Multiple JAAS LoginModules: WL6.1 always calls default ServerLoginModule?

Similar Messages

• Urgent! Multiple JAAS login call in one JVM

  I am using Weblogic 6.0+sp1 and JAAS login. My use case requires
  multiple connection to the weblogic server with different user
  credential for each connection.
  Is it possible to have JAAS login called multiple times in one JVM, each
  call has different user credential? I saw behavior like this: the first
  JAAS login call after start a JVM always works by authenticating the
  user, however, the subsequent call just ignore the new user and ignore
  the authentication process. Any document I can reference or this is a
  bug?
  Any help will be highly appreciated!
  Cathy

  In theory it must work with different logins at the same time. As I know
  it works with ACL. You may need to verify how the ACL is setup if ACL is
  used.
  Yong Sun
  "Cathy Wei" <[email protected]> wrote in message
  news:[email protected]..
  I am using Weblogic 6.0+sp1 and JAAS login. My use case requires
  multiple connection to the weblogic server with different user
  credential for each connection.
  Is it possible to have JAAS login called multiple times in one JVM, each
  call has different user credential? I saw behavior like this: the first
  JAAS login call after start a JVM always works by authenticating the
  user, however, the subsequent call just ignore the new user and ignore
  the authentication process. Any document I can reference or this is a
  bug?
  Any help will be highly appreciated!
  Cathy

• How to capture LoginException throwed by Customized JAAS LoginModule?

  I have a customized JAAS LoginModule deployed on WebLogic, when authentication fails, it throws LoginException("Incorrect Password");
  At remote fat-client side, I use following code to login to WebLogic:
  Environment env = new Environment();
  env.setInitialContextFactory(weblogic.jndi.Environment.DEFAULT_INITIAL_CONTEXT_FACTORY);
  env.setProviderUrl(url);
  env.setSecurityPrincipal("user1");
  env.setSecurityCredentials("wrong password");
  Subject subject = new Subject();
  Authenticate.authenticate(env, subject);
  With the wrong password, the client get exception:
  javax.security.auth.login.LoginException: java.lang.SecurityException: User: user1, failed to be authenticated. (The exception message is replaced :-( )
  How can the fat-client get the exact Exception("Incorrect Password") which is thowed by the LoginModule ???

  I have also had the same problem. In the end, it is not possible to propagate a sub-class of a LoginException (or any other type of exception) to a remote client. The WLS Security Framework will always return to the caller its stand LoginException and message. The WLS documentation also clearly states this. Sorry to disappoint. The only other suggestion I have is to pass the name and credentials to a server-side client authentication proxy and let it return the authenticated Subject or a customized LoginException to the client (the server-side proxy should of course not required any authorization).
  Let me know if you come up with some other way!
  Eitan

• What is the need for calling default constructor by JVM?

  What is the need for calling default constructor by JVM? why the JVM should intiializes default values to the data
  fields if the constructor is not there in our class?

  mahar wrote:
  What is the need for calling default constructor by JVM? Huh? The JVM does not need to call the default constructor. It needs to call a constructor.
  You decide which one by the way you use "new".
  why the JVM should initialize default values to the data fieldsHuh?
  ... if the constructor is not there in our class?Huh? The default constructor is always there. It may be private but it is still there.

