JAAS in Web Applications

Similar Messages

• JAAS web application

  Subject: JAAS application
  Hi,
  I am very much new to the jaas and web applications , can any one please guide me in finding the white papers for the JAAS stuff .. i had been through many files but could not find a suitable stuff for it .. It would be great if some one can send a simple application using JAAS
  to my mail id [email protected]
  Thanks in advance
  lkor

  Hi,
  please do some one help me with this .....
  koruel

• Example JAAS web application

  Hi all,
  I am new to using jaas technology in web application.
  I have seen some examples in sun which are working fine through command prompt. I am looking web examples .
  I have read the following article which explains good but where to keep the jaas.config file and configure details are not clear
  http://www.javaworld.com/javaworld/jw-09-2002/jw-0913-jaas.html?page=1
  It will be great if somebody gives some idea.
  Raghu

  Hi ,
  Can you tell me where to do this entery , in which file :
  -Djava.security.auth.login.config=D:/3110/conf/Jaas.config
  Which file has to be updated when you run jaas through web application .
  My Code is working fine for client side , but when integrated to web , error comes :
  Login Module is nort configured for Sample1 .

• PROBLEM: loading jaas.config in the web application

  Hi,
  my problem was load jaas.config in the web application, the way that I suppose was best it's to load a configuration file in the web.xml of my application, but I they are not a veteran of xml and I have a problem of implementation for this solution.
  I hope you know a solution of my problem because I was deprived of hope!
  HELP ME PLEASE!

  Hi,
  I hope that replay me on my new quesion.
  I have find a class "Configuration" that load a configuration file of jaas, but I don't understand how use it. Because I want pass it to LoginModule in the costructor.
  Can you help me with an example code?
  Thanks

• Web application security. Getting username and password from database

  Hi!
  I need to write the following web application (I write it using java server faces):
  1) User enters his username/password on the login page
  2) Program goes to database where there are tens of thousands of usernames/passwords, and verifies it.
  3) If user and password exist in DB, user gets access to the other pages of the application
  Maybe I don't understand some point. I tried to use j_security_check(it's very easy to configure secured pages in web.xmp). The problem is that it works(as far as I understand) only with roles defined on server before the application runs. I can't add ALL these usernames to the roles on server. The best way, as I see it, is to go to DB, check username/password, create new role for the time of session, go to j_security_check where the j_username and j_password get the values from db and get the access to secured pages(as far as the roles have been dinamically added).
  Am I right and this should be the algorithm?
  How can I implement it?
  I've read about JAAS. How can it help to solve the problem? Do I need j_security_check if I use JAAS? How should I configure my application if I use it?
  Could you please give me some code example?
  All this must work on IIS (for now, I develope it in Netbeans and run it on Java Application Server)
  Please help.
  Edited by: nemaria on Jul 7, 2008 2:39 AM

  Hi,
  Any security constrained url pattern which calls the action j_security_check passes the parameter to the realm mentioned in the server.xml.If the realm is set as JAAS,then the authenticate method of the jaasrealm does the basic validation like non empty field value from the input form.The appname set as the realm parameter points to the one or more loginmodules which has the life cycle methods like initialize(...),login(),commit(),abort() and logout().Once the basic validation is done in the JaasRealm class of the webcontainer,the LoginContext is created and user is autheticated (against DB username/password) via the login().Then the user is authourised in the commit().Then Jaasrealm takes care of creating the LoginContext,calling login(),creating Subject with principals,credentials added and setting that in the session.
  I have a big trouble in accessing the HttpServletRequest object in the LoginModules.i.e getting the j_username and j_password in the LoginModules or in the CallBackHandlers.PolicyContext doesn't work for me.Is there any other way?
  Regards,
  Ganesh

• Looking up external JNDI (JBOSS Namely) from web applications.

