Lightswitch HTML Sharepoint App: Access Control Methods

I have a Lightswitch HTML SharePoint App. Which is working well.
I have implemented user access security on the entities using SharePoint groups.
partial void UserAccessGroups_CanUpdate(ref bool result)
result = false;
var clientContext = Application.SharePoint.GetHostWebClientContext();
Microsoft.SharePoint.Client.Web web = clientContext.Web;
Microsoft.SharePoint.Client.GroupCollection UserGroups = web.CurrentUser.Groups;
clientContext.Load<Microsoft.SharePoint.Client.GroupCollection>(UserGroups);
clientContext.ExecuteQuery();
foreach (var item in UserGroups)
var permission = "UserAccessGroupAdmin";
if (item.Title == permission)
result = true;
break;
This works fine when I am debugging the application and it is running on localhost.
However when I publish theapp and it is running in an Azure site it doesn't work and I am un able to edit the entitiy.
I have set up the SharePoint Group on the site that is running the appp and assigned the user to the group.
Has anyone else had a similar experience or have any suggestions.
Thank you,
Andrew

This may help:
An End-To-End LightSwitch SharePoint Workflow Application
I have SharePoint permissions in that example and I tested it in production and it definitely works.
bool isMemberOfVacationApprovers = false;
var clientContext = this.Application.SharePoint.GetHostWebClientContext();
//Load the properties for the web object.
Microsoft.SharePoint.Client.Web web = clientContext.Web;
// Get the current web
clientContext.Load(web);
clientContext.ExecuteQuery();
// Groups for current User
Microsoft.SharePoint.Client.GroupCollection UserGroups = web.CurrentUser.Groups;
clientContext.Load<Microsoft.SharePoint.Client.GroupCollection>(UserGroups);
clientContext.ExecuteQuery();
foreach (var item in UserGroups)
if (item.Title == "Vacation Approvers")
isMemberOfVacationApprovers = true;
if (!isMemberOfVacationApprovers)
results.AddEntityError
("Only members of Vacation Approvers can edit this record.");
Unleash the Power - Get the LightSwitch 2013 HTML Client / SharePoint 2013 book
http://LightSwitchHelpWebsite.com

Similar Messages

Lightswitch HTML Sharepoint App: Sharepoint List error in screen

I am able to connect to add SharePoint as a data source and select lists to include in the solution. However when I run the application in debug mode the screen showing the list shows an error(see below). When the app is published running in an azure website
the list displays correctly in the screen.
Does anyone have any suggestions of what could be causing this?

I have noticed that I get see the following error on the event viewer of my development machine when this happens.
Source:Schannel
EventID:36888
A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 1203.
PS cannot yet add screen shot of the screen error as my account is not yet verified.

Lightswitch html use the 'any' query method

Hi
Can someone please tell me how i can use the "any" query method for entity collections in lightswitch html?
Thanks

Hi Xpert360
It's for a type of EntityCollection this is the code from the msls-2.5.2.vsdoc.js line 2220
any: function any(predicate) {
/// <summary>
/// Determines whether this sequence contains any
/// items that optionally satisfy a condition.
/// </summary>
/// <param name="predicate" type="Function" optional="true">
/// A function to test each item for a condition.
/// <br/>Signature: Boolean item.predicate(item)
/// </param>
/// <returns type="Boolean">
/// True if this sequence contains any items that
/// satisfy the condition, if any; otherwise, false.
/// </returns>
var result = false;
this.each(function (item) {
if (!predicate || predicate.call(item, item)) {
result = true;
return false;
return true;
return result;
Check it out and let me know if you know how to use it, my problem is how to use the call back function.
Thanks

Unable to find MSAD users in the projects- Planning app- Access contol re..

Hello,
I have configured MSAD and I could see all the users and groups. Not just MSAD but also native users
I was able to provision them and also access that application using that user.
But I don't see those user list in Projects ->PLanning app->Access control report or when I choose a member and try to assign access.
Could anyone please tell me where I am going wrong?
Do I have to do anything else to have them appear?
please suggest.
Thanks a lot.

