JAAS in WLS6
Can anyone tell me the extent of support for JAAS in WLS 6, please, as I
understand its not a full implementation.
We're interested in using JAAS with WL6 to provide a single logon to the
system so that when a user tries to access other services during their
session, they will be logged-on to them behind the scenes.
Thanks
Dave
FYI: currently WLS6 is only supported in the beta newsgroups on this server.
WLS6 has support for a JAAS authentication provider only.
.paul
Dave Horner wrote:
Can anyone tell me the extent of support for JAAS in WLS 6, please, as I
understand its not a full implementation.
We're interested in using JAAS with WL6 to provide a single logon to the
system so that when a user tries to access other services during their
session, they will be logged-on to them behind the scenes.
Thanks
Dave
Similar Messages
-
Use of JAAS in WLS6 for sngle logon
We're in the design stage of a product, which will be based on Weblogic Server 6 and are hoping to use JAAS.
I'm quite new to WL in general and JAAS security and having read the documentation, I'm still not clear on a few points about how JAAS is used in WLS6.
We're intending to provide a single logon for the system and then to log users on to other services such as email etc. behind the scenes, when the user requests them.
Does JAAS in WLS6 support this and if so, how best could we achieve it?
One idea I've read on the Sun site is that you can instantiate multiple LoginContexts at different times during the user session, each using a different Configuration pointing to different LoginModules to achieve this.
A couple of other things I've come across which may be useful in this context are :-
the <run-as-specified-identity> tag in the deployment descriptor
LoginModules being able to share information
Any help much appreciated
DaveSorry for the delay in replying, I was on vacation
Dave <[email protected]> wrote in message
news:[email protected]...
>
Thanks for the reply Alex.
If we just have a single LoginContext with multiple LoginModules, wouldn'tthat mean that when a user logged-on, it would log them on to all of the
services at the same time ?
Yes, that is the sequence specified under JAAS
We were trying to make it so that after the initial logon to the system,the user would be logged on to other services only when they accessed them
explicitly. Does that mean that we need multiple LoginContexts still ?
Unfortunately yes, you will need multiple LoginContext instances to do that.
set configuration
new context
context.login
context.getSubject
Subject.doAs(subject, action)
>
I understand that WLS6 will only provide for JAAS Authentication, notAuthorisation. Does that mean I need to use it in conjunction with the
existing Weblogic Authorisation, such as ACLs and Realms ?
>
The WLS6 JAAS implementation wrappers the existing ACL implementation and is
independant of the realm being used. Internally the Subject.doAs method
checks the ACLs of the user associated with the specified Subject instance.
Can I also ask about the granularity of Resources that can be protected byaccess control. Would these be at the level of Servlets, beans etc.
I believe you can but I'm not sure, check in the documentation on Servlets &
beans or post a followup question in those groups
>
Is the Beta Refresh available for downloaded now ? If not, how soon doyou think it would be ?
>
The beta refresh should be available early the week of 11/13
As regards the <run-as-specified-identity> tag in the deploymentdescriptor. Could you briefly explain its use and whether it would help us
with our logon approach ?
Again I'm not sure, again please post this to the associated group Servlets,
Beans, etc.
>
Thanks very much for your help again.
Dave
"Alex McDonald" <[email protected]> wrote:
Dave,
The WLS 6 JAAS implementation will support what you intend. While there
were
several bugs in the initial WLS 6 Beta these have been fixed in the Beta
refresh, if you need the updated files sooner I can send you a zip.
I would suggest the following. Single LoginContext, multipleloginModules.
Set your first configured loginModule to prompt for theusername/password,
each of the following loginModules can than use that information behindthe
scenes or prompt as needed for additional user info. Configure the first
loginModule as REQUISITE so that it must succeed for the login process to
continue. The WLS 6 JAAS sample loginModule implementation contains theWLS
login information, additional email, etc services can be added to the
Subject container as needed.
Alex
Dave <[email protected]> wrote in message
news:[email protected]...
We're in the design stage of a product, which will be based on WeblogicServer 6 and are hoping to use JAAS.
I'm quite new to WL in general and JAAS security and having read thedocumentation, I'm still not clear on a few points about how JAAS is usedin
WLS6.
We're intending to provide a single logon for the system and then to
log
users on to other services such as email etc. behind the scenes, when the
user requests them.
Does JAAS in WLS6 support this and if so, how best could we achieve it?
One idea I've read on the Sun site is that you can instantiate multipleLoginContexts at different times during the user session, each using a
different Configuration pointing to different LoginModules to achievethis.
