JAAS Login Module development/deployment - getting en error
Guys,
I have developed a JAAS Login Module (as per the SAP documentation) and configured the J2EE Engine (as per the SAP documentation) for this module to sit amongst several other standard modules, but I have a problem. I am unable to get the Module working on one portal instance and I am getting an error in the default.trc file when the server restarts after SDM deployment.
The error is: "cannot load login module class....... java.lang.ClassNotFoundException........"
The whole thing works on another instance of EP6 SP16,17 and 18..... however it does not work on this one completely separate instance (there probably are configuration difference between these instances!)
Im not quite sure, given this set of circumstances, what could be causing the Login Module not to load. Which part of the configuration of the J2EE engine should I look in, something perhaps overlooked in the documentation?
Thanks
Adrian
With some help I have now solved this.
In the properties tab of Security Provider, the reference to your login module in the classloader needs to be prefixed with library:~<provider>. For the default SAP example the provider in com.sap...... or whatever you have changed it to.
Similar Messages
-
Problems deploying custom JAAS login module (ClassNotFound)
Hi,
I've developed a custom made JAAS login module that filters on IP addresse which I am moving from 6.20 to 6.40.
I've pretty much followed the procedures from http://help.sap.com/saphelp_nw04/helpdata/de/46/3ce9402f3f8031e10000000a1550b0/content.htm , the only major difference is that I needed a reference to WebCallback and therefore a reference to com.sap.security.api.sda from my library project.
I've especially followed the step with "Adding a Reference to the Classloader of the Security Provider" (http://help.sap.com/saphelp_nw04/helpdata/de/2b/23e4407211732ae10000000a155106/content.htm) , but I think its this step that fails. This has been set to library:<library name> , where <library name> is what is written on the right hand side of visual admin under library. I see that the library is deployed under the folder bin\ext\customer.com~com.customer.portal.login.IPRuleLibrary , so maybe I will try that name tomorrow morning.
The exceptions I get are
#1.5#001321B3B106005C0000000800002E380004039375E59BA6#1129831779936#com.sap.engine.services.security#sap.com/irj#com.sap.engine.services.security#Guest#1####ae7c5500419411daa7fd001321b3b106#SAPEngine_Application_Thread[impl:3]_17##0#0#Error#1#/System/Audit#Java###Exception #1#com.sap.engine.services.security.exceptions.BaseSecurityException: Cannot load a login module.
at com.sap.engine.services.security.login.LoginContextFactory.init(LoginContextFactory.java:95)
at com.sap.engine.services.security.login.LoginContextFactory.getLoginContext(LoginContextFactory.java:133)
at com.sap.engine.services.security.server.AuthenticationContextImpl.getLoginContext(AuthenticationContextImpl.java:227)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:324)
at com.sap.engine.system.SystemLoginModule.initialize(SystemLoginModule.java:72)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:324)
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:662)
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:129)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:610)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.login.LoginContext.invokeModule(LoginContext.java:607)
at javax.security.auth.login.LoginContext.login(LoginContext.java:534)
at com.sap.security.core.logon.imp.SAPJ2EEAuthenticator.getLoggedInUser(SAPJ2EEAuthenticator.java:86)
at com.sapportals.portal.prt.service.authenticationservice.AuthenticationService.getLoggedInUser(AuthenticationService.java:305)
at com.sapportals.portal.prt.connection.UMHandler.handleUM(UMHandler.java:96)
at com.sapportals.portal.prt.connection.ServletConnection.handleRequest(ServletConnection.java:186)
at com.sapportals.portal.prt.dispatcher.Dispatcher$doService.run(Dispatcher.java:522)
at java.security.AccessController.doPrivileged(Native Method)
at com.sapportals.portal.prt.dispatcher.Dispatcher.service(Dispatcher.java:405)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at com.sap.engine.services.servlets_jsp.server.servlet.InvokerServlet.service(InvokerServlet.java:156)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.doWork(RequestDispatcherImpl.java:295)
at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.forward(RequestDispatcherImpl.java:351)
at com.sap.portal.navigation.Gateway.service(Gateway.java:68)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:390)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:264)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:347)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:325)
at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:887)
at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:241)
at com.sap.engine.services.httpserver.server.Client.handle(Client.java:92)
at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:148)
at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
at java.security.AccessController.doPrivileged(Native Method)
at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:95)
at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:159)
Caused by: java.lang.ClassNotFoundException: com.customer.portal.login.IPRuleLoginModule
Found in negative cache
