Custom UME Role with action: Manage_All_User_Passwo

Hi all,
I have to create a custom role on EP. This role has to able a user to manage the password of all user (only password).
i created a custom UME role Reset_PWD and I add the following action
Manage_All_User_Password
I attribute this role to a user.
When I logon with this user I get an error: Page not found.
Any suggestion to solve my problem?
Thanks in advantage
Enzo

Hi Enzo,
The reason why you are getting this error is because you have assigned just the role and an action to it. There is no content attached to the role.
For this requirement, I am not sure if adding any existing iview will help or not.
Thanks,
Nikhil

Similar Messages

UME Role and Action

I am developing a recursive tree in a Web Dynpro App. My tree has some nodes and subnodes. Under the subnodes i have documents. Depending to the permission of the users should be decided what can the user do with the documents, for example, create, upate, delete and so on. I need to check the authorization of users. I want to follow the conzept like the Web Dynpro tutorial RentCar APP with Actions und Permissions. If a user logs on, i can get his UME role and group. My question is: if it is possible to list the permissions behind of one specific role, which is assigned to the user or a group.
In short I want to list the permissions and not only check if the user has it or not.
Please help me.
Regards
Hairong Zhao

Hi Sudhir,
thank you very much for your quick answer. But it can't resolve our problem really.If we only use hasPermission() method to check if the user has right, the efford to check user in our case is too great .
I try to describe our problem exactly. In our case, thers is possible that tausend documents can be attached to a node. we can't create a permission for every document. We create for every node a role, but for document we haven't role. If we don't use the conzept with Actions and Permissions, how can we check the permission of the users, have you another idea?
Regards,
Hairong Zhao

Custom UME attribute with pre-defined values

All,
Is it possible to define a custom UME attribute which will have pre-defined values so that it appears as dropdown select when the admin creates a user?
Your help is appreciated.
Thanks

Hi Aakash,
I am not a software developer so I cannot really give you details. I can point you to our documentation: [SAP NetWeaver Developer's Guide|http://help.sap.com/saphelp_nw70ehp1/helpdata/en/8b/0b674240449c60e10000000a1550b0/frameset.htm]
This guide should point you in the right direction. The UME has a public API with which you access the attributes in question programmatically. What you do from there depends what you as a programmer want to do.
-Michael

SP12: Auto-provisioning failed for role with action "keep"

Hi,
If you want to keep an exisiting role for a user in CUP. It wasn't possible to change the validity of the role. Therefor you have to set parameter 145 value to 1 in database table VIRSA_AE_ERMCONFIG and refresh cache in CUP(solution with SP11).
But know we have problemes with the auto-provisioning.
We can enter the other validity of the role and after that the request provisioning failed. In our workflow the request rerouted to the admin because of escape-route settings. All other new roles in the request are assigned well to the user in the backend system.
Any ideas?
Many thanks,
Alexa

Hi,
we actually have the same Problem, that changes to the role validity with action "keep" are not provisioned to the SAP system.
If it is only possible to change the validity with the action "add" it is not possible to limit the validity of a previously unlimited role. Because as you said another role with the new validity dates is simply added to the existing roles.
The only workaround would be to delete the old role and add a new one with new validity dates. But in my opinion this workaround is not acceptable for the users.
Best Regards
Jonas

How to create Custom User Role in HelpDesk?

Unfortunately, it is not possible to create a custom user role with custom permissions. What you see is what you get!
When you say, 'access to the Spiceworks server', do you mean Remote Desktop? Or accessing Spiceworks application from another computer?

Hi,
Could anyone help me to create my custom User Role or edit the existing Role in HelpDesk system? Please help me for this problem.
One more, How could my Helpdesk Admin/Tech user access to the Spiceworks's server. I mean, could he access through web browser or need to install it on client's PC?
Stay tune,
This topic first appeared in the Spiceworks Community

Transport roles (with assigned group) containing folders and iviews

Hi,
This message was in the BI forum before and I think that it suits here better.
I created a portal role which is contained in a folder X under Portal Content. This portal role is associated with a particular ABAP menu-role by means of Assigned Groups. When I transported the folder X with all dependent objects from Dev to QA, the portal role appeared but the Assigned Groups is empty. Another words, the association between portal role and the ABAP menu-role could not be transported. How can Associated Groups in a Portal Role be transported?
Then I also tried to do the following steps:
1. Export and import portal contents which include the whole structure with folders, roles and iviews under each role.
2. Export and import the same roles as user management data
The result from 1 was that the whole structure including the roles is imported; however none of the portal role contains the associated assigned group.
The result from 2 was that the UME roles with assigned group are imported as separat objects.
Now, the same role appears both as portal role without assigned group and the UME object with assigned group. But, there is no connection between 1 and 2. That means that I cannot use 2 anyway.
Therefore, I still have to manuelly modify 1 with assigned role once again after importing step 1. Is there a way to import 1 with the associated assigned group without any manuel modification?
Thank you in advance for any helpful advice.
Best regards,
Zabrina

hi,
check the following threads
http://help.sap.com/saphelp_nw04/helpdata/en/6d/7c8cfd410ea040aadf92e1f78107a4/frameset.htm
http://help.sap.com/saphelp_nw04/helpdata/en/6d/7c8cfd410ea040aadf92e1f78107a4/frameset.htm
Re: Transport management in BW 2004s
let me know uneed any further info
bvr

Not able to work with customized Java roles which were edited in ABAP stack

Hello All,
I am trying to copy standard roles into customized roles (i.e. Z roles) using PFCG in XI system. All ABAP based roles are working fine, but all JAVA based roles are not working. I generated profiles as well. And I check all the authorization objects in both standard and customized roles. Everything look same but customized roles are not working.
And when I check the logs on JAVA stack I found the error which says " User XXXXXXXXXX IP address HTTP request processing failed. HTTP error [403] will be returned. The error is [You are not authorized to view the requested resource.No details available]."
I thought there might be any Jco RFC connections missing between the stacks and I tried to check in Visual Admin, but I was not able to find much info regarding these roles.
Am I missing anything or is there any other way for these roles to make customized roles.
And can any one tell me how to run a trace for JAVA stack activitites as we do in ABAP using ST01. Any help will be rewarded. Thanks in advance.
Regards,
Farooq.

