JAAS Support

Hi,
I've a JAAS login module that I'd like to use with oracle 9iAS. Is that possible? The documentation is very confusing... it says it supports JAAS but it is not integrated with the container so it's not possible to use JAAS with declarative security. Is that right?
Thanks,
Leonardo Bueno

Leonardo,
you need OC4J 9.0.4 or Oracle Application Server 10g to use your custom Login Modules for declarative authentication. Custom JAAS Login modules are supported with the jazn-data.xml provider.
See chapter 6 of the OC4J 9.0.4 security guide (its part of the Oracle Application Server documentation that you also can read online here on OTN)
Frank

Similar Messages

What is JAZN? And how does it relate to JAAS

I was searching previous postings for any info on JAAS. When I
found in a reply to a question about JAAS support in OC4J from
someone called andy.
JAAs/JAZN will be supported in version 2.0 of iAS.I had never heard of JAZN before so with my curiosity tweaked I
started to search the web. An hour later all I had to show for
my efforts was one cryptic message on an Orion list server.
So could anyone tell me if JAZN is a really Java API or did
andy's cat jump on his keyboard?
Daniel

Hi,
The JavaTM Authentication and Authorization Service (JAAS) is a
Java package that enables services to authenticate and enforce
access controls upon users.
JAZN is a JAAS provider, which provides both Authentication and
Authorization Services.
Oracle9iAS JAAS (a.k.a. "JAZN"), is Oracle's implementation of
the Java Authentication and Authorization Service (JAAS)
standard, which adds PAM-based pluggable authentication and
Subject-based, fine-grained authorization to the Java2 platform.
Andy

Using JAAS in a BC4J Client

Hello
We are building a BC4J application.
We would like to use JAAS on the client side (Swing Client), to do some authorization.
I made a test, authentication a user trough JAAS on the client as follow:
// Auhorization
CallbackHandler handler = new InfoCallbackHandler();
String s = "oracle.security.jazn.tools.Admintool";
LoginContext loginContext = new LoginContext(s, handler);
loginContext.login();
Subject subject = loginContext.getSubject();
// authenticated action
Subject.doAs(subject, this);
This works, as long as the client has access to the jazn.xml file.
As far as I understand, this loads the RealmLoginModule.
The RealmLoginModule uses either a jazn.xml file, or LDAP for authentication.
Now I'm curios about where the RealmLoginModule gets its information from, when the client is running on an other machine than the OC4J Server.
Where does the RealmLoginModule get the connection information for the OC4J or LDAP- server from?
Do I have to deliver the security information (jazn.xml file) to the client (I dont want to expose all this information to the Hackers on the client side)?
Is there a way to delegate the JAAS calls to the middle tier (a security provider , LoginModule, that does RMI-calls to an EJB-component)?
Is there a way to do authorization with the BC4J interfaces on the client (something like boolean ApplikacitonModule.isUserInRole(Role) or javax.security.auth.Subject ApplikacitonModule.getSubject() or java.util.Set ApplikacitonModule.getPrincipalsForSubject())?
I would like to get a javax.security.auth.Subject representing the user (and password)
that is authenticated in the middle tier. This is the Subject (defined by username & password)),
used for the JNDI lookup, and by the whole J2EE (EJB) security, when creating a root ApplicationModule.
Is this possible?
Regards
Matthais Gerber

Hi,
In JDeveloper 9.0.3, BC4J has JAAS support in the middle-tier. You could set jbo.security.enforce to "Test" or "Must" on the application module using "Configuration...", "Edit" in JDev. If you are using the default Oracle 9iAS JAAS you will also need to include BC4J Security library in the project. The jdk\jre\lib\securtiy\java.security should have login.configuration.provider=oracle.security.jazn.spi.LoginConfigProvider.
You do not need to create LoginContext, CallbackHandler, etc. in either your client app or business objects.
If you are not using OC4J, you need to have another loginmodule that implement javax.security.auth.spi.LoginModule. You need to set the jbo.security.loginmodule with you loginmodule name, include the class or jar in your library, specify the jaas config file on the java runtime option.
Please refer to 9.0.3 online help "Working with Security in BC4J" for more information.
Thanks,
Yvonn

OC4J 9.0.3: JAAS Compliant LoginModule support !

Hi,
I have a requirement where I need to migrate my JAAS Compliant LoginModule(implements LoginModule interface) from Weblogic to OC4J. I want to use my Custom LoginModule to perform authentication at the Web Tier and Ejb Tier and let the containers handle the details. I only want to plug in my Login Module as needed. The Login Module works absolutely fine as it is on Weblogic and JBoss, but fails to work on OC4J. This is the error that I get :-
When I call a protected EJB function the following error is found in the server.log file:
The run-as user is not an instance of com.evermind.security.User
Why is it looking for a "User" of this instance? I am using all standard JAAS compliant
classes:
javax.security.auth.spi.LoginModule to implement my Login Module
java.security.Principal to implement my Principal
java.security.acl.Group to implement by Group/Role
As of OC4J version 9.0.3 does it have Support for JAAS Compliant custom login module??
These are the source files that I have
1) JAAS Compliant Login Module (implement LoginModule interface)
2) JAAS compliant Principal (implement Principal interface)
3) JAAS compliant Group (implement Principal interface and Group interface)
4) Allow Web Tier and EJB Tier to be authenticated and authorized
Now how do I go about deploying the same on OC4J.
Any help would be appreciated.
Thanks in Advance,
Easwar.

Hello All,
As I was going through JAAS implementation using the iPlanet LDAP as our user/role data source found that its not just the LoginModule you have to write in addition to this you would end up wirting a whole new set of classes for manaing the users i.e UserManager :(
Here is the list of classes we have to implement to get the container managed declarative security model to work with the Web (web.xml) and EJB containers (ejb-jar.xml)
1 SampleAuthenticator.java
2 SampleLoginModule.java
3 SampleProvider.java
4 SampleRealm.java
5 SampleRealmManager.java
6 SampleRealmPrincipal.java
7 SampleRealmRole.java
8 SampleRealmUser.java
9 SampleRoleManager.java
10 SampleUserManager.java
I have still some doubt that after implementing this there could be some more catch and the implementation may still not work!!! :(
Have any one done such an implementation?
if some one has done this please let us know is it worth implementing them?
Thank you
Mallik

Configure JAAS login module stack to support x.509 certificates without SSL

I want to use x.509 certificates for authentication against a EP 7.0 but I dont want to have SSL traffic on the network segment where the portal resides. Obviously the SSL must be terminated in an application gateway that sends the certificate to the portal in the header.
I know that AcceptClientCertWithoutSSL must be set to true in the http provider and that ClientCertificateHeaderName is the name of the header variable that contains the users certificate, default is SSL_CLIENT_CERT.
What I dont know is how to configure my JAAS login module stack, my suggestion would be this:
EvaluateTicketLoginModule SUFFICIENT {ume.configuration.active=true}
ClientCertLoginModule OPTIONAL {Rule1.getUserFrom=SSL_CLIENT_CERT}
CreateTicketLoginModule SUFFICIENT {ume.configuration.active=true}
BasicPasswordLoginModule REQUISITE {}
CertPersisterLoginModule OPTIONAL {Rule1.getUserFrom=SSL_CLIENT_CERT}
CreateTicketLoginModule SUFFICIENT {ume.configuration.active=true}
My concern is does the ClientCertLoginModule and the CertPersisterLoginModule read from the header variable? If they dont, is there another login module that should be used in this case?

Hi Claus,
you got the flags right but the options of the login modules (LM) are wrong, so the certificate authentication won't work.
There's two problems I see: (1) Rule1.getUserFrom is not a valid option for the LM CertPersisterLoginModule, and (2) SSL_CLIENT_CERT is not a valid value for the option Rule1.getUserFrom of the ClientCertLoginModule.
Looking at this topic:
http://help.sap.com/saphelp_nw2004s/helpdata/en/ea/301e3e6217b40be10000000a114084/content.htm
the header variable used to pass the certificate is maintained in the HTTP provider service properties but since you use the default you don't need to maintain that part of the config. You also don't need the CertPersisterLoginModule in the config because it is used for automatic certificate mapping, which doesn't work when you don't have SSL to the portal.
So with the above said your LM stack config should look like this:
EvaluateTicketLoginModule SUFFICIENT {ume.configuration.active=true}
ClientCertLoginModule OPTIONAL {Rule1.getUserFrom=wholeCert}
CreateTicketLoginModule SUFFICIENT {ume.configuration.active=true}
BasicPasswordLoginModule REQUISITE {}
CreateTicketLoginModule SUFFICIENT {ume.configuration.active=true}
If this doesn't work I'd suggest opening a support ticket.
Regards,
Yonko

Which versions of WebAS support JAAS?

Which version of WebAS support JAAS (Java Authentication and Authorization Service)?
I've found a number of documents that say it's WebAS 6.40. But, others imply it's as early as 6.20. Any definitive answers?
--Craig

Depends on the version. JAAS was available at 6.20 too, as it was always part of J2EE (or at least J2EE 1.2, whicvh is supported be WebAS 6.20)
Regards,
Benny

Doest OC4J support JAAS ?

