J2EE Container Managed Security doc and inquiry about what to do if I tweak

hello:
If the application_roles is taken out of the database schema, would the example still work with minimal changes? There is a possibility our organization may a separate department handling username and password while our app and our separate database will handle roles. Is there something I need to be aware of or is it just a matter of looking up the role in a separate table after authentication? Based on roles, users will have different authorities. is there something built in Oracle JDev?
Thanks

Hi,
you can do anything you want with custom LoginModules. If the provided database login module in OC4J is not sufficient then you can also build yur own login module (or use one of the three I built and published 2 years ago). So the answer is that it is not relevant of where the role definition comes from as long as it is associated with the user upon authentication
Frank

Similar Messages

  • ADF Security to J2EE Container Managed Security Problems

    Hi al!
    I had ADF security enabled in my application. I've added roles and users to embedded OC4J Server Preferences..., configured authorization using pageDefs... (following the Introduction to ADF Security in JDeveloper 10.1.3.2 howto).
    For the sake of friendlier user and roles management I decided to go to 2EE Container Managed Security (I want application manager in production environment to be able to manage users in only one place, not in DB table and extra for web app). I followed Frank Nimphius's Database Authentication and Authorization in J2EE Container Managed Security article.
    Now I have some problems. I removed users and roles from embedded OC4J Server Preferences... (I believe this are used only for ADF security, am I right?). I can log to application with admin user account (app index page doesn't have any binds and even pageDef), but when trying to access admin pages I get 401 Unauthorized page.
    What am I doing wrong, probably I've forgotten something? I'm a bit confused now with users and roles settings and ADF and container managed security.
    Part of my web.xml file:
    <servlet>
    <servlet-name>adfAuthentication</servlet-name>
    <servlet-class>oracle.adf.share.security.authentication.AuthenticationServlet</servlet-class>
    <init-param>
    <param-name>success_url</param-name>
    <param-value>/faces/app/index.jspx</param-value>
    </init-param>
    <load-on-startup>1</load-on-startup>
    </servlet>
    <servlet-mapping>
    <servlet-name>adfAuthentication</servlet-name>
    <url-pattern>/adfAuthentication/*</url-pattern>
    </servlet-mapping>
    <security-role>
    <description>Admins</description>
    <role-name>admin_role</role-name>
    </security-role>
    <security-role>
    <description>Users</description>
    <role-name>user_role</role-name>
    </security-role>
    <security-role>
    <role-name>oc4j-administrators</role-name>
    </security-role>
    <security-constraint>
    <web-resource-collection>
    <web-resource-name>AllAdmins</web-resource-name>
    <url-pattern>faces/admin/*</url-pattern>
    </web-resource-collection>
    <auth-constraint>
    <role-name>admin_role</role-name>
    </auth-constraint>
    </security-constraint>
    <security-constraint>
    <web-resource-collection>
    <web-resource-name>AllUsers</web-resource-name>
    <url-pattern>faces/app/*</url-pattern>
    </web-resource-collection>
    <auth-constraint>
    <role-name>user_role</role-name>
    <role-name>admin_role</role-name>
    </auth-constraint>
    </security-constraint>
    <security-constraint>
    <web-resource-collection>
    <web-resource-name>adfAuthentication</web-resource-name>
    <url-pattern>/adfAuthentication</url-pattern>
    </web-resource-collection>
    <auth-constraint>
    <role-name>oc4j-administrators</role-name>
    <role-name>user_role</role-name>
    <role-name>admin_role</role-name>
    </auth-constraint>
    </security-constraint>
    Do I have to remove this adfAuthentication tags?
    I know I've made things a bit complicated for me now and for anyone to help, but I hope I will get at least some pointers what to do now and maybe some explanation about roles in container managed security? Is it enaugh to have security constraints and roles defined in web.xml file or they have to be defined somewhere else also (beside the database)?
    Thank you in advance!
    Bye
    PS
    Maybe stack trace after login:
    FINE: LoginConfigProvider.ctr: lmm=[LoginModuleManager: jznCfg=[JAZNConfig null], appConfigEntries={oracle.security.jazn.oc4j.CertificateAuthenticator=[javax.security.auth.login.AppConfigurationEntry@3625d0], oracle.security.jazn.tools.Admintool=[javax.security.auth.login.AppConfigurationEntry@eca6e7], oracle.security.jazn.oc4j.WebCoreIDSSOAuthenticator=[javax.security.auth.login.AppConfigurationEntry@c1c7c4], oracle.security.jazn.oc4j.DigestAuthenticator=[javax.security.auth.login.AppConfigurationEntry@221f81], oracle.security.wss.jaas.SAMLAuthManager=[javax.security.auth.login.AppConfigurationEntry@426e05], oracle.security.jazn.oc4j.JAZNUserManager=[javax.security.auth.login.AppConfigurationEntry@145240a], current-workspace-app=[javax.security.auth.login.AppConfigurationEntry@4120aa], oracle.security.wss.jaas.JAASAuthManager=[javax.security.auth.login.AppConfigurationEntry@1c78f98]}]
    24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule initialize
    FINE: [DBTableOraDataSourceLoginModule] option data_source_name = jdbc/TESTDbDS
    24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule initialize
    FINE: [DBTableOraDataSourceLoginModule] option table = APPLICATION_USER
    24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule initialize
    FINE: [DBTableOraDataSourceLoginModule] option groupMembershipTableName = APPLICATION_ROLE
    24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule initialize
    FINE: [DBTableOraDataSourceLoginModule] option usernameField = USR_EMAIL
    24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule initialize
    FINE: [DBTableOraDataSourceLoginModule] option passwordField = USR_PSW
    24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule initialize
    FINE: [DBTableOraDataSourceLoginModule] option groupMembershipGroupFieldName = ROLE_NAME
    24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule initialize
    FINE: [DBTableOraDataSourceLoginModule] option user_pk_column = USR_EMAIL
    24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule initialize
    FINE: [DBTableOraDataSourceLoginModule] option roles_fk_column = USR_EMAIL
    24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule initialize
    FINE: [DBTableOraDataSourceLoginModule] option pw_encoding_class = null
    24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule initialize
    FINE: [DBTableOraDataSourceLoginModule] option realm_column = null
    24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule initialize
    FINE: [DBTableOraDataSourceLoginModule] option application_realm = null
    24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule initialize
    FINE: [DBTableOraDataSourceLoginModule] option casing = toupper
    24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule login
    FINE: [DBTableOraDataSourceLoginModule]login called on DBTableLoginModule
    24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule login
    FINE: [DBTableOraDataSourceLoginModule]Calling callbackhandler ...
    24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule login
    FINE: [DBTableOraDataSourceLoginModule]Username returned by callback = admin
    24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule login
    FINE: [DBTableOraDataSourceLoginModule]Username changed to case as defined by toupper to ADMIN
    24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule performDbAuthentication
    FINE: [DBTableOraDataSourceLoginModule]User query string: select USR_EMAIL,USR_PSW from APPLICATION_USER where USR_EMAIL= (?)
    24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule performDbAuthentication
    FINE: [DBTableOraDataSourceLoginModule]User primary key value found = ADMIN
    24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule performDbAuthentication
    FINE: [DBTableOraDataSourceLoginModule]Password encoded by: oracle.security.jazn.login.module.db.util.DBLoginModuleClearTextEncoder
    24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule performDbAuthentication
    FINE: [DBTableOraDataSourceLoginModule]User ADMIN authenticated successfully
    24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule performDbAuthentication
    FINE: [DBTableOraDataSourceLoginModule]Roles query string: select ROLE_NAME from APPLICATION_ROLE where USR_EMAIL= (?)
    24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule performDbAuthentication
    FINE: [DBTableOraDataSourceLoginModule]DBUser Principal Name: ADMIN
    24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule performDbAuthentication
    FINE: [DBTableOraDataSourceLoginModule]DBRole Principal Name: admin_role
    24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule login
    FINE: [DBTableOraDataSourceLoginModule]Logon Successful = true
    24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule commit
    FINE: [DBTableOraDataSourceLoginModule]Subject contains 0 Principals before auth
    24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule commit
    FINE: [DBTableOraDataSourceLoginModule]Local LM commit succeeded
    24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule commit
    FINE: [DBTableOraDataSourceLoginModule]Subject contains 2 Principals after auth
    24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule commit
    FINE: [DBTableOraDataSourceLoginModule]Cleaning internal state!