- Loader Info -
ClassLoader name: [common:library:com.sap.security.api.sda;library:com.sap.security.core.sda;library:security.class;library:webservices_lib;service:adminadapter;service:basicadmin;service:com.sap.security.core.ume.service;service:configuration;service:connector;service:dbpool;service:deploy;service:jmx;service:jmx_notification;service:keystore;service:security;service:userstore]
Parent loader name: [Frame ClassLoader]
References:
library:com.sap.ip.basecomps
library:core_lib
common:library:IAIKSecurity;library:activation;library:mail;library:tcsecssl
library:servlet
library:sapxmltoolkit
library:com.sap.mw.jco
library:com.sap.util.monitor.jarm
library:j2eeca
library:opensql
interface:security
interface:log
interface:shell
interface:keystore_api
library:ejb20
interface:webservices
library:com.sap.guid
interface:appcontext
interface:endpoint_api
interface:resourceset_api
interface:resourcecontext_api
common:service:iiop;service:naming;service:p4;service:ts
interface:ejbcomponent
interface:container
interface:visual_administration
interface:transactionext
interface:dsr_ejbcontext_api
service:timeout
library:tc~jmx
library:tcSLUTIL
service:memory
library:antlr
library:jdbdictionary
library:opensqlextensions
interface:cross
service:locking
service:file
Resources:
C:
usr
sap
EQ2
J13
j2ee
cluster
server1
bin
ext
security.class
tc_sec_saml_toolkit_api.jar
C:
usr
sap
EQ2
J13
j2ee
cluster
server1
bin
services
adminadapter
adminadapter.jar
C:
usr
sap
EQ2
J13
j2ee
cluster
server1
bin
services
com.sap.security.core.ume.service
com.sap.security.core.ume.service.jar
C:
usr
sap
EQ2
J13
j2ee
cluster
server1
bin
ext
webservices_lib
jaxrpc-api.jar
C:
usr
sap
EQ2
J13
j2ee
cluster
server1
bin
ext
com.sap.security.api.sda
com.sap.security.api.jar
C:
usr
sap
EQ2
J13
j2ee
cluster
server1
bin
services
dbpool
opensqllib.jar
C:
usr
sap
EQ2
J13
j2ee
cluster
server1
bin
services
jmx
jmx_sec.jar
C:
usr
sap
EQ2
J13
j2ee
cluster
server1
bin
ext
webservices_lib
jaxm-api.jar
C:
usr
sap
EQ2
J13
j2ee
cluster
server1
bin
services
keystore
keystore.jar
C:
usr
sap
EQ2
J13
j2ee
cluster
server1
bin
services
security
security.jar
C:
usr
sap
EQ2
J13
j2ee
cluster
server1
bin
services
basicadmin
jstartupapi.jar
C:
usr
sap
EQ2
J13
j2ee
cluster
server1
bin
ext
security.class
tc_sec_saml_jaas.jar
C:
usr
sap
EQ2
J13
j2ee
cluster
server1
bin
services
connector
connectorimpl.jar
C:
usr
sap
EQ2
J13
j2ee
cluster
server1
bin
ext
webservices_lib
webservices_lib.jar
C:
usr
sap
EQ2
J13
j2ee
cluster
server1
bin
ext
security.class
tc_sec_jaas.jar
C:
usr
sap
EQ2
J13
j2ee
cluster
server1
bin
ext
security.class
tc_sec_saml_service_api.jar
C:
usr
sap
EQ2
J13
j2ee
cluster
server1
bin
ext
security.class
tc_sec_userstore_lib.jar
C:
usr
sap
EQ2
J13
j2ee
cluster
server1
bin
ext
webservices_lib
saaj-api.jar
C:
usr
sap
EQ2
J13
j2ee
cluster
server1
bin
ext
com.sap.security.core.sda
com.sap.security.core.jar
C:
usr
sap
EQ2
J13
j2ee
cluster
server1
bin
ext
com.sap.security.core.sda
com.sap.security.core.tpd.jar
C:
usr
sap
EQ2
J13
j2ee
cluster
server1
bin
ext
security.class
tc_sec_csi.jar
C:
usr
sap
EQ2
J13
j2ee
cluster
server1
bin
ext
security.class
tc_sec_ssf.jar
C:
usr
sap
EQ2
J13
j2ee
cluster
server1
bin
services
userstore
userstore.jar
C:
usr
sap
EQ2
J13
j2ee
cluster
server1
bin
services
dbpool
sqljimpl.jar
C:
usr
sap
EQ2
J13
j2ee
cluster
server1
bin
ext
security.class
tc_sec_saml_xmlbind.jar
C:
usr
sap
EQ2
J13
j2ee
cluster
server1
bin
ext
security.class
tc_sec_saml_util.jar
C:
usr
sap
EQ2
J13
j2ee
cluster
server1
bin
services
dbpool
dbpool.jar
C:
usr
sap
EQ2
J13
j2ee
cluster
server1
bin
services
deploy
deploy.jar
C:
usr
sap
EQ2
J13
j2ee
cluster
server1
bin
ext
security.class
tc_sec_saml_toolkit_core.jar
C:
usr
sap
EQ2
J13
j2ee
cluster
server1
bin
services
jmx
jmx.jar
C:
usr
sap
EQ2
J13
j2ee
cluster
server1
bin
ext
security.class
tc_sec_compat.jar
C:
usr
sap
EQ2
J13
j2ee
cluster
server1
bin
services
jmx_notification
jmx_notification.jar
C:
usr
sap
EQ2
J13
j2ee
cluster
server1
bin
services
configuration
configuration.jar
C:
usr
sap
EQ2
J13
j2ee
cluster
server1
bin
services
basicadmin
jstartupimpl.jar
C:
usr
sap
EQ2
J13
j2ee
cluster
server1
bin
ext
security.class
tc_sec_https.jar
C:
usr
sap
EQ2
J13
j2ee
cluster
server1
bin
services
basicadmin
basicadmin.jar
C:
usr
sap
EQ2
J13
j2ee
cluster
server1
bin
ext
security.class
tc_sec_jaas_test.jar
C:
usr
sap
EQ2
J13
j2ee
cluster
server1
bin
ext
com.sap.security.api.sda
com.sap.security.api.perm.jar
Loading model: {parent,local,references}
at com.sap.engine.frame.core.load.ReferencedLoader.loadClass(ReferencedLoader.java:348)
at com.sap.engine.services.security.Util.loadClass(Util.java:262)
at com.sap.engine.services.security.Util.loadClassFromAdditionalLoaders(Util.java:204)
at com.sap.engine.services.security.login.LoginContextFactory.init(LoginContextFactory.java:92)
... 45 more
#1.5#001321B3B106005C0000000900002E380004039375E5A109#1129831779936#com.sap.engine.services.security#sap.com/irj#com.sap.engine.services.security#Guest#1####ae7c5500419411daa7fd001321b3b106#SAPEngine_Application_Thread[impl:3]_17##0#0#Error##Java###Cannot load login module class .#1#com.customer.portal.login.IPRuleLoginModule#Hi,
The problem was solved by using the name customer.com~com.customer.portal.login.IPRuleLibrary for the library (so basically look at the name of your library folder under cluster\j2ee\serverx\bin\ext , not the name reported by visual admin).
