Is HR Org based security supported in OBIA

Hi all
I just wanna know whether HR Org-based Security is supported in OBIA with Oracle Apps as Source ?
We have already implemented security based on Business Group Id and it is working good.
Now we want to implement the security based on Organization ID.
Plz advice..
Thanx

Similar Messages

MOAC / "Org-Based" Security

Hello,
I'm developing custom pl/sql for submitting concurrent requests/sets. For reference, here is what my initialization 'block' looks like in the pl/sql:
apps.fnd_global.apps_initialize(user_id, resp_id, app_id);
apps.mo_global.set_policy_context('M');
apps.mo_global.init(appShortName);
(or)
apps.fnd_global.apps_initialize(user_id, resp_id, app_id);
apps.mo_global.set_policy_context('S', org_id);
apps.mo_global.init(appShortName);
(depending on whether the user chooses a 'multi-org' context or 'single-org' context)
I just have a few general questions.
1) Is the "mo_global.set_policy_context" followed by "mo_global.init" proper form?
2) I understand that if you choose multi-org (set_policy_context('M')), it reads the 'fnd_global.apps_initialize'd user's "allowed orgs" from his profile options (I forget the exact ones at this moment). Is this correct?
3) Is the sole purpose of "multi-org" security for performing multiple operations on multiple orgs without having to switch responsibility?
4) Most importantly (saved this one for last), I'm reading about the various different kinds of security (namely, http://docs.oracle.com/cd/E14223_01/bia.796/e14219/security.htm#BGBIFAIG):
Operating Unit Org-Based security
Inventory Org-Based Security
Company Org-Based Security
Business Group Org-Based Security
HR Org-based Security
Payables Org-Based Security
Receivables Org-Based Security
SetID-Based Security
Position-Based Security
Ledger-Based Security
My question is, are all of these various "securities" all managed with organizations? In other words, will my code (above) enable users to use ANY of these different kinds of security, if they so choose?

Hey so seeing as this question hasn't really been answered yet I figure I'll give it another go.
I'm going to be very specific this time:
I run PL/SQL scripts against the EBS database in order to do things like schedule requests/request-sets. The first thing I do (always) is initialize the apps context:
apps.fnd_global.apps_initialize(u_id, r_id, a_id);
Next, depending on the situation (still unsure when/why, but whatever), we initialize the org context. This is done by performing exactly one of the following steps.
apps.mo_global.set_policy_context('M', null);
OR
apps.mo_global.set_policy_context('S', org_id);
OR
apps.mo_global.init('appname');
Now, the ORG_ID comes from this statement:
SELECT organization_id FROM apps.org_organization_definitions2 WHERE organization_name = 'blah'
Again, I don't know why/when we need to do this or apparently what any of these things do but it's kind of beyond the scope of what I do. SOMEBODY chooses one of these, depending on their mood (or whatever factors :) ). Based on my model, the following are the possibilities thus far:
apps.fnd_global.apps_initialize(u_id, r_id, a_id);
OR
apps.fnd_global.apps_initialize(u_id, r_id, a_id);
apps.mo_global.set_policy_context('M', null);
OR
apps.fnd_global.apps_initialize(u_id, r_id, a_id);
apps.mo_global.set_policy_context('S', org_id);
OR
apps.fnd_global.apps_initialize(u_id, r_id, a_id);
apps.mo_global.init('appname');
After this, I use
apps.fnd_submit.submit_program('appName','progName','STAGEXYZ', args); <-- however many times I need
apps.fnd_submit.set_request_set('appname','requestSetName');
OR
apps.fnd_request.submit_request('appName','progName','description',starttime,FALSE, args);
My question is twofold:
1) Is this model generic enough? In other words, without doing anything extra, will people be able to do pretty much everything you could think of, at least in terms of running concurrent requests / sets? Will I ever - EVER - need to chain "set_policy_context" with "init"? <-- I would really love a yes/no answer because I am in no way/shape/form an EBS expert. I've read all the docs that I've been presented with thus far but I haven't found a straight answer to this yet.
2) I understand there are all different kinds of "org-based" security. Could I use my current code to initialize an inv_org, for example? If not, where could I turn for help? Are there other tables I should use for inv_orgs, hr_orgs, etc?
THANKS! YOU ARE THE BEST!

