How to setup RDBMS Realm.

Similar Messages

• How to Configure RDBMS Realm on WL6.0

  We are trying to replace the default File Realm on WL6.0 with RDBMS Realm. We
  have put the userId/password pairs in fnxuser table of the database, also we put
  "reserve" permission for weblogic. jdbc.connectionPool.fnxconnection in the acl2entries
  table (but for whatever reason, the fnxconnection setup won't show up when we
  bring up acl config page in the console, just those defaults show up such as weblogic.jdbc.connectionPool,
  weblogic.jdbc.connectionPool.oraPool, weblogic.jdbc.connectionPool.testPool).
  When we log in using one of the valid userid/password in the fnxuser table on
  the jsp page, we got the following error message:
  LoginBean::loginAttempt() - get DB name : dev711
  LoginBean::checkAccountStatus: Naming error:javax.naming.AuthenticationException
  [Root exception is java.lang.SecurityException:Authentication for user bobdev
  denied in realm weblogic]
  We have a Java Bean Login Bean to get the JNDI context, the code is as follows:
  Context ctx = FnxJndi.getJndiInitialContext(null);
  if (sDatabase != null)
  sDbname = sDatabase;
  else
  sDbname = (String) ctx.lookup(FnxJndi.getDefaultDbJndiKey());
                                System.out.println("LoginBean::loginAttempt() - get DB name : "+sDbname);
  FnxJndi.deepBind(ctx, FnxJndi.constructUserDbnameJndiKey(sUsername), sDbname);
  The following is part of our config.xml. Is there something we did wrong or we
  missed? Any help is highly appreciated.
  Thanks in advance.
  Ting
  <Realm CachingRealm="CachingRealm" Name="RdbmsRealm"/>
  <FileRealm Name="wl_default_file_realm"/>
  <CachingRealm ACLCacheSize="1000" BasicRealm="RdbmsRealm"
  CacheCaseSensitive="true" GroupCacheSize="20"
  Name="CachingRealm" PermissionCacheSize="100" UserCacheSize="1000"/>
  <JDBCConnectionPool CapacityIncrement="10"
  DriverName="com.sybase.jdbc.SybDriver" InitialCapacity="40"
  MaxCapacity="500" Name="fnxconnection"
  Properties="user=d711dbo;password=fnxltd;server=SYB_AXE"
  RefreshMinutes="0" Targets="tingserver" URL="jdbc:sybase:Tds:axe:5000"/>
  <JDBCDataSource JNDIName="fnxdatasource" Name="fnxjdbcdatasource"
  PoolName="fnxconnection" Targets="tingserver"/>
  <RDBMSRealm DatabaseDriver="com.sybase.jdbc.SybDriver"
  DatabasePassword="fnxltd" DatabaseURL="jdbc:sybase:Tds:axe:5000"
  DatabaseUserName="d711dbo" Name="RdbmsRealm"
  RealmClassName="com.fnx.util.security.rdbmsrealm.RDBMSRealm" SchemaProperties="getGroupMembers=SELECT
  GM_GROUP, GM_MEMBER from group2members WHERE GM_GROUP = ?;addGroupMember=INSERT
  INTO group2members values (?, ?) WHERE GM_GROUP = ?;getUser=SELECT rtrim(user_ID),
  rtrim(user_ID) FROM fnxuser WHERE user_ID = ?;getPermission=SELECT DISTINCT A_PERMISSION
  FROM acl2entries WHERE A_PERMISSION=?;getAcls=SELECT A_NAME, A_PRINCIPAL, A_PERMISSION
  FROM acl2entries ORDER BY A_NAME, A_PRINCIPAL;getUsers=SELECT rtrim(user_ID),
  rtrim(user_ID) FROM fnxuser;getGroups=SELECT GM_GROUP, GM_MEMBER FROM group2members;getPermissions=SELECT
  DISTINCT A_PERMISSION FROM acl2entries;getAclEntries=SELECT A_NAME, A_PRINCIPAL,
  A_PERMISSION FROM acl2entries WHERE A_NAME = ? ORDER BY A_PRINCIPAL;newUser=insert
  into fnxuser values (?, ?);removeGroupMember=DELETE group2members WHERE GM_GROUP
  = ? and GM_MEMBER = ?"/>
  <PasswordPolicy Name="wl_default_password_policy"/>

  Please look into the previous posting of yours.
  -utpal
  "Amit" <[email protected]> wrote in message
  news:[email protected]..
  >
  Hi,
  I want to store user id, password, roles in the DB tables and providewebbased
  forms to create/modify user.
  How do I implement security relam for users stored in the DB table?
  Thanks and Regards,
  Amit

• How to use RDBMS Realm in Weblogic Commerce Server?

