Implemeting simple authentication with J2EE
Hi All,
i am converting a .NET web app to Java.
The application is is a very simple one including registration page, login, logout , password recovery , etc..
Registration and login also have a captcha on the page.
The application also needs to create users and roles programmatically.
All info should be stored in a DB
I consider all these features to be basic enough that every web app will require them , but when researching J2EE approach to those , I am stumped by the lack of information and simple implementation mechanisms.
After reviewing the docs for JAAS , Glassfish , J2EE , I still have not figured out a simple way to implement an architecture that will provide me with the features and flexibility described above, except for developing everything from scratch.
can someone please recommend to me an approach or a technology (or a set of them), that will fulfill the java promise and allow me to avoid messing about with implementation and focus on the business logic.
Thanks,
Shay
Hi Kaupo,
ill repeat my findings for the benefit of other readers.
1) JAAS forces you to use specific entry points , for example J_Secuirty for form authentication this approach wont work for an Ajax.RIA application.
2) JAAS provides no programmatic control over authentication , and no support for authorization.
3)some app servers complement JAAS by adding their own API's for programmatic control , but that forces you to another learning curve , and their implementations are very basic at best. for example Glassfish cant handle cross component sessions if you use a programmatic login.
4) after writing numerous prototypes i also decided to stear clear from EJB , and stick with POJO, since EJB forces unnecessary complexity for very little benefit.
5) the funniest thing i ran into was all the commotion about Spring , which at its best behaves like ASP.Net 4 years ago.
yes i know that it plugs so many holes in the poor implementations that EJB provides , but i found that library to be overly complex , with benefits for simple web development , not so much for serious enterprise work , and definitely not for RIA/AJAX.
one thing for sure ,Spring marketing is stellar :) , my recommendation would be to avoid the hype.
6) Acegi was swallowed by Spring , and now if you want to use Acegi, you need to learn Spring .
Results:
my research led me to the Jsecuirty framework which i am now customizing for my own needs.
1) its pojo based
2) no need for all the noise that Spring generates .
3) the framework is dedicated to 2 specific aspects authentication and authorization , and doesn't try to solve world hunger on the way(a problem which seems to plagues many open source products, please forgive the sarcasm)
4) friendly dev team , which actually enjoys answering questions .
5) the project is live , and i believe it will stay so for a while.
6) proper documentation
Thanks
Shay
Edited by: shay1680 on Feb 27, 2009 7:11 AM
Similar Messages
-
Simple Authentication with SMP 10.1 and FMS 3.5
Good day all,
I am looking to add simple authentication to the SMP player for use with FMS 3.5. I recently came across a technical paper published by Adobe titled, "Video content protection measures enabled by Adobe Flash Media Interactive Server 3.5". Within this document are three examples of user authentication with code samples. I am starting with the "simple" client verification using a unique token authentication key method first.
I've noticed that SMP doesn't have any FMS security mechanisms built-in at least that I've been able to identify in the documentation or feature specs. Did I miss something? I am looking for assistance in getting started with adding this feature to SMP. So my question is where could I add the client side Actionscript within the SMP structure?
I'd very much like to hear about others' experiences with adding security mechanisms to SMP used with FMS.
Thank you.Andrian - Thank you for the quick reply. I'm gald SMP has support for the playback of protected content. Is there more documentation than this demo on this topic?
I'll explain what I'm doing. I am implementing SMP as the default video player application used in online courses at the Savannah College of Art and Design. Identifying the player and implementing its use in our production workflow is the first step in a strategy to deliver a better video experience and leverage the scalibility and flexibility of SMP. On the back end integration with our FMS I have been asked to implement some user authentication. We don't need to re-auth the students as they have already been authenticated through our LMS. What is desired is each player instance authenticates with our server to prevent stream ripping.
The simple user token authentication key example from the linked document seems to best suit this intial need. -
BASIC authentication with J2EE 1.4
I want to change the hello1 example so only the user "user_one" can access the greeting servlet.
How do I add a user (user_one) to the realm?
How can I control the title for the realm i the dialogbox which pops up?
At this time the dialogbox does popup but I cannot get access and it doesn't have a udefull title.
web.xml:
?xml version='1.0' encoding='UTF-8'?> <web-app ������version="2.4" ������xmlns="http://java.sun.com/xml/ns/j2ee" ������xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" ������xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd" ������> ���<display-name>hello1Display</display-name>
<servlet>
<display-name>ResponseServlet</display-name>
<servlet-name>ResponseServlet</servlet-name>
<servlet-class>ResponseServlet</servlet-class>
</servlet>
<servlet>
<display-name>GreetingServlet</display-name>
<servlet-name>GreetingServlet</servlet-name>
<servlet-class>GreetingServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>ResponseServlet</servlet-name>
<url-pattern>/response</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>GreetingServlet</servlet-name>
<url-pattern>/greeting</url-pattern>
</servlet-mapping>
<security-constraint>
<display-name>SecurityConstraint</display-name>
<web-resource-collection>
<web-resource-name>WRCollection</web-resource-name>
<url-pattern>/greeting</url-pattern>
<http-method>POST</http-method>
<http-method>GET</http-method>
<http-method>PUT</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>smart</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
</login-config>
<security-role>
<role-name>normuser</role-name>
</security-role>
<security-role>
<role-name>smart</role-name>
</security-role>
</web-app>
sun-web.xml:
<?xml�version="1.0"�encoding="UTF-8"?> <!DOCTYPE�sun-web-app�PUBLIC�"-//Sun�Microsystems,�Inc.//DTD�Sun�ONE�Application�Server�8.0�Servlet�2.4//EN"�"http://www.sun.com/software/sunone/appserver/dtds/sun-web-app_2_4-0.dtd"> <sun-web-app>
<context-root>/hello1con</context-root>
<security-role-mapping>
<role-name>smart</role-name>
<principal-name>user_one</principal-name>
<group-name>users</group-name>
</security-role-mapping>
<cache enabled="false" max-entries="4096" timeout-in-seconds="30">
<default-helper/>
</cache>
</sun-web-app>Anyone ever see this? I believed it is tied to the roles in the web.xml file for the application description. How do I pass this authentication? What should the web.xml for the sample application look like?