Java roles work with influence of permissions in Application Server which we call actions in UME. As you are aware in PI user master record will be in ABAP stack. So the roles in ABAP stack will be having only RFC connections to JAVA stack for the specific JAVA based role. So you need to edit the permission on Java App Server. For that you need to log on to server through visual admin and then go to services and you will find the standard groups assigned to actions. But I dont remember that under which service you will find them
Under that service you will find some 200 actions. And you have to add the name of the custom created JAVA roles on ABAP to all those actions where you find the standard roles. And its a very very lengthy procedure. So SAP advice to go for customized ABAP roles and Standard JAVA roles.
Hope this answer clears your query.
Farooq.

UME Roles for PDF Actions

Hello All,
Can you please let me know which UME roles I need to add in NWA to enable PDF actions in MII workbench for my user. For e.g. I want to use the Generate Documentation feature and even after following SAP notes 1325997. Its still disabled.
Thanks,
Kiran

Hi Jeremy,
Thanks for your help in answering our questions. I tried adding the PDF actions XMII_PDF* to one of our roles assigned to the user and still the Generate Documentation icon is disabled. I followed the steps provided in 1325997
Solution
1. Download and unzip the attached pdfactions.zip file to your local
machine.
2. Obtain version 1.4.5. of
the third-party iText.jar and iTextAsian.jar, from
http://www.lowagie.com/iText/download.html and save to your local machine.
3. Rename the files iText.jar and iTextAsian.jar making sure to match the
noted case.
4. Open a browser window and navigate to the SAP xMII Administration
Menu at http://<server>:<port>/XMII/Menu.jsp.
5. On the SAP xMII Administration Menu, choose System Management ->
Custom Actions. The Custom Actions screen appears.
6. To upload the .jar files to SAP xMII, click Upload. PDFActions.jar is
the assembly .jar file, and iText.jar and/or iTextAsian.jar are the
dependency .jar files.
I also restarted my server to make sure the changes will be activated but so far I have been unable to make it work.
Thanks,
Kiran

