How to propagate User Role/Identity between containers? Servlet --- WS
Hello!
After a few days of code writing and extensive research on the web I am completely stopped and do not know where to move further...
I have two containers: web and EJB. Thne I created two users at GlassFish AS (SUN Application Server) in file realm: admin and user.
URL request to servlet asks for name and password. In the web container I get proper roles (matched to login name) when I ask:
SessionContext ctx.getCallerPrincipal().getName
admin or user, depending on what I used for logging in.
From that servlet I call webservice which is resided in an EJB container...
When I check the principal there it is always ANONYMOUS.
The web service is called over plain http, not secured.
If I use similar construction but with only stateless bean (not web service) I get Caller id propagation and I can see in the EJB container that admin or user logged in.
My question is: How can I propagate Caller id with web services from web container to EJB one? I need to use roles that are defined in AS,
I am going to use security annotations at web service side and further. But it does not work, because I all the time get only ANONYMOUS...
I can not switch to EJB bean instead of web service due to requirement to use only http, not RMI.
Please help me advice?
/ Sasha
Hello!
After a few days of code writing and extensive research on the web I am completely stopped and do not know where to move further...
I have two containers: web and EJB. Thne I created two users at GlassFish AS (SUN Application Server) in file realm: admin and user.
URL request to servlet asks for name and password. In the web container I get proper roles (matched to login name) when I ask:
SessionContext ctx.getCallerPrincipal().getName
admin or user, depending on what I used for logging in.
From that servlet I call webservice which is resided in an EJB container...
When I check the principal there it is always ANONYMOUS.
The web service is called over plain http, not secured.
If I use similar construction but with only stateless bean (not web service) I get Caller id propagation and I can see in the EJB container that admin or user logged in.
My question is: How can I propagate Caller id with web services from web container to EJB one? I need to use roles that are defined in AS,
I am going to use security annotations at web service side and further. But it does not work, because I all the time get only ANONYMOUS...
I can not switch to EJB bean instead of web service due to requirement to use only http, not RMI.
Please help me advice?
/ Sasha
Similar Messages
-
I have 100 groups in planning for those 100 groups i want to build roles like interactive,view user,planner etc.for those how to change in export -import folder .xml file in that edit how to change user roles in that xml it will generate automatic id.how to do that in xml file ?
Thanks john for you are reply.
I had tried what you sad.I open shared service in that foundation project i had export shared service.after that in import-export file.In that role.csv,user.csv,group.csv.Like this file have.When i open user file added some users after i trying save in excel it shown messgse
I click yes and save the .csv file and import from share servie. i got error like this
am i doing right way john.or explain clearly -
BASIS query :how to transport user roles
BASIS query :how to transport user roles
regards
MaveHi Mave,
Pls follow this
Goto PFCG
Enter the role there.
On the application toolbar you can find the button for transport. Click on that and assign this to a transport request
Release and transport to the other system.
Cheers
Vinod -
Easy Question: How to identify user roles within form?
Hi folks,
I would like to display/hide button which calls static data maintenance form (from other form) based on current user roles.
If user has role "STATIC_DATA" granted then DISPLAY button (which calls static data form), else DO NOT DISPLAY it.
Any example, how to get user roles within form?
Thanks,
TomasI can do it with below code:
declare
l_cnt number;
begin
select count(*)
into l_cnt
from user_role_privs
where granted_role = 'STATIC_DATA';
if l_cnt > 0 then
-- display it
else
-- do not display
end if;
end;I think, above should work.
Thanks,
Tomas -
SSO and how to Managing User Roles/Privileges with Forms using Oracle db
We are in the process of implementing Oracle Application Server SSO with our custom Forms application using Oracle database -- all 10.2.0.1.0 version.
In our Forms Applications, we have about a dozen roles we have assigned to various users. We need to identify each user using our Forms because we are using the GLOBAL USER throughout the application.
Questions:
-- Do we have to create users/passwords in both OID and application database?
-- Is there a way to easily manage the user and passwords between SSO and Forms App/database in one place? For example, how does a user change their password once, but actually change it in both the database and SSO?
Any advice and/or direction would be greatly appreciated.
Thank you,
Mika
Edited by: user11846198 on Sep 1, 2009 1:41 PM
Edited by: user11846198 on Sep 1, 2009 1:53 PMYes, you can have global roles in the DB and assign this roles to specific OID users, and the will heritage the privilages, you can do this using Oracle Identity Management Web Tool http://hostname:7777/oiddas is not complicated.
Greetings. -
I am ready to deploy the form, but I want to define user roles. How do I do that?
You can't defines roles for the fillers. You can however define roles for the form design, responses data and summary reports by sharing the form. For more information see http://forums.adobe.com/docs/DOC-2462.
Gen -
How check the user roles in Business Partner edition screen?
Hello Masters,
I'm having a little problem figuring out how to check the user roles to allow modification in some fields.
At the 'Manage Organizational Data' screen ('Manage Business Partners' -> Business Partner Data -> edit). I need to check the user roles to let him change the 'Tax Numbers' values. The values can be changed only if the user is a administrator; otherwise it must only show the value.
I checked the HTML Template and found where I can restrict this edition option, but the problem is that I don't know how to check the user roles here. Maybe there is a function to do this?
Any ideas of how I can do it? Is there any magical BAdI to check this?
Thanks in advance,
José OmarHi José Omar,
there is no BADI for this...
You have to change the standard code to display only tax data if the SY-UNAME does not have correct role.
You can retrieve user roles with BAPI_USER_GET_DETAIL, or access directly the activity groups table.
Rgds
Christophe -
¿How to use user-roles in Ironport WSA (7.6) using ACS 4.1?