• Report always shows default variant

  Hello,
  I've got a report where we can choose a variant in the selection screen.
  SELECTION-SCREEN BEGIN OF BLOCK SEL2 WITH FRAME TITLE TEXT-002.
  PARAMETERS p_layout TYPE slis_vari.
  SELECTION-SCREEN END OF BLOCK SEL2.
  I've got it setup so that when the user runs the report, the field p_layout is filled with his default variant or if he has none it's empty.
  My problem is when the field is empty the result ALV is always shown with the default variant.
  For example:
  User has 2 variants - SAV1 and SAV2 (default).
  User enters selection screen and p_layout is filled with SAV2.
  Scenario 1:
  User presses F8 and the ALV is shown with the variant SAV2
  Scenario 2:
  User changes p_layout to SAV1 and presses F8. ALV is shown with SAV1 variant
  Scenario 3:
  User emptys p_layout (p_layout IS INITIAL), presses F8 and ALV is shown with SAV2 variant - the default one
  What can I do so that when p_layout IS INITIAL the ALV shows all the columns?
  This is how I define the layout:
         gr_layout = gr_alv->get_layout( ).
         MOVE sy-repid TO gs_layout_key-report.
         gr_layout->set_key( gs_layout_key ).
         gr_layout->set_save_restriction( if_salv_c_layout=>restrict_none ).
         gr_layout->set_default( 'X' ).
         gr_layout->set_initial_layout( p_layout ).
  F4 help for p_layout:
     ls_layout_key-report = sy-repid.
     ls_layout_info = cl_salv_layout_service=>f4_layouts( ls_layout_key ).
     p_layout = ls_layout_info-layout.
  Initialization of p_layout:
     gs_variant-report = sy-repid.
     CALL FUNCTION 'REUSE_ALV_VARIANT_DEFAULT_GET'
       EXPORTING
         I_SAVE        = 'A'
       CHANGING
         CS_VARIANT    = gs_variant
       EXCEPTIONS
         WRONG_INPUT   = 1
         NOT_FOUND     = 2
         PROGRAM_ERROR = 3
         OTHERS        = 4.
     IF sy-subrc = 2 OR sy-subrc = 0.
       p_layout = gs_variant-variant.
     ELSE.
       MESSAGE ID SY-MSGID TYPE SY-MSGTY NUMBER SY-MSGNO
             WITH SY-MSGV1 SY-MSGV2 SY-MSGV3 SY-MSGV4.
     ENDIF.
  the sy-subrc = 2 is there to prevent error if user has no layouts => p_layout stays empty
  Thank you in advance!

  Thank you Thanga Prakash for your help, it lead me to the an awnser.
  Even after I cleared the p_layout I still had the same issue but after reviewing the code once more I deleted the following line
  gr_layout->set_default( 'X' ).
  With this, if no layout was specified (p_layout IS INITIAL) the default variant was always called.

• Accessing Tomcat 4.03 JNDI service from JAAS LoginModule

  Hi!
  I have following problem:
  I have custom JAAS LoginModule that uses JNDI to lookup DataSource object.
  My LoginModule and LoginConfiguration implementation classes are located
  in Tomcat's classpath.
  I tried first to put JAAS related classes under [TOMCAT-HOME]/common/lib,
  but that caused exception:"Unable to load LoginConfiguration".
  It looks like Java's core classes have no access/visibility to classes under Tomcat.
  I'm using JAAS authentication directly from a servlet, so I'm using no
  Tomcat specific realms in authentication.
  Servlet just calls:
       LoginContext lc = new LoginContext( jaasApplName,
  customUserPasswordCallbackHandler );
       lc.login( );
  Everything works fine until LoginModule tries to lookup datasource
  after obtaining InitialContext with
            InitialContext initCtx = new InitialContext( );
            DataSource ds = (javax.sql.DataSource) initCtx.lookup(
  dataSourceName );
  I got exception with message : "Name MIPCoreDS is not bound in this
  context.".
  MIPCoreDS is configured in Tomcats configuration file server.xml under
  <GlobalNamingResources> tag.
  Should this be visible for JAAS Login module or not?
  When servlet's make same lookup under Tomcat, datasource is found fine.
  It seems that loginModules have no visibility to JNDI objects configured
  under Tomcat.
  Is this right?
  Is it possible any way to put JAAS working with Tomcat 4.0.3, so
  that LoginModules can access JNDI objects bound to Tomcat's JNDI service?
  Is it possible to call Tomcat's JNDI service outside Tomcat?
  Any help is appreciated.
  Best Regards,
  Aki

  Using JAAS in Servlets is messy - I found a working example at
  http://www.loadedanswers.com
  go to the Documents section and the eg is there.
  Have fun :)