Inventory Org Based security

Hi All,
We are implementing the security based on inventory organizations in BIA 7.9.5.1
The following OOTB initialization block query provided for the security is not working.
Interestingly the query returns me the required inventory org ids when i run it in the background but not when i login into BIEE.
SELECT
DISTINCT 'INV_ORG', BIS_ORGANIZATIONS_V.ID
FROM FND_USER_RESP_GROUPS, BIS_ORGANIZATIONS_V
WHERE FND_USER_RESP_GROUPS.RESPONSIBILITY_ID = BIS_ORGANIZATIONS_V.RESPONSIBILITY_ID
AND FND_USER_RESP_GROUPS.START_DATE < SYSDATE
AND (CASE WHEN FND_USER_RESP_GROUPS.END_DATE IS NULL THEN SYSDATE ELSE TO_DATE(FND_USER_RESP_GROUPS.END_DATE) END) >= SYSDATE
AND FND_USER_RESP_GROUPS.USER_ID = (CASE WHEN 'VALUEOF(NQ_SESSION.EBS_SSO_INTEGRATION_MODE)' = 'Integrated'
THEN 'VALUEOF(NQ_SESSION.OLTP_EBS_USER_ID)' ELSE '(select FND_GLOBAL.USER_ID from dual)' END)
AND FND_USER_RESP_GROUPS.RESPONSIBILITY_ID = (CASE WHEN 'VALUEOF(NQ_SESSION.EBS_SSO_INTEGRATION_MODE)' = 'Integrated'
THEN 'VALUEOF(NQ_SESSION.OLTP_EBS_RESP_ID)' ELSE TO_CHAR(FND_USER_RESP_GROUPS.RESPONSIBILITY_ID) END)
AND FND_USER_RESP_GROUPS.RESPONSIBILITY_APPLICATION_ID = (CASE WHEN 'VALUEOF(NQ_SESSION.EBS_SSO_INTEGRATION_MODE)' = 'Integrated'
THEN 'VALUEOF(NQ_SESSION.OLTP_EBS_RESP_APPL_ID)' ELSE TO_CHAR(FND_USER_RESP_GROUPS.RESPONSIBILITY_APPLICATION_ID) END)
Has someone encountered this issue and knows a workaround?
Thanks,
Sid

Hi Ragav,
Could you post the name of the InitBlock you are using? I was looking at the OOTB rpd and could not find it.
Apart from that - what do you mean saying
Interestingly the query returns me the required inventory org ids when i run it in the background but not when i login into BIEE.How have you checked if it returns the required ids when login to BIEE?
Regards,
Michal
P.S. Make sure you have "row-wise initialization" checked in your InitBlock.
Edited by: Mich@lB on Jun 25, 2009 2:43 PM

Difference between Structural and Org. Based Security

Hi
Could anyone please explain the difference between Structural and Org. based security
Also could anyone please point to relevant documents.
Thanks

Structural authorization:
ex: assigning roles to position and not to userids.. Listed below are some links that may help you to get started in understanding "Structural authorization".
http://www.sap-img.com/human/structural-authorization-vs-role-authorization.htm
http://www.sap-press.de/katalog/buecher/inhaltsverzeichnis/gp/titelID-1071
https://websmp205.sap-ag.de/~form/ehandler?_APP=00200682500000001337&_EVENT=DISPLAY&COURSE=ADM940
HB

