Customizing an Authenticator MBean
All,
I'm working on creating a custom SSPI for our specific security system. I
have it setup and working, but there are some problems with the MBean used
to plug it into Weblogic.
1) I created an MDF file with three Attributes (ProviderClassName,
Description, Version). When I go the Authentication Provider tab in the
Weblogic console, I see that these settings are being properly retreived and
displayed.
But if I select my specific provider, the page that comes back has blank
entries for everything listed here (things like name, description, version,
control flag). Also, Control Flag appears as an empty text-input field
instead of a drop down listing the proper flags.
In the System.out window I see a bunch of exceptions get thrown when I
request the details page:
java.lang.NoSuchMethodException: couldn't find getter for 'Name' on
com.sapient.services.security.auth.weblogic7.WeblogicCarbonAuthenticatorMBea
n
I attempted to add a new Attribute in the MDF file for "Name" and rebuilt,
but it did not appear to fix the problem. What do I need to do to make the
details page for my Authenticator provide useful information?
2) My Authenticator requires some configuration properties to run. I
currently have them hard-coded for testing purposes, but I would like for
users to be able to set these in the console. What must I do to make these
appear as text-input fields in the console? I could not find any examples
of how to do this.
-jdr
What I did was to get the SampleSecurityProviders as a starting point
and then add my custom properties to it.
It didn't work for a while because of the classpath issue but once I had
this resolved it started working fine without me having to do anything more.
--dejan
Jordan Reed wrote:
Thanks Dejan,
when I pulled all the classes out of the main server classpath and only had
them in a jar under the mbeantypes directory in weblogic it started working
correctly.
Now I just need to figure out how to put my own configurable attribute in
the MBean.
-jordan
"Deyan D. Bektchiev" <[email protected]> wrote in message
news:[email protected]...
Hi Jordan,
I had a similar issue and the solution was to remove all of the provider
classes from the server classpath.
There is a sample on dev2dev.bea.com called SampleSecurityProviders that
was very useful for me, but it has the same classpath issue (BEA support
said they'll update their documentation for this).
Regards,
Dejan
Jordan Reed wrote:
All,
I'm working on creating a custom SSPI for our specific security system.
I
have it setup and working, but there are some problems with the MBean
used
to plug it into Weblogic.
1) I created an MDF file with three Attributes (ProviderClassName,
Description, Version). When I go the Authentication Provider tab in the
Weblogic console, I see that these settings are being properly retreived
and
displayed.
But if I select my specific provider, the page that comes back has blank
entries for everything listed here (things like name, description,
version,
control flag). Also, Control Flag appears as an empty text-input field
instead of a drop down listing the proper flags.
In the System.out window I see a bunch of exceptions get thrown when I
request the details page:
java.lang.NoSuchMethodException: couldn't find getter for 'Name' on
com.sapient.services.security.auth.weblogic7.WeblogicCarbonAuthenticatorMBe
a
n
I attempted to add a new Attribute in the MDF file for "Name" and
rebuilt,
but it did not appear to fix the problem. What do I need to do to make
the
details page for my Authenticator provide useful information?
2) My Authenticator requires some configuration properties to run. I
currently have them hard-coded for testing purposes, but I would like for
users to be able to set these in the console. What must I do to make
these
appear as text-input fields in the console? I could not find any
examples
of how to do this.
-jdr
Similar Messages
-
Updating a Property in my Custom Authenticator MBean
I have created a custom AuthenticationProvider. It is configured through an
MBean produced by WebLogicMBeanMaker from my XML file. I have a custom
property in the XML file with a default value. My AuthenticationProvider is
able to get the bean and read back the default value.
Now, I wish to change that value to something else to allow uses to
configure the provider. The documentation clearly says that I will be
unable to use the Weblogic Console to do this and will have to use the
command line "weblogic.Admin" application to do it. This is fine, but I
cannot figure out how to access or modify my MBean.
How do I know the MBeans name or type? The MBean generated is called
WeblogicCarbonAuthenticatorMBean.java
I have tried (I have not include username/password in this post for brevity)
java weblogic.Admin GET -type WeblogicCarbonAuthenticator
No MBeans found
java weblogic.Admin GET -type Authenticator
No MBeans found
No success.
