How to setup RDBMS Realm.
Hi
Can some one tell me the basic steps to setup RDBMS Realm for resouces like
pool, Servlets and EJB. I am trying to use the weblogic example code.
Thanks in advance!!!
jtaneja
Please look into the previous posting of yours.
-utpal
"Amit" <[email protected]> wrote in message
news:[email protected]..
>
Hi,
I want to store user id, password, roles in the DB tables and providewebbased
forms to create/modify user.
How do I implement security relam for users stored in the DB table?
Thanks and Regards,
Amit
Similar Messages
-
How to Configure RDBMS Realm on WL6.0
We are trying to replace the default File Realm on WL6.0 with RDBMS Realm. We
have put the userId/password pairs in fnxuser table of the database, also we put
"reserve" permission for weblogic. jdbc.connectionPool.fnxconnection in the acl2entries
table (but for whatever reason, the fnxconnection setup won't show up when we
bring up acl config page in the console, just those defaults show up such as weblogic.jdbc.connectionPool,
weblogic.jdbc.connectionPool.oraPool, weblogic.jdbc.connectionPool.testPool).
When we log in using one of the valid userid/password in the fnxuser table on
the jsp page, we got the following error message:
LoginBean::loginAttempt() - get DB name : dev711
LoginBean::checkAccountStatus: Naming error:javax.naming.AuthenticationException
[Root exception is java.lang.SecurityException:Authentication for user bobdev
denied in realm weblogic]
We have a Java Bean Login Bean to get the JNDI context, the code is as follows:
Context ctx = FnxJndi.getJndiInitialContext(null);
if (sDatabase != null)
sDbname = sDatabase;
else
sDbname = (String) ctx.lookup(FnxJndi.getDefaultDbJndiKey());
System.out.println("LoginBean::loginAttempt() - get DB name : "+sDbname);
FnxJndi.deepBind(ctx, FnxJndi.constructUserDbnameJndiKey(sUsername), sDbname);
The following is part of our config.xml. Is there something we did wrong or we
missed? Any help is highly appreciated.
Thanks in advance.
Ting
<Realm CachingRealm="CachingRealm" Name="RdbmsRealm"/>
<FileRealm Name="wl_default_file_realm"/>
<CachingRealm ACLCacheSize="1000" BasicRealm="RdbmsRealm"
CacheCaseSensitive="true" GroupCacheSize="20"
Name="CachingRealm" PermissionCacheSize="100" UserCacheSize="1000"/>
<JDBCConnectionPool CapacityIncrement="10"
DriverName="com.sybase.jdbc.SybDriver" InitialCapacity="40"
MaxCapacity="500" Name="fnxconnection"
Properties="user=d711dbo;password=fnxltd;server=SYB_AXE"
RefreshMinutes="0" Targets="tingserver" URL="jdbc:sybase:Tds:axe:5000"/>
<JDBCDataSource JNDIName="fnxdatasource" Name="fnxjdbcdatasource"
PoolName="fnxconnection" Targets="tingserver"/>
<RDBMSRealm DatabaseDriver="com.sybase.jdbc.SybDriver"
DatabasePassword="fnxltd" DatabaseURL="jdbc:sybase:Tds:axe:5000"
DatabaseUserName="d711dbo" Name="RdbmsRealm"
RealmClassName="com.fnx.util.security.rdbmsrealm.RDBMSRealm" SchemaProperties="getGroupMembers=SELECT
GM_GROUP, GM_MEMBER from group2members WHERE GM_GROUP = ?;addGroupMember=INSERT
INTO group2members values (?, ?) WHERE GM_GROUP = ?;getUser=SELECT rtrim(user_ID),
rtrim(user_ID) FROM fnxuser WHERE user_ID = ?;getPermission=SELECT DISTINCT A_PERMISSION
FROM acl2entries WHERE A_PERMISSION=?;getAcls=SELECT A_NAME, A_PRINCIPAL, A_PERMISSION
FROM acl2entries ORDER BY A_NAME, A_PRINCIPAL;getUsers=SELECT rtrim(user_ID),
rtrim(user_ID) FROM fnxuser;getGroups=SELECT GM_GROUP, GM_MEMBER FROM group2members;getPermissions=SELECT
DISTINCT A_PERMISSION FROM acl2entries;getAclEntries=SELECT A_NAME, A_PRINCIPAL,
A_PERMISSION FROM acl2entries WHERE A_NAME = ? ORDER BY A_PRINCIPAL;newUser=insert
into fnxuser values (?, ?);removeGroupMember=DELETE group2members WHERE GM_GROUP
= ? and GM_MEMBER = ?"/>
<PasswordPolicy Name="wl_default_password_policy"/>Please look into the previous posting of yours.