• Can we call default.lgf in BADI logic

  Hello All,
  can we call default.lgf logic script to run in the BPC in the BADI ? If yes then can someone please let me know the relevant Method or Class etc.
  For e.g. we have a BADi logic that does a data push from Profit model to Main model based on some conditions. After all this processing in the BADi and writes to Main model, there is a requirement to run the default logic which is there in Profit Model. Which I want to handle in BADI itself after processing the earlier BADI.
  If you need more details please let me know.
  Many Thanks
  Krishna

  Hi Vadim,
  *START_BADI RUNLOGIC_PH
  QUERY = OFF
  WRITE = ON
  LOGIC = DEFAULT.LGF
  APPSET = UUG
  APP = MAIN
  DEBUG = OFF
  *END_BADI
  DEFAULT.LGF has 2 logic scripts calling.
  *account.lgf
  *balance.lgf
  This only executes the first LGF and ignores the second one. I executed each one at a time and all works fine but if I give both together it executes first one in the sequence and ignores the other. Any idea why it is doing like that ??
  Try 1)
  *START_BADI TRANSPROFITTOMAIN
  QUERY = OFF
  WRITE = OFF
  *END_BADI
  *START_BADI RUNLOGIC_PH
  QUERY = OFF
  WRITE = ON
  LOGIC = FLOW_BALANCE.LGF
  APPSET = <appset name>
  APP = MAIN
  DEBUG = OFF
  *END_BADI
  *START_BADI RUNLOGIC_PH
  QUERY = OFF
  WRITE = ON
  LOGIC = CALCACCOUNT.LGF
  APPSET = <appset name>
  APP = MAIN
  DEBUG = OFF
  *END_BADI
  it runs flow_balance.lgf and I can see the log for it..In the log it says the below
  SCRIPT RUNNING TIME IN TOTAL:109.42 s.
  LOG END TIME:2014-06-26 15:17:31
  Amount of time to run script:                                         110797.19 ms
  BADI EXECUTION TIME IN TOTAL :111233.64 ms.
  [WARNING!] NO MEMBER SPECIFIED FOR DIMENSION:DATASRC WILL QUERY ON ALL BASE MEMBERS.
  [WARNING!] NO MEMBER SPECIFIED FOR DIMENSION:INFLATION WILL QUERY ON ALL BASE MEMBERS.
  [WARNING!] NO MEMBER SPECIFIED FOR DIMENSION:INTORDER WILL QUERY ON ALL BASE MEMBERS.
  [WARNING!] NO MEMBER SPECIFIED FOR DIMENSION:PROFITCENTRE WILL QUERY ON ALL BASE MEMBERS.
  [WARNING!] NO MEMBER SPECIFIED FOR DIMENSION:PROFIT_ACCOUNT WILL QUERY ON ALL BASE MEMBERS.
  [WARNING!] NO MEMBER SPECIFIED FOR DIMENSION:TIME WILL QUERY ON ALL BASE MEMBERS.
  EXECUTION BADI:RUNLOGIC_PH
  QUERY: OFF
  WRITE: ON
  Parameter DIMENSION not specified. ALL values used.
  Dimension ACCOUNT not specified and doesn't exist in current context.
  Error in RUNLOGIC call.
  BADI EXECUTION TIME IN TOTAL :2.07 ms.
  SCRIPT RUNNING TIME IN TOTAL:132.65 s.
  Please advise.
  individually they both work fine..meaning Try 2 and Try 3 works fine.
  Try 2)
  *START_BADI TRANSPROFITTOMAIN
  QUERY = OFF
  WRITE = OFF
  *END_BADI
  *START_BADI RUNLOGIC_PH
  QUERY = OFF
  WRITE = ON
  LOGIC = CALCACCOUNT.LGF
  APPSET = <appset name>
  APP = MAIN
  DEBUG = OFF
  *END_BADI
  Try 3)
  *START_BADI TRANSPROFITTOMAIN
  QUERY = OFF
  WRITE = OFF
  *END_BADI
  *START_BADI RUNLOGIC_PH
  QUERY = OFF
  WRITE = ON
  LOGIC = FLOW_BALANCE.LGF
  APPSET = <appset name>
  APP = MAIN
  DEBUG = OFF
  *END_BADI
  Try 4) Default.lgf contains 2 include statements
  *include FLOW_BALANCE.LGF
  *include calcaccount.LGF
  In this case it executes only the fist lgf in the sequence and ignores the other. I cant see anything in the log for the 2nd LGF.
  *START_BADI TRANSPROFITTOMAIN
  QUERY = OFF
  WRITE = OFF
  *END_BADI
  *START_BADI RUNLOGIC_PH
  QUERY = OFF
  WRITE = ON
  LOGIC = Default.LGF
  APPSET = <appset name>
  APP = MAIN
  DEBUG = OFF
  *END_BADI
  Thanks
  Krishna

