Is it possible to secure Forms Servlet with a realm/jazn/jaas???

Hi,
Does anyone know how to secure the forms servlet (frmservlet 11g) with something like a realm or jazn/jaas ?
What I would like to do is just permit access to the frmservlet with a simple login jsp page that would forbidden access to frmservlet for people that we're not authenticated... and with this i would not need the SSO...
Regards
Ricardo

Hi,
But the forms app is deployed as an ear file and there's an web.xml config for this app in the container... so... i guess that theorically it's possible isn't it?
Take a look: http://java.dzone.com/articles/understanding-web-security
Regards
Ricardo
Edited by: user12015527 on 15/Fev/2010 7:22

Similar Messages

  • 9iAS using 9iDS Forms servlet

    On my single machine, I am not interested in installing the infrastructure. I have 9iDS installed and I can run my forms app through my 9iDS supplied OC4J, port 8888. No prob.
    I want a simple way to run SSL with my forms app. My idea is install 9iAS (HTTP server, J2EE option) and have it front end my OC4J to more easily (than making OC4J do ssl) accomplish this.
    Can this work? If so, what are my steps?
    I tried modifying my oracle_apache file to point to my 9iDS forms servlet with a line like
    #Forms Servlet
    include "c:\oracle_9i\forms90\server\forms90.conf"
    My 9iAS is in a separate oracle home.
    regards,
    tt

    Frank,
    the Business Intelligence and Forms requires the 9iAS Infrastructure. As I indicated, I do not (gave up after trying for 2 weeks to install) have or want the infrastructure.
    I understand that J2EE provides HTTP server capability, but the effort to configure SSL would be easier with 9iAS than dinking with the OC4J xml and configuring keys, etc.
    So, I have 9iAS (no infrastructure) and 9iDS on the same machine. I noticed that 9iDS uses port 8888 and default 9iAS uses 7777 base. I am still trying. I am going to try a virtual host for my apache to 9iDS.
    Oh, I did get 9iAS to create and manage my Oracle9iDS OC4J instance. Now the trick is actually executing through it. Then I will turn on SSL.
    SUGGESTIONS STILL WELCOME!!
    regards,
    tt

  • ERROR RENDERING PDF IN SERVLET WITH FORM method="post"

    Hello,
    we are trying to render a dinamic PDF document in a servlet building with XSL:FO apache or itext.
    The problem ocurs when we sending a Form data with method post, the output of the servlet is a blank page instead of the pdf document. Also if we send the form data with method "get" we can view the pdf document corretly.
    But we need to send amount information, and can?t use method get.
    Thank

    You can always use GET to send information by generating a dynamic URL in the query string (after the '?'). Granted, you don't want to send file data that way, but it will work for small numbers of arguments where privacy is not a concern.
    As to why you see the PDF in one instance and not another, I'm not sure. There is no difference from an HTTP standpoint. You sent a request, you are getting a response. The browser should treat the response the same, regardless of GET vs POST.
    Are you setting the content-type to application/pdf? Are you doing something fishy with Javascript? Do you have conditional logic in your code that fires on a POST but not on a GET that actually has a bug in it (since GET works but it was designed for POST)?
    - Saish
    "My karma ran over your dogma." - Anon

  • Is it possible to add new columns with format "Text" once a table is linked to a form

    Is it possible to add new columns with format "Text" once a table is linked to a form in Numbers for iPhone or is it impossible and thus a serious bug?(Rating stars and numeric vales seem to work.)
    Those bugs happen both for new speadsheets as well as existing onces, like the demo. When you are in the form only the numeric keyboard shows up.
    Pat from the Apple Store Rosenstrasse/Germany approved that it looks like a Bug during the Numbers Workshop I was in: It is not possible to add new columns with format "Text". I reported the error for Version 1.4 but there is no update nor do I get statement of understanding the issue.