This is what I see when I tried to do as you said
C:\Hyperion\deployments\WebLogic9\bin>echo off
JAVA Memory arguments: -Xms256m -Xmx512m
WLS Start Mode=Production
CLASSPATH=C:\Hyperion\common\CLS\9.3.1\lib\cls-9_3_1.jar;C:\Hyperion\common\SAP\
lib;;;C:\bea\patch_weblogic910\profiles\default\sys_manifest_classpath\weblogic_
patch.jar;C:\bea\jrockit90_150_04\lib\tools.jar;C:\bea\WEBLOG~1\server\lib\weblo
gic_sp.jar;C:\bea\WEBLOG~1\server\lib\weblogic.jar;C:\bea\WEBLOG~1\server\lib\we
bservices.jar;;C:\bea\WEBLOG~1\common\eval\pointbase\lib\pbclient51.jar;C:\bea\W
EBLOG~1\server\lib\xqrl.jar;;C:\bea\WEBLOG~1\integration\lib\util.jar;
PATH=C:\Hyperion\common\CSS\9.3.1\bin;C:\Hyperion\common\SAP\bin;;;C:\bea\patch_
weblogic910\profiles\default\native;C:\bea\WEBLOG~1\server\native\win\32;C:\bea\
WEBLOG~1\server\bin;C:\bea\jrockit90_150_04\jre\bin;C:\bea\jrockit90_150_04\bin;
C:\Hyperion\AnalyticServices\bin;c:\oracle\client\10.1\bin;c:\oracle\client\10.1
\jre\1.4.2\bin\client;c:\oracle\client\10.1\jre\1.4.2\bin;C:\Program Files\Suppo
rt Tools\;C:\Program Files\Windows Resource Kits\Tools\;C:\WINDOWS\system32;C:\W
INDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Intel\DMIX;C:\Program Files\3PA
R\MPIO\;C:\monitor\Patrol3\bin;C:\Hyperion\common\CLS\9.3.1\bin\windows;C:\Hyper
ion\AnalyticServices\bin;C:\bea\WEBLOG~1\server\native\win\32\oci920_8
* To start WebLogic Server, use a username and *
* password assigned to an admin-level user. For *
* server administration, use the WebLogic Server *
* console at http:\\hostname:port\console *
starting weblogic with Java version:
java version "1.5.0_04"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0_04-b05)
BEA JRockit(R) (build R26.0.0-189-53463-1.5.0_04-20051122-2041-win-ia32, )
Starting WLS with line:
C:\bea\jrockit90_150_04\bin\java -jrockit -Xms256m -Xmx512m -Dhyperion.home=C:
\Hyperion -Dweblogic.j2ee.application.tmpDir=C:\DOCUME~1\hyperion\LOCALS~1\Temp\
4\hyperion -Dweblogic.security.SSL.trustedCAKeyStore="C:\bea\weblogic91\server\l
ib\cacerts" -da -Dplatform.home=C:\bea\WEBLOG~1 -Dwls.home=C:\bea\WEBLOG~1\ser
ver -Dwli.home=C:\bea\WEBLOG~1\integration -Dweblogic.management.discover=false
-Dweblogic.management.server=http://localhost:7001 -Dwlw.iterativeDev=false -D
wlw.testConsole=false -Dwlw.logErrorsToConsole= -Dweblogic.ext.dirs=C:\bea\patch
weblogic910\profiles\default\sysextmanifest_classpath -Dweblogic.Name=Hyperio
nPlanning -Djava.security.policy=C:\bea\WEBLOG~1\server\lib\weblogic.policy we
blogic.Server
<Mar 20, 2009 1:20:46 PM EST> <Info> <WebLogicServer> <BEA-000377> <Starting Web
Logic Server with BEA JRockit(R) Version R26.0.0-189-53463-1.5.0_04-20051122-204
1-win-ia32 from BEA Systems, Inc.>
<Mar 20, 2009 1:20:50 PM EST> <Info> <Management> <BEA-141107> <Version: WebLogi
c Server 9.1 Mon Dec 12 19:26:33 EST 2005 689178 >
<Mar 20, 2009 1:20:52 PM EST> <Emergency> <Management> <BEA-141151> <The admin s
erver could not be reached at http://localhost:7001.>
<Mar 20, 2009 1:20:53 PM EST> <Info> <Configuration Management> <BEA-150018> <Th
is server is being started in managed server independence mode in the absence of
the admin server.>
<Mar 20, 2009 1:20:53 PM EST> <Info> <WebLogicServer> <BEA-000215> <Loaded Licen
se : C:\bea\license.bea>
<Mar 20, 2009 1:20:53 PM EST> <Notice> <WebLogicServer> <BEA-000365> <Server sta
te changed to STARTING>
<Mar 20, 2009 1:20:53 PM EST> <Info> <WorkManager> <BEA-002900> <Initializing se
lf-tuning thread pool>
<Mar 20, 2009 1:20:53 PM EST> <Notice> <Log Management> <BEA-170019> <The server
log file C:\Hyperion\deployments\WebLogic9\servers\HyperionPlanning\logs\Hyperi
onPlanning.log is opened. All server side log events will be written to this fil
e.>
<Mar 20, 2009 1:21:06 PM EST> <Notice> <Security> <BEA-090082> <Security initial
izing using security realm myrealm.>
<Mar 20, 2009 1:21:14 PM EST> <Notice> <WebLogicServer> <BEA-000365> <Server sta
te changed to STANDBY>
<Mar 20, 2009 1:21:14 PM EST> <Notice> <WebLogicServer> <BEA-000365> <Server sta
te changed to STARTING>
Creating rebind thread to RMI
Cache Control is :public,max-age=2592000
<Mar 20, 2009 1:21:16 PM EST> <Warning> <Log Management> <BEA-170011> <The LogBr
oadcaster on this server failed to broadcast log messages to the admin server. T
he Admin server may not be running. Message broadcasts to the admin server will
be disabled.>
<Mar 20, 2009 1:21:17 PM EST> <Notice> <WebLogicServer> <BEA-000365> <Server sta
te changed to ADMIN>
<Mar 20, 2009 1:21:17 PM EST> <Notice> <WebLogicServer> <BEA-000365> <Server sta
te changed to RESUMING>
<Mar 20, 2009 1:21:17 PM EST> <Notice> <Server> <BEA-002613> <Channel "Default"
is now listening on 170............:8300 for protocols iiop, t3, ldap, http.>
<Mar 20, 2009 1:21:17 PM EST> <Notice> <Server> <BEA-002613> <Channel "Default[1
]" is now listening on 10............:8300 for protocols iiop, t3, ldap, http.>
<Mar 20, 2009 1:21:17 PM EST> <Warning> <JMX> <BEA-149510>
<Unable to establish
JMX Connectivity with the Adminstration Server AdminServer at <JMXServiceURL:nul
l>.>
<Mar 20, 2009 1:21:17 PM EST> <Notice> <WebLogicServer> <BEA-000365> <Server sta
te changed to RUNNING>
<Mar 20, 2009 1:21:17 PM EST> <Notice> <WebLogicServer> <BEA-000360> <Server sta
rted in RUNNING mode>
java.rmi.ConnectException: Connection refused to host: 170...................; nested ex
ception is:
java.net.ConnectException: Connection refused: connect
at sun.rmi.transport.tcp.TCPEndpoint.newSocket(TCPEndpoint.java:574)
at sun.rmi.transport.tcp.TCPChannel.createConnection(TCPChannel.java:185
at sun.rmi.transport.tcp.TCPChannel.newConnection(TCPChannel.java:171)
at sun.rmi.server.UnicastRef.newCall(UnicastRef.java:306)
at sun.rmi.registry.RegistryImpl_Stub.rebind(Ljava.lang.String;Ljava.rmi
.Remote;)V(Unknown Source)
at java.rmi.Naming.rebind(Naming.java:160)
at com.hyperion.planning.HspJSHomeImpl$RebindTask.run()V(Unknown Source)
at java.util.TimerThread.mainLoop(Timer.java:512)
at java.util.TimerThread.run(Timer.java:462)
Caused by: java.net.ConnectException: Connection refused: connect
at java.net.PlainSocketImpl.socketConnect(Ljava.net.InetAddress;II)V(Nat
ive Method)
at java.net.PlainSocketImpl.doConnect(PlainSocketImpl.java:333)
at java.net.PlainSocketImpl.connectToAddress(PlainSocketImpl.java:195)
at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:182)
at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:364)
at java.net.Socket.connect(Socket.java:507)
at java.net.Socket.connect(Socket.java:457)
at java.net.Socket.<init>(Socket.java:365)
at java.net.Socket.<init>(Socket.java:178)
at sun.rmi.transport.proxy.RMIDirectSocketFactory.createSocket(RMIDirect
SocketFactory.java:22)
at sun.rmi.transport.proxy.RMIMasterSocketFactory.createSocket(RMIMaster
SocketFactory.java:128)
at sun.rmi.transport.tcp.TCPEndpoint.newSocket(TCPEndpoint.java:569)
... 8 more
java.rmi.ConnectException: Connection refused to host: 170...................; nested ex