>>>
A couple of other things I've come across which may be useful in thiscontext are :-
the <run-as-specified-identity> tag in the deployment descriptor
LoginModules being able to share information
Any help much appreciated
Dave -
Problem with JAAS example in WLS6.0sp1
Hi,
I tried to run the SampleClient from the JAAS example in WLS6.0sp1 and got an
exception
when a valid username/password combination is entered. Has anyone experienced
that in WLS6.0sp1?
Thanx
Ralf
SampleLoginModule.initialize(), debug enabled
SampleLoginModule.initialize(), URL t3://localhost:7001
SampleLoginModule.login(), username guest
SampleLoginModule.login(), password guest
Authentication Failed: Unexpected Exception, java.lang.NoSuchMethodError
at weblogic.security.auth.Authenticate.authenticate(Authenticate.java:124)
at examples.security.jaas.SampleLoginModule.login(SampleLoginModule.java:157)
at java.lang.reflect.Method.invoke(Native Method)
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:595)
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:125)
at javax.security.auth.login.LoginContext$3.run(LoginContext.java:531)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.login.LoginContext.invokeModule(LoginContext.java:528)
at javax.security.auth.login.LoginContext.login(LoginContext.java:449)
at examples.security.jaas.SampleClient.main(SampleClient.java:92)Weblogic comes with its own implementation of JAAS, unfortunately
conflicting with Sun's. Contact customer support, they will tell you the
exact differences and incompatibilities. Or reverse engineer the two
versions, you'll find quite a few differences (apart from the BEA version
not implementing JAAS authorization, which is documented).
"Narinder Gaheer" <[email protected]> wrote in message
news:[email protected]..
I am happy someone came up with this problem. I also bent backwardssolving
this problem
in my application.
I figured out that as soon as I remove the standard jaas.jar from my
classpath , I can run the example successfully. Weblogic.jar does contain
necessary jaas library , so don't need to include jaas.jar.
I am not sure, but I get the feeling that there is a jaas library conflict
here. May be weblogic
guys are the best to put some light on this issue.
"Ralf Fritsche" <[email protected]> wrote in message
news:3b15188e$[email protected]..
I found out, that the example runs with the JDK delivered by BEA,
but not with a JDK I downloaded from SUN.
Wheras with the first the provided way to set the user defined
configuration class with the system property'weblogic.security.jaas.Configuration'
works, this is not possible with another JDK. According to the
JAAS standard, this class could only be defined in the properties
file 'java.security' of the Java runtime.
How is BEA doing this?
Thanx
Ralf -
WLS6.0 sp1 and MS Active Directory
Hi,
Is it possible to configure WLS' LDAP security realm to use MS' Active
Directory to authenticate users? A quick yes or no would be appreciated -
I'll worry about the finer details of how later!!
Regards
Laura AllenCustom realm of course with the weblogic....ldaprealmv2.LDAPRealm
implementation class.
We did not use Kerberos authentication - just the plain password
authentication in "cleartext". Our servers are inside a secure data center -
no encryption required. That's why we did not need jdk1.4.
"Marc Carrion" <[email protected]> wrote in message
news:[email protected]...
>
Are you telling that you configured the ldap realm of WL to use activedirectory?
or you used your custom realm?
To use the authentication with Kerberos you need to use GSS-API and it'snot
included in jdk1.3 neither in jaas, that's why I needed to use jdk1.4
Can you explain how did you do that?
Thanks,
Marc
"Roy Cornell" <[email protected]> wrote:
Hi Laura:
No, BEA did not confirm the compatibility. We did our own investigation
and
found that the two systems work well together. One of the highlights
of the
research was the fact that the configuration of the WLS custom realm
for
Active Directory was more similar to Netscape Directory or Open LDAP
than to
the MS Site Server.
I am attaching the sample settings for the LDAP realm:
server.host=<some-ip-or-name>
server.principal=CN=wlsadmin001,OU=WLSMEMBERS1,DC=company,DC=com
user.filter=(&(cn=%u)(objectclass=user))
user.dn=OU=WLSMEMBERS1,DC=company,DC=com
group.filter=(&(cn=%g)(objectclass=group))
group.dn=OU=WLSGROUPS1,DC=company,DC=com
membership.filter=(&(member=%M)(objectclass=group))
We used the AD for authenticating the users and for authorizing the EJB
methods. AD contained the users and their security roles and the
deployment
descriptiors of the EJB's contained the permissions for the security
roles.
