Database authorization

Similar Messages

• Help on creating a custom authorization procedure

  Hi all.
  I hope someone can help me with these:
  - Plan to use Apex 4.2 and call Apex from a Formsweb application.
  - The Forms application uses updateable views and application context.
  - The Apex app could use(not decided yet) database authorization.
  - When calling Apex, instead of passing context and user info, i plan to insert all this info in a database table. For example a table that holds a unique session id (DBMS_RANDOM generated), probably forms user_id/password and most importantly, context info i will need in order to make my views work correctly on the Apex app).
  - This way, the Forms app will only pass the session_id, and the Apex App, will call a procedure that picks up the correct info from the session table and go along.
  So far, i think i can handle this. Now comes the part in which help or advise is needed:
  - When calling the Apex page, this could be a public page. Meaning no authentication / authorization will be requested. Probably this procedure could be called earlier (an On Load Process???). The drawback of this solution is that this page is useless unless called from forms which will provide the required metadata to access the application views.
  - The other way to go around, is to make the page not public. This will required authorization. And here is when it comes my main doubts:
  - Every time i call a not public apex page, a redirect to the login application page will happened unless already authorized right?.
  - Now, is there a way earlier on this login page, i can call the procedure that picks up the correct session info, and if success BYPASS (not show) this page and automatically redirect to the original page, and if it fails, display the login page?. Is this possible ...?
  The whole idea here is not show the login page if not needed...
  Please, i'm pretty much aware of better solution, LDAP, Oracle Access Manager, etc. Just want to know it this is technically possible.
  Thanks in advance for anyone that might want to give me an invaluable hand ....!
  Best regards, Luis ...:)
  Any update or comments from the community????
  Thanks ...!
  Edited by: myluism on 02-may-2013 6:49

  Hi Inol.
  I'm actually working on my solution based on that very useful link. Thanks a lot ....!
  Please read carefully what i plan to do.
  Basically is to go a little bit further from your proposal: Since my knowlegde of Apex is limited, i just want to know if, based on your idea, the page should not be public, but move the authorization procedure from the onload on requested page to say, an onload procedure on the Login Page, so if the procedure success, redirect (not show login page) to the page requested in the first place, and if it fails, then show login page.
  Just want to know if this is possible, before going against the wheel.
  Do you think this is possible? This way, Apex app / page can be accessed from both: Apex itself and Forms.
  Best regards, and thanks a lot for you unvaluable feedback....!
  Regards. Luis ...:)

• How to implement Oracle Label Security with Oracle8.1.5 database

  I want some fields in some tables which could not be even viwed by DBA..
  I am working on Oracle Server 8.1.5
  If possible it should be in the same database,same schema but different schema may also work..
  Please help

  I don't think this is going to be possible.
  When you register a crawler, you have to declare it as one of three types: Public, Identity-based or Attribute-based.
  The database crawler is registered as attribute-based, and therefore must be used with a suitable authorization manager.
  I guess in theory you could create a new authorization manager class which queries active directory to get the appropriate security attributes for a user (corresponding to the security attributes crawled from the database), but I suspect it might be easier to figure out a way to copy AD attributes into a database table (perhaps updating the table once a day via a nightly crawl of AD) and then use the standard database authorization manager.

• Oracle 10g Rel 2  - Proxy connection authentication with SAP User ID

  Dear Experts,
  We are currently doing some research and planning to upgrade SAP R/3 4.6C to ECC 6 and upgrading Oracle from version 9.2 to 10.2
  In upgrading to Oracle vers. 10g Rel 2, we got advised that Oracle has apparently introduced a new proxy connection authentication, in which the SAP user ID is given limited privileges (create session only) ??
  If you have any information on this or known any impact about this issue, please advise us.
  Thanks in advance.