Also I was able to modify the properties of the login module runtime, which made me very happy
Dagfinn -
Urgent: JAAS Login Module Deployment Problem
Hi,
I have developed a JAAS Login module for the portal (EP6 SP9 sneak preview) and i am getting the following error:
GroupAssignmentLoginModuleLibrary does not exist in LoadContextWrapper.modifyName.
com.sap.engine.services.security.exceptions.BaseSecurityException: Can not load a login Module
The next line is a ClassNotFoundException for the Login Module and the class found in negative cache.
Please let me know if you know the solution to this problem.
It is an urgent issue and a solution will be suitably rewarded.
Regards,
VibhuHi Diego,
Scenario 1: SAP EP to SAP Backend Integration
In this scenario the most commonly used strategy
is SAP logon tickets. As far as I know this is the
best and simple way to implement SSO.
Scenario 2: SAP EP to Non SAP systems.
In this scenario various mechanisms can be used.
It depends on the application you are integrating
with. SAP does deliver SSO soultions with Lotus
Notes and Outlook etc. If supported probably it is
simple to use the SAP solution [Reliability and
Support].
Scenario 3: Enterprise Uses third party authetication
Software.
For the authntication if the company chooses to use
some third party product like SiteMinder etc, then
you can simply use this solution for SAP EP authe-
tication, and also all your other enterprise
applications based on the product support. But SAP
EP to other SAP systems be best integrated with SAP
logon tickets.
Scenario 4: SSO using homegrown authetication or some
third party JAAS module.
If you have significant applications that are home
grown that uses some custom authentication mecha-
nism (Example: Authentication based on ID and
Password stored in company database ) you can write
a JAAS module extention to authenticate using that
database. In other words JAAS is flexible and
for using external authentication mechanisms.
There are several mechanisms available that all depends
on your internal applications/security mechanism/integration etc.
Here is the link to one of the good articles on SDN about the SAP supported SSO mechanisms.
https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/com.sap.km.cm.docs/library/uuid/58094632-0301-0010-a391-fc0de26f010e
Hope this information is useful.
-Venkat Malempati -
How to deploy and configure custom JAAS login module
Dear Experts,
I have created a custom jaas login module, In my .jar I am having
1. MyLoginModule.class
2. Handler.class
3. MyPrincipal.class
I want to know how to deploy the custom jaas module to oc4j. And make available to all
other application to use the same for authentication & authorization. Please suggest me.
Thanks,
Rajesh AThis article does not mention that you can put the <jazn-loginconfig> tag into the orion-application.xml as well.
Much easier to deploy and test.
--olaf -
JDEV deployment of web app with custom JAAS login module fails
For the first time, I am trying to implement a custom JAAS login module.
JDEV deployment to standalone OC4J only fails when my orion-application.xml is included. The deployment fails with a java.lang.InstantiationException.
This what I have done:
1) Wrote a custom LoginModule called com.whirlpoool.sjtc.jaas.gpa.LDAPLoginModule.
2) Put it and its dependent classes in a jar named sjtcjaas.jar.
3) Put the jar in $ORACLE_HOME\j2ee\home\lib
4) Changed library_path in $ORACLE_HOME\j2ee\home\config\application.xml to
<library path="../../home/lib/scheduler.jar;../../home/lib/sjtcjaas.jar" />
5) Added an orion-application.xml to the JDEV project. (I used an Oracle How-to as a pattern, see below.)
I think I'm close but no cigar, yet. Any help would be appreciated.
Regards,
Al Malin
=============== orion-application.xml ========================================
<?xml version="1.0"?>
<orion-application xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="http://xmlns.oracle.com/oracleas/schema/orion-application-10_0.xsd" deployment-version="10.1.3.0.0" default-data-source="jdbc/OracleDS" schema-major-version="10" schema-minor-version="0" >
<security-role-mapping name="sr_manager">
<group name="managers" />
</security-role-mapping>
<security-role-mapping name="sr_developer">
<group name="developers" />
</security-role-mapping>
<log>
<file path="application.log" />
</log>
<!-- Configuring a Login Module in an Application EAR file. -->
<jazn-loginconfig>
<application>
<name>customjaas</name>
<login-modules>
<login-module>
<class>com.whirlpoool.sjtc.jaas.gpa.LDAPLoginModule</class>
<control-flag>required</control-flag>
<options>
<option>
<name>debug</name>
<value>true</value>
</option>
</options>
</login-module>
</login-modules>
</application>
</jazn-loginconfig>
</orion-application>Starting OC4J from c:\oc4j\j2ee\home ...
2006-09-07 13:45:28.484 NOTIFICATION JMS Router is initiating ...
06/09/07 13:45:29 Oracle Containers for J2EE 10g (10.1.3.0.0) initialized
2006-09-07 13:45:58.609 NOTIFICATION Application Deployer for aam STARTS.