    Hi Knochenhort,
    I see what you are talking about now. Without knowing how the program actually works, I think this is what's going on:
    When you add a new column to an already existing table (with already existing formats), the new cells come already formatted like the previous column. So when you add a column to the end of the demo table, the cells are already formatted like stars, and when you add a column to the beginning, they're already formatted like number.
    I think this is why it's different when if you add columns to a table with blank (unformatted) columns. In that case, the new cells aren't already "tainted" with a set format, so you can change to text format without issue.
    It seems like the problem is that you can't format cells that are already formatted as "number" as "text" format (even if it doesn't look like they are, because they are blank). IMO, this is a bug! This is why you don't see this issue when adding columns to a new table, because the new cells don't already come with a format.
    To workaround, you can highlight the body cells after adding the new column, and delete the cells. This will "clear" the formatting, so you can then go in the inspector, format them as text, and the correct keyboard will pop up.
    Hope that helps!

  • Is it possible to compile under Forte with import com.ms.security.*;

    Is it possible to compile under Forte with import com.ms.security.*; included in a java applet or do I need to compile from Microsoft JDK only? I would like to thank you on advanced.

    Yes; just include the cab/zip file containing those classes in your project. You'll find them from somewhere in your system.
    I would like to thank you on advanced. I don't give you the permission to do that. :)

  • Is it possible to customize dff's with the help of form personalization?

    Is it possible to customize dff's with the help of form personalization.
    I have added few dffs in a form which users want to be customized according tho their choices.
    Can any one help me in this.

    Pl see MOS Doc 420518.1 - section 10

  • I want to create a login form by using servlets with database validation.

    Would you please provide me a code for a login form using servlets with Ms Access database validation?

    No. This is not a free coding service. Your request is (a) ridiculous, (b) offensive, and (c) off-topic. Locking this thread for later deletion.

  • HT4009 I'm attempting to down load an app by the name of hudmaniax,upon entering my password for purchase approval I'm prompted to re enter my password a second time followed up with a form to create a security form ...I.e  name of first school attended e

    I'm attempting to down load an app by the name of hudmaniax,upon entering my password for purchase approval I'm prompted to re enter my password a second time followed up with a form to create a security form ...I.e  name of first school attended etc etC.

    This is normal behaviour.  Apple have recently introduced increased security to protect you from fraudulent transactions.  Once you have answered the questions (remember your answers) you will only be asked for them occasionally in future.

  • Calling servlet with out entry in web.xml

    Hi
    I want to know whether can a servlet be invoked with out having an entry in web.xml.Because to my knowledge when ever an entry is made in teh web.xml the <url-pattern> and the class file will be stored as key value combination it is only then when ever a request is made the server gets the class taht is to be invoked from the <url-pattern> that is passed from the client side.
    Is ther any way by whihc we can call the servlet directly with out an entry in web.xml
    Thanks in advance
    Ajithkumar.S

    Interesting that it is possible on Tomcat anyway.
    What's the real benefit of not having a Servlet
    definied in web.xml?
    The only benefit I see is that
    you don't need to understand/read/change XML when
    adding or removing a servlet. That isn't worth that
    imho. What are the other benefits?The only thing I can think of is , to be able to quickly access a Servlet that you've just written, because it takes additional steps to define it in the web.xml.
    I think it would be a security concern (of some sort) , if the Servlet's class is known, that's why it is better to access a Servlet with a mapping from web.xml

  • FRM-92052 error... unable to connect to server URL /forms/servlet;

    Hi all.
    I'm on forms 11g 11.1.2.1.0
    I'm configuring my form and when I try to run it I have this error:
    FRM-92052: unable to connect to server at URL /forms/servlet;
    I have start up weblogic server and everything is ok.
    When I try to run my form I have the error.
    How can I solve it?
    Thanks all for collaboration,
    Fabrizio

