Help - using custom login module with embedded jdev oc4j to access ejb 3

Similar Messages

• Custom login module with 10.1.3

  Hello all,
  I've been trying out Frank N's custom login module (http://www.oracle.com/technology/products/jdev/howtos/10g/jaassec/index.htm) with JDev 10.1.3/OC4J 10.1.3 and am not having much luck.
  Whenever I add <property name="role.mapping.dynamic" value="true"/> to orion-application.xml, the application fails to deploy with java.lang.InstantiationException. I even get this error when I try to set up a custom login module using the enterprise manager for OC4J 10.1.3. Is this a bug, or does the doc need to be updated? Without this item configured, I do get the basic login prompt, but no logging or anything - which indicates to me that the custom login module is not even being called. Nothing on metalink either.
  Thanks,
  John

  hmm i dont know... custom login module (db authentication) definitely works with standalone 10.1.3.0.0 and jdevloper standalone, but it doesnt work with jdev embeded oc4j (jdevstudio1013\jdev\system\oracle.j2ee.10.1.3.36.73\embedded-oc4j)
  i have the code, and it works.. however the application is entirerly made in jdev 10.1.3.04 production, it is not migrated from previous jdev.. make sure to deploy from war file (i have prob to deploy from ear)
  the only big problem i got is to setup ssl in separate oc4j standalone (ssl works with jdev standalone) and make client athentication to work
  because it wont run as it should.. (i did not have this prob in 10.1.2.1)

• Security constraints not being applied after using custom login module

  I am using form based authentication and I applied the custom login module - DBProcLoginModule to work with the embedded OC4J (JDeveloper 10.1.3.2). I have specified two security contraints in web.xml. The authentication is working correctly, however the security contraints are not being applied. All users are able to access all url resources. The security constraints were working properly before applying the custom login module. Pls help.
  Leena

  Hi,
  if "All users are able to access all url resources" then this indicates that the RL isn't properly protected. If the authorization would fail then noone would have access and you would see error code 401
  Make sure the role names in web.xml are the same as added by the LoginModule. Also make sure you set the dynamic.role property and the custom security provider property in the orion-application.xml
  <jazn provider="XML">
       <property name="custom.loginmodule.provider" value="true"/>
       <property name="role.mapping.dynamic" value="true"/>
  </jazn>
  Note that the above is not required (because done automatically) if the custom LoginModule configuration is deployed through the orion-application.xml file
  Frank

• Custom Login Module with Adf 11g and and weblogic server

  I have configured adf security on my application. I have checked the authentication and authorization are working fine with the default authenticator.
  I am trying to create a custom login module. I have downloaded the custom login module implementation jaasdatabaseloginmodule.zip http://www.oracle.com/technetwork/developer-tools/jdev/index-089689.html. I have added the DBLoginModule.jar to my application. post written by Frank Nimphius and Duncan Mills
  I have configured the jps config under the application resources with these entries.
  <jpsConfig xmlns="http://xmlns.oracle.com/oracleas/schema/11/jps-config-11_1.xsd" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://xmlns.oracle.com/oracleas/schema/11/jps-config-11_1.xsd">
  <property value="true" name="custom.provider"/>
  <property value="doasprivileged" name="oracle.security.jps.jaas.mode"/>
  <serviceInstance name="CustomFFMLoginModule"
  provider="jaas.login.provider">
  <property name="jaas.login.controlFlag" value="REQUIRED"/>
  <property name="log.level" value="FINEST"/>
  <property name="debug" value="true"/>
  <property name="addAllRoles" value="true"/>
  <property name="loginModuleClassName"
  value="oracle.sample.dbloginmodule.DBTableLM.ALSDBTableLoginModule"/>
  <property value="jdbc/ApplicationDBDS" name="data_source_name"/>
  </serviceInstance>
  <jpsContexts default="FFMSecurityDAM">
  <jpsContext name="FFMSecurityDAM">
  <serviceInstanceRef ref="CustomFFMLoginModule"/>
  <serviceInstanceRef ref="credstore"/>
  <serviceInstanceRef ref="anonymous"/>
  <serviceInstanceRef ref="policystore.xml"/>
  </jpsContext>
  When I run the application this custom login is not getting invoked.
  I even tried to add these contents to DefaultDomain\config\fmwconfig\jps-config.xml still no result.
  Can anyone who has configured custom login module direct me how to correct my application.