  Thanks for your help, Kaushal.
  I also found the SAP Note 834917 (Oracle Database 10g: New database role SAPCONN and it seems to be on a right direction to cope with that problem.
  - For Oracle releases earlier than 10gR2, the CONNECT role includes extensive database authorizations and the more restrictive CONNECT as of 10gR2.
  - To overcome this restriction, SAP need to find a way to compensate this, so does it come SAPCONN.
  - SAPCONN is the new SAP-specific database role, which is defined to support the normal SAP applications operations (CONNECT, RESOURCE and SELECT_CATALOG_ROLE).
  Once again, thanks.

• How do i fix "Error establishing socket" !!!

  I get the following error:
  SQLException: [Microsoft][SQLServer 2000 Driver for JDBC]Error establishing socket.
  I have included the driver jar files in the classpath. How can i fix this?
  Thank u all for your time

  No.. That's not the real answer.Which one?
  If it can't create the socket then something is interferring with the socket creation.
  I'm getting the same problem trying to connect to an
  MSSQLServer box from JDBC.
  I believe that my connect string is fine, as I use
  jdbc on many databases - SWLServer being the only one
  I can't connect to. Both machines are using TCP/IP,
  and the server is accepting TCP/IP connections on port
  1433. My connect URL is:
  jdbc:microsoft:sqlserver://DBHOST:1433
  This works on an NT box. This doesn't work on my
  linux box.
  I've attempted to use the IP address of the database
  in the connect string, but that only produces a
  different error from the driver "INVALID URL"
  The only way I have been able to get this to work is
  by bypassing JDBC and using the JDBC/ODBC bridge,
  which STINKS. There must be a better answer.
  Nope, don't think so. You said it doesn't work on linux. Are you claiming that you have a MS SQL Server ODBC driver for linux? If so you need to share it with the world.
  Can you ping the SQL server box from your linux box? Can you telnet to the 1433 port (that tells you if it is open from the linux box.)
  Presumably the SQL Server was NOT installed with NT authorization. Rather it was installed with Database authorization.

• Restrict Table in SE16 Transaction Code

  Hi All,
  Can we restrict some standard table(eg. Mara, mseg, mkpf) in SE16 trsanction code so that they can not browse the restricted tables.
  Couple of days before SOX Audit was carried on and they send some conflicts. I am not able to make it what is these statrements, which i have mentioned in below.
  SE16_CHANGE (Change SAP tables)     
  SE16_CHANGE_CURRENCIES (Change currency table)
  SE16_CLIENT_TABLE (Change client table T000)          
  Thanks & Regards,
  Krushna

  Hello,
  You can restrict access to tables with authorisation object S_TABU_DIS.
  If a query accesses a certain table when it is run, the user needs display authorization for authorization object S_TABU_DIS. Field DICBERCLS must contain the table’s authorization groups.
  This authorization object protects all tables from unauthorized access. If you are accessing tables that are part of a logical database, authorization for data access can be set up using the logical database.
  This is the same authorization that you need in order to be able to display tables using either the Data Browser (transaction SE16) or the initial table maintenance screen (transaction SM31).
  Hope this helps.

• Not allowed to use olsql on this Db

  hello all.....
  I have this message when i try to into plsql developer with connection normal, when i use sysdba no problem but i can't see some stored procedures...
  message full:
  you are not allowed to use pl/sql on this database.
  how i can to fix the problem when i access normal way??
  thanks for you help!!!

  I believe this has to do with custom authorization functionality implemented by the PL/SQL Developer product. See the online help to learn how to either grant the privileges you desire or disable the authorization functionality (note that this will not affect native database authorization, just the optional, custom layer implemented by the PL/SQL Developer product).

• Diffrence between "/ as sysdba" and "sys/pswrd as sysdba"

  hi..
  can anyone plss tell me the difference between...
  sqlplus "/ as sysdba" and "sys/<password>@<SID> as sysdba"
  thanks...

