Jaas Login module does not work
Hello,
I am developing simple web application wich uses jaas for authentication, but something strange happens, i have written security information in my web.xml:
<security-constraint>
<web-resource-collection>
<web-resource-name>simple</web-resource-name>
<url-pattern>/security/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/login.seam</form-login-page>
<form-error-page>/login.seam</form-error-page>
</form-login-config>
</login-config>
<security-role>
<role-name>admin</role-name>
</security-role>my login module looks like this:
package com.auth.security;
public class SimpleLoginModule implements LoginModule {
// initial state
private Subject subject;
private CallbackHandler callbackHandler;
private Map sharedState;
private Map options;
// the authentication status
private boolean succeeded = false;
private boolean commitSucceeded = false;
// login info
private static final String[] userNames = { "admin", "guest", "user1", "user2" };
private static final String[] passwords = { "admin", "sesame", "pass1", "pass2" };
// current user
private String username;
private char[] password;
// user's principal object
private SimplePrincipal userPrincipal;
public void initialize(Subject subject, CallbackHandler callbackHandler, Map sharedState, Map options) {
System.out.println("INITIALIZE");
this.subject = subject;
this.callbackHandler = callbackHandler;
this.sharedState = sharedState;
this.options = options;
}// end initialize()
public boolean login() throws LoginException {
System.out.println("LOGIN");
// prompt for a user name and password
if (callbackHandler == null)
throw new LoginException("Error: no CallbackHandler available " + "to garner authentication information from the user");
Callback[] callbacks = new Callback[2];
callbacks[0] = new NameCallback("\nuser name: ");
callbacks[1] = new PasswordCallback("password: ", false);
try {
callbackHandler.handle(callbacks);
username = ((NameCallback) callbacks[0]).getName();
char[] tmpPassword = ((PasswordCallback) callbacks[1]).getPassword();
if (tmpPassword == null) // treat a NULL password as an empty
// password
tmpPassword = new char[0];
password = new char[tmpPassword.length];
System.arraycopy(tmpPassword, 0, password, 0, tmpPassword.length);
((PasswordCallback) callbacks[1]).clearPassword();
} catch (java.io.IOException ioe) {
throw new LoginException(ioe.toString());
} catch (UnsupportedCallbackException uce) {
throw new LoginException("Error: " + uce.getCallback().toString() + " not available to authenticate user.");
boolean usernameCorrect = false;
boolean passwordCorrect = false;
String passwordString = new String(password);
for (int x = 0; x < userNames.length; x++) {
if (username.equals(userNames[x]))
usernameCorrect = true;
if (usernameCorrect && passwordString.equals(passwords[x])) {
// authentication succeeded!!!
passwordCorrect = true;
succeeded = true;
break;
} else {
// authentication failed -- clean out state
succeeded = false;
usernameCorrect = false;
}// end if/else
}// end for( int x = 0; x < userNames.length; x++ )
return succeeded;
}// end login()
public boolean commit() throws LoginException {
System.out.println("COMMIT");
if (!succeeded) {
return false;
} else {
// add a Principal (authenticated identity)
// to the Subject
// assume the user we authenticated is the SimplePrincipal
userPrincipal = new SimplePrincipal(username);
if (!subject.getPrincipals().contains(userPrincipal))
subject.getPrincipals().add(userPrincipal);
// in any case, clean out state
username = null;
password = null;
commitSucceeded = true;
return true;
}// end if( succeeded == false )
}// end commit()
public boolean abort() throws LoginException {
System.out.println("ABORT");
if (succeeded == false) {
return false;
} else if (succeeded == true && commitSucceeded == false) {
// login succeeded but overall authentication failed
succeeded = false;
username = null;
if (password != null)
password = null;
userPrincipal = null;
} else {
// overall authentication succeeded and commit succeeded,
// but someone else's commit failed
logout();
}// end if/else
return true;
public boolean logout() throws LoginException {
System.out.println("LOGOUT");
subject.getPrincipals().remove(userPrincipal);
succeeded = false;
succeeded = commitSucceeded;
username = null;
if (password != null)
password = null;
userPrincipal = null;
return true;
}I am using Jboss-4.2.3.GA and configured login-config.xml like this:
<application-policy name="simpleLoginModule">
<authentication>
<login-module code="com.security.auth.simpleLoginModule" flag="required">
</login-module>
</authentication>
</application-policy>I have jboss-web.xml also correctly configured.