2006-09-07 13:45:58.640 NOTIFICATION Copy the archive to C:\oc4j\j2ee\home\applications\aam.ear
2006-09-07 13:45:58.656 NOTIFICATION Initialize C:\oc4j\j2ee\home\applications\aam.ear begins...
2006-09-07 13:45:58.656 NOTIFICATION Auto-unpacking C:\oc4j\j2ee\home\applications\aam.ear...
2006-09-07 13:45:58.687 NOTIFICATION Unpacking aam.ear
2006-09-07 13:45:58.687 NOTIFICATION Unjar C:\oc4j\j2ee\home\applications\aam.ear in C:\oc4j\j2ee\home\applications\aam
2006-09-07 13:45:58.750 NOTIFICATION Done unpacking aam.ear
2006-09-07 13:45:58.750 NOTIFICATION Finished auto-unpacking C:\oc4j\j2ee\home\applications\aam.ear
2006-09-07 13:45:58.750 NOTIFICATION Auto-unpacking C:\oc4j\j2ee\home\applications\aam\aam.war...
2006-09-07 13:45:58.750 NOTIFICATION Unpacking aam.war
2006-09-07 13:45:58.765 NOTIFICATION Unjar C:\oc4j\j2ee\home\applications\aam\aam.war in C:\oc4j\j2ee\home\applications\aam\aam
2006-09-07 13:45:58.765 NOTIFICATION Done unpacking aam.war
2006-09-07 13:45:58.765 NOTIFICATION Finished auto-unpacking C:\oc4j\j2ee\home\applications\aam\aam.war
2006-09-07 13:45:58.812 NOTIFICATION Initialize C:\oc4j\j2ee\home\applications\aam.ear ends...
2006-09-07 13:45:58.828 NOTIFICATION Starting application : aam
2006-09-07 13:45:58.828 NOTIFICATION Initializing ClassLoader(s)
2006-09-07 13:45:58.828 NOTIFICATION Initializing EJB container
2006-09-07 13:45:58.828 NOTIFICATION Loading connector(s)
2006-09-07 13:45:58.843 NOTIFICATION application : aam is in failed state
06/09/07 13:45:58 WARNING: Application.setConfig Application: aam is in failed state as initialization failedjava.lang.InstantiationException
Sep 7, 2006 1:45:58 PM com.evermind.server.Application setConfig
WARNING: Application: aam is in failed state as initialization failedjava.lang.InstantiationException
06/09/07 13:45:58 oracle.oc4j.admin.internal.DeployerException: java.lang.InstantiationException
06/09/07 13:45:58 at oracle.oc4j.admin.internal.ApplicationDeployer.addApplication(ApplicationDeployer.java:510)
06/09/07 13:45:58 at oracle.oc4j.admin.internal.ApplicationDeployer.doDeploy(ApplicationDeployer.java:191)
06/09/07 13:45:58 at oracle.oc4j.admin.internal.DeployerBase.execute(DeployerBase.java:93)
06/09/07 13:45:58 at oracle.oc4j.admin.jmx.server.mbeans.deploy.OC4JDeployerRunnable.doRun(OC4JDeployerRunnable.java:52)
06/09/07 13:45:58 at oracle.oc4j.admin.jmx.server.mbeans.deploy.DeployerRunnable.run(DeployerRunnable.java:81)
06/09/07 13:45:58 at EDU.oswego.cs.dl.util.concurrent.PooledExecutor$Worker.run(PooledExecutor.java:814)
06/09/07 13:45:58 at java.lang.Thread.run(Thread.java:595)
06/09/07 13:45:58 Caused by: java.lang.InstantiationException
06/09/07 13:45:58 at com.evermind.server.ApplicationStateRunning.initDataSources(ApplicationStateRunning.java:1424)
06/09/07 13:45:58 at com.evermind.server.ApplicationStateRunning.initializeApplication(ApplicationStateRunning.java:195)
06/09/07 13:45:58 at com.evermind.server.Application.setConfig(Application.java:391)
06/09/07 13:45:58 at com.evermind.server.Application.setConfig(Application.java:308)
06/09/07 13:45:58 at com.evermind.server.ApplicationServer.addApplication(ApplicationServer.java:1771)
06/09/07 13:45:58 at oracle.oc4j.admin.internal.ApplicationDeployer.addApplication(ApplicationDeployer.java:507)
06/09/07 13:45:58 ... 6 more
2006-09-07 13:45:58.890 NOTIFICATION Application Deployer for aam FAILED.
2006-09-07 13:45:58.890 NOTIFICATION Application UnDeployer for aam STARTS.
2006-09-07 13:45:58.906 NOTIFICATION Removing all web binding(s) for application aam from all web site(s)
2006-09-07 13:45:59.015 NOTIFICATION Application UnDeployer for aam COMPLETES.