  Hi Frank,
  After following the documentation suggested. I am able to create custom authenticator. But when I login I getting the below exception. When I debugged login method returned true. But this error is being thrown after that. Any clue.
  java.lang.IllegalArgumentException: [Security:097531]Method com.bea.common.security.internal.service.PrincipalValidationServiceImpl.sign(Principals) was unable to sign a principal
       at com.bea.common.security.internal.service.PrincipalValidationServiceImpl.sign(PrincipalValidationServiceImpl.java:188)
       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
       at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
       at java.lang.reflect.Method.invoke(Method.java:597)
       at com.bea.common.security.internal.utils.Delegator$ProxyInvocationHandler.invoke(Delegator.java:57)
       at $Proxy10.sign(Unknown Source)
       at weblogic.security.service.internal.WLSIdentityServiceImpl.getIdentityFromSubject(WLSIdentityServiceImpl.java:63)
       at com.bea.common.security.internal.service.JAASLoginServiceImpl.login(JAASLoginServiceImpl.java:119)
       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
       at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
       at java.lang.reflect.Method.invoke(Method.java:597)
       at com.bea.common.security.internal.utils.Delegator$ProxyInvocationHandler.invoke(Delegator.java:57)
       at $Proxy16.login(Unknown Source)
       at weblogic.security.service.internal.WLSJAASLoginServiceImpl$ServiceImpl.login(WLSJAASLoginServiceImpl.java:91)
       at com.bea.common.security.internal.service.JAASAuthenticationServiceImpl.authenticate(JAASAuthenticationServiceImpl.java:82)
       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
       at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
       at java.lang.reflect.Method.invoke(Method.java:597)
       at com.bea.common.security.internal.utils.Delegator$ProxyInvocationHandler.invoke(Delegator.java:57)
       at $Proxy34.authenticate(Unknown Source)
       at weblogic.security.service.WLSJAASAuthenticationServiceWrapper.authenticate(WLSJAASAuthenticationServiceWrapper.java:40)
       at weblogic.security.service.PrincipalAuthenticator.authenticate(PrincipalAuthenticator.java:348)
       at weblogic.servlet.security.internal.SecurityModule.checkAuthenticate(SecurityModule.java:237)
       at weblogic.servlet.security.internal.SecurityModule.checkAuthenticate(SecurityModule.java:186)
       at weblogic.servlet.security.internal.FormSecurityModule.processJSecurityCheck(FormSecurityModule.java:254)
       at weblogic.servlet.security.internal.FormSecurityModule.checkUserPerm(FormSecurityModule.java:209)
       at weblogic.servlet.security.internal.FormSecurityModule.checkAccess(FormSecurityModule.java:92)
       at weblogic.servlet.security.internal.ServletSecurityManager.checkAccess(ServletSecurityManager.java:82)
       at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2204)
       at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2174)
       at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1446)
       at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
       at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)