The problem is that when i type correct username/password happens the error:
HTTP Status 403 - Access to the requested resource has been denied
So can anyone help me? What i have to change/modify in my loginmodule java code?
Hi,
no need to change the authschemes.xml file when you don't know if your code works (you can perfectly break logon to other applications when doing so).
Configure your application to use declarative authentication; this is done in the web.xml of the application:
http://help.sap.com/SAPhelp_nw70/helpdata/en/08/0f0e4d1ffece4d8b9c5b84793aac50/content.htm
http://help.sap.com/SAPhelp_nw70/helpdata/en/40/97ffdb74939747b402b0200780cab5/content.htm
http://help.sap.com/SAPhelp_nw70/helpdata/en/b9/9482887ddb3e47bd1a738c3e900195/content.htm
example:
<login-config>
<auth-method>FORM</auth-method>
<realm-name>REALM</realm-name>
<form-login-config>
<form-login-page>logon.jsp</form-login-page>
<form-error-page>error.jsp</form-error-page>
</form-login-config>
</login-config>
With declarative authentication the AS Java will use the logon modules you confired in the VA for the application.
br,
Tobias
Similar Messages
-
Custom Login Module Does Not Work
Hello,
Can someone give me some suggestions on what I should look at to fix the following error. I created jaas custom login module. Within the module I authenticate against an active directory. I've put many trace statements throughout the login module code. So I can actually follow everystep of the way through the login process. The user authenticates correctly and in the commit() method of the login module, the security principal is created and added to the principals and true is returned from the method. Everything looks like it worked correctly... but the user doesn't actually get into the portal. The login screen is redisplayed. This login module is the only login module in the stack being used to authenticate. According to the tracing, everything should of worked. Does anyone have any suggestions on what I should look at?
thanks,
Keith
NW04 SP14Marcel,
The reason we are using a custom login is we want to handle different situations when logging in, for example, if a password is expired we re-direct to a change password page that allows the user to update their password.
In our EP6 sp2 environment, this is working. I then recoded the login module so it would work in NW04, be we are having no luck.
Here is the weird thing, it works on some userid's but not on others. For example, with a userid like "kjanks" it works fine. But with a userid like "t.portal08" it fails, then your back at the login screen with the userid field displaying the userid, but the password field is empty. You can then click the login button again without doing anything else and then it works and you get in the portal. So it seems like the "." in the one userid is causing trouble.
Any Ideas?
thanks,
Keith -
Maverick update now my login screen does not work please help.
Hello hope you can help. I have a 24 inch Mid 2007 Intel iMac. It has been great until now. I recently did the Maverick update and now my login screen does not work. When I wake the computer up the screen appars with my picture icon. When I click on it nothing happens. If I click on it a second or third time the beach ball appears and nothing happens. I have to shut the unit down with the power button and when the unit powers back up everything works normally. Are there any suggestions out there? I have updated the software without resolution. Is this computer too old? Do I have to buy a new one?
Thank youYour iMac can support Mavericks according to the requirements > OS X Mavericks: System Requirements
Try a Safe Mode boot. That deletes some system caches that may help.
Startup your Mac in Safe Mode
A Safe Mode boot takes much longer than a normal boot so be patient.
Once you are in Safe Mode, click Restart from the Apple () menu.
See if there's an improvement for the login screen. -
After a restore from Time Machine my login password does not work.
My HD crashed and I replaced the HD. I then restored from Time Machine. After it was done restoring it prompted me for my apple ID and password and account info. Now when I try to login, the password does not work. After several failed passwords, it says I can reset my password using my apple ID. How do you do this? I click on the message and it just disappears. I can't login!
Is it your actual Apple ID login password that you're talking about (which is obviously working since you got into this forum) or the password for your user account. If the latter, simply boot to your ML Recovery partition (holding down the Command and R keys while booting) and set a new password via Terminal.
Boot into your Recovery partition and, from the Utilities menu, open Terminal. In Terminal, type in:
resetpassword
...a small app will run allowing you to select a user and change the password for that use. Enter the new password twice (the second time to verify) and give yourself a password 'hint'. Then reboot and use your new password on your account.
Clinton -
FP TC 120 module does not work
I have a FP-TC-120 module connected to a FP-1600 Ethernet module. But the software FieldPoint Explorer seems not to recognize it. It recognizes my FP-1600 module, and a FP-AI-110 module also connected. The FP-TC-120 power LED keeps flashing frequently, and the Ready LED does not light. What can be happening? I have tried everything, but it does not work at all.
