JSF 2.0 Custom security tag

Similar Messages

• Custom secure views report is not restricting the data

  Hi,
  I have created few custom secure views reports and in which I have used the per_people_f , per_assignments_f secure views but when I am running this report from different responsibilities like (US Resp, UK Resp) it is producing the same number of records. From US resp it should produce the US employees and from UK it should produce the UK employees but this is not happening currently.it is a simple sql script which I registered as sql*plus executable.
  Can any one suggest if I am missing some thing? Urgent help would be appreciated.
  Thanks,
  Ashish

  Pl post details of OS, database and EBS versions. How have you implemented security ? What kind of concurrent program are you using ? Pl provide details. Also see these MOS Docs
  How To Enable Hr Security on Custom Reports?          (Doc ID 369345.1)
  Understanding and Using HRMS Security in Oracle HRMS          (Doc ID 394083.1)
  Need Custom Security Profile To Restrict Based On Employees Organization          (Doc ID 445142.1)
  HTH
  Srini

• Errors encountered while using a Custom Security Realm on a Platform Domain

  Hi,
  We have created a WebLogic Platform Domain. A WebLogic Portal application(Portal
  7.0) and some Web Service apps are running on this domain.
  We have created a Custom Security Realm b'cos of our application requirements
  and now when I startup the Platform Domain, I see lot of errors.
  Some of the errors typically are
  "<Jan 16, 2003 4:07:02 PM EST> <Error> <HTTP> <101256> <The run-as user: wlisystem,
  for the servlet: ApplicationView for the webapp: /WLI_AI_Workshop_Control_Web,
  could not be resolved to a valid user in the system. Please check if the user
  exists.
  javax.security.auth.login.LoginException: Authentication Failed: User wlisystem
  denied in Realm Adapter realm weblogic"
  or
  Unable to deploy EJB: wlai-eventprocessor-ejb.jar from wlai-eventprocessor-ejb.jar:weblogic.ejb20.WLDeploymentException:
  weblogic.ejb20.interfaces.PrincipalNotFoundException: Authentication Failed: User
  wlisystem denied in Realm Adapter realm weblogic
  Do we have to create any predefined user accounts in the Security Store to get
  rid of these errors. I would appreciate if anyone can suggest some tips or workarounds
  for configuring or creating a Custom Security Realm for Web Logic Platform Domain.
  Thanks
  Vikram

  Hello Vikram,
  Are you using the new WLS 7.0 security framework? It is not supported for
  Portal 7.0. For Portal 7.0 apps you have to use compatibility mode (6.x
  style) security.
  Ture Hoefner
  BEA Systems, Inc.
  www.bea.com
  "Vikram Datla" <[email protected]> wrote in message
  news:3e273015$[email protected]..
  >
  Hi,
  We have created a WebLogic Platform Domain. A WebLogic Portalapplication(Portal
  7.0) and some Web Service apps are running on this domain.
  We have created a Custom Security Realm b'cos of our applicationrequirements
  and now when I startup the Platform Domain, I see lot of errors.
  Some of the errors typically are
  "<Jan 16, 2003 4:07:02 PM EST> <Error> <HTTP> <101256> <The run-as user:wlisystem,
  for the servlet: ApplicationView for the webapp:/WLI_AI_Workshop_Control_Web,
  could not be resolved to a valid user in the system. Please check if theuser
  exists.
  javax.security.auth.login.LoginException: Authentication Failed: Userwlisystem
  denied in Realm Adapter realm weblogic"
  or
  Unable to deploy EJB: wlai-eventprocessor-ejb.jar fromwlai-eventprocessor-ejb.jar:weblogic.ejb20.WLDeploymentException:
  weblogic.ejb20.interfaces.PrincipalNotFoundException: AuthenticationFailed: User
  wlisystem denied in Realm Adapter realm weblogic
  Do we have to create any predefined user accounts in the Security Store toget
  rid of these errors. I would appreciate if anyone can suggest some tips orworkarounds
  for configuring or creating a Custom Security Realm for Web Logic PlatformDomain.
  >
  Thanks
  Vikram