  user12780416 wrote:
  thanks a lot for your answers...
  but what does OS authorization and database authorization means???
  as for example...i dont think we can bounce a database using sys/password@sid.
  for that we have to use / as sysdba...
  (if am not wrong)
  thanks...when you installed Oracle in UNIX for example, you login as Oracle/passwdnix and then did the installation. so Oracle user is the owner of the oracle.
  so when you launched sqlplus / as sysdba, oracle will check whether you logged in to the O/S using Oracle/passwdnix or not.
  if you connect using sqlplus sys/pwdorcl@sid, oracle will authenticate your connection using database user that you created when you create the database after installing oracle. (remember in the OUI, they asked you to put password for SYS, SYSTEM, SYSMAN).
  and @sid need listener to be up, can be done either in the server or client side based on the entry in your tnsnames.ora.
  sqlplus / as sysdba does not require listener to be up but has to be done in the server side.
  Edited by: HGDBA on Mar 21, 2011 10:07 AM

• AUTOMATIC STARTUP OF ORACLE ON WINDOWS NT 3.51

  제품 : ORACLE SERVER
  작성날짜 : 1996-08-16
  There have been many questions regarding the fact that Oracle Workgroup Server
  for WindowsNT does not startup automatically as it does on other desktop platforms.
  Below is a simple workaround for this problem.
  1. Start the Registry by executing the command REGEDT32.
  2. Once in the registry, go down the following tree:
  HKey_local_machine
  software
  microsoft
  WindowsNT
  current version
  winlogon
  3. Within the WINLOGON item, edit the SYSTEM entry and append a command line which
  points to a startup command file (.CMD file), something like the following:
  C:\ORANT\STARTDB.CMD
  (Remember to separate the commands with a comma (,) delimiter)
  4. Make sure in your SERVICES APPLET in the CONTROL PANEL that your Oracle services
  are marked to start manually because the following command file will take care of
  starting you services.
  NOTE: If you use SQL*Net TCP/IP V1, leave that service setup to start automatically
  in your services applet because there is no SID attached to that service.
  Now, within your STARTDB.CMD (or whatever you want to call it) put a command line
  that is similar to the following:
  C:\ORANT\BIN\ORADIM71 -startup -sid orcl -usrpwd oracle -starttype srvc,inst
  NOTE: This is just a sample line that will work for a SID called ORCL with the
  database (authorization) password of ORACLE and is starting up both the services
  and instance with the same command.
  This will startup the database after the WindowsNT has booted, but before anyone
  logs in.
  NOTE: In step #4, if you are working with multiple instances/SID's, you will need to
  repeat the command line for each instance/sid that you have created.
  For more information, refer to "APPENDIX G" in the Oracle 7.1 IUG (Installation and
  Users Guide) because there are many different variations of this command including
  starting up sqlnet V2, edit, delete, etc.

  Hi,
  I'm new with Oracle, and I'm having problems installing the database v8i on Windows XP-Home. My classmates have successfully installed it with both XP-Pro and XP-Home. The problem is that when I click on the Install icon, the disk spins for a while, then nothing happens, and the installation doesn't even start. When I list the files on the CD and click on the setup file and select Run from the pull down menu, and enter my user name (which has administrator privileges) and password, Oracle opens a window with a message that the registry cannot be modified because I don't have permissions, and closes down.
  I know the CD is good, because I tried in a different computer. Are there any settings on Windows that I'm missing? Any help would be much appreciated. Thanks.

• Customer namespace

  Customer objects should lawyas begin with Z or Y.  We have some code from a 3rd party that is prefixed with   /companyname/Y..........
  Is this valid and will not intefere with the SAP namespace for programs?

  Hi,
  During customer development, customer-specific objects are created in the customer namespace.
  Pay attention to the following when developing your own programs and modules:
  Dividing Up Development Tasks
  How might authorizations be distributed amongst your developers?
  Four areas of responsibility come into play here:
  Maintaining ABAP Dictionary elements such as tables, data elements, and domains
  Maintaining database tables
  Maintaining objects such as module pools, function modules, screens, and so on
  Writing documentation
  Authorizations relate both to the object type (program, table, package, and so on) and to the activity (change, display, create, activate, and so on).
  You need to find a way to allow your developers some freedom while ensuring system consistency.
  You might assign authorizations as follows:
  Give developers authorization to edit all programs within an application (this authorization is assigned using the corresponding packages) and to display all ABAP Dictionary objects. Also allow them to create and activate structures and views (data in the database cannot be changed by structures or views).
  Give the person(s) responsible for the ABAP Dictionary authorization to create and activate all Dictionary objects. Give the person(s) responsible for the database authorization to create tables in the database.
  Documentation developers should have appropriate authorization for writing user documentation for the objects (developers may, however, choose to do this themselves).
  Languages
  All SAP objects have an original language; this is the language in which the object was created. To simplify the customer development process, you should agree on a development language in which all objects are to be created.
  You must enter and maintain texts in the original language for each object in your development. You may also translate these into other languages by choosing Tools ® ABAP Workbench ® Utilities ® Translation ® Short/long texts.

