GetAccess SSO and WebLogic J2EE Web app

I have a J2EE web app (servlets/JSPs) running in WLS5.1sp8. I want to use standard
J2EE declarative security to protect the application and a WLS custom security
realm to provide authorisation.
However, I need to use the Entrust getAccess single sign-on infrastructure to
do the initial user authentication. I was hoping there might be some way to propogate
the user's getAccess security credentials into the web application so that when
the user hits a protected web page, they are not prompted to login in again.
However, Weblogic should call into my custom realm with the getAccess provided
user name to check that the user has the correct role.
Anyone have any ideas how/if this is possible?
Thanks,
Martin

That was a good article on how to maintain access levels based on different user roles and i will need it down the lane. Probably, i used a wrong word when i meant 'unauthorized user'.
Actually, let me rephrase it,
Here is my issue rephrased,
1.) My problem is during authentication phase, I want a functionality where a person is redirected to login page by default if he tries to paste URL of some intermediate page of application directly without logging in.
2.) This would also pop up another question, which would be what is the best practice to maintain a user's info i.e. his login credentials throughout the application (I am just storing his user id along with a flag which says its true.) .
Right now, the way i do is, in each action after the user logs in, I check for a session attribute which tells if he has logged. Based on this check, I forward to the next page. But, i think its quite redundant and probably not a best practice. Hence, I need some other elegant way of achieving this.

Similar Messages

  • Integrating Digital Signatures into J2EE Web App

    I have a requirement to add digital signature functionality to a J2EE web application. Our customers would like to press a �sign� button on a web page, be prompted to connect their hardware security token (e.g. USB device or smart card), and the signatures stored inside our system for later verification (e.g. in court).
    The main issue I can see is that when using hardware-based tokens the private key can never leave the device, so the device itself does the signing. Whereas our J2EE Web Application has all the code on the app server tier, and the data is located on the database (and in our architecture cannot be exported to client PCs for security reasons).
    Does anyone know of any solutions to this kind of requirement? Any vendor toolkits that allow this? From what I�ve read from researching this subject the pieces are all there but most web-based security solutions only implement application login authentication of one sort or another.

    Hi Tony,
    As of DIAdem 2012 there is no product feature that makes it easier to create a web front end to DIAdem.  You can host DIAdem with a terminal services approach such as Citrix, which will give you all of DIAdem's functionality in a web GUI.  You can also host DIAdem on a cloud server if that's where your data is.
    On final option is that LabVIEW offers a user programmable web server which can make calls to DIAdem via ActiveX.
    Brad Turpin
    DIAdem Product Support Engineer
    National Instruments

  • SharePoint 2013 and MS Office Web Apps - error in sharepoint's url calls OWAps

    I have new SharePoint 2013 Server farm and one dedicated Office Web Apps (OWAps) server.
    This farm is placed in one domain (Acompany.local). There is other domain BCompany.local whitch has both trusted to first domain (two diffirent forests, two company's branches).
    Users from second domain BCompany.local well see intranet portal, build in sharepoint in the first domain (url like http://intranet.Acompany.local).
    But, when they try to use OWAps, f.e. whatching preview or try to open docs for edit in browser - they see error in frame.
    I'm looked it in google chrome's developer tools and find' that sharepoint use wrong url to call OWAps - like http://owaps/... instead of http://owaps.Acompany.local/...
    When I created new office web app farm by:
    New-OfficeWebAppsFarm -InternalURL "http://owaps.Acompany.local" - ExternalURL "http://owaps.Acompany.local" -AllowHttp -EditingEnabled
    And in sharepoint farm new SWOPI binding by:
    New-SPWOPIBinding -ServerName "http://owaps.Acompany.local" -AllowHTTP
    Get-SPWOPIBinding tell that all SWOPI bindings are http://owaps.Acompany.local, but in devtools I continue to see wrong http://owaps/... url
    Any idea to fix this behavior?

    The reason WAC is recommended to be installed on a dedicated server is that it recreates the IIS sites/settings. This is why you're seeing the setting reset itself after restart.
    What I'd probably recommend is creating a script that queries the WAC URL on a regular basis.
    Trevor Seward
    Follow or contact me at...
    &nbsp&nbsp
    This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

  • How do I automate the creation of a client secure zone, file/folder structre and integrate a web app

    I want to be able to create a folder and file structure for each accoun subscriber to my site that will allow them to edit their "web-space" on my site.
    So basically when they register for an account they'll have a webpage, a folder structre, a page that will contain a web app.
    I want the user to be able to specify their "account name" so for example if they want John's Page the URL would be www.MYSITE.COM/Johnspage. Would this need to be done through re-directs?
    Thanks in advance