• JAAS LoginModule for SunOne Directory Server?

  I have a customer who is using SunOne Directory Server for LDAP.
  I have test code that uses the JAAS's com.sun.security.auth.module.JndiLoginModule to do authentication against an OpenLDAP test server.
  The test code won't work at the customer site because they need to use a special userid/pw along with the subject userid/pw in order to do an authentication. I assume this is LDAP v3 stuff, but the customer is unsure. Unfortunately I have no direct access to the customer's LDAP admin folk. Typical bureaucracy stuff.
  The customer was able to write java code that authenticates to his LDAP server using example code from http://java.sun.com/products/jndi/tutorial/ldap/security/ldap.html which uses the JNDI API and specifies the access userid/pw using Context.SECURITY_PRINCIPAL and Context.SECURITY_CREDENTIALS.
  So thats great, however my application uses JAAS, and therfore only indirectly uses JNDI. The JndiLoginModule provided by JAAS does not appear to support the Context.SECURITY_PRINCIPAL and Context.SECURITY_CREDENTIALS parameters.
  A custom JAAS LoginModule could be written which interfaces to the JNDI LDAP stuff, however considering that JAAS and the SunOne Directory server are both Sun products, I thought perhaps SunOne Directory comes with a JAAS compatible LoginModule that my customer does not know about? I've looked at online docs, but haven't found any such thing yet.

  Hey dav,
  Sorry that I am not posting to give you a solution - it is more to ask for some guidance.
  I am implementing a client-server arch system which has a lot of 'privileged' actions to be managed. I have thus succesfully integrated the basics of JAAS in to the system... but I am now desparately looking for away to have client-side policies distributed at runtime from the server.
  I do not want to get involved with any web/application server stuff more than I need to; unfortunately one of the system requirements is for client-server comms to be facilitated by SOAP over HTTP, and thus probably JAX-RPC - but it is no problem. I have a developed a database backed Policy and (JAAS) Config which constitute parts of the server component. Now it is just a case of getting the policy to the client at client start-up and subsequently the configuration forJAAS authentication. The aim is that this data will be transfered once during login, and anytime that the the policy is requested to be refreshed.
  Since reading you post, I'm wondering what services LDAP or JNDI can offer me?
  Also, is JNDI an appropriate option for data persistence? is it better to go with JDO or some other object store abstraction.
  Kind regards,
  Darren B

• MODX_FUNCTION_ACTIVE_CHECK always called before SMOD / CMOD exit?

  Hello,
  am I right to assume that the function module MODX_FUNCTION_ACTIVE_CHECK is always called before a SMOD / CMOD customer exit function module is called?
  I have already searched SDN and SAP Notes and SAP Help, but I could not find a clear statement.
  Kind regards
  Martin
  Edited by: Martin Schlegel on Feb 4, 2008 4:28 PM

  Hello Mike, thank you for your fast answer.
  Like you, I have the impression that this function should be called alle the time before an SMOD/CMOD enhancement EXIT_... Function is called.
  But I would like to be 100% sure.
  Kind regards
  Martin

• ListSelectionListener is always called two times...