We ran repeated tests and were more or less satisfied.
Regards
P.S.
we used WLS 6.1 Jdk 1.3
----- Original Message -----
Sent: Tuesday, September 18, 2001 5:40 AM
Subject: WLS6.0 and Active Directory
Forgive me contacting you directly, but did you recieve a reply fromBEA
as
to whether WLS supports interaction with Active Driectory? And wereyou
attempting to use Active Directory just for user authentication? Anyinfo
on how WLS and Active Directory interact would be appreciated!
Regards
Laura Allen
The information in this e-mail and any attached files is confidential.It
is intended solely for the use of the addressee. Any unauthorised
disclosure or use is prohibited. If you are not the intended
recipient
of
the message, please notify the sender immediately and do not disclosethe
contents to any other person, use it for any purpose, or store or copythe
information in any medium. The views of the author may not necessarily
reflect those of the Company.
"Laura Allen" <[email protected]> wrote in message
news:[email protected]...
Hi,
Is it possible to configure WLS' LDAP security realm to use MS' Active
Directory to authenticate users? A quick yes or no would be
appreciated
I'll worry about the finer details of how later!!
Regards
Laura Allen -
Opinions on implementing a JAAS login module to achieve SSO
We are looking at implementing SSO from a sharepoint website to the portal. The users who are accessing the Sharepoint site are using their own computers and are not members of the AD Domain, so they could theoretically be using any computer in the world to access Sharepoint.
the desired user experience looks something like this.
user--login> sharepoint site -no login--
>portal
One of the methods we are looking at to achieve this is to implement a custom JAAS login module that would authenticate the user if they are coming from the Sharepoint site.
I would like to get your opinions on how viable you think this method is. One of the goals of this method is ease of implementation, so if you can think of an easier way to implement this please let us know.
the method is basically this.
1. User logs into sharepoint using their AD username and password and establish an active session with sharepoint
2. user navigates to a link in sharepoint that points to a resource in the SAP Portal
3. we don't want the user to have to login to access the resource when they click on the link
4. to facilitate this, sharepoint has constructed the link in the following way
5. the link is an https link
6. the link has two additional parameters in addition to whatever is necessary to navigate to the resource
7. the parameters are
8. un = the users AD username
9. uh = sha1("secret_password_known_to_both_the_login_module_and_sharepoint" + "username")
10. the user clicks the link and is directed to the SAP portal
11. the sap portal has a custom JAAS login module which performs it's checks before the other login modules
12. the custom module computes ( sha1("secret_password_known_to_both_the_login_module_and_sharepoint" + un)) and then compares the result with uh, if they are equal, the custom login module authenticates the user bypassing any further need for authentication, otherwise authentication passes to the original authentication modules as normal.
If you think there is an easier way, please let us know. We are essentially looking for the easiest/fastest way to implement this functionality that is still secure.Hey Gary,
I'm currently using Apache running on RedHat that leverage Apache's mod_rewrite module. I've got a bank of 6 reverse proxies sitting in front of an SAP Portal and each proxy runs on a host with dual 3.33GHz processors and 8Gb or RAM. I know... they're waaay over-sized and they pretty much snooze all day.
This is the sole entry point for all SAP users and we sized them to accommodate the "worst case" of about 5000 (potential) named users, concurrently. Realistically, we've only ever had about 1500 unique users hitting the systems in a day (following an upgrade go-live, everybody is curious and wants to log on) and a typical load of about 500 to 750 users in a day.
Never had a real performance problem to speak of. As long as the proxies are tuned properly (ssl cache, sessions, etc.), you should be fine.
Setting header variables and some other "custom stuff" is handled in Perl (need Apache's mod_perl active). We've got a script that's called by all users before being passed to the Portal.
We used IISProxy.dll with an IIS web server a long time ago (5 years maybe?) but opted to can it in favor of the approach described above.
If you ask SAP, they'll recommend you use a WebDispatcher... and that's certainly an option as well.
-Kevin -
Problems using JAAS with EJB 3.0 on JBoss 4.0.4-GA
Hello all,
I am trying to build a very simple JavaEE application with JAAS, but I getting mad.
I have an EAR packed with a WAR module an EJB JAR module and a JAR with other classes. Struts is the MVC framework and EJB 3.0 is been used.