  Hi,
  I am unable to look up names bound to JBOSS JNDI from external web apps.
  Dump of the JBOSS JNDI
  java: Namespace
  +- XAConnectionFactory (class: org.jboss.mq.SpyXAConnectionFactory)
  +- DefaultDS (class: javax.sql.DataSource)
  +- SecurityProxyFactory (class: org.jboss.security.SubjectSecurityProxyFactory)
  +- ABTestDS (class: javax.sql.DataSource)
  +- DefaultJMSProvider (class: org.jboss.jms.jndi.JNDIProviderAdapter)
  +- comp (class: javax.naming.Context)
  +- JmsXA (class: org.jboss.resource.adapter.jms.JmsConnectionFactoryImpl)
  +- ConnectionFactory (class: org.jboss.mq.SpyConnectionFactory)
  +- jaas (class: javax.naming.Context)
  | +- JmsXARealm (class: org.jboss.security.plugins.SecurityDomainContext)
  | +- jbossmq (class: org.jboss.security.plugins.SecurityDomainContext)
  | +- HsqlDbRealm (class: org.jboss.security.plugins.SecurityDomainContext)
  +- timedCacheFactory (class: javax.naming.Context)
  Failed to lookup: timedCacheFactory, errmsg=null
  +- TransactionPropagationContextExporter (class: org.jboss.tm.TransactionPropagationContextFactory)
  +- StdJMSPool (class: org.jboss.jms.asf.StdServerSessionPoolFactory)
  +- Mail (class: javax.mail.Session)
  +- TransactionPropagationContextImporter (class: org.jboss.tm.TransactionPropagationContextImporter)
  +- TransactionManager (class: org.jboss.tm.TxManager)
  +- hibernate (class: org.jnp.interfaces.NamingContext)
  | +- SessionFactory (class: org.hibernate.impl.SessionFactoryImpl)
  Global JNDI Namespace
  +- XAConnectionFactory (class: org.jboss.mq.SpyXAConnectionFactory)
  +- UIL2ConnectionFactory[link -> ConnectionFactory] (class: javax.naming.LinkRef)
  +- UserTransactionSessionFactory (proxy: $Proxy11 implements interface org.jboss.tm.usertx.interfaces.UserTransactionSessionFactory)
  +- HTTPConnectionFactory (class: org.jboss.mq.SpyConnectionFactory)
  +- console (class: org.jnp.interfaces.NamingContext)
  | +- PluginManager (proxy: $Proxy37 implements interface org.jboss.console.manager.PluginManagerMBean)
  +- UIL2XAConnectionFactory[link -> XAConnectionFactory] (class: javax.naming.LinkRef)
  +- UUIDKeyGeneratorFactory (class: org.jboss.ejb.plugins.keygenerator.uuid.UUIDKeyGeneratorFactory)
  +- HTTPXAConnectionFactory (class: org.jboss.mq.SpyXAConnectionFactory)
  +- topic (class: org.jnp.interfaces.NamingContext)
  | +- testDurableTopic (class: org.jboss.mq.SpyTopic)
  | +- testTopic (class: org.jboss.mq.SpyTopic)
  | +- securedTopic (class: org.jboss.mq.SpyTopic)
  +- queue (class: org.jnp.interfaces.NamingContext)
  | +- A (class: org.jboss.mq.SpyQueue)
  | +- testQueue (class: org.jboss.mq.SpyQueue)
  | +- ex (class: org.jboss.mq.SpyQueue)
  | +- DLQ (class: org.jboss.mq.SpyQueue)
  | +- D (class: org.jboss.mq.SpyQueue)
  | +- C (class: org.jboss.mq.SpyQueue)
  | +- B (class: org.jboss.mq.SpyQueue)
  +- ConnectionFactory (class: org.jboss.mq.SpyConnectionFactory)
  +- UserTransaction (class: org.jboss.tm.usertx.client.ClientUserTransaction)
  +- jmx (class: org.jnp.interfaces.NamingContext)
  | +- invoker (class: org.jnp.interfaces.NamingContext)
  | | +- RMIAdaptor (proxy: $Proxy36 implements interface org.jboss.jmx.adaptor.rmi.RMIAdaptor,interface org.jboss.jmx.adaptor.rmi.RMIAdaptorExt)
  | +- rmi (class: org.jnp.interfaces.NamingContext)
  | | +- RMIAdaptor[link -> jmx/invoker/RMIAdaptor] (class: javax.naming.LinkRef)
  +- HiLoKeyGeneratorFactory (class: org.jboss.ejb.plugins.keygenerator.hilo.HiLoKeyGeneratorFactory)
  +- UILXAConnectionFactory[link -> XAConnectionFactory] (class: javax.naming.LinkRef)
  +- UILConnectionFactory[link -> ConnectionFactory] (class: javax.naming.LinkRef)
  I have an external web application that has
  jndi.properties in the classpath -- JBOSS is running on localhost
  java.naming.factory.initial=org.jnp.interfaces.NamingContextFactory
  java.naming.provider.url=jnp://localhost:1099
  java.naming.factory.url.pkgs=org.jboss.naming:org.jnp.interfaces
  web.xml for my external webapp
  <resource-ref>
  <res-ref-name>jdbc/ABTestDS</res-ref-name>
  <res-type>javax.sql.DataSource</res-type>
  <res-auth>Container</res-auth>
  </resource-ref>
  <resource-ref >
  <res-ref-name>hibernate/SessionFactory</res-ref-name>
  <res-type>net.sf.hibernate.SessionFacory</res-type>
  <res-auth>Container</res-auth>
  </resource-ref>
  Mycode:
  try {
  Context ctx = new InitialContext();
  sessionFactory = (SessionFactory) ctx.lookup("java:comp/env/hibernate/SessionFactory");
  } catch (ClassCastException cce) {
  throw new ServiceLocatorException(cce);
  } catch (NamingException ne) {
  throw new ServiceLocatorException(ne);
  I get a NamingException.
  Any hints would be really appreciated.
  thanks
  MH

