Non-secure DDNS security risk?
We are running a 2008R2 domain. Our DCs are also DHCP/DNS(ADI) servers. The DCs are also member of the DNSUpdateProxy group. We do not have an account being used for passing Dynamic Update credentials. I read something from Ace Fekay that said
this is not recommended for DCs, with DNS/DHCP to be in the DNSUpdateProxyGroup, but the DCs are obviously not using DHCP and the security on their records looks fine.
We are set to allow both non-secure and secure updates because we have some access points and some HP ILOs(Integrated Lights-Out clients) that are not on the domain and using dhcp. I know that allowing non-secure updates is a huge risk, but
trying to get details about the risk. We are also set to "Always dynamically update DNS records" & "Dynamically Update DNS records for clients that do not request updates." Almost all of our servers(the main risks we
care about) are not using DHCP, except for the ILOs. We are not using NAP. Here are the questions.
1. DNS Spoofing with Windows computer - If someone brings in a windows computer with the same computername as one of our critical servers(obviously it will be off the domain) can it grab an IP address and update the record of the critical server? - I was
thinking it would detect the naming conflict.
2. DNS spoofing with Linux computer - If someone brings in a Linux computer with the same computername as a critical server, can it grab the IP address for a critical server that has a static address?
I am trying to find some real world scenarios to get approval to switch to "secure-only" updates The biggest risk from doing that is that we have trouble finding all the DDNS records. Then some expire and we lose connectivity to those resources
until we get it fixed. If anyone can throw some realistic disaster scenarios at me, I would appreciate it.
Thanks,
Dan Heim
Hi,
If you have installed the DHCP service on a domain controller, be absolutely certain not to make that server a member of the DNS Update Proxy group. Doing so would
give any user or computer full control of the DNS records corresponding to the domain controllers, unless you manually modified the corresponding ACL. Moreover, if a DHCP server that is running on a domain controller is configured to perform dynamic updates
on behalf of its clients, that DHCP server is able to take ownership of any record, even in the zones that are configured to allow only secure dynamic update. This is because a DHCP server runs under the computer account, so if it is installed on a domain
controller it has full control over DNS objects stored in the Active Directory.
For non-windows computers, you can enable name protection.
For more information please refer to:
Secure Dynamic Update
http://technet.microsoft.com/en-us/library/cc961412.aspx
Configuring Name Protection
http://technet.microsoft.com/en-us/library/dd759188.aspx
Hope this helps.
Similar Messages
-
Phone number held hostage? Security and Privacy Risk
Let me preface this by saying I do not own an iPhone.
The previous owner of my phone number, however, was an iPhone user. Apparently there is a way he could link the number to his Apple ID. After getting rid of his phone, he never disassociated the number from his Apple ID.
The problem this creates is that now anyone who wants to text me from an iOS device is unable to do so without turning off the iMessage service. Since my (his) number is registered to an Apple ID, my HTC appears to iMessage as another iOS device and thus texting never goes out to the cellular network... the previous owner is getting any text sent from an iMessage-enabled iPhone meant for me.
Effectively, Apple has created a situation where this person, or any person with an iOS device for that matter, can knowingly or unknowingly manage to hold a celluar number hostage from a texting perspective, creating a security and privacy risk.
Has anyone run into this before and if so what is the recourse? There has to be some was for Apple to dissociate a number no longer used by a previous user.Unfortunately, I don't have an iPhone or a support contract so Applecare won't even talk to me without me ponying up $19. I see no sense in having to pay for a problem I didn't create.
-
Sharing calendar appears on another persons device - security and privacy risk
I really wanted to raise this as a bug, but couldn't find anywhere to do that.
On my wife's iPhone which is running iOS 7, I wanted to share her iCloud calendar to my Apple ID so that I could see her calendar from my iPhone (also iOS 7). Although I received the email telling me to accept the shared calendar, when I clicked the link it told me I was not authorized. I then discovered that my parents had received the sharing invite on their phone (iOS 4.2.1) which they accepted and could see her calendar.