ception is:
java.net.ConnectException: Connection refused: connect
at sun.rmi.transport.tcp.TCPEndpoint.newSocket(TCPEndpoint.java:574)
at sun.rmi.transport.tcp.TCPChannel.createConnection(TCPChannel.java:185
at sun.rmi.transport.tcp.TCPChannel.newConnection(TCPChannel.java:171)
at sun.rmi.server.UnicastRef.newCall(UnicastRef.java:306)
at sun.rmi.registry.RegistryImpl_Stub.rebind(Ljava.lang.String;Ljava.rmi
.Remote;)V(Unknown Source)
at java.rmi.Naming.rebind(Naming.java:160)
at com.hyperion.planning.HspJSHomeImpl$RebindTask.run()V(Unknown Source)
at java.util.TimerThread.mainLoop(Timer.java:512)
at java.util.TimerThread.run(Timer.java:462)
Caused by: java.net.ConnectException: Connection refused: connect
at java.net.PlainSocketImpl.socketConnect(Ljava.net.InetAddress;II)V(Nat
ive Method)
at java.net.PlainSocketImpl.doConnect(PlainSocketImpl.java:333)
at java.net.PlainSocketImpl.connectToAddress(PlainSocketImpl.java:195)
at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:182)
at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:364)
at java.net.Socket.connect(Socket.java:507)
at java.net.Socket.connect(Socket.java:457)
at java.net.Socket.<init>(Socket.java:365)
at java.net.Socket.<init>(Socket.java:178)
at sun.rmi.transport.proxy.RMIDirectSocketFactory.createSocket(RMIDirect
SocketFactory.java:22)
at sun.rmi.transport.proxy.RMIMasterSocketFactory.createSocket(RMIMaster
SocketFactory.java:128)
at sun.rmi.transport.tcp.TCPEndpoint.newSocket(TCPEndpoint.java:569)
... 8 more
java.rmi.ConnectException: Connection refused to host: 170......................; nested ex
ception is:
java.net.ConnectException: Connection refused: connect
at sun.rmi.transport.tcp.TCPEndpoint.newSocket(TCPEndpoint.java:574)
at sun.rmi.transport.tcp.TCPChannel.createConnection(TCPChannel.java:185
at sun.rmi.transport.tcp.TCPChannel.newConnection(TCPChannel.java:171)
at sun.rmi.server.UnicastRef.newCall(UnicastRef.java:306)
at sun.rmi.registry.RegistryImpl_Stub.rebind(Ljava.lang.String;Ljava.rmi
.Remote;)V(Unknown Source)
at java.rmi.Naming.rebind(Naming.java:160)
at com.hyperion.planning.HspJSHomeImpl$RebindTask.run()V(Unknown Source)
at java.util.TimerThread.mainLoop(Timer.java:512)
at java.util.TimerThread.run(Timer.java:462)
Caused by: java.net.ConnectException: Connection refused: connect
at java.net.PlainSocketImpl.socketConnect(Ljava.net.InetAddress;II)V(Nat
ive Method)
at java.net.PlainSocketImpl.doConnect(PlainSocketImpl.java:333)
at java.net.PlainSocketImpl.connectToAddress(PlainSocketImpl.java:195)
at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:182)
at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:364)
at java.net.Socket.connect(Socket.java:507)
at java.net.Socket.connect(Socket.java:457)
at java.net.Socket.<init>(Socket.java:365)
at java.net.Socket.<init>(Socket.java:178)
at sun.rmi.transport.proxy.RMIDirectSocketFactory.createSocket(RMIDirect
SocketFactory.java:22)
at sun.rmi.transport.proxy.RMIMasterSocketFactory.createSocket(RMIMaster
SocketFactory.java:128)
at sun.rmi.transport.tcp.TCPEndpoint.newSocket(TCPEndpoint.java:569)
... 8 more
Setting Arbor path to: C:\Hyperion\common\EssbaseRTC\9.3.1
Setting HBR Mode to: 2
HBR Logging Config File : HBRServer.properties
2009-03-20 13:23:59,283 WARN [ACTIVE] ExecuteThread: '0' for queue: 'weblogic.ke
rnel.Default (self-tuning)' com.hyperion.hbr.security.HbrSecurityAPI - Error ret
rieving user by identity
Embedded HBR initialized.
[INFO] AuthChallengeProcessor - basic authentication scheme selected
[INFO] AuthChallengeProcessor - basic authentication scheme selected
[INFO] AuthChallengeProcessor - basic authentication scheme selected
java.rmi.ConnectException: Connection refused to host: 170..............; nested ex
ception is:
java.net.ConnectException: Connection refused: connect
at sun.rmi.transport.tcp.TCPEndpoint.newSocket(TCPEndpoint.java:574)
at sun.rmi.transport.tcp.TCPChannel.createConnection(TCPChannel.java:185
at sun.rmi.transport.tcp.TCPChannel.newConnection(TCPChannel.java:171)
at sun.rmi.server.UnicastRef.newCall(UnicastRef.java:306)
at sun.rmi.registry.RegistryImpl_Stub.rebind(Ljava.lang.String;Ljava.rmi
.Remote;)V(Unknown Source)
at java.rmi.Naming.rebind(Naming.java:160)
at com.hyperion.planning.HspJSHomeImpl$RebindTask.run()V(Unknown Source)
at java.util.TimerThread.mainLoop(Timer.java:512)
at java.util.TimerThread.run(Timer.java:462)
Caused by: java.net.ConnectException: Connection refused: connect
at java.net.PlainSocketImpl.socketConnect(Ljava.net.InetAddress;II)V(Nat
ive Method)
at java.net.PlainSocketImpl.doConnect(PlainSocketImpl.java:333)
at java.net.PlainSocketImpl.connectToAddress(PlainSocketImpl.java:195)
at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:182)
at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:364)
at java.net.Socket.connect(Socket.java:507)
at java.net.Socket.connect(Socket.java:457)
at java.net.Socket.<init>(Socket.java:365)
at java.net.Socket.<init>(Socket.java:178)
at sun.rmi.transport.proxy.RMIDirectSocketFactory.createSocket(RMIDirect
SocketFactory.java:22)
at sun.rmi.transport.proxy.RMIMasterSocketFactory.createSocket(RMIMaster
SocketFactory.java:128)
at sun.rmi.transport.tcp.TCPEndpoint.newSocket(TCPEndpoint.java:569)
... 8 more
[Fri Mar 20 13:24:24 EST 2009] Planning successfully notified HBR repository.
java.rmi.ConnectException: Connection refused to host: 170...........; nested ex
ception is:
java.net.ConnectException: Connection refused: connect
at sun.rmi.transport.tcp.TCPEndpoint.newSocket(TCPEndpoint.java:574)
at sun.rmi.transport.tcp.TCPChannel.createConnection(TCPChannel.java:185
at sun.rmi.transport.tcp.TCPChannel.newConnection(TCPChannel.java:171)
at sun.rmi.server.UnicastRef.newCall(UnicastRef.java:306)
at sun.rmi.registry.RegistryImpl_Stub.rebind(Ljava.lang.String;Ljava.rmi
.Remote;)V(Unknown Source)
at java.rmi.Naming.rebind(Naming.java:160)
at com.hyperion.planning.HspJSHomeImpl$RebindTask.run()V(Unknown Source)
at java.util.TimerThread.mainLoop(Timer.java:512)
at java.util.TimerThread.run(Timer.java:462)
Caused by: java.net.ConnectException: Connection refused: connect
at java.net.PlainSocketImpl.socketConnect(Ljava.net.InetAddress;II)V(Nat
ive Method)
at java.net.PlainSocketImpl.doConnect(PlainSocketImpl.java:333)
at java.net.PlainSocketImpl.connectToAddress(PlainSocketImpl.java:195)
at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:182)
at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:364)
at java.net.Socket.connect(Socket.java:507)
at java.net.Socket.connect(Socket.java:457)
at java.net.Socket.<init>(Socket.java:365)
at java.net.Socket.<init>(Socket.java:178)
at sun.rmi.transport.proxy.RMIDirectSocketFactory.createSocket(RMIDirect
SocketFactory.java:22)
at sun.rmi.transport.proxy.RMIMasterSocketFactory.createSocket(RMIMaster
SocketFactory.java:128)
at sun.rmi.transport.tcp.TCPEndpoint.newSocket(TCPEndpoint.java:569)
... 8 more
Edited by: [email protected] on Mar 20, 2009 11:36 AM