• Custom login page with Policy Agent 2.2 & Access Manager

  Hi,
  I’m trying to set up policy agent 2.2 and Access Manager to use the login page of the application I’m trying to secure. I’m not sure if this is the correct forum or not so feel free to move this if need be.
  I’ve been using this link: http://docs.sun.com/source/816-6884-10/chapter3.html#wp25376 but it doesn’t seem to make sense.
  In my AMAgent.properties file I’ve set up
  com.sun.identity.agents.config.login.form[0]=/contextRoot/login/login.jsp to my login page and I’ve also configured the web.xml for that application to use the login:
       <login-config>
            <auth-method>FORM</auth-method>
            <form-login-config>
                 <form-login-page>/login/login.jsp</form-login-page>
                 <form-error-page>/login/login.jsp</form-error-page>
            </form-login-config>          
       </login-config>
  When I try and access the login page I’m redirected to the default access manager login page. I did notice in the AMProperties.xml file the following line:
  com.sun.identity.agents.config.login.url[0] = http://amserverhost:80/amserver/UI/Login
  It seems like I should change that to point to my login page but I didn’t see any documentation supporting that. When I change that property to point to location of my login page, i get a redirect loop error.
  When I remove the com.sun.identity.agents.config.login.form[0] property all together, I just get a resource restricted error.
  Now when I configure the com.sun.identity.agents.config.login.form[0] property, set the config.login.url = to my login page AND set the com.sun.identity.agents.config.notenforced.uri[0] property equal to my login page (so the login page is no longer protected) I am able to see the login page
  Is unrestricting the login page correct? I’m able to access the login.jsp page directly and when I try and access protected resources I’m redirected back to the login page so everything seems to be working correctly but I’m not sure if this is the correct way.

  Hi Neeraj,
  I still have not been able to resolve that issue. Let me know If you find a solution for the same.
  Thanks,
  Srinivas

• JAAS Custom Login Modules does not run on JDev/OC4J 10.1.3, pls help...

  Hi all,
  I trying to use Custom Login Modules as described on :
  http://www.oracle.com/technology/products/jdev/howtos/10g/jaassec/index.htm
  I open the DBLMTest.jws in JDeveloper 10.1.3.1, after completing the required steps, I try deploy it into OC4J Stand alone 10.1.3.
  I get ERROR :
  application : foo is in failed state
  Operation failed with error:
  java.lang.InstantiationException
  The cause of the error is the two lines below that I add into orion-application.xml :
  <property name="role.mapping.dynamic" value="true"/>
  <property name="jaas.username.simple" value ="true" />
  If I remove the two lines, it deploys succesfully.
  Please helpp... I have to implement security in our apps very soon....
  Thank you very much,
  xtanto
  The complete trace of deployment error :
  ---- Deployment started. ---- Apr 4, 2007 5:25:19 PM
  Target platform is Standalone OC4J 10g 10.1.3 (oc4j_oracle).
  Wrote WAR file to D:\_JDEV1013.APPs\jaasdatabaseloginmodule\JDeveloper1012Workspaces\DBLMTest\Project\deploy\DBLMTest.war
  Wrote EAR file to D:\_JDEV1013.APPs\jaasdatabaseloginmodule\JDeveloper1012Workspaces\DBLMTest\Project\deploy\DBLMTest.ear
  Uploading file foo.ear ...
  Uploading file foo.ear ...
  Application Deployer for foo STARTS.
  Copy the archive to C:\OC4J\j2ee\home\applications\foo.ear
  Initialize C:\OC4J\j2ee\home\applications\foo.ear begins...
  Unpacking foo.ear
  Done unpacking foo.ear
  Unpacking DBLMTest.war
  Done unpacking DBLMTest.war
  Initialize C:\OC4J\j2ee\home\applications\foo.ear ends...
  Starting application : foo
  Initializing ClassLoader(s)
  Initializing EJB container
  Loading connector(s)
  application : foo is in failed state
  Operation failed with error:
  java.lang.InstantiationException
  Deployment failed
  Elapsed time for deployment: 4 seconds

  Hello there again xtanto,
  I blogged about this last year - perhaps you could run over to http://stegemanoracle.blogspot.com and have a look. I'd send you the exact link, but I cannot access blogspot from work.
  John