    Hi there,
    BC is not a platform for this sort of thing. You can not automate this process in BC and give them micro sites in this way. Which I have already covered for you.
    Your best to look at other platforms.
    Since you have already basically asked this here:
    http://forums.adobe.com/thread/1264270
    You can add and update that thread and I am closing this one to avoid confusion with other people resonding to you and to avoid double up's

  • Page after filling in web form and Css on Web apps

    Hi All.
    I have two questions.
    1. How do I customise the page that appears after a web form has been filled in. The page the sumarises the details filled and thanks the user for filling in the form?
    2. We have created a web app to display info on a page, which it does, but it isn't pulling the CSS styling from the main template. To make it work we have been putting inline CSS in the web app code, but this isn't ideal. Is there a way to make it look for the main CSS?
    Thanks
    Ken

    Hi Ken,
    1. You can find it under Site Manager > System Pages > Web Forms Confirmation Page
    2. Does the detail page/web app item use a template? Did you make sure the referencing looks something like this: <link rel="stylesheet" href="/css/styles.css" />?
    Nicole - BCGurus.com

  • Securing a J2EE web app

    Hi, probably the wrong place to put this but i couldn't find anywhere more suitable :-p
    I've got a web app that i've got secured using a JDBC realm, using web.xml configuration etc and all is well. However I want to limit it so that if a user logs in then no-one can log in again with the same credentials until said user has logged out. Is this possible out of the box with JEE5 or do i have to implement something myself to redirect output.
    Regards
    ARB

    Not sure how 'out the box' you want.
    Tomcat has this feature which can be configured by adding username/password paris to an xml file, I realise Tomcat is not part of the JEE5 bundle but it is 'out the box' and you need a server, right?

  • Single Reverse Proxy and multiple Office Web App Servers

    Hi all,
    I have recently installed a new office web apps server pool in my new location and configured it in my Lync topology as well. 
    I have a single Reverse Proxy (IIS ARR). Inside my Reverse Proxy I have created a new web farm for my new web apps server. The configuration of old web apps server. I have copied the settings from my old web app's web
    farm in IIS including its Inbound rule regular expression.
    Now when I try to upload a powerpoint as an external guest hoping to hit my new web apps server, my reverse proxy tries to hit my old office web apps server and no traffic is sent from reverse proxy to new web apps. 
    my reverse proxy shows the health of the new farm as healthy.
    should the inbound rules be different for these farms in reverse proxy? 
    Any suggestions are welcomed.
    Thanks,

    Hi,
    In addition to Luca's comment in order to determine if the farm is actually working correctly in the first instance, did you disable or remove the old server farm?
    Can you also confirm that there are no static routes in place on the IIS ARR box?
    Kind regards
    Ben
    Note: If you find a post informative, please mark it so using the arrow to the left. If it answers a question you've asked, please mark the thread as answered to aid others when they're looking for solutions to similar problems or queries.

  • Weblogic 7 web app redeployment

    I have weblogic 7 sp2 running on win2000. Application is EAR portal
    application with web application.
    I am trying to redeploy only web application. It works from console
    but recompilation of classes or touching REDEPOY file doe not work.
    To make it more interesting, if I touch REDEPLOY in META-INF directory
    of the EAR weblogic redeploy entire application....
    Could you give me any suggestions? Thanks.
    D.

    There is an on-going discussion within BEA about partial redeployment of an EAR.
    I would call 888.232.7878 (BEA support) and ask them for the latest efforts in
    this area.
    Hope this helps,
    pat
    [email protected] (Du) wrote:
    I have weblogic 7 sp2 running on win2000. Application is EAR portal
    application with web application.
    I am trying to redeploy only web application. It works from console
    but recompilation of classes or touching REDEPOY file doe not work.
    To make it more interesting, if I touch REDEPLOY in META-INF directory
    of the EAR weblogic redeploy entire application....
    Could you give me any suggestions? Thanks.
    D.