  Hi All,
  Same as the subject.
  Thx
  Ray

  You should read the security information in the Servlet 2.2 specification
  that WL 5.1 implements:
  http://java.sun.com/products/servlet/download.html
  Chapter 11 deals with declarative and programmatic security, and includes a
  section on roles:
  11.4 Roles
  A role is an abstract logical grouping of users that is defined by the
  Application Developer or
  Assembler. When the application is deployed, these roles are mapped by a
  Deployer to security
  identities, such as principals or groups, in the runtime environment.
  A servlet container enforces declarative or programmatic security for the
  principal associated with
  an incoming request based on the security attributes of that calling
  principal. For example,
  1. When a deployer has mapped a security role to a user group in the
  operational environment. The
  user group to which the calling principal belongs is retrieved from its
  security attributes. If the
  principal's user group matches the user group in the operational environment
  that the security
  role has been mapped to, the principal is in the security role.
  2. When a deployer has mapped a security role to a principal name in a
  security policy domain, the
  principal name of the calling principal is retrieved from its security
  attributes. If the principal is
  the same as the principal to which the security role was mapped, the calling
  principal is in the
  security role.
  Cameron Purdy
  http://www.tangosol.com
  "Hari" <[email protected]> wrote in message
  news:[email protected]..
  Hello Gurus,
  I am new to Weblogic server and I am trying to investigate how to make
  use of security roles in weblogic server (5.1.0). Can anyone point me
  to some documentation. Specifically, I am looking for instance level,
  and method level security and how to use it.
  Thanks for taking your time to read this e-mail.
  Thank You all in advance,
  Hari.

• How to implement RDBMS realm functionality in WLS 7.0

  Hi,
  I want to store user id, password, roles in the DB tables and provide webbased
  forms to create/modify user.
  How do I implement security relam for users stored in the DB table?
  Thanks and Regards,
  Amit

  Please look into the previous posting of yours.
  -utpal
  "Amit" <[email protected]> wrote in message
  news:[email protected]..
  >
  Hi,
  I want to store user id, password, roles in the DB tables and providewebbased
  forms to create/modify user.
  How do I implement security relam for users stored in the DB table?
  Thanks and Regards,
  Amit

• Groups within groups in RDBMS Realm

  I can see how the supplied RDBMS Realm schema supports groups that contain
  groups: you simply store a group name as the gm_member field in the
  groupmembers table.
  Does weblogic or the RDBMS Realm implementation in particular provide any
  special support for the concept of nested groups? What I mean is, I want to
  make a call like isUserInGroup(String userName, String groupName) and get
  back true if the user is either in the specified group or is in some group
  that is nested inside of the specified group.
  I can write my own little routine to recursively expand the groupmembers and
  determine if the user is contained in the specified group, but I wonder if
  that is reinventing the wheel.
  Thanks!

  Thanks for the helpful response, Terry! That was exactly the info I needed.
  John
  Terry <[email protected]> wrote in message
  news:[email protected]..
  RDBMSGroup's isMember method is inherited from the FlatGroup class, theAPI
  of which is athttp://www.weblogic.com/docs51/classdocs/javadocs/index.html.
  I quote
  isMember
  public boolean isMember(java.security.Principal member)
  Returns true if the passed principal is a member of the group. This method
  does a recursive search, so if a principal belongs to a group which is a
  member of this group, true is returned.
  So it looks like somebody already thought of that 'wheel' thing you were
  talking about, and you don't have to bother
  terry
  John Lindwall <[email protected]> wrote in message
  news:3a67b151$[email protected]..
  I can see how the supplied RDBMS Realm schema supports groups that
  contain
  groups: you simply store a group name as the gm_member field in the
  groupmembers table.
  Does weblogic or the RDBMS Realm implementation in particular provideany
  special support for the concept of nested groups? What I mean is, Iwant
  to
  make a call like isUserInGroup(String userName, String groupName) and
  get
  back true if the user is either in the specified group or is in somegroup
  that is nested inside of the specified group.
  I can write my own little routine to recursively expand the groupmembersand
  determine if the user is contained in the specified group, but I wonder
  if
  that is reinventing the wheel.
  Thanks!