• SQL Query in Custom Security when creating Security Profile

  Hello all,
  I've created a security profile with Custom security and provided a simple query in Custom Security tab-
  PERSON.PERSON_ID = FND_GLOBAL.EMPLOYEE_ID
  Custom security option is "Restrict the people visible to each user using this profile"
  I am not able to see the record as expected.
  If I Hardcode the person ID "PERSON.PERSON_ID = 13449" with "Restrict the people visible to each user using this profile", I am able to see the record.
  If I Hardcode the person ID "PERSON.PERSON_ID = 13449" with "Restrict the people visible to this profile", I am able to see the record after running PERSLM and same is in PER_PERSON_LISTS.
  Am I correct in checking with FND_GLOBAL.EMPLOYEE_ID?
  (This was mentioned in system administrator guide :
  "+Oracle HRMS assesses the custom security when the user signs on. In addition, the custom security code can include references to user specific variables, for example, fnd_profile.value() and fnd_global.employee_id.+"
  docs.oracle.com/cd/E18727_01/doc.121/e13509/T2096T2098.htm).
  I have tried with FND_GLOBAL.USER_ID / FND_PROFILE.VALUE('USER_ID') / :ASG_ID (seeded query has a join with this bind variable) - not happening.
  I've given options as below :
  Employees = None
  Contingent Worker = Restricted
  Applicant = None
  Contacts = All
  Candidates = All
  All other options - Defaulted
  Thanks,
  Sumanth

  Resolved this - One cannot see self's employee record in the form for which this is setup.
  Hence the below query though correct in syntax did not show any data.
  PERSON.PERSON_ID = FND_GLOBAL.EMPLOYEE_ID
  My original requirement was that all employees belonging to one's Organization should be displayed, and this is working fine with an updated query for the same.
  Thanks,
  Sumanth

• How to pass custom cookie from report builder application to SSRS Custom Security Extension?

  We want to implement SSRS in SaaS model. We implemented Custom Security extension in order to authenticate users from other application. When user enters username/password, i would like to authenticate the user in other application and it will return some data which can be used for autherization. I am expecting the same set of data will be accessible during all autherization calls.
  Currently we are implementing this in Report Builder application. I couldn't able to persist the information in cookie. Report builder removes all the cookies exceprt one cookie which is used by report server.Is there any way to share the information in all reportbuilder autherization calls in same session?

  if you have your own data extension, you can using
  HttpContext.Current.Application.Add("yourkey",
  yourdata);
  to save your data, but the issue I met it the key, I cannot find a key depended on report builder. If I use username, if the user open 2 report builder, both of them will get the same key and same data, but at this case the data should be different.
  I hope it will help you.

• Custom security provider exception

  Good day, colleagues. I want to raise an old topic.
  I use custom security provider exceptions:
  -AccountExpiredException
  -AccountLockedException
  However, the login() method only captures FailedLoginException
  try
    CallbackHandler pwcall = new weblogic.security.URLCallbackHandler(user, pass.getBytes("UTF-8"));
    subject = weblogic.security.services.Authentication.login(pwcall);
    weblogic.servlet.security.ServletAuthentication.runAs(subject, request);
  catch (javax.security.auth.login.LoginException e) {
    e.printStackTrace();
  javax.security.auth.login.FailedLoginException: [Security:090304]Authentication Failed: User ...
    at weblogic.security.providers.authentication.LDAPAtnLoginModuleImpl.login(LDAPAtnLoginModuleImpl.java:240)
    at com.bea.common.security.internal.service.LoginModuleWrapper$1.run(LoginModuleWrapper.java:110)
    at java.security.AccessController.doPrivileged(Native Method)
  I found similar questions IdentityAssertion custom exception, FailedLoginException asked many years ago for WLS 9.2
  Their solution (wlp.propogate.login.exception.cause=true) does not work for WLS 10.3.
  How to propagate original LoginException?
  Or exception message only.