Hello,
I want to give a client access to a S370 WSA quarantine and I am using an ACS 4.1 for external authentication; that would be used for administrators and for the client access (non-administration access).
I have created a user-role in the WSA that has access to the quarantine I want, but I need the user to be in the ACS. I created the user in ACS but my question is, what should I configure or change in the ACS in order for the WSA to recognize the user with the specific role I created and not like an administrator role.
Thanks for your help!
SergioHi,
This can be done by configuring the Radius Class attribute on the ACS and mapping it with the user roles on the WSA.
"To map RADIUS users to different Web Security appliance user role types, you assign a role type, such
as Administrator and Operator, to a RADIUS CLASS attribute. Mapping different role types lets you
specify the authorization level for each RADIUS user."
Please go to Page 26-12 of the WSA user guide http://www.cisco.com/c/dam/en/us/td/docs/security/wsa/wsa7-5/user_guide/WSA_7-5-0_UserGuide.pdf for more information under the section "Using External Authentication".
Regards,
Kush -
How to create Users/Roles for ldap in weblogic without using admin console
Is it possible to create Users/Roles for ldap in weblogic without using admin console? if possible what are the files i need to modify in DefaultDomain?
or is there any ant script for creating USers/Roles?
Regards,
Raghu.
Edited by: user9942600 on Jul 2, 2009 1:00 AM
Edited by: user9942600 on Jul 2, 2009 1:58 AMHi..
You can use wlst or jmx to perform all security config etc.. same as if it were perfomred from the admin console..
.e.g. wlst create user
..after connecting to admin server
serverConfig()
cd("/SecurityConfiguration/your_domain_name/Realms/myrealm/AuthenticationProviders/DefaultAuthenticator")
cmo.createUser("userName","Password","UserDesc")
..for adding/configuring a role
cd("/SecurityConfiguration/your_domain_name/Realms/myrealm/RoleMappers/XACMLRoleMapper")
cmo.createRole('','roleName', 'userName')
...see the mbean docs for all the different attributes, operations etc..
..Mark. -
How to check user role/profile
Dear all,
I'm finding function module to get a list of profile/role of user. Would you please suggest me on this?
Btw, if you have any other advise please feel free to let me know.
Thanks in advance.
PeersitI've just found the related threads on this site.
User Profile Details
Re: User Profile Details
User Wise Authorization/profile report needed
User Wise Authorization/profile report needed
Have a good day. -
How can we share setting Header between two servlets-Urgent
Hi ,
I have setting one Header on my 1st servlet and but I need to access same header on my 2nd servlet. Please tell me how can I solve this issues?
Regards,
PattanaikSorry, misread the first time.
As long as you don't write to the body of the response in the first servlet, you should be able to write to the header in the second. So is your problem that both servlets try to write to the body of the response?
Edited by: paulcw on Nov 12, 2007 9:07 PM -
Howto add user role in OID for PORTAL use from wihtin SSO SERVER plugin
Hi all,
Can someone help me with this issue:
I'm developing a custom authentication module for SSO Server. From this plugin I would like to set the roles/groups to which that user belongs, before the redirect to the Portal is done.
I'm adding the user attributes to the OID via the DirContext.modifyAttributes(..) method from within the plugin. However I don't know how to add the roles/group definition to the user entry in the OID so that Oracle Portal can show a personalized desktop when the user logs on.
Hope someone can point me in the right direction.
Many thanks in advance!
Kind regards,
ChrisChris ,
Do you know how to get user role in OID? Did you fix this issue. i have same job in this point.
Thanks -
hi,
How can query user roles and access in whole database? I want to list username, status, rights, and role
thanks
PHi,
The data dictionary view dba_users has one row per user.
The data dictionary view dab_role_privs has one row for every distinct combination of user and role that actually occurs ion your database,
Are you interested in system privileges? See dba_sys_privs.
Are you interested in individual grants, like the privilege to UPDATE a given table, or the privilege to execute a given stored procedure? See dba_tab_privs. (Don't be fooled by the name; it's not just for tables.)
I hope this answers your question.
If not, post some CREATE statements, that create tables, roles, and whatever else you want, and some GRANT statmeents that grant privileges on those objects. Pos the results that you would want to get from those objects and grants. -
Hi all..
Can anyone tell me how to update user roles during runtime or force the
server to refresh them?
ThnxSearch for roles which have SE11 in their menu as a tcode and take you best pick or create your own.
The advice from the other is also good in my opinion (he who changes table fields should also change the program.... )....
Cheers,
Julius -
Pull User Role from identity manager in BPM process
Hi,
How can I pull user name, user role from different identity manager in order to configure hierarchy workflow in BPM process? can any one guide me on that??
Regards,
AmikI'm having the same problem on WebLogic 10.3
Maybe you are looking for
-
Hi Experts, My req, is I have to check billing date with order date/ delivery date while creating the invoice in VF01. For that I have done codig in user exit RV60AFZZ, so it gives error ,but the billing date field get disable. & this invoice no. als
-
Hi Experts, I am new this concept of SSL. I have a ejb sitting in a weblogic. I dont have user based authentication. But only from certain hosts, my ejb should be accessible. I read lot of theoires about certificate, keystore, CA etc. But can any one
-
SAP Material Classification data download
Hi Can any one help me to download the Classification data from SAP for all the materials. REgards Yatin
-
Deleting a column...
...ok this is more of a MySQL question than JDBC/Java but lets hope someone can help. Didnt get any help from MySQL manual. Question: What is the SQL syntax for deleting an existing column from a table? anyone? thanks
-
Please help: recon from people soft
Hi All, I am looking for steps to perfrom real time reconciliation from people soft. Any help would be appreciated. Thanks, Bhavana