• Oracle 10g to sql server 2005 - how to setup

  Hi,
  I have been searching on how to setup a connection from oracle 10g to sql server 2005 and i have to admit i am struggling a bit.
  I have read about Heterogeneous Services and Database Gateway but we really dont want to fork for licence fees so it looks like i have to investigate HS.
  My environment is:
  10gR2 Linux 32 bit
  SQL Server 2005 32bit.
  Would someone be able to provide me with a list of steps to help me get this setup?
  Thanks.
  B

  Hi,
  If you don't want to pay for any licence fees then you will have to use the 11g Database Gateway for ODBC (DG4ODBC) which is included in your RDBMS license.
  You need to use the 11g versions because all previous gateway versions have been desupported for some time. The latest version is 11.2.0.3 which can be downloaded from My Oracle Support as -
  Patch 10404530: 11.2.0.3.0 PATCH SET FOR ORACLE DATABASE SERVER
  and download -
  p10404530_112030_platform_5of7.zip
  - this is the Gateway media pack and has everything needed for a standalone gateway install.
  This version is certified the following RDBMS versions - 10.1.0.5 + RDBMS patch 5965763, 10.2.0.3 + RDBMS patch 5965763, 10.2.0.4, 10.2.0.5, all 11.1 versions, all 11.2 versions.
  You have 2 choices about where you can install it and it would be better to install the gateway into a new and separate ORACLE_HOME from any existing Oracle installs -
  1. On the Linux 32-bit platform where the RDBMS is running. If you install it here you will need to supply a third party ODBC driver. The only free one I am aware of is from FreeTDS but there may be others. There can be problems with the FreeTDS so another one may be preferable but these usually require a license fee.
  See this note in My Oracle Support -
  How to Configure DG4ODBC on Linux x86 32bit or on HP-UX RISC (DG4ODBC 11.1 only) to Connect to Non-Oracle Databases post install (Doc ID 466228.1)
  2. Install DG4ODBC on the Windows platform where SQL*Server is running. If you install on Windows then you will be able to use the Microsoft SQL*Server ODBC driver which should already be installed. See this note on My Oracle Support -
  How to Setup DG4ODBC (Oracle Database Gateway for ODBC) on Windows 32bit (Doc ID 466225.1)
  If you don't have access to My Oracle Support you will need to contact someone in your organisation to access the notes for you or review the gateway documentation -
  http://www.oracle.com/pls/db112/homepage
  Regards,
  Mike

• Disscuss of using RDBMS Realm

  Hi,
  Now maybe eveyone knows that the RDBMS Realm provided by weblogic 6.0 isn't production
  ready, and miss some functions, for examples, change password, or add group no.
  It is suprised for me that weblogic didn't support these basic functions of RDBMSRealm
  and didn't provide suitable documentation for implementing this RDBMS Realm.
  So I ask for help that if everyone know how to implement one function: changeCredential.
  I know the weblogic.management.configuration.Uer object has this method (User.changeCredential(oldPass,
  newPass)). I know I have to provide one additional database schema for updating
  user password. I know I should add a method in the RDBMSDelegate and RDBMSRealm
  classes. But I don't the suitable method signature, and couldn't find internal
  method call when the user click the "change" button changing password in the Console.
  Thank you very much for any idea or help. Also I'd like to deeply discuss other
  security issues.
  Is any project use the RDBMS realm?
  By the way, if anyone try to directly update the database tables as a means to
  implement this issues. I have tried this approach, and it seems work fine except
  for some catching delay. Can anyone tell me if this is an effective method?
  Thx

  This RDBMS Realm issue is really bother me too. I was wondering if anyone use the
  RDBMS Realm for production. it is difficult to find what the architecture the
  RealmMBean object and RealmManager is. Any idea let me know. Good luck.
  "andy Zhong" <[email protected]> wrote:
  >
  Hi,
  Now maybe eveyone knows that the RDBMS Realm provided by weblogic 6.0
  isn't production
  ready, and miss some functions, for examples, change password, or add
  group no.
  It is suprised for me that weblogic didn't support these basic functions
  of RDBMSRealm
  and didn't provide suitable documentation for implementing this RDBMS
  Realm.
  So I ask for help that if everyone know how to implement one function:
  changeCredential.
  I know the weblogic.management.configuration.Uer object has this method
  (User.changeCredential(oldPass,
  newPass)). I know I have to provide one additional database schema for
  updating
  user password. I know I should add a method in the RDBMSDelegate and
  RDBMSRealm
  classes. But I don't the suitable method signature, and couldn't find
  internal
  method call when the user click the "change" button changing password
  in the Console.
  Thank you very much for any idea or help. Also I'd like to deeply discuss
  other
  security issues.
  Is any project use the RDBMS realm?
  By the way, if anyone try to directly update the database tables as a
  means to
  implement this issues. I have tried this approach, and it seems work
  fine except
  for some catching delay. Can anyone tell me if this is an effective method?
  Thx

