Login and privileges using UIX, Urgent

I have a application where I want to give privileges based on user who login to the application. How can I do this using ADF-UIX? Any built in methods available?
Any help will be highly appreciable, because I am stuck at this point, as I am a newbie in UIX.
Thanks in advance.
Ponic

Hi,
you can follow the steps in http://www.oracle.com/technology/products/jdev/collateral/papers/10g/adfstrutsj2eesec.pdf
I am using FORM based authentication, you can use a JSP or a UIX page.
by example:
  <login-config>
    <auth-method>FORM</auth-method>
    <form-login-config>
      <form-login-page>Login.uix</form-login-page>
      <form-error-page>Login.uix</form-error-page>
    </form-login-config>
  </login-config>

Similar Messages

  • Role and privilege used by JDBC

    Is there any reqiured role and privilege used by JDBC?
    I use Oracle JDBC9203 for Oracle to connect Oracle8163, when executing certion codes, the JDBC raise a exception as below:
         at oracle.jdbc.dbaccess.DBError.throwSqlException(DBError.java:134)
         at oracle.jdbc.dbaccess.DBError.throwSqlException(DBError.java:179)
         at oracle.jdbc.dbaccess.DBError.throwSqlException(DBError.java:269)
         at oracle.jdbc.oracore.OracleTypeCOLLECTION.initCollElemTypeName(OracleTypeCOLLECTION.java:1026)
         at oracle.jdbc.oracore.OracleTypeCOLLECTION.getAttributeType(OracleTypeCOLLECTION.java:1056)
         at oracle.jdbc.oracore.OracleNamedType.getFullName(OracleNamedType.java:110)
         at oracle.jdbc.oracore.OracleTypeADT.createStructDescriptor(OracleTypeADT.java:2262)
         at oracle.jdbc.oracore.OracleTypeADT.unpickle81(OracleTypeADT.java:1656)
         at oracle.jdbc.oracore.OracleTypeUPT.unpickle81UPT(OracleTypeUPT.java:466)
         at oracle.jdbc.oracore.OracleTypeUPT.unpickle81rec(OracleTypeUPT.java:416)
         at oracle.jdbc.oracore.OracleTypeCOLLECTION.unpickle81_imgBody_elems(OracleTypeCOLLECTION.java:979)
         at oracle.jdbc.oracore.OracleTypeCOLLECTION.unpickle81_imgBody(OracleTypeCOLLECTION.java:923)
         at oracle.jdbc.oracore.OracleTypeCOLLECTION.unpickle81(OracleTypeCOLLECTION.java:743)
         at oracle.jdbc.oracore.OracleTypeCOLLECTION._unlinearize(OracleTypeCOLLECTION.java:242)
         at oracle.jdbc.oracore.OracleTypeCOLLECTION.unlinearize(OracleTypeCOLLECTION.java:208)
         at oracle.sql.ArrayDescriptor.toJavaArray(ArrayDescriptor.java:963)
    I decompile "OracleTypeCOLLECTION.class", in funtion "initCollElemTypeName", i see a SQL as "select elem_type_name, elem_type_owner from all_coll_types where ....", this sql raise the error.
    Since all_coll_types is a system view of Oracle, i think the user connect to Oracle must have some role and privilege, it has connect role and execution privileges on some user-defined packages, is there any other role and privilege it needs? I don't like to grant DBA role to it for security reason.
    Very thanks for your reply.

    Can you post the code (Java and PL/SQL) that is being executed when this error is thrown? You don't need any particular privilege to execute PL/SQL via JDBC-- just the privileges you'd need to execute it in SQL*Plus or anywhere else.
    Justin
    Distributed Database Consulting, Inc.
    www.ddbcinc.com/askDDBC