    Hi there!
    I have another question about this. I've modified a bit DBRolePrincipal class to see what's going on. At the beginning of the equals(Object another) method I added this lines:
    log("method equals start",0);
    log("another type = " + another.getClass(), 0);
    if (another instanceof Principal)
    Principal mine = (Principal)another;
    log("Principal mine.getName() = " + mine.getName(), 0);
    The result is this output (after navigating to page that gives 401 forbidden):
    07/10/12 08:38:36 [DBRolePrincipal] method equals start
    07/10/12 08:38:36 [DBRolePrincipal] another type = class oracle.security.jazn.oc4j.JAZNUserAdaptor
    07/10/12 08:38:36 [DBRolePrincipal] Principal mine.getName() = admin_user
    07/10/12 08:38:36 [DBRolePrincipal] method equals start
    07/10/12 08:38:36 [DBRolePrincipal] another type = class oracle.adf.share.security.authentication.ADFRolePrincipal
    07/10/12 08:38:36 [DBRolePrincipal] Principal mine.getName() = anyone
    07/10/12 08:38:36 [DBRolePrincipal] method equals start
    07/10/12 08:38:36 [DBRolePrincipal] another type = class oracle.security.jazn.oc4j.JAZNUserAdaptor
    07/10/12 08:38:36 [DBRolePrincipal] Principal mine.getName() = admin_user
    07/10/12 08:38:36 [DBRolePrincipal] method equals start
    07/10/12 08:38:36 [DBRolePrincipal] another type = class oracle.adf.share.security.authentication.ADFRolePrincipal
    07/10/12 08:38:36 [DBRolePrincipal] Principal mine.getName() = anyone
    07/10/12 08:38:36 [DBRolePrincipal] method equals start
    07/10/12 08:38:36 [DBRolePrincipal] another type = class oracle.security.jazn.oc4j.JAZNUserAdaptor
    07/10/12 08:38:36 [DBRolePrincipal] Principal mine.getName() = admin_user
    07/10/12 08:38:36 [DBRolePrincipal] method equals start
    07/10/12 08:38:36 [DBRolePrincipal] another type = class oracle.adf.share.security.authentication.ADFRolePrincipal
    07/10/12 08:38:36 [DBRolePrincipal] Principal mine.getName() = anyone
    07/10/12 08:38:36 [DBRolePrincipal] method equals start
    07/10/12 08:38:36 [DBRolePrincipal] another type = class oracle.security.jazn.oc4j.JAZNUserAdaptor
    07/10/12 08:38:36 [DBRolePrincipal] Principal mine.getName() = admin_user
    07/10/12 08:38:36 [DBRolePrincipal] method equals start
    07/10/12 08:38:36 [DBRolePrincipal] another type = class oracle.adf.share.security.authentication.ADFRolePrincipal
    07/10/12 08:38:36 [DBRolePrincipal] Principal mine.getName() = anyone
    07/10/12 08:38:36 [DBRolePrincipal] method equals start
    07/10/12 08:38:36 [DBRolePrincipal] another type = class oracle.security.jazn.oc4j.JAZNUserAdaptor
    07/10/12 08:38:36 [DBRolePrincipal] Principal mine.getName() = admin_user
    07/10/12 08:38:36 [DBRolePrincipal] method equals start