Actually, technically, the FP-TC-120 module does not have a STATUS LED. Network modules have STATUS LED's that will flash a number of times, pause, and flash again but I/O modules do not. All I/O modules have Power and Ready LED's and some I/O modules have additional LED's.
The FP-TC-120 has an LED on each channel to indicated Open Thermocouple detection. In an I/O module, a Power LED that is failing to turn on wil typically signify that one or more components in the system is damaged. The most typical example would be bent pins between the terminal bases or between the I/O module and the terminal base. Alternatively, some forms of damage to the I/O module could also conceivably cause this sort of failure mode. In any case, once the faulty component
is isolated (terminal base or module), it will probably need to be sent to National Instruments for repair.
Regards,
Aaron -
Had to erase hd and reboot from time machine. Now login password does not work
Had to erase hd and reboot from time machine. Now login password does not work
Stick the OS X 10.6 install disk and reboot the computer holding c down.
Second screen in is a Utilities menu with Password Reset, try that. -
JAAS Custom Login Modules does not run on JDev/OC4J 10.1.3, pls help...
Hi all,
I trying to use Custom Login Modules as described on :
http://www.oracle.com/technology/products/jdev/howtos/10g/jaassec/index.htm
I open the DBLMTest.jws in JDeveloper 10.1.3.1, after completing the required steps, I try deploy it into OC4J Stand alone 10.1.3.
I get ERROR :
application : foo is in failed state
Operation failed with error:
java.lang.InstantiationException
The cause of the error is the two lines below that I add into orion-application.xml :
<property name="role.mapping.dynamic" value="true"/>
<property name="jaas.username.simple" value ="true" />
If I remove the two lines, it deploys succesfully.
Please helpp... I have to implement security in our apps very soon....
Thank you very much,
xtanto
The complete trace of deployment error :
---- Deployment started. ---- Apr 4, 2007 5:25:19 PM
Target platform is Standalone OC4J 10g 10.1.3 (oc4j_oracle).
Wrote WAR file to D:\_JDEV1013.APPs\jaasdatabaseloginmodule\JDeveloper1012Workspaces\DBLMTest\Project\deploy\DBLMTest.war
Wrote EAR file to D:\_JDEV1013.APPs\jaasdatabaseloginmodule\JDeveloper1012Workspaces\DBLMTest\Project\deploy\DBLMTest.ear
Uploading file foo.ear ...
Uploading file foo.ear ...
Application Deployer for foo STARTS.
Copy the archive to C:\OC4J\j2ee\home\applications\foo.ear
Initialize C:\OC4J\j2ee\home\applications\foo.ear begins...
Unpacking foo.ear
Done unpacking foo.ear
Unpacking DBLMTest.war
Done unpacking DBLMTest.war
Initialize C:\OC4J\j2ee\home\applications\foo.ear ends...
Starting application : foo
Initializing ClassLoader(s)
Initializing EJB container
Loading connector(s)
application : foo is in failed state
Operation failed with error:
java.lang.InstantiationException
Deployment failed
Elapsed time for deployment: 4 secondsHello there again xtanto,
I blogged about this last year - perhaps you could run over to http://stegemanoracle.blogspot.com and have a look. I'd send you the exact link, but I cannot access blogspot from work.
John -
Hi, there,
I downloaded the JDeveloper 2.0.184 Beta from the web. However,
I had problem getting my application work when try to connect to
the database.
I chose Sun's JDBC-ODBC bridge to connect to Oracle7 via ODBC
DSN
on my NT box. When I am in the design mode, I can view the data
(single table) with no problem. However, when I tried to run the
application, the pop-up dialog box that asks for username and
password does not respond to any input (either key or mouse).
Furthermore, the background of the dialog box was not draw
completely. It captures some of the existing screen, e.g.
part of the DOS console that it covers.
Any help?
Thanks
Yu-Xing
nullHi,
This is a known bug with the logon prompt which has been fixed
for production.
When you define your connection, clear the checkbox 'Prompt User
for Security Information', then your application should be OK.
L.
Yu-Xing Zhou (guest) wrote:
: Hi, there,
: I downloaded the JDeveloper 2.0.184 Beta from the web.
However,
: I had problem getting my application work when try to connect
to
: the database.