Thanks,
INFO: SEC5046: Audit: Authentication refused for [j2ee].
FINEST: Web login failed: Login failed: javax.security.auth.login.LoginException
: java.lang.NullPointerException
at java.util.ResourceBundle.getBundleImpl(ResourceBundle.java:679) -
Simple authentication and authorization with a servlet and a filter
Could somebody point me to code example that do simple authentication/authorization using one servlet and one filter? (without Spring, Struts, JSF or any framework)
I’m having a lot of problems with that, apparently, easy task.
These are the rules:
- A simple login page
- Two roles (admin, registered).
- If the user loged is an admin, redirect to his entry page (private/admin/index.jsp).
- If the user loged is of role registered, redirect him to his entry page (private/registered/index.jsp).
- If it’s not a valid user, redirect again to login page.
- Admin’s users cannot go to private/registered/ area.
- Registered users cannot go to private/admin/ area.
- Non authenticated user cannot go to private/ area
Thanks a lot in advance!
Edited by: JLuis on 25-ago-2010 15:27AccessControl.java:
package com.tlsformacion.security;
import java.io.IOException;
import javax.servlet.RequestDispatcher;
import javax.servlet.ServletConfig;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import com.tlsformacion.utils.Log;
public final class AccessControl extends HttpServlet {
private static final long serialVersionUID = 5741058615983779764L;
private static final String USERNAME_ATTR = "username";
private static final String PWD_ATTR = "password";
private static final String LOGIN_PAGE_ATTR = "login_page";
private static final String ROL_ATTR = "role";
private boolean isAuthentic = false;
private String role = null;
private String loginPage = null;
public AccessControl() {
super();
public void init(ServletConfig config) throws ServletException {
loginPage = config.getInitParameter(LOGIN_PAGE_ATTR);
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
debug("Inside doGet");
doAccessControl(request, response);
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
debug("Inside doPost");
doAccessControl(request, response);
private void doAccessControl (HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
debug("Inside doAccessControl");
doAuthentication(request, response);
if (isAuthentic) { //Authentic user
doAuthorization(request, response);
} else { //User NOT authentic
doRejection(request, response);
private void doAuthentication(HttpServletRequest request, HttpServletResponse response) {
debug("Inside doAuthentication");
String requestedURI = request.getRequestURI();
if (requestedURI.contains("/AccessControl")) { //Comes from login page
debug("Comes from login page");
String username = request.getParameter(USERNAME_ATTR);
String pwd = request.getParameter(PWD_ATTR);
role = getRole(username, pwd);
if (role != null) {
isAuthentic = true;
request.getSession().setAttribute(ROL_ATTR, role);
} else { //Doesn't comes from login page
debug("Doesn't comes from login page");
if (isInSession(request)) {
debug("Rol is in session");
isAuthentic = true;
} else {
debug("Rol is NOT in session");
private void doAuthorization(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
debug("Inside doAuthorization");
String requestedURI = request.getRequestURI();
debug("requestedURI: " + requestedURI);
if (requestedURI.contains("/AccessControl")) { //Comes from login page
goHomePage(request, response);
} else if (requestedURI.contains("/private/" + role)) { //Trying to access his private area
goRequestedPage(request, response);
} else { //Trying to access other roles private area
goLoginPage(request, response);
private void doRejection(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
debug("Inside goRejection");
role = null;
goLoginPage(request, response);
private void goHomePage(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
debug("Inside goHomePage");
String homePage = "private/" + role + "/index.jsp";
goPage(request, response, homePage);
private void goLoginPage(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
debug("Inside goLoginPage");
goPage(request, response, loginPage);
private void goRequestedPage(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
debug("Inside goRequestedPage");
String contextPath = request.getContextPath();
debug("contextPath: " + contextPath);
String requestedPage = request.getRequestURI().replace(contextPath + "/", "");
goPage(request, response, requestedPage);
private void goPage(HttpServletRequest request, HttpServletResponse response, String page) throws IOException, ServletException {
debug("Inside goPage ...trying to go to: " + page);
//Option A
response.sendRedirect(page);
//Option B
//RequestDispatcher requestDispatcher = request.getRequestDispatcher(page);
//requestDispatcher.forward(request, response);
private boolean isInSession(HttpServletRequest httpRequest) {
boolean inSession = false;
role = (String)httpRequest.getSession().getAttribute(ROL_ATTR);
if (role != null && !role.equals("")) {
inSession = true;
return inSession;
//PENDIENTE: mock method!
private String getRole(String username, String pwd) {
String role = null;
if (username.equals("admin") && pwd.equals("admin")) {
role = "administrator";
} else if (username.equals("regis") && pwd.equals("regis")) {
role = "registered";
return role;
private void debug(String msg) {
Log.debug(msg);
}Proyect Folder Structure:
WebContent
login.html
private
administrator
index.jsp
registered
index.jspBasically, the problem is that if you try to log as admin/admin (for example) the servlet AccessControl executes infinitely
Edited by: JLuis on 26-ago-2010 8:04 -
Basic Authentication with Web Service
Hello,
I am running S1AS7 on window XP. I have deployed the sample/jaxrpc/simple with basic authentication enabled. I have also changed to Client.java to set the USERNAME and PASSWORD (ie: stub._setProperty(javax.xml.rpc.Stub.USERNAME_PROPERTY, "j2ee");
Once I have deployed the war file and run the client, I got access denied exception.
I have checked the s1as7 log and here is the details:
FINE: Logging in user [j2ee] into realm: file using JAAS module: fileRealm
FINEST: Login module initialized: class com.iplanet.ias.security.auth.login.File
LoginModule
FINEST: File login succeeded for: j2ee
FINEST: JAAS login complete.
FINEST: JAAS authentication committed.