This is a security and privacy risk because they are not connected to my iCloud account and it is not the account we specified to share with. Also we did not specify their account to share with. How can this happen? Their iPhone was never registered to my Apple ID. The only connection I can think of is that I believe my email address (which is also my Apple ID) is listed as their secondary email address or something.Sorry just realised it was their iPad 3 that received the invite not their iPhone, and it would have been running iOS 6
-
Hello there : whe just buy a T61 after windows xp finish install i try to install F-Secure Client Security and the install fails i log the following : i try almost everything , can some one help?
MSI (c) (D4:10) [14:19:03:929]: Enabling baseline caching for this transaction since all active patches are MSI 3.0 style MSPs or at least one MSI 3.0 minor update patch is active
=== Logging started: 21-08-2008 14:19:03 ===
Action start 14:19:03: INSTALL.
Action start 14:19:03: LaunchConditions.
Action ended 14:19:03: LaunchConditions. Return value 1.
Action start 14:19:03: PrepareDlg.
Info 2898. DlgFont8, Tahoma, 1
Info 2898. VerdanaBold13, Verdana, 1
DEBUG: Error 2826: Control BottomLine on dialog PrepareDlg extends beyond the boundaries of the dialog to the right by 7 pixels
The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2826. The arguments are: PrepareDlg, BottomLine, to the right
Action ended 14:19:04: PrepareDlg. Return value 1.
Action start 14:19:04: FindRelatedProducts.
Action ended 14:19:04: FindRelatedProducts. Return value 1.
Action start 14:19:04: AppSearch.
Action ended 14:19:04: AppSearch. Return value 1.
Action start 14:19:04: CCPSearch.
Action ended 14:19:04: CCPSearch. Return value 1.
Action start 14:19:04: RMCCPSearch.
Action ended 14:19:04: RMCCPSearch. Return value 0.
Action start 14:19:04: ValidateProductID.
Action ended 14:19:04: ValidateProductID. Return value 1.
Action start 14:19:04: CostInitialize.
MSI (c) (D4:10) [14:19:04:049]: Baseline: Sorting baselines for {B5DF29E9-885D-4FD0-B62D-33615AC65A53}.
MSI (c) (D4:10) [14:19:04:049]: Baseline: New baseline 7.11.0 from transaction.
MSI (c) (D4:10) [14:19:04:049]: Baseline: Sorted order Native: Order 0.
MSI (c) (D4:10) [14:19:04:049]: Baseline Data Table:
MSI (c) (D4:10) [14:19:04:049]: ProductCode: {B5DF29E9-885D-4FD0-B62D-33615AC65A53} Version: 7.11.0 Attributes: 0 PatchId: Native BaselineId: -2147483648 Order: 0
MSI (c) (D4:10) [14:19:04:049]: Baseline File Table:
Action ended 14:19:04: CostInitialize. Return value 1.
Action start 14:19:04: FileCost.
Action ended 14:19:04: FileCost. Return value 1.
Action start 14:19:04: IsolateComponents.
Action ended 14:19:04: IsolateComponents. Return value 1.
Action start 14:19:04: CostFinalize.
Action ended 14:19:04: CostFinalize. Return value 1.
Action start 14:19:04: MigrateFeatureStates.
Action ended 14:19:04: MigrateFeatureStates. Return value 0.
Action start 14:19:04: WelcomeDlg.
DEBUG: Error 2826: Control BottomLine on dialog WelcomeDlg extends beyond the boundaries of the dialog to the right by 7 pixels
The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2826. The arguments are: WelcomeDlg, BottomLine, to the right
Info 2898. DlgFontBold8, Tahoma, 1
DEBUG: Error 2826: Control BannerBitmap on dialog VerifyReadyDlg extends beyond the boundaries of the dialog to the right by 7 pixels
The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2826. The arguments are: VerifyReadyDlg, BannerBitmap, to the right
DEBUG: Error 2826: Control BottomLine on dialog VerifyReadyDlg extends beyond the boundaries of the dialog to the right by 7 pixels
The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2826. The arguments are: VerifyReadyDlg, BottomLine, to the right
DEBUG: Error 2826: Control BannerLine on dialog VerifyReadyDlg extends beyond the boundaries of the dialog to the right by 7 pixels
The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2826. The arguments are: VerifyReadyDlg, BannerLine, to the right
Action ended 14:19:05: WelcomeDlg. Return value 1.