• Error using 10.1.3 Security Provider:3rd party LDAP or Custom Login Module

  Hello all,
  After deploying my JSF/ADF application using Jdeveloper 10.1.3 to Oracle Application Server 10.1.3, I used the Application Server control to change the 'Security Provider' configuration:
  1. Using 3rd Party LDAP Provider (Novell eDirectory)
  I get the following error when restarting the application with the new config.
  06/06/21 16:42:32 Error while configuring security provider MBean for application AccessList
  06/06/21 16:42:32 java.lang.ClassNotFoundException: oracle/security/jazn/jmx/CustomLDAPSecurityProvider
  2. Using Custom Login Module (again programmatically talks to eDirectory and it works in UIX/10.1.2 application)
  I get the following error when restarting the application with the new config.
  06/06/21 14:31:19 Error while configuring security provider MBean for application AccessList
  06/06/21 14:31:19 java.lang.ClassNotFoundException: oracle/security/jazn/jmx/LoginModuleSecurityProviderAlso, I get this error with both the settings..
  06/06/21 14:31:19 WARNING: Application.setConfig Application: AccessList is in failed state as initialization failedjava.lang.
  InstantiationException
  Jun 21, 2006 2:31:19 PM com.evermind.server.Application setConfig
  WARNING: Application: AccessList is in failed state as initialization failedjava.lang.InstantiationException
  06/06/21 14:31:19 java.lang.InstantiationException
  06/06/21 14:31:19       at com.evermind.server.ApplicationStateRunning.initDataSources(ApplicationStateRunning.java:1424)
  06/06/21 14:31:19       at com.evermind.server.ApplicationStateRunning.initializeApplication(ApplicationStateRunning.java:195)
  java.lang.ClassNotFoundException error leads me to believe, I am just missing to include some libraries..
  I have included "bc4j.security" in my web project and I am not sure if that is what is needed!
  Will appreciate your help..
  Thanks,
  Karthik

  The problem i had with my Custom login module was that JDeveloper includes the datasources listed in the connection tab.
  When JDeveloper does that it writes the username and password in the jazn-data.xml. But with the Custom Login module the reference in de data-source declaration cannot find the password. that's why i got the InstantiationException at the initDataSources point.
  In tools>preferences>deployment you can uncheck the option:
  Bundle Default data-sources.xml During Deployment.
  The problem with this is when i specify a datasource in the data-sources.xml i included myself, jdeveloper will also put de datasources under the Connections tab in the data-sources.xml.
  Does anyone knows how to stop jdeveloper putting the datasources automatic in the file, or how to prevent jdeveloper storing the password in jazn-data.xml?

• Custom Login Module for Tomcat to procted apps using Oracle Access Manager

  Hi all,
  I have the following scenario.
  A web application deployed in Tomcat to be protected using OAM. One solution is to use Access Gate though we have other alternative as Proxy infront of Tomcat with a webgate. Now I am implementing the Access Gate solution.
  So, when the user clicks the tomcat application, then the prompt (BASIC) appears for login details. custom login module should kick in and take those login details and authenticate against OAM using Access SDK API.
  I have created access gate profile and installed Access SDK. Ran the ConfigureAccessGateTool as well.
  I did some research googling for login module. I came to know that we need to write a custom realm for it. So, this realm implementation involves specifying role-name etc., in web.xml where the role-name would have been defined in tomcat-users.xml.
  This means that the user trying to authenticate against OAM has to have some roles defined in Tomcat to login. I didnot understand the flow end to end as how this will work.
  Please let me know if anybody has done this of customization.
  Thanks,
  Mahendra.

  Hi Ambarish,
  Initially I thought of implementing the way you suggested in Option 2.
  But there will be various redirections when we use option 2 as the login page should redirect it to a page where OAM authentication and authorization stuff has to be handled. And accordingly we have to redirect it to specific pages upon successful atn and atz. Hence, I was opted using Custom Login Module.
  However, I have been trying Option 2 now. In web.xml, I have specified a login page with FORM scheme. The login redirects it to another page say OAM_Authentication_Handler.jsp. Here we code which serves atn and atz. Upon doing this, I have observed that the protected resource in OAM is not getting evaluated using the method
  String ms_protocol = "http";
  String ms_method = "GET";
  String ms_resource = "http://localhost:8080/FormLogin/private.jsp";
  ObResourceRequest rrq = new ObResourceRequest(ms_protocol, ms_resource, ms_method);
  The method rrq.isProtected() is returning false which implies it to unprotected. I have tested using Access Tester for the resource and it results in expected behaviour.
  Is there any limitation here by using this approach?
  Any ideas?
  Thanks,
  Mahendra.