How to add access control to a WebService in Weblogic

Hello experts,
I developed a Web Service and I deployed it on Weblogic: it reads a SOAP request and, according to the input, it performs some actions.
Now we would need to implement an access control on it, we read some information in the documentation we find on google, but none of these was exhaustive: did anyone of you implemented already an access control policy?
And how did you do?
Thank you

Hello Arunkumar,
my JDev is 11.1.1.5.0.
I checked the documentation, but it's not clear for me in which of those scenarios we are: we have an Oracle Service Bus that needs to contact an application, but we don't want to grant a direct access to it.
So the bus is calling the web service that it's triggering the events on the application.
Everything works fine, but we need now to put at least an access control method, in order to avoid that a simple call from SoapUI may triggers the operations on our Web Service.

SharePoint Provider Hosted App (401) Unauthorized Microsoft.SharePoint.SPException: The Azure Access Control service is unavailable

Hello,
I'm attempting to get a SharePoint 2013 Provider Hosted Application working in a brand new SharePoint environment. I've created snapshots of both my dev and the sharepoint environments along the way and have meticulously documented every step of the
way. I've followed these instructions (among many other resources found along this journey) :
http://msdn.microsoft.com/en-us/library/fp179923(office.15).aspx
http://technet.microsoft.com/en-us/library/fp161236(office.15).aspx
http://msdn.microsoft.com/library/office/fp179901%28v=office.15%29
Upon package and publish of my application to SharePoint, I get a 401 Unauthorized error. I use Fiddler to obtain the SPErrorCorrelationID to ultimately obtain the following ULS Viewer Output. Please explain how to fix if you're able.
Please Note: I was under the impression that a Provider Hosted Application does not use the Azure Access Control service, so I'm confused as to why my system is attempting to make this connection?
Also Note: I've used a self signed and godday obtained certificate to successfully f5 debug my basic web.title (out of the visual studio 2012 box) sharepoint provider hosted application... so I know my certs are good.
Here's my ULS output:
03/24/2014 08:54:47.83   w3wp.exe (0x1448)   0x22D8   SharePoint Foundation   Logging Correlation Data   xmnv   Medium   Name=Request (GET:http://portal.cltenet.com/_layouts/15/appredirect.aspx?instance_id=22d5252f%2D392c%2D4f68%2Db820%2Da3053b9d4f24)
306c809c-66a1-d0d5-d8e2-89d3631ce1bf
03/24/2014 08:54:47.83   w3wp.exe (0x1448)   0x22D8   SharePoint Foundation   Authentication Authorization   agb9s   Medium   Non-OAuth request.
IsAuthenticated=True, UserIdentityName=0#.w|cltenet\sp.apps, ClaimsCount=25   306c809c-66a1-d0d5-d8e2-89d3631ce1bf
03/24/2014 08:54:47.83   w3wp.exe (0x1448)   0x22D8   SharePoint Foundation   Logging Correlation Data   xmnv   Medium   Site=/   306c809c-66a1-d0d5-d8e2-89d3631ce1bf
03/24/2014 08:54:47.84   w3wp.exe (0x1448)   0x22D8   SharePoint Foundation   App Deployment   acjjg   Medium   The current user has System.Threading.Thread.CurrentPrincipal.Identity.Name
= 0#.w|cltenet\sp.apps, System.Security.Principal.WindowsIdentity.GetCurrent().Name = NT AUTHORITY\IUSR, System.Web.HttpContext.Current.User.Identity.Name = 0#.w|cltenet\sp.apps.   306c809c-66a1-d0d5-d8e2-89d3631ce1bf
03/24/2014 08:54:47.84   w3wp.exe (0x1448)   0x22D8   SharePoint Foundation   App Auth   ajsrv   Medium   redirectLaunUrl after getting it from query
string, web or app instance: https://hightrust31.cltenetapps.com/Pages/Default.aspx?{StandardTokens}   306c809c-66a1-d0d5-d8e2-89d3631ce1bf
03/24/2014 08:54:47.85   w3wp.exe (0x1448)   0x22D8   SharePoint Foundation   General   aib0n   High   trying to get app tokens for site: 888b71f7-51ee-40f5-8344-8de4869d37d0
Unable to load app tokens from appInstanceId: 22d5252f-392c-4f68-b820-a3053b9d4f24   306c809c-66a1-d0d5-d8e2-89d3631ce1bf
03/24/2014 08:54:47.85   w3wp.exe (0x1448)   0x22D8   SharePoint Foundation   App Auth   ajsrw   Medium   redirectLaunUrl after getting token replacement:
https://hightrust31.cltenetapps.com/Pages/Default.aspx?SPHostUrl=http%3A%2F%2Fportal%2Ecltenet%2Ecom&SPLanguage=en%2DUS&SPClientTag=0&SPProductNumber=15%2E0%2E4420%2E1017   306c809c-66a1-d0d5-d8e2-89d3631ce1bf
03/24/2014 08:54:47.85   w3wp.exe (0x1448)   0x22D8   SharePoint Foundation   App Auth   ajsry   Medium   m_oauthAppId after NormalizeAppIdentifier()
i:0i.t|ms.sp.ext|[email protected]8df36d5d. Now getting app principal info.   306c809c-66a1-d0d5-d8e2-89d3631ce1bf
03/24/2014 08:54:47.85   w3wp.exe (0x1448)   0x22D8   SharePoint Foundation   App Auth   ajsr0   Medium   decided that we need to do a POST to the
app.   306c809c-66a1-d0d5-d8e2-89d3631ce1bf
03/24/2014 08:54:47.85   w3wp.exe (0x1448)   0x22D8   SharePoint Foundation   App Auth   ajsr1   Medium   m_redirectMessage: EndpointAuthorityMatches
306c809c-66a1-d0d5-d8e2-89d3631ce1bf
03/24/2014 08:54:47.85   w3wp.exe (0x1448)   0x22D8   SharePoint Foundation   App Auth   ajsr2   Medium   realm matched attempting to get app token
using GetAccessToken()   306c809c-66a1-d0d5-d8e2-89d3631ce1bf
03/24/2014 08:54:47.85   w3wp.exe (0x1448)   0x22D8   SharePoint Foundation   App Auth   advzm   High   Error when get token for app i:0i.t|ms.sp.ext|[email protected]8df36d5d,
