Is this possible to use no default security realm?
Hi,
I created new security ReadOnlySQLAuthentication provider in the default realm and it works. Now I have all the users from all applications in one realm. If they use the same enterprise roles, user can log to one application with login and password from another application. To prevent it I created another security realm. I've added ReadOnlySQLAuthentication provider, set in my application new realm name - in jazn-data.xml and web.xml. But it doesn't work. My questions are:
It is possible to use few realms? So one application will use default realm, another no default realm.
If so, how to bind an application to no default realm?
Bart
Hi,
A WLS instance only supports a single realm. So the answer unfortunately is no (was different with OC4J)
Frank
Similar Messages
-
What should be I have to do , If I want IDM-CC add-on in my firefox 4? Firefox do not support IDM-CC add-on. Is this possible to use idm-cc in firefox 4?
Hello! I had this problem and fixed it by entering here: http://www.internetdownloadmanager.com/support/firefox_integration.html
You just need to go down below the page and click on "Install"... Then, firefox gonna install the new IDM CC complement. Restart firefox, and enjoy it :D -
Hi,
Our goal is to use LDAP(Iplanet Directory Server 5.0) as a security Realm
for Weblogic Personalization and Commerce 3.5.
Using the WLCS console, I've modified the config.xml file and following
elements are added:
<LDAPRealm AuthProtocol='simple' Credential='admin'
GroupDN='ou=groups,dc=netnumina,dc=com' GroupIsContext='false'
GroupUsernameAttribute='uniquemember'
LDAPURL='ldap://sanand.netnumina.com:389' Name='wlcsLDAPRealm'
Principal='uid=admin,ou=administrators,ou=topologymanagement,o=netscaperoot'
UserAuthentication='local' UserDN='ou=people,dc=netnumina,dc=com'
UserNameAttribute='uid'/>
<CachingRealm BasicRealm='wlcsLDAPRealm' CacheCaseSensitive='true'
Name='wlcsCachingRealm'/>
But when we try to restart the WLCS, it throws java exceptions that context
is not initialized and I get the following error
<Jun 15, 2001 3:41:28 PM EDT> <Emergency> <Server> <Unable to initialize the
ser
ver: 'Fatal initialization exception
Throwable: weblogic.security.ldaprealm.LDAPException: could not get
context - wi
th nested exception:
[java.lang.reflect.InvocationTargetException - with target exception:
[javax.naming.AuthenticationException: [LDAP: error code 49 - Invalid
Credential
s]]]
weblogic.security.ldaprealm.LDAPException: could not get context - with
nested e
xception:
I tried using Windows NT as a security realm but that gave me errors too.
Does anyone has any experience using anything other than the default Realm?
Any help would be appreciated. Thanks!
Asim Raja
[email protected]I'm not sure, but I suspect you can't
since this would create a circular dependency -
your realm would rely on the upper level security
checking calls but those calls would rely on your
realm.
My suggestion is to give it a try and see what
happens.
-Tom
Ozcan ADIYAMAN <[email protected]> wrote:
Hi ,
I am implementing a simple custom security realm using LDAP as the
security store and I can see the users, groups and acls from the admin
console.
My question is (a custom realm newbie question) ;
Is it possible to use weblogic.security.acl.Security with my custom
realm to check permissions, get the current user,etc.,
OR
is this class ONLY used with default realms (when ACL is stored in a
file) ?
Thanks
Ozcan -
BEA public API (WLS6.1)for programatically updating default security realm?
Hi,
Does anyone know how to use BEA's public API to programmatically add/update WLS
6.1 user credentials in the default security realm? The API would of course
automatically persist the updates to $WLS/config/mydomain/fileRealm.properties.