    07/10/12 08:38:36 [DBRolePrincipal] another type = class oracle.adf.share.security.authentication.ADFRolePrincipal
    07/10/12 08:38:36 [DBRolePrincipal] Principal mine.getName() = anyone
    07/10/12 08:38:36 [DBRolePrincipal] method equals start
    07/10/12 08:38:36 [DBRolePrincipal] another type = class oracle.security.jazn.oc4j.JAZNUserAdaptor
    07/10/12 08:38:36 [DBRolePrincipal] Principal mine.getName() = admin_user
    07/10/12 08:38:36 [DBRolePrincipal] method equals start
    07/10/12 08:38:36 [DBRolePrincipal] another type = class oracle.adf.share.security.authentication.ADFRolePrincipal
    07/10/12 08:38:36 [DBRolePrincipal] Principal mine.getName() = anyone
    07/10/12 08:38:36 [DBRolePrincipal] method equals start
    07/10/12 08:38:36 [DBRolePrincipal] another type = class oracle.security.jazn.oc4j.JAZNUserAdaptor
    07/10/12 08:38:36 [DBRolePrincipal] Principal mine.getName() = admin_user
    07/10/12 08:38:36 [DBRolePrincipal] method equals start
    07/10/12 08:38:36 [DBRolePrincipal] another type = class oracle.adf.share.security.authentication.ADFRolePrincipal
    07/10/12 08:38:36 [DBRolePrincipal] Principal mine.getName() = anyone
    Why is the name of ADFRolePrincipal always anyone? When I sign in with this user the output says:
    07/10/12 08:46:09 [DBTableOraDatasourceLoginModule] User query string: select USERNAME,PASSWORD from ACTIVE_APP_USER_V where USERNAME= (?)
    07/10/12 08:46:09 [DBTableOraDatasourceLoginModule] User primary key value found = admin_user
    07/10/12 08:46:09 [DBTableOraDatasourceLoginModule] Password encoded by: oracle.sample.dbloginmodule.util.DBLoginModuleCearTextEncoder
    07/10/12 08:46:09 [DBTableOraDatasourceLoginModule] User admin_user authenticated successfully
    07/10/12 08:46:09 [DBTableOraDatasourceLoginModule] Roles query string: select ROLE_NAME from ACTIVE_APP_ROLE_V where USERNAME= (?)
    07/10/12 08:46:09 [DBTableOraDatasourceLoginModule] DBRole Principal Name: admin_role
    07/10/12 08:46:09 [DBTableOraDatasourceLoginModule] DBUser Principal Name: admin_user
    07/10/12 08:46:09 [DBTableOraDatasourceLoginModule] Logon Successful = true
    07/10/12 08:46:09 [DBTableOraDatasourceLoginModule] Subject contains 0 Principals before auth
    07/10/12 08:46:09 [DBUserPrincipal] method equals start
    07/10/12 08:46:09 [DBUserPrincipal] another type = class oracle.sample.dbloginmodule.principals.DBRolePrincipal
    07/10/12 08:46:09 [DBTableOraDatasourceLoginModule] Local LM commit succeeded
    07/10/12 08:46:09 [DBTableOraDatasourceLoginModule] Subject contains 2 Principals after auth
    07/10/12 08:46:09 [DBTableOraDatasourceLoginModule] Cleaning internal state!
    Frank, if you haven't given up on this issue yet could you please try to explain this to me? Why doesn't admin_role principal never get compared in [equals[/i] method?
    Thank you!
    BB