Hi everyone,
does OC4J support JAAS ? If so, how can I implement it ?
Thanks
null

<BLOCKQUOTE><font size="1" face="Verdana, Arial, Helvetica">quote:</font><HR>Originally posted by Andy ():
There is no official roll-out date yet. But by the end of the year is a good estimate.<HR></BLOCKQUOTE>
Thanks a lot Andy, and sorry for bothering again, but are there online resources about the next version ? I've only found a white paper (http://technet.oracle.com/tech/java/oc4j/pdf/OC4J_TWP.pdf) which describes what is possible as of now (JTA, JMS, JNDI etc.), but nothing about JAAS.
Best Regards
null

Error in JSPM Support Pack update

Hi,
i am in the process of doing java support packs form level 9 to 14.
I am doing 3 at a time
After the sap-jee support pack got deployed the server0 for j2ee is not starting.
Pls hlep
The following is the log of disp_server0
trc file: "F:\usr\sap\BWD\DVEBMGS01\work\dev_server0", trc level: 1, release: "700"
node name   : ID13786450
pid         : 7296
system name : BWD
system nr. : 01
started at : Tue Jun 17 16:30:40 2008
arguments       :
*       arg[00] : F:\usr\sap\BWD\DVEBMGS01\exe\jlaunch.exe*
*       arg[01] : pf=F:\usr\sap\BWD\SYS\profile\BWD_DVEBMGS01_WDBSSAPBWD01*
*       arg[02] : -DSAPINFO=BWD_01_server*
*       arg[03] : pf=F:\usr\sap\BWD\SYS\profile\BWD_DVEBMGS01_WDBSSAPBWD01*
*       arg[04] : -DSAPSTART=1*
*       arg[05] : -DCONNECT_PORT=3227*
*       arg[06] : -DSAPSYSTEM=01*
*       arg[07] : -DSAPSYSTEMNAME=BWD*
*       arg[08] : -DSAPMYNAME=WDBSSAPBWD01_BWD_01*
*       arg[09] : -DSAPPROFILE=F:\usr\sap\BWD\SYS\profile\BWD_DVEBMGS01_WDBSSAPBWD01*
*       arg[10] : -DFRFC_FALLBACK=ON*
*       arg[11] : -DFRFC_FALLBACK_HOST=localhost*
[Thr 4660] Tue Jun 17 16:30:40 2008
*[Thr 4660] *** WARNING => INFO: Unknown property [instance.box.number=BWDDVEBMGS01wdbssapbwd01] [jstartxx.c   841]*
*[Thr 4660] *** WARNING => INFO: Unknown property [instance.en.host=WDBSSAPBWD01] [jstartxx.c   841]*
*[Thr 4660] *** WARNING => INFO: Unknown property [instance.en.port=3200] [jstartxx.c   841]*
*[Thr 4660] *** WARNING => INFO: Unknown property [instance.system.id=1] [jstartxx.c   841]*
JStartupReadInstanceProperties: read instance properties [F:\usr\sap\BWD\DVEBMGS01\j2ee\cluster\instance.properties]
-> ms host    : WDBSSAPBWD01
-> ms port    : 3900
-> OS libs    : F:\usr\sap\BWD\DVEBMGS01\j2ee\os_libs
-> Admin URL :
-> run mode   : safe
-> run action : UPGRADE
-> enabled    : yes
Used property files
-> files [00] : F:\usr\sap\BWD\DVEBMGS01\j2ee\cluster\instance.properties
Instance properties
-> ms host    : WDBSSAPBWD01
-> ms port    : 3900
-> os libs    : F:\usr\sap\BWD\DVEBMGS01\j2ee\os_libs
-> admin URL :
-> run mode   : safe
-> run action : UPGRADE
-> enabled    : yes
Bootstrap nodes
-> [00] bootstrap            : F:\usr\sap\BWD\DVEBMGS01\j2ee\cluster\instance.properties
-> [01] bootstrap_ID13786400 : F:\usr\sap\BWD\DVEBMGS01\j2ee\cluster\instance.properties
-> [02] bootstrap_ID13786450 : F:\usr\sap\BWD\DVEBMGS01\j2ee\cluster\instance.properties
Worker nodes
-> [00] ID13786400           : F:\usr\sap\BWD\DVEBMGS01\j2ee\cluster\instance.properties
-> [01] ID13786450           : F:\usr\sap\BWD\DVEBMGS01\j2ee\cluster\instance.properties
[Thr 4660] JLaunchRequestQueueInit: create named pipe for ipc
[Thr 4660] JLaunchRequestQueueInit: create pipe listener thread
[Thr 6916] JLaunchRequestFunc: Thread 6916 started as listener thread for np messages.
[Thr 4836] WaitSyncSemThread: Thread 4836 started as semaphore monitor thread.
[Thr 4660] NiInit3: NI already initialized; param 'maxHandles' ignored (1;202)
[Thr 4660] CPIC (version=700.2006.09.13)
[Thr 4660] [Node: server0] java home is set by profile parameter
*     Java Home: F:\java*
[Thr 4660] JStartupICheckFrameworkPackage: can't find framework package F:\usr\sap\BWD\DVEBMGS01\exe\jvmx.jar
JStartupIReadSection: read node properties [ID13786450]
-> node name          : server0
-> node type          : server
-> node execute       : yes
-> jlaunch parameters :
-> java path          : F:\java
-> java parameters    : -Djco.jarm=1 -XX:MaxPermSize=256M -XX:PermSize=256M -XX:NewSize=171M -XX:MaxNewSize=171M -XX:DisableExplicitGC -verbose:gc -Xloggc:GC.log -XX:PrintGCDetails -XX:+PrintGCTimeStamps -Djava.awt.headless=true -Dsun.io.useCanonCaches=false -XX:SoftRefLRUPolicyMSPerMB=1 -XX:SurvivorRatio=2 -XX:TargetSurvivorRatio=90 -Djava.security.policy=./java.policy -Djava.security.egd=file:/dev/urandom -Dorg.omg.CORBA.ORBClass=com.sap.engine.system.ORBProxy -Dorg.omg.CORBA.ORBSingletonClass=com.sap.engine.system.ORBSingletonProxy -Djavax.rmi.CORBA.PortableRemoteObjectClass=com.sap.engine.system.PortableRemoteObjectProxy -Dstartup.mode=SAFE -Dstartup.action=UPGRADE
-> java vm version    : 1.4.2_16-b05
-> java vm vendor     : Java HotSpot(TM) 64-Bit Server VM (Sun Microsystems Inc.)
-> java vm type       : server
-> java vm cpu        : amd64
-> heap size          : 1024M
-> init heap size     : 1024M
-> root path          : F:\usr\sap\BWD\DVEBMGS01\j2ee\cluster\server0
-> class path         : .\bin\boot\boot.jar;.\bin\boot\jaas.jar;.\bin\system\bytecode.jar;.
-> OS libs path       : F:\usr\sap\BWD\DVEBMGS01\j2ee\os_libs
-> main class         : com.sap.engine.boot.Start
-> framework class    : com.sap.bc.proj.jstartup.JStartupFramework
-> registr. class     : com.sap.bc.proj.jstartup.JStartupNatives
-> framework path     : F:\usr\sap\BWD\DVEBMGS01\exe\jstartup.jar;F:\usr\sap\BWD\DVEBMGS01\exe\jvmx.jar
-> shutdown class     : com.sap.engine.boot.Start
-> parameters         :
-> debuggable         : no
-> debug mode         : no
-> debug port         : 50121
-> shutdown timeout   : 120000
[Thr 4660] JLaunchISetDebugMode: set debug mode [no]
[Thr 6772] JLaunchIStartFunc: Thread 6772 started as Java VM thread.
[Thr 6772] [JHVM_PrepareVMOptions] use java parameters set by profile parameter
*     Java Parameters: -Xss2m*
JHVM_LoadJavaVM: VM Arguments of node [server0]
-> stack   : 1048576 Bytes
-> arg[ 0]: exit
-> arg[ 1]: abort
-> arg[ 2]: vfprintf
-> arg[ 3]: -Djco.jarm=1
-> arg[ 4]: -XX:MaxPermSize=256M
-> arg[ 5]: -XX:PermSize=256M
-> arg[ 6]: -XX:NewSize=171M
-> arg[ 7]: -XX:MaxNewSize=171M
-> arg[ 8]: -XX:+DisableExplicitGC
-> arg[ 9]: -verbose:gc
-> arg[ 10]: -Xloggc:GC.log
-> arg[ 11]: -XX:+PrintGCDetails
-> arg[ 12]: -XX:+PrintGCTimeStamps
-> arg[ 13]: -Djava.awt.headless=true
-> arg[ 14]: -Dsun.io.useCanonCaches=false
-> arg[ 15]: -XX:SoftRefLRUPolicyMSPerMB=1
-> arg[ 16]: -XX:SurvivorRatio=2
-> arg[ 17]: -XX:TargetSurvivorRatio=90
-> arg[ 18]: -Djava.security.policy=./java.policy
-> arg[ 19]: -Djava.security.egd=file:/dev/urandom
-> arg[ 20]: -Dorg.omg.CORBA.ORBClass=com.sap.engine.system.ORBProxy
-> arg[ 21]: -Dorg.omg.CORBA.ORBSingletonClass=com.sap.engine.system.ORBSingletonProxy
-> arg[ 22]: -Djavax.rmi.CORBA.PortableRemoteObjectClass=com.sap.engine.system.PortableRemoteObjectProxy
-> arg[ 23]: -Dstartup.mode=SAFE
-> arg[ 24]: -Dstartup.action=UPGRADE
-> arg[ 25]: -Dsys.global.dir=F:\usr\sap\BWD\SYS\global
-> arg[ 26]: -Dapplication.home=F:\usr\sap\BWD\DVEBMGS01\exe
-> arg[ 27]: -Djava.class.path=F:\usr\sap\BWD\DVEBMGS01\exe\jstartup.jar;F:\usr\sap\BWD\DVEBMGS01\exe\jvmx.jar;.\bin\boot\boot.jar;.\bin\boot\jaas.jar;.\bin\system\bytecode.jar;.
-> arg[ 28]: -Djava.library.path=F:\java\jre\bin\server;F:\java\jre\bin;F:\java\bin;F:\usr\sap\BWD\DVEBMGS01\j2ee\os_libs;C:\Perl\site\bin;C:\Perl\bin;C:\Program Files\HP\NCU;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;F:\java\bin;F:\usr\sap\BWD\SYS\exe\uc\NTAMD64
-> arg[ 29]: -Dmemory.manager=1024M
