How to capture LoginException throwed by Customized JAAS LoginModule?

Similar Messages

• How to capture user input for customer exit processing?

  I need to calculate the number of working days elapsed in the current fiscal quarter BASED on the USER INPUT on the reporting front.  i.e., say the fiscal quarter started on 1 July 2005 and if the user enters 10 July 2005, I should get the value 8 (Assume that Monday through Friday are all workdays).  If the user enters 12 July 2005, I should get 10.  I have written customer exits and know how to use factory calendar, but <b>THE CHALLENGE</b> is how do I <b>CAPTURE</b> the user input and use it in my exit?  During the varible definition, if I select the check box "Ready for input" then the customer exit is not being processed and unless I check that box I can't get a user entry!  If I look at the import values in the customer exit, I see i_t_var_range with type rrs0_t_var_range.  My strong feeling is that this parameter gets the user input, but I am unable to use it as the customer exit is not being called if I make the user to input the data.  Based on the empirical evidence, I felt that user input and customer exit can not co-exist!!  Please somebody prove me wrong and let me know how can I use the user input to process my "customer-exit" variable.  I would really appreciate any input from the BW community here.

  Hi Sameer,
  Most likely, I'm missing something, but I think that the answer is very simple.
  CASE I_VNAM.
  WHEN 'YOUR_CUSTOMER_EXIT_VAR'.
  IF I_STEP = 2. “ After selecting of input variable
  LOOP AT I_T_VAR_RANGE INTO LOC_VAR_RANGE
  WHERE VNAM = 'USER_INPUT_VAR'.
  CLEAR L_S_RANGE.
  L_S_RANGE-LOW = LOC_VAR_RANGE-LOW(4).
  APPEND L_S_RANGE TO E_T_RANGE.
  ENDLOOP.
  ENDIF.
  ENDCASE.
  In this typical user exit coding you have a user entered value in LOC_VAR_RANGE (originally in I_T_VAR_RANGE) and you construct your user exit variable value in E_T_RANGE.
  Best regards,
  Eugene
  Message was edited by: Eugene Khusainov

• Expired Password Custom JAAS LoginModule

  Hello,
  We need to be able to determine how long till a user's password expires.  We are authenticating with ldap / Microsoft AD.  We have attempted to create a jaas login module which causes the login to to be forwarded to the changePasswordPage.jsp unsuccessfully.  How can we implement so that if the password is expired the changePassword.jsp is shown?  Do we need to write the LoginComponent from scratch or is there another way?
  Thanks in Advance

  Hi Matthew,
  Did you solve the problem when the users password expires? We're experiencing the same problem!
  Thanks,
  Joachim

• Use custom JAAS LoginModule without UME - possible?

  Hi all,
  I want to deploy an application that internally makes use of JAAS to authenticate users. There is a LoginModule that authenticates users against some database tables containing all the user data and profile. The application was not designed to be deployed to NetWeaver. So it does not make use of UME or some other NetWeaver specific feature. Actually it handles user management and authoroization issues completely on its own. The only reason for having JAAS is to allow customers to plug in their own LoginModule to use some other kind of user store.
  When deploying the web application to a simple servlet engine like Tomcat, all I have to do is to register my LoginModule in the "jaas.conf" file that is parsed by JAAS default implementation. I also tell the JVM where my jaas.conf file is located by appending a "-Djava..." runtime parameter to the JVM startup script.
  When using other application servers like IBM WebSphere things become a bit different. Normally you use the administration GUI of that server to configure your LoginModules. WebSphere for example keeps the login configuration in an internal database rather than writing everything into a "jaas.conf" text file. But the way the application can use the LoginModule is the same as in Tomcat.
  But when it comes to Netweaver, it seems to me that it's not possible to define a LoginModule that your application can use WITHOUT having to couple it tightly to UME. Or did I get something wrong? Initially I've tried to modify the JVM's parameters (using SAP J2EE Config Tool) to include the location of my "jaas.conf" file containing the my login configuration. But that did not work. The parameter was really passed to the JVM but anyway my LoginModule was not found, I guess that NetWeaver has some own implementation of the JAAS interfaces that just ignore the plain text JAAS configuration files (like WebSphere also does).
  The documentation that I have downloaded from SDN doesn't seem to match the 6.4 sneak preview version that I just downloaded some days ago. They say you should deploy your LoginModule as a library and add a refernce to the application. I tried that out but it did not help. The login configuration that the application wants to access is still not found. Actually there seems to be no way to specify the name for a JAAS Login Configuration in NetWeaver. At least I cound not find that in the documentation.
  So basically my question is: is it possible to deploy an application that wants to use some own LoginModule (either deployed separately or together with the application, that does not matter) without making use of Netweaver specific features like UME? The application has its own user management infrastructure and just needs a way to setup a JAAS Login Configuration to access its own LoginModule.
  Thanks for any reply
  Henning