HR Business Group Based Security

Hi All,
We have implemented the EBS and OBIEE integration without any security enabled.
We have tried to implement the Business Group Org Based Security.
When we have enabled that initialization block and saved it.
SQL used in intialization block is
SELECT
DISTINCT 'BUSINESS_GROUP',
TO_CHAR(FND_PROFILE.VALUE_SPECIFIC('PER_BUSINESS_GROUP_ID', USER_ID, RESPONSIBILITY_ID, RESPONSIBILITY_APPLICATION_ID))
FROM
+(SELECT+
USER_ID,
RESPONSIBILITY_ID,
RESPONSIBILITY_APPLICATION_ID
FROM
FND_USER_RESP_GROUPS
WHERE
START_DATE < SYSDATE
AND (CASE WHEN END_DATE IS NULL THEN SYSDATE ELSE TO_DATE(END_DATE) END) >= SYSDATE
AND USER_ID = (CASE WHEN 'VALUEOF(NQ_SESSION.EBS_SSO_INTEGRATION_MODE)' = 'Integrated'
THEN VALUEOF(NQ_SESSION.OLTP_EBS_USER_ID) ELSE (SELECT USER_ID FROM FND_USER WHERE USER_NAME = ':USER') END)
AND RESPONSIBILITY_ID = (CASE WHEN 'VALUEOF(NQ_SESSION.EBS_SSO_INTEGRATION_MODE)' = 'Integrated'
THEN 'VALUEOF(NQ_SESSION.OLTP_EBS_RESP_ID)' ELSE RESPONSIBILITY_ID END)
AND RESPONSIBILITY_APPLICATION_ID = (CASE WHEN 'VALUEOF(NQ_SESSION.EBS_SSO_INTEGRATION_MODE)' = 'Integrated'
THEN 'VALUEOF(NQ_SESSION.OLTP_EBS_RESP_APPL_ID)' ELSE RESPONSIBILITY_APPLICATION_ID END))
It is retuning error.
+[nQSError: 13011] Query for Initialization Block 'Business Groups' has failed.+
+[nQSError: 17001] Oracle Error code: 932, message: ORA-00932: inconsistent datatypes: expected CHAR got NUMBER+
at OCI call OCIStmtExecute.
Do any one have idea about how to reslove this issue ?
Thanks & Regards
Vishwanath

the first thing I can think of is: have you integrated eBS with OBIEE?
I know this initblock just works fine, but when I look to you error... I really don't have a clue...
But it must be the RESPONSIBILITY_ID or the RESPONSIBILITY_APPLICATION_ID.. but both are numbers already...

Is role base security supported by WLS 5.1?

To what extent is role based security supported by servlets under WLS 5.1?
          Declarative role based security does not seem to be supported?
          Are any of the following methods supported?
          HttpServletRequest.isUserInRole()
          HttpServletRequest.getUserPrincipal()
          If so, where are the roles declared? Where is the role/principal mapping
          done? Does getUserPrinicipal() return the principal using the WLS security
          realm?
          Thank you.
          Marko.


Cool. Bonus mystery feature. I will call support.
          Thanks Winston.
          Marko.
          Winston Koh <[email protected]> wrote in message
          news:[email protected]...
          > no, i am not referring to ACL. to my knowledge, the servlet security
          > features docs do not make it into the WLS 5.1. I understand its a bit hard
          > to use the features properly without proper documentation. contact support
          > for more info
          >
          > thanx
          >
          > Winston
          > Marko Milicevic <[email protected]> wrote in message
          > news:[email protected]...
          > > The only servlet authorization mechanism I can see documented is ACL's.
          > Is
          > > this what you are referring to Winston? If so, I believe ACL are
          > different
          > > than declarative role based security. An ACL grants access to a servlet
          > for
          > > a set of principals (users and/or groups). But a role is not a
          > prinicipal.
          > > A role name is mapped to a set of principals.
          > >
          > > If you are referring to roles, can you give a URL to the documentation
          > which
          > > discusses this?
          > >
          > > Thanks Winston.
          > >
          > > Marko.
          > > .
          > >
          > > Winston Koh <[email protected]> wrote in message
          > > news:[email protected]...
          > > > both declarative and programmtic based security roles are supported by
          > WLS
          > > > 5.1.
          > > >
          > > > if you don't specify any specific security realm in the
          > > weblogic.properties
          > > > file, a default WebLogic Security realm is assumed. you could specify
          > the
          > > > group and its associated users and passwords there in the properties
          > file.
          > > > in the web.xml file associated with each web app, you could speciify
          the
          > > > security constraints for each servlet
          > > >
          > > > I would imagine when accessing a secured servlet within a web app, a
          > > client
          > > > would supply her credentials thru some sort of authentication, and
          based
          > > on
          > > > the credentials, we find out the role name from the
          weblogic.properties
          > > file
          > > > which in turn mapped to the web.xml which specify the security role
          that
          > > > could access the particular servlet. if the role matches, access to
          the
          > > > servlet is granted
          > > >
          > > > refer to WL Docs for more specific details
          > > >
          > > > thanx
          > > >
          > > > Winston
          > > > Marko Milicevic <[email protected]> wrote in message
          > > > news:[email protected]...
          > > > > To what extent is role based security supported by servlets under
          WLS
          > > 5.1?
          > > > >
          > > > > Declarative role based security does not seem to be supported?
          > > > >
          > > > > Are any of the following methods supported?
          > > > >
          > > > > HttpServletRequest.isUserInRole()
          > > > > HttpServletRequest.getUserPrincipal()
          > > > >
          > > > > If so, where are the roles declared? Where is the role/principal
          > > mapping
          > > > > done? Does getUserPrinicipal() return the principal using the WLS
          > > > security
          > > > > realm?
          > > > >
          > > > > Thank you.
          > > > >
          > > > > Marko.
          > > > > .
          > > > >
          > > > >
          > > > >
          > > >
          > > >
          > >
          > >
          >
          >