06/09/07 13:45:59 WARNING: DeployerRunnable.run java.lang.InstantiationExceptionoracle.oc4j.admin.internal.DeployerException: java.lang.InstantiationException
at oracle.oc4j.admin.internal.DeployerBase.execute(DeployerBase.java:126)
at oracle.oc4j.admin.jmx.server.mbeans.deploy.OC4JDeployerRunnable.doRun(OC4JDeployerRunnable.java:52)
at oracle.oc4j.admin.jmx.server.mbeans.deploy.DeployerRunnable.run(DeployerRunnable.java:81)
at EDU.oswego.cs.dl.util.concurrent.PooledExecutor$Worker.run(PooledExecutor.java:814)
at java.lang.Thread.run(Thread.java:595)
Caused by: java.lang.InstantiationException
at com.evermind.server.ApplicationStateRunning.initDataSources(ApplicationStateRunning.java:1424)
at com.evermind.server.ApplicationStateRunning.initializeApplication(ApplicationStateRunning.java:195)
at com.evermind.server.Application.setConfig(Application.java:391)
at com.evermind.server.Application.setConfig(Application.java:308)
at com.evermind.server.ApplicationServer.addApplication(ApplicationServer.java:1771)
at oracle.oc4j.admin.internal.ApplicationDeployer.addApplication(ApplicationDeployer.java:507)
at oracle.oc4j.admin.internal.ApplicationDeployer.doDeploy(ApplicationDeployer.java:191)
at oracle.oc4j.admin.internal.DeployerBase.execute(DeployerBase.java:93)
... 4 more
2006-09-07 13:45:59.031 WARNING java.lang.InstantiationException -
GlassFish, JAAS Login Module - get remote ejb clien IP address
How to get remote ejb client IP in my custom JAAS login module if I use Glassfish?
Edited by: NoName on Sep 23, 2009 4:06 AMHi,
Try configuring wdisp/add_xforwardedfor_header in web dispatcher as described here:
http://help.sap.com/saphelp_nw04/helpdata/en/de/89023c59698908e10000000a11402f/content.htm
And configuring ClientIpHeaderName on the java server as described here:
http://help.sap.com/saphelp_nw04/helpdata/en/52/46f6a089754e3a964a5d932eb9db8b/content.htm
Regards,
Maria -
Create new JAAS login module & have to deploy in OC4J
Dear Experts,
Is it possible to create number of user roles under the group oc4jadmin. Then have to assign task for each user in group. please suggest me.
Thanks,
Rajesh
Edited by: Rajesh A on Mar 12, 2009 10:15 AM
Edited by: Rajesh A on Mar 12, 2009 6:48 PMh5. James,Anirudh
Is it possible to define new JAAS module that would first check with Oracle DB & then check with LDAP directory. Actually my requirement was to authenticate user with the help of backends. Here backend denotes both Oracle DB & LDAP. In the sense when user enters valid id & password it checks for existence in DB & if exist DB returns a new value (role) then have to check new value with LDAP( what are the privileges available for specified role & who is the superior for the same). The details maintaining in LDAP are dynamic so we cant able to move into DB. Every process involving here is automatic in the sense no external server connection should provide for authentication. The custom login module should be deploy in same OC4J container. Always available as service. I want to know about the following
1) How to define costom JAAS login module
2) How to configure coutom JAAS login module over OC4J
3) How to make use of it
Thanks,
Rajesh -
Can I get the resource in a JAAS login module?
G'day,
I am writing a custom JAAS login module for deplyment in Netweaver application server. I'd like to get information about the resource that is protected by that login module (specifically, the URL).
The HttpGetterCallback class does not provide this information. All I can get is the host name and port from the HTTP headers.
Is there any way to get the full URL of the resource within a login module?
-- GeoffG'day,
Note also that I tried using the WebCallback class, which has a getRequest() method that returns a HttpServletRequest.
But this callback seems to be ignored by the callback handler used in Netweaver AS, as the getRequest() method returns null, even though the login module is used to protect a servlet.
[ As an aside, I passed a custom callback to the CallbackHandler supplied by Netweaver AS, and the callbackHandler.handle() method did not throw UnsupportedCallbackException, which seems to be in violation of the JAAS standard ]
So ... HttpGetterCallback does not return resource URL information, and WebCallback is apparently ignored by the callback handler (which should really throw an exception here).
Are there any other ways to get the URL of the resource in a Netweaver AS login module? -
Accessing LDAP in a custom JAAS login module
Hi,
I have developed a custom jaas login module in CE 7.1. I created a java dc which contains a class extending AbstractLoginModule. This DC is deployed on to the server using an EAR DC. I am trying to access LDAP in the custom login module. I am trying to establish an SSL connection to LDAP. For this purpose i have created a custom socket factory class which extends SSLSocketFactory. I used the code below to establish the connection.
Hashtable<String,String> env=new Hashtable<String,String>();
DirContext dirContext=null;
env.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL,ldapURL);
env.put(Context.SECURITY_PROTOCOL,"ssl");
env.put("java.naming.ldap.factory.socket", "com.test.ldap.MySSLSocketFactory");
dirContext=new InitialDirContext(env);
MySSLSocketFactory is the name of custom socket factory.
During a login process, the above code results in error because the connection to LDAP server could not be established. However the same code when executed in a webdynpro DC is working without any problem. What could be the reason for this?
