JAAS and NTLoginModule

Does anyone know how to get the common name of a group with which the logged in user is part of?
Using the NTLoginModule provides me with access to an instance of the NTSidGroupPrincipal, but the getName() method simply returns a String representation of the group SID. How do I get the common name?

ever get a response to this?

Similar Messages

  • Implementing JAAS for NTLoginModule

    Hi,
    when i am trying to implement JAAS for NTLoginModule , it is directly validating the NTSystem user.
    It is going to the required page.
    it is not prompting me for UserName and Password. how can i set the options so that it should ask me UserName and Password. by taking those inputs it should cross check with NTSystem userid and password .
    if i am trying for SampleLoginmodule it is asking for username and password and validating with the username and password working fine.
    Can any one please ....
    warm regards,
    bill

    hi,
    can any one pls.....
    warm regards,
    bill

  • JAAS and j_security_check

    Hi there,
    I'm using Weblogic 6.1 and working on the security aspect of a project.
    What I want to do is to set up the app so that a user logs in and gets authenticated
    using JAAS. I also want to secure the app so that all requests for urls must
    be authenticated first i.e. They go through the login page first.
    The easiest way I can see to do this is to use FORM based authentication using
    j_security_check.
    Is there a way then to set whatever j_security_check in the session, within the
    JAAS part of the code? Rather than authenticating with JAAS and then sending
    username and password to j_security_check.
    Does anyone know what to set? I looked at previous messages but they seem to
    deal with earlier versions and these do not work with 6.1
    Any help would be appreciated,
    Thanks,
    Ian

    Frank, thanks for comments.
    Yes user info is in the sama database so I can get it from there, but I would like to call this DB function once after succesfull authentication. In addition we have kind of 2 level passwords in place, one application password and one internal db password for user to access database resources.
    User does not know his/her db password, we have just api to get db password after authentication and existing application api (developed for forms client originaly) assumes user access db by his own connection, so in many api's oracle function user is stored in some tables.
    So what I need is after authentication of user (with application password) I can get Oracle password and then make new DB connection to all application api, just would like to store Oracle password (or new user db connection )somewhere so I dont need to fetch it everytime I need to call application API.
    ferdo

  • Authentication & Authorization with SSO, JAAS and Database Tables mix

    Hi,
    I'm looking for how manage Authentication & Authorization in a J2EE ADF+Struts+JSP application.
    I'm interested in use SSO for authentication (I just did it programatically & dynamically already), and now I would like to could define authorization using database tables with users, groups, profiles, individual permissions, ..., (maitanined dynamically by web application admin) throught JAZN (JAAS or however is said) but not statically defining roles, groups, users, ... in jazn xml files.
    I saw that exists the possibility to create a custom DataSourceUserManager class to manage all this, and this gave me the idea that this could be possible to do (I was thinking in make a custom Authorization API over my application tables, without JAZN) but what is better that use and extended and consolidated aprox like JAZN.
    Anybody could tell me if my idea could be possible, and realizable, and maybe give me some orientation to build this approach.
    A lot of thanks in advanced.
    And sorry, excuse my so bad english.
    See you.

    Marcel,
    Originally the idea was to create a post to only explain how to do authentication using a Servlet filter. However,
    I have recently added code to the JHeadstart runtime and generators to enable both JAAS and 'Custom' authentication AND authorization in generated applications. Therefore, this post will be made after we have released the next patch release, as it will depend on these code changes.
    We currently plan to have the patch release available sometime in the second half of May.
    Kind regards,
    Peter Ebell
    JHeadstart Team

  • JAAS and JBOSS

    I'm trying to use JAAS to log in a user on a JBOSS app, but am running into a problem. I'm able to successfully authenticate the user, and retrieve a Subject from my LoginContext. However, once that request is done (i.e. the browser displays the "log in complete" page), the application seems to forget that the user was logged in. How does JAAS and JBOSS keep track of the logged in user? Is this done by keeping a singleton of LoginContext around in some scope? Right now I'm creating a new instance of LoginContext, and using it to load a new instance of my CallbackHandler. Note, when I used JBOSS default form based authentication, it kept the user logged in. However, I can't use their default auth because I have some custom things I need to do.
    Thanks in advance for any help you provide.