  • Problem - Custom Page Call Working via APPS login and not using CRM login

    I have created a custom link in the Oracle Portal order page. The call (click) works correctly when I login using a regular apps login and choose ORDER STATUS , but if I login directly to CRM and then access the same page via clicking on ORDER PORTAL image, the link doesn't work --> it seems to get translated to something I am not familiar with. I have illustrated the problem below, and am trying to figure out what to do to make the CRM login environment work as well.
    Thanks.
    Channeld
    Code modification to the CO -->
    String dest_url = "OA.jsp?OAFunc=XXX_ONT_FUNC_129&Header_ID_p="+Header_ID;
    OAUrl oaurl = new OAUrl(dest_url);
    dest_url = oaurl.createURL(pageContext);
    osb.setDestination(dest_url);
    --> what the link shows in on the order page using both logins
    http://pl1ua121.corio.com:8000/OA_HTML/OA.jsp?OAFunc=XXX_ONT_FUNC_129&Header_ID_p=11261&_ti=1811750263&oapc=5&oas=grPSiOwvEyLuXdxKt_a5GA..
    --> what the link gets translated to once clicked within a CRM login session; note, during a regular apps login,
    the link does not get translated.
    http://pl1ua121.corio.com:8000/OA_HTML/RF.jsp?function_id=27070&resp_id=50661&resp_appl_id=672&security_group_id=0&params=08V2jKe4UMpLbUVYUjsT8ZCABTTWpQnO7QdLdJyREFbPg8IIF5.vbStfOY8IYonLVX-dbml9UlrBKO.-rfzhVC2iib.jk6vv-9lnvaN2g5jHG7dKBUwLdgDx0woWFYmOIGTJJxkjHrHfmNMIqDTmxzD8K-jXUU8Vqja8Ajn98ZYtdz6iVvq.yKvS3fbGlxu7vsBw20gV7Yp8gAp9Ps90OUg.5HJh9CD8FhYpiJp4ffQ

    Hi,
    Thanks for the update.
    Sir its not about calling the JSP Page from OAF page.
    My requirement is what I have explained above.
    Please suggest its urgent.
    Thanks,
    Raja Dutta

  • Login and history using Terminal or another utlity

    I have an Powerbook that I suspect was used by someone to download some unwanted material using a neighbors Internet Connection. Is there a way I can pull up a history using terminal, or some other application that will allow me to go back a couple of weeks and determine what IP address my computer was using during a specific date/time? I've used terminal to identify there was a login but can't see the history. Thanks in advance

    Thanks for the feedback. A couple of things.
    1) when you launch Console, click on the logs button (upper left corner), click on the /var/log/ triangle, and you should see the secure.log. If it's grayed out, then use the commands I posted above. If the secure.log doens't show any activity, then look at the various secure.log.X.gz files.
    2) what shows a deeper log? I don't understand what your seeing, where.

  • Disabling normal login and only using smart card login?

    I've managed to setup login using BELPIC (Belgian Identity Card (smart card). However I can still login using username/password. Is it possible to restrict the system only using smart card login? (maybe via tweaking the authorize file?)
    Thanks

    The problem isn't with the provider part of the code - it has to do with security privleges. Java code running from the command line has full access to the file-system. Servlets running inside a container do not.
    In order to access cryptographic keystores, the JVM must allow the servlet code to access local files (and through them, the device drivers to the crypto token). Servlet code running inside a web/application server container, by design, are restricted in their ability to access local files on the servlet container machine (other than configuration files and application code under the servlet context root).
    In order to continue with my project, I had to temporarily provide the servlet full access to the machine's file-system in the java.policy file for your JVM, along the lines of the following:
    grant {
    permission java.security.SecurityPermission "authProvider.SunPKCS11-NSS", "getSignerPrivateKey";
    I hope to go back and restrict this access so that only the specific security grants are available to the servlet to access the private key (the above is too lenient).
    You will need to do something similar to your JVM's java.policy to allow the servlet to access the private key. Substitute the "authProvider.SunPKCS11-NSS" with the driver for your own token.

  • I have a iphone 5 and I can login with my apple id to purchase music. However, when I try to login into icloud using the very same username and password that I use in the apple store it does not work to enter icloud, so what what gives???

    I have a iphone 5 and I can login with my apple id to purchase music. However, when I try to login into icloud using the very same username and password that I use in the apple store it does not work to enter icloud, so what what gives???

    I could do that, however when I select the icloud button (or whatever the heck it is) I am asked to enter the apple id and password. So if you are suppose to create another one for icloud you'd think it would give you the option at this point which would be logical.