  http://help.sap.com/saphelp_nw04s/helpdata/en/3f/1be040e136742ae10000000a155106/content.htm

• JAAS LoginModule - how do I get path, port, resource accessed, etc

  Hi,
  I checked everywhere including the forums, but could not get any info on this. I'm writing a custom JAAS LoginModule for the WebAS 6.40 server. I'm trying to figure out how to get the following out of the request from within login() or initialize() or any other method:
  1. Name of the webserver (i.e. the WebAS server being accessed like www.mycompany.com)
  2. Resource (e.g. /QuickCarRental)
  3. Port through which the request comes in (e.g. 50000)
  The URL being accessed in the above case is http://www.mycompany.com:50000/QuickCarRental
  Appreciate your help, and points will be awarded. Have a nice day
  R Abraham

  This is only available for NetWeaver Portal, not NetWeaver Application Server(WebAS). host and port can be obtained using the following code:
                 Callback[] callbacks = new Callback[3];
                 callbacks[0] = new NameCallback("UserId: ");
                 callbacks[1] = new PasswordCallback("Password: ", false);
                 // get host name and port
                 HttpGetterCallback getterCallback = new HttpGetterCallback();
                 getterCallback.setType(HttpCallback.HEADER);
                 getterCallback.setName("Host");
                 callbacks[2] = getterCallback;
                 try {
                      callbackHandler.handle(callbacks);
                 } catch (Exception ex) {
                      throw new LoginException(ex + "");
                 Object retValue = ((HttpGetterCallback)callbacks[2]).getValue(); //get host
  host and port will be returned in the following format SERVER.COMPANY.COM:50000
  Currently WebAS is not able to return the resource as per SAP development.

• JAAS LoginModule - how do I get the "JSessionId"

  Hi,
  is there any possibility to get the JSessionId from a custom JAAS LoginModule for the WebAS 6.40 Server.
  My first attempt was to read the JSESSIONID-Cookie from the Http-Request via the HttpGetterCallback-Class.
  ((HttpGetterCallback) callbacks[1]).setType(HttpCallback.COOKIE);
  ((HttpGetterCallback) callbacks[1]).setName("JSESSIONID");
  It worked well, till I noticed that sometimes the JSessionId-Cookie doesn't exist.
  The reason is, that the JSession-Cookie was set after the http-request has passed my login-modul.
  So, if I got a cookie-value, it sometimes was the JSessionID from an earlier session.
  So, my question:
  Is there any other posibility to get the JSessionId?
  If there is a way to get the ServletRequest-instance,  I could reach the SessionId via "HttpServletRequest.getSession()".
  Any idea? Any hints?
  Regards
  Steffen Spahr

  This is only available for NetWeaver Portal, not NetWeaver Application Server(WebAS). host and port can be obtained using the following code:
                 Callback[] callbacks = new Callback[3];
                 callbacks[0] = new NameCallback("UserId: ");
                 callbacks[1] = new PasswordCallback("Password: ", false);
                 // get host name and port
                 HttpGetterCallback getterCallback = new HttpGetterCallback();
                 getterCallback.setType(HttpCallback.HEADER);
                 getterCallback.setName("Host");
                 callbacks[2] = getterCallback;
                 try {
                      callbackHandler.handle(callbacks);
                 } catch (Exception ex) {
                      throw new LoginException(ex + "");
                 Object retValue = ((HttpGetterCallback)callbacks[2]).getValue(); //get host
  host and port will be returned in the following format SERVER.COMPANY.COM:50000
  Currently WebAS is not able to return the resource as per SAP development.