    Hi,
    I tested this on OC4J for you and here - after setting jbo.security.enforce to Must, the user principal name and the roles are displayed.
    So there are three possibilities why you don't see things working
    - JBoss doesn't add the role principals to the Subject so they become available in the session
    - You attempt accessing this information in a prepareSession() override without enforcing authentication to happen for the root page - URL pattern = /
    - ADF BC security doesn't recognize the custom role principal
    After briefly reviewing the security implementation code, it seems that ADF BC security is dependent on Oracle JAZN for authorization.
    Frank

  • What's differences between jaas and jacc?

    lately i saw a new java scurity released on http://java.sun.com/j2ee/javaacc/; it seems like similar to JAAS (http://java.sun.com/products/jaas/); though, reportedly, jacc concerned more detail in authrization, however, there's autherization api been included as i know. is there anyone be able to tell me what's differences between jaas and jacc? or where there's resource or article exaplained detail about this issue?
    i appreciate any suggestions.
    thank you very much,

    From what I saw, the JACC specifically deals with what is currently called Container Managed Security. JAAS is something that would be used on top of JACC.
    See also:
    http://java.sun.com/j2ee/1.4/docs/tutorial/doc/Security11.html
    JACC contracts provide the following benefits:
    - JACC moves security administration and decision-making responsibility from the container to the security providers.
    - JACC enables the use of a common policy across different security systems.
    - J2EE system integrators can integrate containers with existing authorization policy infrastructure
    re Jaap

  • Difference betwwen jaas and realm

    hi
    i would like to add jaas to my web application
    i have a confusion between jaas and realm
    can anyone tell me what difference between this two technologies

    This is less or more Servlet related. In the future, please use the [Servlet forum|http://forums.sun.com/forum.jspa?forumID=33] for this kind of question to get better response.
    To the point: JAAS (Java Authentication & Authorization Service) is authentication framework at Java SE level. Realm is an abstract layer between the webapplication and several ways of authentication so that you can easily switch between the authentication types/frameworks for the case that. JAAS is one of them.

  • JAAS and GSS-API Tutorial Question

    I am running the JAAS and GSS-API tutorial from http://java.sun.com/j2se/1.4.1/docs/guide/security/jgss/tutorials/BasicClientServer.html. I am running in a Windows 2000 Active Directory environment. It appears to be running correctly, but I have a question. Every time it is run, it asks for the User ID (it supplies a default of my current login name) and then a password. The server also asks for the same information. I am running the client and server on the same machine, so the user ID and password entered for both are identical.
    I was under the impression, however, that either GSS-API or JAAS using Kerberos would be able to obtain credentials without asking for the user ID and password, because I am already logged on. Is there something I need to change in the example do this? I am missing something else?
    Thank you.
    Craig

    Please do not reply to this posting. If you have suggestions or questions, please use http://forum.java.sun.com/thread.jsp?forum=60&thread=383862&tstart=0&trange=30 on this same topic.

  • JAAS and Active Directory Problem

    I am attempting to use the JAAS Tutorial code to authenticate against a Windows 2000 domain controller. The code as is works against a domain controller that I set up, but when I attempt to authenticate against a client's domain, I receive an exception:
    Authentication failed:
    Pre-authentication information was invalid (24)
    javax.security.auth.login.LoginException: Pre-authentication information was invalid (24)
    The troubleshooting documentation indicates that this could mean 3 things:
    1. the password is incorrect - since I am logging in with my account, I am certain the password is correct.
    2. you are using the keytab to obtain the key and the key may have changed since obtaining the keytab - I am not using the useKeyTab option in my configuration of the Krb5oginModule and the option defaults to false.
    3. clock skew. I am sure that there is no time difference between my computer and the server.
    That said, does anyone know of any other reason that authentication will fail?

    I am using....
    AppConfigurationEntry entry = new AppConfigurationEntry(
    "com.sun.security.auth.module.Krb5LoginModule",
    AppConfigurationEntry.LoginModuleControlFlag.REQUIRED,
    options);
    and I get the same thing. Running Win2K Pro. Trying to use GSS-API to do Kerberos authentication.
    Jay

