying to develop a custom EL Body tag that was earlier done with BodyTagSupport in JSF 1.2. In JSF 2.0 I believe I need to do this by extedning FacetTag in JSF 2.0, when I extend FacetTag and register it as a <handler-class> in taglib.xml I get a TagHandler class cast exception, as by default any Tag configured as Handler-class get cast into TAGHANDLER in JSF 2.0.
To make my question better, How can I develop a custom tag extending FacetTag? -
The secLDAP security plugin is not available.
some of my clients when they logon to Infoview
get the following error...
The secLDAP security plugin is not available. Please contact your system administrator for details
The authentication mode is Enterprise. Windows/AD/LDAP all are unchecked (disabled).We are currently using BOE XI R2.
This happens when user logins and authenticates to a different intranet site and then tries to login to Infoview. If the user comes and launches infoview, they doesn't encounter this issue.
Any help in this regard would be greatly apprciated.
Mattyou should post a new thread but that error is very generic, it could be anything. When posting try to add as many details about your workflow.
It may be best to open an incedent with support. At this point it could be workflow, config, bug, external config, anything really..
Also post in the [Admin forum|BI Platform;
There should be much LDAP expertise there.
Regards,
Tim
Edited by: Tim Ziemba on Aug 26, 2008 10:01 PM -
How to restrict employees from accessing managers data using custom security profile
Hi,
I am using custom security profile for restricting the employees from accessing supervisors details(PG.SEGMENT2=4). I have written the custom code as below :
Responsibility :US Super HRMS Manager
ASSIGNMENT.PERSON_ID
IN
(SELECT PAF.PERSON_ID FROM PER_ALL_PEOPLE_F PAF,
PER_ALL_ASSIGNMENTS_F PF,
PAY_PEOPLE_GROUPS PG,
PER_PERSON_TYPE_USAGES_F PPU,
FND_USER FNU
WHERE PAF.PERSON_ID=PF.PERSON_ID
AND :EFFECTIVE_DATE BETWEEN PAF.EFFECTIVE_START_DATE
AND PAF.EFFECTIVE_END_DATE
AND PF.PEOPLE_GROUP_ID=PG.PEOPLE_GROUP_ID
AND :EFFECTIVE_DATE BETWEEN PF.EFFECTIVE_START_DATE AND PF.EFFECTIVE_END_DATE
AND PPU.PERSON_ID=PAF.PERSON_ID
AND PPU.PERSON_ID=PF.PERSON_ID
AND :EFFECTIVE_DATE BETWEEN PPU.EFFECTIVE_START_daTE AND PPU.EFFECTIVE_END_DATE
AND PAF.PERSON_ID=FNU.EMPLOYEE_ID
AND PAF.PERSON_TYPE_ID =2
AND PPU.PERSON_TYPE_ID
IN(2,62)
and PAF.person_id = FND_PROFILE.value('user_id')
AND PG.SEGMENT2=8)
and using "restrict the people visible to each other using this profile".
I have assigned the security profile to HR user responsibility
But when I query the supervisor name in HR User responsibility , it is not restricting me from viewing supervisor details.
When I query for first time, its restricting me to view others details, but when I close that click on torch button and try searching, its allowing me to access manages details.
Can any one please let me know what setups need to be done for restricting employees from viewing supervisors data.
I have gone through the document "Understanding and Using HRMS Security in Oracle HRMS" but didn't got any idea.
Please suggest.
Thanks & Regards,
Anusha.Hi All ,
i solved the problem by using event 01 of header view and using the table "Extract" .
Regards,
Neha -
Unable to use a custom security realm with Netscape Directory Server in WebLogic 7
I have all users and groups stored in a Netscape LDAP server (version 4.1.6 on
Solaris 8), so I want to create a custom security realm in WebLogic 7 (also run
on Solaris 8) which uses my LDAP server as the Authenticator. I tried this by
using the Admin Console and followed exactly the steps in Chapter 3 of the "Managing
WebLogic Security" doc. However, when I rebooted WebLogic and logged into the
Admin Console again and clicked the Users node under my custom realm, I saw this
message in the right-hand pane: "There are no Authentication providers available
that support the creation of Users". Also, I don't see my custom realm in the
dropdown list under mydomain -> Security tab -> General tab -> Default Realm.
What did I do wrong? Also, where does WebLogic store the custom security realm
info? It is definitely not in config.xml.
Thanks,
Eric MaThanks for the info.
I wonder when they will fix it.
Jakub
U¿ytkownik "Eric Ma" <[email protected]> napisa³ w wiadomo¶ci
news:[email protected]..
>
According to BEA Tech Support, a known bug prevents the WLS 7 AdminConsole from
displying users and groups defined in Netscape Directory Server.
