How to Re-Authenticate an user to an active session

Hi frns,
Following is my existing flow.
Initially the user logs in with valid usename and password. He will do some transactions in the application. Meanwhile if he is idle for more than 15 minutes, the current session will be lost and then if he wants to continue with the application he will be forcefully sent to the login page to get authenticated once again.Now we have to start the transaction freshly.
Following is my new requirement.
While doing some transaction,If the user is idle for more than 15 mins,one authentication jsp page should be displayed on the current screen asking the user to enter usename and password once aagain. If the authentication is succeeded then he should get back to the same screen previously he is doing transaction and allow the user to continue the transaction.
Here two scenarios should be considered.
1) The Re-Authentication screen should be displayed on the top of the screen in which he is idle for more than 15 mins.
2) If the Re-Authentication succeeds, then user should be allowed to continue the transaction in which he is idle previously.
Please help me in this regard. Very urgent...
Thanks,
Srinivas.

The idea is to seperate the session management from the security management.
We want the user's sessions to last for a long time but there still needs to be an upward limit. So a good limit is four hours. This allows a user to go to a meeting or to lunch and then return and pick up where he left off. So we set the session time on on the server to four hours.
However if there is fifteen minutes of inactivity we want the user to re-authenticate himself. So if the user goes to lunch we don't want some one to be able to access his session. This is different from expiring the session. We don't expire the sesion but we expire the user access to the session.
So we create a security module that handles all user authentication. We creat this module as a Servlet Filter so that all requests have to pass through the module. On initial request we redirect the user to a log in page where he provides his username and password. On authenitcation we create a user object that we store in the session. We also store the date/time that the request was made in a hashmap using the session or session id as the key.
On subsequent requets we can chedk for the existance of this object to see if the user has been authentcated. If the user object exists we retrieve the date/time of the last request and check to see if fifteen minutes has expire between requests. If the time difference is less than fifteen minutes we store the new time in the hasmap. if the time difference is greater that fifteen minutes we redirect the user to a log in page.
There are certain mantainance actions that wlll need to be done:
1: Removing expired session entries from the hashmap using HttpSessionListener.
2: Differenciating a normal request from a re-authorization request
3: Forwarding the user to request resource after re-authorization

Similar Messages

  • How can I authenticate a User In Windows Active Directory?

    I need to authenticate a user in Windows Active Directory, but I found use the code below will return true if the user name and password are both correct and false if one of them is wrong. But when I input a user name which is not exist in Active Driectory with a blank password, it will also return true. What shall I do? Ask every user must input a password withnot blank?
    Please give me some help to solve this problem. Thanks a lot.
    Code:
    private Context ctx = null;
    Hashtable env = new Hashtable ();
    boolean isValid = false;
    try {
    this.setEnvironmentProperties();
    String domainName = AuthenticateResources.getString("mydomain.com");
    //set the name of domain with the user name
    String fullName = name + "@" + domainName;
    env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
    env.put(Context.PROVIDER_URL,"ldap://mydomain:389");
    env.put(Context.SECURITY_AUTHENTICATION,"simple");
    //set user related information
    env.put(Context.SECURITY_PRINCIPAL, fullName);
    //set user password
    env.put(Context.SECURITY_CREDENTIALS, password);
    //validate user
    ctx = new InitialDirContext(env);
    isValid = true;
    }catch (AuthenticationException ex){
    isValid = false;
    catch (NamingException ex) {
    throw ex;
    }finally{
    this.freeContext();
    return isValid;

    This is usually a problem if Anonymous Binding is enabled. I have faced this in other Directory Servers, but I am not familiar with Active Directory.
    I think by default Active Directory disables Anonymous Binding, but you may want to check.

  • How can I find out if a user has an active session

    How can I find out if a user has an active session or sessionObject in the application Server.
    When a user logs on to my web-application, I want him to be able to see a
    list of all the other users that are also loged on. To do this I need to get a
    list of all the session objects avaliable in the sever at that perticular moment?
    In J2EE 2.1 I found the class "javax.servlet.http.HttpSessionContext" with the method "getIds()"
    that returned all the session Id's. By using the method getSession(java.lang.String sessionId)
    from the same class, you could then retrieve the sessionObject.
    But these methods are depricated (and want to be able to use the
    latest version of J2EE).
    Is there any other way to do this?
    I'm using JBoss application server.

    Check out HttpSessionListener -> http://java.sun.com/j2ee/sdk_1.3/techdocs/api/javax/servlet/http/HttpSessionListener.html
    Essentially what you have to do is implement this interface. You also have to register the listener in your web.xml, like this:
    <listener>
        <listener-class>
            package.name.YourListener
        </listener-class>
    </listener>sessionCreated() will get called each time the app server creates a session and sessionDestroyed() will get called each time the app server invalidates a session. You could have a Map that contains all the active sessions, and a method for printing a list of all of the active sessions.

  • How to find out whether USER-EXIT is active or not

    Hello!
    How can I  find out whether USER-EXIT is active or not ?
    I set a break-point at these points and nothing happens
    if I want save my daocument ???
    Why
    PERFORM USEREXIT_SAVE_DOCUMENT.
    PERFORM USEREXIT_SAVE_DOCUMENT_PREPARE.
    Ragards
    Ilhan

    Hi Ilhan
    The easiest way, I guess, is by going to transaction SMOD, sticking in your enhancement name and pressing the test button.
    When placing breakpoints, don't use <b>Breakpoints > Breakpoint at > Statement...</b> and enter
    PERFORM USEREXIT_SAVE_DOCUMENT
    because you won't get any hits since the function module names are stored dynamically.
    Rather use <b>Breakpoints > Breakpoint at > Function Module...</b> and enter
    USEREXIT_SAVE_DOCUMENT
    for a better chance of hitting the breakpoint.
    Cheers
    Lyal
    Message's terrible grammar was edited by:
            Lyal Schumann

  • What is a "logged in user" on the "Active Sessions" report in CF8 Server Monitor?