Is there a way to do such updates by programmatically engaging the WLS security
realm related Mbeans? I basically need to do (from a deployed application component)
what is easily done from the WLS Console's [security->User->Add User/Change
Password] screen. Ideally, I could use the same API that the weblogic.security.acl.internal.FileRealm
command line utility (or wlshell also) uses to make updates. But I doubt that
the classes used by these tools are in BEA's public API for WLS 6.1. Especially
important to me would be the BEA API mechanism that takes a clear-text password
and hashes it to the encrypted format written in fileRealm.properties (and synchronized
w/ SerializedSystemIni.dat). Ultimately, I am trying to replicate a large
Oracle table of (*user, clear-text -password, group) records into the default
WLS security realm. Thanks for any insights.
BenThanks to another's post, I have found the answer to my problem in the Girdley/Woollen/Emerson
book "J2EE Applications and BEA WebLogic Server" pp. 496-498:
Note: this code segment is for WLS 6.1 and this API is said to be deprecated
in WLS 7+
//Roughly outlined, assuming session w/ userName, groupName, password Strings
in HTTP Post request
weblogic.security.acl.CachingRealm realm = (weblogic.security.acl.CachingRealm)
weblogic.security.acl.Security.getRealm();
weblogic.security.acl.User u;
weblogic.security.acl.Group g;
u = realm.newUser(userName, password, null);
g = realm.getGroup(groupName); // use g = realm.newGroup(groupName) if groupName
does not exist in realm
g.addMember(u);
//log in the new user
int rc = weblogic..servlet.security.ServletAuthentication.weak(userName, password,
httpSession);
// use realm.deleteUser(u), realm.deleteGroup(g) as appropriate, etc.
"Ben Cotton" <[email protected]> wrote:
>
>
Hi,
Does anyone know how to use BEA's public API to programmatically add/update
WLS
6.1 user credentials in the default security realm? The API would of
course
automatically persist the updates to $WLS/config/mydomain/fileRealm.properties.
Is there a way to do such updates by programmatically engaging the
WLS security
realm related Mbeans? I basically need to do (from a deployed application
component)
what is easily done from the WLS Console's [security->User->Add User/Change
Password] screen. Ideally, I could use the same API that the weblogic.security.acl.internal.FileRealm
command line utility (or wlshell also) uses to make updates. But I
doubt that
the classes used by these tools are in BEA's public API for WLS 6.1.
Especially
important to me would be the BEA API mechanism that takes a clear-text
password
and hashes it to the encrypted format written in fileRealm.properties
(and synchronized
w/ SerializedSystemIni.dat). Ultimately, I am trying to replicate
a large
Oracle table of (*user, clear-text -password, group) records into the
default
WLS security realm. Thanks for any insights.
Ben -
This possible? == use iTunes to sync your contacts to Macbook contacts?
Hi guys,
As I am unable to sync my contacts from Mobileme to my contacts in my macbook (my earlier post), a possible solution I was thinking of is if I am able to use iTunes and sync the contacts from my iphone into my contacts on my Macbook.
Is this possible and if so, can you tell me the steps please.... a million thanksNo. The iPhone stores no data on a sim card, thus there is no way to do what you want using iTunes.
-
Hi,
I have different sets of users coming from different databases and using different
roles mapping for each of my web applications. I would like to configure a specific
security realm per application in my weblogic server 7.0 . Is it possible ?
I try to specify the realm-name of the login-config tag from the web-xml deployement
descriptor but it doesn't make any difference. The default realm is always used.
I also would like to tell the Weblogic server to use the default realm in case
the realm isn't specified or isn't found. For example, the default would contains
my admin users.
Thanks a lot for your answer.
IzI thik this is a common mistake the ralm-name tag in the deployment descriptor is used
just by the browser for display purposes (when it opens the basic auth dialog box) so as
of now there is only 1 active realm which can have multiple providers as Kevin pointed
out
Kevin Lewis wrote:
WebLogic 7 now ignores the realm-name tag (I found that out yesterday).
My understanding is that there is only one realm active at a time for a domain
(I would be interested in being contradicted in this).
However, you can have multiple providers in each category of a realm: authentication,
authorization, etc. Therefore, what you can do is key authentication, et al,
off of some other information. We have our users enter their company, for example,
and use the TextInputCallback to get it. You could also encode something in the
initial page, based on the URL they hit, or whatever, and get that back in your
callback.