-> arg[ 30]: -Xmx1024M
-> arg[ 31]: -Xms1024M
-> arg[ 32]: -DLoadBalanceRestricted=no
-> arg[ 33]: -Djstartup.mode=JCONTROL
-> arg[ 34]: -Djstartup.ownProcessId=7296
-> arg[ 35]: -Djstartup.ownHardwareId=T1648851106
-> arg[ 36]: -Djstartup.whoami=server
-> arg[ 37]: -Djstartup.debuggable=no
-> arg[ 38]: -Xss2m
-> arg[ 39]: -DSAPINFO=BWD_01_server
-> arg[ 40]: -DSAPSTART=1
-> arg[ 41]: -DCONNECT_PORT=3227
-> arg[ 42]: -DSAPSYSTEM=01
-> arg[ 43]: -DSAPSYSTEMNAME=BWD
-> arg[ 44]: -DSAPMYNAME=WDBSSAPBWD01_BWD_01
-> arg[ 45]: -DSAPPROFILE=F:\usr\sap\BWD\SYS\profile\BWD_DVEBMGS01_WDBSSAPBWD01
-> arg[ 46]: -DFRFC_FALLBACK=ON
-> arg[ 47]: -DFRFC_FALLBACK_HOST=localhost
-> arg[ 48]: -DSAPSTARTUP=1
-> arg[ 49]: -DSAPSYSTEM=01
-> arg[ 50]: -DSAPSYSTEMNAME=BWD
-> arg[ 51]: -DSAPMYNAME=WDBSSAPBWD01_BWD_01
-> arg[ 52]: -DSAPDBHOST=WDBSSDBBWD01
-> arg[ 53]: -Dj2ee.dbhost=WDBSSDBBWD01
CompilerOracle: exclude com/sapportals/portal/pb/layout/taglib/ContainerTag addIviewResources
CompilerOracle: exclude com/sap/engine/services/keystore/impl/security/CodeBasedSecurityConnector getApplicationDomain
CompilerOracle: exclude com/sap/engine/services/rmi_p4/P4StubSkeletonGenerator generateStub
CompilerOracle: exclude com/sapportals/portal/prt/util/StringUtils escapeToJS
CompilerOracle: exclude com/sapportals/portal/prt/core/broker/PortalServiceItem startServices
CompilerOracle: exclude com/sap/engine/services/webservices/server/deploy/WSConfigurationHandler downloadFile
CompilerOracle: exclude com/sapportals/portal/prt/jndisupport/util/AbstractHierarchicalContext lookup
CompilerOracle: exclude com/sapportals/portal/navigation/cache/CacheNavigationNode getAttributeValue
CompilerOracle: exclude com/sapportals/portal/navigation/TopLevelNavigationiView PrintNode
CompilerOracle: exclude com/sapportals/wcm/service/ice/wcm/ICEPropertiesCoder encode
CompilerOracle: exclude com/sap/lcr/pers/delta/importing/ObjectLoader loadObjects
CompilerOracle: exclude com/sap/engine/services/webservices/jaxrpc/encoding/InstanceBuilder readElement
CompilerOracle: exclude com/sap/engine/services/webservices/jaxrpc/encoding/InstanceBuilder readSequence
CompilerOracle: exclude com/sap/engine/services/webservices/jaxrpc/encoding/TypeMappingImpl initializeRelations
CompilerOracle: exclude com/sap/engine/services/webservices/jaxrpc/encoding/GeneratedComplexType _loadInto
[Thr 6772] JHVM_LoadJavaVM: Java VM created OK.
JHVM_BuildArgumentList: main method arguments of node [server0]
[Thr 4752] Tue Jun 17 16:30:41 2008
[Thr 4752] JHVM_RegisterNatives: registering methods in com.sap.bc.krn.perf.PerfTimes
[Thr 4752] JHVM_RegisterNatives: registering methods in com.sap.bc.proj.jstartup.JStartupFramework
[Thr 4752] JLaunchISetClusterId: set cluster id 13786450
[Thr 4752] JLaunchISetState: change state from [Initial (0)] to [Waiting for start (1)]
[Thr 4752] JLaunchISetState: change state from [Waiting for start (1)] to [Starting (2)]
[Thr 7688] Tue Jun 17 16:30:52 2008
[Thr 7688] JLaunchIExitJava: exit hook is called (rc = -11113)
*[Thr 7688] ***********************************************************************
ERROR => The Java VM terminated with a non-zero exit code.*
Please see SAP Note 943602 , section 'J2EE Engine exit codes'*
for additional information and trouble shooting.*
[Thr 7688] JLaunchCloseProgram: good bye (exitcode = -11113)
trc file: "F:\usr\sap\BWD\DVEBMGS01\work\dev_server0", trc level: 1, release: "700"
node name   : ID13786450
pid         : 4560
system name : BWD
system nr. : 01
started at : Tue Jun 17 16:30:55 2008
arguments       :
*       arg[00] : F:\usr\sap\BWD\DVEBMGS01\exe\jlaunch.exe*
*       arg[01] : pf=F:\usr\sap\BWD\SYS\profile\BWD_DVEBMGS01_WDBSSAPBWD01*
*       arg[02] : -DSAPINFO=BWD_01_server*
*       arg[03] : pf=F:\usr\sap\BWD\SYS\profile\BWD_DVEBMGS01_WDBSSAPBWD01*
*       arg[04] : -DSAPSTART=1*
*       arg[05] : -DCONNECT_PORT=3227*
*       arg[06] : -DSAPSYSTEM=01*
*       arg[07] : -DSAPSYSTEMNAME=BWD*
*       arg[08] : -DSAPMYNAME=WDBSSAPBWD01_BWD_01*
*       arg[09] : -DSAPPROFILE=F:\usr\sap\BWD\SYS\profile\BWD_DVEBMGS01_WDBSSAPBWD01*
*       arg[10] : -DFRFC_FALLBACK=ON*
*       arg[11] : -DFRFC_FALLBACK_HOST=localhost*
[Thr 5300] Tue Jun 17 16:30:55 2008
*[Thr 5300] *** WARNING => INFO: Unknown property [instance.box.number=BWDDVEBMGS01wdbssapbwd01] [jstartxx.c   841]*
*[Thr 5300] *** WARNING => INFO: Unknown property [instance.en.host=WDBSSAPBWD01] [jstartxx.c   841]*
*[Thr 5300] *** WARNING => INFO: Unknown property [instance.en.port=3200] [jstartxx.c   841]*
*[Thr 5300] *** WARNING => INFO: Unknown property [instance.system.id=1] [jstartxx.c   841]*
JStartupReadInstanceProperties: read instance properties [F:\usr\sap\BWD\DVEBMGS01\j2ee\cluster\instance.properties]
-> ms host    : WDBSSAPBWD01
-> ms port    : 3900
-> OS libs    : F:\usr\sap\BWD\DVEBMGS01\j2ee\os_libs
-> Admin URL :
-> run mode   : safe
-> run action : UPGRADE
-> enabled    : yes
Used property files
-> files [00] : F:\usr\sap\BWD\DVEBMGS01\j2ee\cluster\instance.properties
Instance properties
-> ms host    : WDBSSAPBWD01
-> ms port    : 3900
-> os libs    : F:\usr\sap\BWD\DVEBMGS01\j2ee\os_libs
-> admin URL :
-> run mode   : safe
-> run action : UPGRADE
-> enabled    : yes
Bootstrap nodes
-> [00] bootstrap            : F:\usr\sap\BWD\DVEBMGS01\j2ee\cluster\instance.properties
-> [01] bootstrap_ID13786400 : F:\usr\sap\BWD\DVEBMGS01\j2ee\cluster\instance.properties
-> [02] bootstrap_ID13786450 : F:\usr\sap\BWD\DVEBMGS01\j2ee\cluster\instance.properties
Worker nodes
-> [00] ID13786400           : F:\usr\sap\BWD\DVEBMGS01\j2ee\cluster\instance.properties
-> [01] ID13786450           : F:\usr\sap\BWD\DVEBMGS01\j2ee\cluster\instance.properties
[Thr 5300] JLaunchRequestQueueInit: create named pipe for ipc
[Thr 5300] JLaunchRequestQueueInit: create pipe listener thread
[Thr 7140] JLaunchRequestFunc: Thread 7140 started as listener thread for np messages.
[Thr 6892] WaitSyncSemThread: Thread 6892 started as semaphore monitor thread.
[Thr 5300] NiInit3: NI already initialized; param 'maxHandles' ignored (1;202)
[Thr 5300] CPIC (version=700.2006.09.13)
[Thr 5300] [Node: server0] java home is set by profile parameter
*     Java Home: F:\java*
[Thr 5300] JStartupICheckFrameworkPackage: can't find framework package F:\usr\sap\BWD\DVEBMGS01\exe\jvmx.jar
JStartupIReadSection: read node properties [ID13786450]
-> node name          : server0
-> node type          : server
-> node execute       : yes
-> jlaunch parameters :
-> java path          : F:\java
-> java parameters    : -Djco.jarm=1 -XX:MaxPermSize=256M -XX:PermSize=256M -XX:NewSize=171M -XX:MaxNewSize=171M -XX:DisableExplicitGC -verbose:gc -Xloggc:GC.log -XX:PrintGCDetails -XX:+PrintGCTimeStamps -Djava.awt.headless=true -Dsun.io.useCanonCaches=false -XX:SoftRefLRUPolicyMSPerMB=1 -XX:SurvivorRatio=2 -XX:TargetSurvivorRatio=90 -Djava.security.policy=./java.policy -Djava.security.egd=file:/dev/urandom -Dorg.omg.CORBA.ORBClass=com.sap.engine.system.ORBProxy -Dorg.omg.CORBA.ORBSingletonClass=com.sap.engine.system.ORBSingletonProxy -Djavax.rmi.CORBA.PortableRemoteObjectClass=com.sap.engine.system.PortableRemoteObjectProxy -Dstartup.mode=SAFE -Dstartup.action=UPGRADE
-> java vm version    : 1.4.2_16-b05
-> java vm vendor     : Java HotSpot(TM) 64-Bit Server VM (Sun Microsystems Inc.)
-> java vm type       : server
-> java vm cpu        : amd64
-> heap size          : 1024M
-> init heap size     : 1024M
-> root path          : F:\usr\sap\BWD\DVEBMGS01\j2ee\cluster\server0
-> class path         : .\bin\boot\boot.jar;.\bin\boot\jaas.jar;.\bin\system\bytecode.jar;.
