JAAS: Swing & Web implementation

Similar Messages

• JAAS in Web Applications

  Hi,
  I am new to JAAS and was implementing the Tomcat JAAS realm in web application,I am stuck with the invocation of life cycle methods flow like,login(),handle(),commit(),abort() and logout().
  Please help me.
  In the server.xml,JAAS realm is set.
  In the web.xml,login config is set as FORM(action=j_security_check)
  So when certain URL(like/*) is set under <security-constraint>,and the request is of /* ,the <form-login-page> of the FORM would be displayed and then the username and password would be obtained by the web container.I want this username and password to be get authenticated and authorised by JAAS framework.But how those username and password retreived by the wecontainer from the user is passed to the Jass CallBackHandlers.
  If JAAS realm is used we have callbakchandlers for getting the credentials(username and password) from the user.But if the FORM custom JSP is used ,we get the username and password in j_username and j_password parameters.So how the callbackhandlers get these info from the web container OR whether callbakchandlers are not needed in this case? Please clarify me.
  This is with reference to Cote's free jassbook chapter 09.

  Hello,
  Did you get any further with your implementation, I am trying to integrate JAAS into our system too and have roadblocks. I have gone through Cote's JAAS book and am stuck as to how to authenticate the JAAS login context on top of my existing authentication that cannot be changed. I am trying to implement a login module that will set the principals and creds for the user but do not know how to invoke this separately from the existing login.
  Also after I set the loginContext and get the subject with the principals that have the permissions that I require how do I persist it for all future calls. Making it part of the session seems to the only option. I was under the impression that JAAS can make this persistable, any ideas there.
  Thanks for any help,
  Pravin

• Cursor Style, Forms Web Implementation 6.0

  I am using the Forms server 6.0 with static HTML to display
  forms over Intranet. The cursor styles through SET APPLICATION
  PROPERTY builtin does not seem to change the cursor in the
  browser. (Works fine when I test the form in Client/Server
  environment.) Tried it with both IE 4.0 and NetScape 4.5. I did
  not see in Developer 6.0 documentation that Cursor Style is not
  available in Web implementation.
  Has anyone used cursor styles successfully with Developer 6.0 in
  static Web Implementation?
  Thanks,
  Amir
  null

  Cherif,
  please ask Oracle customer support for this.
  thanks
  Frank

• JAAS restrict web page access

  Hi,
  I am planning to implement JASS autherization in my web application.
  1. I want to restrict the role to access few certain jsp, servlet pages. What entry should i make in policy file, so that when the role tries to access that jsp file, it should automatically redirect user to some different jsp page.
  2. I want to have some Access Control List in authorization, so that the logged in user has access to certain functions, product etc. How can i take help of JAAS.
  I can created my own custom ACL and put the same in session. How its different from JAAS.
  Thanks
  Vinayak

  hi,
  you should look towards jGuard (jguard.sourceofrge.net) which enable easy JAAS integration into J2ee and wrap the jaas complexity.
  sincerly yours,
  Charles(jGuard team).

• Swing web browser...

  Is there any good sort of like.. wrapper object to contain the system's default browser to embed in a Swing app? I've looked at using a JEditorPane, but its functionality seems rather limited. I've also considered using the Desktop object to launch the system's default browser, but for my purposes this will be inadequate. What I really need is some kind of wrapper type object that launches the default browser within a Swing panel. Anyone know if there's anything like this implemented?

  I'm not getting any results from that in google... maybe you're talking about java.awt.Desktop? This is something I've already tried to use, but it's not really adequate for my purposes.

• Best Web Implementation

  I've been asked to develop a web application which will generate a form from data stored in an Oracle 8i database. The process should be fairly simple. I'm anticipating the process will go something like:
  The user connects and chooses a topic
  A form is generated and sent to the user
  The user fills out the form and submits it
  A backend process reviews the answer, stores the results, sends a message back to the user
  I'm planning on using Oracle 8I and OAS 4.0.8.1. Can someone suggest an implementation path? I'm free to use just about any other technology I wish. Can someone suggest the best (and hopefully easiest) implementation? I've considered PHP, several Oracle options, Java, and Perl. If you think one method would have particular advantages over the other, please give them.
  Thanks from a DBA, not (yet) a developer!
  Jim
  BTW: I do know a little about cgi and web servers. But, I'm not a web engineer.
  null