    I was looking at the Active Sessions Report (The Chart View) and saw I have more "logged in users" than "active sessions".
    I had expected them to be nearly the same.    It's on our Intranet where I log users in (using cflogin and cfloginuser) at the begining of their session and users should be logged when the session ends.
    I couldn't find a detailed explaination of what a "logged in user" means.   There is a chance that the same user is logged into a nested application as well as the Intranet, but I don't think that is what I'm seeing.
    I also don't see a way to get a list of what CF is counting as a logged in user.  I can only see a way to get the total count.
    Any help is appreciated. 
    Thanks,
    Jeff

    Thank you Michael for the reply, but I don't think that is the issue.
    When a user opens their browser on the intranet, a session begins and they are logged in (using the cflogin and cfloginuser).    If they close their browser, the session should hang around for 20 min. (per the server setting).   I am assuming this is still considered an "Active Session" since I can see this behavior in the report.
    At first, the Active Sessions and Logged In Users are exactly the same.   When the sessions start to time out, the active sessions are reduced,  but the Logged In Users remain the same.    Then,  after a while, they start to move together.  So I have more Logged In Users than Active Sessions.
    I left the Server Monitor open last night and for most of the night, I had 0 sessions, but 57  "logged in users".   This morning, as people opened their browsers, the Active Sessions and Logged In Users moved together.   The gap of 57 looks consistent.
    It looks like people are remaining logged in after their session ended.
    I am really looking for a detailed explaination of "active session" and/or "logged in user" as used in the server monitor.  It would be really nice to find a way to list the details about each item counted in the "logged in user" and not just the total count. 
    Thanks Again for your reply.
    jsm

  • How can I add a user to the current session context ?

    Hello,
    I would like to use the programmatic authorization of servlets ( the roles are defined
    in the servlet deployment descriptor web.xml ). But I don' t use the authentication
    specified in the servlet deployment descriptor.
    Is it possible to populate a user to the session/servlet context without using the
    authentication specified in the deployment descriptor ? How can I do ? ( cookie ?
    methods ? ... )
    Thank you for your answer.
    Nicolas.

    see weblogic.servlet.security.ServletAuthentication.
    - Neil
    Nicolas Dieu wrote:
    Hello,
    I would like to use the programmatic authorization of servlets ( the roles are defined
    in the servlet deployment descriptor web.xml ). But I don' t use the authentication
    specified in the servlet deployment descriptor.
    Is it possible to populate a user to the session/servlet context without using the
    authentication specified in the deployment descriptor ? How can I do ? ( cookie ?
    methods ? ... )
    Thank you for your answer.
    Nicolas.

  • How to find weather the user exit is active?

    i need to list out all Userexits which are implimented and activated
    so that we can do the same changes in other system also. how to do this?
    i have checked table MODSAP but i think its giving list of all user exits without checking its active/inactive.

    Hello
    1. Goto table MODATTR with status = 'A' (active). You will have list all active projects.
    2. Goto table MODACT with NAME = MODATTR-NAME (for each record from MODATTR). You will have all enhancements for particular project.
    3. Goto table MODSAP with NAME = MODACT-MEMBER. You will have all exits for project.

  • How to tell if a user is issuing 'alter session statements'

    When I run 'alter session' from sqlplus in my schema, this does not get parsed and go to v$sql or show up in v$open_cursor. I have a user that is running queries from informatica. He says he is passing alter session statements through informatica, I want to see if they actually get there. The person is not real versed in oracle and I don't know informatica.
    i cant turn on trace cause he connects and disconnects and this would run immediately, I am not in a position to turn on system level tracing, add a trigger, or turn on auditing (not allowed).
    anyway to tell from a data dictionary view or something like that if these were issued by a given session? The queries run for a few minutes, so I have a bit before his session disconnects to query the data. I can't get him to change his code to stay connected. Is there a view that shows parameter changes for a given session?
    oracle: 10.2.0.5
    4 alter session commands are:
    Alter session set sort_area_size=999999999;
    Alter session set hash_area_size=999999999;
    Alter session set db_file_multiblock_read_count = 128;
    alter session enable parallel dml;
    Edited by: Guess2 on Jul 17, 2012 12:49 PM

    i cant turn on trace cause he connects and disconnects and this would run immediately, I am not in a position to turn on system level tracing, add a trigger, or turn on auditing (not allowed). If Informatica connects to Oracle via network, capturing TCP/IP traffic and mining in it may be your last resort.
    you can get session's PDML status from
    select pdml_status from v$session;
    i cant turn on trace cause he connects and disconnects and this would run immediatelythis contradicts to your following statement
    The queries run for a few minutes, so I have a bit before his session disconnects to query the data.
    I can't get him to change his code to stay connected. Informatica should have debug. Ask him if he can go step by step.
    Edited by: user11181920 on Jul 17, 2012 5:53 PM

  • How can I capture delete user event in Active Directory 2008 using Powershell command