exception: Microsoft.SharePoint.SPException: The Azure Access Control service is unavailable.     at Microsoft.SharePoint.ApplicationServices.SPApplicationContext.GetApplicationSecurityTokenServicesUri(SPServiceContext serviceContext)
at Microsoft.SharePoint.ApplicationServices.SPApplicationContext..ctor(SPServiceContext serviceContext, SPIdentityContext userIdentity, OAuth2EndpointIdentity applicationEndPoint)     at Microsoft.SharePoint.SPSecurityContext.SecurityTokenForApplicationContext(SPIdentityContext
userIdentityContext, String applicationId, Uri applicationRealm, SPApplicationContextAccessTokenType applicationTokenType, SPApplicationDelegationConsentType consentValue)     at Microsoft.SharePoint.SPServerToAppServerAccessTokenManager.GetAccessTokenPrivate(SPServiceContext
serviceContext, String appId, Uri appEndpointUrl, SPAppPrincipalInfo appPrincipal, SPApplicationContextAccessTokenType tokenType, Boolean useThreadIdentity, SPUserToken userToken)   306c809c-66a1-d0d5-d8e2-89d3631ce1bf
03/24/2014 08:54:47.85   w3wp.exe (0x1448)   0x22D8   SharePoint Foundation   App Auth   ajsr3   High   App token requested from appredirect.aspx
for site: 888b71f7-51ee-40f5-8344-8de4869d37d0 but there was an error in generating it. This may be a case when we do not need a token or when the app principal was not properly set up. LaunchUrl:https://hightrust31.cltenetapps.com/Pages/Default.aspx?SPHostUrl=http://portal.cltenet.com&SPLanguage=en-US&SPClientTag=0&SPProductNumber=15.0.4420.1017
Exception Message:The Azure Access Control service is unavailable. Stacktrace:    at Microsoft.SharePoint.ApplicationServices.SPApplicationContext.GetApplicationSecurityTokenServicesUri(SPServiceContext serviceContext)
at Microsoft.SharePoint.ApplicationServices.SPApplicationContext..ctor(SPServiceContext serviceContext, SPIdentityContext userIdentity, OAuth2EndpointIdentity applicationEndPoint)     at Microsoft.SharePoint.SPSecurityContext.SecurityTokenForApplicationContext(SPIdentityContext
userIdentityContext, String applicationId, Uri applicationRealm, SPApplicationContextAccessTokenType applicationTokenType, SPApplicationDelegationConsentType consentValue)     at Microsoft.SharePoint.SPServerToAppServerAccessTokenManager.GetAccessTokenPrivate(SPServiceContext
serviceContext, String appId, Uri appEndpointUrl, SPAppPrincipalInfo appPrincipal, SPApplicationContextAccessTokenType tokenType, Boolean useThreadIdentity, SPUserToken userToken)     at Microsoft.SharePoint.SPServerToAppServerAccessTokenManager.GetAccessTokenFromThreadIdentityOrUserToken(SPServiceContext
serviceContext, String appId, Uri appEndpointUrl, SPApplicationContextAccessTokenType tokenType, SPAppPrincipalInfo appPrincipal, Boolean useThreadIdentity, SPUserToken userToken)     at Microsoft.SharePoint.ApplicationPages.AppRedirectPage.ValidateAndProcessRequest().
Since this is a nonfatal error, it will be sanitized and posted to the app as part of the app launch.   306c809c-66a1-d0d5-d8e2-89d3631ce1bf
03/24/2014 08:54:47.85   w3wp.exe (0x1448)   0x22D8   SharePoint Foundation   General   ajlz0   High   Getting Error Message for Exception Microsoft.SharePoint.SPException:
The Azure Access Control service is unavailable.     at Microsoft.SharePoint.ApplicationServices.SPApplicationContext.GetApplicationSecurityTokenServicesUri(SPServiceContext serviceContext)     at Microsoft.SharePoint.ApplicationServices.SPApplicationContext..ctor(SPServiceContext
serviceContext, SPIdentityContext userIdentity, OAuth2EndpointIdentity applicationEndPoint)     at Microsoft.SharePoint.SPSecurityContext.SecurityTokenForApplicationContext(SPIdentityContext userIdentityContext, String applicationId, Uri
applicationRealm, SPApplicationContextAccessTokenType applicationTokenType, SPApplicationDelegationConsentType consentValue)     at Microsoft.SharePoint.SPServerToAppServerAccessTokenManager.GetAccessTokenPrivate(SPServiceContext serviceContext,
String appId, Uri appEndpointUrl, SPAppPrincipalInfo appPrincipal, SPApplicationContextAccessTokenType tokenType, Boolean useThreadIdentity, SPUserToken userToken)     at Microsoft.SharePoint.SPServerToAppServerAccessTokenManager.GetAccessTokenFromThreadIdentityOrUserToken(SPServiceContext
serviceContext, String appId, Uri appEndpointUrl, SPApplicationContextAccessTokenType tokenType, SPAppPrincipalInfo appPrincipal, Boolean useThreadIdentity, SPUserToken userToken)     at Microsoft.SharePoint.ApplicationPages.AppRedirectPage.ValidateAndProcessRequest()
306c809c-66a1-d0d5-d8e2-89d3631ce1bf
03/24/2014 08:54:47.85   w3wp.exe (0x1448)   0x22D8   SharePoint Foundation   App Auth   aib0p   Medium   Doing appredirect from appredirect.aspx:
in site: 888b71f7-51ee-40f5-8344-8de4869d37d0 with RedirectLaunchUrl: https://hightrust31.cltenetapps.com/Pages/Default.aspx?SPHostUrl=http%3A%2F%2Fportal%2Ecltenet%2Ecom&SPLanguage=en%2DUS&SPClientTag=0&SPProductNumber=15%2E0%2E4420%2E1017
306c809c-66a1-d0d5-d8e2-89d3631ce1bf
03/24/2014 08:54:47.85   w3wp.exe (0x1448)   0x22D8   SharePoint Foundation   Monitoring   b4ly   Medium   Leaving Monitored Scope (Request (GET:http://portal.cltenet.com/_layouts/15/appredirect.aspx?instance_id=22d5252f%2D392c%2D4f68%2Db820%2Da3053b9d4f24)).
Execution Time=26.5933938531294   306c809c-66a1-d0d5-d8e2-89d3631ce1bf
Your help is very much appreciated.
With Respect,
Larry