Custom button with action listener - will not invoke action listener

Hi
For whatever reason, I cannot find a concise example of a simple custom component that can invoke an action listener. The tutorials I've read so far either ignore this fundamental topic or only make the slightest make reference to it.
The best I have come up with - in terms of a simple prototype is below... but, the action listener is never invoked.... Can someone tell me what I am missing (full code below). Hopefully, what is missing or incorrect will be obvious to you JSF experts out there.
Thanks for any help!!
-f
tld
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE taglib PUBLIC "-//Sun Microsystems, Inc.//DTD JSP Tag Library 1.2//EN" "http://java.sun.com/dtd/web-jsptaglibrary_1_2.dtd">
<taglib>
<tlib-version>0.01</tlib-version>
<jsp-version>1.2</jsp-version>
<short-name>jsfcustomcomponent</short-name>
<uri>http://jsfcustomcomponent/</uri>
<description><![CDATA[jsf custom component tags]]> </description>
<tag>
 <name>specialBtnTag</name>
 <tag-class>jsfcustomcomponent.SpecialBtnTag</tag-class>
 <attribute>
 <name>value</name>
 <required>true</required>
 <rtexprvalue>true</rtexprvalue>
 <description><![CDATA[button value]]></description>
 </attribute>
 <attribute>
 <name>actionListener</name>
 <required>true</required>
 <rtexprvalue>true</rtexprvalue>
 <description><![CDATA[action listener]]> </description>
 </attribute>
</tag>
</taglib>
SpecialBtnComponent
package jsfcustomcomponent;
import javax.faces.component.*;
import javax.faces.context.*;
import javax.faces.el.*;
import javax.faces.event.*;
public class SpecialBtnComponent
 extends UIComponentBase implements ActionSource
 public static final String COMPONENT_TYPE = "SpecialBtnComponent";
 public static final String RENDERER_TYPE = "SpecialBtnRenderer";
 public String getFamily()
 return COMPONENT_TYPE;
 public SpecialBtnComponent()
 super();
 setRendererType(SpecialBtnComponent.RENDERER_TYPE);
 private String value;
 public void setValue(String value, FacesContext facesContext)
 this.value = value;
 public String getValue()
 if (null != value)
 return value;
 ValueBinding _vb = getValueBinding("value");
 if (_vb != null)
 return (String) _vb.getValue(getFacesContext());
 else
 return null;
 private MethodBinding action = null;
 public MethodBinding getAction()
 return action;
 public void setAction(MethodBinding methodBinding)
 this.action = action;
 private MethodBinding actionListener = null;
 public MethodBinding getActionListener()
 return (this.actionListener);
 public void setActionListener(MethodBinding methodBinding)
 this.actionListener = actionListener;
 public boolean isImmediate()
 return false;
 public void setImmediate(boolean _boolean)
 //this.immediate = immediate;
 public void addActionListener(ActionListener actionListener)
 addFacesListener(actionListener);
 public ActionListener[] getActionListeners()
 return (ActionListener[]) getFacesListeners(ActionListener.class);
 public void removeActionListener(ActionListener actionListener)
 removeFacesListener(actionListener);
 public Object saveState(FacesContext context)
 Object values[] = new Object[5];
 values[0] = super.saveState(context);
 values[1] = value;
 values[2] = saveAttachedState(context, action);
 values[3] = saveAttachedState(context, actionListener);
 return ( (Object) (values));
 public void restoreState(FacesContext context, Object state)
 Object values[] = (Object[]) state;
 super.restoreState(context, values[0]);
 value = (String) values[1];
 action = (MethodBinding) restoreAttachedState(context, values[2]);
 actionListener = (MethodBinding) restoreAttachedState(context, values[3]);
 public void broadcast(FacesEvent event) throws AbortProcessingException
 super.broadcast(event);
 if (event instanceof ActionEvent)
 FacesContext context = getFacesContext();
 MethodBinding mb = getActionListener();
 if (mb != null)
 mb.invoke(context, new Object[]
 {event});
 ActionListener listener = context.getApplication().getActionListener();
 if (listener != null)
 listener.processAction( (ActionEvent) event);
 public void queueEvent(FacesEvent e)
 if (e instanceof ActionEvent)
 if (isImmediate())
 e.setPhaseId(PhaseId.APPLY_REQUEST_VALUES);
 else
 e.setPhaseId(PhaseId.INVOKE_APPLICATION);
 super.queueEvent(e);
SpecialBtnRenderer
package jsfcustomcomponent;
import java.util.*;
import javax.faces.component.*;
import javax.faces.context.*;
import javax.faces.event.*;
import javax.faces.render.*;
public class SpecialBtnRenderer
 extends Renderer
 String value;
 public SpecialBtnRenderer()
 public void decode(FacesContext context, UIComponent component)
 Map requestMap = context.getExternalContext().getRequestParameterMap();
 String clientId = component.getClientId(context);
 SpecialBtnComponent specialBtnComponent = (SpecialBtnComponent) component;
 String value = (String) requestMap.get(clientId);
 if (null != value)
 specialBtnComponent.setValue(value, context);
 ActionEvent actionEvent = new ActionEvent(specialBtnComponent);
 specialBtnComponent.queueEvent(actionEvent);
 public void encodeEnd(FacesContext context, UIComponent component) throws java.io.IOException
 SpecialBtnComponent specialBtnComponent = (SpecialBtnComponent) component;
 ResponseWriter writer = context.getResponseWriter();
 String clientId = component.getClientId(context);
 value = (String) component.getAttributes().get("value");
 if (value == null)
 value = "defaultValue";
 buildSpecialBtn(writer, value, clientId, specialBtnComponent);
 private void buildSpecialBtn(ResponseWriter writer, String value, String clientId, SpecialBtnComponent component) throws java.io.IOException
 writer.startElement("table", component);
 writer.startElement("tbody", component);
 writer.startElement("tr", component);
 writer.startElement("td", component);
 value = String.valueOf(value);
 writer.startElement("input", component);
 writer.writeAttribute("type", "submit", null);
 writer.writeAttribute("name", clientId, "clientId");
 writer.writeAttribute("value", value, null);
 writer.endElement("input");
 writer.endElement("td");
 writer.endElement("tr");
 writer.endElement("tbody");
 writer.endElement("table");
SpecialBtnTag
package jsfcustomcomponent;
import javax.faces.component.*;
import javax.faces.el.*;
import javax.faces.webapp.*;
import com.sun.faces.util.*;
public class SpecialBtnTag
 extends UIComponentTag
 public String value = null;
 public String actionListener = null;
 public String getComponentType()
 return SpecialBtnComponent.COMPONENT_TYPE;
 public String getRendererType()
 return SpecialBtnComponent.RENDERER_TYPE;
 protected void setProperties(UIComponent component)
 super.setProperties(component);
 if (! (component instanceof SpecialBtnComponent))
 throw new IllegalStateException("Component " + component.toString() +
 " not expected type. Expected: jsfcustomcomponent.SpecialBtnComponent. Perhaps you�re missing a tag?");
 SpecialBtnComponent specialBtnComponent = (SpecialBtnComponent) component;
 if (value != null)
 if (isValueReference(value))
 ValueBinding vb = Util.getValueBinding(value);
 specialBtnComponent.setValueBinding("value", vb);
 else
 throw new IllegalStateException("The value for �value� must be a ValueBinding.");
 if (actionListener != null)
 if (isValueReference(actionListener))
 ValueBinding vb = Util.getValueBinding(actionListener);
 specialBtnComponent.setValueBinding("actionListener", vb);
 else
 throw new IllegalStateException("The value for �actionListener� must be a ValueBinding.");
 public void release()
 super.release();
 value = null;
 actionListener = null;
 public void setValue(String value)
 this.value = value;
 public String getValue()
 return this.value;
 public void setActionListener(String actionListener)
 this.actionListener = actionListener;
 public String getActionListener()
 return this.actionListener;
jsp1.jsp
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<%@page contentType="text/html"%>
<%@page pageEncoding="UTF-8"%>
<%@taglib uri="http://java.sun.com/jsf/core" prefix="f"%>
<%@taglib uri="http://java.sun.com/jsf/html" prefix="h"%>
<%@taglib uri="http://jsfcustomcomponent/" prefix="j"%>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>JSP Page</title>
<link rel="stylesheet" type="text/css" href="./stylesheet.css" title="Style">
</head>
<body>
<f:view>
<h:form id="form01">
 <h:outputText value="test special button with action listener"/>
 <j:specialBtnTag value="#{specialBtnBacking.specialBtnValue}" actionListener="#{specialBtnBacking.specialBtnActionListener}"/>
 <h:messages/>
 <h:outputText value="#{specialBtnBacking.outcome}"/>
</h:form>
</f:view>
</body>
</html>
SpecialBtnBacking
package specialbtn;
import javax.faces.context.*;
import javax.faces.event.*;
public class SpecialBtnBacking
 private FacesContext context;
 public SpecialBtnBacking()
 this.setSpecialBtnValue("Special Button with action listener");
 private String specialBtnValue;
 public String getSpecialBtnValue()
 return this.specialBtnValue;
 public void setSpecialBtnValue(String specialBtnValue)
 this.specialBtnValue = specialBtnValue;
 private String outcome="actionlistener NOT invoked: click specialBtn above to test";
 public String getOutcome()
 return outcome;
 public void setOutcome(String outcome)
 this.outcome = outcome;
 public void specialBtnActionListener(ActionEvent evt)
 System.out.println("!!!!!!!!!!!!!!!!!!!!!!!!!!!!!Jsp1Backing/specialBtnActionListener()!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!");
 this.outcome="***action listener invoked!!!***";
faces-config.xml
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE faces-config PUBLIC "-//Sun Microsystems, Inc.//DTD JavaServer Faces Config 1.1//EN" "http://java.sun.com/dtd/web-facesconfig_1_1.dtd">
<faces-config>
<managed-bean>
 <managed-bean-name>specialBtnBacking</managed-bean-name>
 <managed-bean-class>specialbtn.SpecialBtnBacking</managed-bean-class>
 <managed-bean-scope>request</managed-bean-scope>
</managed-bean>
<component>
 <component-type>SpecialBtnComponent</component-type>
 <component-class>jsfcustomcomponent.SpecialBtnComponent</component-class>
 <component-extension>
 <renderer-type>SpecialBtnRenderer</renderer-type>
 </component-extension>
</component>
<render-kit>
 <renderer>
 <component-family>SpecialBtnComponent</component-family>
 <renderer-type>SpecialBtnRenderer</renderer-type>
 <renderer-class>jsfcustomcomponent.SpecialBtnRenderer</renderer-class>
 </renderer>
</render-kit>
</faces-config>
web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd" version="2.4">
<display-name>pagerWEB</display-name>
<servlet>
 <servlet-name>Faces Servlet</servlet-name>
 <servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
 <load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
 <servlet-name>Faces Servlet</servlet-name>
 <url-pattern>*.faces</url-pattern>
</servlet-mapping>
<jsp-config>
 <taglib>
 <taglib-uri>http://jsfcustomcomponent/</taglib-uri>
 <taglib-location>/WEB-INF/jsfcustomcomponent.tld</taglib-location>
 </taglib>
</jsp-config>
<servlet>
 <description>Added by JBuilder to compile JSPs with debug info</description>
 <servlet-name>debugjsp</servlet-name>
 <servlet-class>org.apache.jasper.servlet.JspServlet</servlet-class>
 <init-param>
 <param-name>classdebuginfo</param-name>
 <param-value>true</param-value>
 </init-param>
 <load-on-startup>3</load-on-startup>
</servlet>
<servlet-mapping>
 <servlet-name>debugjsp</servlet-name>
 <url-pattern>*.jsp</url-pattern>
</servlet-mapping>
</web-app>

