J2EE, get all security roles

Similar Messages

• How to get the security-roles ?

  Hi,
  How can I get the security-roles defined in my web.xml ?
  I have looked for a method in the request, and in the context, but I can't find something that would return a String[] with the roles available in the web-app.
  Any ideas ?
  H.

  Just a stab in the dark, but what about getInitParameterNames() ?
  It returns an Enumeration of String.
  Although, I did not check to see if it returns the <security-roles>
  Short of that, I would think you could use SAX, or something like it, to parse web.xml.
  Just a thought, feel free to correct me.
  S.

• Unable to assign all security roles to a user with a new custom security role

  Dear All,
  Happy New Year.!
  I have a query regarding the assignment of Security Roles to new users in CRM. Normally we assign the security roles to new users via an Admin user who has 'System Administrator' security role assigned to him/her. This works perfectly fine, and we can assign
  any desired security role to the new user.
  However, in our case, we need to delegate the user creation rights to some of the client partners. We do not want to give them access to all the Administration functions; hence we created a new Security Role, lets say 'Support User Role'. We have provided
  'Create', 'Append', 'Append To', and 'Assign' rights on 'User' entity for this new security role. With this security role, we are able to create new users now, but we are only able to assign 'Agent' security role, not any other security roles.
  For example, if user 'x' has Security Role defined as 'Support User Role'. If 'x' tries to add a new user 'y', then 'x' is only able to assign 'Agent' security role to 'y', but not any other security role. As per business requirement, 'x' should be able
  to assign some other security roles, including 'Support User Role', to new user 'y'.
  I believe that there is something missing in Security Role configuration, which is causing the above problem. We compared both 'Support User Role' and 'System Administrator' security roles, but not able to figure out which minimum rights we can provide to
  'Support User Role' so that users with this security role can only add new users (with any security role), and that they are not having access on any other Administration features as well.
  Appreciate any help that you can provide on the above issue.
  Thanks in anticipation.

  Hi,
  Can you check if you have organization level Read access for Securitity Role and Organization level Assign access for Security role.
  Refer:-
  http://www.magnetismsolutions.com/blog/paulnieuwelaar/2013/04/22/permissions-required-to-manage-roles-in-dynamics-crm-2011
  Hope this helps!!!
  Thanks,
  Prasad
  Make sure to "Vote as Helpful" and "Mark As Answer",if you get answer of your question

• Get all visitor roles in an admin extension

  Hi,
  i want to extend my portal administration console.
  It is possible to get a list of all visitor roles in my extension?
  Markus

  look at RolePolicyManager
  e.g.
  import com.bea.p13n.management.ApplicationHelper;
  import com.bea.p13n.entitlements.common.EntitlementConstants;
  import com.bea.p13n.entitlements.management.RolePolicyManager;
  String entAppName=ApplicationHelper.getApplicationName();
  String webAppName = ApplicationHelper.getWebAppName(request);
  String[] policies = RolePolicyManager.listRolesForResource(entAppName, webAppName, EntitlementConstants.P13N_ROLE_POLICY_POOL);

• Get Content Security Role using PCS tags in Presentation Template

  I'm trying to determine what content security access(role) a user has in Publisher using PCS tags in the Presentation Template. Basically I need to check whether a user has access or not to a content item in Publisher and before an action. I've looked through all documentation can't find anything related to this, I know I could do this using remote API but I'd rather use PCS tags if possible.
  thanks

  Vince,
  I don't think this is possible directly, however we have enabled this in publisher by checking if the user is in a specific group, or content manager and doing a check with the following code if it helps.
  <pt:standard.choose xmlns:pt='http://www.plumtree.com/xmlschemas/ptui/'>
  <pt:standard.when pt:test="stringToACLGroup('group=1,<pcs:value expr="groups"></pcs:value>;').isMember($currentuser)" xmlns:pt='http://www.plumtree.com/xmlschemas/ptui/'>
  </pt:standard.when>
  </pt:standard.choose>
  You could do the same with users. We added a select tree to choose the users and groups within publisher.
  Hope this helps.