Using container managed form-based security in JSF

h1. Using container managed, form-based security in a JSF web app.
A Practical Solution
h2. {color:#993300}*But first, some background on the problem*{color}
The Form components available in JSF will not let you specify the target action, everything is a post-back. When using container security, however, you have to specifically submit to the magic action j_security_check to trigger authentication. This means that the only way to do this in a JSF page is to use an HTML form tag enclosed in verbatim tags. This has the side effect that the post is not handled by JSF at all meaning you can't take advantage of normal JSF functionality such as validators, plus you have a horrible chimera of a page containing both markup and components. This screws up things like skinning. ([credit to Duncan Mills in this 2 years old article|http://groundside.com/blog/DuncanMills.php?title=j2ee_security_a_jsf_based_login_form&more=1&c=1&tb=1&pb=1]).
In this solution, I will use a pure JSF page as the login page that the end user interacts with. This page will simply gather the input for the username and password and pass that on to a plain old jsp proxy to do the actual submit. This will avoid the whole problem of having to use verbatim tags or a mixture of JSF and JSP in the user view.
h2. {color:#993300}*Step 1: Configure the Security Realm in the Web App Container*{color}
What is a container? A container is basically a security framework that is implemented directly by whatever app server you are running, in my case Glassfish v2ur2 that comes with Netbeans 6.1. Your container can have multiple security realms. Each realm manages a definition of the security "*principles*" that are defined to interact with your application. A security principle is basically just a user of the system that is defined by three fields:
- Username
- Group
- Password
The security realm can be set up to authenticate using a simple file, or through JDBC, or LDAP, and more. In my case, I am using a "file" based realm. The users are statically defined directly through the app server interface. Here's how to do it (on Glassfish):
1. Start up your app server and log into the admin interface (http://localhost:4848)
2. Drill down into Configuration > Security > Realms.
3. Here you will see the default realms defined on the server. Drill down into the file realm.
4. There is no need to change any of the default settings. Click the Manage Users button.
5. Create a new user by entering username/password.
Note: If you enter a group name then you will be able to define permissions based on group in your app, which is much more usefull in a real app.
I entered a group named "Users" since my app will only have one set of permissions and all users should be authenticated and treated the same.
That way I will be able to set permissions to resources for the "Users" group that will apply to all users that have this group assigned.
TIP: After you get everything working, you can hook it all up to JDBC instead of "file" so that you can manage your users in a database.
h2. {color:#993300}*Step 2: Create the project*{color}
Since I'm a newbie to JSF, I am using Netbeans 6.1 so that I can play around with all of the fancy Visual Web JavaServer Faces components and the visual designer.
1. Start by creating a new Visual Web JSF project.
2. Next, create a new subfolder under your web root called "secure". This is the folder that we will define a Security Constraint for in a later step, so that any user trying to access any page in this folder will be redirected to a login page to sign in, if they haven't already.
h2. {color:#993300}*Step 3: Create the JSF and JSP files*{color}
In my very simple project I have 3 pages set up. Create the following files using the default templates in Netbeans 6.1:
1. login.jsp (A Visual Web JSF file)
2. loginproxy.jspx (A plain JSPX file)
3. secure/securepage.jsp (A Visual Web JSF file... Note that it is in the sub-folder named secure)
Code follows for each of the files:
h3. {color:#ff6600}*First we need to add a navigation rule to faces-config.xml:*{color}
    <navigation-rule>