got it working....
The changes were:
in "SpecialBtnRenderer"...
--new--
 mb.invoke(context, new Object[1]);
--old--
 mb.invoke(context, new Object[0]);
in "SpecialBtnTag"...
--new--
import javax.faces.event.ActionEvent;
--new--
 MethodBinding mb = FacesContext.getCurrentInstance().getApplication().createMethodBinding(specialBtnListener, new Class[]{ActionEvent.class});
--old--
 MethodBinding mb = FacesContext.getCurrentInstance().getApplication().createMethodBinding(specialBtnListener, null);
-Below is the entire application, again -- for those (like myself) who need concrete examples...
I hope this helps someone else! --f
jsp1.jsp
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<%@page contentType="text/html"%>
<%@page pageEncoding="UTF-8"%>
<%@taglib uri="http://java.sun.com/jsf/core" prefix="f"%>
<%@taglib uri="http://java.sun.com/jsf/html" prefix="h"%>
<%@taglib uri="http://jsfcustomcomponent/" prefix="j"%>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>JSP Page</title>
<link rel="stylesheet" type="text/css" href="./stylesheet.css" title="Style">
</head>
<body>
<f:view>
 <h:messages/>
<h:form id="form01">
 <h:outputText value="test special button with action listener"/>
 <j:specialBtnTag value="#{specialBtnBacking.specialBtnValue}" specialBtnListener="#{specialBtnBacking.specialBtnActionListener}"/>
 <h:outputText value="#{specialBtnBacking.outcome}"/>
</h:form>
</f:view>
</body>
</html>
SpecialBtnBacking
package specialbtn;
import javax.faces.context.*;
import javax.faces.event.*;
public class SpecialBtnBacking
 private FacesContext context;
 public SpecialBtnBacking()
 this.setSpecialBtnValue("Special Button with action listener");
 private String specialBtnValue;
 public String getSpecialBtnValue()
 return this.specialBtnValue;
 public void setSpecialBtnValue(String specialBtnValue)
 this.specialBtnValue = specialBtnValue;
 private String outcome = "actionlistener NOT invoked: click specialBtn above to test";
 public String getOutcome()
 return outcome;
 public void setOutcome(String outcome)
 this.outcome = outcome;
 public void specialBtnActionListener(ActionEvent evt)
 System.out.println("\n\n");
 System.out.println("!!!!!!!!!!!!!!!!!!!!!!!!!!!!!Jsp1Backing/specialBtnActionListener()!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!");
 System.out.println("!!!!!!!!!!!!!!!!!!!!!!!!!!!!!Jsp1Backing/specialBtnActionListener()!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!");
 System.out.println("!!!!!!!!!!!!!!!!!!!!!!!!!!!!!Jsp1Backing/specialBtnActionListener()!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!");
 System.out.println("!!!!!!!!!!!!!!!!!!!!!!!!!!!!!Jsp1Backing/specialBtnActionListener()!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!");
 System.out.println("!!!!!!!!!!!!!!!!!!!!!!!!!!!!!Jsp1Backing/specialBtnActionListener()!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!\n\n");
 this.outcome = "***action listener invoked!!!***";
jsfcustomcomponent.tld
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE taglib PUBLIC "-//Sun Microsystems, Inc.//DTD JSP Tag Library 1.2//EN" "http://java.sun.com/dtd/web-jsptaglibrary_1_2.dtd">
<taglib>
<tlib-version>0.01</tlib-version>
<jsp-version>1.2</jsp-version>
<short-name>jsfcustomcomponent</short-name>
<uri>http://jsfcustomcomponent/</uri>
<description><![CDATA[jsf custom component tags]]> </description>
<tag>
 <name>specialBtnTag</name>
 <tag-class>jsfcustomcomponent.SpecialBtnTag</tag-class>
 <attribute>
 <name>value</name>
 <required>true</required>
 <rtexprvalue>true</rtexprvalue>
 <description><![CDATA[button value]]></description>
 </attribute>
 <attribute>
 <name>specialBtnListener</name>
 <required>true</required>
 <rtexprvalue>true</rtexprvalue>
 <description><![CDATA[action listener]]> </description>
 </attribute>
</tag>
</taglib>
faces-config.xml
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE faces-config PUBLIC "-//Sun Microsystems, Inc.//DTD JavaServer Faces Config 1.1//EN" "http://java.sun.com/dtd/web-facesconfig_1_1.dtd">
<faces-config>
<managed-bean>
 <managed-bean-name>specialBtnBacking</managed-bean-name>
 <managed-bean-class>specialbtn.SpecialBtnBacking</managed-bean-class>
 <managed-bean-scope>request</managed-bean-scope>
</managed-bean>
<component>
 <component-type>SpecialBtnComponent</component-type>
 <component-class>jsfcustomcomponent.SpecialBtnComponent</component-class>
 <component-extension>
 <renderer-type>SpecialBtnRenderer</renderer-type>
 </component-extension>
</component>
<render-kit>
 <renderer>
 <component-family>SpecialBtnComponent</component-family>
 <renderer-type>SpecialBtnRenderer</renderer-type>
 <renderer-class>jsfcustomcomponent.SpecialBtnRenderer</renderer-class>
 </renderer>
</render-kit>
</faces-config>
SpecialBtnComponent.java
package jsfcustomcomponent;
import javax.faces.component.*;
import javax.faces.context.*;
import javax.faces.el.*;
import javax.faces.event.*;
public class SpecialBtnComponent
 extends UIComponentBase implements ActionSource
 public static final String COMPONENT_TYPE = "SpecialBtnComponent";
 public static final String RENDERER_TYPE = "SpecialBtnRenderer";
 public String getFamily()
 return COMPONENT_TYPE;
 public SpecialBtnComponent()
 super();
 setRendererType(SpecialBtnComponent.RENDERER_TYPE);
 private String value;
 public void setValue(String value, FacesContext facesContext)
 this.value = value;
 public String getValue()
 if (null != this.value)
 return this.value;
 ValueBinding _vb = getValueBinding("value");
 if (_vb != null)
 return (String) _vb.getValue(getFacesContext());
 else
 return null;
 private MethodBinding specialBtnListener = null;
 public MethodBinding getActionListener()
 return (this.specialBtnListener);
 public void setActionListener(MethodBinding actionListener)
 this.specialBtnListener = actionListener;
 public Object saveState(FacesContext context)
 Object values[] = new Object[3];
 values[0] = super.saveState(context);
 values[1] = saveAttachedState(context, this.specialBtnListener);
 values[2] = this.value;
 return (values);
 public void restoreState(FacesContext context, Object state)
 Object values[] = (Object[]) state;
 super.restoreState(context, values[0]);