    I open my log file and I copy here error section:
    java.lang.NoSuchMethodError: oracle/forms/net/ConnectionException.<init>(ILjava/lang/String;Ljava/lang/Throwable;)V
         at oracle.forms.servlet.BaseServlet.getConnectionException(Unknown Source)
         at oracle.forms.servlet.BaseServlet.logException(Unknown Source)
         at oracle.forms.servlet.ListenerServlet$Request.getRunformSession(Unknown Source)
         at oracle.forms.servlet.ListenerServlet$Request.getInfo(Unknown Source)
         at oracle.forms.servlet.ListenerServlet$Request.doGet(Unknown Source)
         at oracle.forms.servlet.ListenerServlet$Request.access$100(Unknown Source)
         at oracle.forms.servlet.ListenerServlet.doGet(Unknown Source)
         at javax.servlet.http.HttpServlet.service(HttpServlet.java:707)
         at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
         at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
         at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
         at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:301)
         at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
         at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
         at oracle.security.jps.ee.http.JpsAbsFilter$1.run(JpsAbsFilter.java:119)
         at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:315)
         at oracle.security.jps.ee.util.JpsPlatformUtil.runJaasMode(JpsPlatformUtil.java:442)
         at oracle.security.jps.ee.http.JpsAbsFilter.runJaasMode(JpsAbsFilter.java:103)
         at oracle.security.jps.ee.http.JpsAbsFilter.doFilter(JpsAbsFilter.java:171)
         at oracle.security.jps.ee.http.JpsFilter.doFilter(JpsFilter.java:71)
         at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
         at oracle.dms.servlet.DMSServletFilter.doFilter(DMSServletFilter.java:139)
         at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
         at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun(WebAppServletContext.java:3730)
         at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3696)
         at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
         at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
         at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2273)
         at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2179)
         at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1490)
         at weblogic.work.ExecuteThread.execute(ExecuteThread.java:256)
         at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)
    >
    ####<5-feb-2013 14.42.40 CET> <Notice> <Diagnostics> <missuri377> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <2e61ea05cba29510:6243aa29:13caa961585:-8000-0000000000000024> <1360071760720> <BEA-320068> <Watch 'UncheckedException' with severity 'Notice' on server 'AdminServer' has triggered at 5-feb-2013 14.42.40 CET. Notification details:
    WatchRuleType: Log
    WatchRule: (SEVERITY = 'Error') AND ((MSGID = 'WL-101020') OR (MSGID = 'WL-101017') OR (MSGID = 'WL-000802') OR (MSGID = 'BEA-101020') OR (MSGID = 'BEA-101017') OR (MSGID = 'BEA-000802'))
    WatchData: DATE = 5-feb-2013 14.42.40 CET SERVER = AdminServer MESSAGE = [ServletContext@6140131[app:formsapp module:forms path:/forms spec-version:2.5 version:11.1.2]] Root cause of ServletException.
    java.lang.NoSuchMethodError: oracle/forms/net/ConnectionException.<init>(ILjava/lang/String;Ljava/lang/Throwable;)V
         at oracle.forms.servlet.BaseServlet.getConnectionException(Unknown Source)
         at oracle.forms.servlet.BaseServlet.logException(Unknown Source)
         at oracle.forms.servlet.ListenerServlet$Request.getRunformSession(Unknown Source)
         at oracle.forms.servlet.ListenerServlet$Request.getInfo(Unknown Source)
         at oracle.forms.servlet.ListenerServlet$Request.doGet(Unknown Source)
         at oracle.forms.servlet.ListenerServlet$Request.access$100(Unknown Source)
         at oracle.forms.servlet.ListenerServlet.doGet(Unknown Source)
         at javax.servlet.http.HttpServlet.service(HttpServlet.java:707)
         at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
         at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
         at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
         at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:301)
         at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
         at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
         at oracle.security.jps.ee.http.JpsAbsFilter$1.run(JpsAbsFilter.java:119)
         at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:315)
         at oracle.security.jps.ee.util.JpsPlatformUtil.runJaasMode(JpsPlatformUtil.java:442)
         at oracle.security.jps.ee.http.JpsAbsFilter.runJaasMode(JpsAbsFilter.java:103)
         at oracle.security.jps.ee.http.JpsAbsFilter.doFilter(JpsAbsFilter.java:171)
         at oracle.security.jps.ee.http.JpsFilter.doFilter(JpsFilter.java:71)
         at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
         at oracle.dms.servlet.DMSServletFilter.doFilter(DMSServletFilter.java:139)
         at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
         at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun(WebAppServletContext.java:3730)
         at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3696)
         at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
         at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
         at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2273)
         at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2179)
         at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1490)
         at weblogic.work.ExecuteThread.execute(ExecuteThread.java:256)
         at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)
    SUBSYSTEM = HTTP USERID = <WLS Kernel> SEVERITY = Error THREAD = [ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)' MSGID = BEA-101017 MACHINE = missuri377 TXID = CONTEXTID = 2e61ea05cba29510:6243aa29:13caa961585:-8000-0000000000000022 TIMESTAMP = 1360071760564
    WatchAlarmType: AutomaticReset
    WatchAlarmResetPeriod: 30000
    >
    How can I solve my problem?
    Thanks all for collaboration,
    Fabrizio