You can store that information in your own Principal implementation, and key off
of that in your authorization provider, going to a different database as appropriate,
or abstaining when a specific provider doesn’t have anything to say about a subject.
Anyway, there should be a way to do it, even if it's more complex than you would
have hoped.
--Kevin -
Unable to use a custom security realm with Netscape Directory Server in WebLogic 7
I have all users and groups stored in a Netscape LDAP server (version 4.1.6 on
Solaris 8), so I want to create a custom security realm in WebLogic 7 (also run
on Solaris 8) which uses my LDAP server as the Authenticator. I tried this by
using the Admin Console and followed exactly the steps in Chapter 3 of the "Managing
WebLogic Security" doc. However, when I rebooted WebLogic and logged into the
Admin Console again and clicked the Users node under my custom realm, I saw this
message in the right-hand pane: "There are no Authentication providers available
that support the creation of Users". Also, I don't see my custom realm in the
dropdown list under mydomain -> Security tab -> General tab -> Default Realm.
What did I do wrong? Also, where does WebLogic store the custom security realm
info? It is definitely not in config.xml.
Thanks,
Eric MaThanks for the info.
I wonder when they will fix it.
Jakub
U¿ytkownik "Eric Ma" <[email protected]> napisa³ w wiadomo¶ci
news:[email protected]..
>
According to BEA Tech Support, a known bug prevents the WLS 7 AdminConsole from
displying users and groups defined in Netscape Directory Server.
Eric Ma
"Jakub Wroniszewski" <[email protected]> wrote:
I have the same problem.
Any new ideas?
Rgds,
Jakub
U¿ytkownik "Eric Ma" <[email protected]> napisa³ w wiadomo¶ci
news:[email protected]..
Now I doubt my custom security realm is actually using the NetscapeDirectory Server
as the authenticator. Unlike in WebLogic 6.1 Admin Console, whereclicking on
the Users node displays all users in the LDAP server, in WebLogic 7I keep
getting
the message "There are no Authentication providers available that
support
the
creation of Users." Any suggestions?
"Eric Ma" <[email protected]> wrote:
Never mind. I tried again by following the steps outlined at
http://newsgroups.bea.com/cgi-bin/dnewsweb?cmd=article&group=weblogic.deve
l
oper.interest.security&item=8463&utag=
and it seemed to have worked for me.
"Eric Ma" <[email protected]> wrote:
I have all users and groups stored in a Netscape LDAP server (version
4.1.6 on
Solaris 8), so I want to create a custom security realm in WebLogic7
(also run
on Solaris 8) which uses my LDAP server as the Authenticator. I
tried
this by
using the Admin Console and followed exactly the steps in Chapter3
of
the "Managing
WebLogic Security" doc. However, when I rebooted WebLogic and logged
into the
Admin Console again and clicked the Users node under my custom realm,
I saw this
message in the right-hand pane: "There are no Authentication
providers
available
that support the creation of Users". Also, I don't see my customrealm
in the
dropdown list under mydomain -> Security tab -> General tab ->
Default
Realm.
What did I do wrong? Also, where does WebLogic store the customsecurity
realm
info? It is definitely not in config.xml.
Thanks,
Eric Ma -
Errors encountered while using a Custom Security Realm on a Platform Domain
Hi,
We have created a WebLogic Platform Domain. A WebLogic Portal application(Portal
7.0) and some Web Service apps are running on this domain.
We have created a Custom Security Realm b'cos of our application requirements
and now when I startup the Platform Domain, I see lot of errors.