  I did it! look closely to source code:
  javax.security.auth.login.LoginContext:875
  if (moduleStack[i].entry.getControlFlag() == AppConfigurationEntry.LoginModuleControlFlag.REQUISITE) {
    // if REQUISITE, then immediately throw an exception
    if (methodName.equals(ABORT_METHOD) || methodName.equals(LOGOUT_METHOD)) {
         if (firstRequiredError == null)
              firstRequiredError = le;
    } else {
         throwException(firstRequiredError, le);
  } else if (moduleStack[i].entry.getControlFlag() == AppConfigurationEntry.LoginModuleControlFlag.REQUIRED) {
    // mark down that a REQUIRED module failed
    if (firstRequiredError == null)
         firstRequiredError = le;
  } else {
    // mark down that an OPTIONAL module failed
    if (firstError == null)
         firstError = le;
  javax.security.auth.login.LoginContext:922
  // we went thru all the LoginModules.
  if (firstRequiredError != null) {
    // a REQUIRED module failed -- return the error
    throwException(firstRequiredError, null);
  } else if (success == false && firstError != null) {
    // no module succeeded -- return the first error
    throwException(firstError, null);
  } else...
  I set Control flag: OPTION to DefaultAuth (was REQUIRED)
  and order it after my LoginModule. (restart required!)
  Now I catch my exceptions %)

• What is the best way to deploy/update custom security realm classes to WLS 6.0?

  From the WLS 6.0 console, I see that I can specify the Java class that
  implements my custom security realm but I am wondering what is the best way
  to deploy/update this code. I don't see a way to do this from the console.
  Does this mean that I have to manually copy the class files over that
  implement my custom security realm?

  Thanks Danut,
  A jar file seems to be a good way to package it up but it sounds like it
  still needs to be manually copied to each Weblogic server install directory
  post-installation and whenever it is updated. I thought it would be nice to
  be able to deploy/update the custom security realm by uploading it through
  the Console just as you can with web applications and EJBs.
  Brian
  "Danut Prisacaru" <[email protected]> wrote in message
  news:3aba2db0$[email protected]..
  You have to have your Custom Realm class in the class path. I usually havea
  jar file with all the Custom Realm classes and that jar I copy it in thelib
  folder. Then I modify "startWebLogic.cmd" and I add to the classpath
  ".\lib\CustomRealm.jar"
  set
  CLASSPATH=.;.\lib\weblogic_sp.jar;.\lib\weblogic.jar;.\lib\CustomRealm.jar;
  >
  Be aware that in order to have you custom realm besides creating thecustom
  realm using the console you also have to create a custom caching andchoose
  that one as your default caching realm.
  Here is how the security settings are looking in my "config.xml"
  <CustomRealm Name="CustomRealm"
  RealmClassName="Custom.appserver.weblogic.security.CustomRealm"/>
  <CachingRealm BasicRealm="CustomRealm" CacheCaseSensitive="true"
  Name="CustomCachingRealm"/>
  <Realm CachingRealm="CustomCachingRealm" FileRealm="wl_default_file_realm"
  Name="wl_default_realm"/>
  <FileRealm Name="wl_default_file_realm"/>
  <Security GuestDisabled="false"
  Name="mydomain" PasswordPolicy="wl_default_password_policy"
  Realm="wl_default_realm"/>
  Danut

• How to use custom defined tags in uix in jdevloper 10g production

  can any one give me sample application for how to work with custom defined tags in uix with jedevloper 10g production
  thanks Venkat

  Hi Venkat,
  Maybe the reason for no one answering is because of lack of information in your post? What are you trying to do? Are you using JSP or UIX XML? Have you checked the online jdeveloper documentation? Have you checked the doc available in the JDeveloper release? Before we have more information we can't help you. Sorry
  Thanks,
  Jonas
  JDev Team

• Problems in developing custom JSP tags

  I have problems in debugging custom JSP tags. Sometimes the doStartTag is not called on tags but the doEndTag is called. I don't know why.
  Thanks.