  • I want to buy an in-app purchase but i don`t remember my security questions and i cant access my recovery email either, what can i do? i have 100$ on my account and cant use it because of that problem, please help URGENT

    I want to buy an in-app purchase but i don`t remember my security questions and i cant access my recovery email either, what can i do? i have 100$ on my account and cant use it because of that problem, please help URGENT

    If you have a rescue email address on your account then you can use that - follow steps 1 to 5 half-way down this page will give you a reset link on your account : http://support.apple.com/kb/HT5312
    If you don't have a rescue email address (you won't be able to add one until you can answer your questions) then you will need to contact Support in your country to get the questions reset : http://support.apple.com/kb/HT5699

  • When I reboot my iMac I'll get hard disk selection instead of fast login and I am not using boot camp! Any help is greatly appriciated!

    When I reboot my iMac I'll get hard disk selection instead of fast login and I am not using boot camp! Any help is greatly appriciated!

    Have you selected which disk you want to boot from? In System Preferences, click startup disk and choose the drive you want as your default boot drive.

  • Using Firefox, I can login and browse my financial institution (NFCU) but I cannot pay bills. When I click the bill pay tab, the tab loads 66% and then hangs. Has anyone else reported having this issue?

    Using Firefox, I can login and browse my financial institution website (NFCU) but I cannot pay bills. When I click the bill pay tab, the tab loads about 66% and then hangs (loading). I have let it load until NFCU asks me if I want to cancel the session, a much to long of a load time. Has anyone else reported having this issue with NFCU or Mozilla Firefox 3.6.18?
    I have also posed the question to NFCU, currently awaiting response and will share what was given.

        jsavage9621,
    It pains me to hear about your experience with the Home Phone Connect.  This device usually works seamlessly and is a great alternative to a landline phone.  It sounds like we've done our fair share of work on your account here.  I'm going to go ahead and send you a Private Message so that we can access your account and review any open tickets for you.  I look forward to speaking with you.
    TrevorC_VZW
    Follow us on Twitter @VZWSupport

  • ASDM and privilege level (using TACACS)

    Hi experts,
    Initial question:     How can I force ASDM to ask for the enable password when the user click on Apply ?
    Environment description:
    I have an ASA 5510 connected to an ACS 5.0.
    Security policy:
    I want the user defined on my ACS to be able to gain privilege level 15 but only after using their enable password. But by default the user must be in no privileged mode (<15).
    A SNMP alert is sent when the ASA catches a "User priv level changed" syslog message. (logging customization)
    ACS configuration:
    Maybe I misunderstand the TACACS privilege level parameters on ACS.
    I set a Shell Profile which gives the user the following privilege levels:
    Default Privilege Level = 7
    Maximum Privilege Level = 15
    1st config tested on ASA:
    aaa authentication ssh console grp-tacacs LOCAL
    aaa authentication http console grp-tacacs LOCAL
    aaa authentication enable console grp-tacacs LOCAL
    ! no authorization set
    Results:
         On CLI:     perfect
    My user authenticates with his network password to get EXEC access. Then he gains privilege access using the enable command and his enable password
         On ASDM:     policy security failure
    When the user connects through ASDM, he gains privilege level 15 directly
    It seems that if authorization is not set, ASDM always gives privilege level 15 to any user
    So OK for CLI, but NOK pour ASDM
    2nd config tested on ASA:
    aaa authentication ssh console grp-tacacs LOCAL
    aaa authentication  http console grp-tacacs LOCAL
    aaa authentication enable console grp-tacacs LOCAL
    aaa authorization exec authentication-server
    ! no authorization command set
    Results:
         On CLI:     lose enable access
    I can't gain privilege level 15 access anymore. When I use the enable command, I move to privilege level 7 only. So in this case ASA use the TACACS Default Privilege Level value.
         On ASDM:     policy security failure
    When the user connects through ASDM, he gains privilege level 7 as describe on the bottom of the ASDM window BUT the user has full rights and can change settings.
    So NOK for CLI and ASDM
    Question:    Why do I have more access rights with ASDM as on CLI with the same settings ?
    3rd config tested on ASA:
    aaa authentication ssh console grp-tacacs LOCAL
    aaa authentication  http console grp-tacacs LOCAL
    aaa authentication enable console grp-tacacs LOCAL
    aaa authorization exec authentication-server
    aaa authorization command LOCAL
    ! specific authorization command set for ASDM applied
    Results:
         On CLI:     lose enable access (same as config 2)
         On ASDM:     unenable to gain privilege level 15 --> acceptable
    When the user connects through ASDM, he gains privilege level 7 as describe on the bottom of the ASDM window AND the user really has level 7 access rights.
    So NOK for CLI and Acceptable for ASDM
    Question:     Is there no possibility to move to enable mode on ASDM ?
    4th config tested on ASA:
    aaa authentication ssh console grp-tacacs LOCAL
    aaa authentication  http console grp-tacacs LOCAL
    aaa authorization exec authentication-server
    aaa authorization command LOCAL
    ! no aaa authentication for 'enable access', using local enable_15 account
    ! specific authorization command set for ASDM applied
    Results:
         On CLI:     acceptable
    My user authenticates with his network password to get EXEC access. Then he gains privilege access using the enable command and the local enable password
         On ASDM:     unenable to gain privilege level 15 --> acceptable (same as config 3)
    So Acceptable for CLI and ASDM
    Questions review:
    1 - Is it possible to force ASDM to ask for the enable password when the user click on Apply ?
    2 - Why do I have different access rights using ASDM as on CLI with the same settings ?
    3 -  Is there no possibility to move to enable mode on ASDM when the user is on privilege level 7 whereas he has Maximum Privilege Level = 15 ?
    4 - How may I understand these parameters on TACACS: Default Privilege Level and Maximum Privilege Level ?
    Thanks for your help.