  • Hyper-V Core and OWIN/Katana web app

    Hi, Is it possible to run an OWIN/Katana app on Hyper-V Core?
    Best Regards Biagio Paruolo Italy

    Actually, with one server being Intel and the other being AMD, you cannot cluster them.  Nor can you do live migration because of the different processor types.
    In regards to the management of the Hyper-V hosts, it is much easier to keep them both in the same domain.  You can manage them if they are not part of the domain, but it requires more set-up, so I would keep them in the domain, particularly for your
    home lab.
    As for best practices, here is a good blog post -
    http://blogs.technet.com/b/askpfeplat/archive/2013/03/10/windows-server-2012-hyper-v-best-practices-in-easy-checklist-form.aspx
    . : | : . : | : . tim

  • Re: DBMS Realm and Weblogic as Web Server

     

    oops , forgot the link
    http://www.weblogic.com/docs51/examples/security/rdbmsrealm/Package-examples.security.rdbmsrealm.html
    "Rahul Rele" <[email protected]> wrote:
    >
    I think this link will give you all the answers.
    Andre Barnes <[email protected]> wrote:
    How did you configure the RDBMS realm? How does it know
    what table name and fields the realm is to use?

  • Building and deploying a web app in a folder in Oracle 10 g app server

    Hi,
    Can anyone please tell me how to deploy a web application in oracle Oracle 10g appserver.I want to do it manually not through adminoc4j console or through the command prompt. A quick response to this will be highly appreciated

    Hi Sujith,
    To manually deploy a web application (for eg: an ear file), you would have to place the ear file in the following location:
    <oc4j_instance>/applications
    Also, you would have to modify the config files viz. the server.xml and http-web-site.xml in case of ear files.
    The oc4j instance would then have to be bounced.
    For more help please refer to:
    http://www.idevelopment.info/data/Oracle/DBA_tips/OC4J_903/OC4J_9.shtml
    Alternatively you can also perform the deployment using the Enterprise Manager console.
    Thanks,
    Rashmi.

  • SSO using WebLogic app server and AD as the auth source

    Hi All,
    I am trying to setup SSO on 10gR3 using MS Active Directory as the auth source and WebLogic as the app server.
    Do I have to create a custom SSO or can this setup be configured using the basic SSO and config changes?
    Any help or guidance will be appreciated.
    Cheers
    Bob

    There are many ways. The generic answer is federation via SAML, look at the docs for Oracle Identity Federation.

  • WebLogic J2EE Security for Outside Apps

    We have a large client migrating to J2EE Web apps/services using WebLogic from
    Cold Fusion Web apps and TCL/TK client/server applications.
    We want to create a Single Sign On access to all apps. The J2EE Web apps can
    utilize WebLogics implementation of JAAS which nicely provides SSO. Can this
    impl be exposed to these Cold Fusion /client-server apps so we could provide a
    heterogensous SSO implementation? That is, is there in API we could call from
    say the Cold Fusion web app upon entry to go see if the user has current session
    in WebLogic? On the flip side, if the user first accesses the Cold Fusion web
    app before the WebLogic web app, is there an API call we could make from the Cold
    Fusion web app to create an authenticated user session in Weblogic, so that when
    the user then goes to the WebLogic web app, they are already logged in? That
    would be great if we could. I'm wondering...
    Thanks.

    It's likely you'll need some kind of perimeter authentication technique so users
    can move between webapps and not require login. You might consider posting your
    question the the weblogic.developer.interest.servlet newsgroup as well.
    One thing that may help you is a past post which gives some details on combining
    form and perimeter authentication via login form. The idea is to use a token which
    can be sent in the request that would login the user without requiring authentication
    but actually authenticate the user when the token is unavailable.
    http://newsgroups.bea.com/cgi-bin/dnewsweb?cmd=article&group=weblogic.developer.interest.security&item=11697&utag=
    -Craig
    "Sean Cohan" <[email protected]> wrote:
    >
    We have a large client migrating to J2EE Web apps/services using WebLogic
    from
    Cold Fusion Web apps and TCL/TK client/server applications.
    We want to create a Single Sign On access to all apps. The J2EE Web
    apps can
    utilize WebLogics implementation of JAAS which nicely provides SSO.
    Can this
    impl be exposed to these Cold Fusion /client-server apps so we could
    provide a
    heterogensous SSO implementation? That is, is there in API we could
    call from
    say the Cold Fusion web app upon entry to go see if the user has current
    session
    in WebLogic? On the flip side, if the user first accesses the Cold Fusion
    web
    app before the WebLogic web app, is there an API call we could make from
    the Cold
    Fusion web app to create an authenticated user session in Weblogic, so
    that when
    the user then goes to the WebLogic web app, they are already logged in?
    That
    would be great if we could. I'm wondering...
    Thanks.