  Fahr--
  A word of caution -- NetUI did not ship a JSP tag SDK in 8.x, and
  we're making no compatibility guarantees for custom JSP tags written on
  the 8.x release and future releases.
  You can accomplish the same sort of functionality with a combination
  of the <netui-data:getData> tag and JSTL 1.0. This solution would
  probably provide similar functionality and be more future-proof relative
  to JSTL and the NetUI tags currently being developed in Beehive.
  Hope that helps.
  Eddie
  Fahr Vegnugen wrote:
  We are in the midst of creating our own JSP tags to work with datasources.
  In an example where you would need to compare two different datasources how would you do this?
  ie.
  <prefix:isGreater dataSource="{pageflow.column1}" dataSourceToCompare="{pageFlow.column2}" />
  How would I evaluate what column2 is since the tag will only resolve one data source
  this.evaluateDataSource();
  Any pointers you can provide would be appreciated, or if there is a library of jsp tags that evaluate objects using datasources already created, that would even be better.

• Access to IPortalComponentRequest in custom security manager

  Hi All,
  I am implementing a custom security manager. For my requirements, I need IPortalComponentRequest object in the security manager class. Can anyone give me a clue to get the request object in security manager implementation.
  Regards,
  Yoga

  Hi Romano,
  I tried this. Its returning mysapsso2 cookie and authentication_schema cookie. But not retuning any custom cookies added to the response from any other application.
  What I have tried to achieve is:
  1. When a user login and authentication suceeds, I will add a custom cookie to the response.
  2. Get the custom cookie added in the security manager class and do manipulations to check whether the user is authenticated.
  Using the method you have suggested, I was not able to get any custom cookies added in other applications.
  I tried the code using resource context(resource context obtained form IUser) as suggested in other threads,
  HttpServletRequest request = (HttpServletRequest) resourceContext.getObjectValue("http://sapportals.com/xmlns/cm/httpservletrequest");
  But this API returns null.
  Any way to achieve?
  Regards
  Yoga

• JSF 2.0: Facelets: No tag libraries (TLDs)?

  Hi, I'm currently concerned with JSF 2.0 and Facelets. I found:
  - Tags are no longer defined in taglibs (TLDs) (instead they appear to be hard-coded in Java code)
  - On the other hand, jsf-impl.jar does ship two taglibs (for HTML and JSF Core), however, these solely include tags that have been existing since JSF 1.2 (the new tags are not defined there)
  OK, that may be fine. Nonetheless, now there's a problem with code completion and validation in IDEs (Eclipse in my case).
  Any ideas on how to get over that?
  Thanks

  [1] https://mojarra.dev.java.net/source/browse/mojarra/trunk/jsf-api/doc/web-facelettaglibrary_2_0.xsd?rev=6738&view=log
  Excuse me, that's the XSD schema for facelet-taglib. I'd be requesting TLDs or XSDs that contain definitions for commandButton, button, etc.
  [2] https://javaserverfaces.dev.java.net/nonav/docs/2.0/pdldocs/facelets/index.html
  That's not a XSD or TLD definition file but just documentation. Moreover, it only covers JSF 1.2 tags, not JSF 2.0 tags. (I do know that it does ship with the JSF 2.0 specification.)
  - Please remember that my final goal would be to have code completion and validation for JSF 2.0 in common IDEs, including Eclipse.
  Thanks

• Custom JSP Tags for Weblogic

  Hi,
            I have several questions regarding this topic:
            1) Does Weblogic 5.1 supports Custom Tags ? If so, are there any known
            problems ?
            2) Does Weblogic come with any tag libraries (for loops, if, etc) and where
            can I get them ?
            3) Are there any tag libraries out there (JRun, for example) that have been
            successfully run on Weblogic ?
            Any help would be much appreciated.
            Thanks,
            Jamie
            

