How to set role based Authorization in JAAS
how to set role based Authorization in JAAS
i had user name , password and role in FileLogin
thanks
arun .v.
http://dev2dev.bea.com/pub/a/2003/04/Kemp_Helton.html?page=last
Similar Messages
-
Is it possible to implement role based menu using JAAS in web application ? My requirment is to enable or disable menu items on the screen based on the roles of the logged in user .
Can some one help me on this ?Is it possible to implement role based menu using JAAS in web application ? My requirment is to enable or disable menu items on the screen based on the roles of the logged in user .
Can some one help me on this ? -
Custom security JHeadstart 11gTP1 -Use Role-based Authorization is missing
In JHeadstart 11g TP1 the option Use Role-based Authorization is missing.
Will this option only be available in de production release of JHeadstart 11g? What is the reason why this is missing? Is it still possible to use CUSTOM authorization in JHeadstart 11g TP1?It is not missing.
If you turn on custom authorization, you can specify your own roles against groups to access them, and use role names in the insert allowed/update allowed and delete allowed expressions.
Steven Davelaar,
JHeadstart Team. -
Can't use role-based authorization
We can't use role-based authorization because the permissions
and their assignments change frequently. Is there any alternative
where we can still use WLS to handle security?Dave,
If you're using WLS6 the console supports dynamic user updates so you could
change each users configuration as needed.
Alex
Dave <[email protected]> wrote in message
news:3a672c81$[email protected]..
>
We can't use role-based authorization because the permissions
and their assignments change frequently. Is there any alternative
where we can still use WLS to handle security? -
How to Set URL-Based Session Tracking to No
Dear BSP Gurus
I am fairly new to BSP applications, but I am getting an error which goes "BSP exception: Access to URL /sap(bD1lbiZjPTEwMCZkPW1pbg==)/bc/bsp/sap/crm_ui_frame/ is forbidden" and notice some say they solved it by Setting URL-Based Session Tracking to No, so my question is how do I do that.
Unless off course there is another way to solve my problem. Would greatly appreciate it.
Awaiting your favorable responseHey Raja and Rajani
I actually activated all the applications below SAP->BC->->SAP-> **(Application)*-> but still I am getting that error.
When I then test the individual applications I get errors like
"BSP Exception: Das Objekt default.htm in der URL /sap/bc/bsp/sap/bp_cont_main/default.htm?sap-client=100&sap-sessioncmd=open ist nicht gültig"
I really have run out if ideas, I need your assistance, initially I thought it cd be the logical link coz the work centres appear fine then I tried to assign even standard business roles, its giving the same error.
What do I do now? -
How to set roles from JDBC connections
Hi guys,
I have a jdbc connection which purpose is to run queries based on a string that I construct in my program.
My question is: if I have to run a DCL, like: SET ROLE RL_XXX TO USER1;
What's the easiest way to do it with my same connection?
Thanks.Hi Marc,
Sorry for the typo. It's a BDC source, I use a WCF client to access a SQL Database (HR External System) that has 4 fields that are necessary to present in the Sharepoint User Profile. The issue occurs with a Full or a Delta Sync. The problem is that if the
BDC source is not present the fields are deleted (I get a SPS-Dummy Added and all of the pbjects in the BDC Connector Space are deleted).
I do not want this to happen. I do not want the User Profile Attributes/Fields to be empty/deleted if there is no connection I simply want them to stay what they are... I have two issues.
1) Is that the even if i change my data on SQL Server side, the changes do not get picked up by the sync. Since the only field that is being tested for change is an ADid, since the id does not change the BDC does not consider them changes.
2) If there is no connection I do not want the attributes to be deleted. I have not figured out a way to effectively do this.
So my issue appears to be simple to solve, but after 4 days and hundreds of tutorial pages read I have yet to figure out a proper way to do this.
Here is the pseudo-specification
The Fields that come form the HR System (SQL Server) are to be presented in the user profile. If there is no connection to the BDC file the fields remain as they are until there is a connection and updates can be made. Changes to any of the fields are performed
manually in the HR system. These changes must be picked up by the daily sync. -
How to set role which can issue only one command
I am thinking about setting role, which will be allowed to issue olny one command. I have created role test. Which has the following entries in the following files:
/etc/user_attr
test::::profiles=OneCommand;type=role
/etc/security/exec_attr
OneCommand:solaris:cmd:::/tmp/data.sh:euid=0
After this I sill could issue all comands, not only test command /tmp/data.sh.