-> OS libs path       : F:\usr\sap\BWD\DVEBMGS01\j2ee\os_libs
-> main class         : com.sap.engine.boot.Start
-> framework class    : com.sap.bc.proj.jstartup.JStartupFramework
-> registr. class     : com.sap.bc.proj.jstartup.JStartupNatives
-> framework path     : F:\usr\sap\BWD\DVEBMGS01\exe\jstartup.jar;F:\usr\sap\BWD\DVEBMGS01\exe\jvmx.jar
-> shutdown class     : com.sap.engine.boot.Start
-> parameters         :
-> debuggable         : no
-> debug mode         : no
-> debug port         : 50121
-> shutdown timeout   : 120000
[Thr 5300] JLaunchISetDebugMode: set debug mode [no]
[Thr 6352] JLaunchIStartFunc: Thread 6352 started as Java VM thread.
[Thr 6352] [JHVM_PrepareVMOptions] use java parameters set by profile parameter
*     Java Parameters: -Xss2m*
JHVM_LoadJavaVM: VM Arguments of node [server0]
-> stack   : 1048576 Bytes
-> arg[ 0]: exit
-> arg[ 1]: abort
-> arg[ 2]: vfprintf
-> arg[ 3]: -Djco.jarm=1
-> arg[ 4]: -XX:MaxPermSize=256M
-> arg[ 5]: -XX:PermSize=256M
-> arg[ 6]: -XX:NewSize=171M
-> arg[ 7]: -XX:MaxNewSize=171M
-> arg[ 8]: -XX:+DisableExplicitGC
-> arg[ 9]: -verbose:gc
-> arg[ 10]: -Xloggc:GC.log
-> arg[ 11]: -XX:+PrintGCDetails
-> arg[ 12]: -XX:+PrintGCTimeStamps
-> arg[ 13]: -Djava.awt.headless=true
-> arg[ 14]: -Dsun.io.useCanonCaches=false
-> arg[ 15]: -XX:SoftRefLRUPolicyMSPerMB=1
-> arg[ 16]: -XX:SurvivorRatio=2
-> arg[ 17]: -XX:TargetSurvivorRatio=90
-> arg[ 18]: -Djava.security.policy=./java.policy
-> arg[ 19]: -Djava.security.egd=file:/dev/urandom
-> arg[ 20]: -Dorg.omg.CORBA.ORBClass=com.sap.engine.system.ORBProxy
-> arg[ 21]: -Dorg.omg.CORBA.ORBSingletonClass=com.sap.engine.system.ORBSingletonProxy
-> arg[ 22]: -Djavax.rmi.CORBA.PortableRemoteObjectClass=com.sap.engine.system.PortableRemoteObjectProxy
-> arg[ 23]: -Dstartup.mode=SAFE
-> arg[ 24]: -Dstartup.action=UPGRADE
-> arg[ 25]: -Dsys.global.dir=F:\usr\sap\BWD\SYS\global
-> arg[ 26]: -Dapplication.home=F:\usr\sap\BWD\DVEBMGS01\exe
-> arg[ 27]: -Djava.class.path=F:\usr\sap\BWD\DVEBMGS01\exe\jstartup.jar;F:\usr\sap\BWD\DVEBMGS01\exe\jvmx.jar;.\bin\boot\boot.jar;.\bin\boot\jaas.jar;.\bin\system\bytecode.jar;.
-> arg[ 28]: -Djava.library.path=F:\java\jre\bin\server;F:\java\jre\bin;F:\java\bin;F:\usr\sap\BWD\DVEBMGS01\j2ee\os_libs;C:\Perl\site\bin;C:\Perl\bin;C:\Program Files\HP\NCU;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;F:\java\bin;F:\usr\sap\BWD\SYS\exe\uc\NTAMD64
-> arg[ 29]: -Dmemory.manager=1024M
-> arg[ 30]: -Xmx1024M
-> arg[ 31]: -Xms1024M
-> arg[ 32]: -DLoadBalanceRestricted=no
-> arg[ 33]: -Djstartup.mode=JCONTROL
-> arg[ 34]: -Djstartup.ownProcessId=4560
-> arg[ 35]: -Djstartup.ownHardwareId=T1648851106
-> arg[ 36]: -Djstartup.whoami=server
-> arg[ 37]: -Djstartup.debuggable=no
-> arg[ 38]: -Xss2m
-> arg[ 39]: -DSAPINFO=BWD_01_server
-> arg[ 40]: -DSAPSTART=1
-> arg[ 41]: -DCONNECT_PORT=3227
-> arg[ 42]: -DSAPSYSTEM=01
-> arg[ 43]: -DSAPSYSTEMNAME=BWD
-> arg[ 44]: -DSAPMYNAME=WDBSSAPBWD01_BWD_01
-> arg[ 45]: -DSAPPROFILE=F:\usr\sap\BWD\SYS\profile\BWD_DVEBMGS01_WDBSSAPBWD01
-> arg[ 46]: -DFRFC_FALLBACK=ON
-> arg[ 47]: -DFRFC_FALLBACK_HOST=localhost
-> arg[ 48]: -DSAPSTARTUP=1
-> arg[ 49]: -DSAPSYSTEM=01
-> arg[ 50]: -DSAPSYSTEMNAME=BWD
-> arg[ 51]: -DSAPMYNAME=WDBSSAPBWD01_BWD_01
-> arg[ 52]: -DSAPDBHOST=WDBSSDBBWD01
-> arg[ 53]: -Dj2ee.dbhost=WDBSSDBBWD01
CompilerOracle: exclude com/sapportals/portal/pb/layout/taglib/ContainerTag addIviewResources
CompilerOracle: exclude com/sap/engine/services/keystore/impl/security/CodeBasedSecurityConnector getApplicationDomain
CompilerOracle: exclude com/sap/engine/services/rmi_p4/P4StubSkeletonGenerator generateStub
CompilerOracle: exclude com/sapportals/portal/prt/util/StringUtils escapeToJS
CompilerOracle: exclude com/sapportals/portal/prt/core/broker/PortalServiceItem startServices
CompilerOracle: exclude com/sap/engine/services/webservices/server/deploy/WSConfigurationHandler downloadFile
CompilerOracle: exclude com/sapportals/portal/prt/jndisupport/util/AbstractHierarchicalContext lookup
CompilerOracle: exclude com/sapportals/portal/navigation/cache/CacheNavigationNode getAttributeValue
CompilerOracle: exclude com/sapportals/portal/navigation/TopLevelNavigationiView PrintNode
CompilerOracle: exclude com/sapportals/wcm/service/ice/wcm/ICEPropertiesCoder encode
CompilerOracle: exclude com/sap/lcr/pers/delta/importing/ObjectLoader loadObjects
CompilerOracle: exclude com/sap/engine/services/webservices/jaxrpc/encoding/InstanceBuilder readElement
CompilerOracle: exclude com/sap/engine/services/webservices/jaxrpc/encoding/InstanceBuilder readSequence
CompilerOracle: exclude com/sap/engine/services/webservices/jaxrpc/encoding/TypeMappingImpl initializeRelations
CompilerOracle: exclude com/sap/engine/services/webservices/jaxrpc/encoding/GeneratedComplexType _loadInto
[Thr 6352] JHVM_LoadJavaVM: Java VM created OK.
JHVM_BuildArgumentList: main method arguments of node [server0]
[Thr 5836] Tue Jun 17 16:30:56 2008
[Thr 5836] JHVM_RegisterNatives: registering methods in com.sap.bc.krn.perf.PerfTimes
[Thr 5836] JHVM_RegisterNatives: registering methods in com.sap.bc.proj.jstartup.JStartupFramework
[Thr 5836] JLaunchISetClusterId: set cluster id 13786450
[Thr 5836] JLaunchISetState: change state from [Initial (0)] to [Waiting for start (1)]
[Thr 5836] JLaunchISetState: change state from [Waiting for start (1)] to [Starting (2)]
[Thr 6128] Tue Jun 17 16:31:06 2008
[Thr 6128] JLaunchIExitJava: exit hook is called (rc = -11113)
*[Thr 6128] ***********************************************************************
ERROR => The Java VM terminated with a non-zero exit code.*
Please see SAP Note 943602 , section 'J2EE Engine exit codes'*
for additional information and trouble shooting.*
[Thr 6128] JLaunchCloseProgram: good bye (exitcode = -11113)
trc file: "F:\usr\sap\BWD\DVEBMGS01\work\dev_server0", trc level: 1, release: "700"
node name   : ID13786450
pid         : 8152
system name : BWD
system nr. : 01
started at : Tue Jun 17 16:31:10 2008
arguments       :
*       arg[00] : F:\usr\sap\BWD\DVEBMGS01\exe\jlaunch.exe*
*       arg[01] : pf=F:\usr\sap\BWD\SYS\profile\BWD_DVEBMGS01_WDBSSAPBWD01*
*       arg[02] : -DSAPINFO=BWD_01_server*
*       arg[03] : pf=F:\usr\sap\BWD\SYS\profile\BWD_DVEBMGS01_WDBSSAPBWD01*
*       arg[04] : -DSAPSTART=1*
*       arg[05] : -DCONNECT_PORT=3227*
*       arg[06] : -DSAPSYSTEM=01*
*       arg[07] : -DSAPSYSTEMNAME=BWD*
*       arg[08] : -DSAPMYNAME=WDBSSAPBWD01_BWD_01*
*       arg[09] : -DSAPPROFILE=F:\usr\sap\BWD\SYS\profile\BWD_DVEBMGS01_WDBSSAPBWD01*
*       arg[10] : -DFRFC_FALLBACK=ON*
*       arg[11] : -DFRFC_FALLBACK_HOST=localhost*
[Thr 6468] Tue Jun 17 16:31:10 2008
*[Thr 6468] *** WARNING => INFO: Unknown property [instance.box.number=BWDDVEBMGS01wdbssapbwd01] [jstartxx.c   841]*
*[Thr 6468] *** WARNING => INFO: Unknown property [instance.en.host=WDBSSAPBWD01] [jstartxx.c   841]*
*[Thr 6468] *** WARNING => INFO: Unknown property [instance.en.port=3200] [jstartxx.c   841]*
*[Thr 6468] *** WARNING => INFO: Unknown property [instance.system.id=1] [jstartxx.c   841]*
JStartupReadInstanceProperties: read instance properties [F:\usr\sap\BWD\DVEBMGS01\j2ee\cluster\instance.properties]
-> ms host    : WDBSSAPBWD01
-> ms port    : 3900
-> OS libs    : F:\usr\sap\BWD\DVEBMGS01\j2ee\os_libs
-> Admin URL :
-> run mode   : safe
-> run action : UPGRADE
-> enabled    : yes
Used property files
-> files [00] : F:\usr\sap\BWD\DVEBMGS01\j2ee\cluster\instance.properties
Instance properties
-> ms host    : WDBSSAPBWD01
-> ms port    : 3900