• How to get security roles

  Hi All,
  I want to know how to get the security roles which we configured in adfsecurity.
  Regards,
  Smaran

  Hi,
  to get all roles associated with the current user, try
  SecurityContext secCtx = ADFContext.getCurrent().getSecurityContext();
  String[] roles = secCtx.getUserRoles();
  To get access to the roles defined on the system (not user specific) then this requires OPSS access. The JavaDocs are here:
  http://download.oracle.com/docs/cd/E17904_01/apirefs.1111/e10686/toc.htm
  From the top of my head. this is how get access to the JPS context to query system resources.
  JpsContextFactory jpsfact = JpsContextFactory.getContextFactory();
  JpsContext jpxCtx = jpdfact.getContext();
  IdentityStoreService store = jpxCtx.getServiceInstance(IdentityStoreService.class);
  ... from here on I have no further hint without trying it myself. However, I hope I go you started
  Frank

• How can I know the security role of the logged in user

  When you design an enterprise bean or Web component, you should always think about the kinds of users who will access the component. For example, an Account enterprise bean might be accessed by customers, bank tellers, and branch managers. Each of these user categories is called a security role, an abstract logical grouping of users that is defined by the person who assembles the application. When an application is deployed, the deployer will map the roles to security identities in the operational environment.
  But wondering when I log into my application with some user name and password (specified in my Oracle database),wondering how this works with the security role I created .How does J2EE know the security role of the logged in user.
  Thanks
  Manohar

  shet wrote:
  role at run time.
  When I login say as "manju" and password as "money" then how does it know that this user belongs to this security role.Is that the j2ee administrator has to say that user manju has this this security role.Programmitically how does it really work.I am confusedThe j2ee implementation assigns the roles using the JAAS module you have configured for your application on your application server. different JAAS modules get roles in different ways. many allow a single static role to be assigned using a config file. if using a database, often there will be configuration to specify additional database fields which specify the role for a given username.
  At runtime, a developer can test roles using methods like EJBContext.isCallerInRole().

• How do I map declared security role to an actual operational one?

  Hello,
  Suppose I have created few security roles at the ejb-jar.xml file of my J2EE application using:
  <security-role>
  <role-name> managers <role-name>
  </security-role>
  Our portal is connected to our LDAP server so the WAS contains all the groups it has over there.
  My question is: How do I actualy map the security role I declared at the deployment descriptor (manager) to an actual group in our organization?

  Hi Roy,
  Are you familiar with thishttp://help.sap.com/saphelp_nw04/helpdata/en/1a/733e401b21e801e10000000a155106/frameset.htm ?
  Best regards, Maksim Rashchynski.

• Disaply the all the roles for page, iview and workset

  Hi Guys,
                I have a strange requirement. i need to display all the users that have access to a particular iview, page and workset. can anyone help me out with this.
  -Thanks

  Hi,
    Any iview or page or workset should be part of role. SO if user has access to a particular role, he will have access to the portal objects inside that role as well. So the way to go is you can get all the roles, check iViews, pages etc. If iViews or pages match, then save the role to arraylist. Now check the users who are assigned to these roles in arraylist. That may work.
  Regards,
  Harini S
  Don't forget to reward if you find the answer helpful

• How to get the list of all the security Roles defined ?

  I am trying to programatically get a list of all the roles defined
  in the weblogic. How can I access this information using the exiting
  MBean interfaces.
  thanks
  Prasad

  Wrong forum. Just a hint.