  As there seems to be general interest, a link would probably be a great
            help.
            Regards
            Daniel Hoppe
            -----Original Message-----
            From: Michael Girdley [mailto:[email protected]]
            Posted At: Friday, August 25, 2000 8:03 AM
            Posted To: jsp
            Conversation: Custom JSP Tags for Weblogic
            Subject: Re: Custom JSP Tags for Weblogic
            Please see the documentation:
            http://www.weblogic.com/docs51/resources.html
            Michael Girdley
            BEA Systems Inc
            "Jamie" <[email protected]> wrote in message
            news:[email protected]...
            > Update
            > =======
            >
            > Weblogic Portal has some Tag libraries. I've downloaded the trial
            version
            > of
            > the Weblogic Commerce Server. How do I get the tag libraries and use
            them
            > on WL 5.1 ?
            >
            > Answers to original post still wanted
            >
            > Thanks,
            >
            > Jamie
            >
            > Jamie <[email protected]> wrote in message
            > news:[email protected]...
            > > Hi,
            > >
            > > I have several questions regarding this topic:
            > >
            > > 1) Does Weblogic 5.1 supports Custom Tags ? If so, are there any
            known
            > > problems ?
            > >
            > > 2) Does Weblogic come with any tag libraries (for loops, if, etc)
            and
            > where
            > > can I get them ?
            > >
            > > 3) Are there any tag libraries out there (JRun, for example) that
            have
            > been
            > > successfully run on Weblogic ?
            > >
            > >
            > > Any help would be much appreciated.
            > >
            > > Thanks,
            > >
            > > Jamie
            > >
            > >
            >
            >
            

• How to restrict employees from accessing managers data using custom security profile

  Hi,
  I am using custom security profile for restricting the employees from accessing supervisors details(PG.SEGMENT2=4). I have written the custom code as below :
  Responsibility :US Super HRMS Manager
  ASSIGNMENT.PERSON_ID
  IN
  (SELECT PAF.PERSON_ID FROM PER_ALL_PEOPLE_F PAF,
  PER_ALL_ASSIGNMENTS_F PF,
  PAY_PEOPLE_GROUPS PG,
  PER_PERSON_TYPE_USAGES_F PPU,
  FND_USER FNU
  WHERE PAF.PERSON_ID=PF.PERSON_ID
  AND :EFFECTIVE_DATE BETWEEN PAF.EFFECTIVE_START_DATE
  AND PAF.EFFECTIVE_END_DATE
  AND PF.PEOPLE_GROUP_ID=PG.PEOPLE_GROUP_ID
  AND :EFFECTIVE_DATE BETWEEN PF.EFFECTIVE_START_DATE AND PF.EFFECTIVE_END_DATE
  AND PPU.PERSON_ID=PAF.PERSON_ID
  AND PPU.PERSON_ID=PF.PERSON_ID
  AND :EFFECTIVE_DATE BETWEEN PPU.EFFECTIVE_START_daTE AND PPU.EFFECTIVE_END_DATE
  AND PAF.PERSON_ID=FNU.EMPLOYEE_ID
  AND PAF.PERSON_TYPE_ID =2
  AND PPU.PERSON_TYPE_ID
  IN(2,62)
  and PAF.person_id = FND_PROFILE.value('user_id')
  AND PG.SEGMENT2=8)
  and using "restrict the people visible to each other using this profile".
  I have assigned the security profile to HR user responsibility
  But when I query the supervisor name in HR User responsibility , it is not restricting me from viewing supervisor details.
  When I query for first time, its restricting me to view others details, but when I close that click on torch button and try searching, its allowing me to access manages details.
  Can any one please let me know what setups need to be done for restricting employees from viewing supervisors data.
  I have gone through the document "Understanding and Using HRMS Security in Oracle HRMS" but didn't got any idea.
  Please suggest.
  Thanks & Regards,
  Anusha.

  Hi All ,
  i solved the problem by using event 01 of header view and using the table "Extract" .
  Regards,
  Neha

• Unable to use a custom security realm with Netscape Directory Server in WebLogic 7

  I have all users and groups stored in a Netscape LDAP server (version 4.1.6 on
  Solaris 8), so I want to create a custom security realm in WebLogic 7 (also run
  on Solaris 8) which uses my LDAP server as the Authenticator. I tried this by
  using the Admin Console and followed exactly the steps in Chapter 3 of the "Managing
  WebLogic Security" doc. However, when I rebooted WebLogic and logged into the
  Admin Console again and clicked the Users node under my custom realm, I saw this
  message in the right-hand pane: "There are no Authentication providers available
  that support the creation of Users". Also, I don't see my custom realm in the
  dropdown list under mydomain -> Security tab -> General tab -> Default Realm.
  What did I do wrong? Also, where does WebLogic store the custom security realm
  info? It is definitely not in config.xml.
  Thanks,
  Eric Ma