First of all, I configured the "login-config.xml" file within /conf directory in JBoss, like this:
<application-policy name="exemplo1">
<authentication>
<login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="required">
<module-option name="dsJndiName">java:jdbc/Infra_Seguranca</module-option>
<module-option name="principalsQuery">SELECT COD_USUARIO AS Password FROM USUARIO WHERE COD_USUARIO=?</module-option>
<module-option name="rolesQuery">SELECT NOME_ROLE AS Roles, 'Roles' AS RoleGroups FROM ROLE_USUARIO WHERE COD_USUARIO=?</module-option>
</login-module>
</authentication>
</application-policy>Next I configured the "web.xml" file like this:
<security-constraint>
<web-resource-collection>
<web-resource-name>Restricted</web-resource-name>
<description>Declarative security tests</description>
<url-pattern>*.do</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>xxx</role-name>
</auth-constraint>
<user-data-constraint>
<description>no description</description>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>exemplo1</realm-name>
<form-login-config>
<form-login-page>/login.jsp</form-login-page>
<form-error-page>/loginErro.jsp</form-error-page>
</form-login-config>
</login-config>
<security-role>
<description>Role xxx</description>
<role-name>xxx</role-name>
</security-role>Notice that I am using the "xxx" role to protect the "*.do" URL pattern.
The "jboss-web.xml" is like this:
<?xml version="1.0"?>
<jboss-web>
<security-domain>java:/jaas/exemplo1</security-domain>
</jboss-web>As it is, it works perfectly, which means, every time I try to access a "*.do" URL it verifies whether I am authenticated and have authroization or not. If not, the login page shows up.
Now I wanna to be able to also protect my EJBs.
My Stateless Session Bean is implemented as follow:
@RolesAllowed("yyy")
@Stateless(name="UserManagement")
public class UserManagementBean implements UserManagement {
public void add(User user) {
}When I run all this, the container simply igoners the @RolesAllowed("yyy") annotation and allow the EJB execution.
If I add the "jboss.xml" file, like this:
<?xml version="1.0"?>
<jboss>
<security-domain>java:/jaas/exemplo1</security-domain>
</jboss>I start getting this stack trace:
ERROR [UsersRolesLoginModule] Failed to load users/passwords/role files
java.io.IOException: No properties file: users.properties or defaults: defaultUsers.properties found
at org.jboss.security.auth.spi.Util.loadProperties(Util.java:313)
at org.jboss.security.auth.spi.UsersRolesLoginModule.loadUsers(UsersRolesLoginModule.java:186)
at org.jboss.security.auth.spi.UsersRolesLoginModule.createUsers(UsersRolesLoginModule.java:200)
at org.jboss.security.auth.spi.UsersRolesLoginModule.initialize(UsersRolesLoginModule.java:127)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
... Am I missing something? What do I have to do to get JAAS working fine with my EJBs? Do I have to also configure and/or provide "ejb-jar.xml" ???
Thanks
DanielUsing @SecurityDomain("exemplo1") in my EJB and NOT providing jboss.xml, it works.
@SecurityDomain("exemplo1")
@RolesAllowed("yyy")
@Stateless(name="UserManagement")
public class UserManagementBean implements UserManagement {
public void add(User user) {
}Damn! This is some serious shit... I don�t want to configure this in every single EJB.
EJB 3.0 is nice, but some small trivial details like this and others, that was forgotten by Sun, piss me off! -
Hi ,
Earlier , We were connecting our application as partner applications in portal for SSO authentication. We used SSO sdk for diverting requests to SSO. I was reading some literature and it seems oracle is supporting connecting to SSO from JAAS provider. Can i get a documentation for 10G JAAS (With details on how to connect to SSO).
questions
1. Is JAAS just replacement of SSO sdk and we still need to define partner applications?
2.Do I need to configure mod_osso ? and then JAAS will give user details . (I don't need to define partner application.)
thanks
SimarI do believe there is a logout URL that you need to set. When the user logs out of the application, they also need to be redirected to the logout URL. This is covered in the Oracle Application Server Single Sign-On Application Developer's Guide
From the doc:
Security Issues: Single Sign-Off and Application Logout
If you build custom applications using OracleAS release 9.0.4, note the following: when global logout, or single sign-off, is invoked, only the single sign-on and mod_osso cookies are cleared. This means that an OracleAS application must be coded to store single sign-on user and realm names in either the OC4J session or in the application session. The application must then compare these values to those passed by mod_osso. If a match occurs, the application must show personalized content. If no match occurs, which means that the mod_osso cookie is absent, the application must clear the application session and force the user to log in.