• Connecting Oracle RDB through ODBC

  I have my Oracle RDB running in OpenVMS environment. Below is my server configuration.
  SQLSRV> show server;
  Server Version: 7.3
  Server Platform: HP OpenVMS IA64
  Max Shared Mem Size: 8000 Kb
  Config file: SYS$SYSROOT:[SYSMGR]SQLSRV_CONFIG_FILE73.DAT;1
  Log path: SYS$MANAGER:
  Dump path: SYS$MANAGER:
  Proc start time: <none>
  Proc shut time: <none>
  Network Ports: (State) (Protocol)
  DECnet object DBS_SERVER Running Native
  TCP/IP port 2200 Running Native
  Current shared memory usage:
  Allocation unit: 65536 bytes
  Total memory: 8192000 bytes (125 units)
  Free memory: 7864320 bytes (120 units)
  Partly allocated: 262144 bytes ( 4 units)
  Log File: SYS$SYSROOT:[SYSMGR]SQS_I64V82_SQLSRV_MON_0073.LOG;
  Dump File: SYS$SYSROOT:[SYSMGR]SQS_I64V82_SQLSRV_73.DMP;
  Below are my services.
  SQLSRV> show services;
  C l i e n t s E x e c u t o r s
  Name State Per-Exec Max Active Min Max Running
  OCI_SAMPLE RUNNING 1 10 0 1 10 1
  RMU_SERVICE RUNNING 1 100 0 4 100 4
  GENERIC RUNNING 1 10 0 2 10 2
  SQLSRV_MANAGE RUNNING 100 0 1 0 0 0
  I have the below shown dispatchers.
  SQLSRV> show dispatcher;
  Dispatcher SQLNET_DISP
  State: INACTIVE
  Autostart: on
  Max connects: 100 clients
  Idle User Timeout: <none>
  Max client buffer size: 5000 bytes
  Network Ports: (State) (Protocol)
  SQL*Net listener LISTENER1 Unknown SQL/Services
  Log path: SYS$MANAGER:
  Dump path: SYS$MANAGER:
  Dispatcher OCI_DISP
  State: INACTIVE
  Autostart: off
  Max connects: 100 clients
  Idle User Timeout: <none>
  Max client buffer size: 5000 bytes
  Network Ports: (State) (Protocol)
  SQL*Net listener oci_listener Unknown OCI clients
  Log path: SYS$MANAGER:
  Dump path: SYS$MANAGER:
  Dispatcher RMU_DISP
  State: RUNNING
  Autostart: on
  Max connects: 100 clients
  Idle User Timeout: <none>
  Max client buffer size: 5000 bytes
  Network Ports: (State) (Protocol)
  DECnet object RMU_DISP Running Native
  TCP/IP port 1571 Running Native
  Log path: SYS$MANAGER:
  Dump path: SYS$MANAGER:
  Log File: SYS$SYSROOT:[SYSMGR]SQS_I64V82_RMU_DISP00873.LOG;
  Dump File: SYS$SYSROOT:[SYSMGR]SQS_I64V82_RMU_DISP008.DMP;
  Dispatcher SQLSRV_DISP
  State: RUNNING
  Autostart: on
  Max connects: 101 clients
  Idle User Timeout: <none>
  Max client buffer size: 5000 bytes
  Network Ports: (State) (Protocol)
  SQL*Net listener LISTENER1 Running SQL/Services
  TCP/IP port 119 Running SQL/Services
  DECnet object 81 Running SQL/Services
  Log path: SYS$MANAGER:
  Dump path: SYS$MANAGER:
  Log File: SYS$SYSROOT:[SYSMGR]SQS_I64V82_SQLSRV_DIS00373.LO
  G;
  Dump File: SYS$SYSROOT:[SYSMGR]SQS_I64V82_SQLSRV_DIS003.DMP;
  My generic service has the below configuration.
  SQLSRV> show service generic full;
  Service GENERIC
  State: RUNNING
  Owner: APFQA1
  Owner Password: <not specified>
  Protocol: SQL/Services
  Default Connect Username: APFQA1
  Default Connect Password: <not specified>
  SQL version: 7.2
  Autostart: on
  Process init: <not specified>
  Attach: ATTACH 'FILENAME SYS$COMMON:[SYSHLP.EXAMPLES.RDB72
  ]PERSONNEL.RDB'
  Schema: <not specified>
  Reuse: SESSION
  Database Authorization: CONNECT USERNAME
  dbsrc file: <not specified>
  SQL init file: <not specified>
  Appl Transaction Usage: SERIAL
  Idle User Timeout: <none>
  Idle Exec Timeout: 1800 seconds
  Min Executors: 2
  Max Executors: 10
  Running Executors: 2
  Clients Per Executor: 1
  Active Clients: 0
  Access to service GENERIC
  Granted to users:
  Default Connect Username 'APFQA1'
  PUBLIC PRIVILEGED_USER 'APFQA1' 'SQLSRV$DEFLT'
  Now when i try to connect to server using Oracle RDB ODBC driver, it says that connection is refused. I am able to ping to my server machine from client.
  Below is my ODBC configuration
  DataSource Name = Oracle RDB
  Transport            =  2=tcp/ip
  Server                 = 10.60.255.37
  Service                = generic
  UserID                 = apfqa1
  *Attach Statement = ATTACH 'FILENAME SYS$COMMON:[SYSHLP.EXAMPLES.RDB72]PERSONNEL.RDB*
  and this is the error that i get
  FAILED: Service Connection test
  rc=-1
  SQLState=08S01
  *[Oracle][ODBC][Rdb] Connect Ret -1 Err#10061 WSAECONNREFUSED Connection refused*
  And when i try using Microsoft ODBC driver it says
  Details:
  *SQL Error: [Microsoft][ODBC driver for Oracle][Oracle]ORA-12541: TNS:no list*
  ener
  SQL State: NA000 from SQLConnect
  SQL Native Code : 12541
  Can you please let me where I am going wrong and what needs to be done to configure the connection using both Microsoft ODBC and Oracle RDB ODBC drivers.