-utpal
"Amit" <[email protected]> wrote in message
news:[email protected]..
>
Hi,
I want to store user id, password, roles in the DB tables and providewebbased
forms to create/modify user.
How do I implement security relam for users stored in the DB table?
Thanks and Regards,
Amit -
How to use RDBMS Realm in Weblogic Commerce Server?
Hi All,
Same as the subject.
Thx
RayYou should read the security information in the Servlet 2.2 specification
that WL 5.1 implements:
http://java.sun.com/products/servlet/download.html
Chapter 11 deals with declarative and programmatic security, and includes a
section on roles:
11.4 Roles
A role is an abstract logical grouping of users that is defined by the
Application Developer or
Assembler. When the application is deployed, these roles are mapped by a
Deployer to security
identities, such as principals or groups, in the runtime environment.
A servlet container enforces declarative or programmatic security for the
principal associated with
an incoming request based on the security attributes of that calling
principal. For example,
1. When a deployer has mapped a security role to a user group in the
operational environment. The
user group to which the calling principal belongs is retrieved from its
security attributes. If the
principal's user group matches the user group in the operational environment
that the security
role has been mapped to, the principal is in the security role.
2. When a deployer has mapped a security role to a principal name in a
security policy domain, the
principal name of the calling principal is retrieved from its security
attributes. If the principal is
the same as the principal to which the security role was mapped, the calling
principal is in the
security role.
Cameron Purdy
http://www.tangosol.com
"Hari" <[email protected]> wrote in message
news:[email protected]..
Hello Gurus,
I am new to Weblogic server and I am trying to investigate how to make
use of security roles in weblogic server (5.1.0). Can anyone point me
to some documentation. Specifically, I am looking for instance level,
and method level security and how to use it.
Thanks for taking your time to read this e-mail.
Thank You all in advance,
Hari. -
How to implement RDBMS realm functionality in WLS 7.0
Hi,
I want to store user id, password, roles in the DB tables and provide webbased
forms to create/modify user.
How do I implement security relam for users stored in the DB table?
Thanks and Regards,
AmitPlease look into the previous posting of yours.
-utpal
"Amit" <[email protected]> wrote in message
news:[email protected]..
>
Hi,
I want to store user id, password, roles in the DB tables and providewebbased
forms to create/modify user.
How do I implement security relam for users stored in the DB table?
Thanks and Regards,
Amit -
Groups within groups in RDBMS Realm
I can see how the supplied RDBMS Realm schema supports groups that contain
groups: you simply store a group name as the gm_member field in the
groupmembers table.
Does weblogic or the RDBMS Realm implementation in particular provide any
special support for the concept of nested groups? What I mean is, I want to
make a call like isUserInGroup(String userName, String groupName) and get
back true if the user is either in the specified group or is in some group
that is nested inside of the specified group.
I can write my own little routine to recursively expand the groupmembers and
determine if the user is contained in the specified group, but I wonder if
that is reinventing the wheel.
Thanks!Thanks for the helpful response, Terry! That was exactly the info I needed.
John
Terry <[email protected]> wrote in message
news:[email protected]..
RDBMSGroup's isMember method is inherited from the FlatGroup class, theAPI
of which is athttp://www.weblogic.com/docs51/classdocs/javadocs/index.html.
I quote
isMember
public boolean isMember(java.security.Principal member)
Returns true if the passed principal is a member of the group. This method
does a recursive search, so if a principal belongs to a group which is a
member of this group, true is returned.
So it looks like somebody already thought of that 'wheel' thing you were
talking about, and you don't have to bother
terry
John Lindwall <[email protected]> wrote in message
news:3a67b151$[email protected]..
I can see how the supplied RDBMS Realm schema supports groups that
contain
groups: you simply store a group name as the gm_member field in the
groupmembers table.
Does weblogic or the RDBMS Realm implementation in particular provideany
special support for the concept of nested groups? What I mean is, Iwant
to
make a call like isUserInGroup(String userName, String groupName) and
get
back true if the user is either in the specified group or is in somegroup
that is nested inside of the specified group.
I can write my own little routine to recursively expand the groupmembersand
determine if the user is contained in the specified group, but I wonder
if
that is reinventing the wheel.