Yes, actually - I was able to resolve it.
However I don't know how, unfortunately. I suspect it was because I needed to have the names of the certificates, defined during the certificate registration (to sharepoint) process, different.
I have a complete document that shows step by step instructions on the exact process I took to complete the provider hosted application creation, deployment and publishing. It was a daunting task, but I finished it successfully.
If there's a way to send private message on this forum, please do so and I'll respond with a way to obtain my document.
NOTE: I'm not all impressed with the way this forum works. This is supposed to be a Microsoft resource and I'll be damned if I ever get a response to highly technical questions. Completely lame. Boooooo Microsoft.

Occasionally Connected LightSwitch HTML Apps Using JayData

JayData, as many are probably aware from prior blog posts and discussions on this forum, is a powerful JavaScript utility library for OData providers, including LightSwitch.
Recently, the JayData developers have expanded the
provider offerings to include many other database programmatic interfaces.
Their latest release, JayData 1.3.6, codenamed “Advanced Sync Edition,” aims to support occasionally connected apps by exploiting the local storage capability of the browser (Web SQL. sqLite, IndexedDb, etc.).
Development is simplified when using the same data model and API for writing to both local storage and the OData endpoint.
An example of this is shown at How to Create a Synchronized Online-Offline Data App with JavaScript and JayData.
This model, the “To Does” project, was successfully adapted to a LightSwitch HTML app without difficulty.
Although “To Does” projects like this serve as a nice proof-of-concept, they are excessively simple compared to real world business applications.
Fortunately, JayData 1.3.6 also includes support for configurable foreign keys.
With this, more complex object-relational mapping that would typically be used with Entity Framework and similar RDBMS may be approximated.
To illustrate, the To Does project was expanded to include entity relationships.
Specifically, a To Do must be assigned to a single individual Project, and any single Project can have many To Does.
A Project can be assigned to an Employee or to multiple Employees, while an Employee can have a single Project or many Projects, thus defining a many-to-many relationship between Employee and Project.
So how might and online-offline LightSwitch HTML application work in practice?
Ideally in my opinion, the transition from online to offline and back should be seamless and transparent to the user, allowing for both UX and UI to be unperturbed.
This approach turned out to be too difficult for me as a developer, as I experienced problems with the closed-end nature of LightSwitch’s Visual Collection object, for instance. Separation of concerns is a real challenge with this approach.
There is also the separate UI approach for both offline and online data entry, which have been nicely illustrated by Michael Washington and Paul van Bladel on their blogs using JayData and BreezeJS with AngularJS alongside a LightSwitch HTML
app. This approach is valid, and from the viewpoint of the developer has its advantages. From a design standpoint, it is likely to be frustrating for an end-user who must deal with “spotty” network coverage, necessitating changing back-and-forth
from one UI to another.
I opted for a hybrid approach, staying entirely inside the LightSwitch HTML app environment but having individual menu options to select depending on the user’s online status, which is constantly displayed with a status icon (see Main Menu figure).
In many cases, the native LightSwitch screen and menu buttons are fully functional in the offline state.
When they are not, most often with regard to a “Browse” screen or involving a Visual Collection, I have substituted the updated WinJS library (now at
version 4.0, capable of replacing LightSwitch’s v1.0 with no breaking changes) to create a custom control that resembles the LightSwitch listview.
To use the app, you can use any of the online Menu buttons to enter Employee, Project, or To Do data in the usual way while connected.
The Offline menu buttons are functional in either a connected or disconnected status, which can be tested by disabling your devices WiFi, for example.
This LightSwitch app does not work with all browsers, however.
Because the local database is stored using the Web SQL/sqLite JayData API, it is not supported by either IE or FireFox.
It is supported by Chrome, Safari, Opera, Android browsers, Kindle Fire, and iPad browsers
(see link).
To see the local data stored in Web SQL while using Chrome, you can press F12, select Resources, and expand Web SQL to see the Table data updated with each transaction (see figure).
After entering data using the Offline menu selections, you will want to synchronize your local data with the remote LightSwitch database, which is performed by clicking “Synchronize Offline to Online” on the Main Menu.
A success or error dialog message should follow, depending on the result of the sync.
The dates and times of the last synchronizations are displayed on the Main Menu.
With each online database transaction, including offline to online syncs, the offline database is updated to reflect the very latest LightSwitch application data.
This method attempts to have the LightSwitch online database as the “single source of truth” as much as possible while the user is online.
Lastly (if anyone is still reading this far), note that by design there is no business logic programmed into this application; business logic is a separate issue to be addressed.
There can be as many incomplete To Does as you want, an Employee can be assigned the same Project many times, etc.
If your application requires business logic, you will have to program it into the client-side in order for the user to be prompted to follow it while offline.
To experiment with LightSwitch OfflineToDoes app, go to:
http://offlinetodoes.azurewebsites.net/htmlclient
…and log in with username “testuser” and password “Testuser1!”
In a few days I will try to load the sample project code to MSDN for anyone to download and review if desired.
TL;DR:
JayData provides an attractive solution for creating online-offline LightSwitch HTML apps by automating a single codebase to carry out CRUD operations on both a local datasource and the remote LightSwitch database.
Integrating the offline portion of the app into the LightSwitch UI requires an individualized solution and is code-intensive, however.