  user12874786 wrote:
  Ok. I got confused. Let me explain my actual requirement...
  Nice breakdown. Much easier to try to help out from posts like that.
  As per our last discussion, I have downloaded Instant Client Downloads
  there is an application 'adrci.exe', Forget adrci. (it's just an extraneous tool)
  Follow installation instructions. (should include copying oci.dll and oraociei11.dll to a new folder of your choice)
  Finding the right doc in this case might be a little tricky, so try this:
  http://docs.oracle.com/cd/E11882_01/appdev.112/e10646/oci01int.htm#i423362
  If that does not help, call back with a description of what you tried from what document.
  If anything needs to set in environment variable, please let me know, how to do. I haven't worked on environment variables.Depends on your OS.
  But try:
  Windows key / Start button, type in env, choose Edit system environemnt variables.
  Click Environment Variables.... In System variables section in bottom half, scroll down to Path. Select Path line and click Edit...
  In the front of value, add the instantclient folder. E.g. c:\oracle\instantclient;<here comes rest of PATH>
  >
  Also, the same thing happens with PL/SQL Developer, i'm using PL/SQL Developer version: 9.0.6.1665, when I entered username/password/database. The following message occuredYes, it also complains since 32-bit software pieces are missing.
  Edited by: orafad on Sep 19, 2012 11:08 PM