When I issued comand profiles on test role I received the following:
bash-3.00$ profiles test
OneCommand
Basic Solaris User
All
So I commented line in the /etc/policy.conf to read:
#PROFS_GRANTED=Basic Solaris User
After that, when I try to issue /tmp/data.sh command as a test role I receive the following error:
$ /tmp/data.sh
pfexec: Exec format error
Does anybody know how to set up the role which can issue only one command ? Maybe there is a way to do this in the way which wil not affect another roles (ie, not to touch /etc/policy.conf).
Best regardsRadekW wrote:
I am thinking about setting role, which will be allowed to issue olny one command. I have created role test. Which has the following entries in the following files:They will need the ability to run at least a profile shell otherwise all bets are off. So now you're down to two commands. :-)
bash-3.00$ profiles test
OneCommand
Basic Solaris User
AllFirst you need to define what already exists by default. (policy.conf)
Then you get to change those defaults or create a new default list just for test.
Then you get to add a role or profile for test that allows the execution of a profile shell and one command.
Then you should test all of the user accounts to ensure that something didn't break. This step might be a little overkill.
alan -
XWS-Security, JAAS and role-based authorization
What is my best bet to try to authorize users to use certain web services? For example, let's say a user logs into a web application A, who connects to a web application B implementing Web Services and XWSS.
A passes along the userNameToken, and B authenticates it (let's say, using JAAS). Now it needs to authorize the user to use the actual web service. Can I do this with JAAS? What is the best way to define the policies? Does it mean I have to create PrivilegedActions for every webservice? What are my other alternatives besides JAAS?
Thanks in advance.Alternatively, is there a way to see which web service the client is requesting from the SecurityEnvironmentHandler (callbackHandler)?
-
Re: Permission-based authorization with JAAS
Actually, I am struggling on this topic also. Probably someone else could help
on this. If you only deal with WLS, one solution could be write your own RoleMapper.
When the RoleMapper is called, the subject/principal should be available, at that
time you could do DB search to find roles the principal belongs to and return
all the roles to WLS security manager. WLS take over from there to enforce the
access control defined in ejb-jar.
-John
"Natasha" <[email protected]> wrote:
>
That is very helpful, thank you very much, John!
What about dynamic role definition? Any thoughts on how I should go
about authorizing
based on specific permissions a user has? What I need, essentially,
is to have
only the relevant parts of a given page visible to a user with certain
permissions,
so I want to use JAAS to have a system that would check if the current
instance
of Subject is authorized for a particular action.
Natasha
"John Zhu" <[email protected]> wrote:
One thing you could do is to have all the client logs in through JNDI
lookup API.
And client's principal will be passed to the bean. Inside the bean's
method call
principal.getName() to retrieve the principal. After that you couldsearch
DB
to get ACL related to the principal, then enforce the security.
Principal principal = context.getCallerPrincipal();
logger.info("The principal name: "+principal.getName());
[email protected] (Natasha) wrote:
I need to implement an authorization model in which a user can be
authorized to view a certain page or a part of a page based on their
permissions. The trick is that the role definition is dynamic, andI
can not make a policy file ahead of time. Instead, I would like to
simply retrieve the users permissions and then allow access (or, say,
use a jsp tag to check if a certain part of the page should be
displayed) based of whether the user has the permission required, and
have a configuration file that defines the access policy by mapping
actions to permissions. I am trying to figure out whether I can use
JAAS and the Subject class for this, because all of the examples I
could find map actions to roles, rather than individual permissions.
Also, I am confused as to whether or not I would have to implement
my
own LoginModule if I need to authenticate against a database, in my
case, probably via using Weblogic entity beans. Sun tutorial states
that developers do not need to implement a LoginModule, but I do not
understand how I can do all that without it. I am using Weblogic 7.0
and Struts.
Any help will be greatly appreciated.
NatashaDid u think about implementing your own AuthorizationProvider and using it in your
security realm. The AuthorizationProvider does the trick of verifying which resource
is being accessed and who can access it.
My only problem is that I am unable to find out how to make the Resource know
what instance it is...
"Natasha" <[email protected]> wrote:
>
I guess I have to see if anyone suggests an alternative, and then decide
whether
it is worth adapting JAAS instead of a quick homegrown solution, as it
seems like
in our case the biggest reason to adopt JAAS is it being the standard.