  on point 1 :
  java can be on same stack as abap. actually on any project I worked, java was on same server as abap.
  It realy does not matter where the java is installed. (the connection to abap goes trough "jco" which can point to  abap stack of your choice)
  I'm not sure it should be an SAP JAVA server, there are some special settings like "trex" in java server administration(visual admin tool), it is used to find your isa catalog in trex system.
  there's supose to be an xcm setting to avoid this trexsetting  but it has never worked for me
  I dont think you can just install isa on other java servers because of this.
  Then again.. i'm not a system admin. they might give more info on this subject to force an trex setting in a non sap java server.
  hope this helpes a bit.
  regards

• JAAS login functionality Implementation in EP5

  Does anyone actually know if its possible to write a JAAS replacement for the login functionality of EP5 - ive seen loads of stuff about EP6 but nothing for EP5.
  If anyone has actually tried it - I would appreciate a bit of a heads up on what to look out for.
  Thanks
  Haydn

  Hi,
  the JAAS functionality was introduced with EP 6.0. In EP 5.0 it is not available since the authentication piece takes place on the IIS.
  Best regards,
  Oliver

• Implemention of JAAS+servlet+jboss+sql database

  Hi,
  I am trying to implement JAAS for login module using code and CallbackHandler( ie lc = logincontext(...).), but i got a sample code which is used for commandline execution, but i need to implement in web application, what all are the files that i need to configure to implement JAAS in web application?, so that i can check the user name and password which is entered by the user against the value that inside my sql database. it would be appreciated if anyone send some sample code to start work on JAAS.
  Regards
  kumar

  Kumar,
  i am trying to do the same thing, but i am having a slight problem, maybe between the two of us we can figure it out. here is what i have come up with so far:
  1. edit web.xml to specifiy which directories and pages are secured and accessed only by specific user roles (Optional)
  2. edit login-config.xml which is found in JBOSS_directory/server/default/conf or JBOSS_directory/server/all/conf depending on which version of the server you are using. you need to add the following to login-config.xml file, to include the JAAS DatabaseServerLoginModule, the configuration is as follows:
  <application-policy name = "testDB"> <! -- this is the name of the secrurity policy which you refer to in jboss-web.xml
  <authentication>
  <login-module code = "org.jboss.security.auth.spi.DatabaseServerLoginModule"
  flag = "required">
  <module-option name = "unauthenticatedIdentity">guest</module-option>
  <module-option name = "dsJndiName">java:/testDB</module-option> <! -- this is the datasource the is used to connect to your database
  <module-option name = "principalsQuery">SELECT password from Principals where PrincipalID =?</module-option>
  <module-option name = "rolesQuery">SELECT Role, Rolegroup FROM roles WHERE principalid=?</module-option>
  </login-module>
  </authentication>
  </application-policy>3. you edit jboss-web.xml with the following code
  <jboss-web>
  <security-domain>java:/jaas/testDB</security-domain>
  <context-root>/testJBOSSsecurity</context-root>
  </jboss-web>4. Create a Login Form with the action pointing to the servlet you will create in the next step
  5. create the servlet that handles logging the user in
  ****loginservlet.java*****
  import java.security.Principal;
  import java.security.PrivilegedAction;
  import java.util.Locale;
  import javax.servlet.*;
  import javax.servlet.http.*;
  import java.util.Set;
  import javax.security.*;
  import org.jboss.security.SimplePrincipal;
  import org.jboss.security.auth.callback.SecurityAssociationHandler;
  try {
  SecurityAssociationHandler handler = new
  SecurityAssociationHandler();
  Principal user = new SimplePrincipal(request.getParameter("j_username"));
  handler.setSecurityInfo(user, request.getParameter("j_password"));
  LoginContext loginContext = new LoginContext("testDB",(CallbackHandler)handler);
  loginContext.login();
  Subject subject = loginContext.getSubject();
  Set principals = subject.getPrincipals();
  principals.add(user);
  out.println(subject.toString());
  //response.sendRedirect("securepage.java");
  }6. create two database tables: one to hold the principalid (primary key) and password. this table is called pricipals. create another table to hold the user roles. call this table roles, and it has three fields. principalid as a primary key and a foreign key from the principals table, role and rolegroup
  this is what i have so far, but it's not working, i have posted my problem in this link [http://forum.java.sun.com/thread.jspa?threadID=5293266|http://forum.java.sun.com/thread.jspa?threadID=5293266] as well an other forums since two nights ago, but so far no replies. so read the post and you will get a better picure and try it out, if you have luck wiith it, please let me know
  Sam

• How to implement JAAS?�?