I also deployed a pair of JSPs called listMBeans.jsp and showMBean.jsp,
which claim to show me all the MBeans deployed. Searching through the list
I see nothing with the world "Carbon" or "Authenticator" in it.
How can I find/configure my Authenticator MBeans?
Thanks
-jordanJordan Reed wrote:
Getting there! I can now look at my bean, but I cannot seem to update it.
There is a string property on the MBean called "UserManagerLocation" that I
need the end user to be able to update to their appropriate location.
I am able to use the weblogic.Admin utility to query the MBean, but not to
update.
So here is my query:
java weblogic.Admin -pretty GET -mbean
Security:Name=myrealmWeblogicCarbonAuthenticator
MBeanName: "Security:Name=myrealmWeblogicCarbonAuthenticator"
ControlFlag: REQUIRED
Description: Carbon Authentication Provider adapts authentication
behavior to the User Manager Service
ProviderClassName:
com.sapient.services.security.auth.weblogic7.WeblogicCarbonAuthenticationPro
vider
Realm: Security:Name=myrealm
UserManagerLocation: /security/management/test/RdbmsUserManager
Version: 4.2
But here is my failing update:
java weblogic.Admin SET -mbean
Security:Name=myrealmWeblogicCarbonAuthenticator -property
UserManagerLocation "/security/management/RdbmsUserManager"
MBean not specified for setting of attributes. Value UserManagerLocation for
parameter ["9"]Get rid of the "'s around the Value. If that does not work, try
something like this,
java weblogic.Admin SET -mbean
Security:Name=myrealmWeblogicCarbonAuthenticator -commotype -property
UserManagerLocation /security/management/RdbmsUserManager
If that does not work, please open a support case with BEA.
Thanks,
-satya
>
>
>
But, inside my MBean descriptor I've got it set as writable:
<MBeanType
Name = "WeblogicCarbonAuthenticator"
DisplayName = "WeblogicCarbonAuthenticator"
Package = "com.sapient.services.security.auth.weblogic7"
Extends =
"weblogic.management.security.authentication.Authenticator"
PersistPolicy = "OnUpdate"
Writable = "true"
>
<MBeanAttribute
Name = "UserManagerLocation"
Type = "java.lang.String"
PersistPolicy = "OnUpdate"
Readable = "true"
Writeable = "true"
Default =
""/security/management/test/RdbmsUserManager""
/>
</MBeanType>
Any clue why I am unable to update the attribute from the command line?
Thanks
-Jordan
"Satya Ghattu" <[email protected]> wrote in message
news:[email protected]...
Jordan,
You can use weblogic.Admin utility to change values of your custom MBean
if you know the object name of your MBean.
Jordan Reed wrote:
I have created a custom AuthenticationProvider. It is configured
through an
MBean produced by WebLogicMBeanMaker from my XML file. I have a custom
property in the XML file with a default value. MyAuthenticationProvider is
able to get the bean and read back the default value.
Now, I wish to change that value to something else to allow uses to
configure the provider. The documentation clearly says that I will be
unable to use the Weblogic Console to do this and will have to use the
command line "weblogic.Admin" application to do it. This is fine, but I
cannot figure out how to access or modify my MBean.
How do I know the MBeans name or type? The MBean generated is called
WeblogicCarbonAuthenticatorMBean.java
I have tried (I have not include username/password in this post forbrevity)
java weblogic.Admin GET -type WeblogicCarbonAuthenticator
No MBeans foundyou should use the fully qualified MBean name. i.e
java weblogic.Admin GET -type foo.blah.WeblogicCarbonAuthenticator
java weblogic.Admin GET -type Authenticator
No MBeans found
No success.
I also deployed a pair of JSPs called listMBeans.jsp and showMBean.jsp,
which claim to show me all the MBeans deployed. Searching through the
list
I see nothing with the world "Carbon" or "Authenticator" in it.
How can I find/configure my Authenticator MBeans?I assume that you are using 7.0sp1, if not please upgrade to sp1. You
should see a file called CommoConfig.xm.booted file under your domain
directory, this file contains all the security MBeans that the server
found. You should be able to get the object names of your custom mbeans
from this file.
Hope it helped,
-satya
Thanks
-jordan -
Custom DB authentication to an application from Oracle Portal not working.