• J2EE 6.40 Custom Login Module - how to config

  hello all,
  i am using WAS J2EE 6.40 Sneak Preview edition. Read all i can find about custom login module, in the forum and the online help. still confused. pls help.
  here is the background info:
  - i am writing a web app. the EAR file contains 5 ejbs, 1 war and bunch of java classes in jars.
  - access to my web app is protected through url pattern (in web.xml), i've defined the same named security role in web.xml and on j2ee engine.
  - my login module does the user name and password checking. both are stored in database through some other means.
  - login is FORM based
  following the discussion in another thread on the topic, i did the following:
  #1 develop my login module code. packaged it in a jar, then sda file. deploy the sda as a llibrary to the engine.
  #2 add my login module to the security store through the security provider service.
  #3 configure my web app to use the custom login module in web-j2ee-engine.xml
  #4 deploy my web app through the ear file
  at this point, in the visual administrator, i can see the library, the custom login module (added to the UME User Store), and also my web app has authentication set to use the custom login module (under policy configurations tab).
  now i try to login to my web app. it correctly complains when i enter non-existent user or wrong password and brings me to the login failed jsp page. but when i enter both correctly (as stored in my database), i get http 403 error code. i know it is 403 because i set that error code to a special jsp page in web.xml.
  question is why? now i create a user on the j2ee engine with the same name as in my user database. then i can login ok. i am confident that my login module is called since i see the println lines in j2ee engine server logs.
  ??? so i must be missing something obvious. is it because my web app is protected through security-role? i even tried removing all such roles, but still same problem.
  ??? or do i completely mis-understand how custom login modules are supposed to work. i thought it means i can authenticate users any way i want without having to use the j2ee engine's user mgmt. pls tell me if i am totally wrong.
  ??? or maybe my login module code is missing some key stmts. how should it tell the j2ee engine that a user is authenticated? in the login() method, it returns true if user name/passwd match. in the commit() method, it adds the principal to the subject. i don't what else is required.
  does anyone have a working scenario using custom login modules?
  thanks very much for your inputs and thoughts.
  wentao

  Hi Astrid,
  I guess I have the same understanding of JAAS as you. I want to deploy an application that internally makes use of JAAS to authenticate users. There is a LoginModule that authenticates users against some database tables containing all the user data and profile. The application was not designed to be deployed to NetWeaver. So it does not make use of UME or some other NetWeaver specific feature. Actually it handles user management and authoroization issues completely on its own. The only reason for having JAAS is to allow customers to plug in their own LoginModule to use some other kind of user store.
  When deploying the web application to a simple servlet engine like Tomcat, all I have to do is to register my LoginModule in the "jaas.conf" file that is parsed by JAAS default implementation. I also tell the JVM where my jaas.conf file is located by appending a "-Djava..." runtime parameter to the JVM startup script.
  When using other application servers like IBM WebSphere things become a bit different. Normally you use the administration GUI of that server to configure your LoginModules. WebSphere for example keeps the login configuration in an internal database rather than writing everything into a "jaas.conf" text file. But the way the application can use the LoginModule is the same as in Tomcat.
  But when it comes to Netweaver, it seems to me that it's not possible to define a LoginModule that your application can use WITHOUT having to couple it tightly to UME. Or did I get something wrong? Initially I've tried to modify the JVM's parameters (using SAP J2EE Config Tool) to include the location of my "jaas.conf" file containing the my login configuration. But that did not work. The parameter was really passed to the JVM but anyway my LoginModule was not found, I guess that NetWeaver has some own implementation of the JAAS interfaces that just ignore the plain text JAAS configuration files (like WebSphere also does).
  The documentation that I have downloaded from SDN doesn't seem to match the 6.4 sneak preview version that I just downloaded some days ago. They say you should deploy your LoginModule as a library and add a refernce to the application. I tried that out but it did not help. The login configuration that the application wants to access is still not found. Actually there seems to be no way to specify the name for a JAAS Login Configuration in NetWeaver. At least I cound not find that in the documentation.
  So basically my question is: is it possible to deploy an application that wants to use some own LoginModule (either deployed separately or together with the application, that does not matter) without making use of Netweaver specific features like UME? The application has its own user management infrastructure and just needs a way to setup a JAAS Login Configuration to access its own LoginModule.
  Thanks in advance
  Henning