FINE: Password login succeeded for : j2ee
FINE: Set security context as user: j2ee
FINE: Authenticator[jaxrpc-simple]: Authenticated 'j2ee' with type 'BASIC'
FINE: SingleSignOn[server1]: Registering sso id '193F1461E0D9B982E6B4055C0134076
9' for user 'j2ee' with auth type 'BASIC'
FINE: Authenticator[jaxrpc-simple]: Calling accessControl()
FINEST: PRINCIPAL : j2ee hasRole?: staffmember
FINEST: PRINCIPAL TABLE: {}
FINE: Authenticator[jaxrpc-simple]: Failed accessControl() test
Please notice that the authentication worked, but the PRINCIPAL TABLE is null!!!! If I run the basic authentication sample, i can see from the log the PRINCIPAL TABLE is (...staff=[staffmember], j2ee=[staffmember],.....)
so somehow the app server treats the two sample differently with the same user id (j2ee/password)
any comments?
thanks..Hello,
I am running S1AS7 on window XP. I have deployed the
sample/jaxrpc/simple with basic authentication
enabled. I have also changed to Client.java to set
the USERNAME and PASSWORD (ie:
stub._setProperty(javax.xml.rpc.Stub.USERNAME_PROPERTY
"j2ee");
Once I have deployed the war file and run the client,
I got access denied exception.
I have checked the s1as7 log and here is the
details:
FINE: Logging in user [j2ee] into realm: file using
JAAS module: fileRealm
FINEST: Login module initialized: class
com.iplanet.ias.security.auth.login.File
LoginModule
FINEST: File login succeeded for: j2ee
FINEST: JAAS login complete.
FINEST: JAAS authentication committed.
FINE: Password login succeeded for : j2ee
FINE: Set security context as user: j2ee
FINE: Authenticator[jaxrpc-simple]: Authenticated
'j2ee' with type 'BASIC'
FINE: SingleSignOn[server1]: Registering sso id
'193F1461E0D9B982E6B4055C0134076
9' for user 'j2ee' with auth type 'BASIC'
FINE: Authenticator[jaxrpc-simple]: Calling
accessControl()
FINEST: PRINCIPAL : j2ee hasRole?: staffmember
FINEST: PRINCIPAL TABLE: {}
FINE: Authenticator[jaxrpc-simple]: Failed
accessControl() test
Please notice that the authentication worked, but the
PRINCIPAL TABLE is null!!!! If I run the basic
authentication sample, i can see from the log the
PRINCIPAL TABLE is (...staff=[staffmember],
j2ee=[staffmember],.....)
so somehow the app server treats the two sample
differently with the same user id (j2ee/password)
any comments?
thanks..
One more thing, here is my web.xml file:
<web-app>
<display-name>Hello World Application</display-name>
<description>A web application containing a simple JAX-RPC endpoint</description>
<session-config>
<session-timeout>60</session-timeout>
</session-config>
<security-constraint>
<web-resource-collection>
<web-resource-name>basic secuity test</web-resource-name>
<url-pattern>/*</url-pattern>
<http-method>POST</http-method>
<http-method>GET</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>staffmember</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>basic-file</realm-name>
</login-config>
</web-app> -
Object vs Class base authorization concepts with J2EE/JAAS
Hello,
I'm evaluating J2EE and JAAS and I'm wondering how I can implement my business model using these techniques:
As far as I understand JAAS, it's a class based authorization architecture. What I need is an object based architecture, specially when using CMP entity beans.
Is it possible to design an object based access control based on JAAS and (perhaps) CMP entity beans?
More detailed:
Let's look at a simple (web-) application: A database contains only a table with documents, a document consists of an ID (primary key) and some plain text.
I've got two EJB, one for editing documents and one for reading documents.
Now I can easily design my application with J2EE and JAAS:
An "editor" role with access on the edit bean and a "reader" role with access on the reader bean.
The document class could be easily implemented as a CMP entity.
BUT: What happens if I need a restriction on WHAT documents a user/role can edit/read, in other words, if authorization is not controlled by the EJB (code/class based) but by the ID (primary key/object based).
E.g.
User1 should have read access on Doc1, but not on Doc2.
User2 should have read and write access on Doc2, but not on Doc1...
As far as I understand JAAS, it's not possible to solve this problem using JAAS. If this is right, then I have to implement my own authorization system, JAAS could only be used for authentication. In this case, JAAS is just a tier in the security concept, just like different database users with restricted access to different tables and fields.
If I'm right, then it's not possible (or possible but it makes no sense) to use CMP entity beans, because I can't use the "automatic" authorization pattern (I have to call my own access control system before invoking the entity bean, and so my clients loose some of their "leightweight").
Regards,
JensHi,
I have study JAAS with J2EE for the last two months, don't know whether my ideas can help you. I believed JAAS was designed for java programmer who wanted to have security implement in there application but do not want to write the security themself. JAAS provided a robust system so that someone else can come alone to plug in the security module and security would be implemented.
Base on your problems, I think what you should do is to have what know as a security access level implement in your object. When you uses JAAS to verify username & password, you can get user's access level as well maybe from LDAP server attribute, store in your principal. So whenever you want to check whethere you're a editor or author.
You have to identify what is business logic and security logic access level is a business logic, therefore you will have to implement in your application tier. There is no perfect solution, but having these module will save you lots of coding and flexibility.
Cheers,
ps: Please correct me if my view are wrong. -
ASA Remote Access Authentication with LDAP Server
Thank you in advance for your help.
I am configuring an ASA to authenticate with a ldap server for ipsec vpn access. My customer has 3 networks that are to be accessed by remote users. However they want to be able to say that one user can get to 2 of the networks and not the 3rd. So basically they want control over what network behind the firewall each user can access. This seems doable from my reading and I had planned to creating a group for each network that needs accessible and either do attribute maps to each group with a separate group created on the ldap server for authentication. Basically a ldap group on the ldap server that will have the users name in the group in order for access. I can restrict access via acl's or filtering to force my group to only be allowed access to a specific network. Here is the problem I am having now.