Hi All,
We have a Portal customized and integrated to LDAP for SSO.
From the portal, we have a link that takes to another custom application that requires another level of authentication. We have implemented this authentication as custom Database based authentication.
When user login to the portal and access this link, he will be directed for authentication again. This custom application has been installed on a different OC4J instance while Oracle Portal is running in a different OC4J instance.
Issue is though user details are being propagated to the custom application page, we are receiving an error saying authentication failed.
In the OC4J instance specific for this custom application, we have configured jazn.xml to use custom authentication.
Below is the code:
<?xml version = '1.0' encoding = 'UTF-8' standalone = 'yes'?>
<!DOCTYPE jazn PUBLIC "JAZN Config" "http://xmlns.oracle.com/ias/dtds/jazn-9_04.dtd">
<jazn provider="XML" location="./jazn-data.xml" default-realm="jazn.com">
<property name="role.mapping.dynamic" value="true"/>
<property name="custom.loginmodule.provider" value="true"/>
</jazn>
and in jazn-data.xml, we gave the role mapping.
But the problem is when the link to the custom application is accessed, it seems like the custom autentication mechanism is not working.
Can anyone throw light on this?
Do we need to give the same configuration in the j2ee/home/config directory files also?
Can we use both LDAP and custom DB authentication with in the same OAS setup. Remember as of now, Portal and custom application are running in different OC4J instances but within the same OAS.
Any help in this regard will be highely appreciated.
Thanks,
Sasi BhushanHi All,
We have a Portal customized and integrated to LDAP for SSO.
From the portal, we have a link that takes to another custom application that requires another level of authentication. We have implemented this authentication as custom Database based authentication.
When user login to the portal and access this link, he will be directed for authentication again. This custom application has been installed on a different OC4J instance while Oracle Portal is running in a different OC4J instance.
Issue is though user details are being propagated to the custom application page, we are receiving an error saying authentication failed.
In the OC4J instance specific for this custom application, we have configured jazn.xml to use custom authentication.
Below is the code:
<?xml version = '1.0' encoding = 'UTF-8' standalone = 'yes'?>
<!DOCTYPE jazn PUBLIC "JAZN Config" "http://xmlns.oracle.com/ias/dtds/jazn-9_04.dtd">
<jazn provider="XML" location="./jazn-data.xml" default-realm="jazn.com">
<property name="role.mapping.dynamic" value="true"/>
<property name="custom.loginmodule.provider" value="true"/>
</jazn>
and in jazn-data.xml, we gave the role mapping.
But the problem is when the link to the custom application is accessed, it seems like the custom autentication mechanism is not working.
Can anyone throw light on this?
Do we need to give the same configuration in the j2ee/home/config directory files also?
Can we use both LDAP and custom DB authentication with in the same OAS setup. Remember as of now, Portal and custom application are running in different OC4J instances but within the same OAS.
Any help in this regard will be highely appreciated.
Thanks,
Sasi Bhushan -
How to use a custom database authentication with APEX_AUTHENTICATION??
i have Custom user authentication method.
create or replace function user_check(username varchar2,password varchar2) return boolem
is
check_out integer;
begin
select count(*) into check_out from "user" where USER_EMAIL=username and USER_PASS=password;
if check_out >0 then
return true;
else
return false;
end if;
end;
apex_authentication.login() how to use. And how to make apex_authentication.login() use my method Verify User LoginYou can't mix custom authentication and the internal APEX authentication functions.. So either you use the pre-built user authentication in APEX or you can build your own CUSTOM authentication...
Many examples of custom authentication are out there...
Thank you,
Tony Miller
Ruckersville, VA -
Example of custom external authentication
Where can I find the example of custom external authentication
which Paul Encarnation has written since most of the links on
the discussion forum mails seem to be outdated.
ThanksWhere can I find the example of custom external authentication
which Paul Encarnation has written since most of the links on
the discussion forum mails seem to be outdated.
Thanks -
Custom ldap authenticator to retrieve user bean ldap profile
Hi,
Wondering if we could use a custom ldap authenticator to get the user profile from Ldap and put the data bean into session.
This will allow to use the same connection to Ldap and to benefit from Bea security authentication configuration.
Any input on this ?