Thanks! -
Oracle 10g to sql server 2005 - how to setup
Hi,
I have been searching on how to setup a connection from oracle 10g to sql server 2005 and i have to admit i am struggling a bit.
I have read about Heterogeneous Services and Database Gateway but we really dont want to fork for licence fees so it looks like i have to investigate HS.
My environment is:
10gR2 Linux 32 bit
SQL Server 2005 32bit.
Would someone be able to provide me with a list of steps to help me get this setup?
Thanks.
BHi,
If you don't want to pay for any licence fees then you will have to use the 11g Database Gateway for ODBC (DG4ODBC) which is included in your RDBMS license.
You need to use the 11g versions because all previous gateway versions have been desupported for some time. The latest version is 11.2.0.3 which can be downloaded from My Oracle Support as -
Patch 10404530: 11.2.0.3.0 PATCH SET FOR ORACLE DATABASE SERVER
and download -
p10404530_112030_platform_5of7.zip
- this is the Gateway media pack and has everything needed for a standalone gateway install.
This version is certified the following RDBMS versions - 10.1.0.5 + RDBMS patch 5965763, 10.2.0.3 + RDBMS patch 5965763, 10.2.0.4, 10.2.0.5, all 11.1 versions, all 11.2 versions.
You have 2 choices about where you can install it and it would be better to install the gateway into a new and separate ORACLE_HOME from any existing Oracle installs -
1. On the Linux 32-bit platform where the RDBMS is running. If you install it here you will need to supply a third party ODBC driver. The only free one I am aware of is from FreeTDS but there may be others. There can be problems with the FreeTDS so another one may be preferable but these usually require a license fee.
See this note in My Oracle Support -
How to Configure DG4ODBC on Linux x86 32bit or on HP-UX RISC (DG4ODBC 11.1 only) to Connect to Non-Oracle Databases post install (Doc ID 466228.1)
2. Install DG4ODBC on the Windows platform where SQL*Server is running. If you install on Windows then you will be able to use the Microsoft SQL*Server ODBC driver which should already be installed. See this note on My Oracle Support -
How to Setup DG4ODBC (Oracle Database Gateway for ODBC) on Windows 32bit (Doc ID 466225.1)
If you don't have access to My Oracle Support you will need to contact someone in your organisation to access the notes for you or review the gateway documentation -
http://www.oracle.com/pls/db112/homepage
Regards,
Mike -
Hi,
Now maybe eveyone knows that the RDBMS Realm provided by weblogic 6.0 isn't production
ready, and miss some functions, for examples, change password, or add group no.
It is suprised for me that weblogic didn't support these basic functions of RDBMSRealm
and didn't provide suitable documentation for implementing this RDBMS Realm.
So I ask for help that if everyone know how to implement one function: changeCredential.
I know the weblogic.management.configuration.Uer object has this method (User.changeCredential(oldPass,
newPass)). I know I have to provide one additional database schema for updating
user password. I know I should add a method in the RDBMSDelegate and RDBMSRealm
classes. But I don't the suitable method signature, and couldn't find internal
method call when the user click the "change" button changing password in the Console.
Thank you very much for any idea or help. Also I'd like to deeply discuss other
security issues.
Is any project use the RDBMS realm?
By the way, if anyone try to directly update the database tables as a means to
implement this issues. I have tried this approach, and it seems work fine except
for some catching delay. Can anyone tell me if this is an effective method?
ThxThis RDBMS Realm issue is really bother me too. I was wondering if anyone use the
RDBMS Realm for production. it is difficult to find what the architecture the
RealmMBean object and RealmManager is. Any idea let me know. Good luck.
"andy Zhong" <[email protected]> wrote:
>
Hi,
Now maybe eveyone knows that the RDBMS Realm provided by weblogic 6.0
isn't production
ready, and miss some functions, for examples, change password, or add
group no.
It is suprised for me that weblogic didn't support these basic functions
of RDBMSRealm
and didn't provide suitable documentation for implementing this RDBMS
Realm.
So I ask for help that if everyone know how to implement one function:
changeCredential.
I know the weblogic.management.configuration.Uer object has this method
(User.changeCredential(oldPass,
newPass)). I know I have to provide one additional database schema for
updating
user password. I know I should add a method in the RDBMSDelegate and
RDBMSRealm
classes. But I don't the suitable method signature, and couldn't find
internal
method call when the user click the "change" button changing password
in the Console.
Thank you very much for any idea or help. Also I'd like to deeply discuss
other
security issues.
Is any project use the RDBMS realm?