Thank you very much for your help, John!
Natasha.
"John Zhu" <[email protected]> wrote:
Actually, I am struggling on this topic also. Probably someone elsecould
help
on this. If you only deal with WLS, one solution could be write your
own RoleMapper.
When the RoleMapper is called, the subject/principal should be available,
at that
time you could do DB search to find roles the principal belongs to and
return
all the roles to WLS security manager. WLS take over from there to enforce
the
access control defined in ejb-jar.
-John
"Natasha" <[email protected]> wrote:
That is very helpful, thank you very much, John!
What about dynamic role definition? Any thoughts on how I should go
about authorizing
based on specific permissions a user has? What I need, essentially,
is to have
only the relevant parts of a given page visible to a user with certain
permissions,
so I want to use JAAS to have a system that would check if the current
instance
of Subject is authorized for a particular action.
Natasha
"John Zhu" <[email protected]> wrote:
One thing you could do is to have all the client logs in through JNDI
lookup API.
And client's principal will be passed to the bean. Inside the bean's
method call
principal.getName() to retrieve the principal. After that you couldsearch
DB
to get ACL related to the principal, then enforce the security.
Principal principal = context.getCallerPrincipal();
logger.info("The principal name: "+principal.getName());
[email protected] (Natasha) wrote:
I need to implement an authorization model in which a user can be
authorized to view a certain page or a part of a page based on their
permissions. The trick is that the role definition is dynamic, andI
can not make a policy file ahead of time. Instead, I would like
to
simply retrieve the users permissions and then allow access (or,say,
use a jsp tag to check if a certain part of the page should be
displayed) based of whether the user has the permission required,and
have a configuration file that defines the access policy by mapping
actions to permissions. I am trying to figure out whether I can
use
JAAS and the Subject class for this, because all of the examplesI
could find map actions to roles, rather than individual permissions.
Also, I am confused as to whether or not I would have to implementmy
own LoginModule if I need to authenticate against a database, in
my
case, probably via using Weblogic entity beans. Sun tutorial states
that developers do not need to implement a LoginModule, but I donot
understand how I can do all that without it. I am using Weblogic7.0
and Struts.
Any help will be greatly appreciated.
Natasha -
Permission-based authorization with JAAS
I need to implement an authorization model in which a user can be authorized to
view a certain page or a part of a page based on their permissions. The trick
is that the role definition is dynamic, and I can’t make a policy file ahead
of time. Instead, I would like to simply retrieve the users permissions and then
allow access (or, say, use a jsp tag to check if a certain part of the page should
be displayed) based of whether the user has the permission required, and have
a configuration file that defines the access policy by mapping actions to permissions.
I am trying to figure out whether I can use JAAS (at the risk of being strangled
by omni-present Michael Lee) and the Subject class for this, because all of the
examples I could find map actions to roles, rather than individual permissions.
Also, I am confused as to whether or not I would have to implement my own LoginModule
if I need to authenticate against a database, in my case, probably via using Weblogic
entity beans. Sun tutorial states that developers do not need to implement a
LoginModule, but I do not understand how I can do all that without it. I am using
Weblogic 7.0 and Struts.
Any help will be greatly appreciated.
NatashaI need to implement an authorization model in which a user can be authorized to
view a certain page or a part of a page based on their permissions. The trick
is that the role definition is dynamic, and I can’t make a policy file ahead
of time. Instead, I would like to simply retrieve the users permissions and then
allow access (or, say, use a jsp tag to check if a certain part of the page should
be displayed) based of whether the user has the permission required, and have
a configuration file that defines the access policy by mapping actions to permissions.
I am trying to figure out whether I can use JAAS (at the risk of being strangled
by omni-present Michael Lee) and the Subject class for this, because all of the
examples I could find map actions to roles, rather than individual permissions.
Also, I am confused as to whether or not I would have to implement my own LoginModule
if I need to authenticate against a database, in my case, probably via using Weblogic
entity beans. Sun tutorial states that developers do not need to implement a
LoginModule, but I do not understand how I can do all that without it. I am using
Weblogic 7.0 and Struts.
Any help will be greatly appreciated.
Natasha -
BlazeDS role based authorization
Hi,
I'm half the way in developing a POC for using flex as the front end of our application and I'm having some security issues.
I'm using JBoss with JAAS and I figured that using BlazeDS just uses JAAS login module to perform authentication.
* Will it use JAAS for authorization too? Will EJB method level permission will still apply?