 this.specialBtnListener = (MethodBinding) restoreAttachedState(context, values[1]);
 this.value = (String) restoreAttachedState(context, values[2]);
 public void broadcast(FacesEvent event) throws AbortProcessingException
 super.broadcast(event);
 if (event instanceof ActionEvent)
 FacesContext context = getFacesContext();
 MethodBinding mb = this.getActionListener();
 if (mb != null)
 try
 mb.invoke(context, new Object[]
 {event});
 catch (EvaluationException ex)
 System.out.println("SpecialBtnComponent/broadcast(FacesEvent event)...EvaluationException encountered - ex.getMessage()=" + ex.getMessage());
 ex.printStackTrace();
 ActionListener actionListener = context.getApplication().getActionListener();
 if (actionListener != null)
 actionListener.processAction( (ActionEvent) event);
 public void queueEvent(FacesEvent e)
 if (e instanceof ActionEvent)
 e.setPhaseId(PhaseId.INVOKE_APPLICATION);
 super.queueEvent(e);
 public MethodBinding getAction()
 return null;
 public void setAction(MethodBinding methodBinding)
 public boolean isImmediate()
 return false;
 public void setImmediate(boolean _boolean)
 public void addActionListener(ActionListener actionListener)
 addFacesListener(actionListener);
 public ActionListener[] getActionListeners()
 return (ActionListener[]) getFacesListeners(ActionListener.class);
 public void removeActionListener(ActionListener actionListener)
 removeFacesListener(actionListener);
SpecialBtnTag.java
package jsfcustomcomponent;
import javax.faces.component.*;
import javax.faces.el.*;
import javax.faces.webapp.*;
import com.sun.faces.util.*;
import javax.faces.context.FacesContext;
import javax.faces.event.ActionEvent;
public class SpecialBtnTag
 extends UIComponentTag
 public String value = null;
 public String specialBtnListener = null;
 private SpecialBtnComponent specialBtnComponent;
 public SpecialBtnTag()
 super();
 public String getComponentType()
 return SpecialBtnComponent.COMPONENT_TYPE;
 public String getRendererType()
 return SpecialBtnComponent.RENDERER_TYPE;
 protected void setProperties(UIComponent component)
 super.setProperties(component);
 if (! (component instanceof SpecialBtnComponent))
 throw new IllegalStateException("Component " + component.toString() +
 " not expected type. Expected: jsfcustomcomponent.SpecialBtnComponent. Perhaps you�re missing a tag?");
 specialBtnComponent = (SpecialBtnComponent) component;
 if (value != null)
 if (isValueReference(value))
 ValueBinding vb = Util.getValueBinding(value);
 specialBtnComponent.setValueBinding("value", vb);
 else
 throw new IllegalStateException("The value for �value� must be a ValueBinding.");
 if (specialBtnListener != null)
 if (isValueReference(specialBtnListener))
 MethodBinding mb = FacesContext.getCurrentInstance().getApplication().createMethodBinding(specialBtnListener, new Class[]{ActionEvent.class});
 ( (SpecialBtnComponent) component).setActionListener(mb);
 else
 MethodBinding mb = Util.createConstantMethodBinding(specialBtnListener);
 ( (SpecialBtnComponent) component).setActionListener(mb);
 public void release()
 super.release();
 value = null;
 specialBtnListener = null;
 public void setValue(String value)
 this.value = value;
 public String getValue()
 return this.value;
 public void setSpecialBtnListener(String specialBtnListener)
 this.specialBtnListener = specialBtnListener;
 public String getSpecialBtnListener()
 return this.specialBtnListener;
SpecialBtnRenderer
package jsfcustomcomponent;
import java.util.*;
import javax.faces.component.*;
import javax.faces.context.*;
import javax.faces.event.*;
import javax.faces.render.*;
import javax.faces.el.MethodBinding;
import javax.faces.el.*;
public class SpecialBtnRenderer
 extends Renderer
 String value;
 public SpecialBtnRenderer()
 super();
 public void decode(FacesContext context, UIComponent component)
 try
 Map requestMap = context.getExternalContext().getRequestParameterMap();
 String clientId = component.getClientId(context);
 SpecialBtnComponent specialBtnComponent = (SpecialBtnComponent) component;
 String value = (String) requestMap.get(clientId);
 if (null != value)
 specialBtnComponent.setValue(value, context);
 MethodBinding mb = specialBtnComponent.getActionListener();
 if (mb != null)
 System.out.println("SpecialBtnRenderer/decode...mb.getExpressionString()=" + mb.getExpressionString());
 //mb.invoke(context, new Object[0]);
 mb.invoke(context, new Object[1]);
 ActionEvent actionEvent = new ActionEvent(specialBtnComponent);
 specialBtnComponent.queueEvent(actionEvent);
 catch (EvaluationException ex)
 ex.printStackTrace();
 public void encodeEnd(FacesContext context, UIComponent component) throws java.io.IOException
 SpecialBtnComponent specialBtnComponent = (SpecialBtnComponent) component;
 ResponseWriter writer = context.getResponseWriter();
 String clientId = component.getClientId(context);
 value = (String) component.getAttributes().get("value");
 if (value == null)
 value = "defaultValue";
 buildSpecialBtn(writer, value, clientId, specialBtnComponent);
 private void buildSpecialBtn(ResponseWriter writer, String value, String clientId, SpecialBtnComponent component) throws java.io.IOException
 writer.startElement("table", component);
 writer.startElement("tbody", component);
 writer.startElement("tr", component);
 writer.startElement("td", component);
 value = String.valueOf(value);
 writer.startElement("input", component);
 writer.writeAttribute("type", "submit", null);
 writer.writeAttribute("name", clientId, "clientId");
 writer.writeAttribute("value", value, null);
 writer.endElement("input");
 writer.endElement("td");
 writer.endElement("tr");
 writer.endElement("tbody");
 writer.endElement("table");
web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd" version="2.4">
<display-name>pagerWEB</display-name>
<servlet>
 <servlet-name>Faces Servlet</servlet-name>
 <servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
 <load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
 <servlet-name>Faces Servlet</servlet-name>
 <url-pattern>*.faces</url-pattern>
</servlet-mapping>
<jsp-config>
 <taglib>
 <taglib-uri>http://jsfcustomcomponent/</taglib-uri>
 <taglib-location>/WEB-INF/jsfcustomcomponent.tld</taglib-location>
 </taglib>
</jsp-config>
</web-app>