<from-view-id>/login.jsp</from-view-id>
        <navigation-case>
<from-outcome>loginproxy</from-outcome>
<to-view-id>/loginproxy.jspx</to-view-id>
        </navigation-case>
    </navigation-rule>
NOTE: This navigation rule simply forwards the request to loginproxy.jspx whenever the user clicks the submit button. The button1_action() method below returns the "loginproxy" case to make this happen.
h3. {color:#ff6600}*login.jsp -- A very simple Visual Web JSF file with two input fields and a button:*{color}
<?xml version="1.0" encoding="UTF-8"?>
<jsp:root version="2.1"
xmlns:f="http://java.sun.com/jsf/core"
xmlns:h="http://java.sun.com/jsf/html"
xmlns:jsp="http://java.sun.com/JSP/Page"
xmlns:webuijsf="http://www.sun.com/webui/webuijsf">
    <jsp:directive.page
contentType="text/html;charset=UTF-8"
pageEncoding="UTF-8"/>
    <f:view>
        <webuijsf:page
id="page1">
<webuijsf:html id="html1">
<webuijsf:head id="head1">
<webuijsf:link id="link1"
url="/resources/stylesheet.css"/>
</webuijsf:head>
<webuijsf:body id="body1" style="-rave-layout: grid">
<webuijsf:form id="form1">
<webuijsf:textField binding="#{login.username}"
id="username" style="position: absolute; left: 216px; top:
96px"/>
<webuijsf:passwordField binding="#{login.password}" id="password"
style="left: 216px; top: 144px; position: absolute"/>
<webuijsf:button actionExpression="#{login.button1_action}"
id="button1" style="position: absolute; left: 216px; top:
216px" text="GO"/>
</webuijsf:form>
</webuijsf:body>
</webuijsf:html>
        </webuijsf:page>
    </f:view>
</jsp:root>h3. *login.java -- implent the
button1_action() method in the login.java backing bean*
    public String button1_action() {
        setValue("#{requestScope.username}",
(String)username.getValue());
setValue("#{requestScope.password}", (String)password.getValue());
        return "loginproxy";
    }h3. {color:#ff6600}*loginproxy.jspx -- a login proxy that the user never sees. The onload="document.forms[0].submit()" automatically submits the form as soon as it is rendered in the browser.*{color}
{code}
<?xml version="1.0" encoding="UTF-8"?>
<jsp:root xmlns:jsp="http://java.sun.com/JSP/Page"
version="2.0">
<jsp:output omit-xml-declaration="true" doctype-root-element="HTML"
doctype-system="http://www.w3.org/TR/html4/loose.dtd"
doctype-public="-W3CDTD HTML 4.01 Transitional//EN"/>
<jsp:directive.page contentType="text/html"
pageEncoding="UTF-8"/>
<html>
<head> <meta
http-equiv="Content-Type" content="text/html;
charset=UTF-8"/>
<title>Logging in...</title>
</head>
<body
onload="document.forms[0].submit()">
<form
action="j_security_check" method="POST">
<input type="hidden" name="j_username"
value="${requestScope.username}" />
<input type="hidden" name="j_password"
value="${requestScope.password}" />
</form>
</body>
</html>
</jsp:root>
{code}
h3. {color:#ff6600}*secure/securepage.jsp -- A simple JSF{color}
target page, placed in the secure folder to test access*
{code}
<?xml version="1.0" encoding="UTF-8"?>
<jsp:root version="2.1"
xmlns:f="http://java.sun.com/jsf/core"
xmlns:h="http://java.sun.com/jsf/html"
xmlns:jsp="http://java.sun.com/JSP/Page" xmlns:webuijsf="http://www.sun.com/webui/webuijsf">
<jsp:directive.page
contentType="text/html;charset=UTF-8"
pageEncoding="UTF-8"/>
<f:view>
<webuijsf:page
id="page1">
<webuijsf:html id="html1">
<webuijsf:head id="head1">
<webuijsf:link id="link1"
url="/resources/stylesheet.css"/>
</webuijsf:head>
<webuijsf:body id="body1" style="-rave-layout: grid">
<webuijsf:form id="form1">
<webuijsf:staticText id="staticText1" style="position:
absolute; left: 168px; top: 144px" text="A Secure Page"/>
</webuijsf:form>
</webuijsf:body>
</webuijsf:html>
</webuijsf:page>
</f:view>
</jsp:root>
{code}
h2. {color:#993300}*_Step 4: Configure Declarative Security_*{color}
This type of security is called +declarative+ because it is not configured programatically. It is configured by declaring all of the relevant parameters in the configuration files: *web.xml* and *sun-web.xml*. Once you have it configured, the container (application server and java framework) already have the implementation to make everything work for you.
*web.xml will be used to define:*