  • Client remote Authentication using JAAS and EJB Access

    Hi,
    I have a problem using JAAS in combination with Sun One Appserver 8.1 and a java remote client trying to access an EJB. Here is the scenario:
    I have implemented an EJB who's methods are protected through the deployment descriptor:
            <assembly-descriptor>
                 <security-role>
                    <description>role for clients outside of the server </description>
                    <role-name>sedna</role-name>
                  </security-role>
                <method-permission>
                  <role-name>sedna</role-name>
                  <method>
                    <ejb-name>ServerInfoBean</ejb-name>
                    <method-intf>Remote</method-intf>
                    <method-name>*</method-name>
                  </method>
                </method-permission>
                <method-permission>
                  <unchecked/>
                  <method>
                    <ejb-name>ServerInfoBean</ejb-name>
                    <method-name>getVersion</method-name>
                  </method>
                  <method>
                    <ejb-name>ServerInfoBean</ejb-name>
                    <method-name>create</method-name>
                  </method>
                </method-permission>
            </assembly-descriptor>I've deployed the EJB in a jar file which was packed into an ear file of a bigger application. The role has been mapped to the admin Principal in the sun-ejb-jar.xml descriptor.
    I can find the EJB, create it, and call the unchecked method getVersion and that works fine, so far so good.
    But then I try to access another method which is protected and then I get this exception
    org.omg.CORBA.NO_PERMISSION:   vmcid: 0x2000  minor code: 1806 completed: Maybe
            at com.sun.enterprise.iiop.POAProtocolMgr.mapException(POAProtocolMgr.java:179)
            at com.sun.ejb.containers.BaseContainer.postInvoke(BaseContainer.java:853)
            at com.sun.ejb.containers.EJBObjectInvocationHandler.invoke(EJBObjectInvocationHandler.java:137)
    ...I have to mention that I do make a login via the LoginContext. My jaas.config File has a reference to the com.sun.enterprise.security.auth.login.ClientPasswordLoginModule module.
    After login (which works perfectly) I lookup the context with a corbaname url which - if I understood it right - ignores the Context.SECURITY_PRINCIPAL and Context.SECURITY_CREDENTIALS settings.
    After that I make the calls to the EJB. And I am allways ANONYMOUS on the server side, which is definitely the problem. Because ANONYMOUS is not allowed to call the protected EJB Methods. But I made a jaas login in advance. So where am I making a mistake???
    Am I doing something wrong?
    Need help! Thx,
    Stephan

    Hi.
    I understand correctly that you call Subject.doAs on
    the client to call the remote EJB. I guess It isn't
    right way.I had also a bad feeling about this, so I forget it. But anyway it wasn't working with or without using that doAs().
    >
    >
    Subject contextSubject =
    Subject.getSubject(AccessController.getContext());
    contextSubject.getPrincipals();This code throws exceptions in the Appserver. Unfortunately they are catched somewhere so I'm unable to find out what was going wrong. But I guess, that these exceptions where security exceptions. Never the less thanks for the hint!
    But I don't think that doing the check on the server side is the way I want to go because that is programmatically security and I want to use the declarative security which can be used through the deployment descriptor. If used correctly - and supposed I do not completely misunderstand the specification - then it should be possible to create an EJB that is protected via it's deployment descriptor and access it through the client only if the client has been authenticated through JAAS mechanisms. After successful authentication the principal should be accessible through the EJB context but not for security check, that should allready been done at this time.
    Unfortunately I don't find any resource on the internet describing the scenario in such a detail that I can reproduce it. There are only very high level documentations and hints in forums.
    Again, thanks for your effort,
    Stephan

  • JAAS and JNDI (LDAP)

    Hello,
    I am using JAAS to connect to a Active Directory and login successfully (Authentication of the user). After the login, I want to get the users property like email address, phone number, ... from the Active Directory using JNDI. As I understand, to get connected to the AD with JNDI I have to use someting like:
    env.put(Context.SECURITY_AUTHENTICATION,"simple");
    env.put(Context.SECURITY_PRINCIPAL,ldapUserName);
    env.put(Context.SECURITY_CREDENTIALS,ldapUserPassword);
    My Problem is now, that I would like to take the user, which has connected to the AD with JASS for accessing the AD, but I do not have the ldapUserPassword from the JAAS Principal (the logged on user).
    Is ther a way to use the current logged in user as LDAP (JNDI) user, or another way, to access the requested proeprties?
    Thanks and Regards
    Stefan

    If had excatly the same problem.
    In my my case I had a domain "testdomain.mycompany.com" and a domain controller "domaincontroller.mycompany.com" (maybe this is a misconfiguration?)
    So I have set in the kerberos config file
    [realms]
            TESTDOMAIN.MYCOMPANY.COM = {
                    kdc = domaincontroller.mycompany.com
            }and the lpad connection url to "ldap://domaincontroller.mycompany.com/dc=testdomain,dc=mycompany,dc=com
    This resulted in the error you have descibed.
    Finally I put the following entry in the hosts file on my local PC
    192.168.0.10 domaincontroller.testdomain.mycompany.com (192.168.0.10 is the ip address of the domain controller) and then it worked!