-> os libs    : F:\usr\sap\BWD\DVEBMGS01\j2ee\os_libs
-> admin URL :
-> run mode   : safe
-> run action : UPGRADE
-> enabled    : yes
Bootstrap nodes
-> [00] bootstrap            : F:\usr\sap\BWD\DVEBMGS01\j2ee\cluster\instance.properties
-> [01] bootstrap_ID13786400 : F:\usr\sap\BWD\DVEBMGS01\j2ee\cluster\instance.properties
-> [02] bootstrap_ID13786450 : F:\usr\sap\BWD\DVEBMGS01\j2ee\cluster\instance.properties
Worker nodes
-> [00] ID13786400           : F:\usr\sap\BWD\DVEBMGS01\j2ee\cluster\instance.properties
-> [01] ID13786450           : F:\usr\sap\BWD\DVEBMGS01\j2ee\cluster\instance.properties
[Thr 6468] JLaunchRequestQueueInit: create named pipe for ipc
[Thr 6468] JLaunchRequestQueueInit: create pipe listener thread
[Thr 7576] JLaunchRequestFunc: Thread 7576 started as listener thread for np messages.
[Thr 7312] WaitSyncSemThread: Thread 7312 started as semaphore monitor thread.
[Thr 6468] NiInit3: NI already initialized; param 'maxHandles' ignored (1;202)
[Thr 6468] CPIC (version=700.2006.09.13)
[Thr 6468] [Node: server0] java home is set by profile parameter
*     Java Home: F:\java*
[Thr 6468] JStartupICheckFrameworkPackage: can't find framework package F:\usr\sap\BWD\DVEBMGS01\exe\jvmx.jar
JStartupIReadSection: read node properties [ID13786450]
-> node name          : server0
-> node type          : server
-> node execute       : yes
-> jlaunch parameters :
-> java path          : F:\java
-> java parameters    : -Djco.jarm=1 -XX:MaxPermSize=256M -XX:PermSize=256M -XX:NewSize=171M -XX:MaxNewSize=171M -XX:DisableExplicitGC -verbose:gc -Xloggc:GC.log -XX:PrintGCDetails -XX:+PrintGCTimeStamps -Djava.awt.headless=true -Dsun.io.useCanonCaches=false -XX:SoftRefLRUPolicyMSPerMB=1 -XX:SurvivorRatio=2 -XX:TargetSurvivorRatio=90 -Djava.security.policy=./java.policy -Djava.security.egd=file:/dev/urandom -Dorg.omg.CORBA.ORBClass=com.sap.engine.system.ORBProxy -Dorg.omg.CORBA.ORBSingletonClass=com.sap.engine.system.ORBSingletonProxy -Djavax.rmi.CORBA.PortableRemoteObjectClass=com.sap.engine.system.PortableRemoteObjectProxy -Dstartup.mode=SAFE -Dstartup.action=UPGRADE
-> java vm version    : 1.4.2_16-b05
-> java vm vendor     : Java HotSpot(TM) 64-Bit Server VM (Sun Microsystems Inc.)
-> java vm type       : server
-> java vm cpu        : amd64
-> heap size          : 1024M
-> init heap size     : 1024M
-> root path          : F:\usr\sap\BWD\DVEBMGS01\j2ee\cluster\server0
-> class path         : .\bin\boot\boot.jar;.\bin\boot\jaas.jar;.\bin\system\bytecode.jar;.
-> OS libs path       : F:\usr\sap\BWD\DVEBMGS01\j2ee\os_libs
-> main class         : com.sap.engine.boot.Start
-> framework class    : com.sap.bc.proj.jstartup.JStartupFramework
-> registr. class     : com.sap.bc.proj.jstartup.JStartupNatives
-> framework path     : F:\usr\sap\BWD\DVEBMGS01\exe\jstartup.jar;F:\usr\sap\BWD\DVEBMGS01\exe\jvmx.jar
-> shutdown class     : com.sap.engine.boot.Start
-> parameters         :
-> debuggable         : no
-> debug mode         : no
-> debug port         : 50121
-> shutdown timeout   : 120000
[Thr 6468] JLaunchISetDebugMode: set debug mode [no]
[Thr 7456] JLaunchIStartFunc: Thread 7456 started as Java VM thread.
[Thr 7456] [JHVM_PrepareVMOptions] use java parameters set by profile parameter
*     Java Parameters: -Xss2m*
JHVM_LoadJavaVM: VM Arguments of node [server0]
-> stack   : 1048576 Bytes
-> arg[ 0]: exit
-> arg[ 1]: abort
-> arg[ 2]: vfprintf
-> arg[ 3]: -Djco.jarm=1
-> arg[ 4]: -XX:MaxPermSize=256M
-> arg[ 5]: -XX:PermSize=256M
-> arg[ 6]: -XX:NewSize=171M
-> arg[ 7]: -XX:MaxNewSize=171M
-> arg[ 8]: -XX:+DisableExplicitGC
-> arg[ 9]: -verbose:gc
-> arg[ 10]: -Xloggc:GC.log
-> arg[ 11]: -XX:+PrintGCDetails
-> arg[ 12]: -XX:+PrintGCTimeStamps
-> arg[ 13]: -Djava.awt.headless=true
-> arg[ 14]: -Dsun.io.useCanonCaches=false
-> arg[ 15]: -XX:SoftRefLRUPolicyMSPerMB=1
-> arg[ 16]: -XX:SurvivorRatio=2
-> arg[ 17]: -XX:TargetSurvivorRatio=90
-> arg[ 18]: -Djava.security.policy=./java.policy
-> arg[ 19]: -Djava.security.egd=file:/dev/urandom
-> arg[ 20]: -Dorg.omg.CORBA.ORBClass=com.sap.engine.system.ORBProxy
-> arg[ 21]: -Dorg.omg.CORBA.ORBSingletonClass=com.sap.engine.system.ORBSingletonProxy
-> arg[ 22]: -Djavax.rmi.CORBA.PortableRemoteObjectClass=com.sap.engine.system.PortableRemoteObjectProxy
-> arg[ 23]: -Dstartup.mode=SAFE
-> arg[ 24]: -Dstartup.action=UPGRADE
-> arg[ 25]: -Dsys.global.dir=F:\usr\sap\BWD\SYS\global
-> arg[ 26]: -Dapplication.home=F:\usr\sap\BWD\DVEBMGS01\exe
-> arg[ 27]: -Djava.class.path=F:\usr\sap\BWD\DVEBMGS01\exe\jstartup.jar;F:\usr\sap\BWD\DVEBMGS01\exe\jvmx.jar;.\bin\boot\boot.jar;.\bin\boot\jaas.jar;.\bin\system\bytecode.jar;.
-> arg[ 28]: -Djava.library.path=F:\java\jre\bin\server;F:\java\jre\bin;F:\java\bin;F:\usr\sap\BWD\DVEBMGS01\j2ee\os_libs;C:\Perl\site\bin;C:\Perl\bin;C:\Program Files\HP\NCU;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;F:\java\bin;F:\usr\sap\BWD\SYS\exe\uc\NTAMD64
-> arg[ 29]: -Dmemory.manager=1024M
-> arg[ 30]: -Xmx1024M
-> arg[ 31]: -Xms1024M
-> arg[ 32]: -DLoadBalanceRestricted=no
-> arg[ 33]: -Djstartup.mode=JCONTROL
-> arg[ 34]: -Djstartup.ownProcessId=8152
-> arg[ 35]: -Djstartup.ownHardwareId=T1648851106
-> arg[ 36]: -Djstartup.whoami=server
-> arg[ 37]: -Djstartup.debuggable=no
-> arg[ 38]: -Xss2m
-> arg[ 39]: -DSAPINFO=BWD_01_server
-> arg[ 40]: -DSAPSTART=1
-> arg[ 41]: -DCONNECT_PORT=3227
-> arg[ 42]: -DSAPSYSTEM=01
-> arg[ 43]: -DSAPSYSTEMNAME=BWD
-> arg[ 44]: -DSAPMYNAME=WDBSSAPBWD01_BWD_01
-> arg[ 45]: -DSAPPROFILE=F:\usr\sap\BWD\SYS\profile\BWD_DVEBMGS01_WDBSSAPBWD01
-> arg[ 46]: -DFRFC_FALLBACK=ON
-> arg[ 47]: -DFRFC_FALLBACK_HOST=localhost
-> arg[ 48]: -DSAPSTARTUP=1
-> arg[ 49]: -DSAPSYSTEM=01
-> arg[ 50]: -DSAPSYSTEMNAME=BWD
-> arg[ 51]: -DSAPMYNAME=WDBSSAPBWD01_BWD_01
-> arg[ 52]: -DSAPDBHOST=WDBSSDBBWD01
-> arg[ 53]: -Dj2ee.dbhost=WDBSSDBBWD01
CompilerOracle: exclude com/sapportals/portal/pb/layout/taglib/ContainerTag addIviewResources
CompilerOracle: exclude com/sap/engine/services/keystore/impl/security/CodeBasedSecurityConnector getApplicationDomain
CompilerOracle: exclude com/sap/engine/services/rmi_p4/P4StubSkeletonGenerator generateStub
CompilerOracle: exclude com/sapportals/portal/prt/util/StringUtils escapeToJS
CompilerOracle: exclude com/sapportals/portal/prt/core/broker/PortalServiceItem startServices
CompilerOracle: exclude com/sap/engine/services/webservices/server/deploy/WSConfigurationHandler downloadFile
CompilerOracle: exclude com/sapportals/portal/prt/jndisupport/util/AbstractHierarchicalContext lookup
CompilerOracle: exclude com/sapportals/portal/navigation/cache/CacheNavigationNode getAttributeValue
CompilerOracle: exclude com/sapportals/portal/navigation/TopLevelNavigationiView PrintNode
CompilerOracle: exclude com/sapportals/wcm/service/ice/wcm/ICEPropertiesCoder encode
CompilerOracle: exclude com/sap/lcr/pers/delta/importing/ObjectLoader loadObjects
CompilerOracle: exclude com/sap/engine/services/webservices/jaxrpc/encoding/InstanceBuilder readElement
CompilerOracle: exclude com/sap/engine/services/webservices/jaxrpc/encoding/InstanceBuilder readSequence
CompilerOracle: exclude com/sap/engine/services/webservices/jaxrpc/encoding/TypeMappingImpl initializeRelations
CompilerOracle: exclude com/sap/engine/services/webservices/jaxrpc/encoding/GeneratedComplexType _loadInto
[Thr 7456] JHVM_LoadJavaVM: Java VM created OK.
JHVM_BuildArgumentList: main method arguments of node [server0]
[Thr 7648] Tue Jun 17 16:31:11 2008
[Thr 7648] JHVM_RegisterNatives: registering methods in com.sap.bc.krn.perf.PerfTimes