- Type of security - We will be using "form based". The loginpage.jsp we created will be set as both the login and error page.
- Security Roles - The security role defined here will be mapped (in sun-web.xml) to users or groups.
- Security Constraints - A security constraint defines the resource(s) that is being secured, and which Roles are able to authenticate to them.
*sun-web.xml will be used to define:*
- This is where you map a Role to the Users or Groups that are allowed to use it.
+I know this is confusing the first time, but basically it works like this:+
*Security Constraint for a URL* -> mapped to -> *Role* -> mapped to -> *Users & Groups*
h3. {color:#ff6600}*web.xml -- here's the relevant section:*{color}
{code}
<security-constraint>
<display-name>SecurityConstraint</display-name>
<web-resource-collection>
<web-resource-name>SecurePages</web-resource-name>
<description/>
<url-pattern>/faces/secure/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
<http-method>HEAD</http-method>
<http-method>PUT</http-method>
<http-method>OPTIONS</http-method>
<http-method>TRACE</http-method>
<http-method>DELETE</http-method>
</web-resource-collection>
<auth-constraint>
<description/>
<role-name>User</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<realm-name/>
<form-login-config>
<form-login-page>/faces/login.jsp</form-login-page>
<form-error-page>/faces/login.jsp</form-error-page>
</form-login-config>
</login-config>
<security-role>
<description/>
<role-name>User</role-name>
</security-role>
{code}
h3. {color:#ff6600}*sun-web.xml -- here's the relevant section:*{color}
{code}
<security-role-mapping>
<role-name>User</role-name>
<group-name>Users</group-name>
</security-role-mapping>
{code}
h3. {color:#ff6600}*Almost done!!!*{color}
h2. {color:#993300}*_Step 5: A couple of minor "Gotcha's"_ *{color}
h3. {color:#ff6600}*_Gotcha #1_*{color}
You need to configure the "welcome page" in web.xml to point to faces/secure/securepage.jsp ... Note that there is *_no_* leading / ... If you put a / in there it will barf all over itself .
h3. {color:#ff6600}*_Gotcha #2_*{color}
Note that we set the <form-login-page> in web.xml to /faces/login.jsp ... Note the leading / ... This time, you NEED the leading slash, or the server will gag.
*DONE!!!*
h2. {color:#993300}*_Here's how it works:_*{color}
1. The user requests the a page from your context (http://localhost/MyLogin/)
2. The servlet forwards the request to the welcome page: faces/secure/securepage.jsp
3. faces/secure/securepage.jsp has a security constraint defined, so the servlet checks to see if the user is authenticated for the session.
4. Of course the user is not authenticated since this is the first request, so the servlet forwards the request to the login page we configured in web.xml (/faces/login.jsp).
5. The user enters username and password and clicks a button to submit.
6. The button's action method stores away the username and password in the request scope.
7. The button returns "loginproxy" navigation case which tells the navigation handler to forward the request to loginproxy.jspx
8. loginproxy.jspx renders a blank page to the user which has hidden username and password fields.
9. The hidden username and password fields grab the username and password variables from the request scope.
10. The loginproxy page is automatically submitted with the magic action "j_security_check"
11. j_security_check notifies the container that authentication needs to be intercepted and handled.
12. The container authenticates the user credentials.
13. If the credentials fail, the container forwards the request to the login.jsp page.
14. If the credentials pass, the container forwards the request to *+the last protected resource that was attempted.+*
+Note the last point! I don't know how, but no matter how many times you fail authentication, the container remembers the last page that triggered authentication and once you finally succeed the container forwards your request there!!!!+
+The user is now at the secure welcome page.+
If you have read this far, I thank you for your time, and I seriously question your ability to ration your time pragmatically.
Kerry Randolph