• NewbieQuestion: How to setup OCCI for Visual C++ 6

  I'm new to OCCI and Visual C++, Please help to illustrate how to setup OCCI environment for Visual C++ 6
  Thanks in advance

  Check make.bat under %ORACLE_HOME%\rdbms\demo on how to compile OCCI programs in Windows. OCCI samples can be found in %ORACLE_HOME\rdbms\demo and in :-
  http://www.oracle.com/technology/sample_code/tech/occi/index.html
  Regards,
  Shankar

• RDBMS Realm - Locking users

  I am using the Rdbms Realm to control the access to my servlets.
  Does anyone know how can I lock a user when he reach the maximum numbers of
  retries ?
  Thanks in advance
  Alejandro

  a> Does anyone know how can I lock a user when he reach the maximum
  a> numbers of retries ?
  You'll need to customise the RDBMS realm so that it keeps track of
  this information for you.
       <b

• Example of RDBMS Realm

  Hi,
  I have just started out with EJB & weblogic security. I want to make a RDBMS realm in weblogic that connects to oracle dBase. Since I am new to security, I was wondering if anyone out there knew what fields would be added to a table that manages user?. Also how does a table manage ACLs? And last but not least, I noticed that when I was creating a RDBMS realm in weblogic console there is a tab that mentions that I have to write schema properties...what is this and what do I place in it. I have read all of the weblogic docs and there is nothing that addresses theses questions. I would really appreciate any help I can get.
  Thank you,
  Jay.
  P.S I am using weblogic 6.0 with sp1

  Is this a continuation of http://forum.java.sun.com/thread.jsp?forum=60&thread=159878
  It sure looks like it.
  Have you read this weblogic doc http://e-docs.bea.com/wls/docs61/adminguide/cnfgsec.html#1052867

• Refreshing the RDBMS Realm

  I am using the RDBMS Realm that comes with Weblogic 6.0.
  We have created ejbs to create and insert our users and group members into
  the
  tables that the RDBMS Realm reads from .
  The problem is occasiounly the caching realm gets out of date. When a user
  tries
  to access a secured resource the attempts fails. After a few more attempts
  the
  cache will refresh itself and the access works fine.
  When I make changes to my user data how can I programmatically tell the
  caching
  realm to refresh itself. (The refresh through the console will not help me
  here).
  ...Or should I re-think the way I am creating and updating user data, i.e.
  should I
  only be doing this through the Realm class?
  Thanks

  s> 1. I get an Nullpointer exception on the flatgroups.java on some of the
  s> api's.
  s> like getAcls() ..etc.
  More details would be useful. Stack backtraces with line numbers.
  s> 4. Can i use weblogic.security.acl api's along with the RDBMS example.
  s> Logically speaking i could ... but why exceptions are raised.
  Insufficient information to be able to tell.
       <b
  Let us pray:
  What a Great System.
  Please Do Not Crash.
  ^G^IP@P6

• WL51: Custom RDBMS realm interctions with CachingRealm

  I think I partially understand the interactions between a CachingRealm and a
  custom RDBMS realm (extending from ManageableRealm->AbstractListableRealm).
  One thing that confuses me is how to deal with FlatGroups that contain other
  groups.
  Suppose I use the first constructor of FlatGroup which defers the loading of
  members until a method is invoked. When my root group, "everyone" (of which
  all other groups ultimately belong to), is called to test membership of a
  user, each level in the group tree will be successively loaded since the
  members weren't pre-loaded. This sounds like it could be terribly slow,
  depending on the depth and width of the group tree.
  One optimization being considered is to pre-load each group with its
  immediate members. As each child group is added to its parent, it would
  recursively be adding its children. Thus, "everyone" would have a full tree
  of groups inside of it. However, havign been ecplitily loaded by the custom
  realm, they weren't pulled through the cache. The entire tree is present,
  but not accessible except through the "everyone" group.
  Is there a way to load these groups into the cache pro-actively so that the
  loading of a group and its children can be optimized (perhaps even using a
  connect by, if not using at least a single database call)?
  Regards,
  Brian.