  • Obiee 11g and custom j2ee app using the same cookie name

    Hi,
    I wrote a same j2ee web application. i'am using authentification through a realm configured in the web.xml.
    This web app is deployed in the same weblogic than obiee 11g. What i want to do is to embed my application in a dashboard using an iframe tag, and use the same login from analytics to my custom web app.
    In this article http://docs.oracle.com/cd/E11035_01/wls100/security/thin_client.html#wp1039551, it is said that by default, all web apps in the sames weblogic server are using the same cookie name so that they share authentification between them. However, i have read in the web that analytics in obiee 11g is using a cookie with the name "ORA_BIPS_NQID".
    In the weblogic.xml of my custom application, i set the cookie-name parameter to ORA_BIPS_NQID. However, in the dashbord, it still prompt for authentification to my custom web app.
    How can we share authentification between analytics and a custom web app in the same weblogic ?
    NB : I dont want to pass the username et password through the url.
    Thanks.

    By default, if you don't specify a cookie-name in the weblogic.xml configuration file, the weblogic server create a cookie named JSESSIONID for your application. For exemple, if two applications use the default configuration, both of them will use the same cookie name which is JSESSIONID. In this case, when you log in the first application, your are automaticaly logged in the second application with the same credentials. I have already test this kind of integration and it works perfectly. You only need that the two applications are deployed in the same weblogic server.
    Now, i want to have the same behaviour between obiee 11g and my custom application deployed in the same weblogic server. I read somewhere in the web that obiee 11g presentation service (analytics) is configured with a cookie-name value = "ORA_BIPS_NQID". So in the weblogic.xml configuration file of my web app, i specify a cookie-name value = "ORA_BIPS_NQID" to have the same cookie-name between the two application. But, it still not work. It prompt for authentification in the dashboards.
    I now, that such an integration is possible, because the other bi applications (mapviewer, bipublisher,...) are actually other web applications. However when using, for exemple, maps in dashbords, the mapviwer application automaticaly user the credentials of the user connected in analytics.

  • SharePoint 2013 SP1 and Office Web Apps SP1 not working using HTTP

    Hi I had problems installing and configuring Office Web Apps 2013 SP1 integrated with SP 2013 SP1.
    Do you know if there is any issue?
    This is the error in the owa side:
    Event code: 3005
    Event message: An unhandled exception has occurred.
    Event time: 4/24/2014 10:04:54 PM
    Event time (UTC): 4/24/2014 9:04:54 PM
    Event ID: 86c0893b9e89427babde2c4e931e0a28
    Event sequence: 17
    Event occurrence: 2
    Event detail code: 0
    Application information:
    Application domain: /LM/W3SVC/2/ROOT/wv-1-130428459380785645
    Trust level: Full
    Application Virtual Path: /wv
    Application Path: C:\Program Files\Microsoft Office Web Apps\WebWordViewer\
    Machine name: SPS-OWAS01
    Process information:
    Process ID: 13696
    Process name: w3wp.exe
    Account name: NT AUTHORITY\NETWORK SERVICE
    Exception information:
    Exception type: HttpUnhandledException
    Exception message: Exception of type 'System.Web.HttpUnhandledException' was thrown.
    at System.Web.UI.Page.HandleError(Exception e)
    at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
    at System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
    at System.Web.HttpContext.InvokeCancellableCallback(WaitCallback callback, Object state)
    at System.Web.UI.Page.LegacyPageAsyncInfo.CallHandlersPossiblyUnderLock(Boolean onPageThread)
    at System.Web.UI.Page.LegacyPageAsyncInfo.CallHandlers(Boolean onPageThread)
    Unable to determine zone from request
    at Microsoft.Office.OpenWebApplication.WopiOM.DecomposeWopiUrl(List`1 actionList, HttpRequest request, WopiAction currentAction, String extension, Boolean forceSsl)
    at Microsoft.Office.Web.Apps.Environment.WacServer.WSUrlAdapter.ChangeActionInWacUrl(HttpRequest request, WacUrlApplication application, WacUrlAction currentAction, WacUrlAction targetAction)
    at Microsoft.Office.Web.WordViewer.Controls.Application.RegisterApplicationInit()
    at Microsoft.Office.Web.Common.AApplication.OnPreRender(EventArgs e)
    at Microsoft.Office.Web.WordViewer.Controls.Application.OnPreRender(EventArgs e)
    at System.Web.UI.Control.PreRenderRecursiveInternal()
    at System.Web.UI.Control.AddedControl(Control control, Int32 index)
    at System.Web.UI.Control.RenderControlInternal(HtmlTextWriter writer, ControlAdapter adapter)
    at System.Web.UI.Control.RenderChildrenInternal(HtmlTextWriter writer, ICollection children)
    at System.Web.UI.Page.Render(HtmlTextWriter writer)
    at System.Web.UI.Control.RenderControlInternal(HtmlTextWriter writer, ControlAdapter adapter)
    at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
    Request information:
    Request URL:
    http://sps-owas01/wv/wordviewerframe.aspx?ui=en-US&rs=en-US&WOPISrc=http://sharepoint.internal/_vti_bin/wopi.ashx/files/8b568ecdf89c44d8afd4132bc0b82b32&sc=http://sharepoint.internal/SitePages/Home.aspx&wdEnableRoaming=1
    Request path: /wv/wordviewerframe.aspx
    User host address: 10.10.199.27
    User:
    Is authenticated: False
    Authentication Type:
    Thread account name: NT AUTHORITY\NETWORK SERVICE
    Thread information:
    Thread ID: 7
    Thread account name: NT AUTHORITY\NETWORK SERVICE
    Is impersonating: False
    Stack trace: at System.Web.UI.Page.HandleError(Exception e)
    at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
    at System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
    at System.Web.HttpContext.InvokeCancellableCallback(WaitCallback callback, Object state)
    at System.Web.UI.Page.LegacyPageAsyncInfo.CallHandlersPossiblyUnderLock(Boolean onPageThread)
    at System.Web.UI.Page.LegacyPageAsyncInfo.CallHandlers(Boolean onPageThread)
    Custom event details:
    José Quinto Zamora SharePoint and Search Specialist MCITP and MCPD in SharePoint 2010
    http://joSharePoint.com