By the way, if anyone try to directly update the database tables as a
means to
implement this issues. I have tried this approach, and it seems work
fine except
for some catching delay. Can anyone tell me if this is an effective method?
Thx -
NewbieQuestion: How to setup OCCI for Visual C++ 6
I'm new to OCCI and Visual C++, Please help to illustrate how to setup OCCI environment for Visual C++ 6
Thanks in advanceCheck make.bat under %ORACLE_HOME%\rdbms\demo on how to compile OCCI programs in Windows. OCCI samples can be found in %ORACLE_HOME\rdbms\demo and in :-
http://www.oracle.com/technology/sample_code/tech/occi/index.html
Regards,
Shankar -
I am using the Rdbms Realm to control the access to my servlets.
Does anyone know how can I lock a user when he reach the maximum numbers of
retries ?
Thanks in advance
Alejandroa> Does anyone know how can I lock a user when he reach the maximum
a> numbers of retries ?
You'll need to customise the RDBMS realm so that it keeps track of
this information for you.
<b -
Hi,
I have just started out with EJB & weblogic security. I want to make a RDBMS realm in weblogic that connects to oracle dBase. Since I am new to security, I was wondering if anyone out there knew what fields would be added to a table that manages user?. Also how does a table manage ACLs? And last but not least, I noticed that when I was creating a RDBMS realm in weblogic console there is a tab that mentions that I have to write schema properties...what is this and what do I place in it. I have read all of the weblogic docs and there is nothing that addresses theses questions. I would really appreciate any help I can get.
Thank you,
Jay.
P.S I am using weblogic 6.0 with sp1Is this a continuation of http://forum.java.sun.com/thread.jsp?forum=60&thread=159878
It sure looks like it.
Have you read this weblogic doc http://e-docs.bea.com/wls/docs61/adminguide/cnfgsec.html#1052867 -
I am using the RDBMS Realm that comes with Weblogic 6.0.
We have created ejbs to create and insert our users and group members into
the
tables that the RDBMS Realm reads from .
The problem is occasiounly the caching realm gets out of date. When a user
tries
to access a secured resource the attempts fails. After a few more attempts
the
cache will refresh itself and the access works fine.
When I make changes to my user data how can I programmatically tell the
caching
realm to refresh itself. (The refresh through the console will not help me
here).
...Or should I re-think the way I am creating and updating user data, i.e.
should I
only be doing this through the Realm class?
Thankss> 1. I get an Nullpointer exception on the flatgroups.java on some of the
s> api's.
s> like getAcls() ..etc.
More details would be useful. Stack backtraces with line numbers.
s> 4. Can i use weblogic.security.acl api's along with the RDBMS example.
s> Logically speaking i could ... but why exceptions are raised.
Insufficient information to be able to tell.
<b
Let us pray:
What a Great System.
Please Do Not Crash.
^G^IP@P6 -
WL51: Custom RDBMS realm interctions with CachingRealm
I think I partially understand the interactions between a CachingRealm and a
custom RDBMS realm (extending from ManageableRealm->AbstractListableRealm).
One thing that confuses me is how to deal with FlatGroups that contain other
groups.
Suppose I use the first constructor of FlatGroup which defers the loading of
members until a method is invoked. When my root group, "everyone" (of which
all other groups ultimately belong to), is called to test membership of a
user, each level in the group tree will be successively loaded since the
members weren't pre-loaded. This sounds like it could be terribly slow,
depending on the depth and width of the group tree.
One optimization being considered is to pre-load each group with its
immediate members. As each child group is added to its parent, it would
recursively be adding its children. Thus, "everyone" would have a full tree
of groups inside of it. However, havign been ecplitily loaded by the custom
realm, they weren't pulled through the cache. The entire tree is present,
but not accessible except through the "everyone" group.
Is there a way to load these groups into the cache pro-actively so that the
loading of a group and its children can be optimized (perhaps even using a
connect by, if not using at least a single database call)?
Regards,
Brian.Hi.
Try posting this in the security newsgroup.
Regards,
Michael
"Brian J. Sayatovic" wrote:
I think I partially understand the interactions between a CachingRealm and a
custom RDBMS realm (extending from ManageableRealm->AbstractListableRealm).
One thing that confuses me is how to deal with FlatGroups that contain other
groups.
Suppose I use the first constructor of FlatGroup which defers the loading of
members until a method is invoked. When my root group, "everyone" (of which
all other groups ultimately belong to), is called to test membership of a
user, each level in the group tree will be successively loaded since the
members weren't pre-loaded. This sounds like it could be terribly slow,
depending on the depth and width of the group tree.