• JAAS LoginModule sample

  Is there a sample on how to develop a custom JAAS LoginModule that uses Identity Server?

  I also want the similar sample, If some has worked with it then please help us ...
  Thanx
  Yasir Khan

• JAAS LoginModule for SunOne Directory Server?

  I have a customer who is using SunOne Directory Server for LDAP.
  I have test code that uses the JAAS's com.sun.security.auth.module.JndiLoginModule to do authentication against an OpenLDAP test server.
  The test code won't work at the customer site because they need to use a special userid/pw along with the subject userid/pw in order to do an authentication. I assume this is LDAP v3 stuff, but the customer is unsure. Unfortunately I have no direct access to the customer's LDAP admin folk. Typical bureaucracy stuff.
  The customer was able to write java code that authenticates to his LDAP server using example code from http://java.sun.com/products/jndi/tutorial/ldap/security/ldap.html which uses the JNDI API and specifies the access userid/pw using Context.SECURITY_PRINCIPAL and Context.SECURITY_CREDENTIALS.
  So thats great, however my application uses JAAS, and therfore only indirectly uses JNDI. The JndiLoginModule provided by JAAS does not appear to support the Context.SECURITY_PRINCIPAL and Context.SECURITY_CREDENTIALS parameters.
  A custom JAAS LoginModule could be written which interfaces to the JNDI LDAP stuff, however considering that JAAS and the SunOne Directory server are both Sun products, I thought perhaps SunOne Directory comes with a JAAS compatible LoginModule that my customer does not know about? I've looked at online docs, but haven't found any such thing yet.

  Hey dav,
  Sorry that I am not posting to give you a solution - it is more to ask for some guidance.
  I am implementing a client-server arch system which has a lot of 'privileged' actions to be managed. I have thus succesfully integrated the basics of JAAS in to the system... but I am now desparately looking for away to have client-side policies distributed at runtime from the server.
  I do not want to get involved with any web/application server stuff more than I need to; unfortunately one of the system requirements is for client-server comms to be facilitated by SOAP over HTTP, and thus probably JAX-RPC - but it is no problem. I have a developed a database backed Policy and (JAAS) Config which constitute parts of the server component. Now it is just a case of getting the policy to the client at client start-up and subsequently the configuration forJAAS authentication. The aim is that this data will be transfered once during login, and anytime that the the policy is requested to be refreshed.
  Since reading you post, I'm wondering what services LDAP or JNDI can offer me?
  Also, is JNDI an appropriate option for data persistence? is it better to go with JDO or some other object store abstraction.
  Kind regards,
  Darren B

• Accessing Tomcat 4.03 JNDI service from JAAS LoginModule

  Hi!
  I have following problem:
  I have custom JAAS LoginModule that uses JNDI to lookup DataSource object.
  My LoginModule and LoginConfiguration implementation classes are located
  in Tomcat's classpath.
  I tried first to put JAAS related classes under [TOMCAT-HOME]/common/lib,
  but that caused exception:"Unable to load LoginConfiguration".
  It looks like Java's core classes have no access/visibility to classes under Tomcat.
  I'm using JAAS authentication directly from a servlet, so I'm using no
  Tomcat specific realms in authentication.
  Servlet just calls:
       LoginContext lc = new LoginContext( jaasApplName,
  customUserPasswordCallbackHandler );
       lc.login( );
  Everything works fine until LoginModule tries to lookup datasource
  after obtaining InitialContext with
            InitialContext initCtx = new InitialContext( );
            DataSource ds = (javax.sql.DataSource) initCtx.lookup(
  dataSourceName );
  I got exception with message : "Name MIPCoreDS is not bound in this
  context.".
  MIPCoreDS is configured in Tomcats configuration file server.xml under
  <GlobalNamingResources> tag.
  Should this be visible for JAAS Login module or not?
  When servlet's make same lookup under Tomcat, datasource is found fine.
  It seems that loginModules have no visibility to JNDI objects configured
  under Tomcat.
  Is this right?
  Is it possible any way to put JAAS working with Tomcat 4.0.3, so
  that LoginModules can access JNDI objects bound to Tomcat's JNDI service?
  Is it possible to call Tomcat's JNDI service outside Tomcat?
  Any help is appreciated.
  Best Regards,
  Aki

  Using JAAS in Servlets is messy - I found a working example at
  http://www.loadedanswers.com
  go to the Documents section and the eg is there.
  Have fun :)

• Custom JAAS Module - How to use in certification test?