    Thanks for your answer jedubois.
    In fact, my security policy is like this:
    A) Authentication has to be nominative with password enforcement policy
         --> I'm using CS ACS v5.1 appliance with local user database on it
    B) Every "network" user can be granted priviledge level 15
         --> max user priviledged level is set to 15 in my authentication mechanism on ACS
    C) A "network" user can log onto the network equipments (RTR, SW and FW) but having monitor access only first.
    D) A "network" user can be granted priviledged level 15 after a second authentication which generates a log message
         --> SNMP trap sent to supervision server
    E) The user password and enable password have to be personal.
    So, I need only 2 priviledged level:
    - monitor (any level from 1 to 14. I set 7)
    - admin (level 15)
    For RTR, SW and FW (on CLI), it works as wanted: the "network" users connect to the equipment in monitor mode. They type "enable" and they use their private enable password to be granted priviledged level 15.
    ASDM interface is requested by the customer.
    For ASDM, as I were not able to satisfy the security policy, I apply this:
    1- I activated Exec Shell Access authorization to get the default user priviledge level value from ACS
         --> Then, when I log onto the ASDM using a "network" user, I have priviledge level 7 but I am able to change the parameter.
    2- I activated LOCAL Command authorization (adding "ASDM defined User Roles")
         --> Then, when I log onto the ASDM using a "network" user, I have priviledge level 7 and I can't push any modification.
         --> The issue is that I can't push any modification on CLI either ... :-( because my user is stuck on "default priviledge level" 7 and can't get access to "max priviledge level 15" as defined on ACS when LOCAL authorization is set
         (ok I go on my ACS and move the default priviledge level to 15 to restore an admin access to the ASA and apply 3- before resetting it to default priviledge level to 7)
    3- I remove "aaa authorization enable console TACACS" to use local enable password
         --> now I can't get admin access on ASDM: OK
         --> and I can get admin access on CLI entering the local enable password
    At the end, I satisfy my policy security tokens A to D but not E. That's a good compromise but do you see a solution to satisfy E either ?
    Thanks

  • My University email uses outlook and firefox will not let the page open once i log into the university login. It used to work, but now just shows a completely white tab. My email works fine in other browsers. Why?

    My University email uses outlook and firefox will not let the page open once i log into the university login. It used to work, but now just shows a completely white tab. My email works fine in other browsers. Why?

    Make sure that you haven't left a profiles.ini file.
    * http://kb.mozillazine.org/profiles.ini_file
    *http://kb.mozillazine.org/Profile_folder_-_Firefox