The ldap server has been created and seems to be working fine. I have created my AAA groups and servers and I have done the ldap test with a test user vpntest and a password on the ldap server. When I run the authentication test from the ADSM or command line I get a good authentication successful message. So I configured a vpn client remotely and attempted to authenticate to this group and it says there is no user by that name. Below is a paste of the debug. The second part is when I did a successful test from the ASDM or CLI and it worked great. The first part is when I attempted from the vpn client. It all looks the same from the search criteria. What am I missing here or does anyone more knowledgeable see anything that I am doing wrong. Can this be done this way or should I try radius. The customer was just adament about using ldap.
extvpnasa5510#
[243] Session Start
[243] New request Session, context 0xd5713fe0, reqType = 1
[243] Fiber started
[243] Creating LDAP context with uri=ldaps://130.18.22.44:636
[243] Connect to LDAP server: ldaps://130.18.22.44:636, status = Successful
[243] supportedLDAPVersion: value = 2
[243] supportedLDAPVersion: value = 3
[243] No Login DN configured for server 130.18.22.44
[243] Binding as administrator
[243] Performing Simple authentication for to 130.18.22.44
[243] LDAP Search:
Base DN = [ou=employees,o=msues]
Filter = [uid=vpntest]
Scope = [SUBTREE]
[243] User DN = [uid=vpntest,ou=employees,o=msues]
[243] Talking to iPlanet server 130.18.22.44
[243] No results returned for iPlanet global password policy
[243] Fiber exit Tx=386 bytes Rx=414 bytes, status=-1
[243] Session End
extvpnasa5510#
[244] Session Start
[244] New request Session, context 0xd5713fe0, reqType = 1
[244] Fiber started
[244] Creating LDAP context with uri=ldaps://130.18.22.44:636
[244] Connect to LDAP server: ldaps://130.18.22.44:636, status = Successful
[244] supportedLDAPVersion: value = 2
[244] supportedLDAPVersion: value = 3
[244] No Login DN configured for server 130.18.22.44
[244] Binding as administrator
[244] Performing Simple authentication for to 130.18.22.44
[244] LDAP Search:
Base DN = [ou=employees,o=msues]
Filter = [uid=vpntest]
Scope = [SUBTREE]
[244] User DN = [uid=vpntest,ou=employees,o=msues]
[244] Talking to iPlanet server 130.18.22.44
[244] Binding as user
[244] Performing Simple authentication for vpntest to 130.18.22.44
[244] Processing LDAP response for user vpntest
[244] Authentication successful for vpntest to 130.18.22.44
[244] Retrieved User Attributes:
[244] sn: value = test user
[244] givenName: value = vpn
[244] uid: value = vpntest
[244] cn: value = vpn test user
[244] objectClass: value = top
[244] objectClass: value = person
[244] objectClass: value = organizationalPerson
[244] objectClass: value = inetOrgPerson
[244] Fiber exit Tx=284 bytes Rx=414 bytes, status=1
[244] Session EndHi Larry,
You can map AD group memberships to specific group policies on the ASA, you can find that configuration here:
- http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/91831-mappingsvctovpn.html
Let me know if further assistance is required!
Please proceed to rate and mark as correct the helpful Post!
David Castro,
Regards, -
Error in authentication with ldap server with certificate
Hi,
i have a problem in authentication with ldap server with certificate.
here i am using java API to authenticate.
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: timestamp check failed.
I issued the new certificate which is having the up to 5 years valid time.
is java will authenticate up to one year only?
Can any body help on this issue...
Regards
Rangasorry i am gettting ythe same error
javax.naming.CommunicationException: simple bind failed: servername:636 exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: timestamp check failed]
here when i am using the old certificate and changing the system date means i can get the authentication.
can you tell where we can concentrate and solve the issue..
where is the issue
1. need to check with the ldap server only
2. problem in java code only.
thanks in advance -
Policy agent 2.2 amfilter local authentication with session binding failed
Hi All,
I have policy agent 2.2 for weblogic 8.1 sp4 installed on redhat linux. All are working fine in my development box. But I was running all the process under user root, so today I decided to change it to a regular user, joe. I changed all the files' owner for weblogic server and policy agent from root to joe, and restart server as user Joe. After the change, I can not access the application on Weblogic server. I changed file ownership back to root and restart weblogic server as root, still same error.
Here is the error I got:
10.4.4 403 Forbidden
The server understood the request, but is refusing to fulfill it. Authorization will not help and the request SHOULD NOT be repeated. If the request method was not HEAD and the server wishes to make public why the request has not been fulfilled, it SHOULD describe the reason for the refusal in the entity. This status code is commonly used when the server does not wish to reveal exactly why the request has been refused, or when no other response is applicable.
Here is the error I found from agent log file, amFilter:
AmFilter: now processing: SSO Task Handler
05/24/2006 06:27:08:127 PM PDT: Thread[ExecuteThread: '14' for queue: 'weblogic.kernel.Default',5,Thread Group for Queue: 'weblogic.kernel.Default']
SSOTaskHandler: caching SSO Token for user uid=amAdmin,ou=People,dc=etouch,dc=net
05/24/2006 06:27:08:127 PM PDT: Thread[ExecuteThread: '14' for queue: 'weblogic.kernel.Default',5,Thread Group for Queue: 'weblogic.kernel.Default']
AmBaseSSOCache: cached the sso token for user principal : uid=amadmin,ou=people,dc=etouch,dc=net sso token: AQIC5wM2LY4Sfcx4XY/x/M7G1Y3ScVjFj8E3oT0BV45mh0Q=@AAJTSQACMDE=#, cache size = 1
05/24/2006 06:27:08:127 PM PDT: Thread[ExecuteThread: '14' for queue: 'weblogic.kernel.Default',5,Thread Group for Queue: 'weblogic.kernel.Default']
SSOTaskHandler: SSO Validation successful for uid=amAdmin,ou=People,dc=etouch,dc=net
05/24/2006 06:27:08:128 PM PDT: Thread[ExecuteThread: '14' for queue: 'weblogic.kernel.Default',5,Thread Group for Queue: 'weblogic.kernel.Default']
AmFilter: now processing: J2EE Local Logout Task Handler
05/24/2006 06:27:08:128 PM PDT: Thread[ExecuteThread: '14' for queue: 'weblogic.kernel.Default',5,Thread Group for Queue: 'weblogic.kernel.Default']
AmFilter: local logout skipped SSO User => amAdmin, principal =>null
05/24/2006 06:27:08:128 PM PDT: Thread[ExecuteThread: '14' for queue: 'weblogic.kernel.Default',5,Thread Group for Queue: 'weblogic.kernel.Default']
AmFilter: now processing: J2EE Local Auth Task Handler
05/24/2006 06:27:08:128 PM PDT: Thread[ExecuteThread: '14' for queue: 'weblogic.kernel.Default',5,Thread Group for Queue: 'weblogic.kernel.Default']