[Thr 7648] JHVM_RegisterNatives: registering methods in com.sap.bc.proj.jstartup.JStartupFramework
[Thr 7648] JLaunchISetClusterId: set cluster id 13786450
[Thr 7648] JLaunchISetState: change state from [Initial (0)] to [Waiting for start (1)]
[Thr 7648] JLaunchISetState: change state from [Waiting for start (1)] to [Starting (2)]
[Thr 7432] Tue Jun 17 16:31:21 2008
[Thr 7432] JLaunchIExitJava: exit hook is called (rc = -11113)
*[Thr 7432] ***********************************************************************
ERROR => The Java VM terminated with a non-zero exit code.*
Please see SAP Note 943602 , section 'J2EE Engine exit codes'*
for additional information and trouble shooting.*
[Thr 7432] JLaunchCloseProgram: good bye (exitcode = -11113)
trc file: "F:\usr\sap\BWD\DVEBMGS01\work\dev_server0", trc level: 1, release: "700"
node name   : ID13786450
pid         : 7280
system name : BWD
system nr. : 01
started at : Tue Jun 17 16:31:25 2008
arguments       :
*       arg[00] : F:\usr\sap\BWD\DVEBMGS01\exe\jlaunch.exe*
*       arg[01] : pf=F:\usr\sap\BWD\SYS\profile\BWD_DVEBMGS01_WDBSSAPBWD01*
*       arg[02] : -DSAPINFO=BWD_01_server*
*       arg[03] : pf=F:\usr\sap\BWD\SYS\profile\BWD_DVEBMGS01_WDBSSAPBWD01*
*       arg[04] : -DSAPSTART=1*
*       arg[05] : -DCONNECT_PORT=3227*
*       arg[06] : -DSAPSYSTEM=01*
*       arg[07] : -DSAPSYSTEMNAME=BWD*
*       arg[08] : -DSAPMYNAME=WDBSSAPBWD01_BWD_01*
*       arg[09] : -DSAPPROFILE=F:\usr\sap\BWD\SYS\profile\BWD_DVEBMGS01_WDBSSAPBWD01*
*       arg[10] : -DFRFC_FALLBACK=ON*
*       arg[11] : -DFRFC_FALLBACK_HOST=localhost*
[Thr 5400] Tue Jun 17 16:31:25 2008
*[Thr 5400] *** WARNING => INFO: Unknown property [instance.box.number=BWDDVEBMGS01wdbssapbwd01] [jstartxx.c   841]*
*[Thr 5400] *** WARNING => INFO: Unknown property [instance.en.host=WDBSSAPBWD01] [jstartxx.c   841]*
*[Thr 5400] *** WARNING => INFO: Unknown property [instance.en.port=3200] [jstartxx.c   841]*
*[Thr 5400] *** WARNING => INFO: Unknown property [instance.system.id=1] [jstartxx.c   841]*
JStartupReadInstanceProperties: read instance properties [F:\usr\sap\BWD\DVEBMGS01\j2ee\cluster\instance.properties]
-> ms host    : WDBSSAPBWD01
-> ms port    : 3900
-> OS libs    : F:\usr\sap\BWD\DVEBMGS01\j2ee\os_libs
-> Admin URL :
-> run mode   : safe
-> run action : UPGRADE
-> enabled    : yes
Used property files
-> files [00] : F:\usr\sap\BWD\DVEBMGS01\j2ee\cluster\instance.properties
Instance properties
-> ms host    : WDBSSAPBWD01
-> ms port    : 3900
-> os libs    : F:\usr\sap\BWD\DVEBMGS01\j2ee\os_libs
-> admin URL :
-> run mode   : safe
-> run action : UPGRADE
-> enabled    : yes
Bootstrap nodes
-> [00] bootstrap            : F:\usr\sap\BWD\DVEBMGS01\j2ee\cluster\instance.properties
-> [01] bootstrap_ID13786400 : F:\usr\sap\BWD\DVEBMGS01\j2ee\cluster\instance.properties
-> [02] bootstrap_ID13786450 : F:\usr\sap\BWD\DVEBMGS01\j2ee\cluster\instance.properties
Worker nodes
-> [00] ID13786400           : F:\usr\sap\BWD\DVEBMGS01\j2ee\cluster\instance.properties
-> [01] ID13786450           : F:\usr\sap\BWD\DVEBMGS01\j2ee\cluster\instance.properties
[Thr 5400] JLaunchRequestQueueInit: create named pipe for ipc
[Thr 5400] JLaunchRequestQueueInit: create pipe listener thread
[Thr 4264] WaitSyncSemThread: Thread 4264 started as semaphore monitor thread.
[Thr 4488] JLaunchRequestFunc: Thread 4488 started as listener thread for np messages.
[Thr 5400] NiInit3: NI already initialized; param 'maxHandles' ignored (1;202)
[Thr 5400] CPIC (version=700.2006.09.13)
[Thr 5400] [Node: server0] java home is set by profile parameter
*     Java Home: F:\java*
[Thr 5400] JStartupICheckFrameworkPackage: can't find framework package F:\usr\sap\BWD\DVEBMGS01\exe\jvmx.jar
JStartupIReadSection: read node properties [ID13786450]
-> node name          : server0
-> node type          : server
-> node execute       : yes
-> jlaunch parameters :
-> java path          : F:\java
-> java parameters    : -Djco.jarm=1 -XX:MaxPermSize=256M -XX:PermSize=256M -XX:NewSize=171M -XX:MaxNewSize=171M -XX:DisableExplicitGC -verbose:gc -Xloggc:GC.log -XX:PrintGCDetails -XX:+PrintGCTimeStamps -Djava.awt.headless=true -Dsun.io.useCanonCaches=false -XX:SoftRefLRUPolicyMSPerMB=1 -XX:SurvivorRatio=2 -XX:TargetSurvivorRatio=90 -Djava.security.policy=./java.policy -Djava.security.egd=file:/dev/urandom -Dorg.omg.CORBA.ORBClass=com.sap.engine.system.ORBProxy -Dorg.omg.CORBA.ORBSingletonClass=com.sap.engine.system.ORBSingletonProxy -Djavax.rmi.CORBA.PortableRemoteObjectClass=com.sap.engine.system.PortableRemoteObjectProxy -Dstartup.mode=SAFE -Dstartup.action=UPGRADE
-> java vm version    : 1.4.2_16-b05
-> java vm vendor     : Java HotSpot(TM) 64-Bit Server VM (Sun Microsystems Inc.)
-> java vm type       : server
-> java vm cpu        : amd64
-> heap size          : 1024M
-> init heap size     : 1024M
-> root path          : F:\usr\sap\BWD\DVEBMGS01\j2ee\cluster\server0
-> class path         : .\bin\boot\boot.jar;.\bin\boot\jaas.jar;.\bin\system\bytecode.jar;.
-> OS libs path       : F:\usr\sap\BWD\DVEBMGS01\j2ee\os_libs
-> main class         : com.sap.engine.boot.Start
-> framework class    : com.sap.bc.proj.jstartup.JStartupFramework
-> registr. class     : com.sap.bc.proj.jstartup.JStartupNatives
-> framework path     : F:\usr\sap\BWD\DVEBMGS01\exe\jstartup.jar;F:\usr\sap\BWD\DVEBMGS01\exe\jvmx.jar
-> shutdown class     : com.sap.engine.boot.Start
-> parameters         :
-> debuggable         : no
-> debug mode         : no
-> debug port         : 50121
-> shutdown timeout   : 120000
[Thr 5400] JLaunchISetDebugMode: set debug mode [no]
[Thr 4872] JLaunchIStartFunc: Thread 4872 started as Java VM thread.
[Thr 4872] [JHVM_PrepareVMOptions] use java parameters set by profile parameter
*     Java Parameters: -Xss2m*
JHVM_LoadJavaVM: VM Arguments of node [server0]
-> stack   : 1048576 Bytes
-> arg[ 0]: exit
-> arg[ 1]: abort
-> arg[ 2]: vfprintf
-> arg[ 3]: -Djco.jarm=1
-> arg[ 4]: -XX:MaxPermSize=256M
-> arg[ 5]: -XX:PermSize=256M
-> arg[ 6]: -XX:NewSize=171M
-> arg[ 7]: -XX:MaxNewSize=171M
-> arg[ 8]: -XX:+DisableExplicitGC
-> arg[ 9]: -verbose:gc
-> arg[ 10]: -Xloggc:GC.log
-> arg[ 11]: -XX:+PrintGCDetails
-> arg[ 12]: -XX:+PrintGCTimeStamps
-> arg[ 13]: -Djava.awt.headless=true
-> arg[ 14]: -Dsun.io.useCanonCaches=false
-> arg[ 15]: -XX:SoftRefLRUPolicyMSPerMB=1
-> arg[ 16]: -XX:SurvivorRatio=2
-> arg[ 17]: -XX:TargetSurvivorRatio=90
-> arg[ 18]: -Djava.security.policy=./java.policy
-> arg[ 19]: -Djava.security.egd=file:/dev/urandom
-> arg[ 20]: -Dorg.omg.CORBA.ORBClass=com.sap.engine.system.ORBProxy
-> arg[ 21]: -Dorg.omg.CORBA.ORBSingletonClass=com.sap.engine.system.ORBSingletonProxy
-> arg[ 22]: -Djavax.rmi.CORBA.PortableRemoteObjectClass=com.sap.engine.system.PortableRemoteObjectProxy
-> arg[ 23]: -Dstartup.mode=SAFE
-> arg[ 24]: -Dstartup.action=UPGRADE
-> arg[ 25]: -Dsys.global.dir=F:\usr\sap\BWD\SYS\global
-> arg[ 26]: -Dapplication.home=F:\usr\sap\BWD\DVEBMGS01\exe
-> arg[ 27]: -Djava.class.path=F:\usr\sap\BWD\DVEBMGS01\exe\jstartup.jar;F:\usr\sap\BWD\DVEBMGS01\exe\jvmx.jar;.\bin\boot\boot.jar;.\bin\boot\jaas.jar;.\bin\system\bytecode.jar;.
-> arg[ 28]: -Djava.library.path=F:\java\jre\bin\server;F:\java\jre\bin;F:\java\bin;F:\usr\sap\BWD\DVEBMGS01\j2ee\os_libs;C:\Perl\site\bin;C:\Perl\bin;C:\Program Files\HP\NCU;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;F:\java\bin;F:\usr\sap\BWD\SYS\exe\uc\NTAMD64
-> arg[ 29]: -Dmemory.manager=1024M
-> arg[ 30]: -Xmx1024M
-> arg[ 31]: -Xms1024M
-> arg[ 32]: -DLoadBalanceRestricted=no
-> arg[ 33]: -Djstartup.mode=JCONTROL
-> arg[ 34]: -Djstartup.ownProcessId=7280