Some of the errors typically are
"<Jan 16, 2003 4:07:02 PM EST> <Error> <HTTP> <101256> <The run-as user: wlisystem,
for the servlet: ApplicationView for the webapp: /WLI_AI_Workshop_Control_Web,
could not be resolved to a valid user in the system. Please check if the user
exists.
javax.security.auth.login.LoginException: Authentication Failed: User wlisystem
denied in Realm Adapter realm weblogic"
or
Unable to deploy EJB: wlai-eventprocessor-ejb.jar from wlai-eventprocessor-ejb.jar:weblogic.ejb20.WLDeploymentException:
weblogic.ejb20.interfaces.PrincipalNotFoundException: Authentication Failed: User
wlisystem denied in Realm Adapter realm weblogic
Do we have to create any predefined user accounts in the Security Store to get
rid of these errors. I would appreciate if anyone can suggest some tips or workarounds
for configuring or creating a Custom Security Realm for Web Logic Platform Domain.
Thanks
VikramHello Vikram,
Are you using the new WLS 7.0 security framework? It is not supported for
Portal 7.0. For Portal 7.0 apps you have to use compatibility mode (6.x
style) security.
Ture Hoefner
BEA Systems, Inc.
www.bea.com
"Vikram Datla" <[email protected]> wrote in message
news:3e273015$[email protected]..
>
Hi,
We have created a WebLogic Platform Domain. A WebLogic Portalapplication(Portal
7.0) and some Web Service apps are running on this domain.
We have created a Custom Security Realm b'cos of our applicationrequirements
and now when I startup the Platform Domain, I see lot of errors.
Some of the errors typically are
"<Jan 16, 2003 4:07:02 PM EST> <Error> <HTTP> <101256> <The run-as user:wlisystem,
for the servlet: ApplicationView for the webapp:/WLI_AI_Workshop_Control_Web,
could not be resolved to a valid user in the system. Please check if theuser
exists.
javax.security.auth.login.LoginException: Authentication Failed: Userwlisystem
denied in Realm Adapter realm weblogic"
or
Unable to deploy EJB: wlai-eventprocessor-ejb.jar fromwlai-eventprocessor-ejb.jar:weblogic.ejb20.WLDeploymentException:
weblogic.ejb20.interfaces.PrincipalNotFoundException: AuthenticationFailed: User
wlisystem denied in Realm Adapter realm weblogic
Do we have to create any predefined user accounts in the Security Store toget
rid of these errors. I would appreciate if anyone can suggest some tips orworkarounds
for configuring or creating a Custom Security Realm for Web Logic PlatformDomain.
>
Thanks
Vikram -
Hi,
I recently downloaded Weblogic7.0. And I have created a new security realm. But there
is no option i can see on the console to set the new security realm as default realm.
If anyone did this before, please reply me.
Thanks
VenkatIts available under Domain(examples)---->Security---->General
Venkat wrote:
Hi,
I recently downloaded Weblogic7.0. And I have created a new security realm. But there
is no option i can see on the console to set the new security realm as default realm.
If anyone did this before, please reply me.
Thanks
Venkat -
Using an alternate security realm
Hi,
I'm trying to configure the Weblogic Personalization & Personalization
Server v3.5 to use NT or LDAP as a security realm.
With LDAP, the server reboots properly but when I try to goto
http://localhost:7501/tools, it prompts me for password/userid and none of
the user accounts(including for weblogic and those in the LDAP) work.
When I try to configure for NT security realm and then I try to reboot the
server, I get the error message below.
Any help would be greatly appreciate. Thanks!