LocalAuthTaskHandler: No principal found. Initiating local authentication for amAdmin
05/24/2006 06:27:08:128 PM PDT: Thread[ExecuteThread: '14' for queue: 'weblogic.kernel.Default',5,Thread Group for Queue: 'weblogic.kernel.Default']
LocalAuthTaskHandler: doing local authentication with session binding
05/24/2006 06:27:08:129 PM PDT: Thread[ExecuteThread: '14' for queue: 'weblogic.kernel.Default',5,Thread Group for Queue: 'weblogic.kernel.Default']
LocalAuthTaskHandler: Local authentication failed, invalidating session.05/24/2006 06:27:08:129 PM PDT: Thread[ExecuteThread: '14' for queue: 'weblogic.kernel.Default',5,Thread Group for Queue: 'weblogic.kernel.Default']
WARNING: LocalAuthTaskHandler: Local authentication failed for : /portal/index.jsp, SSO Token: AQIC5wM2LY4Sfcx4XY/x/M7G1Y3ScVjFj8E3oT0BV45mh0Q=@AAJTSQACMDE=#
05/24/2006 06:27:08:129 PM PDT: Thread[ExecuteThread: '14' for queue: 'weblogic.kernel.Default',5,Thread Group for Queue: 'weblogic.kernel.Default']
AmFilter: result =>
FilterResult:
Status : FORBIDDEN
RedirectURL : null
RequestHelper:
null
Data:
null
-----------------------------------------------------------Hi,
I'm having the exact same problem in the Prod environment, but on a Sun App Server. In development all is fine, in prod we now have:
ERROR: AmFilter: Error while delegating to inbound handler: J2EE Local Auth Task Handler, access will be denied
java.lang.IllegalStateException: invalidate: Session already invalidated
at org.apache.catalina.session.StandardSession.invalidate(StandardSession.java:1258)
at org.apache.catalina.session.StandardSessionFacade.invalidate(StandardSessionFacade.java:164)
at com.sun.identity.agents.filter.LocalAuthTaskHandler.doLocalAuthWithSessionBinding(LocalAuthTaskHandler.java:289)
at com.sun.identity.agents.filter.LocalAuthTaskHandler.authenticate(LocalAuthTaskHandler.java:159)
at com.sun.identity.agents.filter.LocalAuthTaskHandler.process(LocalAuthTaskHandler.java:106)
at com.sun.identity.agents.filter.AmFilter.processTaskHandlers(AmFilter.java:185)
at com.sun.identity.agents.filter.AmFilter.isAccessAllowed(AmFilter.java:152)
at com.sun.identity.agents.filter.AmAgentBaseFilter.doFilter(AmAgentBaseFilter.java:38)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:210)
at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:55)
at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:161)
at java.security.AccessController.doPrivileged(Native Method)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:157)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:263)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:551)
at org.apache.catalina.core.StandardContextValve.invokeInternal(StandardContextValve.java:225)
FilterResult:
Status : FORBIDDEN
RedirectURL : null
RequestHelper:
null
Data:
null
Also, we I debug I see:
LocalAuthTaskHandler: No principal found. Initiating local authentication for ...
Did you receive any solution for this?
Many, many thanks,
Philip -
Using j_security_check container authentication with JSF
Hi All,
After quite a bit of looking around, we resorted to using a plain login JSP page with a ServletFilter on j_security_check to have container managed authentication in our JSF based web-site using IBM Websphere 5.1
So, basically every other page but the login page is JSF and just the login page is simple JSP with j_username & j_password.
Recently, I started looking in the direction of trying to directly/programmatically invoke j_security_check using URLConnection object. There are various discussions on this on google groups:
1. http://groups-beta.google.com/group/comp.lang.java.programmer/browse_thread/thread/1a2768da559e43ae/243982a33f02ab80?q=URLConnection%20j_security_check&_done=/groups?q=URLConnection%20j_security_check&hl=en&lr=&sa=N&tab=wg&&_doneTitle=Back%20to%20Search&d=&
2. http://groups-beta.google.com/group/weblogic.developer.interest.security/browse_thread/thread/a375370efec24566/b81dc8320bcbc304?q=URLConnection+j_security_check&_done=%2Fgroups%3Fq%3DURLConnection+j_security_check%26hl%3Den%26lr%3D%26sa%3DN%26tab%3Dwg%26&_doneTitle=Back+to+Search&&d#b81dc8320bcbc304
My current code snippet is as follows: public String submit(){
String retVal = "";
String j_username = getUserId().getValue().toString();
String j_password = getPassword().getValue().toString();
ExternalContext externalContext = getFacesContext().getExternalContext();
String jsessionid = ((HttpSession)externalContext.getSession(false)).getId();
// Only if sanity checks and validations on j_username & j_password pass, proceed further.
ApplicationParameter.getLogger().debug("Current jsessionid=" + jsessionid);
ApplicationParameter.getLogger().debug("submitting login details (userId: " + j_username + " & password: " + j_password + ") to /j_security_check ...");
try {
URL jSecurityCheckURL = new URL("http://localhost:9080/raweb/j_security_check;jsessionid=0000" + jsessionid + ":-1&j_username=" + j_username + "&j_password" + j_password);
HttpURLConnection jSecurityCheckURLConnection = (HttpURLConnection)jSecurityCheckURL.openConnection();
jSecurityCheckURLConnection.setRequestMethod("POST");
jSecurityCheckURLConnection.setInstanceFollowRedirects(false);
// jSecurityCheckURLConnection.addRequestProperty("j_username", j_username);
// jSecurityCheckURLConnection.addRequestProperty("j_password", j_password);
// jSecurityCheckURLConnection.setRequestProperty("j_username", j_username);
// jSecurityCheckURLConnection.setRequestProperty("j_password", j_password);
jSecurityCheckURLConnection.connect();
ApplicationParameter.getLogger().debug("j_security_check returned: " + jSecurityCheckURLConnection.getResponseCode() + ": " + jSecurityCheckURLConnection.getResponseCode());
if (null != externalContext) {
String remoteUser = externalContext.getRemoteUser();
ApplicationParameter.getLogger().debug("Authenticated username: " + remoteUser);
HttpServletRequest httpServletRequest = (HttpServletRequest)externalContext.getRequest();
Principal principal = httpServletRequest.getUserPrincipal();
if (null != principal) {
String userName = principal.getName();
ApplicationParameter.getLogger().debug("Authenticated username: " + userName);
} else {
ApplicationParameter.getLogger().debug("Unable to obtain Faces ExternalContext and hence the remote user details.");
} catch (MalformedURLException ex) {
ApplicationParameter.getLogger().error(ex);
retVal = "";
} catch (IOException ex) {
ApplicationParameter.getLogger().error(ex);
retVal = "";
return retVal;
The above code yields the following output:[DEBUG]: (Newlogin.submit:81) - Current jsessionid=H1QMk3TuyW_W8nSPnOtW-xi
[DEBUG]: (Newlogin.submit:82) - submitting login details (userId: skhanna & password: password) to /j_security_check ...