  • Host a custom form on E-Business Suite Forms Servlet

    Hi.
    Is it possible to host my own form using the Forms engine integrated with E-Business Suite?. is this a good idea? or do i have to setup another forms servlet?
    I'm trying it with one form with a menu. I just Copied the mmx files and fmx files where all the fmx files of EBS suite reside. or do i need to recompile it inside linux forms compiler (adadmin) using .pll plx, fmb files?
    I manually type the url "domainname.com:8000/dev60cgi/f60cgi?formname.mmx?user=username?password=password"
    where user, password = database user (not apps user)
    when i did this, it still launched the applet but still goes to the main form of EBS? and the custom form doesn't get called..
    regards,
    anton

    I think you can do it.
    Should look in appsweb.cfg configuration file. usaually in $COMMON_TOP/html/bin
    ; 1) Runform Arguments
    ; The module argument defines the first form to be started.
    ; It is composed from parameters %prodTop%/forms/%lang%/%formName%
    ; The default looks like $APPL_TOP/fnd/<version>/forms/US/FNDSCSGN
    ; Following parameters and prodTop are used for composing module.
    ; Note: Personal Home Page modifies the lang setting automatically.
    formName=FNDSCSGN
    lang=US
    Forms servlet is just a mechanism to start the f60webmx processes on the application server (which also has the Forms listener servlet). So you will not need a seperate servlet in your case.
    HTH
    Bansi

  • How can I store a form name with path and then call form from a table

    Is it possible that any form that I built I store that form in some table in DB and then call that form from table, if yes, then how can i get this functionality. I am not very experience in form and do not know if it can be done because i think if it is possible then this can be a good security for application and easy to handle as well.
    Thanks in advance
    Maz

    If you have a Forms block based on this table:
    declare
      module varchar2(100);
    begin
      module := :block.column;
      call_form ( module ) ;
    end;If you don't have any blok based on that table
    declare
      module varchar2(100);
    begin
      select  module_name
      into module
      from ...
      where ...
      call_form ( module ) ;
    end;Francois

  • Securing web services with Sun Access Manager

    Hi!
    I have gone through some documentation about Sun Access Manager, and I'm a little bit confused.
    What I want is to secure some web services which are deployed on a BEA WebLogic 9.1 server (WLS). Two solutions are possible: To install some kind of plugin into WLS or to place some kind of proxy in front of WLS. In both cases, the purpose would be to authenticate the caller based on some kind of ticket (SAML or similar) and authorize access to the web service.
    I have read about the "Sun Java System Access Manager Policy Agent 2.2 for Weblogic 9.1" (those guys really like long names....), but in this documentation web services aren't mentioned at all. They only seem to care about HTTP requests from a browser.
    I have also read about the Policy Agent 2.2 in the documentation called "Sun Java System Access Manager Policy Agent 2.2 Guide for Sun Java System Application Server 9.0/Web Services" (puh...). This document explicitly talks about securing web services the way I want.
    My questions are:
    1) Is it possible to secure WLS based web services in the same way using the Policy Agent for WLS?
    2) Are there any documentation/tutorials/etc?
    Thanks in advance :-)
    Anders

    what you need is a webservices agent that would enable you to "protect" your webservice provider, which I assume is on a BEA weblogic provider.
    the "Sun Java System Access Manager Policy Agent 2.2 for Weblogic 9.1" is "NOT" awebservices agent, but a normal J2EE policy agent.
    So.. having said that. here's what I'd recommend.
    1. install the webservices agent on bea weblogic. (note: NOT the J2EE policy agent)
    2. configure it to use your access manager instance for authentication.
    3. configure your webservices client to use the webservice provider. (note: you'd need the webservices APi's available on the client too... so the quick dirty method would be to install the webservices agent on your client too....) you can later bundle the webservices client independently and provide your"customers" with a webservices client bundle...
    4. voila... your webservices are not "protected" by acces manager ;-)