Asim
[email protected]
NT error message:
U n a b l e t o a d j u s t t o k e n p r i v i l e g e s
U n a b l e t o a d j u s t t o k e n p r i v i l e
g e
s
java.lang.SecurityException: Unable to assert all required
priviledges
at weblogic.security.ntrealm.NTDelegate.initFields(Native Method)
at weblogic.security.ntrealm.NTDelegate.loadlib(NTDelegate.java:218)
at weblogic.security.ntrealm.NTDelegate.<init>(NTDelegate.java:84)
at weblogic.security.ntrealm.NTRealm.<init>(NTRealm.java:42)
at java.lang.Class.newInstance0(Native Method)
at java.lang.Class.newInstance(Class.java:237)
at weblogic.security.acl.Realm.getRealm(Realm.java:84)
at weblogic.security.acl.Realm.getRealm(Realm.java:62)
at
weblogic.security.SecurityService.initializeRealm(SecurityService.jav
a:265)
at
weblogic.security.SecurityService.initialize(SecurityService.java:123
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:343)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:169)
at weblogic.Server.main(Server.java:35)
<Jun 19, 2001 1:58:10 PM EDT> <Emergency> <Server> <Unable to initialize the
ser
ver: 'Fatal initialization exception
Throwable: java.lang.IllegalAccessError: java.lang.SecurityException: Unable
to
assert all required priviledges -- bad domain name
java.lang.IllegalAccessError: java.lang.SecurityException: Unable to assert
all
required priviledges -- bad domain nameHi,
I'm trying to configure the Weblogic Personalization & Personalization
Server v3.5 to use NT or LDAP as a security realm.
With LDAP, the server reboots properly but when I try to goto
http://localhost:7501/tools, it prompts me for password/userid and none of
the user accounts(including for weblogic and those in the LDAP) work.
When I try to configure for NT security realm and then I try to reboot the
server, I get the error message below.
Any help would be greatly appreciate. Thanks!
Asim
[email protected]
NT error message:
U n a b l e t o a d j u s t t o k e n p r i v i l e g e s
U n a b l e t o a d j u s t t o k e n p r i v i l e
g e
s
java.lang.SecurityException: Unable to assert all required
priviledges
at weblogic.security.ntrealm.NTDelegate.initFields(Native Method)
at weblogic.security.ntrealm.NTDelegate.loadlib(NTDelegate.java:218)
at weblogic.security.ntrealm.NTDelegate.<init>(NTDelegate.java:84)
at weblogic.security.ntrealm.NTRealm.<init>(NTRealm.java:42)
at java.lang.Class.newInstance0(Native Method)
at java.lang.Class.newInstance(Class.java:237)
at weblogic.security.acl.Realm.getRealm(Realm.java:84)
at weblogic.security.acl.Realm.getRealm(Realm.java:62)
at
weblogic.security.SecurityService.initializeRealm(SecurityService.jav
a:265)
at
weblogic.security.SecurityService.initialize(SecurityService.java:123
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:343)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:169)
at weblogic.Server.main(Server.java:35)
<Jun 19, 2001 1:58:10 PM EDT> <Emergency> <Server> <Unable to initialize the
ser
ver: 'Fatal initialization exception
Throwable: java.lang.IllegalAccessError: java.lang.SecurityException: Unable
to
assert all required priviledges -- bad domain name
java.lang.IllegalAccessError: java.lang.SecurityException: Unable to assert
all
required priviledges -- bad domain name -
Is this possible to use in iWeb?
Since my site seems to have a fragmented loading sequence because the size is so large, I was searching to see if there was some sort of plug-in that could be used to transition between pages...
I found this site, but I didn't know if the coding could be used in iWeb?
http://tiny.cc/I08tO
If this can't work, is there anything that is similar to this that does work in iWeb? I would welcome any suggestions.
thanks!It loads very fast for me. A nicely designed site by the way. If the site is loading slow for you on a Mac it could be your connection. If the problem lies with Internet Explorer on PCs then there is some optimizing you can do to speed it up. See Roddy's post in this thread: http://discussions.apple.com/thread.jspa?threadID=1837981&tstart=0. He has a site, iWebforMusicians.com, which has many good tips dealing with IE.
OT -
Hi everyone,
I need HELP I have a bunch of vector clip arts, which are Black (C,M,Y,K100). I need it in 35 different colors Saved as Illustrator 8 EPS and I also need those file in 72 DPI PNG Transparent files.
Thanks for any help.
Akkudo.Good evening,
0) In your templates give a specific namme to each path or groups or items via the layers window.