  I have hte same question
  Hey DID you figure it out?
  let me know please
  maybe by email:
  [email protected]
  THANKS A LOT

• JAAS: Swing & Web implementation

  Hi,
  I want to use the JAAS mechanism in 2 applications: one of them is a swing application and the other is a web application.
  I would like to use the same interface for both applications.
  I implemented it in the "swing way": using my own callbackHandler, LoginModule & principals.
  I am using these files also for the web application: After Login, in the Java bean I create my LoginContext instead of using the j_security_check.
  Can I use the LoginContext instead of calling the j_security_check servlet?
  My guess is that the j_security_check servlet is just an implementation of the JAAS "swing" flow and therefore I'll get the same results.
  Am I right?
  Thanks a lot,
  Efrat

  Hi,
  you can look towards jGuard (www.jguard.net):
  it integrates JAAS in j2ee environment, and add more flexibility and many features.
  cheers,
  Charles(jGuard team).

• JAAS restrict web page access

  Hi,
  I am planning to implement JASS autherization in my web application.
  1. I want to restrict the role to access few certain jsp, servlet pages. What entry should i make in policy file, so that when the role tries to access that jsp file, it should automatically redirect user to some different jsp page.
  2. I want to have some Access Control List in authorization, so that the logged in user has access to certain functions, product etc. How can i take help of JAAS.
  I can created my own custom ACL and put the same in session. How its different from JAAS.
  Thanks
  Vinayak

  hi,
  you should look towards jGuard (jguard.sourceofrge.net) which enable easy JAAS integration into J2ee and wrap the jaas complexity.
  sincerly yours,
  Charles(jGuard team).

• IIS 7.5 URL Rewrite: Hit specific page of a web application but should be redirected to another application's page

  I have deployed 2 different web application on IIS 7.5 running on Windows Server 2008 R2 but on different port numbers i.e. one application deployed on port no. 1776 and another on 8091. I want to rewrite URL in such a way that if i hit any page of first
  application such as default.aspx then it will be redirected to particular page of another application along with some changes in url.
  Example: if i access any page from first application like:
  http://g2wv126rbsc:1776/sites/main/commercial/commercial-solutions/financing/default1.aspx
  then it should redirect to specific page of another application along with some changes in url:
  http://g2wv126rbsc:8091/main/commercial/commercial-solutions/financing/default2.aspx
  Note: In above mentioned url, also removed "sites".
  I tried to create a inbound rule through URL Rewrite module (installed on IIS 7.5) by selecting Action as "Rewrite" but didn't find any success.
  I need some examples if anyone has come across same kind of issue.
  Thanks in advance.