* How can I use the Subject/Principals/Policies in the client side flex application to inflect some UI restrictions on unauthorized operations?
Thanks,
EyalHey Jiby,
I already posted this question to the forum http://swforum.sun.com/jive/thread.jspa?threadID=44893&tstart=15 prior to opening this ticket with Sun
Regards
Matthew Key -
How to setting oracle.jps.authorization.provider through EM
Hi,
I have installed Oracle SOA 11.1.1.5. How can I set the logging level of oracle.jps.authorization.provider in EM Console. I don't see this under EM Console -> Log configuration.
ThanksHi swati,
1. for this u will also require help of basis team.
2. these are the steps.
a) make an entry in DBCON
b) make connection string
(on the physical application server,
so that it can connect to secondary database)
(this will be done by basis team,
in which, they will specify the
IP address of the secondary database server,
the DATABASE ID, and the port number)
c) then using open sql / native sql,
we can use the secondary database connection,
just like normal.
d) if we use open sql,
then there must be Y/Z table on
sap as well as secondary database,
and the field names , their type all should be identical.
regards,
amit m. -
How to set role to a resource (portal, portlet..)
Hi everybody,
I have a resource's name and I want to set an role entitlement to a resource (portal, portlet, book...) but I don't know how to do this by programming.
Please help me. ThanksI can get all the roles entitled to a resource by programming as follows:
String delimiter = EntitlementConstants.RESOURCE_ID_DELIMITER;
String resourceID = "com_bea_p13n"+ delimiter +
"Portlet"+ delimiter
+"showProfile";
String[] roles = RolePolicyManager.listRolesForResource(ApplicationHelper.getNonVersionedAppName(), ApplicationHelper.getWebAppName(getRequest()), resourceID);
This code will return all the roles entitled to the portlet 'showProfile'.
So I think, it is possible to set a role to a resource by programming, but I don't know how to do this.
Anyone have an answer?
Edited by: user11732508 on Jul 27, 2009 12:11 AM -
How to check Role based on the User ID
Hi All,
Based on the User ID how to check the role of the particular person[ex Employee / Manager etc].In HR module in which table the details are present.
Thanks.
Regards
TinaHi Tina,
Use FM: <b>HR_GETEMPLOYEEDATA_FROMUSER</b>
This will give you all info related to User ID.
In parameter EMPLOYEESUBGROUP , you will get position of this employee.
Hope this helps.
Regds,
Akshay Bhawgat
Note: Some points would be nice if it helps.
Message was edited by: Akshay Bhagwat -
How to do Role and Authorization check in report program
Hi Friends,
Please provide me your guidance on how to add or give coding to check role authorisation of a particular field, input from selection screen.
My requirement is,
If the Fund center filed in my select option parameter has been filled, then I have to check the role authoriszation(which was created already) in the At selection-screen event to check and give access to the user to run the process further.
Say my Fund center is "SH'
and my Role authorisation to be settled to all users 'ZMM_BXI'.
How to implement in report program, Please advise.
Thanks & Regards
Babu.Sorry SDN,
Posted in a wrong Forum page.
Please excuse.
Maybe you are looking for
-
Strange problem in applet application
Hello Everybody, I hava an applet whit an image. This image has to changed by color, and text has to be added to the image. The text color is also changable. Here is where it goes wrong. When I change the background color of the applet, the transpara
-
Alert rules not displaying correctly in the RWB after transporting to QA
Hi Experts, After transporting the alert rules from DEV to QA, the rules are not correctly displayed in the RWB in QA e.g. a star (*) is displayed in all the fields instead of the filter values which I have entered such as the "Sender Party"; "Sender
-
Different ways to call a servlet
Hi, I have created a servlet which generates a PDF report. The servlet is called through a html standard link. All this work well but I would like to avoid calling the servlet through the url because it risks to change. There is means to call a servl
-
I am unable to access mail folders on my mac from my iPad: is this s settings issue?
I keep a selected number of incoming e-mails in subject specific folders on my Mac for future reference. I am able to access all incoming e-mails on both my Mac and my iPad but these mail folders only on my Mac. If this is a settings issue, can anyon
-
How do I update out of date package which is not mine?
I want to update this package: http://aur.archlinux.org/packages/pdfedit Do I need to keep the previous contributer? Do I need to replace him by me? Do I not need to touch this at all since I do only a little changes? And what if it become big change