Thank youIncreasing the search limit is the only practical solution. Really, ~2000 entries is not that many.
-
Error in custom OAM authentication plugin
Hi All
I am trying to build a custom OAM authentication plugin using JDeveloper. Here are the version information:
OAM - 11.1.1.5 BP04
WLS - 10.3.5
Issue:
I get the following error in the OAM logs when I try to activate the plugin.
[2012-11-14T09:39:17.996-08:00] [oam_server1] [WARNING] [] [oracle.oam.extensibility.lifecycle] [tid: DistributedCache:DistributionCache:EventDispatcher] [userId: <anonymous>] [ecid: 0000Jfzyiy6EgKI5qrH7iY1GcxMc000002,0] [APP: oam_server] Activation failed due to felix bundle exception while installing and starting the bundle.Unresolved constraint in bundle oamCustomAuthPlugin [2]: Unable to resolve 2.0: missing requirement [2.0] package; (package=oracle.security.am.plugin.ExecutionStatus)[[
org.osgi.framework.BundleException: Unresolved constraint in bundle oamCustomAuthPlugin [2]: Unable to resolve 2.0: missing requirement [2.0] package; (package=oracle.security.am.plugin.ExecutionStatus)
at org.apache.felix.framework.Felix.resolveBundle(Felix.java:3404)
The names of jar file, class file, plugin xml file etc are all same. My plugin code is very generic and I have the following values in the plugin's manifest and xml file
Plugin xml file [oamCustomAuthPlugin.xml]:
<Plugin name="oamCustomAuthPlugin" type="Authentication">
<author>uid</author>
<email>[email protected]</email>
<creationDate>09:32:20, 2011-11-13</creationDate>
<version>4</version>
<description>OAM Custom Authentication plugin</description>
<interface>oracle.security.am.plugin.authn.AbstractAuthenticationPlugIn</interface>
<implementation>com.company.oam.oamCustomAuthPlugin</implementation>
<configuration>
<AttributeValuePair>
<Attribute type="string" length="20">INPUT_PARAM1</Attribute>
<mandatory>true</mandatory>
<instanceOverride>false</instanceOverride>
<globalUIOverride>true</globalUIOverride>
<value>Param1</value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute type="string" length="20">INPUT_PARAM2</Attribute>
<mandatory>true</mandatory>
<instanceOverride>false</instanceOverride>
<globalUIOverride>true</globalUIOverride>
<value>Param2</value>
</AttributeValuePair>
</configuration>
</Plugin>
Manifest File [MANIFEST.MF]:
Ant-Version: Apache Ant 1.7.1
Bundle-Version: 1.0.0.4
Bundle-Name: oamCustomAuthPlugin
Bundle-Activator: oamCustomAuthPlugin
Bundle-ManifestVersion: 2
Created-By: 17.0-b17 (Sun Microsystems Inc.)
Import-Package: oracle.security.am.plugin,oracle.security.am.plugin.authn
Bundle-SymbolicName: oamCustomAuthPlugin
Bundle-RequiredExecutionEnvironment: JavaSE-1.6
Please let me know if you have faced a sinilar issues in the past. Please help !!Try with Import-Package: org.osgi.framework;version="1.3.0",oracle.security.am.plugin,oracle.security.am.plugin.authn,oracle.security.am.plugin.api If it doesn't work try with - Import-Package: org.osgi.framework;version="1.3.0",oracle.security.am.plugin,oracle.security.am.plugin.authn,oracle.security.am.plugin.api ,oracle.security.am.plugin.ExecutionStatus
-
Error in Custom Ldap Authentication
Hi All,
I was trying to use the custom LDAP authentication( [Earlier Post|http://forums.oracle.com/forums/thread.jspa?threadID=2251976&stqc=true] ) but was not successful in making it work with our AD LDAP server. Thats when I came across post [ http://forums.oracle.com/forums/thread.jspa?messageID=916185󟫙|http://forums.oracle.com/forums/thread.jspa?messageID=916185󟫙]
I used the same function
create or replace function authenticate_aduser(
p_username in varchar2,
p_password in varchar2)
return boolean
is
l_user varchar2(256);
l_ldap_server varchar2(256) := '<Hostname>';
l_domain varchar2(256) := '<Domain Name>';
l_ldap_port number := 389;
l_retval pls_integer;
l_session dbms_ldap.session;
l_cnt number;
begin
l_user := p_username||'@'||l_domain;
l_session := dbms_ldap.init( l_ldap_server, l_ldap_port ); -- start session
l_retval := dbms_ldap.simple_bind_s( l_session, l_user, p_password ); -- auth as user
l_retval := dbms_ldap.unbind_s( l_session ); -- unbind
return true;
exception when others then
l_retval := dbms_ldap.unbind_s( l_session );
return false;
end;Test it by giving correct password
SQL> declare
begin
if authenticate_aduser('<username>','<correct password>') then
dbms_output.put_line('Test Successful');
else
dbms_output.put_line('Test Failed');
end if;
end; 2 3 4 5 6 7 8
9 /
Test Successful
PL/SQL procedure successfully completed.Tested it by giving wrong password
SQL> declare
begin
if authenticate_aduser('<user name>','<wrong password>') then
dbms_output.put_line('Test Successful');
else
dbms_output.put_line('Test Failed');
end if;
end; 2 3 4 5 6 7 8
9 /
Test Failed
PL/SQL procedure successfully completed.So the fundtion is working perfectly with LDAP server.