They also have a code example:
Application Logout: Recommended Code
Most applications that authenticate users have a logout link. In a single-sign-on-enabled application, the user invokes the dynamic directive for logout in addition to other code in the logout handler of the application. Invoking the logout directive initiates single sign-off, or global logout. The example that follows shows what single sign-off code should look like in Java.
// Clear application session, if any
String l_return_url := return url to your application e.g. home page
response.setHeader( "Osso-Return-Url", l_return_url);
response.sendError( 470, "Oracle SSO" ); -
How to Set Up SSO Between IBM WebSphere and SAP EP Using JAAS
Hi
I have read the article on SDN called "How to Set Up SSO Between IBM WebSphere and SAP EP Using JAAS", which is also the name of my posting.
The reason why I post this is that I've tried to follow the links in the PDF to get the file WebsphereEpSsoLib.zip but I get an error 403, which tells me that the file is not there.
Does anybody know where this file went or can somebody tell me an alternative place to get this file?
JacobPlease open the associated whitepaper, and you can find the download link to the .ZIP file on page 4.
https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/com.sap.km.cm.docs/library/ibm/how to set up single sign-on between an ibm websphere portal and the sap enterprise portal using jaas.pdf
Hope that works!
Elise -
WLS6.0sp1 and HP-UX 11.00
I have completed a successful install of WLS6.0sp1 on an HP-UX 11.00
machine. I am attempting to start the default server and am getting the
output below (after system and model info). There is no mention of any
required changes to kernel parameters in the install and I cannot locate any
related information on the BEA site.
Has anyone encountered this before?
jfboyle:/home/jfboyle/bea/wlserver6.0sp1/config/mydomain > uname -a
HP-UX uranium B.11.00 U 9000/800 637309363 unlimited-user license
jfboyle:/home/jfboyle/bea/wlserver6.0sp1/config/mydomain > model
9000/800/N4000-36
jfboyle:/home/jfboyle/bea/wlserver6.0sp1/config/mydomain > startWebLogic.sh
SHLIB_PATH=/opt/sybase/lib:/opt/visibroker_c++/lib:/home/jfboyle/bea/wlserve
r6.0sp1/lib/hpux11
SIGSEGV 11* segmentation violation
Full thread dump Classic VM (jinteg:11/28/00-13:54, native threads):
"JIT Compiler" (TID:0x640004d0, sys_thread_t:0x40080bd0, state:CW,
native ID:0x6) prio=5
"Finalizer" (TID:0x64000510, sys_thread_t:0x4007f2d8, state:CW, native
ID:0x5) prio=8
at java.lang.Object.wait(Native Method)
at java.lang.ref.ReferenceQueue.remove(Unknown Source)
at java.lang.ref.ReferenceQueue.remove(Unknown Source)
at
java.lang.ref.Finalizer$FinalizerWorker$FinalizerThread.run(Finalizer.java:1
20)
"Reference Handler" (TID:0x640002f8, sys_thread_t:0x4007a620, state:CW,
native ID:0x4) prio=10
at java.lang.Object.wait(Native Method)
at java.lang.Object.wait(Unknown Source)
at java.lang.ref.Reference$ReferenceHandler.run(Unknown Source)
"Signal dispatcher" (TID:0x64000328, sys_thread_t:0x40078638, state:CW,
native ID:0x3) prio=5
"main" (TID:0x640001a8, sys_thread_t:0x40005050, state:R, native ID:0x1)
prio=5
at java.util.Hashtable.put(Unknown Source)
at java.lang.System.initProperties(Native Method)
at java.lang.System.initializeSystemClass(Unknown Source)
Monitor Cache Dump:
java.lang.ref.ReferenceQueue$Lock@64000520/64CD0318: <unowned>
Waiting to be notified:
"Finalizer" (0x4007f2d8)
java.lang.ref.Reference$Lock@64000308/64CCFCD8: <unowned>
Waiting to be notified:
"Reference Handler" (0x4007a620)
java.util.Properties@640006E8/64CD0BA0: owner "main" (0x40005050) 1
entry
Registered Monitor Dump:
JIT thread lock: <unowned>
Waiting to be notified:
"JIT Compiler" (0x40080bd0)
utf8 hash table: <unowned>
JNI pinning lock 31: <unowned>
JNI pinning lock 30: <unowned>
JNI pinning lock 29: <unowned>
JNI pinning lock 28: <unowned>
JNI pinning lock 27: <unowned>
JNI pinning lock 26: <unowned>
JNI pinning lock 25: <unowned>
JNI pinning lock 24: <unowned>
JNI pinning lock 23: <unowned>
JNI pinning lock 22: <unowned>
JNI pinning lock 21: <unowned>
JNI pinning lock 20: <unowned>
JNI pinning lock 19: <unowned>
JNI pinning lock 18: <unowned>