  • EJB 3.0 Security with ACEGI and not with Container Managed Security

    Hi,
         Currently we are using EJB 2.0 in our project, We want to use EJB 3.0
         But for security we want to use Spring ACEGI Security and we don�t want to use container managed security (No Portability, Difficult, �)
         ACEGI supports Servlet/JSP security very well (I am able to call isUserInRole(), getUserPrincipal() because ACEGI implements by ServletRequestWrapper in a filter)
         But for EJB, it lacks this feature. (There is no standard EJB interceptor API as there is with servlets (using filters), so there's no generic way of modify in the EJB context for the invocation)
         Without using container managed security, Is there any way to propogate my security context from Servlet Layer to EJB Layer, So that I can use EJB Declartive security and getCallerPrincipal(), isCallerInRole() API.
         For more info please see this thread http://forum.springframework.org/showthread.php?t=26514
         Why don�t you provide standard EJB interceptor API as there is with servlets (using filters), so there I am able add security identity to EJB context.
         I am eagerly waiting for the reply

    Reason: javax.naming.NameNotFoundException: jdbc not bound
    Although i am quite new to this as well i would say that there is a problem with your connection with the database.
    It seems it cannot connect to Mysql.
    have you download the mysql package library and imported it ?
    Also in your deploy folder in you Jboss
    have you altered the jdbc to connect to you database in your dataset ? ( i am not sure about mysql, but postgre reguired this)
    Most probably it would be the same in mysql.
    <connection-url>jdbc:postgresql://127.0.0.1:5432/Dissertation</connection-url>
    Not sure if this is what you reguire, i am new at this my self

  • Container Managed Security on Tomcat - configuring different auth-methods

    I am trying to configure the container managed security on tomcat4. Or rather I am trying to add a further dimension to the configuration that already exists.
    At the moment the entire application uses LDAP authentication and I would like to separate an area that requires further authentication. That is to say I would like everyone using the web application to authenticate using the existing Form-Based LDAP authentication but I would like only certain users to be able to use the data upload facility (whose code is stored in it's own directory).
    This is the authentication bit of my web.xml:
      <security-constraint>
        <web-resource-collection>
          <web-resource-name>qmrae</web-resource-name>
          <url-pattern>*.do</url-pattern>
          <url-pattern>*.jsp</url-pattern>
        </web-resource-collection>
        <auth-constraint>
          <role-name>*</role-name>
        </auth-constraint>
      </security-constraint>
      <login-config>
        <auth-method>FORM</auth-method>
        <realm-name>Form-Based Authentication Area</realm-name>
        <form-login-config>
          <form-login-page>/login.jsp</form-login-page>
          <form-error-page>/loginError.jsp</form-error-page>
        </form-login-config>
      </login-config>My first hurdle is in understanding exactly how the application knows where to go for its authentication.
    I had guessed that the realm-name would map "areas" of my application to realm configuration defined in my application's context area in Tomcat's web.xml but this doesnt seem to be the case. In fact I have read conflicting explanations as to what the realm-name is for. One source has said that this is only used for BASIC authentication as a way of naming the resulting pop up window - many others say it maps the login-config to the web-resource-name. However the latter doesnt make sense because the authentication works in my application at the moment even though those values are completely different (and indeed are different in most of the examples i've read on the web). Furthermore I can find any other mention of the defined realm-name in any other file (which of course be because i'm looking in the wrong place).
    I was prepared to accept that the realm-name might not actually do anything and so I've been looking for examples of defining a different auth-method for different url-patterns but i've had no luck.
    I know a user can have one or more roles but I dont have access to the LDAP server to set these up and haven't found anything about defining different auth-methods other than one thread in this forum suggesting that is wasnt possible on AIS.
    This thread suggests that you can have more than one security-constraint but again i'm not sure about the auth methods and how you map an auth method to a security-constraint
    http://forum.java.sun.com/thread.jspa?forumID=33&threadID=320918
    To summarise my questions:
    1) What are the functions of the realm-name and web-resource-name? Are they related?
    2) Is it possible to configure different areas of an application to use different authentication methods? and if so, could you point me in the direction of relevant documentation
    3) If (2) is not possible and I have to assign a new role to the privileged LDAP users, is it enough to define a new security-constraint? Could you describe the behaviour I could expect for users that have authenticated once and try to access this super-security area, will they be shown another login form or will it just let them in because the container is already aware of their permissions.
    Many thanks for your attention,
    Rachel

    If you create your own Realm classes - look at JAAS - you can sort out your last login time, just wrap them around the DataSourceRealm.
    As far as 'remind' him is concerned - I'm guessing you mean provider a reminder for the password based on the user name. If you use form based authentication you can put what ever you like on the page.

  • Session creation with container managed security

    I implemented container managed security, first question does the container creates session automatically when login is successful ?
    second is there a way to do some processing when a user is authenticated like some event gets fired and listeners are called ?