I am trying to create a custom authentication scheme with the above function.
Shared Components -> Authentication Schemes -> create ->From Scratch ->
In Autentication Function -> return authenticate_aduser(:P101_USERNAME,:P101_PASSWORD);
In Logout URL -> wwv_flow_custom_auth_std.logout?p_this_flow=&APP_ID.&p_next_flow_page_sess=4155:PUBLIC_PAGE
Then after setting this as the current authentication scheme. Whenever I try to login with correct credentials it is giving me error
Invalid Login Credentials
Kindly let me know were I am going wrong here.
Thanks & Regards,
Vikas KrishnaI was able to fix this.
I used the same function authenticate_aduser
and then followed blog http://www.talkapex.com/2009/03/custom-authentication-status.html to create a custom authentication. It worked finally.
Thanks to Martin for his wonderful post.
Thanks & Regards,
Vikas Krishna -
I'm working on developing a custom spnego authenticator to JBoss. I saw a client example in Advanced JGSS Security Programming. But I haven't found if it's possible to develop a program that accepts a browser's token spnego in the server side. Is it possible in Java 6?
Thanks a lot!!http://dev2dev.bea.com/utilitiestools/security.html
-
I am trying to implement my own authentication MBean, and got some questions:
1. how do you tell the weblogic console to show the control flag choices when
you create the authentication provider?
2. if I have other authenticator attributes, how can I ask the weblogic console
to provide the UIs for filling those? it's like the OpenLDAPAuthenticator where
there is a Details tab for filling out the port, hostname, etc. How can I tell
weblogic to show me those UIs?
3. I read that it might not be possible to tell the weblogic console to show UIs
for optional attributes. They said to use weblogic.Admin instead. How do I specify
the mbean type of my authentication mbean? For example, if I used the SampleAutenticator
as found at http://developer.bea.com/code/codedirect.jsp, how can I use weblogic.Admin
to get its value? I tried java weblogic.Admin -username system -password weblogic
-type SampleAuthenticator GET -property Version and it gave me back "No MBeans
found".
-hokiI've seen this error before and the way around I found was to reset the BISystemUser credentials. To do this:
1) In WL Console. Find the user BISystemUser in the security realm and enter a new password.
2) In Enterprise Manager look on left hand side Weblogic Domain > bifoundation_domain > right click > Security > Credentials. Expand oracle.bi.system > system.user > Edit. Enter the same password as in 1)
3) Restart all the services.
Paul -
How do I use my own Custom Auth/Authentication/Entitlement (Token)?
[ Background ]
Adobe Access DRM provides for 3 authentication mechanisms:
Anonymous - Licenses are issued irregardless on if there is/isn't a valid authentication token attached to the license request.
UsernamePassword - Licenses are ONLY issued if the license request has a valid Adobe-Access-Server-Issued authentication token.
Custom - Licenses are ONLY issued if there is a valid cusom authentication token attached to the license request.
Typically, customers already have some authentication scheme in place and choose to re-use that system, instead of leveraging Adobe Access' built-in usernamePassword support. For this to succeed, accomodations must be made during packaging time, on the client device, and at the Adobe Access license server endpoint.