JNI pinning lock 17: <unowned>
JNI pinning lock 16: <unowned>
JNI pinning lock 15: <unowned>
JNI pinning lock 14: <unowned>
JNI pinning lock 13: <unowned>
JNI pinning lock 12: <unowned>
JNI pinning lock 11: <unowned>
JNI pinning lock 10: <unowned>
JNI pinning lock 9: <unowned>
JNI pinning lock 8: <unowned>
JNI pinning lock 7: <unowned>
JNI pinning lock 6: <unowned>
JNI pinning lock 5: <unowned>
JNI pinning lock 4: <unowned>
JNI pinning lock 3: <unowned>
JNI pinning lock 2: <unowned>
JNI pinning lock 1: <unowned>
JNI pinning lock 0: <unowned>
JNI global reference lock: <unowned>
BinClass lock: <unowned>
Class linking lock: <unowned>
System class loader lock: <unowned>
Code rewrite lock: <unowned>
Heap lock: <unowned>
Monitor cache lock: owner "main" (0x40005050) 1 entry
Thread queue lock: owner "main" (0x40005050) 1 entry
Monitor registry: owner "main" (0x40005050) 1 entry
startWebLogic.sh[138]: 3462 Abort(coredump)Thanks a lot Wayne !
I tried with "./server.....bin -mode=console". I am facing the same problem.
Although weblogic installation completes, it still just hangs at "Copying JDK....".
Giving the output below for your reference.
Choose Product Directory:
->1| Yes, use this product directory [home1/utils/bea/weblogic700]
2| No, select another product directory
Enter index number to select OR [Exit][Previous][Next]>
<------------- WebLogic Platform Installer - WebLogic Platform 7.0.1.0 ---------
---->
Copying files..
0% 25% 50% 75% 100%
[------------|------------|------------|------------]
Copying JDK....
I am also attaching the top output with this message.
Thanks,
Soundar
"Wayne W. Scott" <[email protected]> wrote:
When all else fails, read the manual! The method changed from 6.1 to
7.0.
http://edocs.bea.com/platform/docs70/install/index.html
http://edocs.bea.com/platform/docs70/install/index.html
../filename.bin -mode=console
/wws
Soundar wrote:
Hi,
I am trying to install Weblogic 7.01 evaluation copy on HP-UX 11.00.After exporting
DISPLAY variable to my workstation, when I run "./server701_hpux.bin",the extraction
of the files is successful, followed by some warning messages regardingthe fonts
and then the BEA Weblogic startup screen comes up. But it hangs thereforever.
I am attaching the output. If I run "./server..." in text mode i.e.without
exporting DISPLAY variable, although the installation of Weblogic softwareis
successful, but it hangs at "Copying JDK..." i.e. hangs at JDK installation.
I already have JDK installation on my HP-UX system (1.3.1_02).
If someone knows how to solve this problem, please let me know. Also,as I already
have JDK installation on my system, is it possible to disable JDK installation
in weblogic installation.
Thanks in Advance.
Soundar
[weblogic_top.txt] -
Plans to change JAAS/GSS for Windows XP SP2 and beyond
Are there any plans to reimplement JAAS GSS on the windows platform to account for this issue:
Cause 2: This exception is thrown when using native ticket cache on some Windows platforms. Microsoft has added a new feature in which they no longer export the session keys for Ticket-Granting Tickets (TGTs). As a result, the native TGT obtained on Windows has an "empty" session key and null EType. The effected platforms include: Windows Server 2003, Windows 2000 Server Service Pack 4 (SP4) and Windows XP SP2.
Solution 2: You need to update the Windows registry to disable this new feature. The registry key allowtgtsessionkey should be added--and set correctly--to allow session keys to be sent in the Kerberos Ticket-Granting Ticket.
Thanks!
-BobThis is an old thread, but one of my clients has run into the same problem. Hopefully someone is still monitoring....
The answer is that the implementation should not be trying to do anything directly with keys. Delegation works just fine if it has been configured correctly in AD. Simply impersonate the context on the server side and then call the appropriate API to get a new service ticket and it will use the forwarded TGT. Credential delegation solved.
MS was correct to "fix" the session key interface since it allowed user code to attain a "password equivalent". The JAAS implementation should be fixed to use the Windows authentication interfaces correctly.