  Hi all,
  I'm building a web application using JSP and Sevlet, and I want to design a login page where users enter their name and pass. I heared that if I want to design that page I need to implement JAAS (Java Authentication and Authorization Service) please help me to do that and give me code, links, or articles that talk about design login pages.
  thanx,

  Some examples to help you get started...
  Extracts from web.xml
      <!-- My App uses Struts - declare the struts action servlet -->
      <servlet> 
          <servlet-name>action</servlet-name>
          <servlet-class>org.apache.struts.action.ActionServlet</servlet-class>
          <init-param>
              <param-name>config</param-name>
              <param-value>/WEB-INF/config/struts/struts-config.xml</param-value>
          </init-param>
          <init-param>
              <param-name>debug</param-name>
              <param-value>2</param-value>
          </init-param>
          <init-param>
              <param-name>detail</param-name>
              <param-value>2</param-value>
          </init-param>
          <load-on-startup>2</load-on-startup>
          <security-role-ref>
              <role-name>member</role-name>
              <role-link>member</role-link>        
          </security-role-ref>
      </servlet>
      <!-- Standard Action Servlet Mapping -->
      <servlet-mapping>
          <servlet-name>action</servlet-name>
          <url-pattern>*.do</url-pattern>
      </servlet-mapping>
      <security-constraint>
          <!-- Member pages can only be accessed by 'members' -->    
          <web-resource-collection>
              <web-resource-name>Member Pages</web-resource-name>
              <url-pattern>/members/*</url-pattern>
              <http-method>GET</http-method>
              <http-method>POST</http-method>                              
          </web-resource-collection>
          <auth-constraint>
              <role-name>member</role-name>
          </auth-constraint>       
          <!-- Forces SSL -->
          <user-data-constraint>           
              <transport-guarantee>CONFIDENTIAL</transport-guarantee>           
          </user-data-constraint>   
      </security-constraint>
      <!-- Specify Form Based Authentication -->
      <login-config>
          <auth-method>FORM</auth-method>       
          <form-login-config>
              <form-login-page>/displayLogin.do</form-login-page>
              <form-error-page>/displayLoginError.do</form-error-page>
          </form-login-config>
      </login-config>
      <security-role>
          <role-name>member</role-name>
      </security-role>
  Login JSP (Uses Struts specific tags which can be ignored)
  <%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
  <%@ taglib prefix="html" uri="http://struts.apache.org/tags-html-el" %>
  <%@ taglib prefix="bean" uri="http://struts.apache.org/tags-bean-el" %>
  <form name="LoginForm" action="j_security_check" method="post">
       <table class="TwoColumnForm">     
          <tr>
              <th><bean:message key="user.username"/></th>
              <td><input type="text" name="j_username" class="Required" size="32" maxlength="32"/></td>
          </tr>
          <tr>
              <th><bean:message key="user.password"/></th>
              <td><input type="password" name="j_password" class="Required" size="32" maxlength="32"/></td>
          </tr>        
           <tr>
               <td Class="Buttons" colspan="2">
                   <html:image styleClass="Button" property="buttons.submit" pageKey="common.img.ok_button.src" alt="common.img.ok_button.alt"/>
                   <html:link page="/displayMain.do"><html:img styleClass="Button" pageKey="common.img.cancel_button.src" altKey="common.img.cancel_button.alt"/></html:link>
               </td>
           </tr>        
       </table>
  <form>
  Configure Tomcat to use custom JAAS login module - add the following to context.xml in META-INF
  <Context reloadable="true">
       <!-- Realms -->
       <Realm className="org.apache.catalina.realm.JAASRealm" appName="MyApp" userClassNames="com.myapp.security.jaas.CustomUserPrincipal"
            roleClassNames="com.myapp.security.jaas.CustomRolePrincipal" debug="1"/>
       <!-- Monitored Resources -->
       <WatchedResource>META-INF/context.xml</WatchedResource>     
       <WatchedResource>WEB-INF/web.xml</WatchedResource>
  </Context>
  Create a file called jaas.config
  MyApp
      com.myapp.security.jaas.CustomLoginModule required;
  Specify the jaas.config file as a system property when you start you app server
  -Djava.security.auth.login.config=="C:/Projects/MyApp/jaas.config"[b]Implement the CustomLoginModule, CustomUserPrincipal and CustomRolePrincipal as shown in the sun tutorials
  These classes need to be deployed where your application server can find them when it starts up, i.e. outside of your WEB-INF/classes and WEB-INF/lib
  You can implement the CustomLoginModule how you like, but if your application maintains it's own user database it may get a bit messy - I didn't like the idea of the app server interogating my application database and becoming responsible for the login logic (e.g. lock the account after 3 incorrect attempts etc). For this reason my CustomLoginModule (running in Tomcat) invokes a remote login method in my web app over RMI. The login method return a User object if successful which is added to the CustomUserPrincipal so it can be retrieved in the web-app.
  Not the nicest of designs I admit. If anyone can suggest a better approach I'd be glad to hear it. I'm also not a JAAS expert. My app is just for testing out things I'm interested in, it's quite possible I may have misunderstood something along the way.