If you want login security on your web app, this is one way to do it. (the easiest way i have seen).
This method allows you to create a custom login form and error page using JSF.
The container handles the actual authentication and protection of the resources based on what you declare in web.xml and sun-web.xml.
This example uses a statically defined user/password, stored in a file, but you can also configure JDBC realm in Glassfish, so that that users can register for access and your program can store the username/passwrod in a database.
I'm new to programming, so none of this may be a good practice, or may not be secure at all.
I really don't know what I'm doing, but I'm learning, and this has been the easiest way that I have found to add authentication to a web app, without having to write the login modules yourself.
Another benefit, and I think this is key ***You don't have to include any extra code in the pages that you want to protect*** The container manages this for you, based on the constraints you declare in web.xml.
So basically you set it up to protect certain folders, then when any user tries to access pages in that folder, they are required to authenticate.
--Kerry

In sm_crm automatically populate service and response profiles based on support team

Hi All,
i have a requirement that in SM_CRM transaction while creating a incident user wants to automatically populate service and response profiles based on support team name.
i have checked for BADI's but dint find any which automatically populates service and response profiles at the time of creation of the ticket.
Kindly help!!

Hi Shaswat
This doesn't work as mentioned in the wiki page and SLA doesn't get determined by the org unit or support team via customizing.
We reported this to SAP and got a feedback that this is not supported and will be removed in future from the access sequence.
Therefore the only option is to implement badi i.e. crm_sladet_badi and use BADI determination in ur acess sequence to call this badi.
hope this clarifies
Thanks
Prakhar

Form based security in WebLogic 7.0

I'm sorry for the beginner level question, but I seem to be missing a critical step
in getting Form based security to work. I have a Web application comprised of several
JSPs. I want to attache simple FORM based security contrainsts to all pages in the
app. Here are the exceprts from my web.xml:
<security-constraint>
<web-resource-collection>
<web-resource-name>DTSTAT</web-resource-name>
<url-pattern>/StateServlet/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>Sysops</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/StateServlet/login.html</form-login-page>
<form-error-page>/StateServlet/login-error.html</form-error-page>
</form-login-config>
</login-config>
<security-role>
<role-name>Sysops</role-name>
</security-role>
The app deploys correctly and I have verified that the constrinsts, etc. are recognized
by WebLogic by inspecting the content displayed from the Admin console under the
"Edit Web Apllication Deployment Descriptor" link - all looks as I had expected and
matches the XML configuration above.
I then use the "Define Resources and Roles for Web Resource Collections" link. Under
the "Define Policies" section I see the constraints as defined above. I then use
the "Define Roles" link to define the "Sysops" role for this application and add
the condition "Caller is a member of the group" and use Administrators as the Group.
From this point, I invoke one of the JSPS in the app and presented with the Login
page as expected. However, no matter what I enter for user and password, I always
get the login-error page back. I'm purposely trying to keep this simple so that
I can use the system user as a test case (who is a member of the Administartors group).
However, I have also created an additional separate user and added them to the Administartors
group as well with the same unsuccessful results.
Can anyone help me out please? I've been reading the docs and seem to be missing
a key element somewhere.
Thanks in advance,
Todd

          Try to refer to the documentation for
          Configuring Security in Web Applications at
          http://e-docs.bea.com/wls/docs70///webapp/security.html
          Does the weblogic.log file contain any error or warning
          messages corresponding to your problem ?
          If you have a test case to reproduce the problem, you
          can contact BEA support at [email protected]
          Thanks
          Developer Relations Engineer

Position Based Security

Hi All,
How to find out whether the security implemented is position based or role based. and in position based is there any difference in delaing with authorisation changes, compared to roled based security.
Can some one please let me know the information.
Regards,
Sandhya

Hi,
the difference is on how you assign the roles to users. Position based means that roels are assigned according to the position the user has in the org-structure.
Roles are assigned to the position and each user who is assigned to the position gets those roles assigned.
You can identify such roles as they are assigned indirectly (blue colour in SU01 and PFCG(tab users)) and if hr-org is activated and maintained in your system.
Administrators should know of how they assign roles in your system. Just ask them.
b.rgds,
Bernhard

Mac based security managed centrally (Acs or whatever)

I have a project My customer
want to use Mac Address based Security on their whole network.They want only specific mac addressed pc/notebooks can be connected to their network.But they dont want configuration per switch basis.They wan centralized management.
We first looked for ACS.But we realized that ACS supports only Wireless access point for this kind of purpose.I also found that there is a ACS feature called NAR(Network Access Restriction) Can i use this feature?
They dont want additional integratio n(Active directory or etc.) and dont install any software to their pc/notebooks.Because of this i cant use EAP solution.
They have app 300 pcs and they will enter whole mac address list to ACS and only this PCs will be connect to network.Is it possible ?
Best Regards

I wouldnt recommend this as a strong security solution, but it could be done - in theory.
Customers devices need to be configured to initiate a PAP authentication using pre-configured credentials (a'la NAC auth bypass).
ACS will have this username+password configured plus a network access restriction that lists the allowed set of macaddrs.
While this may work for 300 users, NARs are not that easily scalable.