[ More Background ]
Here's a forum thread that prompted this thread: http://forums.adobe.com/message/5085330#5085330
[ Recipe ]
1. Adobe Access DRM Policy is created that specifies a "custom" authentication token. As of Adobe Access 4.0, the tools that ship with the Java SDK cannot create a DRM policy with "custom" authentication out the box; a small Java application will have to be written to do this, which is covered in the thread posted above.
2. Content is packaged using this custom_auth policy.
3. Client device performs authentication via whatever channel already exists for you to perform authentication (e.g. SAML tokens, etc...)
4. Client device sets the authentication token: DRMManager.setAuthenticationToken()
5. Client device attempts to acquire a license for the content created in step #2: DRMManager.loadVoucher();
5a) Because step #4 set the authentication, all license requests going forward will automatically have this custom auth token appended to it
6. License server receives request & extracts custom auth token to parse & perform additional entitlement checks
7. Licnese server generates a license to return to client device.
[ Server Code Snippet (RefImplLicenseReqHandler.java) ]
try {
ServletInputStream in = request.getInputStream();
ServletOutputStream out = response.getOutputStream();
HandlerConfiguration context = super.getHandlerContext();
ServerCredential licenseServerCred = getLicenseParams().getLicenseServerCred();
licenseHandler = new LicenseHandler(context, in, out, licenseServerCred);
licenseHandler.parseRequest();
List<? extends LicenseRequestMessage> requests = licenseHandler.getRequests();
// Multiple request in one message is not supported in FAXS 2.0 or 3.0 client.
for (LicenseRequestMessage licenseReq : requests) {
try {
// TODO: If custom authentication is specified in the DRM policy, here is where
// you can retrieve the custom authentication token and perform custom parsing to
// determine further business rules and entitlement before issuing a license.
// The "Custom Authentication" will look like:
// 1. Client device obtains auth token using some other channel
// 2. Client device sets auth token by calling DRMManager.setAuthenticationToken()
// 3. Client makes a license request by calling DRMManager.loadVoucher()
// 4. Adobe Access Server receives request and:
// 4a) Determines Custom Auth is required by DRM Policy: licenseReq.getContentInfo().getContentMetadata().getPolicies()[0].getLicenseServerInfo(). getAuthenticationType();
// 4b) Retrieves Custom Auth token for custom parsing/handling: licenseReq.getRawAuthenticationToken()
// 5. If there are no errors when parsing the custom token, Adobe Access Server generates a license.
V2ContentMetaData metadata = licenseReq.getContentInfo().getContentMetadata();
ApplicationProperties applicationProperties = null;
String usageModelString = null;
if (metadata != null) {
applicationProperties = metadata.getCustomProperties();
if (applicationProperties != null) {
usageModelString = applicationProperties.getSingleValueAsUTF8String(DEMOMODE);
cheers,
/Eric.Google Search: '''firefox create a persona'''
* '''Personas for Firefox''' | How to Create Personas<br>https://www.getpersonas.com/en-US/demo_create
* '''Personas for Firefox''' | Frequent Questions<br>http://www.getpersonas.com/en-US/faq
* '''Personas for Firefox''' | Getting Started<br>http://www.getpersonas.com/en-US/getting_started
'''I think you'd have a lot more fun with Styles though''', personas tend to hide things on toolbars, styles can be more helpful (or just as bad)
* '''Stylish''' :: Add-ons for Firefox<br>https://addons.mozilla.org/en-US/firefox/addon/stylish/
* '''Restyle the web with Stylish!''' - userstyles.org<br>http://userstyles.org/
* '''Scrollbar Context Menu''' - Themes and Skins for Browser - userstyles.org<br>http://userstyles.org/styles/54
* '''Scrollbar Menu''' - Themes and Skins for Browser - userstyles.org<br>http://userstyles.org/styles/52
* '''Link Warning''' - Themes and Skins for Mozilla - userstyles.org<br>http://userstyles.org/styles/1301
* '''Tabs, Enlarge list-all-tabs button''' - Themes and Skins for Browser - userstyles.org<br>http://userstyles.org/styles/18553
* '''Tabs Bar Minimal Size''' - Themes and Skins for Browser - userstyles.org<br>http://userstyles.org/styles/9043
* '''Tab Color Underscoring active/read/unread (Fx3.6)''' - Themes and Skins for Browser - userstyles.org<br>http://userstyles.org/styles/24728 -
Configuring custom database authentication in Weblogic 10
Hi,
For my project I am trying to configure security/login module. It's an ADF based web application(ADF11g) and is deployed on Weblogic10. I have implemented the custom authentication with DB login module, created the jar and placed it inside %WL_HOME%/server/lib/mbeantypes. Now I have created one new Authenticator inside 'myrealm'. But after the successful deployment of the application when I am trying to access any secured page this custom authenticator is not being invoked. Can anyone please tell me the exact steps I have to follow for getting custom authenticator working properly.