    Hi,
    In my Active Directory every user have own home drive in the file server. When I delete user I also need to delete folder from the server. 
    My target is make the process automated, so that when I delete user account form AD, the folder associate with user also delete.
    Can I write any power shell script to grep the delete event  and remove folder from file server.
    Thanks
    Tamim Khan

    You can setup event viewer to provide alerts (email alerts) for event id 630.
    Find an existing Event ID 630 entry, right click on it and "Attach Task To This Event...."
    Follow the wizard.
    ** Event ID Sample **
    Event ID: 630
    Type: Success Audit
    Description: User Account Deleted:
    Target Account Name: %1 Target Domain: %2
    Target Account ID: %3 Caller User Name: %4
    Caller Domain: %5 Caller Logon ID: %6
    Privileges: %7
    - Chris Ream -
    **Remember, if you find a post that is helpful, or is the answer, please mark it appropriately.**

  • De-authenticating users with multiple active sessions

    Hi guys,
    I haven't posted much, but I've lurked for a long time and, until now, always found
    the answer to my questions, but this one has me stumped. I've implemented the
    Session Timeout utility successfully,
    but I would like to add another function that would exchange a transaction_id between
    the user and the server, as mentioned
    Re: diallow multiple logins.
    When I try to use this new function, the initial cookie gets set and the value is
    inserted into the table. However, when I try to navigate to a second page, the value
    in the cookie is not the same as the value in the table. When I keep all of the records
    and compare them to all of the set-cookie calls, it appears that the
    table is being updated more often than the cookies. I would really appreciate some
    input on this problem or another way to validate that the user is active in
    only one session.
    Thanks,
    Art
    This is the process to create the initial cookie on Page 101-->
    declare
      l_magic_number number;
      l_new_number number;
    begin
      select to_number(to_char(sysdate, 'WDDHHMISS')) into l_magic_number from dual;
      dbms_random.seed(l_magic_number);
      l_new_number := dbms_random.random;
      delete from transaction_cookies where trans_user = owa_cookie.get('LOGIN_USERNAME_COOKIE').vals(1);
      insert into transaction_cookies (trans_user, transaction_id)
                      values (owa_cookie.get('LOGIN_USERNAME_COOKIE').vals(1), l_new_number);
      owa_cookie.send(
          name    => 'HTMLDB_SESSION_TRANSACTION',
          value   => to_char(l_new_number),
          expires => null,
          path    => '/',
          domain  => null
    end;And the validation function is here-->
    function check_transaction_id return boolean as
    cursor c_select_number(user_name varchar2) IS
            select transaction_id
            from   transaction_cookies
            where  trans_user = user_name;
    l_cookie_exists   boolean       := true;
    l_selected_number number;
    l_cookie_number   number;
    l_new_number      number;
    user_id        varchar2(256);
    begin
        if htmldb_custom_auth.get_user is null then
            return true;
        end if;
        begin
            l_cookie_number := to_number(owa_cookie.get('HTMLDB_SESSION_TRANSACTION').vals(1));
            exception when no_data_found then
                l_cookie_exists := false; -- no cookie set, assume first page visit after login
        end;
        user_id := owa_cookie.get('LOGIN_USERNAME_COOKIE').vals(1);
        open  c_select_number(user_id);
        fetch c_select_number into l_selected_number;
        close c_select_number;
        if l_cookie_exists and l_cookie_number <> l_selected_number then
            delete from transaction_cookies where trans_user = user_id;
            OWA_COOKIE.REMOVE(
                name    => 'HTMLDB_SESSION_TRANSACTION',
                val   => to_char(l_cookie_number),
                path    => '/');
            wwv_flow.g_unrecoverable_error := true;
            owa_util.redirect_url('f?p='||wwv_flow.g_flow_id||':'||l_invalid_session_page);
            return false;
        elsif not g_other_cookie_already_sent then
            select to_number(to_char(sysdate, 'WDDHHMISS')) into l_magic_number from dual;
            dbms_random.seed(l_magic_number);
            l_new_number := dbms_random.random;
            delete from transaction_cookies where trans_user = user_id;
            insert into transaction_cookies values(user_id, l_new_number);
              /* The timeout function opened the HTTP header...*/
            owa_cookie.send(
                name    => 'HTMLDB_SESSION_TRANSACTION',
                value   => to_char(l_new_number),
                expires => null,
                path    => '/',
                domain  => null
            owa_util.http_header_close; /* Since this is called after the timeout function, THIS one will close the header*/
            g_other_cookie_already_sent := true;
        end if;
        return true;
    end check_transaction_id;

    Art - Thanks for the detailed problem description (with code). The problem you're seeing is due, in part, to the fact that an application's session verification function is run on every page show and page submit. Based on your function's logic, when you show a page, a cookie is sent (after you purge the table and do an insert). Then you submit the page and it runs again, purging the table, inserting a new value into the table, and sending that value in the cookie. Then the page branches to the next page (usually doing a URL redirect. Here's where it messes you up. Whenever a redirect is done, apex clears the HTTP header, so the cookie doesn't get to your browser. When the next show page request is handled (as a result of the branch), the function checks if the browser's cookie matches the value in the table. It doesn't.
    The solution will involve having the function not do its thing if a page "submit" is being processed. There might be better ways to detect this but here is some could you could try:    if owa_util.get_cgi_env('REQUEST_METHOD') = 'GET' and
           lower(owa_util.get_cgi_env('PATH_INFO')) = '/f' then ......which would be true for show requests only (f?p URLs). I have to tell you though, that with some of the newer request types (ppr pagination, csv/fop output, on-demand/ajax invoked processes, ...), you may have to tinker quite a bit.
    Also, in your code I see you use the LOGIN_USERNAME_COOKIE cookie to identify the user. This will not be reliable if a user is using the same browser to run more than one application. You really should use v('APP_USER') to identify the user (authenticated or not). And if your user is running multiple apps in the same browser, your other cookie needs a name unique to the application lest one app's cookie overwrites the other's.
    Scott