  Please post ASP.NET questions in the ASP.NET forums (http://forums.asp.net ).

• Problems access to a web application (Web Interface or Web report)

  Hi,
  We found problems with the access to web application. Some users have problems with direct links to the web applications(Web Interface or Web reporting), when they click on the link an error message appears, the message displays the following text:
  "Cannot open file Bex?sap-language=ENbsplanguge=ENcmd=idoc_TE.."
  Clicking in details the message is "No Access to specified file"
  For this users the access to excel reporting is correct, the message appears when they click on the direct web links through the browser or directly in BW system, but if they type the URL they can access. Other users can use the direct web link without problems.
  I highly appreciate any help or idea about how to solve this issue.
  Thanks in advance.

  HI,
  please ask to your basis that check the language of every single user on su01 tx.
  This is the problem i think.
  Natalia.

• How to configure request manager service for multiple website in one web application

  I have set up sp 2013 as below:
   web application : wa1
  site collection : sc1
  sp site: site1, site2
  I used 2 WFE, 1 APP, how can I use request manager service to control  site1 to wfe1, site2 to wfe2?
  Awen

  That's not what i'd describe as load balancing.
  A better description would be load-isolation. In your description then if the load on site1 was large (and growing) but site2 was quiet then site1 would struggle and eventually become unable to handle the number of users but site2 would still be ok. That's
  fine from a QOS point of view but it's not the norm for load balancing. It would work in simple scenarios but the out of the box load balancing tools are much better suited than that sort of approach.
  This article shows how to configure the RMS and may help show how your request is difficult to configure:
  http://www.harbar.net/articles/sp2013rm2.aspx

• How can we remove javascript completly from J2EE based web application?

  java script produce lots of problem in web application i just want to remove them comletly

  rinku5259 wrote:
  java script produce lots of problem in web application i just want to remove them comletly3 easy steps
  1. using the mouse or keyboard, select the javascript code
  2. press the delete button on the keyboard
  3. save the file
  do that for each file that has JavaScript in it