  • How to do JAAS and J2EE Deployment Descriptor ACL : Please help

    I am trying to develop a Single sign on application using EJB's, JAAS,
    ACL, struts and JSP to Log in with a form authenticate (using
    j_security_check to hook into the web.xml security) then pull a user
    from a database and use the roles defined there for authorization in
    the rest of the system?
    The examples on the web are from java clients to RMI, they also sit
    alone. They dont say how to hook them into weblogic. They say to use
    JAAS but they have just JAAS examples! No hooking of it into an EJB,
    servlet, etc! They also dont show how to hook that code into web
    server to use it as your security module!
    What Settings/configuration I need to make in the web server for JAAS
    to work. How the logic proceeds to authorization after form is
    submitted using j_security_check. and to further logic in the
    application. How is it then integrated with the Struts action forms.
    Help, I'm at a loss. They recommend using JAAS but their documentation
    and examples do not explain how. We have a complex real world product
    and need examples of
    the same. Can somebody provide me a working real-life example which
    really work and give me some pointers to proceeds that will be really
    helpful.
    Thanks in advance for the help.

    I am trying to develop a Single sign on application using EJB's, JAAS,
    ACL, struts and JSP to Log in with a form authenticate (using
    j_security_check to hook into the web.xml security) then pull a user
    from a database and use the roles defined there for authorization in
    the rest of the system?
    The examples on the web are from java clients to RMI, they also sit
    alone. They dont say how to hook them into weblogic. They say to use
    JAAS but they have just JAAS examples! No hooking of it into an EJB,
    servlet, etc! They also dont show how to hook that code into web
    server to use it as your security module!
    What Settings/configuration I need to make in the web server for JAAS
    to work. How the logic proceeds to authorization after form is
    submitted using j_security_check. and to further logic in the
    application. How is it then integrated with the Struts action forms.
    Help, I'm at a loss. They recommend using JAAS but their documentation
    and examples do not explain how. We have a complex real world product
    and need examples of
    the same. Can somebody provide me a working real-life example which
    really work and give me some pointers to proceeds that will be really
    helpful.
    Thanks in advance for the help.

  • How to do JAAS and J2EE Deployment Descriptor ACL in WLS

    The examples on this website and shipped with WLS stink. Does there exist a GOOD
    example of how to
    Log in with a form
    authenticate (I guess using j_security_check to hook into the web.xml security)
    then pull a user from a database and use the roles defined there for authorization
    in the rest of the system?
    The weblogic examples are from java clients to RMI (ya, thats handy). They also
    sit alone. They dont say how to hook them into weblogic. They say to use JAAS
    but they have just JAAS examples! No hooking of it into an EJB, servlet, etc!
    They also dont show how to hook that code into WLS to use it as your security
    module!
    Help, I'm at a loss.
    They recommend using JAAS but their documentation and examples of doing so suck
    or are non existant. We have a complex real world product and need examples of
    the same. Stupid, stand alone examples that teach nothing do no help.
    frustrated at BEA for their poor documentation and support,
    Mike