  • How to Restrict same portal user from other node

    Hi
    In my application, we charge customers for each portal user logins. But, i found that, they can share same user logins amongs number of people.
    I don't want to allow the same portal user login into the application if that user is already logged in and it's session is still active.
    Here is the Scenario :
    User A is logged in to the portal from terminal AA. Now, User A agin tries to logg in to the portal from terminal BB. I don't wnat to allow user A to log in from terminal BB bcuz user A has active session from terminal AA.
    Can anyone know how to implement this??
    thanks in advance.
    Srini

    Hi Srini!
    We have solved this problem with our own login portlet. Before the final login we've got to check (from the certain table) how many logins there are currently with that username.
    But there is a problem. If the user closes the browser without logoff, the session remains active. There is a cleanup job, which removes those session in some hours. Still it is not very elegant.
    Regards,
    Jari

  • Messages (Jabber) Refuses to Authenticate AD Users after 10.9.2/Server 3.0.3 update

    Once again, an update appears to have broken Messages/Jabber's ability to authenticate AD users after the 10.9.2/Server 3.0.3 update even though it was working well before. Hoping someone here has some ideas for how to help!
    I can log in just fine as a local user (e.g. [email protected]), but no luck with AD users (e.g. [email protected]). As always, it fails with no intelligible error message whatsoever:
    Mar  1 09:46:00 comet.ADdomain.private jabberd/c2s[604]: [9] [::ffff:76.24.227.229, port=58658] connect
    Mar  1 09:46:01 comet.ADdomain.private jabberd/c2s[604]: [9] [::ffff:76.24.227.229, port=58658] disconnect jid=unbound, packets: 0
    Mar  1 09:48:00 comet.ADdomain.private jabberd/c2s[604]: [9] [::ffff:76.24.227.229, port=58667] connect
    Mar  1 09:48:01 comet.ADdomain.private jabberd/c2s[604]: [9] [::ffff:76.24.227.229, port=58667] disconnect jid=unbound, packets: 0
    I reset the jabber server configuration as described here to no avail: https://discussions.apple.com/thread/5354428
    The DNS configuration looks good:
    changeip -checkhostname
    Primary address     = 10.0.17.15
    Current HostName    = comet.ADdomain.private
    DNS HostName        = comet.ADdomain.private
    The names match. There is nothing to change.
    dirserv:success = "success"
    The Jabber status from jabber:
    serveradmin fullstatus jabber
    jabber:state = "RUNNING"
    jabber:roomsState = "RUNNING"
    jabber:logPaths:PROXY_LOG = "/private/var/jabberd/log/proxy65.log"
    jabber:logPaths:MUC_STD_LOG = "/var/log/system.log"
    jabber:logPaths:JABBER_LOG = "/var/log/system.log"
    jabber:proxyState = "RUNNING"
    jabber:currentConnections = "0"
    jabber:currentConnectionsPort1 = "0"
    jabber:currentConnectionsPort2 = "0"
    jabber:pluginVersion = "10.8.211"
    jabber:servicePortsAreRestricted = "NO"
    jabber:servicePortsRestrictionInfo = _empty_array
    jabber:hostsCommaDelimitedString = "comet.ADdomain.private"
    jabber:hosts:_array_index:0 = "comet.ADdomain.private"
    jabber:setStateVersion = 1
    jabber:startedTime = "2014-03-01 17:39:06 +0000"
    jabber:readWriteSettingsVersion = 1
    Full jabber server startup log:
    Mar  1 09:52:19 comet.ADdomain.private servermgrd[180]: servermgr_jabber[N]: waiting for jabberd to finish startup...
    Mar  1 09:52:19 comet.ADdomain.private jabberd/router[1785]: starting up
    Mar  1 09:52:19 comet.ADdomain.private jabberd/router[1785]: loaded user table (1 users)
    Mar  1 09:52:19 comet.ADdomain.private jabberd/router[1785]: couldn't open filter file /etc/jabberd/router-filter.xml: No such file or directory
    Mar  1 09:52:19 comet.ADdomain.private servermgrd[180]: servermgr_jabber[N]: jabberd service startup completed.
    Mar  1 09:52:19 comet.ADdomain.private jabberd/c2s[1786]: starting up
    Mar  1 09:52:19 comet.ADdomain.private jabberd/s2s[1787]: starting up (interval=60, queue=60, keepalive=0, idle=86400)
    Mar  1 09:52:19 comet.ADdomain.private jabberd/sm[1784]: starting up
    Mar  1 09:52:19 comet.ADdomain.private jabberd/c2s[1786]: modules search path: /Applications/Server.app/Contents/ServerRoot/usr/libexec/jabberd/modules
    Mar  1 09:52:19 comet.ADdomain.private jabberd/c2s[1786]: initialized auth module 'apple_od'
    Mar  1 09:52:19 comet.ADdomain.private jabberd/sm[1784]: initialised storage driver 'sqlite'
    Mar  1 09:52:19 comet.ADdomain.private jabberd/sm[1784]: modules search path: /Applications/Server.app/Contents/ServerRoot/usr/libexec/jabberd/modules
    Mar  1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'iq-last' added to chain 'sess-end' (order 0 index 0 seq 0)
    Mar  1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'validate' added to chain 'in-sess' (order 0 index 1 seq 0)
    Mar  1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'privacy' added to chain 'in-sess' (order 1 index 2 seq 0)
    Mar  1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'roster' added to chain 'in-sess' (order 2 index 3 seq 0)
    Mar  1 09:52:20 comet.ADdomain.private jabberd/router[1785]: [127.0.0.1, port=5347] listening for incoming connections
    Mar  1 09:52:20 comet.ADdomain.private jabberd/c2s[1786]: [comet.ADdomain.private] configured; realm=comet.ADdomain.private, registration disabled, using PEM:/etc/certificates/mail.ADdomainbio.com.E41BBC081993E348B26181D9CB334A28137A8D8D.concat.pem
    Mar  1 09:52:20 comet.ADdomain.private jabberd/c2s[1786]: attempting connection to router at 127.0.0.1, port=5347
    Mar  1 09:52:20 comet.ADdomain.private jabberd/router[1785]: [127.0.0.1, port=49353] connect
    Mar  1 09:52:20 comet.ADdomain.private jabberd/router[1785]: [127.0.0.1, port=49353] authenticated as jabberd
    Mar  1 09:52:20 comet.ADdomain.private jabberd/c2s[1786]: connection to router established
    Mar  1 09:52:20 comet.ADdomain.private jabberd/router[1785]: [c2s] online (bound to 127.0.0.1, port 49353)
    Mar  1 09:52:20 comet.ADdomain.private jabberd/c2s[1786]: [::, port=5222] listening for connections
    Mar  1 09:52:20 comet.ADdomain.private jabberd/c2s[1786]: [::, port=5223] listening for SSL connections
    Mar  1 09:52:20 comet.ADdomain.private jabberd/c2s[1786]: ready for connections
    Mar  1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'vacation' added to chain 'in-sess' (order 3 index 4 seq 0)
    Mar  1 09:52:20 comet.ADdomain.private jabberd/s2s[1787]: attempting connection to router at 127.0.0.1, port=5347
    Mar  1 09:52:20 comet.ADdomain.private jabberd/router[1785]: [127.0.0.1, port=49354] connect
    Mar  1 09:52:20 comet.ADdomain.private jabberd/router[1785]: [127.0.0.1, port=49354] authenticated as jabberd
    Mar  1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'iq-vcard' added to chain 'in-sess' (order 4 index 5 seq 0)
    Mar  1 09:52:20 comet.ADdomain.private jabberd/s2s[1787]: connection to router established
    Mar  1 09:52:20 comet.ADdomain.private jabberd/router[1785]: [s2s] set as default route
    Mar  1 09:52:20 comet.ADdomain.private jabberd/router[1785]: [s2s] online (bound to 127.0.0.1, port 49354)
    Mar  1 09:52:20 comet.ADdomain.private jabberd/s2s[1787]: ready for connections
    Mar  1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'iq-ping' added to chain 'in-sess' (order 5 index 6 seq 0)
    Mar  1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'iq-private' added to chain 'in-sess' (order 6 index 7 seq 0)
    Mar  1 09:52:20 comet.ADdomain.private Rooms[1792]: Starting up...
    Mar  1 09:52:20 comet.ADdomain.private Rooms[1792]: Loading persistent rooms from disk...
    Mar  1 09:52:20 comet.ADdomain.private Rooms[1792]: Finished loading rooms from disk
    Mar  1 09:52:20 comet.ADdomain.private Rooms[1792]: Connecting to XMPP server at 'comet.ADdomain.private' as 'rooms.comet.ADdomain.private'...
    Mar  1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'disco' added to chain 'in-sess' (order 7 index 8 seq 0)