One optimization being considered is to pre-load each group with its
immediate members. As each child group is added to its parent, it would
recursively be adding its children. Thus, "everyone" would have a full tree
of groups inside of it. However, havign been ecplitily loaded by the custom
realm, they weren't pulled through the cache. The entire tree is present,
but not accessible except through the "everyone" group.
Is there a way to load these groups into the cache pro-actively so that the
loading of a group and its children can be optimized (perhaps even using a
connect by, if not using at least a single database call)?
Regards,
Brian.--
Michael Young
Developer Relations Engineer
BEA Support -
I am trying to run the RDBMS realm example provided by weblogic. I have
successfully managed to get it working but with few Exceptions on the api's.
1. I get an Nullpointer exception on the flatgroups.java on some of the
api's.
like getAcls() ..etc.
2 For most of the apis in the RDBMS Realm .. i do get NullPointer
exceptions.
3. Even if i try to execute some of the apis in weblogic.security.acl
...like getCurrentUser(), checkPermission() ..etc ... i get Nullpointer
exceptions.
4. Can i use weblogic.security.acl api's along with the RDBMS example.
Logically speaking i could ... but why exceptions are raised.
5. Please note that .. iahve successfully managed to run of the api's in the
RDBMS realms such as authPasswords() and getUser () ..etc.But i am unable to
do so for other cases ... addGroupMember(String..) .. getAcls(), getAcl()
..so on.
Can anyone please help me with an example on how about doing it.
thanx
sharad nangia
[email protected]s> 1. I get an Nullpointer exception on the flatgroups.java on some of the
s> api's.
s> like getAcls() ..etc.
More details would be useful. Stack backtraces with line numbers.
s> 4. Can i use weblogic.security.acl api's along with the RDBMS example.
s> Logically speaking i could ... but why exceptions are raised.
Insufficient information to be able to tell.
<b
Let us pray:
What a Great System.
Please Do Not Crash.
^G^IP@P6 -
How to setup three SharePoint sites on one server?
Hello,
How to setup three SharePoint sites on one server? I have three sites like:
http://site1
http://site2
http://site3
And need to have them running up on one server. I recall some changes need to be done to the host file, but not sure. Can you advise on what to change?
Thanks,
Paul
Paulyou need to make entries in DNS to get this done.
check here:http://spshare.blogspot.com/2012/05/how-to-create-host-header-web.html
nice blog with step by step explanation:
http://thuansoldier.net/?p=1323
Please remember to mark your question as answered &Vote helpful,if this solves/helps your problem. ****************************************************************************************** Thanks -WS MCITP(SharePoint 2010, 2013) Blog: http://wscheema.com/blog -
How to setup multiple base station under one network?
How to setup multiple base station under one network? I have 6 rooms but one airport base station makes really difficult to get good signal from every rooms. I wonder if I can setup multiple airport base stations talking to each other under the same network to build up the signal strength will help solve this problem. But, is it possible? How?
One route would be to utilize a "roaming" network. In a roaming network, you would connect multiple AirPort Extreme Base Stations (AEBS) to the same Ethernet. Of course, this would require that your home is already wired for Ethernet.
Maybe you are looking for
-
Immediate Transfer Order Creation not occuring for Sales Document Type
Hello gurus, I have a situation where a transfer order is not being created immediately for a specific sales document type. Here is an example document flow of a desired scenario where the system is working: Sales document type: ZOR > Delivery type
-
IPod touch cannot be synced error 13019. What do I do?
I manually manage all songs and info on the ipod touch. Nothing is selected to sync automatically. I have no voice notes, there are no podcasts, only a bunch of songs I'm trying to put on my ipod. When it is plugged in, it shows up under devices in t
-
ITunes 7.4.3 and Windows 2000
My computer (running Windows 2000 SP4) locked up when attempting to run the latest iTunes update. After thay, iTunes was corrupted and would not run. I removed the application via the Control Panel, and downloaded iTunes 7.4.3. The installer gives me
-
Picture names not showing in iphoto+mail
I recently updated to ilife ´08 and can´t figure out how to get the actual data names to show. I don´t sant to see titles,ratings and keywords.. I want to see the actual names of the pictures. Also when I hit the mail button in iphoto the pictures ar
-
Can you increase a 16 GB iPad to a 32 GB one?
Wondering if you can add GB to an already purchased iPad?