Thanks,
Dave
Feel free to contact me offline for more information or pointers at [email protected] (remove the no-spams). -
JAAS and Active Directory Problem
I am attempting to use the JAAS Tutorial code to authenticate against a Windows 2000 domain controller. The code as is works against a domain controller that I set up, but when I attempt to authenticate against a client's domain, I receive an exception:
Authentication failed:
Pre-authentication information was invalid (24)
javax.security.auth.login.LoginException: Pre-authentication information was invalid (24)
The troubleshooting documentation indicates that this could mean 3 things:
1. the password is incorrect - since I am logging in with my account, I am certain the password is correct.
2. you are using the keytab to obtain the key and the key may have changed since obtaining the keytab - I am not using the useKeyTab option in my configuration of the Krb5oginModule and the option defaults to false.
3. clock skew. I am sure that there is no time difference between my computer and the server.
That said, does anyone know of any other reason that authentication will fail?I am using....
AppConfigurationEntry entry = new AppConfigurationEntry(
"com.sun.security.auth.module.Krb5LoginModule",
AppConfigurationEntry.LoginModuleControlFlag.REQUIRED,
options);
and I get the same thing. Running Win2K Pro. Trying to use GSS-API to do Kerberos authentication.
Jay -
HOW DO I REMOVE AN APPLICATION IN WLS6?
Hi everybody,
I compiled an ejb into a jar file and ADDED it to the list of already
added applications through the WLS6 console (I have WLS6 installed on my Windows
2000 machine).
In the WLS6 console I clicked Deployments->EJB->Install a new EJB->Upload
(to add a new ejb jar file).
Now I wish to REMOVE (uninstall) this ejb from the list of added
(installed) EJBs.
I tried to delete the jar file from the WebLogic folder where this
jar file was stored, but when I restarted WLS6 it displayed a panic that it was
unable to find the EJB component. So I had to undelete the jar file from the Recycle
Bin to the same WebLogic folder.
What I conclude is that although the ejb component got removed it
did not get UNINSTALLED .i.e some references to the jar file stayed on somewhere.
How do I remove and UNINSTALL my ejb?
Thanks in advance. As usual I am posting this everywhere to get attention.
As usual sorry for the multiple postings.
snodxHello,
To remove it for good, you have to make sure you remove the .jar/.war/.ear
from the applications directory, and then modify the config.xml file.
To modify the config.xml file, make sure the admin server is not running,
and remove the <application> section that refers to the .jar/.war/.ear file
you no longer want to show up. When you restart the server, that
application will no longer show up in the console.
Of course, I must warn about modifying the config.xml file by hand. It's
not a recommended practice, but in this case, it's the only way to
accomplish this.
Regards,
dennis
"snodx" <[email protected]> wrote in message
news:3b5be01d$[email protected]..
>
Hi everybody,
I compiled an ejb into a jar file and ADDED it to the list ofalready
added applications through the WLS6 console (I have WLS6 installed on myWindows
2000 machine).
In the WLS6 console I clicked Deployments->EJB->Install a newEJB->Upload
(to add a new ejb jar file).
Now I wish to REMOVE (uninstall) this ejb from the list ofadded
(installed) EJBs.
I tried to delete the jar file from the WebLogic folder wherethis
jar file was stored, but when I restarted WLS6 it displayed a panic thatit was
unable to find the EJB component. So I had to undelete the jar file fromthe Recycle
Bin to the same WebLogic folder.
What I conclude is that although the ejb component gotremoved it
did not get UNINSTALLED .i.e some references to the jar file stayed onsomewhere.
>
How do I remove and UNINSTALL my ejb?
Thanks in advance. As usual I am posting this everywhere toget attention.
As usual sorry for the multiple postings.
snodx -
HOW DO I REMOVE APPLICATIONS FROM WLS6 CONSOLE?
Hi everybody,
I compiled an ejb into a jar file and ADDED it to the list of already
added applications through the WLS6 console (I have WLS6 installed on my Windows
2000 machine).
In the WLS6 console I clicked Deployments->EJB->Install a new EJB->Upload
(to add a new ejb jar file).
Now I wish to REMOVE (uninstall) this ejb from the list of added
(installed) EJBs.
I tried to delete the jar file from the WebLogic folder where this
jar file was stored, but when I restarted WLS6 it displayed a panic that it was
unable to find the EJB component. So I had to undelete the jar file from the Recycle
Bin to the same WebLogic folder.
What I conclude is that although the ejb component got removed it
did not get UNINSTALLED .i.e some references to the jar file stayed on somewhere.