  Hello,
  I just read the document about certification for custom JAAS modules ("BC-AUTH-SAML Test Plan"). What I don't understand is how our custom login module can get the custom information it needs (like a certain request parameter).
  First, what we would like to do is to create a JAAS module which examines proprietary login tickets created by our reverse proxy / authentication server. The example code shows how to retrieve HTTP parameter and headers using the callback methods, so that part is all fine and clear to me.
  But for the certification test, the description says that in order to execute the test, the browser must be opened with a certain URL (Test 1, GET w/o password change). That action alone must lead to a valid authentication. However, in your real-world setup, the reverse proxy - sitting between the browser client and the SAP system - would insert a custom HTTP header with the login ticket. Obviously, in the test setup as dictated by the certification document, we don't have our reverse proxy, so my question basically is:
  How can I add custom HTTP headers or parameters while running the certification test?

  I'd gladly send you something by mail. Two other details first:
  - My name is actually not Remo, but Marcel Schoen. I'm just using a company account for this forum. My address is marcel.schoen<at>united-security-providers.ch
  - I'm swiss. Do you speak german? Your name sounds german. Falls ja koennen wir das auch auf Deutsch weiter besprechen.
  In short, our product is a Web Application Firewall; a reverse proxy for protecting and integrating web applications. Some of the functionality also allows to implement single-sign-on over existing legacy applications with different user bases. And now we're looking into ways to integrate SAP application servers as well (right now, the JAAS module and SAML are the two most likely approaches).

• How to deploy and configure custom JAAS login module

  Dear Experts,
  I have created a custom jaas login module, In my .jar I am having
  1. MyLoginModule.class
  2. Handler.class
  3. MyPrincipal.class
  I want to know how to deploy the custom jaas module to oc4j. And make available to all
  other application to use the same for authentication & authorization. Please suggest me.
  Thanks,
  Rajesh A

  This article does not mention that you can put the <jazn-loginconfig> tag into the orion-application.xml as well.
  Much easier to deploy and test.
  --olaf                                                                                                                                                                                                                                                                                                                       

• How to capture Exception error message in Odata ?

  Hi,
    I am new to sap gateway. Currently i am creating a Odata Service through the transaction SEGW. In the query i have mapped a RFC. When i execute the service sometimes the RFC throws exception like 'No data Found'. But i dont know how to capture the exception returned from the RFC.
  I read some threads which says use
  RAISE EXCEPTION TYPE /IWBEP/CX_MGW_BUSI_EXCEPTION
        EXPORTING
          textid            = /iwbep/cx_mgw_busi_exception=>business_error
          message       =  lv_text
          message_container = io_message_container.
  My doubt is since i have not done any code in the DPC method. As said in many threads should i go to DPC_EXT method and redefine the method or how to capture the exception.
  Kindly advise. Thanks in advance

  Hello Velsankar,
  You need not to capture the error messages explicitly by writing custom code in you DPC_EXT if you are using service builder when the return error message table is of type BAPIRET2.
  GW itself will handle and return the error messages.
  If at all the return error message table is of different type , i mean to say if it is not of type BAPIRET2 then you need to capture explicitly.
  The below is the code you need to write in DPC_EXT to capture.
  DATA: LO_MECO TYPE REF TO /IWBEP/IF_MESSAGE_CONTAINER.
  DATA: LX_BUSI_EXC TYPE REF TO /IWBEP/CX_MGW_BUSI_EXCEPTION.
          LO_MECO = MO_CONTEXT->GET_MESSAGE_CONTAINER( ).
           LO_MECO->ADD_MESSAGES_FROM_BAPI( IT_BAPI_MESSAGES = LT_ERR_RET_TAB ).
           CREATE OBJECT LX_BUSI_EXC
             EXPORTING
               MESSAGE_CONTAINER = LO_MECO.
           RAISE EXCEPTION LX_BUSI_EXC.
  Note : where LT_ERR_RET_TAB is your internal table where you would have captured all the error messages.
  That is it. You will be able to see the messages .
  Regards,
  Ashwin