This is the error i could see in defaultTrace
javax.naming.CommunicationException: js24.na.domain.net:636 [Root exception is java.lang.ClassNotFoundException: com.test.ldap.MySSLSocketFactory
Loader Info -
ClassLoader name: [service:security]
Living status: alive
Direct parent loaders:
[system:Frame]
[library:j2eeca]
[service:timeout]
[service:com.sap.security.core.ume.service]
[service:adminadapter]
Resources:
/usr/sap/SV3/J10/j2ee/cluster/bin/services/security/lib/private/sap.comtcjesecurityimpl.jar
at com.sun.jndi.ldap.Connection.<init>(Connection.java:205)
at com.sun.jndi.ldap.LdapClient.<init>(LdapClient.java:118)
at com.sun.jndi.ldap.LdapClient.getInstance(LdapClient.java:1579)
at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2681)
at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:299)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193)
at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136)
at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:66)
at com.sap.engine.system.naming.provider.DefaultInitialContext._getDefaultInitCtxt(DefaultInitialContext.java:64)
at com.sap.engine.system.naming.provider.DefaultInitialContext.<init>(DefaultInitialContext.java:45)
at com.sap.engine.system.naming.provider.DefaultInitialContextFactory.getInitialContext(DefaultInitialContextFactory.java:41)
at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667)
at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:247)
at javax.naming.InitialContext.init(InitialContext.java:223)
at javax.naming.InitialContext.<init>(InitialContext.java:197)
at javax.naming.directory.InitialDirContext.<init>(InitialDirContext.java:82)Hi,
I used an EJB to perform the LDAP search and called the EJB from the login module. It is working as expected.
Regards,
Shabeer -
Custom JAAS Login Module 9.0.4 configuration problems
Hello,
We have created a custom JAAS Login Module on OC4J 9.0.4 and are having some sort of configuration problem
We always get this error:
Caused by: javax.security.auth.login.LoginException: Login Failure: all modules ignored
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:779)
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:129)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:610)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.login.LoginContext.invokeModule(LoginContext.java:607)
at javax.security.auth.login.LoginContext.login(LoginContext.java:535)
The Login Module is configured for a specific deployed application in the global jazn-data.xml and is being run as I have attached a debugger to the app server.
Our authentication process succeeds and we return a "true" from the login() method. No exceptions are thrown from our Login Module.
our ORACLE_HOME/j2ee/home/config/jazn-data.xml has this added
<application>
<name>helloworld</name>
<login-modules>
<login-module>
<class>com.test.JaasLoginModule</class>
<control-flag>required</control-flag>
<options>
</options>
</login-module>
</login-modules>
</application>
The j2ee/home/application-deployments/helloworld/jazn-data.xml looks like this:
<?xml version="1.0" encoding="UTF-8" standalone='yes'?>
<!DOCTYPE jazn-data PUBLIC "JAZN-XML Data" "http://xmlns.oracle.com/ias/dtds/jazn-data.dtd">
<jazn-data />
and we added this into the j2ee/home/application-deployments/helloworld/orion-applicaton.xml
<jazn provider="XML" location="jazn-data.xml" >
<property name="role.mapping.dynamic" value="true"/>
<property name="custom.loginmodule.provider" value="true"/>
<property name="jaas.username.simple" value="true" />
</jazn>
Are we missing anything? Our code runs, it seems like there is something lacking in the configuration on the OC4J side of things.
Anyone know what we are missing?
Thanks....Hi,
if you are on 9.0.4 then <property name="custom.loginmodule.provider" value="true"/> shouldn't work because its a parameter of 10.1.3
Frank -
URGENT: JAAS Login Module in Clustered Environment
Hello all,
I've created out own JAAS Login Module which works perfectly on a single-node environment... i dropped the jar in /server/additional-lib and modified library.txt and authschemes.xml as needed.
Now that we need to deploy it in a clustered node environment, we added the jar file into the additional-lib folders of all the nodes and edited all the library.txt files of all nodes.
UME cant seem to find our jar file anymore and we get the "missing handler" error when we try to login.
Any ideas?
Thanks,
YvesIf you are using SAP J2EE PL21+ there is a separate node called state controller (you have dispatcher, application nodes and state controller nodes). Basically the state controller makes sure all application nodes (server nodes) are synchronized
You can find the dispatcher under cluster\dispatcher, servers under cluster\server and state under cluster\state .
If you are using SAP J2EE PL20 or less this does not apply. -
Hello all, I'm having a problem with authentication. I hava a jaas Login Module that authenticates users against a db. After some work I could configure it and got it working. But, even my Login Module works fine, after validating an user I get the exception:
Caused by: com.sap.engine.services.security.exceptions.BaseLoginException: User not authorized.
at com.sap.engine.services.security.login.FastLoginContext.login(FastLoginContext.java:223)
at com.sap.engine.system.SystemLoginModule.login(SystemLoginModule.java:90)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:324)
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:675)
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:129)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:610)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.login.LoginContext.invokeModule(LoginContext.java:607)
at javax.security.auth.login.LoginContext.login(LoginContext.java:534)
at com.lumina.security.jaasrbac.SecurityFacade.authenticate(SecurityFacade.java:119)
... 51 more
Caused by: com.sap.engine.services.security.exceptions.BaseLoginException: User is locked.
at com.sap.engine.services.security.server.jaas.CheckAction.checkUserLockStatus(CheckAction.java:181)
at com.sap.engine.services.security.server.jaas.CheckAction.run(CheckAction.java:58)
at java.security.AccessController.doPrivileged(Native Method)
at com.sap.engine.services.security.server.jaas.LoginModuleHelperImpl.checkUserLockStatus(LoginModuleHelperImpl.java:116)
at com.sap.engine.services.security.login.FastLoginContext.login(FastLoginContext.java:175)
... 63 more
This happens after my login module is invoked and succeeds authenticating an user.
Is it really necessary to have a copy of the user data in the UME store?
Thanks,
Juan ManuelHi Bhavik,
You have to use the VisualAdministrator tool.
These are the steps I did (or I think I did):
1) I created a library whith Developer Studio which contained the Login Module implementing class and its dependencies.