• Error :Authorization check for caller assignment to J2EE security role whil

  Hi Experts,
               i m working as a portal resource .
  after the deployment of standered Sap e-rec package .
  i m getting some error. i have assigned the recruiter role to one test user.
  Now i m getting two issue:
  1)All the services are appearing in Detailed Navigation Pannel but not in Portal content area..
  2) I m able to see few iview for the test user but those are also in detailed navigation view.
     And few ivews are giving following error :
    i)Internal error
  ii)error 2011-12-19 07:59:57:315 ACCESS.ERROR: Authorization check for caller assignment to J2EE security role [sap.com/com.sap.lcr*sld : LcrInstanceWriterNR] referencing J2EE security role [SAP-J2EE-Engine : administrators].
  /System/Security/Audit/J2EE com.sap.engine.services.security.roles.audit n/a EP-DEV-KRT Server 0 0_97989
  Full Message Text
  ACCESS.ERROR: Authorization check for caller assignment to J2EE security role [sap.com/com.sap.lcr*sld : LcrInstanceWriterNR] referencing J2EE security role [SAP-J2EE-Engine : administrators].
  please suggest what can be  done or what is pending from my side.

  Prajakta2602 wrote:
  Hi Experts,
  >
  > the previous issue got solved..
  > it was due to servies pack miss match and applying notes
  > the Basis guy  checked the SLD logs and accordingly found that the base components J2EECORE and JTECHS required paching as per
  > notes 1445294 and 1175239 were applied.
  > now the issue is:
  >
  >
  >  After implemetation and  i assigning the standerd sap roles
  > 1)Recruiter Administrator
  > 2)Recruiter
  > to the test user .
  > but for few iview it is showing error as in
  > 1) you are not a authorized user
  > 2) internal error
  >
  > please help experts.
  >
  >  i m working on portal side have i to assign any role to that test user..
  >
  >
  > Thnaks & Regards,
  > Prajakta
  You can run a quick check using the below steps:
  1. Check in backend whether there is any authorisation errors... you may use transactions SU53 or ST22 for any ABAP errors
  2. Also check in NWA -> log viewer -> last 24 hours log for the particular user to see any java related issues.
  Regards,
  Mahesh

• Mapping UME Roles to J2EE Engine Security Roles

  Hi all,
  is there a way to map the roles defined in UME which are used in a Web Dynpro application to those declared as part of an EJB descriptor?
  Any help is highly appreciated.
  Regards,
  Sebastian

  Hi Sebastian,
  yes, it is possible to do such mapping. And here how it works:
  1. define security roles in the ejb-jar.xml within the <security-role>. For example:
  <security-role>
       <role-name>test</role-name>
  </security-role>
  2. then you map the roles those roles to server security roles using the <security-role-map> tag of the ejb-j2ee-engine.xml descriptor.
  <security-permission>
     <security-role-map>
        <role-name>test</role-name>
        <server-role-name>myUMErole</server-role-name>
     </security-role-map>
  </security-permission>
  the myUMErole must be defined in the UME!
  Does this answer your question?

• OID Dynamic Groups and J2EE security roles

  Hi
  I've searched the forums but can't get a definite answer. Is it possible to use OID dynamic groups and map them to J2EE security roles? I can't find anything that says specificially not but I can't seem to get it to work.
  Thanks
  Adam