Eric Ma
"Jakub Wroniszewski" <[email protected]> wrote:
I have the same problem.
Any new ideas?
Rgds,
Jakub
U¿ytkownik "Eric Ma" <[email protected]> napisa³ w wiadomo¶ci
news:[email protected]..
Now I doubt my custom security realm is actually using the NetscapeDirectory Server
as the authenticator. Unlike in WebLogic 6.1 Admin Console, whereclicking on
the Users node displays all users in the LDAP server, in WebLogic 7I keep
getting
the message "There are no Authentication providers available that
support
the
creation of Users." Any suggestions?
"Eric Ma" <[email protected]> wrote:
Never mind. I tried again by following the steps outlined at
http://newsgroups.bea.com/cgi-bin/dnewsweb?cmd=article&group=weblogic.deve
l
oper.interest.security&item=8463&utag=
and it seemed to have worked for me.
"Eric Ma" <[email protected]> wrote:
I have all users and groups stored in a Netscape LDAP server (version
4.1.6 on
Solaris 8), so I want to create a custom security realm in WebLogic7
(also run
on Solaris 8) which uses my LDAP server as the Authenticator. I
tried
this by
using the Admin Console and followed exactly the steps in Chapter3
of
the "Managing
WebLogic Security" doc. However, when I rebooted WebLogic and logged
into the
Admin Console again and clicked the Users node under my custom realm,
I saw this
message in the right-hand pane: "There are no Authentication
providers
available
that support the creation of Users". Also, I don't see my customrealm
in the
dropdown list under mydomain -> Security tab -> General tab ->
Default
Realm.
What did I do wrong? Also, where does WebLogic store the customsecurity
realm
info? It is definitely not in config.xml.
Thanks,
Eric Ma -
How to make Custom Discoverer workbook use Custom Security profile of Apps
We use Discoverer in Oracle Apps setup. We have added Custom security in our HR People Form of Apps.
This Custom Security restricts one HR Emplpoyee not view other HR employee record except for himself/herself. Also maintining that they should be able to view all other employee's records.
The following code was put under the Security Profile Form -- > Custom Security Tab
exists (select 1
from per_jobs b
where ASSIGNMENT.job_id = b.job_id
and (b.name not like '%HR%')
and (b.name not like '%Human%')
and ASSIGNMENT.assignment_number is not null
union
select 1
from fnd_user fu
where fu.user_name = fnd_global.user_name
and fu.employee_id = PERSON.person_id
and ASSIGNMENT.assignment_number is not null)
Above security profile works fine for HR People Form.
However, It does not work for our Discoverer Workbooks. I found a note on Metalink 422841.1 which talks about leveraging the Custom Security of Apps in Discoverer Report. I read it, but did not get much clue.
Can Anyone help.
ThanksHi,
If you want to use custom HR security with Discoverer you have to ensure that the correct security filters are applied when the Discoverer reports are run. These filters can use the supplied HR_SECURITY package or you can develop your own conditions using table lookups or functions. To get the filters applied to your reports you have a number of options:
1. Build the security into custom folders using additional conditions
2. Use custom database views in Discoverer and build the security into the views
3. Use mandatory conditions in you Discoverer folders using either a function call or database contexts set at login time
4. Use VPD (Virtual Private Database)
I am not sure which of these options you are using to implement your HR security in Discoverer. The last option, VPD, is the most flexible and can give the best performance but maybe it is more complex to set up.
Rod West
Maybe you are looking for
-
I have updated up my ipad2 which had the original version on it (4.??) to the latest version of IOS. Before I did this I backed up the ipad to my laptop so I wouldnt lose precious pics and videos of my baby boy. Now that the latest version is on the
-
Once again we are getting constant "web page error" when save a reply. Also no emails are being sent since yesterday. When clicking "Alert Me" the page jumps to my user profile then throws page error. This happens on one Win 8.1 and one Windows 7 sys
-
Hi! I have written an applet that works just fine on my own Tomcat 4 server but when i try it on this ISP:n (web-hotel) it won't work! The ISP:n is running a Linux server but without X installed. The applet is using the following classes: import java
-
Can someone access your backups if you share a time capsule?
I share a time capsule with my boyfriend, and wasn't certain if I remembered correctly from school if he could access my backup on his Mac if we ever parted on less than friendly terms... 1.) There is nothing compromising on the backups, nor is there
-
[SLVD] `sudo mount` from Apache's (mod_php) context isn't system-wide.
Title field appears to be limited in acceptable symbols, so, the proper title would be `sudo mount` from Apache's (mod_php) context is successful, but not applied to whole system. Apache is run as http:http, http is added to sudoers as http ALL=(ALL)