How do I remove and UNINSTALL my ejb?
Thanks in advance. As usual I am posting this everywhere to get attention.
As usual sorry for the multiple postings.
snodxManual method:
Stop the server. Back up anything important.
There is a config.xml file that has an entry that points to your JAR. Delete
this entry.
There is your JAR file. Delete this JAR.
There is data from/about your JAR in "do not delete" directory. Delete the
directory that says "do not delete".
Peace,
Cameron Purdy
Tangosol Inc.
<< Tangosol Server: How Weblogic applications are customized >>
<< Download now from http://www.tangosol.com/download.jsp >>
"snodx" <[email protected]> wrote in message
news:3b5bdc84$[email protected]..
>
Hi everybody,
I compiled an ejb into a jar file and ADDED it to the list ofalready
added applications through the WLS6 console (I have WLS6 installed on myWindows
2000 machine).
In the WLS6 console I clicked Deployments->EJB->Install a newEJB->Upload
(to add a new ejb jar file).
Now I wish to REMOVE (uninstall) this ejb from the list ofadded
(installed) EJBs.
I tried to delete the jar file from the WebLogic folder wherethis
jar file was stored, but when I restarted WLS6 it displayed a panic thatit was
unable to find the EJB component. So I had to undelete the jar file fromthe Recycle
Bin to the same WebLogic folder.
What I conclude is that although the ejb component gotremoved it
did not get UNINSTALLED .i.e some references to the jar file stayed onsomewhere.
>
How do I remove and UNINSTALL my ejb?
Thanks in advance. As usual I am posting this everywhere toget attention.
As usual sorry for the multiple postings.
snodx -
How user OID (or other ldap) users with JAAS in my JEE application?
Hy people,
I'm developing a JEE application and for secuity I'm using JAAS, but I would like use users from my OID to authenticate. Is it possible? Can someone help me?
Thanks!!!
Regards,Hi, me again.
It's possible. Just need configure the realm in Weblogic, configure your JAAS security in application. The realm name must be the same in application and WL.
Just this.
Thks! -
How to get both JDNI context and JAAS Subject with EJB
I looked at the JAAS docs and sample, but I'm still confused about
something. There is a sample of JAAS in a regular, non-EJB scenario. The
client initializes the LoginContext, calls login(), then retrieves the
Subject (and possibly later does something with Subject.doAs()). However, in
the typical EJB scenario, the client initializes the JNDI context, then does
the lookup on the bean name (which implicitly does the authentication to the
container). How do they work together, thought? I.e., what does the client
code look like if JAAS authentication is to be used from an EJB client?
Thank you!In your login module you have to authenticate the user to the Weblogic Server as
well . For simplicity, Weblogic comes with a class weblogic.security.auth.Authenticate
to login a subject with Weblogic Server.
Once logged in, any thread that is invoked within the context of a Subject.doAs
call gets that subject associated with it.
Hope that helps
"Allan" <dfusdfsdfsd> wrote:
I looked at the JAAS docs and sample, but I'm still confused about
something. There is a sample of JAAS in a regular, non-EJB scenario.
The
client initializes the LoginContext, calls login(), then retrieves the
Subject (and possibly later does something with Subject.doAs()). However,
in
the typical EJB scenario, the client initializes the JNDI context, then
does
the lookup on the bean name (which implicitly does the authentication
to the
container). How do they work together, thought? I.e., what does the client
code look like if JAAS authentication is to be used from an EJB client?
Thank you!
Maybe you are looking for
-
Hi experts, The situation is that we have a outbound IDoc which gets transformed using XSLT mapping and is the sent out as an attachment. Interface Mapping looks like this: Idoc --> XSLT Mapping1 XSLT Mapping2 --> Mail (attachment) Now,
-
when i use word for mac if i have a picture in my document,word runs really slow? it never used to do this.
-
Error Message (103.103)
Hi, I have Windows 7 OS running on my computer and installed Adobe Reader XI recently. I have been getting error messages that read Adobe PDF Document There is a problem with Adobe/Acrobat Reader. If it is running, please exit and try again (103.1
-
How to make a finished sequence look antique in color.
I made a western video and want to make the color of the sequence look antique. I tried the color corrector but I need more brownish color. Help? Thanks in advance.
-
I just down/up loaded the new IOS and have been have major PROBLEMS
So I just downloaded IOS-the new one last night. And loved the new layout instantly. One thing that Wont work and has been really bugging me-is the fact that this new update *****! See when I downloaded some more purchased songs that I had had to del