Matching ABAP Roles with UME Groups

Hello,
we are facing the following issue:
We are providing Business Warehouse access via NW Portal beside the "normal" abap system. Therefore we need to put every new user into a special UME-group. How can we match ABAP-Roles with UME-Groups?
We just want to assign a single (portal-)role to an user in the abap-stack, not another group in the UME. Is this possible?

Sascha Landowski wrote:
We did it a little bit different, but that's it. We had an existing portal group with the needed portal roles. We created a new group in reference to a existing abap role and gave it the portal roles.
In fact thats I have suggest Sascha However, its a very common construct in EP, glad it worked for you
reagrds

Where are all the UME actions and UME roles stored?

Hi there,
I had a look at the SAP<SID>DB.UME* tables, it seems to me that they are not stored there.
What I wanted to achieve is to build a list of all user, user to role assignment, all UME actions, and role to action assignment so that we can do some analysis of the data.
Another related question is about the SPML based java API for user management in UME. It only allows you to list all the UME roles. What about the J2EE security roles? It seems to me that by using this API, you can not get a complete picture of user authorization, which includes both UME role and J2EE security role. Any comments?
Thanks in advance
GG

Hi,
I would suggest to use [UME Java API|http://help.sap.com/javadocs/NW04S/SPS09/se/com/sap/security/api/package-summary.html] instead of reading from the DB tables. You can get all users using methods of the class IUserFactory. The class IRoleFactory has method getRolesOfUser which gives you all roles for each user. Don't forget about roles assigned to user groups. Have a look also at package com.sap.security.api.acl. You should be able to get all ACL entries using [IAclManager|http://help.sap.com/javadocs/NW04S/SPS09/se/com/sap/security/api/acl/IAclManager.html]. Especially, check the code example. I've never done this but from reading javadocs it looks like it should be possible.
Have a look also at this [document|http://help.sap.com/saphelp_nwce711core/helpdata/en/a4/d39b3e09cdf313e10000000a114084/frameset.htm]. It describes the authorization concept of the AS Java.
Cheers

ACCESS CONTROLS - UME ROLES (RAR)

Hello Experts!
i was wondering if you could help me. Is there a way to create/modify a role with the activity to assign Custom User Groups in RAR?
I checked the actions that exist for VIRSA.CC and didnt found any relevant actions.
I dont want to give authorization for all the actions in the Configuration tab but only for creating Custom User groups.
Thanks in advance!
david

hello Frank,
I want to give the authorization to our service desk, to create Custom User Groups over RAR> Configuration>Custom User Groups.
But i searched the actions over the UME and i couldnt find about custom groups.
I didnt want to give the authorization for the configuration tab.
Thanks
david

Add UME Role to LDAP User

Hi,
i'm having a problem with portal user management. We have a LDAP user called charlie81 in an Active Directory Server, which has a set of LDAP groups. We have also a UME Role (a role created in the portal) called "Manutenzione". Our target is to assign "Manutenzione" to charlie81 through the portal. I made it but when charlie81 is logged in, he can see only LDAP Roles; "Manutenzione" is not visible!!!! How can i resolve this problems? Do you help me, please? Thank you in advance, Carlo Paglia

Hi,
What kind of role did you assign to the user? A portal role (source = portal role) or a "UME role" (source = UME database)?
If it's a portal role, is it a standard or a custom role? If it is a custom portal role, make sure an entry point is defined or your role won't be visible. Here's a link to the documentation : [Defining Entry Points|http://help.sap.com/saphelp_nw70ehp1/helpdata/en/4e/3e703e632c7937e10000000a114084/frameset.htm].
Regards,
Pierre

Create UMe role to Maintain JCOu00B4s in SAP Netweaver

Hi to all,
We are running GRC AC 5.3 and we want to create a role just to maintain JCO´s
Can someone direct me to any documentation related to what Object (UME Actions) are necesary to create a Role just to enter the JCO section (In Web Dynpro Tools - > Content Adminsitrator)
Thx for your help.
Denis

Hi Denis,
The content admin role will give access to only content administration:
pcd:portal_content/administrator/content_admin/content_admin_role
However, if you wish to restrict the access to only JCO connection maintenance, check the assigned actions and create a new role with only those actions:
1. Search for the role pcd:portal_content/administrator/content_admin/content_admin_role
2. Click Modify
3. Click Assigned Actions
4. Search for the actions
5. Create a new role with the required actions.
Hope this answers.
Rgds,
Raghu