The objective is to use a script like these two:
Set myLayerCercle = my_Laieur_elements.GroupItems("Laplupart").PathItems("LaplupartCercle")
myAiApp.Redraw
myLayerCercle.FillColor.Spot.Color.Cyan = 0
myLayerCercle.FillColor.Spot.Color.Magenta = 100
myLayerCercle.FillColor.Spot.Color.Yellow = 80
myLayerCercle.FillColor.Spot.Color.Black = 0
myAiApp.Redraw
or
textRef.Paragraphs.Add ("myNewText")
textRef.Paragraphs(1).ParagraphAttributes.Justification = aiRight
textRef.Paragraphs(1).CharacterAttributes.Size = 12
textRef.Paragraphs(1).CharacterAttributes.HorizontalScale = 10
textRef.TextRange.CharacterAttributes.BaselineShift = fontBaseLineShift
textRef.TextRange.CharacterAttributes.TextFont = myAiApp.TextFonts.Item("Times")
textRef.TextRange.CharacterAttributes.FillColor.Black = 0
textRef.TextRange.CharacterAttributes.FillColor.Magenta = 100
textRef.TextRange.CharacterAttributes.FillColor.Yellow = 0
textRef.TextRange.CharacterAttributes.FillColor.Cyan = 0
If you agree please send your eps file via my email. I could be than more efficient.
Have a good evening
Patrice
*) open an office sofware (Word or Excel) and go to the Visual basic editor (alt+F11) and
copy and paste these script; replace nom_docAi with your eps file name
Public nom_docAi
Sub myPrg()
call OpenAi
call openBaseFile '= open the eps file
call myRectangle(100,100,200,300)
call saveEPS(nom_docAi )
call savePNG(nom_docAi )
end sub
Sub OpenAi()
'*** le fichier excel et illustrator se trouvent dans le même répertoire
myPath = ActiveWorkbook.Path
'*** Définition de la variable "application"
Set myAiApp = CreateObject("Illustrator.Application.CS4")
End Sub
Sub openBaseFile()
'*** Définition et ouverture du fichier illustrator de base
nom_eps = "cycle.eps"
'nom_docAi = myPath & "\" & nom_eps
nom_docAi = "G:\graph" & "\" & nom_eps
Set myDocAi = myAiApp.Open(nom_docAi, 1)
End Sub
Sub saveEps(myPictureName)
'*** Sauvegarde fichier
Set myDocAi = myAiApp.ActiveDocument
Set myEpsSave = CreateObject("Illustrator.EPSSaveOptions.CS4")
myDocAi.CropBox = myDocAi.VisibleBounds
myEpsSave.EmbedAllFonts = True
myEpsSave.Preview = aiColorTIFF
myEpsSave.postscript = ailevel3
myAiApp.ActiveDocument.SaveAs myPictureName, myEpsSave
End Sub
sub myRectangle(x, y, LenghRect, HeightRect)
'*** Sélection du calque recevant les rectangles
Set Laieur = docAi.layers("data")
myAiApp.Redraw
Set myRect = docAi.PathItems.Rectangle(y, x, LenghRect, HeightRect)
myRect.FillColor.Cyan = 0
myRect.FillColor.Yellow = 100
myRect.FillColor.Magenta = 35
myRect.FillColor.Black = 0
myRect.Stroked = False
myAiApp.Redraw
'mTab = myCColor(mType)
End Function
Sub savePNG(myPictureName)
'*** Sauvegarde fichier
myPictureName = Replace(myPictureName, ".eps", ".png")
Set myAiApp = CreateObject("Illustrator.Application.CS4")
Set docAi = myAiApp.ActiveDocument
Set pngExportOptions = CreateObject("Illustrator.ExportOptionsPNG24.CS4")
pngExportOptions.AntiAliasing = True
pngExportOptions.Transparency = True
docAi.Export myPictureName, aiPNG24, pngExportOptions
End Sub -
One custom security realm for many wl servers?
Is it possible to use one custom security realm for many weblogic servers...ie
one login for all application on different weblogic server.Is it possible to use one custom security realm for many weblogic servers...ie
one login for all application on different weblogic server. -
10.1.3.1 issue: not possible to use default revision endpoint
My use case is the following.