    Also, I use struts....
    In struts you have to extend the Action class which then calls the perform()
    method on your servlet.
    So to call an EJB I have to have my servlet implement PrivilegedAction?
    If so, then this wants a run() method. Struts calls perform so that means
    I'm going to have to make another class to call from my servlet with a run
    method()? Or I'm going to have my servlet implement PrivledgedAction and
    call Security.runAs()?
    What if I just want to call the EJB from my servlet and put my security
    credentials in the JNDI lookup? I want the container to use the roles of the
    user in the JNDI lookup to authorize methods based on the deployment
    descriptors.
    thanks,
    Mike
    "Vimala Ranganathan" <[email protected]> wrote in message
    news:[email protected]...
    Hi Micheal,
    Attached is an exmaple of JAAS login and invoking an EJB.
    Let me know if this turns out to be useful.
    Regarding the form based authentication, Could you be more clear on whatissue you are
    facing?
    Just as note, when you use form based login, WLS would authenticate theuser against
    the realm
    WLS is setup for, which could be a file Realm, or a RDBMS realm (in whichcase users
    and groups are from database)
    Roles cannot be defined at the database level. This needs to be atapplication level
    which you can define in web.xml or
    console(in 7.0)
    If you need any specific help or more information please let me know.
    Vimala
    Michael Lee wrote:
    The examples on this website and shipped with WLS stink. Does there
    exist a GOOD
    example of how to
    Log in with a form
    authenticate (I guess using j_security_check to hook into the web.xmlsecurity)
    then pull a user from a database and use the roles defined there forauthorization
    in the rest of the system?
    The weblogic examples are from java clients to RMI (ya, thats handy).They also
    sit alone. They dont say how to hook them into weblogic. They say to useJAAS
    but they have just JAAS examples! No hooking of it into an EJB, servlet,etc!
    They also dont show how to hook that code into WLS to use it as yoursecurity
    module!
    Help, I'm at a loss.
    They recommend using JAAS but their documentation and examples of doingso suck
    or are non existant. We have a complex real world product and needexamples of
    the same. Stupid, stand alone examples that teach nothing do no help.
    frustrated at BEA for their poor documentation and support,
    Mike

  • JAAS and J2EE SDK -- please help!

    Hi,
    I'd like to know if it is possible to use customized LoginModule classes in the J2EE SDK reference impl. 1.3
    If so what I can't understand is the following:
    if I use the form-based auth. mechanism in my web app. how can I specify which login module to use? I mean I know JAAS needs an entry in a configuration file such as
    mylogin{
      MyLoginModule required debug=false;
    };but my question is in what file should I add it? clientlogin.config, login.config or serverlogin.config?
    And much more important question is: how can I then specify that I need to use the "mylogin" entry?
    I don't know how the JSecurityCheck servlet work, is there any document where I can find the source code of it?
    Please can anyone help me?
    Thanks in advance.

    I managed to get it working in tomcat 4.0 if you create a config file with the details you've specified called login.config you then need to pass it as a parameter when you start your servlet engine
    i.e. -Djava.security.auth.login.conf=login.config

  • JAAS and JSF

    hey all,
    i managed to create a JAAS loginModule, the JAAS config file , Handler. everything works perfectly .
    my problem is how do i update the http session with the JAAS subject ??
    i have seen in the forum examples of loading the subject into the session by using the following line :
    Subject.doAs(lc.getSubject(), new WorkingClass(request, resp));
    what is WorkingClass ?
    any ideas ?
    i am using JSF but i don't mind getting an answer in jsp ,servlets ....
    Thank you

    As far as I know, the consensus seems is don't use JSF for your login forms as the login form controls can't be set to j_username and j_password as required by the servlet container for form-based logins. It's better (and pretty easy) to create your own login form and let the container take care of checking security roles, displaying your login JSP etc.
    If this doesn't give you enough flexibility then you may want to consider using servlet filters, or the discussion at http://forum.java.sun.com/thread.jsp?forum=427&thread=502322 may be of some help.
    Regards,
    Keith.

Maybe you are looking for

  • Streaming is ok but saved files are not

    Hello When I watch a sequence directly from the net, everything is ok. But if I save it for later and open it from the local file I can't watch it correctly. The sound and the images are jerked. For example I can't read the new TV ADs from Apple in l

  • Top 10 Values in Pivot Graph, but not in Report level..

    Hi Frnds, We have an urgent requirement in OBIEE 11.1.1.6.6 We have one Count measure column and Supplier column in my report. And now my client wants to show all the records in Table level. But, they want to show only top 10 records in pivot graph.

  • Error during New Version Creation in Controlling

    Hi I am creating new version in Controlling (tried copying from existing Versions too), and getting the given below error message. We are working on SAP R/3 4.7. Valuation in controlling area xxxx is inconsistent -> please check Message no. KT340 Dia

  • How to Port Forward on Cisco 1900 Router?

    We have a cisco 1900 router. I m new to cisco routers commands, recently started learning. I need to forward all requests coming from port 1723 from outside to inside server ip. I check "show running-config" and I see already forwarded ports and ip l

  • Nokia lumia 1320 how to download movies?

    I'm new w/ this device and I trying hard to look for movie downloader? Pls. Advice me what app. I can install so that I can download movies.thx