    Mar  1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'amp' added to chain 'in-sess' (order 8 index 9 seq 0)
    Mar  1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'offline' added to chain 'in-sess' (order 9 index 10 seq 0)
    Mar  1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'announce' added to chain 'in-sess' (order 10 index 11 seq 0)
    Mar  1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'presence' added to chain 'in-sess' (order 11 index 12 seq 0)
    Mar  1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'deliver' added to chain 'in-sess' (order 12 index 13 seq 0)
    Mar  1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'session' added to chain 'in-router' (order 0 index 14 seq 0)
    Mar  1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'validate' added to chain 'in-router' (order 1 index 1 seq 1)
    Mar  1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'presence' added to chain 'in-router' (order 2 index 12 seq 1)
    Mar  1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'privacy' added to chain 'in-router' (order 3 index 2 seq 1)
    Mar  1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'privacy' added to chain 'out-router' (order 0 index 2 seq 2)
    Mar  1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'iq-last' added to chain 'pkt-sm' (order 0 index 0 seq 1)
    Mar  1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'iq-ping' added to chain 'pkt-sm' (order 1 index 6 seq 1)
    Mar  1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'iq-time' added to chain 'pkt-sm' (order 2 index 15 seq 0)
    Mar  1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'iq-version' added to chain 'pkt-sm' (order 3 index 16 seq 0)
    Mar  1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'amp' added to chain 'pkt-sm' (order 4 index 9 seq 1)
    Mar  1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'disco' added to chain 'pkt-sm' (order 5 index 8 seq 1)
    Mar  1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'announce' added to chain 'pkt-sm' (order 6 index 11 seq 1)
    Mar  1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'help' added to chain 'pkt-sm' (order 7 index 17 seq 0)
    Mar  1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'echo' added to chain 'pkt-sm' (order 8 index 18 seq 0)
    Mar  1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'presence' added to chain 'pkt-sm' (order 9 index 12 seq 2)
    Mar  1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'roster' added to chain 'pkt-user' (order 0 index 3 seq 1)
    Mar  1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'presence' added to chain 'pkt-user' (order 1 index 12 seq 3)
    Mar  1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'iq-vcard' added to chain 'pkt-user' (order 2 index 5 seq 1)
    Mar  1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'amp' added to chain 'pkt-user' (order 3 index 9 seq 2)
    Mar  1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'deliver' added to chain 'pkt-user' (order 4 index 13 seq 1)
    Mar  1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'vacation' added to chain 'pkt-user' (order 5 index 4 seq 1)
    Mar  1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'offline' added to chain 'pkt-user' (order 6 index 10 seq 1)
    Mar  1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'iq-last' added to chain 'pkt-user' (order 7 index 0 seq 2)
    Mar  1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'session' added to chain 'pkt-router' (order 0 index 14 seq 1)
    Mar  1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'disco' added to chain 'pkt-router' (order 1 index 8 seq 2)
    Mar  1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'active' added to chain 'user-load' (order 0 index 19 seq 0)
    Mar  1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'autobuddy' added to chain 'user-load' (order 1 index 20 seq 0)
    Mar  1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'roster' added to chain 'user-load' (order 2 index 3 seq 2)
    Mar  1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'roster-publish' added to chain 'user-load' (order 3 index 21 seq 0)
    Mar  1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'privacy' added to chain 'user-load' (order 4 index 2 seq 3)
    Mar  1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'vacation' added to chain 'user-load' (order 5 index 4 seq 2)
    Mar  1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'active' added to chain 'user-create' (order 0 index 19 seq 1)
    Mar  1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'template-roster' added to chain 'user-create' (order 1 index 22 seq 0)
    Mar  1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'active' added to chain 'user-delete' (order 0 index 19 seq 2)
    Mar  1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'announce' added to chain 'user-delete' (order 1 index 11 seq 2)
    Mar  1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'offline' added to chain 'user-delete' (order 2 index 10 seq 2)
    Mar  1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'privacy' added to chain 'user-delete' (order 3 index 2 seq 4)
    Mar  1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'roster' added to chain 'user-delete' (order 4 index 3 seq 3)
    Mar  1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'vacation' added to chain 'user-delete' (order 5 index 4 seq 3)
    Mar  1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'iq-last' added to chain 'user-delete' (order 6 index 0 seq 3)
    Mar  1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'iq-private' added to chain 'user-delete' (order 7 index 7 seq 1)
    Mar  1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'iq-vcard' added to chain 'user-delete' (order 8 index 5 seq 2)
    Mar  1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'iq-version' added to chain 'disco-extend' (order 0 index 16 seq 1)
    Mar  1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'help' added to chain 'disco-extend' (order 1 index 17 seq 1)
    Mar  1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: version: jabberd sm 2.2.17-409
    Mar  1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: [comet.ADdomain.private] configured
    Mar  1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: attempting connection to router at 127.0.0.1, port=5347
    Mar  1 09:52:20 comet.ADdomain.private jabberd/router[1785]: [127.0.0.1, port=49355] connect
    Mar  1 09:52:20 comet.ADdomain.private jabberd/router[1785]: [127.0.0.1, port=49355] authenticated as jabberd
    Mar  1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: connection to router established
    Mar  1 09:52:20 comet.ADdomain.private jabberd/router[1785]: [sm] online (bound to 127.0.0.1, port 49355)
    Mar  1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: sm ready for sessions
    Mar  1 09:52:20 comet.ADdomain.private jabberd/router[1785]: [comet.ADdomain.private] online (bound to 127.0.0.1, port 49355)
    Mar  1 09:52:22 comet.ADdomain.private jabberd/router[1785]: [127.0.0.1, port=49356] connect
    Mar  1 09:52:22 comet.ADdomain.private jabberd/router[1785]: [127.0.0.1, port=49356] authenticated as proxy65.comet.ADdomain.private
    Mar  1 09:52:22 comet.ADdomain.private jabberd/router[1785]: [proxy65.comet.ADdomain.private] online (bound to 127.0.0.1, port 49356)
    Mar  1 09:52:23 comet.ADdomain.private jabberd/router[1785]: [127.0.0.1, port=49357] connect
    Mar  1 09:52:24 comet.ADdomain.private jabberd/router[1785]: [127.0.0.1, port=49357] authenticated as rooms.comet.ADdomain.private
    Mar  1 09:52:24 comet.ADdomain.private jabberd/router[1785]: [rooms.comet.ADdomain.private] online (bound to 127.0.0.1, port 49357)
    Mar  1 09:52:24 comet.ADdomain.private Rooms[1792]: Successfully connected to XMPP server, ready for activity
    I am not sure if it's attempting to authenticate to AD or not, and if so, why it might be failing. Any suggestions would be greatly appreciated!