• JAAS configuration steps for web example in tomcat

  Hi,
  I have to configure JAAS for the deployement of my web application in tomcat.
  but i am not getting any proper document for this.
  If any one could provide some useful information or documentation so please help me.
  Thanks

  after googling i came to the forum.
  i am not getting any proper way from where i can start Jaas login module implementation for my web application with tomcat. The information i am getting from google is to do the job using COMMAND PROMT, but I want to implement that in my web application so that i can start that using webUI
  Can you provide me some links which will be help ful to start.
  Thanks

• JAAS implementation on tomact.

  hello.
  i am new to JAAS. i learnt how to implement JAAS in J2SE.
  but now i want to implement JAAS for web application.
  Now i want to implement JAAS for Tomcat server. i am totally stucked in it. there is almost no help available abt this or very vauge.
  can anyone tell me how to implement JAAS for tomcat. where to keep the files like config files,callback handlers etc and how to configure them, i mean their path in xml files etc. plz plz hlp.............................
  i am using Apache Tomcat 6.0.
  thanks in advance.

  This is the JSSE forum. Try the 'Other Security APIs, Tools, and Issues' forum. Locking this thread.

• Jaas ( web.xml) login with uix gives error

  I configured a jaas login (web.xml) with my jheadstart project like the jsp example ( Secure BC4J Applications with Oracle9i VPD and Oracle 9iAS JAAS ) this works fine, I get a login box and after i log in, the oc4j server gives a error.
  Error in CreateMarlinUIXPage.createUITree: no protocol: /uix/HomePage.uix
  what can this be, the jsp example works fine

  here is my web.xml
  <?xml version = '1.0' encoding = 'UTF-8'?>
  <!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.2//EN" "http://java.sun.com/j2ee/dtds/web-app_2_2.dtd">
  <web-app>
  <display-name>sicma</display-name>
  <description>sicma helpdesk applicatie</description>
  <servlet>
  <servlet-name>sicmaController</servlet-name>
  <servlet-class>oracle.jheadstart.process.controller.JhsHttpServletController</servlet-class>
  <init-param>
  <param-name>cle-service-descriptor</param-name>
  <param-value>sicmaService.xml</param-value>
  </init-param>
  </servlet>
  <servlet-mapping>
  <servlet-name>sicmaController</servlet-name>
  <url-pattern>/Startsicma</url-pattern>
  </servlet-mapping>
  <servlet>
  <servlet-name>startController</servlet-name>
  <servlet-class>oracle.jheadstart.process.controller.JhsHttpServletController</servlet-class>
  <init-param>
  <param-name>cle-service-descriptor</param-name>
  <param-value>startService.xml</param-value>
  </init-param>
  <security-role-ref>
  <role-name>administrator</role-name>
  <role-link>administrators</role-link>
  </security-role-ref>
  </servlet>
  <servlet-mapping>
  <servlet-name>startController</servlet-name>
  <url-pattern>/Start</url-pattern>
  </servlet-mapping>
  <resource-ref>
  <res-ref-name>jaas</res-ref-name>
  <res-type>javax.sql.DataSource</res-type>
  <res-auth>Application</res-auth>
  </resource-ref>
  <security-constraint>
  <web-resource-collection>
  <web-resource-name>jaas</web-resource-name>
  <url-pattern>/</url-pattern>
  </web-resource-collection>
  <auth-constraint>
  <role-name>administrators</role-name>
  </auth-constraint>
  <user-data-constraint>
  <transport-guarantee>NONE</transport-guarantee>
  </user-data-constraint>
  </security-constraint>
  <login-config>
  <auth-method>BASIC</auth-method>
  <realm-name>jazn.com</realm-name>
  </login-config>
  <security-role>
  <role-name>administrators</role-name>
  </security-role>
  </web-app>