    It show me also this message:
    <meta content="width=device-width" name="viewport" /><style></style>
    Server Error in '/wv' Application.
    Unable to determine zone from request
    Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
    Exception Details: Microsoft.Office.OpenWebApplication.DiscoveryEntryNotFoundException: Unable to determine zone from request
    Source Error:
    An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.
    Stack Trace:
    [DiscoveryEntryNotFoundException: Unable to determine zone from request]
    Microsoft.Office.OpenWebApplication.WopiOM.DecomposeWopiUrl(List`1 actionList, HttpRequest request, WopiAction currentAction, String extension, Boolean forceSsl) +598
    Microsoft.Office.Web.Apps.Environment.WacServer.WSUrlAdapter.ChangeActionInWacUrl(HttpRequest request, WacUrlApplication application, WacUrlAction currentAction, WacUrlAction targetAction) +161
    Microsoft.Office.Web.WordViewer.Controls.Application.RegisterApplicationInit() +1766
    Microsoft.Office.Web.Common.AApplication.OnPreRender(EventArgs e) +1531
    Microsoft.Office.Web.WordViewer.Controls.Application.OnPreRender(EventArgs e) +17
    System.Web.UI.Control.PreRenderRecursiveInternal() +113
    System.Web.UI.Control.AddedControl(Control control, Int32 index) +12375740
    System.Web.UI.Control.RenderControlInternal(HtmlTextWriter writer, ControlAdapter adapter) +150
    System.Web.UI.Control.RenderChildrenInternal(HtmlTextWriter writer, ICollection children) +246
    System.Web.UI.Page.Render(HtmlTextWriter writer) +40
    System.Web.UI.Control.RenderControlInternal(HtmlTextWriter writer, ControlAdapter adapter) +150
    System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +5363
    José Quinto Zamora SharePoint and Search Specialist MCITP and MCPD in SharePoint 2010
    http://joSharePoint.com

Maybe you are looking for

  • HT201272 Have the problem in app purchase

    I have the problem about in app purchase. I purchased in app " Contract Killer 2" It 's error to tranfer process.I didn't get anything After that I got bill from your app . Please check and I 'm not sure i have to pay those bills or not. I have 2 acc

  • InDesign CS4 printing weirdness

    Hi: I just upgraded, fairly painlessly, from CS3 to CS4. Following all of the updates, everything is working fine except for my most common print preset in InDesign. I print short documents on 8.5x11 paper, 2-sided, landscape. No matter how many thin

  • AS2 logging payload = encrypted payload in b2b.log, how to see decrypted ?

    I'm trying to diagnose an issue with a Trading Partner which may be sending unexpected characters. The b2b.log (DEBUG) has this : 2009.11.16 at 14:29:52:536: RMI TCP Connection(2)-172.27.24.20: B2B - (DEBUG) oracle.tip.adapter.b2b.document.custom.Cus

  • Edit in Photoshop Fixed in 2.1--Well not really!

    Just downloaded the 2.1 update and tried out one of my major annoyances which was the edit in Photoshop bug which would not automatically add the file back into Lightroom. Now when I do it, seems to edit the photo, then save it back to Lightroom. Onl

  • Help cant open cd player

    how do I 0pen my cd player on my dell labtop