    uscadvit wrote:
    Here is the output without the name of our AD:
    Advanced Options - User Experience
      Create mobile account at login = Disabled
         Require confirmation        = Enabled
      Force home to startup disk     = Enabled
         Mount home as sharepoint    = Enabled
      Use Windows UNC path for home  = Enabled
         Network protocol to be used = smb
      Default user Shell             = /bin/bash
    Advanced Options - Mappings
      Mapping UID to attribute       = not set
      Mapping user GID to attribute  = not set
      Mapping group GID to attribute = not set
      Generate Kerberos authority    = Enabled
    Advanced Options - Administrative
      Preferred Domain controller    = not set
      Allowed admin groups           = not set
      Authentication from any domain = Enabled
      Packet signing                 = allow
      Packet encryption              = allow
      Password change interval       = 14
      Restrict Dynamic DNS updates   = not set
      Namespace mode                 = domain
    That looks correct. Lets collect a few more config items.
    Copy / paste the output of this command when run against c2s.xml:
    sudo grep '<id require-starttls="true" pemfile="' /Library/Server/Messages/Config/jabberd/c2s.xml
    Ours looks like this:
    <id require-starttls="true" pemfile="/etc/certificates/chat.example.com.1234567890.concat.pem" private-key-password="12345678-1234-1234-12345678" cachain="/etc/certificates/chat.example.com.1234567890.chain.pem" realm="example.com">example.com</id>
    Copy / paste the output of this command when run against sm.xml. To give us context, it will display the 6 lines above and below the text:
    sudo grep -C 6 'If not set, the SM id is used. -->' /Library/Server/Messages/Config/jabberd/sm.xml
    Ours looks like this:
    <!-- Local network configuration -->    <local>        <!-- Who we identify ourselves as.         Users will have this as the domain part of their JID.         If you want your server to be accessible from other         Jabber servers, this IDs must be FQDN resolvable by DNSes.         If not set, the SM id is used. -->        <id>example.com</id>        <!--    <id>vhost1.localdomain</id>    <id>vhost2.localdomain</id>    -->    </local>
    Copy / paste the output of this command:
    sudo serveradmin settings jabber
    Ours looks like this:
    jabber:dataLocation = "/Library/Server/Messages"jabber:s2sRestrictDomains = nojabber:jabberdDatabasePath = "/Library/Server/Messages/Data/sqlite/jabberd2.db"jabber:sslCAFile = "/etc/certificates/chat.example.com.1234567890.chain.pem"jabber:jabberdClientPortTLS = 5222jabber:sslKeyFile = "/etc/certificates/chat.example.com.1234567890.concat.pem"jabber:initialized = yesjabber:enableXMPP = nojabber:savedChatsArchiveInterval = 7jabber:authLevel = "STANDARD"jabber:hostsCommaDelimitedString = "example.com"jabber:jabberdClientPortSSL = 5223jabber:requireSecureS2S = nojabber:savedChatsLocation = "/Library/Server/Messages/Data/message_archives"jabber:enableSavedChats = nojabber:enableAutoBuddy = yesjabber:s2sAllowedDomains = _empty_arrayjabber:logLevel = "ALL"jabber:hosts:_array_index:0 = "example.com"jabber:eventLogArchiveInterval = 7jabber:jabberdS2SPort = 0
    Also, while you're troubleshooting, I found Adium's debug window to be invaluble for showing errors during logon (even if you plan to use Messages).
    You can open it in debug mode by holding option + click Adium.app, select "start in debug mode". Then in Adium menu > Debug window.

