Intra page "security" within the web tier

we currently have a web application using turbine/velocity technologies. we currently have security at the page level where based on a users's role (credentials managed in oracle database tables), they can or can't see a particular page.
now we have a requirement to present a different view based on the user's role. for instance, users in the "worker" role can't cancel an order, but they can update an order. thus they wouldn't see the cancel button. somone in the "supervisor" role could cancel an order and should see the cancel button. we want the ability to take this to the level of specifying view (and access) to any object on a particular page/screen/form/whatever.
so, i'm interested in what others have done to perhaps tackle this interesting issue of providing component level views based on a users credentials. we also do not currently have security on our back end components (slsb), and it would be nice to use the same security model in both areas. meaning you've gotta provide security credentials to get access to the beans and those same credentials are the ones used by the web tier.
any thoughts, reading suggestions, patterns, etc would be most most appreciated.
Thanks!
~mark

i think you should look towards jGuard (http://jguard.sourceforge.net).
jGuard provides easy JAAS integration into J2EE.
with jGuard, you can configure, and change on-the-fly your authentication and/or authorization settings in a unique way(works on multiple application servers).
jGuard provides too a tag library to protect your ressources depending on your roles,or your access right to a specific url, or a specific credential like it seems you are looking for.
to have more information on the jGuard features, you can grab them on the web site( http://jguard.sourceforge.net), or on the sourceforge page (http://sourceforge.net/projects/jguard).
hope it helps,
Charles (jGuard team).

Similar Messages

  • In Java EE 7's Firstcup tutorial, why does does the web tier consume the data from the dukes-age web service?

    In the Firstcup tutorial, the responsibilities of the web tier are listed as:
    dynamically generate content for the client
    collect input from the user
    return results from business tier components
    control the flow of client screens & pages
    maintain session state
    perform basic logic
    hold data temporarily in JavaBeans components
    Which of these responsibilities would retrieving data from a web service fall under?
    The tutorial also lists the technologies used in the web tier, and JAX-RS is not included in that list. The list of technologies used by the business tier does, however, list JAX-RS. I was surprised to find the DukesBDay JavaBeans component (in the web tier) calling the dukes-age web service, instead of the DukesBirthdayBean EnterpriseBean (in the business tier), which uses hard coded value for Duke's birth date.
    Is it typical for the web tier to consume web services in this way? What about when using an application client container, wouldn't that skip the web tier altogether, and in doing so also skip the web service call? Wouldn't DukesBirthdayBean in the business tier benefit from making the call to the web service, instead of having the date hard coded into it, and wouldn't this also solve the problem of the missing web service call when using an application client container?

    Hi Shadab,
    Here is a list of Web service standards supported by SAP in NetWeaver 7.1.1: [Supported Standards|http://help.sap.com/saphelp_nwpi711/helpdata/en/44/624479f7e608fae10000000a422035/frameset.htm] (also in [7.0|http://help.sap.com/saphelp_nw70/helpdata/EN/44/624479f7e608fae10000000a422035/frameset.htm] and [7.0.1|http://help.sap.com/saphelp_nw70ehp1/helpdata/EN/44/624479f7e608fae10000000a422035/frameset.htm]). The Enterprise Services adhere to these standards, and on the provider side you have the tools to configure the authentication settings as needed. On the consumer side, one just has to use a Java release (or any other platform) that supports these standards.
    While I am not a Java developer, there should be [many ways to consume a Web service in Java|http://www.google.bg/search?q=consumewebservice+java].
    Hope this helps,
    Rossen

  • [svn] 2891: Add the web-tier compiler for J2EE to the Flex open source code base.