Help - using custom login module with embedded jdev oc4j to access ejb 3

Hi All (Frank ??),
I'm just wondering if anyone has successfully been able to leverage a custom login module in combination
with a client that connects to a local EJB 3 stateless session bean through Jdeveloper 10.1.3.2's embedded oc4j.
I have spent 2+ days trying to get this to work - and i think I resound now to the fact im going to
have to deploy to oc4j standalone instead.
I got close.. but finally was trumped with the following error from the client trying to access the ejb:-
javax.naming.NoPermissionException: Not allowed to look up XXXXXX, check the namespace-access tag
setting in orion-application.xml for details.
Using the various guides available, I had no problem getting the custom login module working
with a local servlet running from JDev's embedded oc4j.. however with ejb - no such luck.
I have a roles table (possible values Member, Admin) - that maps to sr_Member and sr_Admin
respectively in various config files.
I'm using EJB 3 annotations for protecting methods .. for example
@RolesAllowed("sr_Member")
Steps that I had to do so far :-
In <jdevhome>\jdev\system\oracle.jwee.10.1.3.40.66\embedded-oc4j\config\system-jazn-data.xml1) Add custom login module
 <application>
 <name>current-workspace-app</name>
 <login-modules>
 <login-module>
 <class>kr.security.KnowRushLoginModule</class>
 <control-flag>required</control-flag>
 <options>
 <option>
 <name>dataSource</name>
 <value>jdbc/DB_XE_KNOWRUSHDS</value>
 </option>
 <option>
 <name>user.table</name>
 <value>users</value>
 </option>
 <option>
 <name>user.pk.column</name>
 <value>id</value>
 </option>
 <option>
 <name>user.name.column</name>
 <value>email_address</value>
 </option>
 <option>
 <name>user.password.column</name>
 <value>password</value>
 </option>
 <option>
 <name>role.table</name>
 <value>roles</value>
 </option>
 <option>
 <name>role.to.user.fk.column</name>
 <value>user_id</value>
 </option>
 <option>
 <name>role.name.column</name>
 <value>name</value>
 </option>
 </options>
 </login-module>
 </login-modules>
 </application>2) Grant login rmi permission to roles associated with custom login module (also in system-jazn-data.xml)
<grant>
 <grantee>
 <principals>
 <principal>
 <realm-name>jazn.com</realm-name>
 <type>role</type>
 <class>kr.security.principals.KRRolePrincipal</class>
 <name>Admin</name>
 </principal>
 </principals>
 </grantee>
 <permissions>
 <permission>
 <class>com.evermind.server.rmi.RMIPermission</class>
 <name>login</name>
 </permission>
 </permissions>
</grant>
<grant>
 <grantee>
 <principals>
 <principal>
 <realm-name>jazn.com</realm-name>
 <type>role</type>
 <class>kr.security.principals.KRRolePrincipal</class>
 <name>Member</name>
 </principal>
 </principals>
 </grantee>
 <permissions>
 <permission>
 <class>com.evermind.server.rmi.RMIPermission</class>
 <name>login</name>
 </permission>
 </permissions>
</grant>3) I've tried creating various oracle and j2ee deployment descriptors (even though ejb-jar.xml and orion-ejb-jar.xml get created automatically when running the session bean in jdev).
My ejb-jar.xml contains :-
<?xml version="1.0" encoding="utf-8"?>
<ejb-jar xmlns ....
<assembly-descriptor>
 <security-role>
 <role-name>sr_Admin</role-name>
 </security-role>
 <security-role>
 <role-name>sr_Member</role-name>
 </security-role>
</assembly-descriptor>
</ejb-jar>Note- i'm not specifying the enterprise-beans stuff, as JDev seems to populate this automatically.
My orion-ejb-jar.xml contains ...
<?xml version="1.0" encoding="utf-8"?>
<orion-ejb-jar ...
<assembly-descriptor>
 <security-role-mapping name="sr_Admin">
 <group name="Admin"></group>
 </security-role-mapping>
 <security-role-mapping name="sr_Member">
 <group name="Member"></group>
 </security-role-mapping>
 <default-method-access>
 <security-role-mapping name="sr_Member" impliesAll="true">
 </security-role-mapping>
 </default-method-access>
</assembly-descriptor>My orion-application.xml contains ...
<?xml version="1.0" encoding="utf-8"?>
<orion-application xmlns ...
<security-role-mapping name="sr_Admin">
 <group name="Admin"></group>
</security-role-mapping>
<security-role-mapping name="sr_Member">
 <group name="Member"></group>
</security-role-mapping>
<jazn provider="XML">
 <property name="role.mapping.dynamic" value="true"></property>
 <property name="custom.loginmodule.provider" value="true"></property>
</jazn>
<namespace-access>
 <read-access>
 <namespace-resource root="">
 <security-role-mapping name="sr_Admin">
 <group name="Admin"/>
 <group name="Member"/>
 </security-role-mapping>
 </namespace-resource>
 </read-access>
 <write-access>
 <namespace-resource root="">
 <security-role-mapping name="sr_Admin">
 <group name="Admin"/>
 <group name="Member"/>
 </security-role-mapping>
 </namespace-resource>
 </write-access>
</namespace-access>
</orion-application>My essentially auto-generated EJB 3 client does the following :-
 Hashtable env = new Hashtable();
 env.put(Context.SECURITY_PRINCIPAL, "matt.shannon");
 env.put(Context.SECURITY_CREDENTIALS, "welcome1");
 final Context context = new InitialContext(env);
 KRFacade kRFacade = (KRFacade)context.lookup("KRFacade");
...And throws the error
20/04/2007 00:55:37 oracle.j2ee.rmi.RMIMessages
EXCEPTION_ORIGINATES_FROM_THE_REMOTE_SERVER
WARNING: Exception returned by remote server: {0}
javax.naming.NoPermissionException: Not allowed to look
up KRFacade, check the namespace-access tag setting in
orion-application.xml for details
 at
com.evermind.server.rmi.RMIClientConnection.handleLookupRe
sponse(RMIClientConnection.java:819)
 at
com.evermind.server.rmi.RMIClientConnection.handleOrmiComm
andResponse(RMIClientConnection.java:283)
....I can see from the console that the user was successfully authenticated :-
20/04/2007 00:55:37 kr.security.KnowRushLoginModule validate
WARNING: [KnowRushLoginModule] User matt.shannon authenticated
And that user is granted both the Admin, and Member roles.
The test servlet using basic authentication correctly detects the user and roles perfectly...
public void doGet(HttpServletRequest request,
 HttpServletResponse response)
 throws ServletException, IOException
 LOGGER.log(Level.INFO,LOGPREFIX +"doGet called");
 response.setContentType(CONTENT_TYPE);
 PrintWriter out = response.getWriter();
 out.println("<html>");
 out.println("<head><title>ExampleServlet</title></head>");
 out.println("<body>");
 out.println("The servlet has received a GET. This is the reply.");
 out.println(" getRemoteUser = " + request.getRemoteUser());
 out.println(" getUserPrincipal = " + request.getUserPrincipal());
 out.println(" isUserInRole('sr_Admin') = "+request.isUserInRole("sr_Admin"));
 out.println(" isUserInRole('sr_Memeber') = "+request.isUserInRole("sr_Member"));Anyone got any ideas what could be going wrong?
cheers
Matt.
Message was edited by:
mshannon