Action start 14:19:05: ProgressDlg.
DEBUG: Error 2826: Control BannerBitmap on dialog ProgressDlg extends beyond the boundaries of the dialog to the right by 7 pixels
The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2826. The arguments are: ProgressDlg, BannerBitmap, to the right
DEBUG: Error 2826: Control BottomLine on dialog ProgressDlg extends beyond the boundaries of the dialog to the right by 7 pixels
The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2826. The arguments are: ProgressDlg, BottomLine, to the right
DEBUG: Error 2826: Control BannerLine on dialog ProgressDlg extends beyond the boundaries of the dialog to the right by 7 pixels
The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2826. The arguments are: ProgressDlg, BannerLine, to the right
Action ended 14:19:06: ProgressDlg. Return value 1.
FE7CFB0F8FC9EE44190B518848DC785C
MSI (s) (64:9C) [14:19:22:948]: Using cached product context: machine assigned for product: FE7CFB0F8FC9EE44190B518848DC785C
MSI (s) (64:9C) [14:19:24:572]: Enabling baseline caching for this transaction since all active patches are MSI 3.0 style MSPs or at least one MSI 3.0 minor update patch is active
Action start 14:19:24: INSTALL.
Action start 14:19:24: LaunchConditions.
Action ended 14:19:24: LaunchConditions. Return value 1.
Action start 14:19:24: FindRelatedProducts.
Action ended 14:19:24: FindRelatedProducts. Return value 0.
Action start 14:19:24: AppSearch.
Action ended 14:19:24: AppSearch. Return value 0.
Action start 14:19:24: CCPSearch.
Action ended 14:19:24: CCPSearch. Return value 0.
Action start 14:19:24: RMCCPSearch.
Action ended 14:19:24: RMCCPSearch. Return value 0.
Action start 14:19:24: ValidateProductID.
Action ended 14:19:24: ValidateProductID. Return value 1.
Action start 14:19:24: CostInitialize.
MSI (s) (64:9C) [14:19:24:662]: Baseline: Sorting baselines for {B5DF29E9-885D-4FD0-B62D-33615AC65A53}.
MSI (s) (64:9C) [14:19:24:662]: Baseline: New baseline 7.11.0 from transaction.
MSI (s) (64:9C) [14:19:24:662]: Baseline: Sorted order Native: Order 0.
MSI (s) (64:9C) [14:19:24:662]: Baseline Data Table:
MSI (s) (64:9C) [14:19:24:662]: ProductCode: {B5DF29E9-885D-4FD0-B62D-33615AC65A53} Version: 7.11.0 Attributes: 0 PatchId: Native BaselineId: -2147483648 Order: 0
MSI (s) (64:9C) [14:19:24:662]: Baseline File Table:
MSI (s) (64:9C) [14:19:24:662]: Dumping __MsiPatchMedia table...
MSI (s) (64:9C) [14:19:24:662]: Delta compression fallback method for this product transaction is 'MSI 2.0 legacy obsolescence'
Action ended 14:19:24: CostInitialize. Return value 1.
Action start 14:19:24: FileCost.
Action ended 14:19:24: FileCost. Return value 1.
Action start 14:19:24: IsolateComponents.
Action ended 14:19:24: IsolateComponents. Return value 1.
Action start 14:19:24: CostFinalize.
Action ended 14:19:24: CostFinalize. Return value 1.
Action start 14:19:24: SetODBCFolders.
Action ended 14:19:24: SetODBCFolders. Return value 1.
Action start 14:19:24: MigrateFeatureStates.
Action ended 14:19:24: MigrateFeatureStates. Return value 0.