  • Form automation with PDF's created in Livecycle

    Hi,
    I'm having a issue getting the fields from a PDF file created in Livecycle. I get the following error once I access a field:
    Element not found. (Exception from HRESULT: 0x8002802B (TYPE_E_ELEMENTNOTFOUND))
    Is it possible to use the OLE API's to retreive the fields in the Livecycle form? Here is the code in question:
    Public Function FillForm(ByVal patient As clsPatient, ByVal isNew As Boolean, Optional ByVal CompletionDate As Date = #1/1/1900#) As String Implements iPDFProcess.FillForm
    Dim ds As New DataSet
    Dim dr As DataRow
    Dim NewFile As String
    Dim formApp As AFORMAUTLib.AFormApp
    Dim bOK As Boolean
    Dim avDoc As Acrobat.CAcroAVDoc
    Dim pdDoc As Acrobat.CAcroPDDoc
    Try
      'Set the mouse icon to display an hourglass
      System.Windows.Forms.Cursor.Current = System.Windows.Forms.Cursors.WaitCursor
        If isNew = False Then
            ds = GetData(PatientId, CompletionDate)
            If ds.Tables(0).Rows.Count > 0 Then
                dr = ds.Tables(0).Rows(0)
            End If
        End If
        avDoc = CreateObject("AcroExch.AVDoc")
        bOK = avDoc.Open(lTemplateFileName, "NB")
        avDoc.Maximize(1)
        formApp = CreateObject("AFormAut.App")
        If isNew = True Then  'Only fill Demographic data
            formApp.Fields("PatientId").value = patient.PatientId
            formApp.Fields("DateCompleted").value = Format(Now(), "M/dd/yyyy")
            formApp.Fields("PatientName").value = patient.LastName & ", " & patient.FirstName
         end if
         The rest of the code is not shown to save room.
    As soon it tried to access a field I get the above error. I also have a problem with the following code in another section of my code (for another PDF form). Here is a segment of the code:
        avDoc = CreateObject("AcroExch.AVDoc")
        bOK = avDoc.Open(lTemplateFileName , "NB")
        avDoc.Maximize(1)
        formApp = CreateObject("AFormAut.App")
        acroForm = formApp.Fields
        If isNew = True then
            For Each f As AFORMAUTLib.Field In acroForm
                Select Case f.Name
                    Case "PatientName"
                        f.Value = patient.LastName & ", " & patient.FirstName
                    Case "Gender"
                        f.Value = patient.Gender
                    Case "DateCompleted"
                        f.Value = format(Now(), "M/dd/yyyy")
                    Case "PatientId"
                        f.Value = patient.PatientId
                    Case "DOB"
                        f.Value = patient.BirthDate
                End Select
            Next
        Else
    It always passes right over the loop as it it can't find the fields. What up with that. Thanks for any help that you can provide.

    Apparently the IAC api's will not work with livecycle forms. I just recreated the pdf file in Acrobat alone, and it now works. But this leaves me with other issues such as:
    1. How can I represent a Date picker field?
    2. A few of our forms created in Livecycle use dynamic forms. I.E. Hiding pages until a checkbox is selected for example. Is it possible to get similar results with just Acrobat/reader?
    Thanks for any suggestion or comments.

  • Hide password and user name fields in secure form on landing page

    On a landing page I don't want the password or user name displayed in the "secure" form because I think it will keep people from downloading our e-book. It will cause what some refer to as too much friction—visitors will feel that we are asking too much of them just to download an e-book so won't do it.
    I found somewhere where the user name can be populated with the e-mail address, although I couldn't figure out where to put the code to make it work.
    Can the password fields also be auto-populated and hidden so the user can access the secure zone to download the e-book never even knowing that they had a user name and password assigned to them?
    I'd really appreciate some help here and please keep in mind that html and css is where my expertise stops so if there is a java solution I will need the code and how and where to add it.
    Many thanks for your help.
    John

    This article just might point you in the right direction: http://kb.worldsecuresystems.com/853/cpsid_85381.html

Maybe you are looking for