  • How to use an authenticated user for a proxy call

    Dear all,
    I am currently working on a JEE application where the user needs to authenticate (for this I have configured the web.xml).
    Now inside this application I need to do a proxy call to a PI webservice.
    I would like to use the user credentials of the already logged in user in order to call the proxy.
    What I don't want to do is to use a service user for the proxy call.
    The code I am trying to call looks something like this:
         private IntegratedConfigurationIn getPort() throws Exception{
              IntegratedConfigurationIn port = null;
              try {
                   IntegratedConfigurationInService service = null;
                   service = new IntegratedConfigurationInService();
                   port = (IntegratedConfigurationIn) service.getIntegratedConfigurationIn_Port();
                  BindingProvider bp = (BindingProvider)port;
                  bp.getRequestContext().put(BindingProvider.USERNAME_PROPERTY, user);
                  bp.getRequestContext().put(BindingProvider.PASSWORD_PROPERTY, password);
                  if (url.length() != 0)
                       bp.getRequestContext().put(BindingProvider.ENDPOINT_ADDRESS_PROPERTY, url);
              catch (Exception ex){
                   ex.printStackTrace();
              return port;
    The examples I found to retrieve the userdata pointed to codes similar to this one:
    public HttpServletRequest getHttpRequest() throws Exception {
              // Get runtime context
              Properties props = new Properties();
              props.put("domain", "true");
              Context initialContext = new InitialContext(props);
              ApplicationWebServiceContext wsContext = (ApplicationWebServiceContext) initialContext
                        .lookup(" /wsContext/ApplicationWebServiceContext");
              HttpServletRequest req = wsContext.getHttpServletRequest();
              return req;
    com.sap.security.api.IUser sapUser = com.sap.security.api.UMFactory.getAuthenticator().getLoggedInUser(getHttpRequest(), null);
              IUser ep5User = com.sapportals.wcm.util.usermanagement.WPUMFactory.getUserFactory().getEP5User(sapUser);
    Now I don't know how to bring it togehter and how to use an authenticated user for the BindingProvider.
    I would appreciate any hints or ideas.