    Revision: 2891
    Author: [email protected]
    Date: 2008-08-19 07:35:22 -0700 (Tue, 19 Aug 2008)
    Log Message:
    Add the web-tier compiler for J2EE to the Flex open source code base.
    Added Paths:
    flex/sdk/trunk/modules/webtier/
    flex/sdk/trunk/modules/webtier/bootstrap/
    flex/sdk/trunk/modules/webtier/bootstrap/build.xml
    flex/sdk/trunk/modules/webtier/bootstrap/java/
    flex/sdk/trunk/modules/webtier/bootstrap/java/src/
    flex/sdk/trunk/modules/webtier/bootstrap/java/src/META-INF/
    flex/sdk/trunk/modules/webtier/bootstrap/java/src/META-INF/taglib.tld
    flex/sdk/trunk/modules/webtier/bootstrap/java/src/default.properties
    flex/sdk/trunk/modules/webtier/bootstrap/java/src/flex/
    flex/sdk/trunk/modules/webtier/bootstrap/java/src/flex/bootstrap/
    flex/sdk/trunk/modules/webtier/bootstrap/java/src/flex/bootstrap/BootstrapBodyTag.java
    flex/sdk/trunk/modules/webtier/bootstrap/java/src/flex/bootstrap/BootstrapClassLoader.jav a
    flex/sdk/trunk/modules/webtier/bootstrap/java/src/flex/bootstrap/BootstrapFilter.java
    flex/sdk/trunk/modules/webtier/bootstrap/java/src/flex/bootstrap/BootstrapServlet.java
    flex/sdk/trunk/modules/webtier/bootstrap/java/src/flex/bootstrap/BootstrapTag.java
    flex/sdk/trunk/modules/webtier/bootstrap/java/src/flex/bootstrap/TagGenerator.java
    flex/sdk/trunk/modules/webtier/bootstrap/java/src/flex/webtier/
    flex/sdk/trunk/modules/webtier/bootstrap/java/src/flex/webtier/server/
    flex/sdk/trunk/modules/webtier/bootstrap/java/src/flex/webtier/server/j2ee/
    flex/sdk/trunk/modules/webtier/bootstrap/java/src/flex/webtier/server/j2ee/jsp/
    flex/sdk/trunk/modules/webtier/bootstrap/java/src/flex/webtier/server/j2ee/jsp/FlashVarTa g.java
    flex/sdk/trunk/modules/webtier/bootstrap/java/src/flex/webtier/server/j2ee/jsp/MxmlTag.ja va
    flex/sdk/trunk/modules/webtier/bootstrap/java/src/flex/webtier/server/j2ee/wrappers/
    flex/sdk/trunk/modules/webtier/bootstrap/java/src/flex/webtier/server/j2ee/wrappers/ATGFi lterConfig.java
    flex/sdk/trunk/modules/webtier/bootstrap/java/src/flex/webtier/server/j2ee/wrappers/ATGHt tpServletRequest.java
    flex/sdk/trunk/modules/webtier/bootstrap/java/src/flex/webtier/server/j2ee/wrappers/ATGSe rvletConfig.java
    flex/sdk/trunk/modules/webtier/bootstrap/java/src/flex/webtier/server/j2ee/wrappers/ATGSe rvletContext.java
    flex/sdk/trunk/modules/webtier/bootstrap/java/src/flex/webtier/server/j2ee/wrappers/J2EEW rapper.java
    flex/sdk/trunk/modules/webtier/bootstrap/java/src/flex/webtier/util/
    flex/sdk/trunk/modules/webtier/bootstrap/java/src/flex/webtier/util/FileUtils.java
    flex/sdk/trunk/modules/webtier/bootstrap/java/src/flex/webtier/util/J2EEUtil.java
    flex/sdk/trunk/modules/webtier/bootstrap/java/src/hitachi.properties
    flex/sdk/trunk/modules/webtier/bootstrap/java/src/interstage.properties
    flex/sdk/trunk/modules/webtier/bootstrap/java/src/jrun.properties
    flex/sdk/trunk/modules/webtier/bootstrap/java/src/tomcat.properties
    flex/sdk/trunk/modules/webtier/bootstrap/java/src/weblogic.properties
    flex/sdk/trunk/modules/webtier/bootstrap/java/src/websphere.properties
    flex/sdk/trunk/modules/webtier/build.properties
    flex/sdk/trunk/modules/webtier/build.xml
    flex/sdk/trunk/modules/webtier/coldfusion/
    flex/sdk/trunk/modules/webtier/coldfusion/build.xml
    flex/sdk/trunk/modules/webtier/coldfusion/lib/
    flex/sdk/trunk/modules/webtier/coldfusion/lib/cfmx_bootstrap.jar
    flex/sdk/trunk/modules/webtier/coldfusion/src/
    flex/sdk/trunk/modules/webtier/coldfusion/src/java/
    flex/sdk/trunk/modules/webtier/coldfusion/src/java/coldfusion/
    flex/sdk/trunk/modules/webtier/coldfusion/src/java/coldfusion/bootstrap/
    flex/sdk/trunk/modules/webtier/coldfusion/src/java/coldfusion/bootstrap/BootstrapBodyTag. java
    flex/sdk/trunk/modules/webtier/coldfusion/src/java/coldfusion/bootstrap/BootstrapTag.java