  Hello,
  Icreated a JTable and added a ListSelectionListener to this table. I want an action being performed each time the selection within the table changes. If I change the selection via mouse this works quite fine, but if I do so with the mouse the method in the Listener is alwas called two times...why ?
  Here's a little bit of source-code, perhaps you'll get what I mean:
  ListSelectionModel lsm = (ListSelectionModel)e.getSource();
       if (lsm.isSelectionEmpty()) {}
       else { // always called 2 times...
            int selectedRow = lsm.getMinSelectionIndex();
       System.out.println("Test");
       Kunde temp = (Kunde)ShowKunde.kunden.elementAt(selectedRow);
       System.out.println(temp.getName());
            try {
                 kontoTemp = new KontoTemp(temp);
                 kontoTemp.setBuchungenTemp();
                 tableTemp.setModel(kontoTemp);
                 kontoBestand = new KontoBestand(temp);
                 kontoBestand.setBuchungenBestand();
                 tableBestand.setModel(kontoBestand);
                 frame.repaint();
            } // try
            catch (Exception ex) {
                 System.err.println(ex.getMessage());
            } // catch
            }});

  Hi
  you could check is the value is adjusting:
  if (e.getValueIsAdjusting()) {
      return;
  // your code hereviel erfolg
  Phil

• JAAS LoginModule: how to getCurrentUser

  Hallo there everyone!
  I'm creating a custom LoginModule for the WLS 7.0 and I'm trying to get the username
  from the user request. Something like in servlets/jsp request.getRemoteUser()
  or in WLS 6.0 weblogic.security.acl.Security.getCurrentUser() would have done
  the job I think (but it’s been deprecated in 7.0).
  Is there a way of doing this from within the JAAS LoginModule?
  Regards
  Patrick

  request.getRemoteUser() still works fine for me after I implented a custom
  Autthenication / LoginModule.
  "patrik" <[email protected]> wrote in message
  news:[email protected]..
  >
  Yes, I have. see:
  http://newsgroups.bea.com/cgi-bin/dnewsweb?cmd=article&group=weblogic.develo
  per.interest.security&item=8553&utag=
  >
  But if you've managed to get out the information from it I'd be gratefulto know
  how.
  /Patrik
  "Utpal" <[email protected]> wrote:
  Have you tried weblogic.security.Security.getCurrentSubject() ??
  -utpal

• Migrating JAAS LoginModule from oc4j to WLS

  Hi,
  We are trying to migrate oc4j enterprise web service application to weblogic which implements JAAS LoginModule.
  Followed Weblogic Docs for :
  Developing Custom Security Providers
  http://download.oracle.com/docs/cd/E12890_01/ales/docs32/dvspisec/progrmng.html
  CustomAuthProvider (SecurityProvider) class points to the LoginModule which references to
  application-specific classes.
  Following are the issues we are dealing with:
  1.Security Provider exist at the global-context means every request to WLS is going to hit to the provider
  which we do not want, we need LoginModule to work at the application-context and not the global
  weblogic context.
  2. Clearly there is a disconnect if LoginModule resides in EAR (web app) and standalon MBean jar is
  trying to invoke the LoginModule. It can't find the LoginModule.
  so, the question is how can we have the JAAS LoginModule implemented in Weblogic
  at the application (EAR) level and not at Weblogic server global level
  (by MBean JAR) as it used to be in oc4j
  public class CustomAuthProviderimplements AuthenticationProviderV2 {
      public AppConfigurationEntry getLoginModuleConfiguration() {
          System.out.println("Inside getLoginModuleConfiguration.");
          return new AppConfigurationEntry("com.test.security.loginmodule.CustomLoginModule",
                                           LoginModuleControlFlag.REQUIRED,
                                           new HashMap());
  }OC4J Doc Reference : Packaging Login Modules
  http://download.oracle.com/docs/cd/B31017_01/web.1013/b28957/loginmod.htm#BABCFADI
  Here's how it used to be done in oc4j
  http://download.oracle.com/docs/cd/B14099_19/web.1012/b14013/loginmod.htm#i1006128
  Thank you
  Edited by: 877976 on Aug 8, 2011 11:11 AM