  Hi,
  Let me know if you find answer of your question.
  thanks

• How to get security roles in a JSF portlet

  I need to get the LDAP user-roles available in the Sun Portal Server 7 in my JSF-168 portlet.
  I've added the mapping file, updated the portlet.xml and web.xml, deployed the portlet (psconsole). But the portlet shows the "content not available" error with javax....title title.
  I've probably messed up the descriptors, but I don't see what is wrong. Here they are:
  roleMaps.properties
  cn\=VSM.Administrator,dc\=neco,dc\=cz=Administrator
  web.xml
  <?xml version="1.0" encoding="UTF-8"?>
  <web-app version="2.4">
    <context-param>
      <param-name>javax.faces.STATE_SAVING_METHOD</param-name>
      <param-value>server</param-value>
    </context-param>
    <context-param>
      <param-name>javax.faces.CONFIG_FILES</param-name>
      <param-value>/WEB-INF/navigation.xml,/WEB-INF/managed-beans.xml</param-value>
    </context-param>
    <context-param>
      <param-name>com.sun.faces.validateXml</param-name>
      <param-value>true</param-value>
    </context-param>
    <context-param>
      <param-name>com.sun.faces.verifyObjects</param-name>
      <param-value>false</param-value>
    </context-param>
    <filter>
      <filter-name>UploadFilter</filter-name>
      <filter-class>com.sun.rave.web.ui.util.UploadFilter</filter-class>
      <init-param>
        <description>
            The maximum allowed upload size in bytes.  If this is set
            to a negative value, there is no maximum.  The default
            value is 1000000.
          </description>
        <param-name>maxSize</param-name>
        <param-value>1000000</param-value>
      </init-param>
      <init-param>
        <description>
            The size (in bytes) of an uploaded file which, if it is
            exceeded, will cause the file to be written directly to
            disk instead of stored in memory.  Files smaller than or
            equal to this size will be stored in memory.  The default
            value is 4096.
          </description>
        <param-name>sizeThreshold</param-name>
        <param-value>4096</param-value>
      </init-param>
    </filter>
    <filter-mapping>
      <filter-name>UploadFilter</filter-name>
      <servlet-name>Faces Servlet</servlet-name>
    </filter-mapping>
    <servlet>
      <servlet-name>Faces Servlet</servlet-name>
      <servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
      <load-on-startup>1</load-on-startup>
    </servlet>
    <servlet>
      <servlet-name>ExceptionHandlerServlet</servlet-name>
      <servlet-class>com.sun.errorhandler.ExceptionHandler</servlet-class>
      <init-param>
        <param-name>errorHost</param-name>
        <param-value>localhost</param-value>
      </init-param>
      <init-param>
        <param-name>errorPort</param-name>
        <param-value>25444</param-value>
      </init-param>
    </servlet>
    <servlet>
      <servlet-name>ThemeServlet</servlet-name>
      <servlet-class>com.sun.rave.web.ui.theme.ThemeServlet</servlet-class>
    </servlet>
    <servlet>
      <description>Generated By Sun Java Studio Creator</description>
      <display-name>CreatorPortlet Wrapper</display-name>
      <servlet-name>VSMPortal</servlet-name>
      <servlet-class>org.apache.pluto.core.PortletServlet</servlet-class>
      <init-param>
        <param-name>portlet-class</param-name>
        <param-value>com.sun.faces.portlet.FacesPortlet</param-value>
      </init-param>
      <init-param>
        <param-name>portlet-guid</param-name>
        <param-value>VSMPortal.VSMPortal</param-value>
      </init-param>
    </servlet>
    <servlet-mapping>
      <servlet-name>ExceptionHandlerServlet</servlet-name>
      <url-pattern>/error/ExceptionHandler</url-pattern>
    </servlet-mapping>
    <servlet-mapping>
      <servlet-name>ThemeServlet</servlet-name>
      <url-pattern>/theme/*</url-pattern>
    </servlet-mapping>
    <servlet-mapping>
      <servlet-name>VSMPortal</servlet-name>
      <url-pattern>/VSMPortal/*</url-pattern>
    </servlet-mapping>
    <welcome-file-list>
      <welcome-file>faces/null</welcome-file>
    </welcome-file-list>
    <error-page>
      <exception-type>javax.servlet.ServletException</exception-type>
      <location>/error/ExceptionHandler</location>
    </error-page>
    <error-page>
      <exception-type>java.io.IOException</exception-type>
      <location>/error/ExceptionHandler</location>
    </error-page>
    <error-page>
      <exception-type>javax.faces.FacesException</exception-type>
      <location>/error/ExceptionHandler</location>
    </error-page>
    <error-page>
      <exception-type>com.sun.rave.web.ui.appbase.ApplicationException</exception-type>
      <location>/error/ExceptionHandler</location>
    </error-page>
    <jsp-config>
      <jsp-property-group>
        <url-pattern>*.jspf</url-pattern>
        <is-xml>true</is-xml>
      </jsp-property-group>
    </jsp-config>
       <security-role>
            <role-name>Administrator</role-name>
       </security-role>          
  </web-app>
  portlet.xml
  <?xml version='1.0' encoding='UTF-8' ?>
  <portlet-app xmlns='http://java.sun.com/xml/ns/portlet/portlet-app_1_0.xsd' xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance' xsi:schemaLocation='http://java.sun.com/xml/ns/portlet/portlet-app_1_0.xsd                         http://java.sun.com/xml/ns/portlet/portlet-app_1_0.xsd' version='1.0'>
       <portlet>
            <description>Created By Java Studio Creator</description>
            <portlet-name>VSMPortal</portlet-name>
            <display-name>VSMPortal Portlet</display-name>
            <portlet-class>com.sun.faces.portlet.FacesPortlet</portlet-class>
            <init-param>
                 <name>com.sun.faces.portlet.INIT_VIEW</name>
                 <value>/Uctarna.jsp</value>
            </init-param>
            <expiration-cache>0</expiration-cache>
            <supports>
                 <mime-type>text/html</mime-type>
                 <portlet-mode>VIEW</portlet-mode>
            </supports>
            <supported-locale>en</supported-locale>
            <portlet-info>
                 <title>VSMPortal</title>
                 <short-title>VSMPortal</short-title>
                 <keywords>Creator</keywords>
            </portlet-info>
            <security-role-ref>
                 <role-name>Administrator</role-name>
                 <role-link>Administrator</role-link>
            </security-role-ref>          
       </portlet>
  </portlet-app>If I don't use the security-role and security-role-ref tags, the portlet works, and the isUserInRole method obviously doesn't.