• Deploying a custom login module to the J2EE engine

  I have developed a custom login module, and want to deploy it to the SAP j2ee engine. How should I go about this ? I tried packaging it as a jar and then using the deploytool, went into user management to register the module, but when the module was invoked I got an error in the log saying "Cannot load a login module".
  The way I currently deploy it is packaged with the Example Calculator, and this works. I just add my 2 java files into the web module (in com.sap.examples.calculator.beans) and it gets packaged in the war file.
  Can anyone help with the "proper" way of deploying my module ?
  Thanks in advance

  Hi Brad,
  >
  > What I'm actually trying to do is NOT deploy my
  > custom login module with an application. But rather
  > deploy the jar file as a library to the J2EE engine,
  > so that any application can use it by configuring it
  > in their login stacks. I'm still not totally clear
  > whether this is possible or not.
  Once again - It is possible to deploy the login module as a library to the J2EE Engine; furthermore, this is the PREFERRED way to use login modules!
  >
  > What I have currently done:
  >
  > 1. developed custom login module packaged as a jar in
  > NW studio (2 class files)
  >
  > 2. Using deploytool I deploy the jar as a library to
  > the j2ee engine. This works and the library shows up
  > under the libraries section.
  >
  > 3. Register the login module in the user
  > management->manage security stores section. I'm
  > unsure if this works properly. Do I just provide the
  > full path to the required class ? For example
  > "com.example.myloginmodule.LoginModule"
  > I have a suspicion that my error of "cannot load a
  > login module" stems from here.
  >
  > 4. I have then followed your step and added a
  > reference to the libray (Hard reference) and this
  > seems ok.
  >
  Sorry, Brad, I've made a mistake here. You need to set a reference from the Security Provider Service to the library that contains the login module (not from the application). To do that at runtime, you'll have to use the Configuration Adapter service on the J2EE Engine. For a description of the procedure, see this page in the documentation: http://help.sap.com/saphelp_nw04/helpdata/en/dd/1e3a3e5069eb6ce10000000a114084/frameset.htm
  You need to provide additional entry of the following type in the security-provider.xml file:
  <reference type="library" strength="weak">
          Your-library-name-here
        </reference>
  Regards,
  Ivo.
  Message was edited by: Ivaylo Ivanov

• Custom login module Authentication works but Authorization Does not work

  Hi:
  I am using custom login module and switched on the ADF authentication using adf-config.xml file. My custom authentication works i.e. it returns true but when it finally tries to display the page 401 Unauthorized message is shown. I am using JDev 10.1.3.2.
  Is there any other settings I need to perform. Could you please let me know.
  Thanks

  I have the same issue, please refer to this thread.
  Re: ADF Security Authorization

• Custom Login Module Called by WebLogic

  I have managed to write and deploy a custom login module that works just fine with
  other app servers (except WebLogic). I am using WebLogic 6.1 with sp2. When WebLogic
  starts up, it seems to be calling my custom login module with a user of "system".
  I then get the following exception:
  Authentication Failed: Unexpected Exception, weblogic.security.acl.DefaultUserInfoImpl
  java.lang.ClassCastException: weblogic.security.acl.DefaultUserInfoImpl
  <<no stack trace available>>
  I have updated the Server.policy file to only point to my custom login module, WebLogic's
  system path points to the JAR with my login module and I can see the module get called.
  Any advice as to what WebLogic is doing here. This behavior does not seem to be
  compliant with the JAAS spec. Here is a snippet of my login method:
  public boolean login() throws LoginException {
  if (callbackHandler == null)
  throw new LoginException("Error: blah blah");
  Callback[] callbacks = new Callback[2];
  callbacks[0] = new NameCallback(USER);
  callbacks[1] = new PasswordCallback(PWD, false);
  try {
  callbackHandler.handle(callbacks);
  username = ((NameCallback)callbacks[USERCALLBACK]).getName();
  char[] tmpPassword = ((PasswordCallback)callbacks[PWDCALLBACK]).getPassword();
  if (tmpPassword == null) {
  tmpPassword = new char[0];
  password = new String(tmpPassword);
  Environment env = new Environment();
  env.setProviderUrl(url);
  env.setSecurityPrincipal(username);
  env.setSecurityCredentials(password);
  Authenticate.authenticate(env, subject);
  return verifyCredentials();
  } catch (java.io.IOException ioe) {
  throw new LoginException(ioe.toString());
  } catch (UnsupportedCallbackException uce) {
  throw new LoginException("Error: " + uce.getCallback().toString()
  + " not available");