    You have to enclose input component into an <h:form></h:form>.
    Note that the various Form components available in JSF will not let you specify the target action, everything is a post-back.
    I suggest you this article: [J2EE Security - A JSF based Login Form|http://groundside.com/blog/DuncanMills.php?title=j2ee_security_a_jsf_based_login_form&more=1&c=1&tb=1&pb=1]
    [Is This User Logged In?|http://mowyourlawn.com/blog/?p=6]

  • SHA-1 Encryption is not working in Container managed security

    Hi,
    I have to turn to your help after no luck with other possible resource.
    I implemented container managed security on my apps and it works well without the encrypted password(clear text) in the table column. Now I referred OC4J Security guide to implement the password encryption as follows:
    1. Using the DBTableOraDataSourceLoginModule, set the option pw_encoding_class = oracle.security.jazn.login.module.db.util.DBLoginModuleSHA1Encoder
    2. run the following procedure:
    DECLARE
        l_password VARCHAR2(50) := 'welcome';
        l_password_raw RAW(128) := utl_raw.CAST_TO_RAW(l_password);
        l_encrypted_raw RAW(2048);
        l_encrypted_string VARCHAR2(2048);
        l_encrypted_string2 VARCHAR2(2048);
    BEGIN
        dbms_output.put_line('Password in String: ' || l_password);
        dbms_output.put_line('Password in raw: ' || l_password_raw);
        l_encrypted_raw := dbms_crypto.hash(l_password_raw, dbms_crypto.HASH_SH1);
        dbms_output.put_line('SH1: ' || l_encrypted_raw);
        l_encrypted_string := UTL_ENCODE.BASE64_ENCODE(l_encrypted_raw);
        dbms_output.put_line('Base64Encoding: ' || l_encrypted_string);
    END;
    3. update the clear text password with the SHA-1 encrypted password and encoded in Base64Encoding (in my case, it's the parameter "l_encrypted_string")Now I run the application and login says "password not matching!" If anyone know what's going on, please advise me what's wrong...pls
    thanks very much,

    Hi,
    hard to say without knowing the code the OC4J team uses in their login module. I know they based it on a JAAS LoginModule I wrote some years ago, but they did change some parts of it. In the original version. the password was read from the database and then compared with the provided password string. Using encryption it uses a class to encode and decode the password queried from teh database. My guess is that the returned string - after decoding - doesn't meet the password string you provide when authenticating. Since this piece of code is owned by the OC4J team, I suggest to try the Application Server forum or the Security forum
    Frank

  • Glassfish 3.1 Container managed security - custom authentication

    I have used custom authentication with tomcat and it works great. I am moving to glassfish 3.1 and want to set it up there now. I haven't found any specifics for glassfish 3.1. Anybody got it working in GF 3.1?
    Thanks,
    John

    To follow up ...
    I am using container managed security and form based authentication. My custom SJSAS login realm, however, never fails to authenticate users. Instead of failing authentication when a username and password match cannot be found, I add the user to an 'unknown-user' group who has no rights to the application.
    I do this because I can then catch 403 errors for users who have failed authentication (because they are not authorized to access any pages), or for users who are not in the right role to access part of the application.
    It's not the way that I would prefer to handle login 'failures', but it works.

  • Container Managed Security

    Hi,
    Could you explain me what is the implication of "Container Managed Security"?
    Thanks.
    Pengyou

    Container managed security in what context?
    EJB access?
    This means that the user must be in a role which is authenticated to execute the method(s) of the bean.
    Resource access?
    The container is responsible for authentication at the resource, for example at setting up the connection to a database.
    Hope this helps

  • Hello I've forgotten my security questions and also forget what the alternative e-mail, please Create

    Hello I've forgotten my security questions and also forget what the alternative e-mail, please Create

    account security
    Please call apple @ 1-800-694-7466
    ask for the account security team
    you may want to add a credit card to your iTunes account  before calling; so they will have a way to verify your identity.
    Peace, Clyde

  • I always download stuff then is suddenly asked for my secureity questions. and i guess what they were then it kicked me off

    I always download stuff then is suddenly asked for my secureity questions. and i guessed what they were then it kicked me off

    how can i re-access my acount and change my secureity questions

  • HT1918 I dont know my security questions and am unsure what the email address is on my account as the reset option

    I dont know my security questions and am unsure what the email address

    If you can't figure out the email address, you need to contact Apple to get the questions reset. Click here, phone them, and ask for the Account Security team, or fill out and submit this form.
    (95663)