  Nobody uses the LDAP roles in a portlet? Anybody knows other thread discussing similar issue (I can't find anything)?

• Get all roles from an organization

  Hello,
  i want to get all roles 'AMRoles) from an organizations. I have Portal Server 2005Q4 on a machine and Access Manager and Directory on another and i want to extract all display profiles from all roles in different files (more than 100).
  I found the dpadmin command line to extract a Display Profile from a dn but, how can i get the list of roles with the amadmin command line tool ?
  thanks for help.
  Philippe

  Hello,
  I take a look, found differents xml files but : no help, no "howto", no thing very interesting.
  I try this command :
  /opt/SUNWam/bin/amadmin -u "cn=Directory Manager" -w ******* -e "dc=isere-savoie,dc=fr" -o /export/home/jes/test.xmland with other values in the -e parameter but always the same message :
  Erreur 9 : �chec de l'op�ration : Failed to export entityDescriptor to a file.Any idea ?
  any link to some help on this command other than Access Manager amadmin Command Line ?
  a complement : in the debug files, I have this errors :
  ==> /var/opt/SUNWam/debug/amFederation <==
  01/30/2008 04:40:59:324 PM CET: Thread[main,5,main]
  ERROR: FSAllianceManager::getEntity entityID: dc=isere-savoie,dc=fris invalid
  ==> /var/opt/SUNWam/debug/amMeta <==
  01/30/2008 04:40:59:510 PM CET: Thread[main,5,main]
  ERROR: Failed to export entityDescriptor to a file
  --------------------------------------Got Federation Exception
  Message: Invalid Provider ID.
          at com.sun.identity.federation.alliance.FSAllianceManager.getEntity(FSAllianceManager.java:1815)
          at com.sun.identity.liberty.ws.meta.LibertyMetaHandler.SMToMeta(LibertyMetaHandler.java:109)
          at com.iplanet.am.admin.cli.Main.outputLibertyData(Main.java:889)
          at com.iplanet.am.admin.cli.Main.runCommand(Main.java:730)
          at com.iplanet.am.admin.cli.Main.main(Main.java:1124)thanks
  Philippe
  Edited by: beutin on Jan 30, 2008 4:43 PM