• To Capture Excise Duties for Customer Material

  Dear All,
  Issue is regarding to capture excise invoice
  for Customer Material.
  1.
  one of our client receives Customer material which
  should not be reflected in
  stock.
  2. Excise should be captured which
  receiving
  3. Now
  when this Customer material is returned back to
  customer along with
  the assembly (i.e. the material received from
  customer is fixed
  in Assembly and sent back to
  customer),
  4. Now
  the excise
  captured should be transfered back to customer's A/c.
  I tried
  doing by creating a material type as customer material, where in
  Stock will be reflected but value will not be reflected, where exactly
  we
  can capture the excise details for this scenario.
  How
  to
  proceed further to complete his scenario.
  Consider this
  issue
  to be on high priority &  i/p will be of great help.

  Dear Vijayashree
  From your comments what I understood is that for a particular FERT, you are procuring one component from the buyer, assembling it and invoicing to the same customer.
  If this is the scenario, I dont know how you can invoice without maintaining BOM for that.
  If the client don’t want to maintain BOM for the same, the only option is as follows to my knowledge.
  Whenever the client receives the component, take credit of the duty amount by updating <b>J1IH</b>. While doing PGI, since you have not maintained this component in BOM, stock will <i>ONLY</i> reduce for other components.  So no-where, your client can track the customer’s component.
  Parallelly, apart from selling price, to the extent of excise duty value, one more condition (say ABCD,  to be maintained.  So in your pricing procedure, the assessable value should be PR00 + ABCD for which, the excise duty should be captured so that the client can recover the duty amount from customer.
  Finally, for this practice, the client should maintain datas (how many procured and how many invoiced) manually to convince the government officials but then, I am not sure, how far this will be accepted by the officials.
  Thanks
  G. Lakshmipathi

• How to capture tax

  Dear all
  While procuring material from lacal vendor( who is importing for example SEIMENS),
  How to capture all taxes BED14%,EC2%,SEC1% and ADDL DUTY 4%,
  Because, for local vendor we are using LOCAL PRICING PROCUDURE in which there is no 4% ADDL DUTY as in case of IMPORT PO PRICING PROCEDURE
  Problem is
  After procuring from above vendor, we need to sell this material to our customer through DEPO SALES( In which we are passing CENVAT benifit ). Our customer is asking that 4% addl duty also along with 1421%
  How to capture this 4% addl duty paid by us to our vendor to pass on the same benifit to our customer
  Please guide me the scenario

  Dear
  Vendor is local.We are using LOCAL PRICING PROCEDURE(IN WHICH THERE IS NO ADDL DUTY COND TYPE)
  The problem is we need to capture the 4% addl duty paid by our vendor while importing
  Purpose is passing over this benifit to our customer through DEPO SALES PROCESS
  Question is how to capture condition type ( 4% addl duty) in our LOCAL PRICING PROCEDURE. SO that we can pass on to our customer

• How to capture the row  value in Advanced Table on OAF ?

  Hi:
  I was wondering, if anyone has any idea as to how to capture a row value on an advanced table on a OAF Page.
  I am currently trying to capture the Expense Report Number ( first column) on the Track Expenses Reports table on the page /oracle/apps/ap/oie/webui/HomePG.
  Any idea would be helpful ?
  Thank You

  Hi,
  856070 wrote:
  This is what I am looking for :
  Default Functionality
  On the expenses home page there is a table for the Submitted expenses Table ( advanced table) with multiple Expense Number rows , which has a link associated with every expense number. When the user clicks the expense number link , EBS takes you to a more detail information page. ---As per default functionality :::whene ever user clicks on link it will takes u to details info page based expense no right.
  ---Check the property of the Destination URL of the ExpensionNumber column.
  ---In this property u can find the page path and paramam ex:pexpencenumber.
  Customized functionality
  I would like to capture the Expense number on the detailed page to call another application based on the expense number. The expense number on the
  detailed page is not available on the request-parameter or on the VO.
  I was thinking of capturing the ExpenseNumber when the user clicks it and save the expense number on a >transientvalue to retrieve it on the detaile dpage..but unable to do so.---Here get the paramereter pexpencenumber and pass it to another appilcation.
  Regards
  Meher Irk