Thanks much!I had some minor implementation faults in code, after fixing those it is working fine
-
Hi ,
I have two kind of Users, one type users are Oracle Users(their authentication could be checked through -DBACCOUNT-) and another type users are detailed in a database table(,say auth).
Now, what I want is that if User logs in then following operation gets happen
If username/password is correct according to Oracle Users(i.e -DBACCOUNT-) then returns to the main page(,say 1,as successful login)
elsif <check the table auth tabel,containing the list of Users with respective passwords> if user exists in the table then returns to main page 1(as successful login)
else return to the login page(,say 101,as unsuccessful login).
To build this piece ,what should I do?
I have created an on demand function in Apex,authCheck, which checks if the username and password exits in the auth table or not and returns the respective boolean.
create or replace function authCheck(p_username in varchar2, p_password in varchar2) return boolean is
Result boolean:=FALSE;
ln_verify number(15);
begin
select count(*) into ln_verify from auth
where upper(user_id)=upper(p_username)
and upper(password)=upper(p_password);
if sql%notfound then
Result := FALSE;
else
Result := TRUE;
end if;
return(Result);
Exception
when NO_DATA_FOUND then
return FALSE;
end authCheck;
******************************************************************************************************************************************************Please tell us your first name and show it in your forum profile to help us. Thanks.
See Re: Database account and custom authentication mix .
Scott -
Hello
I have implemented a custom authentication provider using a
database. The login module works fine. It check the username and
password, add the user as a WLSUser-principal and add the groups
relatated to the user as WLSGroup-principals to the subject. I
am able to start the WLS only using my authentication provider,
but if i want to login into the console i get following
SecurityException:
java.lang.SecurityException: Invalid Subject: principals=
[system, Administrators]
at weblogic.security.service.SecurityServiceManager.seal
(SecurityServiceManager.java:893)
at weblogic.security.service.RoleManager.getRoles
(RoleManager.java:269)
at
weblogic.security.service.AuthorizationManager.isAccessAllowed
(AuthorizationManager.java:608)
at
weblogic.servlet.security.internal.WebAppSecurity.hasPermission
(WebAppSecurity.java:370)
at
weblogic.servlet.security.internal.SecurityModule.checkPerm
(SecurityModule.java:125)
at
weblogic.servlet.security.internal.FormSecurityModule.checkUserPe
rm(FormSecurityModule.java:328)
at
weblogic.servlet.security.internal.SecurityModule.beginCheck
(SecurityModule.java:179)
at
weblogic.servlet.security.internal.FormSecurityModule.checkA
(FormSecurityModule.java:167)
at
weblogic.servlet.security.internal.ServletSecurityManager.checkAc
cess(ServletSecurityManager.java:185)
at
weblogic.servlet.internal.WebAppServletContext.invokeServlet
(WebAppServletContext.java:2960)
at weblogic.servlet.internal.ServletRequestImpl.execute
(ServletRequestImpl.java:2466)
at weblogic.kernel.ExecuteThread.execute
(ExecuteThread.java:152)
at weblogic.kernel.ExecuteThread.run
(ExecuteThread.java:133)
Seems to me, that the default role manager does not map the
group Administrators to the role Admin, which is allowed to
access the resource console. So, what i do wrong? Must i set
additional credentials to the subject? Or must i use a special
Principal class? Who can help me?