: I chose Sun's JDBC-ODBC bridge to connect to Oracle7 via ODBC
: DSN
: on my NT box. When I am in the design mode, I can view the
data
: (single table) with no problem. However, when I tried to run
the
: application, the pop-up dialog box that asks for username and
: password does not respond to any input (either key or mouse).
: Furthermore, the background of the dialog box was not draw
: completely. It captures some of the existing screen, e.g.
: part of the DOS console that it covers.
: Any help?
: Thanks
: Yu-Xing
null -
Satellite M70-164 PSM71E - SD Secure Module does not work
My laptop was installed in all new
Currently have Windows XP Professional with SP3
I can not install the SD Secure Module
They can help me.
Thank youHi
The SD Secure Module version 1.0.2; this software is an *update* for your TOSHIBA Secure Digital-Host controller.
So you have to install firstly the Cardbus Driver 2.0.0.1.
Cheers -
TP8's Ericsson module does not work after update to win10 & two more unknown devices
So after update I installed: Intel Platform Device Driver, DPR Util, Ericsson driver (just as I did on win8) but have no luck! And I tried to insert working sim but no effect. Please help. http://i.imgur.com/eVgRkks.png?1 (See Device Manager: blue highlighted is possible Ericsson module)
to correct bad spelling:
a) What to do to get the imac sending WIFI out again? -
FM LDB_PROCESS with PNP or PNPCE does not work...
This is the code. This do nothing, no errors, no results.(The system have employees.)Please help with some advice.
José.
TABLES: PERNR.
TYPE-POOLS: RSDS, RSFS.
DATA: CALLBACK TYPE TABLE OF LDBCB,
CALLBACK_WA LIKE LINE OF CALLBACK.
DATA: SELTAB TYPE TABLE OF RSPARAMS,
SELTAB_WA LIKE LINE OF SELTAB.
DATA: TEXPR TYPE RSDS_TEXPR,
FSEL TYPE RSFS_FIELDS.
Refresh: Callback.
Clear: Callback.
CALLBACK_WA-LDBNODE = 'PERNR'.
CALLBACK_WA-GET = 'X'.
*CALLBACK_WA-GET_LATE = ' '.
CALLBACK_WA-CB_PROG = SY-REPID.
CALLBACK_WA-CB_FORM = 'PROG_PERNR'.
APPEND CALLBACK_WA TO CALLBACK.
Refresh: Seltab.
Clear: Seltab.
SELTAB_WA-SELNAME = 'PERNR'.
SELTAB_WA-SIGN = 'I'.
SELTAB_WA-KIND = 'P'.
SELTAB_WA-OPTION = 'EQ'.
CLEAR SELTAB_WA-LOW.
CLEAR SELTAB_WA-HIGH.
APPEND SELTAB_WA TO SELTAB.
Refresh: TEXPR, FSEL.
Clear: TEXPR, FSEL.
CALL FUNCTION 'LDB_PROCESS'
EXPORTING
LDBNAME = 'PNP'
EXPRESSIONS = TEXPR[]
FIELD_SELECTION = FSEL[]
TABLES
CALLBACK = CALLBACK
SELECTIONS = SELTAB
EXCEPTIONS
LDB_NOT_REENTRANT = 1
LDB_INCORRECT = 2
LDB_ALREADY_RUNNING = 3
LDB_ERROR = 4
LDB_SELECTIONS_ERROR = 5
LDB_SELECTIONS_NOT_ACCEPTED = 6
VARIANT_NOT_EXISTENT = 7
VARIANT_OBSOLETE = 8
VARIANT_ERROR = 9
FREE_SELECTIONS_ERROR = 10
CALLBACK_NO_EVENT = 11
CALLBACK_NODE_DUPLICATE = 12
OTHERS = 13.
case sy-subrc.
when 1. raise ldb_not_reentrant.
when 2. raise ldb_incorrect.
when 3. raise ldb_already_running.
when 4. raise ldb_error.
when 5. raise ldb_selections_error.
when 6. raise ldb_selections_not_accepted.
when 7. raise variant_not_existent.
when 8. raise variant_obsolete.
when 9. raise variant_error.
when 10. raise free_selections_error.
when 11. raise callback_no_event.
when 12. raise callback_node_duplicate.
endcase.
if sy-subrc ne 0.
message id sy-msgid type sy-msgty number sy-msgno
with sy-msgv1 sy-msgv2 sy-msgv3 sy-msgv4.
endif.