We installed teh objects through SDM .
this solved the issue

JAAS ,SSO and OC4J

Hi ,
Earlier , We were connecting our application as partner applications in portal for SSO authentication. We used SSO sdk for diverting requests to SSO. I was reading some literature and it seems oracle is supporting connecting to SSO from JAAS provider. Can i get a documentation for 10G JAAS (With details on how to connect to SSO).
questions
1. Is JAAS just replacement of SSO sdk and we still need to define partner applications?
2.Do I need to configure mod_osso ? and then JAAS will give user details . (I don't need to define partner application.)
thanks
Simar

I do believe there is a logout URL that you need to set. When the user logs out of the application, they also need to be redirected to the logout URL. This is covered in the Oracle Application Server Single Sign-On Application Developer's Guide
From the doc:
Security Issues: Single Sign-Off and Application Logout
If you build custom applications using OracleAS release 9.0.4, note the following: when global logout, or single sign-off, is invoked, only the single sign-on and mod_osso cookies are cleared. This means that an OracleAS application must be coded to store single sign-on user and realm names in either the OC4J session or in the application session. The application must then compare these values to those passed by mod_osso. If a match occurs, the application must show personalized content. If no match occurs, which means that the mod_osso cookie is absent, the application must clear the application session and force the user to log in.
They also have a code example:
Application Logout: Recommended Code
Most applications that authenticate users have a logout link. In a single-sign-on-enabled application, the user invokes the dynamic directive for logout in addition to other code in the logout handler of the application. Invoking the logout directive initiates single sign-off, or global logout. The example that follows shows what single sign-off code should look like in Java.
// Clear application session, if any
String l_return_url := return url to your application e.g. home page
response.setHeader( "Osso-Return-Url", l_return_url);
response.sendError( 470, "Oracle SSO" );

Using JAAS for third-party webapp

I'm developing a webapp that will be marketed to enterprise customers. Right now, it handles its own authentication by validating the userid/password against its own user table. I'd like to give customers the ability to plug in whatever type of authentication they want, for example, one that authenticates a user against an Active Directory domain.
It seems like JAAS was expressly designed for this purpose, but as I read up on it, I forsee all sorts of problems that could be caused by it. If I'm missing something, I'm hoping someone here can set me straight.
According to the docs, when an app creates a LoginContext and provides it with CallbackHandlers, the LoginContext will check the Configuration to see if any LoginModules are configured for the app (based on the name parameter passed into the LoginContext). If it doesn't find one, it will look for a set of LoginModules for "other".
Here's the behavior I would like: If there is no set of LoginModules configured specifically for my app, I do NOT want the LoginModule(s) for "other" used, since I have no clue what it/they will be. Instead, I would like to my code to be gracefully notified that no LoginModules are configured, so it can default back to its own authentication mechanism. From the looks of the API docs, however, there doesn't seem to be any surefire way to tell why a LoginException has thrown.
I thought I might be able to check programattically to see if there's a LoginModule configured for my webapp with Configuration.getConfiguration().getAppConfigurationEntry(appName), but, 1) it looks like that will probably throw a SecurityException, and 2) it also looks like it would return the AppConfigurationEntries for "other" in the event there's no entry for my app.
It's important that my app not require the appserver administrator to explicitly configure a LoginModule for it, since that could turn into a support nightmare; I simply want to give powerusers the ability to do so if they choose to.
Is it possible to get the behavior I want from JAAS, without a lot of contortions and workarounds? As I said, I may be missing something, but it doesn't seem like I can.

This is from the javadocs
public LoginContext(String name)
throws LoginException
Initialize the new LoginContext object with a name.
LoginContext uses the specified name as the index
into the Configuration to determine which
LoginModules should be used. If the provided name
does not match any in the Configuration, then the
LoginContext uses the default Configuration entry,
"other". If there is no Configuration entry for
"other", then a LoginException is thrown.
Throws:
LoginException - if the specified name does not
appear in the Configuration and there is no
Configuration entry for "other", or if the
auth.login.defaultCallbackHandler security property
was set, but the implementation class could not be
loaded.
The or condition here could be ignored because you
wouldnt be using CallbackHandlers or even if you are
using them, you could ensure that the classes are
'loadable'.The problem is, that LoginException is going to be called for anything that goes wrong inside a LoginContext. If there is an "other" LoginModule set, but it doesn't recognize my user's name and password, then it will throw a FailedLoginException. How is my code supposed to know that the user's name/password will never be accepted by that LoginModule?
>
2.
An alternative would be to provide your own
own implementation of the abstract class
javax.security.auth.login.Configuration overriding
the default implementation provided by Sun. Remember, this is a third-party webapp running in an appserver with other webapps from different providers. It has to use whatever Configuration is already there.
This is
the same technique if you wish to provide the login
module information in any other location than a text
file (as is required by the default implementation)
You could then throw specific custom exceptions
ons from your implementation code and choose to
handle it in the manner you desire.Even if I could do that, which I can't, as I explained, I have to keep this SIMPLE for customers who might not be very knowledgeable in the more esoteric aspects of J2EE and Java.

JAAS in Java StoredProcedures: How to set up LoginModule

Hi,
has anyone tried to use JAAS in a Java StoredProcedure on Oracle9i?
I couldn't find out how to set up the JVM to find the login configuration. Here the error I get, whenn I run the StoredProcedure:
ORA-29532: Java call terminated by uncaught Java exception: java.lang.SecurityException: Unable to locate a login configuration
Here is what I did so far:
1. copy jaas.jar into the $JAVA_HOME/lib/ext directory
2. add to $JAVA_HOME/lib/security/java.security
login.config.url.1=file:C:/my_jaas.config
3. provide configuration file my_jaas.config
Test {
auth.MyLoginModule required debug=true;
4. loadjava for jaas.jar (TEST schema)
5. setup of the database security:
dbms_java.grant_policy_permission( 'JAVA_ADMIN', 'TEST', 'javax.security.auth.AuthPermission', '*' );
dbms_java.grant_permission( 'TEST', 'TEST:javax.security.auth.AuthPermission', 'createLoginContext', null );
dbms_java.grant_permission( 'TEST', 'TEST:javax.security.auth.AuthPermission', 'getLoginConfiguration', null );
dbms_java.grant_permission( 'TEST', 'SYS:java.security.SecurityPermission', '*', null );
6. loadjava for the StoredProcedure (TEST schema)
LoginContext lc = new LoginContext( "Test", new TestCallbackHandler() );
lc.login();
How can I tell the database where to look for the login configuration. Am I missing something here?
Thanks for any help
Regards,
Christian

Hi,
has anyone tried to use JAAS in a Java StoredProcedure on Oracle9i?
I couldn't find out how to set up the JVM to find the login configuration. Here the error I get, whenn I run the StoredProcedure:
ORA-29532: Java call terminated by uncaught Java exception: java.lang.SecurityException: Unable to locate a login configuration
Here is what I did so far:
1. copy jaas.jar into the $JAVA_HOME/lib/ext directory
2. add to $JAVA_HOME/lib/security/java.security
login.config.url.1=file:C:/my_jaas.config
3. provide configuration file my_jaas.config
Test {
auth.MyLoginModule required debug=true;
4. loadjava for jaas.jar (TEST schema)
5. setup of the database security:
dbms_java.grant_policy_permission( 'JAVA_ADMIN', 'TEST', 'javax.security.auth.AuthPermission', '*' );
dbms_java.grant_permission( 'TEST', 'TEST:javax.security.auth.AuthPermission', 'createLoginContext', null );
dbms_java.grant_permission( 'TEST', 'TEST:javax.security.auth.AuthPermission', 'getLoginConfiguration', null );
dbms_java.grant_permission( 'TEST', 'SYS:java.security.SecurityPermission', '*', null );
6. loadjava for the StoredProcedure (TEST schema)
LoginContext lc = new LoginContext( "Test", new TestCallbackHandler() );
lc.login();
How can I tell the database where to look for the login configuration. Am I missing something here?
Thanks for any help
Regards,
Christian Hi, this is not supported yet - although some guys, on the forum, successfully implements JSSE but i am not allowed to disclose how they did it.
we hope to provide formal support for JAAS, JSSE and JCE in upcoming major database release
Kuassi

Oracle ADF security integration with Oracle E-Business Suite SDK JAAS

I have an Oracle ADF 11.1.2.2 application that is using ADF security for authentication and authorization.
When we deploy this application to our JDeveloper integrated weblogic server, we utilize the security setting of "Custom" and use weblogic users and roles to map to the ADF application roles. In that environment our security is working properly.
I have a Weblogic 10.3.5 standalone server that has the ADF runtime installed as well as the Oracle E-Business Suite SDK JAAS implementation installed.
When I deploy the Oracle ADF application to the standalone weblogic server, I am directed to the JAAS login page when I attempt to access any JSF page (including those that I have granted View access through the anonymous-role. Does the Oracle ADF anonymous-role work (allow for anonymous page access) when JAAS security is handled by the Oracle E-Business Suite SDK JAAS implementation?
Per the SDK instructions, when we install the Oracle ADF deployment on Weblogic we have selected "DD only" for our security setting. We have defined enterprise roles in the Oracle ADF security setup (jazn-data.xml) that are assigned the appropriate application roles. Those enterprise roles have the same name (i.e. UMX|YOURROLE) as the E-Business Suite roles that are assigned to our test users. When we login with an E-Business Suite user / password we are receiving an error:
Error 401--Unauthorized
From RFC 2068 Hypertext Transfer Protocol -- HTTP/1.1:
10.4.2 401 Unauthorized
Any thoughts on why that would be?
Thanks
Dan