[DEBUG]: (Newlogin.submit:93) - j_security_check returned: 302: 302
[DEBUG]: (Newlogin.submit:97) - Authenticated username: null
Anyone have any idea why j_security_check returns 302 and also the authenticated username seems to be null indicating that the authentication did not go through!
-Sandeep KhannaCan you help me!
I try this for two days....
Tomcat 5.0.27
I get this:
Current jsessionid=00F61ABF316F9A1676A41A1EA05177B2
Submitting login details (userId: admin & password: admin) to /j_security_check!
java.net.ConnectException: Connection refused: connect
I have this code in backing bean:
import java.net.HttpURLConnection;
import java.net.MalformedURLException;
import java.net.URL;
import java.security.Principal;
import javax.faces.context.ExternalContext;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
public String commandButton_action()
String retVal = "";
String j_username = inputText1.getValue().toString();
String j_password = this.inputSecret1.getValue().toString();
URL jSecurityCheckURL = null;
HttpURLConnection jSecurityCheckURLConnection = null;
ExternalContext externalContext = FacesContext.getCurrentInstance().getExternalContext();
String jsessionid = ((HttpSession)externalContext.getSession(false)).getId();
System.out.println("Current jsessionid=" + jsessionid);
System.out.println("Submitting login details (userId: " + j_username + " & password: " + j_password + ") to /j_security_check!");
try {
jSecurityCheckURL = new URL("http://localhost:9080/raweb/j_security_check;jsessionid=0000" + jsessionid + ":-1&j_username=" + j_username + "&j_password=" + j_password);
jSecurityCheckURLConnection = (HttpURLConnection)jSecurityCheckURL.openConnection();
jSecurityCheckURLConnection.setRequestMethod("POST");
jSecurityCheckURLConnection.setInstanceFollowRedirects(false);
jSecurityCheckURLConnection.connect();
System.out.println("j_security_check returned: " + jSecurityCheckURLConnection.getResponseCode());
//System.out.println("Current jsessionid=" + jsessionid);
if (null != externalContext) {
String remoteUser = externalContext.getRemoteUser();
System.out.println("Authenticated username: " + remoteUser);
HttpServletRequest httpServletRequest = (HttpServletRequest)externalContext.getRequest();
Principal principal = httpServletRequest.getUserPrincipal();
if (null != principal) {
String userName = principal.getName();
System.out.println("Authenticated username: " + userName);
} else {
System.out.println("Unable to obtain Faces ExternalContext and hence the remote user details.");
catch (MalformedURLException ex) {
System.out.println(ex);
jSecurityCheckURL = null;
jSecurityCheckURLConnection = null;
retVal = "";
catch (IOException ex) {
System.out.println(ex);
jSecurityCheckURL = null;
jSecurityCheckURLConnection = null;
retVal = "";
return retVal;
I try all this URL:
http://localhost:8080/jSecurityCheck/j_security_check?jsessionid=" + jsessionid + "&j_username=" + j_username + "&j_password=" + j_password
http://localhost:9080/raweb/j_security_check;jsessionid=0000" + jsessionid + ":-1&j_username=" + j_username + "&j_password=" + j_password
TWO DAYS ..... H E L P M E !!! -
802.1x PEAP Machine Authentication with MS Active Directory
802.1x PEAP Machine and User Authentication with MS Active Directory:
I have a simple pilot-text environment, with
- Microsoft XP Client,
- Cisco 2960 Switch,
- ACS Solution Engine (4.1.4)
- MS Active Directory on Win 2003 Server
The Remote Agent (at 4.1.4) is on the same server as the MS AD.
User Authentication works correctly, but Machine Authentication fails.
Failed machine authenticaton is reported in the "Failed Attempts" log of the ACS SE.
The Remote Agent shows an error:
See Attachment.
Without Port-Security the XP workstation is able to log on to the domain.
Many thanks for any indication.
Regards,
Stephan ImhofIs host/TestClientMan.Test.local the name of the machine? What does the AAA tell for you the reason it fails?
-
Hi Im a newbie in J2EE. (just started learning it 2 days back that new..;-)
I managed to set up a simple application using the J2ee tutorial. Now i want to try out a database application. I have a mysql database installed. Can anyone guide me on how to setup mysql with j2ee server? Are there any online tutorials etc that would help me in this?
I actually managed to create a connection pool however when i try to ping it i get an error message with says "An error has occurred. Operation 'pingConnectionPool' failed in 'resources' Config Mbean. Target exception message: Class name is wrong or classpath is not set for : org.gjt.mm.mysql.jdbc2.optional.MysqlDataSource" .
I hav already set classpath of mysql driver. Do i need to copy the jar file to any other directory?
Im not too sure if the way i have created connection pool is right, but i used the defaults specified so i guess that should be ok.
Any Help would be appreciated.
Thanks in advance.Hi! I�m Brazilian and I�ve been learning the English language yet, but I�ll try to describe how to configure J2EE with MySQL.
I am using MySQL version 4.1.7 with J2EE version 1.3 on Windows XP Professional. The driver version of MySQL is 3.0.16.
You have to configure the following two files:
- <J2EE_HOME>\bin\setenv.bat
- <J2EE_HOME>\config\resource.properties
Do the following steps:
1) Copy the JAR file of MySQL driver (mysql-connector-java-3.0.16-ga-bin.jar) to <J2EE_HOME>\lib directory.