    Peter,
    from the first screenshot, what I understood is that, you are calling an inbound PI web service that is intended to create an integrated configuration object (this is used for whole lot of other reason completely) but not actually calling a development web service.
    For this, you would have to generate your client classes from the WSDL provided by the PI developer for that particular service. Once you get those client classes generated, you could used the method provided in the other screenshot to extract the user and password and call the intended web service.
    Vijay Konam

  • How can I authenticate and authorize with Web Service on ESB ?

    Hello,
    I want to authenticate and authorize client with Web Service published
    by HTTP/SOAP BC.
    Simply if it is an Web Service as J2EE application, I will use
    Basic Authentication with JAX-RPC and Realm.
    But I think that Web Service published by HTTP/SOAP BC is not belong
    to J2EE Application. Threre is no place to describe security role mapping
    (like web.xml).
    JBI 1.0 the section "5.5.1.1.3 Normalized Message Properties" comments
    JAAS Subject is given in the NM Properties. Really in this package
    com.sun.jbi.internal.security.*
    implements JAAS autentication and authorization (at JaasAuthenticator).
    But I can't see how to configure my Service to use this.
    How can I authenticate and authorize with Web Service on ESB ?
    I referred to the resources.
    Mutual Authentication for Web Services: A Live Example
    http://developers.sun.com/prodtech/appserver/reference/techart/mutual_auth.html
    XML and Web Services Security
    http://java.sun.com/j2ee/1.4/docs/tutorial/doc/Security7.html
    JAAS Authentication Tutorial
    http://java.sun.com/j2se/1.4.2/docs/guide/security/jaas/tutorials/GeneralAcnOnly.html
    Thanks,
    Takurou
    - environment ---------------------------------------------
    OpenESB : Project Open ESB Starter Kit
    AppServer : Sun Java Systems Application Server 9.0 PE
    OS : Windows XP
    I don't assume to use SSL (if It's necessary I will try).
    User information is stored in a LDAP Server.
    -----------------------------------------------------------

    Hello,
    I read this resource.
    SecurityDesign
    http://www.glassfishwiki.org/jbiwiki/Wiki.jsp?page=SecurityDesign
    Then I think [non-ssl and ssl/tls and so on] securing by basic authentication is ongoing feature at this time.
    But I can't see well why this page comments 'HTTP over SSL, TLS'.
    HTTP/SOAP Binding Component Overview
    http://download.java.net/general/open-esb/docs/jbi-components/httpsoap-bc.html
    Does BC support only "SSL server authentication" ?
    Doesn't BC support "SSL client authentication" by username/password ?
    Thanks,
    Takurou

  • How to get logged-in user/group information in WebLogic Portal 10.3.2

    Hi bros.
    I have a codesnipet to get information about user who actually logged in weblogic portal:
    import javax.security.auth.Subject;
    import javax.security.auth.login.LoginException;
    import com.bea.p13n.security.Authentication;
    import com.bea.portal.tools.security.user.*;
    public class UGMSummary {
         private static final String username = "weblogic";
         private static final String password = "webl0gic";
         public UGMSummary(){
         public void test(){
              try {
                   Subject tmp = Authentication.authenticate(username, password);
                   //PolicyItem pi = new PolicyItem();
                   //System.out.println("######## " + Authentication.getCurrentSubject().toString());
                   UserIDBuilder builder = new UserIDBuilder();
                   UserID uid = builder.createResourceID();
                   System.out.println("######## Admin ? " + Authentication.isAdministrator(tmp));
                   System.out.println("######## Anonymous ? " + Authentication.isAnonymous(tmp));
                   System.out.println(" ######## " + uid.getUserName());
              } catch (LoginException e) {
                   System.out.println(e.getMessage());
                   //e.printStackTrace();
    }Some println commands above are used to mark in console. I can ensure that there is an user (admin) logged in weblogic system by executing command: Authentication.isAdministrator(tmp);
    Output of codesnipet above is:
    ######## Admin ? true
    ######## Anonymous ? false
    ######## nullMy problem is impossible to use UserID object to get username of weblogic user. Output of command: uid.getUsername() is: null
    Somebody tell me why my code doesn't work though it can authenticate an user.
    Thank in advance.
    ps:
    Some Javadoc for UserID can be found here:
    http://download.oracle.com/docs/cd/E15919_01/wlp.1032/e14255/index.html
    http://download.oracle.com/docs/cd/E15919_01/wlp.1032/e14255/index.html

    Hi, Kevin.
    I'm glad to see your response again. I found some interesting information from your recommendation link. At this time, I know that impossible to get users/groups information by using DelegatedAtnProxyManagerControlFacade (ref: http://download.oracle.com/docs/cd/E15919_01/wlp.1032/e14255/com/bea/portal/tools/ugm/controls/DelegatedAtnProxyManagerControlFacade.html) interface.
    But, I dont know how to get an instance of an object that implemented this interface. My friend give me a codesnipet that shown the way to get a DelegatedAtnProxyManagerControlFacade by using this codesnipet in a GlobalController:
          try
            DelegatedAtnProxyManagerControlFacade delegatedAtnProxyManager = (DelegatedAtnProxyManagerControlFacade)getControl(DelegatedAtnProxyManagerControlFacade.class);
          catch (PolicyRefException e)
            reportPolicyRefException(e);
          catch (OperationNotSupportedException e)
            reportOperationNotSupportedException(e);
          }But I dont know what global.GlobalController actually is ?
    I've asked Google for information but I got nothing. Do you know any documentation that describes about this controller ?
    Thanks, regards !
    Doubt_Man.

Maybe you are looking for