Thanks for the response. I checked out your blog and tried your suggestions. I'm sure it works well in standalone OC4J, but i was still unable to get it to function correctly from JDeveloper embedded.
Did you ever get the code working directly from JDeveloper?
Your custom code essentially seems to be the equivalent of a grant within system-jazn-data.xml.
For example, the following grant to a custom jaas role (JAAS_ADMIN) that gets added by my custom login module gives them rmi login access :-
 <grant>
 <grantee>
 <principals>
 <principal>
 <realm-name>jazn.com</realm-name>
 <type>role</type>
 <class>kr.security.principals.KRRolePrincipal</class>
 <name>JAAS_Admin</name>
 </principal>
 </principals>
 </grantee>
 <permissions>
 <permission>
 <class>com.evermind.server.rmi.RMIPermission</class>
 <name>login</name>
 </permission>
 </permissions>
 </grant>If I add the following to orion-application.xml

<namespace-access>
 <read-access>
 <namespace-resource root="">
 <security-role-mapping>
 <group name="JAAS_Admin"></group>
 </security-role-mapping>
 </namespace-resource>
 </read-access>Running a standalone client against the embedded jdev oc4j server gives the namespace-access error.
I tried out your code by essentially creating a static reference to a singleton class that does the role lookup/provisioning with rmi login grant :-
From custom login module :-
private static KRSecurityHelper singleton = new KRSecurityHelper();
protected Principal[] m_Principals;
 Vector v = new Vector();
 v.add(singleton.getCustomRmiConnectRole());
 // set principals in LoginModule
 m_Principals=(Principal[]) v.toArray(new Principal[v.size()]);
Singleton class :-
package kr.security;
import com.evermind.server.rmi.RMIPermission;
import java.util.logging.Level;
import java.util.logging.Logger;
import oracle.security.jazn.JAZNConfig;
import oracle.security.jazn.policy.Grantee;
import oracle.security.jazn.realm.Realm;
import oracle.security.jazn.realm.RealmManager;
import oracle.security.jazn.realm.RealmRole;
import oracle.security.jazn.realm.RoleManager;
import oracle.security.jazn.policy.JAZNPolicy;
import oracle.security.jazn.JAZNException;
public class KRSecurityHelper
private static final Logger LOGGER = Logger.getLogger("kr.security");
private static final String LOGPREFIX = "[KRSecurityHelper] ";
public static String CUSTOM_RMI_CONNECT_ROLE = "remote_connect";
private RealmRole m_Role = null;
public KRSecurityHelper()
 LOGGER.log(Level.FINEST,LOGPREFIX +"calling JAZNConfig.getJAZNConfig");
 JAZNConfig jc = JAZNConfig.getJAZNConfig();
 LOGGER.log(Level.FINEST,LOGPREFIX +"calling jc.getRealmManager");
 RealmManager realmMgr = jc.getRealmManager();
 try
 // Get the default realm .. e.g. jazn.com
 LOGGER.log(Level.FINEST,LOGPREFIX +"calling jc.getGetDefaultRealm");
 Realm r = realmMgr.getRealm(jc.getDefaultRealm());
 LOGGER.log(Level.INFO,LOGPREFIX +"default realm: "+r.getName());
 // Access the role manager for the remote connection role
 LOGGER.log(Level.FINEST,
 LOGPREFIX +"calling default_realm.getRoleManager");
 RoleManager roleMgr = r.getRoleManager();
 LOGGER.log(Level.INFO,LOGPREFIX +"looking up custom role '"
 CUSTOM_RMI_CONNECT_ROLE "'");
 RealmRole rmiConnectRole = roleMgr.getRole(CUSTOM_RMI_CONNECT_ROLE);
 if (rmiConnectRole == null)
 LOGGER.log(Level.INFO,LOGPREFIX +"role does not exist, create it...");
 rmiConnectRole = roleMgr.createRole(CUSTOM_RMI_CONNECT_ROLE);
 LOGGER.log(Level.FINEST,LOGPREFIX +"constructing new grantee");
 Grantee gtee = new Grantee(rmiConnectRole);
 LOGGER.log(Level.FINEST,LOGPREFIX +"constructing login rmi permission");
 RMIPermission login = new RMIPermission("login");
 LOGGER.log(Level.FINEST,
 LOGPREFIX +"constructing subject.propagation rmi permission");
 RMIPermission subjectprop = new RMIPermission("subject.propagation");
 // make policy changes
 LOGGER.log(Level.FINEST,LOGPREFIX +"calling jc.getPolicy");
 JAZNPolicy policy = jc.getPolicy();
 if (policy != null)
 LOGGER.log(Level.INFO, LOGPREFIX
 + "add to policy grant for RMI 'login' permission to "
 + CUSTOM_RMI_CONNECT_ROLE);
 policy.grant(gtee, login);
 LOGGER.log(Level.INFO, LOGPREFIX
 + "add to policy grant for RMI 'subject.propagation' permission to "
 + CUSTOM_RMI_CONNECT_ROLE);
 policy.grant(gtee, subjectprop);
 // m_Role = rmiConnectRole;
 m_Role = roleMgr.getRole(CUSTOM_RMI_CONNECT_ROLE);
 LOGGER.log(Level.INFO, LOGPREFIX
 + m_Role.getName() + ":" + m_Role.getFullName() + ":" + m_Role.getFullName());
 else
 LOGGER.log(Level.WARNING,LOGPREFIX +"Cannot find jazn policy!");
 else
 LOGGER.log(Level.INFO,LOGPREFIX +"custom role already exists");
 m_Role = rmiConnectRole;
 catch (JAZNException e)
 LOGGER.log(Level.WARNING,
 LOGPREFIX +"Cannot configure JAZN for remote connections");
public RealmRole getCustomRmiConnectRole()
 return m_Role;
}Using the code approach and switching application.xml across so that namespace access is for the group remote_connect, I get the following error from my bean :-
INFO: Login permission not granted for current-workspace-app (test.user)
Thus, the login permission that I'm adding through the custom remote_connect role does not seem to work. Even if it did, i'm pretty sure I would still get that namespace error.
This has been such a frustrating process. All the custom login module samples using embedded JDeveloper show simple j2ee servlet protection based on settings in web.xml.
There are no samples showing jdeveloper embedded oc4j using ejb with custom login modules.
Hopefully the oc4j jdev gurus like Frank can write a paper that demonstrates this.
Matt.

Custom UME Role with action: Manage_All_User_Passwo

Similar Messages

Maybe you are looking for