Messages are sent from back-end systems to the BPEL engine, which start processes in BPEL.
Because I don't want the back-end systems to be aware of the version of the processes, I want to submit the request from the back-end system to the default end-point. This is not possible anymore in 10.1.3.1. It was possible in 10.1.2
Examples of options:
10.1.2
Default wsdl works: http://serverXXX:7777/orabpel/default/ProcessXXX/ProcessXXX?wsdl
Explicit version wsdl works: http://serverXXX:7777/orabpel/default/ProcessXXX/1.0/ProcessXXX?wsdl
Default end-point works: http://serverXXX:7777/orabpel/default/ProcessXXX
Expliciet version wsdl works:
http://serverXXX:7777/orabpel/default/ProcessXXX/1.0
In 10.1.3.1 the default end-point doesn't work anymore.
- If I have a new version for which the implementation has changed, but the interface has remained unchanged, I want to deploy a new version (e.g. 1.1).
- The 1.1 version will become the default
- I don't want to change the end-point configuration in my back-end systems
- If I deploy a changed process with the same version (again 1.0), I will not be able anymore to analyse the 1.0 versions of the previous implemementation of the process
I know that in an ideal world, the lookup of the end-point will be done dynamically using the WSDL, but my backend-systems are not that SOA aware.
Is there a solution for this?
Thanks,
Jan WillemMarc,
When requesting the default end-point in a browser, I get a page not found 404 error.
Your comment (BTW) is right on the spot. This is just my problem.
I want to deploy a new version, with a new number without changing the end-point configuration in my back-end applications.
I hoped that this is possible by using the default end-point (which was possible in 10.1.2), but it seems that this is not possible in 10.1.3.1.
Any other ideas?
Jan Willem -
Use of default XACML with custom role mapper and authorization provider
Hi,
Is it possible to use the default XACML provider for custom role mappers and authorization providers when role information will be provided via an external application ( not an LDAP or RDBMS server )?
My custom providers will be communicating with the external application via an API that accepts user credentials and will return decisions whether the credentials were successfully authenticated as well as returning a list of roles for the authenticated user.
Once the roles and the subject are cached, will the default XACML provider be able to use them to make role mapping and authorization decisions?I see 2 approaches. First, write a custom authenticator that stores the role information in the subject either by creating a custom java.security.Principal that is stored in the Subject or by saving it in PrivateCredentials of the Subject. Then right a custom role mapper that knows how to get the role information from the Subject and return a role Map. The default XACML Authorizer will then work with the role information in the role map.
Second approach is to write a custom role mapper that looks up the role information based on the Subject and returns a role map.
The chosen approach depends on where you're getting the role information from.
Maybe you are looking for
-
Firefox 18 no longer works with Mac OSX v10.8.2 Mountain Lion
I have been running FireFox v17 with Mountain Lion (OSX 10.8.2) without any issues. The auto updater from Mozilla requested that I upgrade to FireFox v18, but since installing Mozilla FireFox crashes immediately. The browser opens but then does nothi
-
How to create an expression using distinct()?
I want to create an expression for the following SQL statement: select distinct aCol from mytable where bCol = 123 and cCol = 'something'; My expression without using the distinct() is followed: Expression exp = new ExpressionBuilder().get("bcol"). e
-
Why can't Quicktime X read multipage pdf files in Safari 5.1?
All I get is the first page of the pdf file Software is up to date There seems to be more downs to Lion than there is ups. Do I have to switch to Chrome?
-
Hi All, I have a questions to ask. Is that i create a subvi for my table and it can display latest value at the top. Below attached snapshots of my programming. I uses a random number and stop button to control to let u guys see the whole process of
-
I just bought a new Nokia N8 3 days ago. The problem I had so far is I cannot take a picture with "camera key". After holding it for 2s, the red light starts off and the green focus indicator appears. But after that, it would not take the picture,