• JAAS web application

  Subject: JAAS application
  Hi,
  I am very much new to the jaas and web applications , can any one please guide me in finding the white papers for the JAAS stuff .. i had been through many files but could not find a suitable stuff for it .. It would be great if some one can send a simple application using JAAS
  to my mail id [email protected]
  Thanks in advance
  lkor

  Hi,
  please do some one help me with this .....
  koruel

• Example JAAS web application

  Hi all,
  I am new to using jaas technology in web application.
  I have seen some examples in sun which are working fine through command prompt. I am looking web examples .
  I have read the following article which explains good but where to keep the jaas.config file and configure details are not clear
  http://www.javaworld.com/javaworld/jw-09-2002/jw-0913-jaas.html?page=1
  It will be great if somebody gives some idea.
  Raghu

  Hi ,
  Can you tell me where to do this entery , in which file :
  -Djava.security.auth.login.config=D:/3110/conf/Jaas.config
  Which file has to be updated when you run jaas through web application .
  My Code is working fine for client side , but when integrated to web , error comes :
  Login Module is nort configured for Sample1 .

• OC4J 9.0.3: JAAS Compliant LoginModule support !

  Hi,
  I have a requirement where I need to migrate my JAAS Compliant LoginModule(implements LoginModule interface) from Weblogic to OC4J. I want to use my Custom LoginModule to perform authentication at the Web Tier and Ejb Tier and let the containers handle the details. I only want to plug in my Login Module as needed. The Login Module works absolutely fine as it is on Weblogic and JBoss, but fails to work on OC4J. This is the error that I get :-
  When I call a protected EJB function the following error is found in the server.log file:
  The run-as user is not an instance of com.evermind.security.User
  Why is it looking for a "User" of this instance? I am using all standard JAAS compliant
  classes:
  javax.security.auth.spi.LoginModule to implement my Login Module
  java.security.Principal to implement my Principal
  java.security.acl.Group to implement by Group/Role
  As of OC4J version 9.0.3 does it have Support for JAAS Compliant custom login module??
  These are the source files that I have
  1) JAAS Compliant Login Module (implement LoginModule interface)
  2) JAAS compliant Principal (implement Principal interface)
  3) JAAS compliant Group (implement Principal interface and Group interface)
  4) Allow Web Tier and EJB Tier to be authenticated and authorized
  Now how do I go about deploying the same on OC4J.
  Any help would be appreciated.
  Thanks in Advance,
  Easwar.

  Hello All,
  As I was going through JAAS implementation using the iPlanet LDAP as our user/role data source found that its not just the LoginModule you have to write in addition to this you would end up wirting a whole new set of classes for manaing the users i.e UserManager :(
  Here is the list of classes we have to implement to get the container managed declarative security model to work with the Web (web.xml) and EJB containers (ejb-jar.xml)
  1 SampleAuthenticator.java
  2 SampleLoginModule.java
  3 SampleProvider.java
  4 SampleRealm.java
  5 SampleRealmManager.java
  6 SampleRealmPrincipal.java
  7 SampleRealmRole.java
  8 SampleRealmUser.java
  9 SampleRoleManager.java
  10 SampleUserManager.java
  I have still some doubt that after implementing this there could be some more catch and the implementation may still not work!!! :(
  Have any one done such an implementation?
  if some one has done this please let us know is it worth implementing them?
  Thank you
  Mallik