  There is a WebLogic Server release specific for running Oracle Forms and Reports that is available for you to switch to from Oracle AS if you are current on your support and version. Just an FYI
  Edited by: ChrisBaker on Jan 4, 2010 5:33 AM

• JAAS LoginModule - how do I get path, port, resource accessed, etc

  Hi,
  I checked everywhere including the forums, but could not get any info on this. I'm writing a custom JAAS LoginModule for the WebAS 6.40 server. I'm trying to figure out how to get the following out of the request from within login() or initialize() or any other method:
  1. Name of the webserver (i.e. the WebAS server being accessed like www.mycompany.com)
  2. Resource (e.g. /QuickCarRental)
  3. Port through which the request comes in (e.g. 50000)
  The URL being accessed in the above case is http://www.mycompany.com:50000/QuickCarRental
  Appreciate your help, and points will be awarded. Have a nice day
  R Abraham

  This is only available for NetWeaver Portal, not NetWeaver Application Server(WebAS). host and port can be obtained using the following code:
                 Callback[] callbacks = new Callback[3];
                 callbacks[0] = new NameCallback("UserId: ");
                 callbacks[1] = new PasswordCallback("Password: ", false);
                 // get host name and port
                 HttpGetterCallback getterCallback = new HttpGetterCallback();
                 getterCallback.setType(HttpCallback.HEADER);
                 getterCallback.setName("Host");
                 callbacks[2] = getterCallback;
                 try {
                      callbackHandler.handle(callbacks);
                 } catch (Exception ex) {
                      throw new LoginException(ex + "");
                 Object retValue = ((HttpGetterCallback)callbacks[2]).getValue(); //get host
  host and port will be returned in the following format SERVER.COMPANY.COM:50000
  Currently WebAS is not able to return the resource as per SAP development.

• JAAS LoginModule - how do I get the "JSessionId"

  Hi,
  is there any possibility to get the JSessionId from a custom JAAS LoginModule for the WebAS 6.40 Server.
  My first attempt was to read the JSESSIONID-Cookie from the Http-Request via the HttpGetterCallback-Class.
  ((HttpGetterCallback) callbacks[1]).setType(HttpCallback.COOKIE);
  ((HttpGetterCallback) callbacks[1]).setName("JSESSIONID");
  It worked well, till I noticed that sometimes the JSessionId-Cookie doesn't exist.
  The reason is, that the JSession-Cookie was set after the http-request has passed my login-modul.
  So, if I got a cookie-value, it sometimes was the JSessionID from an earlier session.
  So, my question:
  Is there any other posibility to get the JSessionId?
  If there is a way to get the ServletRequest-instance,  I could reach the SessionId via "HttpServletRequest.getSession()".
  Any idea? Any hints?
  Regards
  Steffen Spahr

  This is only available for NetWeaver Portal, not NetWeaver Application Server(WebAS). host and port can be obtained using the following code:
                 Callback[] callbacks = new Callback[3];
                 callbacks[0] = new NameCallback("UserId: ");
                 callbacks[1] = new PasswordCallback("Password: ", false);
                 // get host name and port
                 HttpGetterCallback getterCallback = new HttpGetterCallback();
                 getterCallback.setType(HttpCallback.HEADER);
                 getterCallback.setName("Host");
                 callbacks[2] = getterCallback;
                 try {
                      callbackHandler.handle(callbacks);
                 } catch (Exception ex) {
                      throw new LoginException(ex + "");
                 Object retValue = ((HttpGetterCallback)callbacks[2]).getValue(); //get host
  host and port will be returned in the following format SERVER.COMPANY.COM:50000
  Currently WebAS is not able to return the resource as per SAP development.

• JAAS LoginModule sample

  Is there a sample on how to develop a custom JAAS LoginModule that uses Identity Server?

  I also want the similar sample, If some has worked with it then please help us ...
  Thanx
  Yasir Khan