Thanks Juan.
With the debugging options enabled it appears the issue is not an issue with the user / role credentials - it seems like the resource grants from jazn-data.xml are not being reviewed in my standalone weblogic instance EAR deployment:
[JpsAuth] Check Permission
PolicyContext: [TestApp]
Resource/Target: [untitled1PageDef]
Action: [view]
Permission Class: [oracle.adf.share.security.authorization.RegionPermission]
Result: [FAILED]
Evaluator: [ACC]
Failed ProtectionDomain:ClassLoader=sun.misc.Launcher$AppClassLoader@13f5d07
CodeSource=file:/app/oracle/product/Middleware/oracle_common/modules/oracle.adf.share_11.1.1/adf-share-support.jar
Principals=total 2 of principals(
1. JpsPrincipal: oracle.security.jps.internal.core.principals.JpsAnonymousUserImpl "anonymous" GUID=null DN=null
2. JpsPrincipal: oracle.security.jps.internal.core.principals.JpsAnonymousRoleImpl "anonymous-role" GUID=null DN=null)
When I access the same page from my integrated weblogic server I see:
[JpsAuth] Check Permission
PolicyContext: [TestApp]
Resource/Target: [untitled1PageDef]
Action: [view]
Permission Class: [oracle.adf.share.security.authorization.RegionPermission]
Result: [FAILED]
Evaluator: [ACC]
Failed ProtectionDomain:ClassLoader=sun.misc.Launcher$AppClassLoader@13f5d07
CodeSource=file:/app/oracle/product/Middleware/oracle_common/modules/oracle.adf.share_11.1.1/adf-share-support.jar
Principals=total 2 of principals(
1. JpsPrincipal: oracle.security.jps.internal.core.principals.JpsAnonymousUserImpl "anonymous" GUID=null DN=null
2. JpsPrincipal: oracle.security.jps.internal.core.principals.JpsAnonymousRoleImpl "anonymous-role" GUID=null DN=null)
When I review my EAR - I do see jazn-data.xml at:
/META-INF/jazn-data.xml
I will review the system-jazn-data.xml to see if the policy information has been migrated properly as part of the EAR deployment.
Thanks.
-Dan

How to do JAAS and J2EE Deployment Descriptor ACL in WLS

The examples on this website and shipped with WLS stink. Does there exist a GOOD
example of how to
Log in with a form
authenticate (I guess using j_security_check to hook into the web.xml security)
then pull a user from a database and use the roles defined there for authorization
in the rest of the system?
The weblogic examples are from java clients to RMI (ya, thats handy). They also
sit alone. They dont say how to hook them into weblogic. They say to use JAAS
but they have just JAAS examples! No hooking of it into an EJB, servlet, etc!
They also dont show how to hook that code into WLS to use it as your security
module!
Help, I'm at a loss.
They recommend using JAAS but their documentation and examples of doing so suck
or are non existant. We have a complex real world product and need examples of
the same. Stupid, stand alone examples that teach nothing do no help.
frustrated at BEA for their poor documentation and support,
Mike

Also, I use struts....
In struts you have to extend the Action class which then calls the perform()
method on your servlet.
So to call an EJB I have to have my servlet implement PrivilegedAction?
If so, then this wants a run() method. Struts calls perform so that means
I'm going to have to make another class to call from my servlet with a run
method()? Or I'm going to have my servlet implement PrivledgedAction and
call Security.runAs()?
What if I just want to call the EJB from my servlet and put my security
credentials in the JNDI lookup? I want the container to use the roles of the
user in the JNDI lookup to authorize methods based on the deployment
descriptors.
thanks,
Mike
"Vimala Ranganathan" <[email protected]> wrote in message
news:[email protected]...
Hi Micheal,
Attached is an exmaple of JAAS login and invoking an EJB.
Let me know if this turns out to be useful.
Regarding the form based authentication, Could you be more clear on whatissue you are
facing?
Just as note, when you use form based login, WLS would authenticate theuser against
the realm
WLS is setup for, which could be a file Realm, or a RDBMS realm (in whichcase users
and groups are from database)
Roles cannot be defined at the database level. This needs to be atapplication level
which you can define in web.xml or
console(in 7.0)
If you need any specific help or more information please let me know.
Vimala
Michael Lee wrote:
The examples on this website and shipped with WLS stink. Does there
exist a GOOD
example of how to
Log in with a form
authenticate (I guess using j_security_check to hook into the web.xmlsecurity)
then pull a user from a database and use the roles defined there forauthorization
in the rest of the system?
The weblogic examples are from java clients to RMI (ya, thats handy).They also
sit alone. They dont say how to hook them into weblogic. They say to useJAAS
but they have just JAAS examples! No hooking of it into an EJB, servlet,etc!
They also dont show how to hook that code into WLS to use it as yoursecurity
module!
Help, I'm at a loss.
They recommend using JAAS but their documentation and examples of doingso suck
or are non existant. We have a complex real world product and needexamples of
the same. Stupid, stand alone examples that teach nothing do no help.
frustrated at BEA for their poor documentation and support,
Mike

Use of JAAS in WLS6 for sngle logon

We're in the design stage of a product, which will be based on Weblogic Server 6 and are hoping to use JAAS.
I'm quite new to WL in general and JAAS security and having read the documentation, I'm still not clear on a few points about how JAAS is used in WLS6.
We're intending to provide a single logon for the system and then to log users on to other services such as email etc. behind the scenes, when the user requests them.
Does JAAS in WLS6 support this and if so, how best could we achieve it?
One idea I've read on the Sun site is that you can instantiate multiple LoginContexts at different times during the user session, each using a different Configuration pointing to different LoginModules to achieve this.
A couple of other things I've come across which may be useful in this context are :-
the <run-as-specified-identity> tag in the deployment descriptor
LoginModules being able to share information
Any help much appreciated
Dave

Sorry for the delay in replying, I was on vacation
Dave <[email protected]> wrote in message
news:[email protected]...
>
Thanks for the reply Alex.
If we just have a single LoginContext with multiple LoginModules, wouldn'tthat mean that when a user logged-on, it would log them on to all of the
services at the same time ?
Yes, that is the sequence specified under JAAS
We were trying to make it so that after the initial logon to the system,the user would be logged on to other services only when they accessed them
explicitly. Does that mean that we need multiple LoginContexts still ?
Unfortunately yes, you will need multiple LoginContext instances to do that.
set configuration
new context
context.login
context.getSubject
Subject.doAs(subject, action)
>
I understand that WLS6 will only provide for JAAS Authentication, notAuthorisation. Does that mean I need to use it in conjunction with the
existing Weblogic Authorisation, such as ACLs and Realms ?
>
The WLS6 JAAS implementation wrappers the existing ACL implementation and is
independant of the realm being used. Internally the Subject.doAs method
checks the ACLs of the user associated with the specified Subject instance.
Can I also ask about the granularity of Resources that can be protected byaccess control. Would these be at the level of Servlets, beans etc.
I believe you can but I'm not sure, check in the documentation on Servlets &
beans or post a followup question in those groups
>
Is the Beta Refresh available for downloaded now ? If not, how soon doyou think it would be ?
>
The beta refresh should be available early the week of 11/13
As regards the <run-as-specified-identity> tag in the deploymentdescriptor. Could you briefly explain its use and whether it would help us
with our logon approach ?
Again I'm not sure, again please post this to the associated group Servlets,
Beans, etc.
>
Thanks very much for your help again.
Dave
"Alex McDonald" <[email protected]> wrote:
Dave,
The WLS 6 JAAS implementation will support what you intend. While there
were
several bugs in the initial WLS 6 Beta these have been fixed in the Beta
refresh, if you need the updated files sooner I can send you a zip.
I would suggest the following. Single LoginContext, multipleloginModules.
Set your first configured loginModule to prompt for theusername/password,
each of the following loginModules can than use that information behindthe
scenes or prompt as needed for additional user info. Configure the first
loginModule as REQUISITE so that it must succeed for the login process to
continue. The WLS 6 JAAS sample loginModule implementation contains theWLS
login information, additional email, etc services can be added to the
Subject container as needed.
Alex
Dave <[email protected]> wrote in message
news:[email protected]...
We're in the design stage of a product, which will be based on WeblogicServer 6 and are hoping to use JAAS.
I'm quite new to WL in general and JAAS security and having read thedocumentation, I'm still not clear on a few points about how JAAS is usedin
WLS6.
We're intending to provide a single logon for the system and then to
log
users on to other services such as email etc. behind the scenes, when the
user requests them.
Does JAAS in WLS6 support this and if so, how best could we achieve it?
One idea I've read on the Sun site is that you can instantiate multipleLoginContexts at different times during the user session, each using a
different Configuration pointing to different LoginModules to achievethis.
>>>
A couple of other things I've come across which may be useful in thiscontext are :-
the <run-as-specified-identity> tag in the deployment descriptor
LoginModules being able to share information
Any help much appreciated
Dave

Urgent: JAAS Login Module Deployment Problem

Hi,
I have developed a JAAS Login module for the portal (EP6 SP9 sneak preview) and i am getting the following error:
GroupAssignmentLoginModuleLibrary does not exist in LoadContextWrapper.modifyName.
com.sap.engine.services.security.exceptions.BaseSecurityException: Can not load a login Module
The next line is a ClassNotFoundException for the Login Module and the class found in negative cache.
Please let me know if you know the solution to this problem.
It is an urgent issue and a solution will be suitably rewarded.
Regards,
Vibhu

Hi Diego,
Scenario 1: SAP EP to SAP Backend Integration
      In this scenario the most commonly used strategy
      is SAP logon tickets. As far as I know this is the
      best and simple way to implement SSO.
Scenario 2: SAP EP to Non SAP systems.
      In this scenario various mechanisms can be used.
      It depends on the application you are integrating
      with. SAP does deliver SSO soultions with Lotus
      Notes and Outlook etc. If supported probably it is
      simple to use the SAP solution [Reliability and
      Support].
Scenario 3: Enterprise Uses third party authetication
      Software.
      For the authntication if the company chooses to use
      some third party product like SiteMinder etc, then
      you can simply use this solution for SAP EP authe-
      tication, and also all your other enterprise
      applications based on the product support. But SAP
      EP to other SAP systems be best integrated with SAP
      logon tickets.
Scenario 4: SSO using homegrown authetication or some
      third party JAAS module.
      If you have significant applications that are home
      grown that uses some custom authentication mecha-
      nism (Example: Authentication based on ID and
      Password stored in company database ) you can write
      a JAAS module extention to authenticate using that
      database. In other words JAAS is flexible and
      for using external authentication mechanisms.
There are several mechanisms available that all depends
on your internal applications/security mechanism/integration etc.
Here is the link to one of the good articles on SDN about the SAP supported SSO mechanisms.
https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/com.sap.km.cm.docs/library/uuid/58094632-0301-0010-a391-fc0de26f010e
Hope this information is useful.
-Venkat Malempati

JAAS Support

Similar Messages

Maybe you are looking for