2) In <J2EE_HOME>\bin directory open the setenv.bat file and analize the code. It is not hard to understand the code, it is just the classpath configuration of J2EE. After understand it, add a reference of MySQL driver (mysql-connector-java-3.0.16-ga-bin.jar), that was copied to <J2EE_HOME>\lib directory.
3) Run the <J2EE_HOME>\bin\j2eeadmin.bat to configure the resource.properties file.There are two command lines to be executed, as below:
- j2eeadmin.bat -addJdbcDriver <CLASS NAME OF THE DRIVER>
- j2eeadmin.bat -addJdbcDatasource <JNDI NAME> <URL>
For example:
- j2eeadmin.bat -addJdbcDriver "com.mysql.jdbc.Driver"
- j2eeadmin.bat -addJdbcDatasource "jdbc/mysql/test" "jdbc:mysql://localhost/test?user=username&password=pass"
4) After run j2eeadmin.bat, the resource.properties file will be modified. But when I did it and when I executed the verbose command to start J2EE, some error messages was exhibited. So I decided to open the resource.properties file and I noticed hat the character "\" was added erroneously in a lot of places of the code. It did not seem correct, so I decided to remove these characters replacing them. Bingo!!! After I did it, I run verbose again and no more message error ocurred. I think it is a bug of J2EE.
Finish! I modified the datasource JNDI to access MySQL and then I run my EAR application. No problems occurred. My application is running succesfully.
Good luck! -
What server comes with J2EE download?(URGENT)
I've been trying to install jive Forum but always faced problem with it and it seems like J2EE original server don't support it.
How can I used other servers like Tomcat with J2EE?
Please help URGENT!Ok. I'm installing jive forums (www.jivesoftware.com).
By now, I've successfully run this forum on Tomcat server and HSQLDB provided by the forum itself. So I supposed that I've got the right settings. Before going on further, let me explain abit of the forum installation. First of all, the home directory for the forum must be set.After that, it's deploy. After deploying, user must access the setup which is jsp pages.
So I can access the setup page deploying the forum using Tomcat but not J2EE server. And the error I got is that the home directory has not been set when I run it with J2EE server but it's fine with Tomcat server.
In the command prompt, this is the errors I get:
java.security.AccessControlException: access denied (java.lang.RuntimePermission getClassLoader)
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:269)
at java.security.AccessController.checkPermission(AccessController.java:401)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:524)
at java.lang.Thread.getContextClassLoader(Thread.java:1182)
at org.apache.jsp.index$jsp._jspService(index$jsp.java:187)
at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:107)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at org.apache.jasper.servlet.JspServlet$JspServletWrapper.service(JspServlet.java:202)
at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:382)
at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:474)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.j
ava:247)
at org.apache.catalina.core.ApplicationFilterChain.access$0(ApplicationFilterChain.java:197)
at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:176)
at java.security.AccessController.doPrivileged(Native Method)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:172)
at com.jivesoftware.util.SetCharacterEncodingFilter.doFilter(SetCharacterEncodingFilter.java
:40)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.j
ava:213)
at org.apache.catalina.core.ApplicationFilterChain.access$0(ApplicationFilterChain.java:197)
at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:176)
at java.security.AccessController.doPrivileged(Native Method)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:172)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:243)
at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.java:566)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:472)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:943)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:201)
at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.java:566)
at org.apache.catalina.valves.CertificatesValve.invoke(CertificatesValve.java:246)
at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.java:564)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:472)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:943)
at org.apache.catalina.core.StandardContext.invoke(StandardContext.java:2343)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:164)
at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.java:566)
at org.apache.catalina.valves.ErrorDispatcherValve.invoke(ErrorDispatcherValve.java:170)
at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.java:564)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:170)
at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.java:564)
at org.apache.catalina.authenticator.SingleSignOn.invoke(SingleSignOn.java:368)
at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.java:564)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:472)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:943)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:174)
at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.java:566)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:472)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:943)
at org.apache.catalina.connector.http.HttpProcessor.process(HttpProcessor.java:1012)
at org.apache.catalina.connector.http.HttpProcessor.run(HttpProcessor.java:1107)
at java.lang.Thread.run(Thread.java:534)
If your project assignment was to deploy this forum
app on J2EE RI server, then I suppose it can be
installed on it.I'm wonder what is RI server. Is it the same with Tomcat? I found the configurations file of Tomcat and J2EE server almost the same.
Obviously the forum software relies on a database. Is
the database running? Is the jdbc driver for the
database included in the forum application or have you
configured your server to find it?For your information, the forum supports Cloudscape database which comes with J2EE1.3.1. The setting up of the database is in the setup pages.
Do you have any indication what's wrong with the
setup? Are there errors and stacktraces in the console
output? Can you access the application on your own
machine at all?The errors is above. Yes I can access the application on my machine using Tomcat server but not J2EE server.