• Authorization on PNP logical database

  My limited understanding of authorization on reports that uses PNP/PNPCE logical database is that if a user who runs the report does not have authorization for any of the declared infotypes then the report stops with message 'no authorization for infotype ...'.  And if the user has authorization for the infotypes but do not have authorizations for some of the PERNRS then it will only display those records that user have authorization for and shows message saying no. of skipped records (of those that user did not have authorization).
  Programmers here say that the users who do not have authorization for some infotypes should still be able to see list for other infotypes that they do have authorization for.
  -- Please shed some light on this and guide me if there is a cookbook/document out there about this.
  Thanks a bunch.
  Netra

  Hi Neha,
  Adding further.
  Each report is different in its own way and there are various ways of controlling the access to the Reports based on ur scenario.
  The first check happens at the P_ABAP level where in it checks the access to the program corresponding to that report and level of access (1,2).
  If these are missing then it goes further to check for the explicit access
  in objects like
  P_ORGIN, P_PERNR etc.
  Now in some of these reports the processing is designed in such a way that if the access to an IT is not available it throughs a error message and the processing of the report stops at that instance (this depends on the message type which has been defined at that instance to be displayed) so at this instance you need to have access to that IT to proceed further but in some other cases the check does happen but the processing continues without stopping at that check failure(example is P_PERNR, the check happens but is not required for processing the report).
  This is one example but there could even more criterion based on which the processing of the report is terminated or allowed to continue depending on the reports utility
  <a href="http://help.sap.com/saphelp_nw2004s/helpdata/en/9f/dbaabc35c111d1829f0000e829fbfe/frameset.htm">The different message types and their significance is as follows</a>
  So what you have been told by programmers is true in some cases but surely not accross all the HR reports and all auth objects.
  Hope this helps
  Manohar
  Message was edited by:
          Manohar Kappala

• Authorization scheme for users stored in a database table?

  Hello!
  I'm trying to find out how to make an authorization scheme for database users.
  I first made an authentication scheme for my current application, I named it "Authentication for database accounts", and the scheme type is "Database Accounts".
  A word of explanation:_
  I have a table in my database, named "USERS". Inside this table, I have the following columns:
  - USERID (NUMBER)
  - USERNAME (VARCHAR2(50))
  - PASSWORD (VARCHAR2(50))
  - EMAIL (VARCHAR2(200))
  For this question, I'll take an example user. The username is USER and the password is USER. Email and UserID don't matter here, but let's just say the UserID is 1.
  What I want:_
  When you go to the application, and you are requested to log in (page 101), then I want a user to be able to log in with the data that has been stored in the USERS table.
  So, on the login page, the user will enter USER as username, and USER as password. The authorization scheme then needs to check whether or not this username and password match the data in the USERS table. If it does, then it must sign the user in with the credentials the user entered (those being USER and USER).
  I also want the UserID to be stored somewhere in the application (if possible, in an application item).
  How do I do this? I've never made an authorization scheme before... I'm not too good with PL/SQL either, but I'm working on that part.
  Any help is greatly appreciated.

  I'm trying to find out how to make an authorization scheme for database users. I think there may be some confusion here. An authorization scheme gives the user access to different parts of an Apex Application. Database users are the users that you use to login to the database, for example with sqlplus.
  From the rest of your post it sounds like you need a custom authentication scheme to validate users against a custom table. For this you need to create a custom authentication scheme and select use my custom function to authenticate. Exactly how you set up the authentication scheme depends on the version of Apex you are using. But an example of validate user function you could use is given below:
  function validate_login (
     p_username   in   varchar2
  , p_password   in   varchar2) return boolean
  is
  v_result varchar2(1);
  begin
  select null into v_result
  from USERS
  where userid = p_username
  and password = p_password;
  return true;
  when no_data_found then return false;
  end validate_login;Once the user has successfully logged on the userid will be in the APP_USER apex substitution string.
  And for Application Express Account Credentials, does this mean an admin must make each new user by hand?If you using Apex account credentials the user details are stored within the Apex tables. You can create users using the Apex admin application or by using the APEX_UTIL.create_user api.
  Rod West