  Weblogic 6.x does not support replaceable server side login modules and only
  supports login modules on the client.
  <[email protected]> wrote in message
  news:3cf36c98$[email protected]..
  >
  I have managed to write and deploy a custom login module that works justfine with
  other app servers (except WebLogic). I am using WebLogic 6.1 with sp2.When WebLogic
  starts up, it seems to be calling my custom login module with a user of"system".
  I then get the following exception:
  Authentication Failed: Unexpected Exception,weblogic.security.acl.DefaultUserInfoImpl
  java.lang.ClassCastException: weblogic.security.acl.DefaultUserInfoImpl
  <<no stack trace available>>
  I have updated the Server.policy file to only point to my custom loginmodule, WebLogic's
  system path points to the JAR with my login module and I can see themodule get called.
  Any advice as to what WebLogic is doing here. This behavior does notseem to be
  compliant with the JAAS spec. Here is a snippet of my login method:
  public boolean login() throws LoginException {
  if (callbackHandler == null)
  throw new LoginException("Error: blah blah");
  Callback[] callbacks = new Callback[2];
  callbacks[0] = new NameCallback(USER);
  callbacks[1] = new PasswordCallback(PWD, false);
  try {
  callbackHandler.handle(callbacks);
  username = ((NameCallback)callbacks[USERCALLBACK]).getName();
  char[] tmpPassword =((PasswordCallback)callbacks[PWDCALLBACK]).getPassword();
  >
  if (tmpPassword == null) {
  tmpPassword = new char[0];
  password = new String(tmpPassword);
  Environment env = new Environment();
  env.setProviderUrl(url);
  env.setSecurityPrincipal(username);
  env.setSecurityCredentials(password);
  Authenticate.authenticate(env, subject);
  return verifyCredentials();
  } catch (java.io.IOException ioe) {
  throw new LoginException(ioe.toString());
  } catch (UnsupportedCallbackException uce) {
  throw new LoginException("Error: " +uce.getCallback().toString()
  + " not available");

• Custom login-module stopped working

  Hello,
  I am using custom login module ( oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule ).
  Everything is working after deployment.
  Occasionally it becomes non working after restarting of application or container and
  I get errors like "Use anonymous is not allowed ..... etc. etc.".
  It is clear that after login module became non-working, OC4J set default username
  for non authenticated user ( anonymous ).
  How to find the problem of misworking login module ?
  Thanks

  Hello,
  I am using custom login module ( oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule ).
  Everything is working after deployment.
  Occasionally it becomes non working after restarting of application or container and
  I get errors like "Use anonymous is not allowed ..... etc. etc.".
  It is clear that after login module became non-working, OC4J set default username
  for non authenticated user ( anonymous ).
  How to find the problem of misworking login module ?
  Thanks