    JLundan,
    I want to thank you for responding to the thread I started on the forum at java.sun.com. Your solution to my problem of needing to print the code of the html pages that the file I included generates was just what I was looking for. However, I have some further questions to ask, if you don't mind. To clarify my task I should say that your rephrasing of the problem is accurate: "You wan't to display the contents of the HTML file that the web server produces in response of client's request?"
    Yes, this is what I need to do, but also it needs to display the source code of that html file that the server produces in response to the client's request. Also, in this case, I am the client requesting that the server return some html file, and I'm not sure where the server is. But the webserver.java file that I shared on the forum is on my local machine. I was wondering if I could modify this webserver.java file at my home so that any html file the server returns to me would automatically display the source code. This is a school project of mine and I am stuck on this one thing here.
    Further, where would I put the "foo.html" file so it can be written to?
    FileOuputStream fos = new FileOutputStream("foo.html");
    fos.write(bytes);
    fos.close();
    Thanks so much for your help. I look forward to your response, at your convenience.
    Regards

  • JAAS outside the Web Tier

    Tried posting this on the Glassfish users list to no avail
    Glassfish realms can be used to provide, in combination with j_security_check, security and authorization for web applications.
    What I don't understand however is how to use those services outside the web tier. For example, in JMS. The default JMS provider in Glassfish is OpenMQ and also supports JAAS.
    So, how do you use a Glassfish realm to clamp down your topics and queues? From the Glassfish administration console, in "New JMS Connection Factory" the only options available are properties for the password and the user name which seem to be globally set per factory.
    What am I missing here? Glassfish supports JAAS. OpenMQ supports JAAS. OpenMQ is inside Glassfish. However, OpenMQ inside Glassfish can't use Glassfish realms.

    I believe you are mistaken. My question was one of integration, not of syntax. Integration of the JAAS modules and realms already found in Glassfish in combination with OpenMQ.
    I already know OpenMQ supports JAAS and I know how to setup JAAS on a standalone OpenMQ instance.
    But this is not the case here. Under a Glassfish standard install, the OpenMQ extension folder is empty. I'm looking for either an existing bridge between the copy of OpenMQ that is embedded inside Glassfish and the Glassfish realms that the container holds or confirmation that no such bridge exists.
    At the moment, it seems the answer to this question is no, OpenMQ isn't setup to interoperate with Glassfish at that level. Furthermore, I'm unsure if I could use the same JAAS modules that are already setup in the login.conf of Glassfish due to concurrency issues.

  • BT Cloud - creating folders within the Web uploads...

    On the Help pages the question, "Can I upload a folder or multiple files to the BT Cloud Web Client" is answered by explaining how to upload multiple files and then says you can create a new folder within the Web uploads folder to store them. Unfortunately it does not explain how to create the said folder - and as yet I have not been able to. Help please.
    Solved!
    Go to Solution.

    This is an old thread, but still relevant to my current issue.
    I've just joined BT and have activated the BT Cloud. I've tried to create a folder by clicking on the three little dots, but it's disabled. I uploaded a file and then it became enabled. Clicking on it though only allowed me to move it to trash. I moved it to trash and the 3 little dots became disabled again.
    How do I enable this to create a folder? Surely it can't be that hard!!
    Cheers,
    Graham

  • Confuse in Chapter 25 Persistence in the Web Tier's example book store.