2) Deployed it to J2EE engine
3) Using Visual Administrator go to security provider (J2E/Server0/services)
4) Click UserManagement tab
5) Click Manage Security Stores button
6) Click Add Login Module button
7) Click Ok in the first dialog that appears
8) Fill the required data in the add Login Module dialog (className of the Login Module implementation,disply name, description and options (if any, iex: debug=true)
9) Click Ok
10)Click policy Configurations tab
11) Click add button (bottom of the component's panel)
12) Enter the name for the new policy configuration (I think it must be the same name you use in your application code when you refer to the login module) and click ok
13) Now, the new configuration appears in the components list. Click on it
14) Click 'add new' button which is at the bottom of the authentication tab (right panel)
15) Select the login module you created in 8) and click ok
16) In the authentication tab appears the login module you have created. There you can the right flag you desire for your login module (optional, required, requisite,sufficient)
17) Click the Properties tab next to Runtime tab
18) Click on property LoginModuleClassLoaders
19) Modify this property value to: library:libraryName (where libraryName is the name you deployed your login module library classes in step 2) )
20) Restart J2EE engine
Regards,
Juan Manuel -
JAAS Login Module Redirect to Iview
I am having some difficulty getting a redirect to an Iview to work in our custom JAAS Login Module. This code works in our current production environment, using Portal version EP6.0 SP2 Patch 35:
callbacks[0] = new com.sap.security.api.logon.WebCallback();
HttpServletResponse rsp = ((WebCallback) callbacks[0]).getResponse();
rsp.sendRedirect(this.changepasswordurl + this.username); //get url from property
But this nearly identical code is not working in our development environment, running NetWeaver:
WebCallback wcb = new WebCallback ();
this.callbackHandler.handle(new Callback [] {wcb});
HttpServletResponse rsp = wcb.getResponse();
myLoc.infoT("URL: " + this.changepasswordurl + this.username);
rsp.sendRedirect(this.changepasswordurl + this.username); //get url from property
When the rsp.sendRedirect statement is executed, I get a stack dump:
#1.5#00306EF4D7AD0048000000550000576000040C5F45EBE199#1139503241315#com.nike.portal.auth.PortalLoginModule#sap.com/irj#com.nike.portal.auth.PortalLoginModule#Guest#192####cd56b800998a11da8f7300306ef4d7ad#SAPEngine_Application_Thread[impl:3]_9##0#0#Info##Plain###URL: https://dev.XXXXX.com/irj/servlet/prt/portal/prtroot/pcd!3aportal_content!2fnikeconnect!2fiviews!2fcommon!2fMyInfo!2f1-com-nike-iv_b2s-change-password?userid=ncportal02@yahoo.com#on!2fMyInfo!2f1-com-nike-iv_b2s-change-password?userid=ncportal02@yahoo.com#
#1.5#00306EF4D7AD0048000000570000576000040C5F45EC2971#1139503241326#com.sap.engine.services.security#sap.com/irj#com.sap.engine.services.security#Guest#192####cd56b800998a11da8f7300306ef4d7ad#SAPEngine_Application_Thread[impl:3]_9##0#0#Error##Java###Error in some of the login modules.
[EXCEPTION]
#1#com.sap.engine.services.security.exceptions.BaseLoginException: Error in some of the login modules.
at com.sap.engine.services.security.login.ModulesProcessAction.run(ModulesProcessAction.java:149)
at java.security.AccessController.doPrivileged(Native Method)
at com.sap.engine.services.security.login.FastLoginContext.login(FastLoginContext.java:153)
at com.sap.engine.system.SystemLoginModule.login(SystemLoginModule.java:90)
at sun.reflect.GeneratedMethodAccessor260.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:324)
When I cut the exact URL being redirected to from the trace log and paste it into a browser, it goes to the page just fine.
Can anyone suggest a different method of performing a redirect from withing my JAAS Login Module in NetWeaver? I'm thinking maybe I'm not getting the response object properly - any ideas?
Thank you...
DaveThanks for the pointers. We were able to get an SAP developer to take a look at this and he coded up this solution, which takes what you suggested and filled in all the blanks. I am baffled as to how I would have figured this out on my own (like the RESPONSE_CODE value of 302), given the limited documentation around the HttpCallback. We haven't had the opportunity to try this yet - I'll respond with a new post either way to let you know. Anyway, here's the code snippet for how to perform a redirect:
In the custom JAAS Login Module:
setRedirect(callbackHandler, this.changepasswordurl);
This is the setRedirect method:
private void setRedirect(CallbackHandler ch, String redirectURL)
throws IOException, UnsupportedCallbackException
HttpSetterCallback setRCodeCB = new HttpSetterCallback();
setRCodeCB.setType(HttpCallback.RESPONSE_CODE);
setRCodeCB.setName("Moved Temporarily");
setRCodeCB.setValue("302");
HttpSetterCallback setRedirCB = new HttpSetterCallback();
setRedirCB.setType(HttpCallback.HEADER);
setRedirCB.setName("Location");
setRedirCB.setValue(redirectURL);
Callback[] cbSetter = new Callback[2];
cbSetter[0] = setRCodeCB;
cbSetter[1] = setRedirCB;
ch.handle(cbSetter); -
Hi all,
Im developing a new JAAS login module which will use Apache's Axis API to call a remote SOAP server.
During the development process, I added the Axis library by using the classic Java Build path=> libraries on Sap Netweaver developer Studio.
The compilation, the deployment of the SDA and the configuration via Visual Admin are working well.
But when I tried to authenticate on the SAP EP through this module, Ive got the following error message:
java.lang.NoClassDefFoundError: org.apache.axis.client.Service
In my opinion, it seems that the Apache Axis API (jar files) is not present on the SAP EP.