*& Form PROG_PERNR
* text
* -->NAME text
* -->WA text
* -->EVT text
* -->CHECK text
FORM PROG_PERNR USING NAME TYPE LDBN-LDBNODE
WA TYPE PERNR
EVT TYPE C
CHECK TYPE C.
message id sy-msgid type sy-msgty number sy-msgno
with sy-msgv1 sy-msgv2 sy-msgv3 sy-msgv4.
CASE EVT.
WHEN 'G'.
WRITE: / WA-PERNR.
ULINE.
WHEN 'L'.
ENDCASE.
ENDFORM. "PROG_PERNRYes, this is the best way of fill out these tables. But my problem is different, I'm trying to get the infotypes info through a BADI or function module.
I received a response from SAP about how to resolve this issue. I need to use the old way:
SUBMIT...RETURN to call another report with the PNP/PNPCE Logical Database.
That's the reason for use the LDB_PROCESS function module. (SUBMIT...RETURN uses too many memory and processor resources) Now I know that this function module does not work with HR Logical Databases because the Infotypes structures.
Thank you by your quick reponse.
José -
I adjusted the login module, but it does not work.
I Adjust the Login Module Stacks according to the
http://help.sap.com/saphelp_nw04/helpdata/en/aa/bf503e1dac5b46e10000000a114084/content.htm
I adjusted the Hello Application provided by the SAP J2EE Server, I remove all the login modules, I hope there is no login page displaying when I access to the Hello page again. But it does not work. The login page always appears.
Was I wrong to understand it?
Any reply is appreciated.1. I finished configuration for Login module.
2. And the document say, the last step is to make
sure the login modules take effort when the application
is accessed, using the Application Tracing Servie to
restart the affected application.
But, I have not found the Application Tracing Service
to restart the affected application.
I think it is why it does not work.
Hope your your any recommendations and Points must be
rewarded. -
When logging in into yahoo mail after typing in password Firefox is adding something, probably remembered password and login fails all the time. At yahoo mail Notepad does not work because it is impossible to close the list of items and they cover information, so I have to go to IE.
Only when i go to a different browser (like IE) after i clear it , then all that shows up is the pages i visited in IE , that is what bugs me , why is IE browsing history sowing up in Firefox ??
Basically , i can clear the history in Firefox , and then for a example , go to Craigslist , using IE7 (launching it from a complete different Icon , in other words at that time i never open Firefox) , then after closing out , or even leaving open as it does not seem to matter , i go into Firefox , and hit History , and there is every place i visited in IE7 , on my History in Firefox -
I have a iphone 5 and I can login with my apple id to purchase music. However, when I try to login into icloud using the very same username and password that I use in the apple store it does not work to enter icloud, so what what gives???
I could do that, however when I select the icloud button (or whatever the heck it is) I am asked to enter the apple id and password. So if you are suppose to create another one for icloud you'd think it would give you the option at this point which would be logical.
-
I am new to Adobe Cloud, received the invitation from Adobe, create my account and I am able to login to the web. When Attempted to download Photoshop desktop, I was asked for Name and Password, the name was populated but I have to enter the password. I am using the password I entered at registration but it does not work and the Installer does not run.
I have a MacBook Pro with OS version 10.9.3.
Thanks,
CarlosI figured out, the Installer need the username and password for the computer OS.
Maybe you are looking for
-
Hi there, i'm new to the iPHONE community and please can someone tell me how to backup my phone to iCLOUD. How do i connect with wi-fi. Must i buy a wi-fi connetion or what.Thank you kind regards
-
Cant move my stuff from an external harddrive!
i have a windows laptop with a hard drive i have used for a while. all my pictures an videos are on that external hard drive. i recently just bouht a macbook and tried to move my files from the eternal harddrive onto my macbook. but it wouldnt let me
-
[Solved] I can't get vim to save my selected colour theme
Have pity upon a Vim acolyte! I have looked through the Arch Wiki documentation and I have completed vim's excellent "vimtutor" program. Both have been immensely helpful but I still have these issues and I'm not sure where to look for the solutions
-
I want to create a Forecast report that shows the Current Month ( I have a subtitution variable set for this) and the the next 3 months out. I can a relative member function to set the next 3 months but if the Month is Dec how can I change the year t
-
Floating point to time conversion
Hi all, I need to convert floating point value to time.Any help would be gr8