    Hi all,
    I'm confusing about the example in Chapter 25 Persistence in the Web Tier.
    the book store example creates the bookdbao in contextlistener
    BookDBAO bookDBAO = new BookDBAO(emf);
    context.setAttribute("bookDBAO", bookDBAO);and the bookdbao's constructor like this.
        public BookDBAO(EntityManagerFactory emf) throws Exception {
            try {
                em = emf.createEntityManager();
            } catch (Exception ex) {
                throw new Exception(
                        "Couldn't open connection to database: " + ex.getMessage());
        }and the servler get bookdbao like
    BookDBAO bookDBAO = (BookDBAO) getServletContext().getAttribute("bookDBAO");so if many users access the servlet at the sametime,
    they all get the same bookDBAO,
    but i think em is not guaranteed to be threadsafe.
    so the example is not thread-safe, is it?
    thanks

    Hi all,
    I'm confusing about the example in Chapter 25 Persistence in the Web Tier.
    the book store example creates the bookdbao in contextlistener
    BookDBAO bookDBAO = new BookDBAO(emf);
    context.setAttribute("bookDBAO", bookDBAO);and the bookdbao's constructor like this.
        public BookDBAO(EntityManagerFactory emf) throws Exception {
            try {
                em = emf.createEntityManager();
            } catch (Exception ex) {
                throw new Exception(
                        "Couldn't open connection to database: " + ex.getMessage());
        }and the servler get bookdbao like
    BookDBAO bookDBAO = (BookDBAO) getServletContext().getAttribute("bookDBAO");so if many users access the servlet at the sametime,
    they all get the same bookDBAO,
    but i think em is not guaranteed to be threadsafe.
    so the example is not thread-safe, is it?
    thanks

  • Embedding Java editor within the web page

    Hi,
    I am looking for a Java editor. The editor should easily be embedded in the web page, for the user to test the program and view the result. If syntax error occurs, the line of the error is shown colored as shown as in Eclipse and Netbeans. Is there any package for implementing this?
    Thanks
    Vishnu
    Edited by: vishnugr on Jul 25, 2009 5:26 AM

    Take a look at the code I pasted on this thread, it will work with HTML5 / mobile and fall back to flash compatibility for older browsers. It plays perfectly fine (as apposed to what other people say on the thread). You have the option of looping and doing a bunch of things, has worked very well for me in the past for high trafficed sites (100,000+ unique's a day)
    http://forums.adobe.com/message/5472226#5472226

  • How to arrange page dropdowns in the Web Analysis report

    Hello, Experts!
    I have created a Web Analysis document based on my Esssbase cube. This document contains just one grid with 7 dropdowns. All dropdowns are in one line above and they are narrowed so as they all fit into 1 line within the screen and I cannot see the full names of members within a dropdown. So I need advice on how I can arrange the dropdowns in my Web Analysis report so that I can see the full names of members when opening the dropdown? Thank you so much!

    Thanks a lot! Yes, it works if one creates dropdowns via combo box controls attached to the same data source as the spreadsheet and applying these controls via the service button control (in this case you do not create page dropdowns in the data layout window of the spreadsheet and leave them in the data layout window's Filter pane). Otherwise it is impossible to edit the size and position of page dropdowns created in the Data Layout window of the spreadsheet.