Is there any way to add external libraries like Apache Axis API (jar files) on the SAP EP?
Is there any way to add external libraries like Apache Axis API (jar files) on the sda generated by Sap Netweaver developer Studio?
Thanks,Hi,
can't you add the Axis libs to the SDA? In the file server/provider.xml you have the possibility to add jars via the NWDS.
HTH
Daniel -
Use of portal service in JAAS Login Module
Is it possible to use an portal service in an JAAS Login Module?
I've tried to use the IUserMappingService and always run in an Null Pointer Exception.
All needed Used DC references are set and the build and the deployment of the
login module is possible without any errors.
Best regards,
ThomasI've debuged my JAAS login modul.
The following objects are in accessable over my context object
{broker=broker, com.sap.portal.pcm.collaborative.ipartstemplates={}, UME=UME, com.sap.workflow.es.portal.IKMCRoomService=com.sap.workflow.es.room.KMCRoomHelper@44c944c9, comp.sap.portal.fpn.marshallersrepository={com.sapportals.portal.workset=com.sap.portal.fpn.marshal.WorksetMarshaller@7cf07cf0, com.sapportals.portal.rolefolder=com.sap.portal.fpn.marshal.RoleFolderMarshaller@489b489b, com.sapportals.portal.operationmodifier=com.sap.portal.unification.semanticlayer.marshalling.OperationModifierMarshaller@1a1b1a1b, com.sapportals.portal.businessobject=com.sap.portal.unification.semanticlayer.marshalling.BusinessObjectMarshaller@1fc71fc7, com.sapportals.portal.layout=com.sap.portal.fpn.marshal.LayoutMarshaller@454f454f, com.sapportals.portal.role=com.sap.portal.fpn.marshal.RoleMarshaller@590e590e, com.sap.portal.obn.semanticlayer.businessobject.BusinessObject=com.sap.portal.unification.semanticlayer.marshalling.BusinessObjectNYMarshaller@68af68af, com.sap.portal.obn.semanticlayer.operation.IOperation=com.sap.portal.unification.semanticlayer.marshalling.OperationNYMarshaller@4f4a4f4a, com.sap.portal.pcm.admin.PlainFolderConverter=com.sap.portal.fpn.marshal.FolderMarshaller@284a284a, com.sapportals.portal.iview=com.sap.portal.fpn.marshal.IViewMarshaller@7ba37ba3, com.sapportals.portal.page=com.sap.portal.fpn.marshal.PageMarshaller@a100a10, com.sapportals.portal.operation=com.sap.portal.unification.semanticlayer.marshalling.OperationMarshaller@ece0ece}, WP=com.sapportals.portal.prt.core.resource.MultiPropertiesResource@3b213b21, ContentCatalog=ContentCatalog, Navigation=Navigation, PCD=PCD, com.sap.portal.obn=com.sap.portal.obn, com.sap.portal.usermanagement.usermanagement=com.sapportals.portal.prt.service.usermanagement.UserManagementService@60cc60cc, ProductionMode=true, AdHocWorkflowConnector=com.sap.workflow.es.portal.WFEWorkitemProvider@30d630d6, com.sap.ip.bi=com.sap.ip.bi, com.sapportals.portal.pcm.registeredServies=com.sapportals.portal.pcm.registeredServies, UniversalWorklistService=com.sap.netweaver.bc.uwl.core.portal.UWLPortalService@57e957e9, com.sap.portal.appintegrator=com.sap.portal.appintegrator, rtmf_messaging=com.sap.ip.collaboration.core.api.rtmf.core.RTMFMessaging@41af41af, com.sap.workflow.es.portal.IKMNotificationService=com.sap.workflow.es.portal.KMNotificationService@1daa1daa, com.sap.portal.pcm.collaborative.pagestemplates={}, runtime=runtime, Authenticator=com.sapportals.portal.prt.service.authenticationservice.AuthenticationService@756f756f, com.sap.workflow.es.portal.IKMAttachmentService=com.sap.workflow.es.portal.KMAttachmentService@9750975, unification=unification}
The IUserMappingService is missing. Any ideas?
Best regards,
Thomas
Maybe you are looking for
-
Display values from database in jsp page
Hi, I need to display a list of options with checkboxes in a jsp page .The values are retrived from DB. formBean fb=new FormBean(request) <Input type="checkbox" name="xyz" value="<%=fb.getFormdata( "xyz")%>"> should this"xyz" be the name of the colum
-
Accessing S/N of G3 Beige MiniTower through software.
Is there any software than can fetch me the serial number of my G3 Beige MiniTower? I've got this Frankenmac (G3 Beige upgraded to G4 trough PowerLogic ZIF chip) booted into native MacOS 9.2.2 and connected to my mini-network through Ethernet. The
-
I am not able to Upload any Local Policys on PIX 6.3
Hi Pls help me out for CSM Policy Deployement ... 1) My PIX 6.3 is having AAA Tacacs configuration , when I am using user:csm configured on ACS (Tacacs ) with SSH/Telent I am able to Login and do all editing in config. 2) But when I am using same use
-
Hi there I require to make a gantt chart but when you attach the data type DateTime series, do not take into account the graph. What format should wear?
-
Dear Experts, We are getting an error in form 24q validation. Following are the error details. TDS/TCS - ERROR FILE Line No Record Type Statement Type Field Name Challan Details Record Number Deductee/ Salary Detail No. Error Code & Description