Thank you both for the input. Zardoz, I tried making a couple of updates to address items you mentioned. I left unfixed the problem that occurs when editing an offline Project's budget item..this still does not work. LightSwitch identifies this
entity as a decimal, WebSql expects a plain number, but LightSwitch's post-processing business type formats it to currency (I see USD, you may see NZD, AUD, etc.) In the console there is a "getModel() is undefined" in msls.js. If I take
out the Money business type to regular Text on the View, it works fine.
I'm not sure if I understood your last item just right, but I tweaked the Add Edit Offline Project screen to prevent the Project from being null if the user only enters a new To Do. Not sure why the screen validation wasn't firing before.
Regarding navigation, I don't wish to use the browser's back or forward buttons at all for the app, especially the Offline portion, only the LightSwitch menu navigation and command buttons. I know Xpert360 has shown how to put the former LightSwitch back
button in the app which is useful too. Navigation, cacheing and disposing were some of the tricky parts getting to integrate between LightSwitch UI and offline custom controls. Occasionally I felt like I was having to be "clever" at solutions,
except that when it comes to programming, I'm not a fan of cleverness.
The project is published
here. Hopefully this serves as a good starting point for someone, and I look forward to seeing how it can be improved upon and used in practice.

(Video) LightSwitch Cloud Business Apps and SharePoint Workflows

You can create advanced enterprise applications when you incorporate Visual Studio LightSwitch Cloud Business Apps and SharePoint Workflows into your solutions. Microsoft SharePoint workflows are powerful, but the non-code version created with the SharePoint
Designer do not allow you to implement complex data bound business rules without making web service HTTP calls. You can make these calls to Visual Studio LightSwitch Cloud Business Apps.
LightSwitch Cloud Business Apps and SharePoint Workflows
Unleash the Power - Get the LightSwitch 2013 HTML Client / SharePoint 2013 book
http://LightSwitchHelpWebsite.com

Thank You!
Unleash the Power - Get the LightSwitch 2013 HTML Client / SharePoint 2013 book
http://LightSwitchHelpWebsite.com

How to access the C# file in server from Lightswitch HTML Client

Hi,
In that LightSwitch HTML Application i have some c# file in the server project.How can i access those C# file in the screens (HTML Client project )
thanks,
goblalakrishnan s
gobalakrishnan S

Hi,
with implementing Generic File Handlers (.ashx)
See follow link:
http://lightswitchhelpwebsite.com/Blog/tabid/61/EntryId/174/Full-Control-LightSwitch-ServerApplicationContext-And-Generic-File-Handlers-And-Ajax-Calls.aspx
regards
j.nord

Lightswitch Sharepoint App. Publish Problem

I really could use some help:
I have a Lightswitch Sharepoint App that has been published for a while. I have just made a small change to a screen.
When I click on publish I am immediately presented with the following message box error:
An unhandled exception of type 'System.ServiceModel.Security.MessageSecurityException' occured.
Additional Information: The HTTP request was forbidden with client authentication scheme 'Anonymous'.'
A Fleet

try logging into azure from visual studio server manager,
you may have to clear out your cookies etc
I experienced the same issue the other day.
logging in and out of azure/office 365 with different accounts messes up sometimes.
mrP

"Assign Access Control" returns error for essbase apps in shared services

Hello,
I installed and configured Oracle EPM 11.1.2 (Foundation, Essbase, Planning, Reporting&Analysis):
OS: Windows Server 2008 Sp2 (32bit)
Default Installation with default ports,
Installation of all components on the same server,
no clustering
EPM System Diagnostic says that everything is OK.
Now I want to assign filter access for an essbase database in the Shared Services.
Starting the menu item "Assign Access Control" in Shared Services returns the following error:
Error 404--Not Found
From RFC 2068 Hypertext Transfer Protocol -- HTTP/1.1:
+10.4.5 404 Not Found+
The server has not found anything matching the Request-URI. No indication is given of whether the condition is temporary or permanent.
+....+
Can anybody help ???
best regards,
Nicole

Hello,
here's what I found out so far:
I get the error if I start the shared services console via the URL "http://servername:port/interop/index.jsp" and then select the "assign access control" for an essbase database.
If I start the shared services console via the workspace everything works fine.
Does anybody know what to do so that it also works if I start the shared services console via URL?
best regards,
Nicole

Data Access control in J2EE technologies/apps

Hi Guys,
I am working on a project that requires that i implement a mechanism for controlling data access to the content that is displayed on the pages of a Struts based web application.
First off to clarify, i am not refering to the ability for different users to log on to a specific page and or view specific pages. That is a different type of access control. I am more interested in the "Data Access" i.e. where multiple users can view the same page but the data that is displayed depend on the data access control privileges they have.
I am intersted to know of the different approaches/frameworks out there to implementing "data access" control. Is there a framework out there for this kind of thing?
Im thinking to do this the controls/privileges need to be configured (i.e. data access categories, users etc) somewhere probably in the database. The rules can get quite complicated so im wondering whether there is already a framework that i can use to accomplish this rather than implementing it from scratch.
Thinking about how it will work, the rules the govern the access are very specific to our business domain so i am not really sure whether it is possible if there is any third party framework that i can use that is very generic and will allow the rules to be configured.
Thanks

you are right, access control is very application dependent, and is therefore not a good target to turn into a generic framework.
In my opinion the king of security frameworks is Spring Security, so you could take a look at that.
[http://static.springsource.org/spring-security/site/|http://static.springsource.org/spring-security/site/]
Other than that, I have used a simple setup using Javaserver Faces. I had a user bean with a set of boolean flags indicating the user's capabilities (directly mapped to a database table) and in the components I would have rendered="#{user.userRole}" attributes where necessary, to conditionally switch off elements when the user wasn't allowed to see it, in some cases rendering a readonly view in stead.
Its a chore to test, but quite easy to maintain and to read IMO.