  Hi.
  Try posting this in the security newsgroup.
  Regards,
  Michael
  "Brian J. Sayatovic" wrote:
  I think I partially understand the interactions between a CachingRealm and a
  custom RDBMS realm (extending from ManageableRealm->AbstractListableRealm).
  One thing that confuses me is how to deal with FlatGroups that contain other
  groups.
  Suppose I use the first constructor of FlatGroup which defers the loading of
  members until a method is invoked. When my root group, "everyone" (of which
  all other groups ultimately belong to), is called to test membership of a
  user, each level in the group tree will be successively loaded since the
  members weren't pre-loaded. This sounds like it could be terribly slow,
  depending on the depth and width of the group tree.
  One optimization being considered is to pre-load each group with its
  immediate members. As each child group is added to its parent, it would
  recursively be adding its children. Thus, "everyone" would have a full tree
  of groups inside of it. However, havign been ecplitily loaded by the custom
  realm, they weren't pulled through the cache. The entire tree is present,
  but not accessible except through the "everyone" group.
  Is there a way to load these groups into the cache pro-actively so that the
  loading of a group and its children can be optimized (perhaps even using a
  connect by, if not using at least a single database call)?
  Regards,
  Brian.--
  Michael Young
  Developer Relations Engineer
  BEA Support

• Reagrding the RDBMS Realm

  I am trying to run the RDBMS realm example provided by weblogic. I have
  successfully managed to get it working but with few Exceptions on the api's.
  1. I get an Nullpointer exception on the flatgroups.java on some of the
  api's.
  like getAcls() ..etc.
  2 For most of the apis in the RDBMS Realm .. i do get NullPointer
  exceptions.
  3. Even if i try to execute some of the apis in weblogic.security.acl
  ...like getCurrentUser(), checkPermission() ..etc ... i get Nullpointer
  exceptions.
  4. Can i use weblogic.security.acl api's along with the RDBMS example.
  Logically speaking i could ... but why exceptions are raised.
  5. Please note that .. iahve successfully managed to run of the api's in the
  RDBMS realms such as authPasswords() and getUser () ..etc.But i am unable to
  do so for other cases ... addGroupMember(String..) .. getAcls(), getAcl()
  ..so on.
  Can anyone please help me with an example on how about doing it.
  thanx
  sharad nangia
  [email protected]

  s> 1. I get an Nullpointer exception on the flatgroups.java on some of the
  s> api's.
  s> like getAcls() ..etc.
  More details would be useful. Stack backtraces with line numbers.
  s> 4. Can i use weblogic.security.acl api's along with the RDBMS example.
  s> Logically speaking i could ... but why exceptions are raised.
  Insufficient information to be able to tell.
       <b
  Let us pray:
  What a Great System.
  Please Do Not Crash.
  ^G^IP@P6

• How to setup three SharePoint sites on one server?

  Hello,
  How to setup three SharePoint sites on one server?  I have three sites like:
  http://site1
  http://site2
  http://site3
  And need to have them running up on one server. I recall some changes need to be done to the host file, but not sure.  Can you advise on what to change?
  Thanks,
  Paul
  Paul

  you need to make entries in DNS to get this done.
  check here:http://spshare.blogspot.com/2012/05/how-to-create-host-header-web.html
  nice blog with step by step explanation:
  http://thuansoldier.net/?p=1323
  Please remember to mark your question as answered &Vote helpful,if this solves/helps your problem. ****************************************************************************************** Thanks -WS MCITP(SharePoint 2010, 2013) Blog: http://wscheema.com/blog

• How to setup multiple base station under one network?

  How to setup multiple base station under one network? I have 6 rooms but one airport base station makes really difficult to get good signal from every rooms. I wonder if I can setup multiple airport base stations talking to each other under the same network to build up the signal strength will help solve this problem. But, is it possible? How?

  One route would be to utilize a "roaming" network. In a roaming network, you would connect multiple AirPort Extreme Base Stations (AEBS) to the same Ethernet. Of course, this would require that your home is already wired for Ethernet.