• Error while running web application through JDEV (10.1.3.0.3) in OC4J

  Error while running web application through JDEV (10.1.3.0.3) in OC4J.
  Here is the error message.
  07/10/02 14:45:28 Exception in thread "OC4J Launcher" oracle.classloader.util.AnnotatedNoClassDefFoundError:
       Missing class: javax.xml.bind.JAXBContext
       Dependent class: com.oracle.corba.ee.impl.orb.config.InternalSettingsORBConfigImpl
       Loader: oc4j:10.1.3
       Code-Source: /C:/jdev/j2ee/home/lib/oc4j-internal.jar
       Configuration: <code-source> in boot.xml in C:\jdev\j2ee\home\oc4j.jar
  The missing class is not available from any code-source or loader in the server.
  07/10/02 14:45:28      at oracle.classloader.PolicyClassLoader.handleClassNotFound (PolicyClassLoader.java:2073) [C:/jdev/j2ee/home/lib/pcl.jar (from system property java.class.path), by sun.misc.Launcher$AppClassLoader@7]
       at oracle.classloader.PolicyClassLoader.internalLoadClass (PolicyClassLoader.java:1681) [C:/jdev/j2ee/home/lib/pcl.jar (from system property java.class.path), by sun.misc.Launcher$AppClassLoader@7]
       at oracle.classloader.PolicyClassLoader.loadClass (PolicyClassLoader.java:1633) [C:/jdev/j2ee/home/lib/pcl.jar (from system property java.class.path), by sun.misc.Launcher$AppClassLoader@7]
       at oracle.classloader.PolicyClassLoader.loadClass (PolicyClassLoader.java:1618) [C:/jdev/j2ee/home/lib/pcl.jar (from system property java.class.path), by sun.misc.Launcher$AppClassLoader@7]
       at java.lang.ClassLoader.loadClassInternal (ClassLoader.java:319) [jre bootstrap, by jre.bootstrap]
       at com.oracle.corba.ee.impl.orb.config.InternalSettingsORBConfigImpl.init (InternalSettingsORBConfigImpl.java:46) [C:/jdev/j2ee/home/lib/oc4j-internal.jar (from <code-source> in boot.xml in C:\jdev\j2ee\home\oc4j.jar), by oc4j:10.1.3]
       at com.oracle.corba.ee.impl.orb.config.SunRIORBConfigImpl.init (SunRIORBConfigImpl.java:97) [C:/jdev/j2ee/home/lib/oc4j-internal.jar (from <code-source> in boot.xml in C:\jdev\j2ee\home\oc4j.jar), by oc4j:10.1.3]
       at com.oracle.iiop.server.IIOPServerExtensionProvider.configureOrb (IIOPServerExtensionProvider.java:26) [C:/jdev/j2ee/home/lib/oc4j-internal.jar (from <code-source> in boot.xml in C:\jdev\j2ee\home\oc4j.jar), by oc4j:10.1.3]
       at com.oracle.corba.ee.impl.orb.ORBServerExtensionProviderImpl.preInitApplicationServer (ORBServerExtensionProviderImpl.java:45) [C:/jdev/j2ee/home/lib/oc4j-internal.jar (from <code-source> in boot.xml in C:\jdev\j2ee\home\oc4j.jar), by oc4j:10.1.3]
       at com.evermind.server.ApplicationServer.serverExtensionPreInit (ApplicationServer.java:1031) [C:/jdev/j2ee/home/lib/oc4j-internal.jar (from <code-source> in boot.xml in C:\jdev\j2ee\home\oc4j.jar), by oc4j:10.1.3]
       at com.evermind.server.ApplicationServer.setConfig (ApplicationServer.java:861) [C:/jdev/j2ee/home/lib/oc4j-internal.jar (from <code-source> in boot.xml in C:\jdev\j2ee\home\oc4j.jar), by oc4j:10.1.3]
       at com.evermind.server.ApplicationServerLauncher.run (ApplicationServerLauncher.java:98) [C:/jdev/j2ee/home/lib/oc4j-internal.jar (from <code-source> in boot.xml in C:\jdev\j2ee\home\oc4j.jar), by oc4j:10.1.3]
       at java.lang.Thread.run (Thread.java:595) [jre bootstrap, by jre.bootstrap]

  Hi,
  The guide you were refering was pointing to 10.1.2 wizards.
  For the latest 10.1.3 tutorial, please follow the below tutorial link :
  http://www.oracle.com/technology/products/jdev/101/tutorials/WS/WSandAScontrol.htm
  Hope this helps,
  Sunil..

• Error while web application deployment in NetBeans5.5

  Error while web application deployment in NetBeans5.5. I am always getting Tomcat deployment error. using Netbeans 5.5.1 with bundeld tomcat. But in some machines its working fine.
  regards
  jossy v jose

  What is the error message you see?
  Are there any stacktraces or other relevant messages in the ide log file? (The ide log file is [userdir]/var/log/messages.log. On userdir: http://blogs.sun.com/karthikr/entry/jse_directories)
  You can also check the server log file to see if there are more detailed messages.
  You can also try setting ant's verbose level to debug or verbose (Tools | Options | Miscellaneous | Ant | Verbosity Level) and check the output.

• Error while deploying web application in OAS

  I was trying to deploy a web application in OAS through enterprise manager. But I get the following error. Can any one please help me.
  An error occurred when processing the data submitted. Find the appropriate field and enter the correct information as noted next to each field.
  Archive Location - Failed in uploading archive. Invalid archive file: Unsupported archive type. unknown

  As the error message tells, did you make sure you have a correct/valid archive file? You might try deploying it from command line to make sure issue isn't at EM side.
  For 10.1.3 refer:
  http://download.oracle.com/docs/cd/B32110_01/web.1013/b28951/overview.htm#CJAJHJIA
  For 10.1.2 refer:
  http://download.oracle.com/docs/cd/B14099_19/core.1012/b13997/cmds.htm#BEIJGHDG
  http://download.oracle.com/docs/cd/B14099_19/core.1012/b13997/cmds.htm#BEICHFGJ
  Thanks
  Shail