ADF Authorization for ADF Mobile:Configuring Access Control URL for ADF App

Can someone explain, how to expose weblogic user roles as a Rest Json Api? Basically I want to set up Access Control URL to authorize users on adf mobile.

Hi Frank,
This is what I did. Could you please let me know if I am doing it right.
1. Created an adf application with a simple page and applied security basic http authentication.
2. Added a rest service implementation in the same application, changed the adf application web.xml as below
<servlet-mapping>
<servlet-name>jersey</servlet-name>
<url-pattern>/jersey/*</url-pattern>
</servlet-mapping>
3. When I test the rest service in browser, it asks to log in and returns the user roles. Below is my rest implementation
@POST
@Produces(MediaType.APPLICATION_JSON)
public User getMessag3() throws Exception {
return new User();}
the rest service returns the logged in user roles in below json format.
{"userid":"susant","roles":["SSBAccessGroup","authenticated-role","SSBAccessApp","anonymous-role"],"priviledges":[]}
Do I need to implement anything on the ADF mobile side or I can just add the rest service url to the authorization tab. Will adf mobile automatically handle sending the http request.
Actually I just added the rest service url to adfm-applications connections authorization tab and I am getting ACS failed error after log in.
Thanks

File structure and Multi-user access/control

Hi All
Currently evaluating RH. Our plan is to use RH HTML with RoboServer and either SourceSafe or Team Foundation for source control. We will be producing the "printed" manual (PDF) and publishing online help (hopefully html via RH server) from the single source layout
Given that we will edit content in RH's XHTML editor, I'm not clear on when we should create new files or the granularity of multi-user access. We have 17 apps and I plan to use a master project and merging (because we need to link to related topics in other apps).
I'm really not sure what should constitute a file in RH. First off, is access controlled at the file level?
I want to have multiple authors editing the same manual at the same time, so do I need to break the manual into multiple small files (currently it's a single word doc)?
If I do break it into multiple files, what's the best approach: 1 file per topic (or is this a requirement)?
Finally, when I come to generate the PDF, will the files be combined. (i.e. can I have different page-breaks than I have in the RH project)?
Any pointers greatly appreciated
Regards
Mark

Hi,
First off, is access controlled at the file level?
Not sure what you mean by that. In source control, you can check in/out ever file independent. Sometimes dependent files will be automatically checked out, for instance images used in the css when you check out the style sheet.
I want to have multiple authors editing the same manual at the same time, so do I need to break the manual into multiple small files (currently it's a single word doc)?
That be the idea. Anyway, it's not a good idea to have an entire RoboHelp project in a single topic. You probably want to cut up your contents into the small chunck: topics.
If I do break it into multiple files, what's the best approach: 1 file per topic (or is this a requirement)?
In RoboHelp a topic is a HTML file. RoboHelp doesn't force you to split up content into one or more topics. If you are creating help for the web, you want the information to be organized in relatively small chunck so users can quickly scan through it.
Finally, when I come to generate the PDF, will the files be combined. (i.e. can I have different page-breaks than I have in the RH project)?
Not sure what you mean by page breaks. As RoboHelp creates HTML files, there are no page breaks such as in paper manuals. When you create a PDF, you combine the topics you need into a single document.
If a PDF is required for you, you may want to consider not using RoboHelp for your sources. A PDF created by RoboHelp is useful for internal use, but it never seems to get good enough to give to customers. Personally, when a PDF version of a manual is required, I create the manual in FrameMaker and link or import the book into RoboHelp. You can also link Word documents, so you may want to play around with that before deciding whether to use Word, RoboHelp or FrameMaker for your source.
Greet,
Willam

War file and access control with WebLogic

I am trying to put some access control on different files in my war-file, but just can't get it to work... It seems like all roles defined in weblogic.properties gives the user access to all files in the war. I just don't understand the connections between the security realm, the weblogicURL.policy file and the web.xml file... If I do not specify a weblogic.security.URLAclFile, no access control is done at all.
This is how my weblogic.properties file looks like:
weblogic.security.URLAclFile=e:\\weblogic\\weblogicURL.policy
weblogic.password.koko=kokokoko
weblogic.password.arnebelinda=arne1234
weblogic.security.group.ppuseradmins=arnebelinda
and my weblogicURL.policy:
deny Principal weblogic.security.acl.GroupImpl "everyone" {
Permission weblogic.security.acl.URLAcl "weblogic.url", "/admin/-";
and finally, my web.xml-file:
<!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.2//EN"
"http://java.sun.com/j2ee/dtds/web-app_2_2.dtd">
<web-app>
     <session-config>
          <session-timeout>30</session-timeout>
     </session-config>
     <welcome-file-list>
          <welcome-file>index.jsp</welcome-file>
     </welcome-file-list>
     <security-constraint>
          <web-resource-collection>
               <web-resource-name>admin</web-resource-name>
               <url-pattern>index.jsp</url-pattern>          </web-resource-collection>
          <auth-constraint>
               <role-name>ppuseradmins</role-name>
          </auth-constraint>
     </security-constraint>
     <login-config>
          <auth-method>BASIC</auth-method>
          <realm-name>WebLogic Server</realm-name>
     </login-config>
     <security-role>
          <role-name>ppuseradmins</role-name>
     </security-role>
</web-app>
it does not matter which user is part of the ppuseradmins group. The user koko is not a member, but is given access to my whole .war anyway (after submitting correct username/password). Omitting the <realm-name> does not seem to work either; the default realm is not used, instead null is used.
Does anybody have a clue? I would really appreciate it!
I am using WebLogic 5.1 sp 9
best regards,
PJ

In you pocily file entry, you have specified "/admin/-"
However, in the <security-constraint> element in web.xml, your <url-pattern> is not set to /admin
Could that be the problem ?

Lightswitch HTML Sharepoint App: Access Control Methods

Similar Messages

Maybe you are looking for