Thanks in advance & greetings
Dirk FellensteinI have solved it. The Problem was that the two Principal implementations, one that
implements WLSGroup and one that implements WLSUser, need a common principal base
class. The principal validator class, method getPrincipalBaseClass() must then return
the common principal base class.
"Dirk Fellenstein" <[email protected]> wrote:
>
Hello
I have implemented a custom authentication provider using a
database. The login module works fine. It check the username and
password, add the user as a WLSUser-principal and add the groups
relatated to the user as WLSGroup-principals to the subject. I
am able to start the WLS only using my authentication provider,
but if i want to login into the console i get following
SecurityException:
java.lang.SecurityException: Invalid Subject: principals=
[system, Administrators]
at weblogic.security.service.SecurityServiceManager.seal
(SecurityServiceManager.java:893)
at weblogic.security.service.RoleManager.getRoles
(RoleManager.java:269)
at
weblogic.security.service.AuthorizationManager.isAccessAllowed
(AuthorizationManager.java:608)
at
weblogic.servlet.security.internal.WebAppSecurity.hasPermission
(WebAppSecurity.java:370)
at
weblogic.servlet.security.internal.SecurityModule.checkPerm
(SecurityModule.java:125)
at
weblogic.servlet.security.internal.FormSecurityModule.checkUserPe
rm(FormSecurityModule.java:328)
at
weblogic.servlet.security.internal.SecurityModule.beginCheck
(SecurityModule.java:179)
at
weblogic.servlet.security.internal.FormSecurityModule.checkA
(FormSecurityModule.java:167)
at
weblogic.servlet.security.internal.ServletSecurityManager.checkAc
cess(ServletSecurityManager.java:185)
at
weblogic.servlet.internal.WebAppServletContext.invokeServlet
(WebAppServletContext.java:2960)
at weblogic.servlet.internal.ServletRequestImpl.execute
(ServletRequestImpl.java:2466)
at weblogic.kernel.ExecuteThread.execute
(ExecuteThread.java:152)
at weblogic.kernel.ExecuteThread.run
(ExecuteThread.java:133)
Seems to me, that the default role manager does not map the
group Administrators to the role Admin, which is allowed to
access the resource console. So, what i do wrong? Must i set
additional credentials to the subject? Or must i use a special
Principal class? Who can help me?
Thanks in advance & greetings
Dirk Fellenstein -
Authentication MBean optional attribute
I read on http://e-docs.bea.com/wls/docs70/dvspisec/atn.html in the section "Optional
SSPI MBeans or Custom Operations" that
4. If you included any custom attributes/operations in your MDF, implement the
methods using the method stubs.
Suppose I have this (I copied it from DefaultAuthenticator.xml inside of wlSecurityProviders.jar
that comes with weblogic7.0) in my MyAuthenticator.xml:
<MBeanAttribute
Name = "MinimumPasswordLength"
Type = "java.lang.Integer"
InterfaceType = "int"
Default = "new Integer(8)"
Min = "0"
Description = "The minimum number of characters required in a password."
/>
Do I need to do anything with the generated class?
Even if I have that, the weblogic console won't show me a text box for entering
the length. How does DefaultAuthenticator do it?
Are there more examples other than SampleAuthenticator which has some optional
attributes?Hi, did you find a solution? If yes, I would be thankfull if you could tell me...
/Marc
Maybe you are looking for
-
how do i fix my ipod touch 4g? on my lock screen my (slide to unlock) button wont work when i slide my finger over it.
-
updated "successfully" to iOS7 on my 4S but now it takes FOREVER to recognize each keystroke - even to type in passcode. also takes forever to type a single key in text. HELP.
-
How to access variables??
how to access public variables of any other class?? suppose i have a file temp.java file ..& i know all the public variables. and i want to access the variable of those temp.class file which extends JApplet or Applet.. and as u know it will declare p
-
Regular expression...
Hello, I'm trying to understand regular expressions in Oracle 10g. I have to say that I'm a little lost. Can anyone tell me how can I extract using REGEXP_SUBSTR function the text between the parentheses? Here is a sample code: WITH T1 AS ( SELECT 1
-
Win.Trojan.Agent-757477 found on my macbook and can't get rid of it!
I click delete file and then..failure to delete file comes up on my protect mac antivirus! both to Win.Trajan.Agent-757477 and Win.Adware.Agent 8008! what can I do ?