  • IWeb 08 pages show on the web but not in iWeb

    iWeb 08 was working fine until I attempted to update pages that were originally made in the previous version of iWeb. Although the pages display on the .mac website, I cannot load or edit the pages within iWeb. I have two files in Library>Application Support>iWeb Domain.site and domain.sites2. Launching iWeb from either file still does not correct the problem. Another piece of the puzzle: an error message appears that states that two images are missing upon launching, and when I click on one of the pages that won't load, the error message: Missing File, color-profile-1

    I followed the topic concerning the Firefox photoalbum problem but I´m using Safari and the albums will not show up on the web !!!! I also exchanged the detailview and headercontrol *js which worked fine for opening the photoalbum on my harddisk with firefox. But when its uploaded to the server it won´t display and that in Safari!!!! On the published folder on my harddisk everything works fine
    www.voyage64.com
    just cklick on "photoalben" no album apears. Does anyone have the same problem with safari ???
    regards,
    David

  • Blank page coming in the Webi Report in a particular tab

    Hi,
    i have a webi report which uses a two Cross tabs.and it is sectioned by 'Business Segment' object. and 'Group name' object has been used to group the data in each cross tab.it has multiple tabs in the report each named same as the group name used in the cross tab.
    so now when i export the report into the PDF document one of the tabs is having a blank page (i.e 2nd page is a blank page off the 4 pages it has). i am using XI R 3 version.
    so please suggest me what formatting changes to be done for that particular tab(s) to remove the blank page off the 4 pages.
    Immediate suggestion is very helpful.
    Thanks & Regards,
    Kishore.

    Hi,
    Thanks for your suggestion.however i checked all the cells. everything is well fitted.one more thing is that similar kind of data is visible in other tabs without any issues. so it is happening only in a particular tab.
    Any other advanced settings to do to avoid the blank pages in between  the PDF document?
    Regards,
    Kishore.

  • User_Name and Password Security on the web

    Hi there,
    I have developed an application in Oracle 8i and Developer 6i, and deployed it on the web.
    While calling a logon form from the index.html, it shows all the parameters username, password, and dbstring in the URL displayed in the browser. Is there any way to secure it, just like in the Post Method while submitting a form request.
    Can any one help me please !
    Regards,
    Hafeez

    Write a ON-LOGON trigger in the form and use the function
    LOGON('UserName', 'Pw@connection sid');
    if the connection is succesful the FORM_SUCCESS will return true.. otherwise false..
    I hope this will help u

  • Page moving within the browser

    Hi I have a small problem with my site, although on the layout all the content is within the grid when I check it in the browser you can move the content slightly with the mouse and you can see on the right that the content isn't aligned. The top of the page has a slideshow that is set to 100% width but it has a longer piece of artwork so it always goes edge to edge, so that shouldn't be a problem
    Heres a link to a video of it it action Dropbox - site issue.mov
    Any ideas guys it driving me crazy!! Thanks

    hi thanks for getting back to me, none of the images (on the desktop version) are scaled or edited, they are all 100% the slideshow is cropped as I have a very long piece of artwork so it will always go edge to edge.
    Heres the url
    Home
    thanks for responding

  • Pages, downloaded from the web, beyond the 1st page appear 50% reduced when printed. How can I resolve this?

    How can I resolve a recent printing problem I'm experiencing regarding downloads from the web where pages beyond the 1st page appear 50% reduced when printed or lines of type at bottoms of pages are missing?

    David,
    Thanks for the reply. I wish I could tell you that your suggestions solved my problem - they didn't.
    I've deleted the affected printer, then added the printer again; I've reset the printing system, then added the printer again; I've downloaded printer drivers, deleted the affected printer, then added the printer again.
    I plan to contact hp later this week for further assistance as you suggest.
    My printer is a hp OfficeJetPro L7590.
    I've enclosed screen shots illustrating the situation.
    Regards,
    R

  • Advice needed for changing code within the Web IC...

    Hi,
    I need to change some code within the GET_QUERY_RESULT Method, which is found:
    BSP->Z_CRM_IC
    View->AuiSearch
    Controller class ZL_CRM_IC_AuiSearch_impl
    Method do_handle_event
    Method eh_onsearch
    Method get_query_result
    At present the method get_query_result belongs to class CL_CRM_AUI_QUERY_SERVICE.
    I can create a subclass from this and call it ZL_CRM_AUI_QUERY_SERVIC, then redefine the method get_query_class, and then make the appropriate changes. But that may be all uneccessary. What I don't know is how to ensure this modified code can be called.
    I have already made changes for method DO_INIT_CONTEXT, hence the reason the controller class ZL_CRM_IC_AUISEARCH_IMPL is identified. But this was simple because the view linked directly to this whereas you can see the code I need to change is further down in process chain.
    I know that method get_query_result calls a number of BADI's, but these BADI's are too low for the information that I need and therfore really need to make my code changes in the get_query_result method.
    I have been reading as much as I can on this subject, but without much success and therefore really count on experienced developers like yourselves to steer me in the right direction, or give advice.
    Jas