Please help. Thanks -
Hi I am using suin direcory server 6.0 with my application. To test my connection I supplied the rootDN, userDN, host, port and password with 'simple' authentication mode but my test fails with following exception on console;
SunOS-/export/home1/tecapp/TCS/tcserver/directory/INFOBASIC: testLDAP
com.temenos.tocf.security.TCSecurityException: The authentication mechanism simple not supported by LDAP Server : ldap://hml-newsunt2a:389/uid=myT24,cn=T24,cn=Application,o=temenos,c=ch with user t24userid=inputter,uid=myT24,cn=T24,cn=Application,o=temenos,c=ch
at com.temenos.tocf.security.common.LdapUtilities.getDirContext(LdapUtilities.java:447)
at com.temenos.tocf.security.management.T24User2Directory.connect(T24User2Directory.java:255)
at com.temenos.tocf.security.management.T24User2Directory.connect(T24User2Directory.java:185)
at com.temenos.tocf.security.management.T24User2Directory.getSysDNListImpl(T24User2Directory.java:330)
at com.temenos.tocf.security.management.T24User2Ldap.getSysDNList(T24User2Ldap.java:84)
------------- GETSYSDN -------------------
Time for call of CALLJ : 4820 [ms]
20üError connecting LDAP server : The authentication mechanism simple not supported by LDAP Server : ldap://hml-newsunt2a:389/uid=myT24,cn=T24,cn=Application,o=temenos,c=ch with user t24userid=inputter,uid=myT24,cn=T24,cn=Application,o=temenos,c=ch
Log File (access) in My LDAP Server recorded following at the same time;_
[10/Nov/2009:15:35:21 +0000] conn=171 op=-1 msgId=-1 - fd=22 slot=22 LDAP connection from 10.44.5.69:53988 to 10.44.5.69
[10/Nov/2009:15:35:21 +0000] conn=171 op=0 msgId=1 - BIND dn="" method=128 version=3
[10/Nov/2009:15:35:21 +0000] conn=171 op=0 msgId=1 - RESULT err=0 tag=97 nentries=0 etime=0 dn=""
[10/Nov/2009:15:35:21 +0000] conn=171 op=1 msgId=2 - SRCH base="uid=myt24,cn=t24,cn=application,o=temenos,c=ch" scope=0 filter="(obj
ectClass=*)" attrs="supportedSASLMechanisms"
[10/Nov/2009:15:35:21 +0000] conn=171 op=1 msgId=2 - RESULT err=0 tag=101 nentries=1 etime=0
[10/Nov/2009:15:35:21 +0000] conn=171 op=2 msgId=3 - UNBIND
[10/Nov/2009:15:35:21 +0000] conn=171 op=2 msgId=-1 - closing from 10.44.5.69:53988 - U1 - Connection closed by unbind client -
[10/Nov/2009:15:35:22 +0000] conn=171 op=-1 msgId=-1 - closed.
[10/Nov/2009:15:35:24 +0000] conn=172 op=-1 msgId=-1 - fd=22 slot=22 LDAP connection from 10.44.5.69:53989 to 10.44.5.69
[10/Nov/2009:15:35:24 +0000] conn=172 op=0 msgId=1 - BIND dn="t24userid=inputter,uid=myT24,cn=T24,cn=Application,o=temenos,c=ch" met
hod=128 version=3
[10/Nov/2009:15:35:24 +0000] conn=172 op=0 msgId=1 - RESULT err=48 tag=97 nentries=0 etime=0
[10/Nov/2009:15:35:24 +0000] conn=172 op=1 msgId=0 - RESULT err=80 tag=120 nentries=0 etime=0
[10/Nov/2009:15:35:24 +0000] conn=172 op=-1 msgId=-1 - closing from 10.44.5.69:53989 - A1 - Client aborted connection -
[10/Nov/2009:15:35:24 +0000] conn=172 op=-1 msgId=-1 - closed.Please help me and suggest a workaround please as I couldn't found any information regrading this on google.
Thanks
SJunejo[10/Nov/2009:15:35:24 +0000] conn=172 op=0 msgId=1 - RESULT err=48 tag=97 nentries=0 etime=0err=48 is "inappropriate authentication". Maybe you don't have SASL configured properly.
Please have a read of the admin guide.
[http://docs.sun.com/app/docs/doc/820-2763/bcave] -
DS 5.2: Plugin to force SSL/TLS and simple authentication available!
Hi,
for privacy and security reasons I had to enforce TLS for simple authentication
in my organisation on all client connections to our directory servers.
As it turned out in thread
http://forum.java.sun.com/thread.jspa?threadID=5239916
there is no easy possibility to do this. Even though there seems to be a
way by using the directory proxy server (looks very complicated), described
in thread
http://forum.java.sun.com/thread.jspa?threadID=5240537,
I finally decided to write a plugin. To let you know what the plug-in does
exactly I paste the description here in:
DESCRIPTION
The plug-in checks every client connection if it is encrypted or not.
If the connection is encrypted, it accepts the connection.
If not, it rejects the connection.
It is possible to configure the plug-in to accept unencrypted
connections from certain IPs. With this feature enabled, you may
allow unencrypted connections from 127.0.0.1 or similar.
Additionally, this feature helps you to deploy the plug-in in
a production environment.
Another configuration option allows a dry-run of the plug-in.
This means, that the plug-in only logs (in the error log), but accepts
unsecured connections.
The configuration of the plug-in may be stored in an arbitrary DN of
your DIT. This way you are allowed to change the configuration
parameters without restarting the directory server.
By replicating the configuration entry you may enable and disable
the dry-run mode for all your replicas by one click. Adding IPs,
from where clients are allowed to connect unencrypted is also
configurable for all replicas at once.
END OF DESCRIPTION
In the source code there are also detailed installation instructions
and a configurable Makefile is also provided.
I brute-force tested the plugin and it causes no memory leaks or similar issues.
Now I want to publish the code, since I am sure, that other people may need it to!
Unfortunately there is no public code repository or similar for directory server
plugins. So if anyone is interested in the plugin, I will put the source code online.
best regards
Harald StrackHi Harald:
I'm interested in looking at the code of your plugin. Could you please share the source code to us.
Thanks-
Maybe you are looking for
-
I read all of the threads regarding a problem similar to mine - - no flash player in Windows XP, and would have opened a ticket in support, but I don't know how. I can't log in as it prompts for a product serial number and the flash player doesn't se
-
Photos are not deleted from "recently deleted" folder after 30 days
Hello- I tried to sync my iPhone 6 today, and iTunes read that there were 2500 pictures stored on my device (nearly double what I actually have). I did some searching online and I found that if I change the date of my phone back 1 month (to Feb. 15),
-
Hi Experts, We are running 65 sessions parallel in our database. Then we got the following error. ORA-00020: maximum number of processes (40) exceeded. I have checked show parameter processes NAME TYPE VALUE aq_
-
Could not create certificate request
jdev version: 10.1.2.3.0 Oracle Database 10g Enterprise Edition Release 10.2.0.4.0 - Prod PL/SQL Release 10.2.0.4.0 - Production TNS for Linux: Version 10.2.0.4.0 - Production How can i create a certificate signing request like that: CN=EURTRANSBEL O
-
"NetStream.Codec.Error" record RTMFP
I record RTMFP Stream. Use this code NetGroup ng application.recordStream[nick + "multicast"] = Stream.get("mp4:multicast-ingest" + nick +"_record" +".mp4"); if ( application.recordStream[nick + "ingest"] != null ) application.recordStream[