  • Container Managed Entity Beans and Client Identifier in Oracle

    Is it possible to use Container Managed Entity Beans (EJB with CMP)
    in a way that the Oracle database sessions still know the
    individual Client Identifiers of the actual users
    (not just the Identifier of the proxy user defined in the
    Connection Pool)?
    If Yes: How?
    If No: The consequence would be that the
    technologies EJB with CMP cannot be user together with
    Oracle Virtual Private Databases (VPN) because VPN requires
    some kind of Client Identifier.
    I am grateful for any hint.
    Regards,
    Martin Siepmann
    +49 (0)163 / 7765328

    Not quite an auto-incrementing PK, but it is managed by the container. the following is from the turorial
    Generating Primary Key Values
    For some entity beans, the value of a primary key has a meaning for the business entity. For example, in an entity bean that represents a phone call to a support center, the primary key might include a time stamp that indicates when the call was received. But for other beans, the key's value is arbitrary--provided that it's unique. With container-managed persistence, these key values can be generated automatically by the EJB container. To take advantage of this feature, an entity bean must meet these requirements:
    * In the deployment descriptor, the primary key class is defined as a java.lang.Object. The primary key field is not specified.
    * In the home interface, the argument of the findByPrimaryKey method must be a java.lang.Object.
    * In the entity bean class, the return type of the ejbCreate method must be a java.lang.Object.
    In these entity beans, the primary key values are in an internal field that only the EJB container can access. You cannot associate the primary key with a persistent field or any other instance variable. However, you can fetch the bean's primary key by invoking the getPrimaryKey method, and you can locate the bean by invoking its findByPrimaryKey method.
    Maybe that is good enough
    christina

  • Dear apple I forgot my security question and rescue email what should I do?

    Dear apple I forgot my security questions and my rescue email what should I do?

    See Kappy’s great User Tips.
    See my User Tip for some help: Some Solutions for Resetting Forgotten Security Questions: Apple Support Communities
    https://discussions.apple.com/docs/DOC-4551
    Rescue email address and how to reset Apple ID security questions
    http://support.apple.com/kb/HT5312
    Send Apple an email request for help at: Apple - Support - iTunes Store - Contact Us http://www.apple.com/emea/support/itunes/contact.html
    Call Apple Support in your country: Customer Service: Contacting Apple for support and service http://support.apple.com/kb/HE57
    About Apple ID security questions
    http://support.apple.com/kb/HT5665
     Cheers, Tom

  • What if your buying apps and they ask you your security questions and forgot ir what do you do

    I forgot my security questions

    You need to ask Apple to reset your security questions; ways of contacting them include clicking here and picking a method for your country, phoning AppleCare and asking for the Account Security team, and filling out and submitting this form.
    (98184)

  • Network management security - Switches and SVIs

    Hello all.
    I have created a management vlan on my 4506. There are also other SVIs for other VLANs. I understand configuring access-lists for the management vlan as well as for all vty lines limiting to an IT VLAN for example.  How can I remove telnet or SSH access from the other SVIs?
    I have found documentation on best practices for the management vlan but can't find anything on disabling telnet and ssh from the other vlan interfaces.
    I imagine an access list just blocking the ports?  What would you suggest?
    Thanks in advance.

    Hello all.
    I
    have created a management vlan on my 4506. There are also other SVIs
    for other VLANs. I understand configuring access-lists for the
    management vlan as well as for all vty lines limiting to an IT VLAN for
    example.  How can I remove telnet or SSH access from the other SVIs?
    I
    have found documentation on best practices for the management vlan but
    can't find anything on disabling telnet and ssh from the other vlan
    interfaces.
    I imagine an access list just blocking the ports?  What would you suggest?
    Thanks in advance.
    Hi,
    If you have decided the source ip from where the telnet or ssh is allowed you can use access class configuration with acl applied on line vty which will only permit the particular host to telnet or ssh into device.
    Following is the example for access class hope to help !!
    The following example defines an access list that permits only hosts on  network 192.89.55.0 to connect to the virtual terminal ports on the  router:
    access-list 12 permit 192.89.55.0  0.0.0.255
    line 1 5
    access-class 12 in
    Hope to Help !!
    Ganesh.H
    Remember to rate the helpful post

Maybe you are looking for