User Based Security in Power BI (Power Pivot / Power View)

I am looking for a way to implement User based security (based on user access needs to restrict data) for my Power BI reports. Is there any way implement this kind of security. We have this support in traditional OLAP cube by creating roles and manage them
at different dimensional data.
Any help would be highly appreciated.

Hello,
You want to implement this functionality using the Power BI Preview or using the Power BI reports integrated in an application?
Hugs!
Bruno Destro
Dicas de programação em .net, C# e SQL - http://smcode.com.br/blog.aspx

Evidence based security

Does wcf 4.5 and onwards support evidence based security. Please refer to some useful links on msdn. Thanks in advance.

Hi DotNetIndia,
   As per my research of this case, the following links which may guide you to provide the corresponding details :
1.Refer about Security Considerations and Best Practices for WCF
http://visualstudiomagazine.com/articles/2013/08/01/security-considerations-and-best-practices-for-wcf-4-apps.aspx
2.Refer about WCF : Understanding Security
     http://dotnetwithme.blogspot.com/2007/08/wcf-understanding-security.html
3.Refer about Authentication and Authorization in WCF Services
   https://msdn.microsoft.com/en-us/library/ff406125.aspx
4.Refer about Best Practices for Security in WCF
    https://msdn.microsoft.com/en-us/library/ms731059(v=vs.110).aspx
5. Refer about new features in WCF4.5
    https://msdn.microsoft.com/en-us/library/dd456789(v=vs.110).aspx

Adding an External Application that uses J2EE Form Based Security

I'm trying to add an External application that uses the J2EE Form based security. i.e. uses j_username, j_password and posts to j_security_check.
I don't really see how Oracle SSO will support this. The container needs to take control of a clients request and determines when the "Login" page is presented to establish credentials. Posting directly to j_security_check isn't working for me.
I'm using Sybase EAServer 4.12 as the external application.
Is this supported in Oracle SSO?
Do I need to provide a different mechanism for logging user's in?
Also, can someone explain what the benefit would be if I configured the EAServer app as a "Partner" app? I would still have to provide an interface for login. The input would be different but the end result would be the same I guess. What advantages does a Partner app have?
Lastly, is there an NNTP server for these forums?
Thanks.
Darrell

The cure for the symtops described below was to simply add a welcome-file-list
element with appropriate welcome pages to the web.xml descriptor. It makes sense
now that I have worked it out.
Todd
"Todd Gould" <[email protected]> wrote:
>
I have an application comprised of several JSPs that are protected via
Form based
security and enforce an SSL connection via the appropriate declarations
in the
web.xml. This aspect of the application seems to be working with the
exception
of one small quirk.
If a user presses that back button until such time as the receive the
container
provided login page once again, and subsequently provide a valid user
id and password,
they are NOT successfully logged in. Rather, they receive the ugly 403
Forbidden
error that states that the server understood the request, but is refusing
to fufill
it. This only seems to happen given the above course of events involving
the
use of a back button in the browser (or selection of an item from the
history
list). I suspect that this has something to do with the session id being
cached
or something, but I'm not sure? Can anyone offer any assistance on this
one?
Also, does anyone know of a way of preventing the user from bookmarking
this container
provided login page as this also seems to be causing problems for users.
If they
bookmark the first protected page of the application all is fine, but
if they
bookmark the login page they receive the 403 error.
Thanks in advance!

BI Data Access Set-based security

Hi,
My client is using EBS security feature “Data Access Set” for segment security. I'm looking for a tech note to implement this type of security from the OBIEE/OBIA side.
Any pointers on this topic would be very much appreciated,
Tarik Bouaziz.
Environment: OBIEE 11.1.1.5.0 on Solaris Sparc64, OBIA 7.9.6.3, EBS 12.1.3

Tarik,
If I don't mistake, the "Data Access Set" security on EBS 12 is based on the Ledger-Based Security in OBIA (2.6.4 Ledger-Based Security for Oracle EBS).
Gurus, thanks to confirm.
Hope it helps,
Benoît

Is HR Org based security supported in OBIA

Similar Messages

Maybe you are looking for