• Help with custom login module

  i've been following franks' tutorial on how to use a custom login module. but no matter what i do, i cant get the jsp to authenticate my valid database account.
  jazn-data.xml file
  <!-- JAZN Realm Data -->
  <name>scott</name>
  <credentials>!tiger</credentials>
  <jazn-loginconfig>
  <application>
  <name>foo</name>
  <login-modules>
  <login-module>
  <class>oracle.sample.dbloginmodule.DBTableLM.DBSystemLoginModule</class>
  <control-flag>required</control-flag>
  <options>
  <option>
  <name>debug</name>
  <value>true</value>
  </option>
  <option>
  <name>jdbcUrl</name>
  <value>jdbc:oracle:thin:@localhost:1521:orcl</value>
  </option>
  <option>
  <name>log_level</name>
  <value>ALL</value>
  </option>
  </options>
  </login-module>
  </login-modules>
  </application>
  </jazn-loginconfig>
  </jazn-data>
  orion-application.xml
  <jazn provider="XML" location="jazn-data.xml"      
  default-realm="jazn.com">
  <property name="role.mapping.dynamic" value="true"/>
  <property name="jaas.username.simple" value ="true" />
  </jazn>
  is there anything wrong with the settings?I've followed the tutorial to the last step. yet i cant get anything. Please help!

  Sorry about the incomplete previous post:
  I am trying to do the authentication using a customized login module in a stand alone OC4J server. I put some debug statements and found out that the authentication works but fails to authorize. I get the following error:
  NOTIFICATION J2EE RMI-00005 Login permission not granted for myApp (testUser)
  The only way I have been able to get this to work is to add the user 'testUser' in system-jazn-data.xml and specify that 'testUser' has the role 'USERS'. It's not practically possible to specify all the users in system-jazn-data.xml. Is there a workaround this? I have pasted below snippets of orion-application.xml and system-jazn-data.xml. Any help is greatly appreciated. Thanks in advance
  I have specified the following in orion-application.xml
  <namespace-access>
  <read-access>
  <namespace-resource root="">
  <security-role-mapping>
  <group name="USERS"/>
  </security-role-mapping>
  </namespace-resource>
  </read-access>
  <write-access>
  <namespace-resource root="">
  <security-role-mapping>
  <group name="USERS"/>
  </security-role-mapping>
  </namespace-resource>
  </write-access>
  </namespace-access>
  </orion-application>
  In system-jazn-data.xml I have given permission for the role 'USERS' to login.
  <grant>
  <grantee>
  <principals>
  <principal>
  <realm-name>jazn.com</realm-name>
  <type>role</type>
  <class>oracle.security.jazn.spi.xml.XMLRealmRole</class>
  <name>jazn.com/USERS</name>
  </principal>
  </principals>
  </grantee>
  <permissions>
  <permission>
  <class>com.evermind.server.rmi.RMIPermission</class>
  <name>login</name>
  </permission>
  </permissions>
  </grant>

• Custom login module and SSO using 10.1.3.3

  We are using ADF 10.1.3.3 to build applications and recently a requirement from a customer was to use LDAP for authentication but use internal application tables for authorisation. So essentially the username and password will be in LDAP but all the roles definition are in the application. This is because the LDAP directory has tight controls on contents and is used enterprise wide.
  I created a proof of concept to address this requirement using the examples at
  http://www.oracle.com/technology/products/jdev/howtos/10g/jaassec/index.htm
  and also
  http://technology.amis.nl/blog/1462/create-a-webapplication-secured-with-custom-jaas-database-loginmodule-deploy-on-jdeveloper-1013-embedded-oc4j-stand-alone-oc4j-and-opmn-managed-oc4j-10g-as
  specifically using DBProcLoginModule to call a database package.
  The PL/SQL package I created used DBMS_LDAP to call an LDAP directory with the username and password to check authentication and then used internal application tables to get the authorisation details required.
  All this worked very well. I tested on both the embedded OC4J and also standalone OC4J.
  Then one of my peers said will this work with SSO? Specifically we use Oracle OID as we have SSO for Forms and Reports.
  My experience with SSO has been with Oracle OID and having all the user and role details stored within OID.
  So my issue now is can I integrate the custom login module approach I have used with SSO? My knowledge of SSO and OID is limited so I'm not sure how (or if) it would interact with a custom login module. Are the two mutually exclusive?
  Any guidance is appreciated.
  Regards,
  Adrian

  Hi,
  this question should be posted to the Oracle Application Server forum or the security forum. However, based on my findings and experience in this area, I don't think that SSO is integrated with custom LoginModules since the integration would need to be coded in the LoginModule.
  Frank