  Thanks for the info.
  I wonder when they will fix it.
  Jakub
  U¿ytkownik "Eric Ma" <[email protected]> napisa³ w wiadomo¶ci
  news:[email protected]..
  >
  According to BEA Tech Support, a known bug prevents the WLS 7 AdminConsole from
  displying users and groups defined in Netscape Directory Server.
  Eric Ma
  "Jakub Wroniszewski" <[email protected]> wrote:
  I have the same problem.
  Any new ideas?
  Rgds,
  Jakub
  U¿ytkownik "Eric Ma" <[email protected]> napisa³ w wiadomo¶ci
  news:[email protected]..
  Now I doubt my custom security realm is actually using the NetscapeDirectory Server
  as the authenticator. Unlike in WebLogic 6.1 Admin Console, whereclicking on
  the Users node displays all users in the LDAP server, in WebLogic 7I keep
  getting
  the message "There are no Authentication providers available that
  support
  the
  creation of Users." Any suggestions?
  "Eric Ma" <[email protected]> wrote:
  Never mind. I tried again by following the steps outlined at
  http://newsgroups.bea.com/cgi-bin/dnewsweb?cmd=article&group=weblogic.deve
  l
  oper.interest.security&item=8463&utag=
  and it seemed to have worked for me.
  "Eric Ma" <[email protected]> wrote:
  I have all users and groups stored in a Netscape LDAP server (version
  4.1.6 on
  Solaris 8), so I want to create a custom security realm in WebLogic7
  (also run
  on Solaris 8) which uses my LDAP server as the Authenticator. I
  tried
  this by
  using the Admin Console and followed exactly the steps in Chapter3
  of
  the "Managing
  WebLogic Security" doc. However, when I rebooted WebLogic and logged
  into the
  Admin Console again and clicked the Users node under my custom realm,
  I saw this
  message in the right-hand pane: "There are no Authentication
  providers
  available
  that support the creation of Users". Also, I don't see my customrealm
  in the
  dropdown list under mydomain -> Security tab -> General tab ->
  Default
  Realm.
  What did I do wrong? Also, where does WebLogic store the customsecurity
  realm
  info? It is definitely not in config.xml.
  Thanks,
  Eric Ma

• How to make Custom Discoverer workbook use Custom Security profile of Apps

  We use Discoverer in Oracle Apps setup. We have added Custom security in our HR People Form of Apps.
  This Custom Security restricts one HR Emplpoyee not view other HR employee record except for himself/herself. Also maintining that they should be able to view all other employee's records.
  The following code was put under the Security Profile Form -- > Custom Security Tab
  exists (select 1
  from per_jobs b
  where ASSIGNMENT.job_id = b.job_id
  and (b.name not like '%HR%')
  and (b.name not like '%Human%')
  and ASSIGNMENT.assignment_number is not null
  union
  select 1
  from fnd_user fu
  where fu.user_name = fnd_global.user_name
  and fu.employee_id = PERSON.person_id
  and ASSIGNMENT.assignment_number is not null)
  Above security profile works fine for HR People Form.
  However, It does not work for our Discoverer Workbooks. I found a note on Metalink 422841.1 which talks about leveraging the Custom Security of Apps in Discoverer Report. I read it, but did not get much clue.
  Can Anyone help.
  Thanks

  Hi,
  If you want to use custom HR security with Discoverer you have to ensure that the correct security filters are applied when the Discoverer reports are run. These filters can use the supplied HR_SECURITY package or you can develop your own conditions using table lookups or functions. To get the filters applied to your reports you have a number of options:
  1. Build the security into custom folders using additional conditions
  2. Use custom database views in Discoverer and build the security into the views
  3. Use mandatory conditions in you Discoverer folders using either a function call or database contexts set at login time
  4. Use VPD (Virtual Private Database)
  I am not sure which of these options you are using to implement your HR security in Discoverer. The last option, VPD, is the most flexible and can give the best performance but maybe it is more complex to set up.
  Rod West