  • Custom login module and SSO using 10.1.3.3

    We are using ADF 10.1.3.3 to build applications and recently a requirement from a customer was to use LDAP for authentication but use internal application tables for authorisation. So essentially the username and password will be in LDAP but all the roles definition are in the application. This is because the LDAP directory has tight controls on contents and is used enterprise wide.
    I created a proof of concept to address this requirement using the examples at
    http://www.oracle.com/technology/products/jdev/howtos/10g/jaassec/index.htm
    and also
    http://technology.amis.nl/blog/1462/create-a-webapplication-secured-with-custom-jaas-database-loginmodule-deploy-on-jdeveloper-1013-embedded-oc4j-stand-alone-oc4j-and-opmn-managed-oc4j-10g-as
    specifically using DBProcLoginModule to call a database package.
    The PL/SQL package I created used DBMS_LDAP to call an LDAP directory with the username and password to check authentication and then used internal application tables to get the authorisation details required.
    All this worked very well. I tested on both the embedded OC4J and also standalone OC4J.
    Then one of my peers said will this work with SSO? Specifically we use Oracle OID as we have SSO for Forms and Reports.
    My experience with SSO has been with Oracle OID and having all the user and role details stored within OID.
    So my issue now is can I integrate the custom login module approach I have used with SSO? My knowledge of SSO and OID is limited so I'm not sure how (or if) it would interact with a custom login module. Are the two mutually exclusive?
    Any guidance is appreciated.
    Regards,
    Adrian

    Hi,
    this question should be posted to the Oracle Application Server forum or the security forum. However, based on my findings and experience in this area, I don't think that SSO is integrated with custom LoginModules since the integration would need to be coded in the LoginModule.
    Frank

  • I am working with two computers in my profession (Mac/PC). I want to download testversions, lets say Premiere Elements 13, for Mac and PC using my adobe login. Is this possible?

    I am working with two computers in my profession (Mac/PC). I want to download testversions, lets say Premiere Elements 13, for Mac and PC using my adobe login. Is this possible?

    Sure. Elements is cross-platform, anyway.
    Mylenium

  • SPNego Login fails while using MacOS 10.4 and Firefox

    Hello,
    we are running an EP6 NW04 SPS 19 on an HP UX. For authentification we
    configured kerberos via spnego. This is working fine for all windows
    clients and the browsers ie6, ie7 and firefox.
    While using Firefox on MacOS X it is not working. We analyzed the error.It is the following
    error message in the trace file:
    Decoding error in parsing of spnego token.
    [EXCEPTION]
    iaik.asn1.CodingException: ASN.1 creation error:SPNego OID expected.
    Found 1.2.840.113554.1.2.2
    As you can see, the mac client is sending the raw kerberos ticket. How
    does the WAS handles this ticket?
    Kind Regards,
    Oliver

    Oliver,
    The SAP SPNEGO login module supports OID 1.3.6.1.5.5.2 only, which is the OID for SPNEGO protocol, and this is why it is called an SPNEGO login module. It does not support other OIDS such as RFC1964 Kerberos V5 (1.2.840.113554.1.2.2) or NTLM (1.3.6.1.4.1.311.2.2.10). If you need to support other OIDS, and not just SPNEGO then you need to use a different login module. I can help you with that if you are interested since my company has a product (comprising a login module which uses Kerberos) which supports SPNEGO as well as other OIDS - it is not 100% SPNEGO based like the login module available from SAP.
    Thanks,
    Tim

  • Why can't I use the same login and password for apps and cloud

    I try to go on to face time and it asks for my login and password which works
    ok with the App Store but is not recognised when using face time or I cloud

    You can, if logged in using the same Apple ID for all.

Maybe you are looking for

  • Issue with amount of Hard Disk allocated to User

    I have recently come across an unexpected issue that I have managed to work around but not in a way that is particularly satisfactory. Using iMovie I was alarmed to see that on uploading about an hour of video that I was rapidly running out of hard d

  • How to handle utl_http response

    Hi, I use the below code to call a https using POST method utl_http.set_proxy(apex_application.g_proxy_server, NULL); utl_http.set_persistent_conn_support(TRUE); utl_http.set_transfer_timeout(300); utl_http.set_wallet(p_wallet, p_wallet_pwd); l_http_

  • Unable to view recent photos on my Mac in PSE 11 organizer

    unable to view recent photos on my Mac in PSE 11 organizer ..I see them in Iphoto not organizer..Please help

  • HTMLDB_ITEM with scalar subqueries

    How does HTMLDB_ITEM work with scalar subqueries? Suppose I want to do something like select c1,c2,c3, (select htmldb_item.checkbox(1,c4) from sometable where ....) from ... If the scalar subquery doesnt return a row, I dont get my checkbox. How else

  • URL Loader / HTTPService using ASPX calls

    I would like to know if someone could help me or point me in the right direction - here is a test site and source view (https://studentdb.projectcadd.org/test.html) of what I am trying to do (all I want is a guarantee that the XML generated from ASPX