    I will not suggest to put your Enhancements into CL_CRM_AUI_QUERY_SERVICE.
    Rather in  Component BT  -> Class CL_CRM_BTIL .  AUi Query Service will Internally call the BOL Component ( get query result )
    In your Framework Profile Config  , you specify the Component Set  . Ex: ALL
    Component set have a List of Component Ex BP , BT .
      SPRO-> CRM -> CRM Cross Application Components -> Generic Interaction layer -> Basic Settings
    Now you can have your Custom , Component Set ( Ex : ZALL ) and Component ( ( Ex ; ZBT , Totally advisable for CIC Development Framework )
    Have BT Copied into ZBT and  Specify  ZL_CRM_BTIL (  Inherited from CL_CRM_BTIL )
    And in your Custom Component Set , Specify ZBT instead of BT . 
    Now Specify your Custom Component Set in your Framework Profile .
    Now you got the Enhancement Spot in  ZL_CRM_BTIL->GET_QUERY_RESULT
    Let me know if it make sense

  • Different Page Sizes within the same document - Printing

    I am having trouble printing a document which contains pages of different sizes (using Adobe Professional 7.0):
    i.e. The first 10 pages are 8.5" x 11", the next few pages are 11" x 17" and the last few pages are 8.5" x 11"
    The printer only spits everything out as 8.5" x 11" and the larger sheets are just cut off.
    In the "Print" menu that comes up when you hit FILE->PRINT it suggests that everything is alright... I can scroll through the small "page preview" and it shows some pages 8.5x11 and some pages 11x17... but when it actually prints, it doesn't do that. Is it the printer that is the problem perhaps?
    (The printer is a Lexmark x945e)
    Any insight would be greatly appreciated.
    ~Paul

    If the goal is to make a flap, then you can do this in InDesign. A spread can be any contiguous number of pages, so if your document is generally speaking double-page spreads, you can have a single spread that is composed of three contiguous pages.
    To do this, in the Pages palette, select a double-page spread you want to expand. Go to the flyout menu and deselect "Allow selected spread to shuffle." Then drag new page to the left of the left page or to the right of the right page (depending on where your flap is).
    Then you're all set.
    Here's a screenshot of the Pages panel:
    In this case, I've created a flap to the right of page 3 (numbered page a) and its reverse to the left of page 4 (numbered page b).

Maybe you are looking for

  • I want to upgrade my memory?

    I want to upgrade my memory to the full 16gb. I now have 4. Is it okay if I buy 1 8gb stick and 1 4gb stick to make it 16gb? Or does all of it have to be the same?

  • Posting date option in ME2M Std report

    Hi friends, The standard Report ME2M is for displaying PO's based on the Document date .... but my requirement is to get the same output with the Posting date as the criterion ... (i.e) even if the document date is given in the selection parameters .

  • IPhone as a drive

    After I upgraded my iPhone 3GS to OS 4.0, I know longer see iPhone as a drive in My Computer menu. I could not find anything in iTunes to turn the drive availability on, but maybe I didn't look well enough. Can anyone help please?

  • VBAP modify in MV45AFZZ

    Hi people! I need some help, please. I'm trying to duplicate line in VA01, with some changes, for this I'm using MV45AFZZ. I already tried in USEREXIT_SAVE_DOCUMENT and USEREXIT_SAVE_DOCUMENT_PREPARE, copying a new line to XVBAP, changing and appendi

  • Address Data in Mutiple Languages

    Hi Friends, How can i mentain Address Data for Vendor/Customer in multiple language while Uploading through BAPI or if any other method to achieve the same. Regards Sonal