• Database Auth in J2EE and Page authorization, Attn: Frank

  Frank:
  (1) In one of your replies to my queries, you said that page authorization and permissions (the way it is available now in a file based security where one can go to Edit Authorization on each page and grant read/write) is not available in a J2EE Container managed Security with database schema table based security provider that used custom LoginModules till JDev 11. Till then, is there an alternative way?
  (2) Is a tool of some sort in the works for page authorization that can be given to customers? Otherwise it will be nightmare if customers call in and say they want to change authorizations every second and one has to go to JDeveloper to manually check the checkboxes on the pages from "Edit Authorization" and deliver another release after changes.
  (3) Lastly, from your replies, it looks like LoginModules are powerful. You mentioned that you can write one to access multiple database connections to access different tables in different schema etc. is there a link to a how-to that addresses this? (Something that may apply to accessing APPLICATION_USERS in one schema and APPLICATION_ROLES and all the SRDemo tables (as a test case)in another schema. I recall it being there somewhere. I want to get "very" familiar with it. By the way, your DBTableOraDataSourcesLoginModule is working very well with the tables in my Oracle JExpress database. Thanks...
  Thanks

  Hi, Frank,
  I followed your how-to document of Database Authentication and Authorization in J2EE Container Managed Security to set up a test application. However, I came to a point that the authentication and authorization seemed ok but received 401 unauthorized error. Here is the log I received
  2007年11月7日 下午04:52:51 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule login
  細緻: [DBTableOraDataSourceLoginModule]Logon Successful = true
  2007年11月7日 下午04:52:51 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule commit
  細緻: [DBTableOraDataSourceLoginModule]Subject contains 0 Principals before auth
  2007年11月7日 下午04:52:51 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule commit
  細緻: [DBTableOraDataSourceLoginModule]Local LM commit succeeded
  2007年11月7日 下午04:52:51 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule commit
  細緻: [DBTableOraDataSourceLoginModule]Subject contains 5 Principals after auth
  2007年11月7日 下午04:52:51 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule commit
  細緻: [DBTableOraDataSourceLoginModule]Cleaning internal state!
  2007年11月7日 下午04:52:53 oracle.adfinternal.view.faces.application.ViewHandlerImpl _checkTimestamp
  資訊: ADF Faces is running with time-stamp checking enabled. This should not be used in a production environment. See the oracle.adf.view.faces.CHECK_FILE_MODIFICATION property in WEB-INF/web.xml
  What may go wrong? web.xml? system-jazn-data.xml ? application.xml ? or data-sources.xml?
  Your advice would be appreciated.

• Authentication & Authorization with SSO, JAAS and Database Tables mix

  Hi,
  I'm looking for how manage Authentication & Authorization in a J2EE ADF+Struts+JSP application.
  I'm interested in use SSO for authentication (I just did it programatically & dynamically already), and now I would like to could define authorization using database tables with users, groups, profiles, individual permissions, ..., (maitanined dynamically by web application admin) throught JAZN (JAAS or however is said) but not statically defining roles, groups, users, ... in jazn xml files.
  I saw that exists the possibility to create a custom DataSourceUserManager class to manage all this, and this gave me the idea that this could be possible to do (I was thinking in make a custom Authorization API over my application tables, without JAZN) but what is better that use and extended and consolidated aprox like JAZN.
  Anybody could tell me if my idea could be possible, and realizable, and maybe give me some orientation to build this approach.
  A lot of thanks in advanced.
  And sorry, excuse my so bad english.
  See you.

  Marcel,
  Originally the idea was to create a post to only explain how to do authentication using a Servlet filter. However,
  I have recently added code to the JHeadstart runtime and generators to enable both JAAS and 'Custom' authentication AND authorization in generated applications. Therefore, this post will be made after we have released the next patch release, as it will depend on these code changes.
  We currently plan to have the patch release available sometime in the second half of May.
  Kind regards,
  Peter Ebell
  JHeadstart Team