Action start 14:19:24: InstallValidate.
Action ended 14:19:24: InstallValidate. Return value 1.
Action start 14:19:24: InstallInitialize.
Action ended 14:19:29: InstallInitialize. Return value 1.
Action start 14:19:29: AllocateRegistrySpace.
Action ended 14:19:29: AllocateRegistrySpace. Return value 1.
Action start 14:19:30: ProcessComponents.
Action ended 14:19:30: ProcessComponents. Return value 1.
Action start 14:19:30: UnpublishComponents.
Action ended 14:19:30: UnpublishComponents. Return value 1.
Action start 14:19:30: MsiUnpublishAssemblies.
Action ended 14:19:30: MsiUnpublishAssemblies. Return value 0.
Action start 14:19:30: UnpublishFeatures.
Action ended 14:19:30: UnpublishFeatures. Return value 1.
Action start 14:19:30: StopServices.
Action ended 14:19:30: StopServices. Return value 1.
Action start 14:19:30: DeleteServices.
Action ended 14:19:30: DeleteServices. Return value 1.
Action start 14:19:30: UnregisterComPlus.
Action ended 14:19:30: UnregisterComPlus. Return value 1.
Action start 14:19:30: SelfUnregModules.
Action ended 14:19:30: SelfUnregModules. Return value 1.
Action start 14:19:30: UnregisterTypeLibraries.
Action ended 14:19:30: UnregisterTypeLibraries. Return value 1.
Action start 14:19:30: RemoveODBC.
Action ended 14:19:30: RemoveODBC. Return value 1.
Action start 14:19:30: UnregisterFonts.
Action ended 14:19:30: UnregisterFonts. Return value 1.
Action start 14:19:30: RemoveRegistryValues.
Action ended 14:19:30: RemoveRegistryValues. Return value 1.
Action start 14:19:30: UnregisterClassInfo.
Action ended 14:19:30: UnregisterClassInfo. Return value 1.
Action start 14:19:30: UnregisterExtensionInfo.
Action ended 14:19:30: UnregisterExtensionInfo. Return value 1.
Action start 14:19:30: UnregisterProgIdInfo.
Action ended 14:19:30: UnregisterProgIdInfo. Return value 1.
Action start 14:19:30: UnregisterMIMEInfo.
Action ended 14:19:30: UnregisterMIMEInfo. Return value 1.
Action start 14:19:30: RemoveIniValues.
Action ended 14:19:30: RemoveIniValues. Return value 1.
Action start 14:19:30: RemoveShortcuts.
Action ended 14:19:30: RemoveShortcuts. Return value 1.
Action start 14:19:30: RemoveEnvironmentStrings.
Action ended 14:19:30: RemoveEnvironmentStrings. Return value 1.
Action start 14:19:30: RemoveDuplicateFiles.
Action ended 14:19:30: RemoveDuplicateFiles. Return value 1.
Action start 14:19:30: RemoveFiles.
Action ended 14:19:30: RemoveFiles. Return value 1.
Action start 14:19:30: RemoveFolders.
Action ended 14:19:30: RemoveFolders. Return value 1.
Action start 14:19:30: CreateFolders.
Action ended 14:19:30: CreateFolders. Return value 1.
Action start 14:19:30: MoveFiles.
Action ended 14:19:30: MoveFiles. Return value 1.
Action start 14:19:30: InstallFiles.
MSI (s) (64:9C) [14:19:30:150]: Dumping binary patch manager data...
MSI (s) (64:9C) [14:19:30:150]: The file represented by File table key 'ILAUNCHR.CFG' has no eligible binary patches
MSI (s) (64:9C) [14:19:30:150]: The file represented by File table key 'fsc_jar.jar' has no eligible binary patches
MSI (s) (64:9C) [14:19:30:150]: The file represented by File table key 'ILAUNCHR.exe' has no eligible binary patches
MSI (s) (64:9C) [14:19:30:150]: The file represented by File table key 'RunSetup.exe' has no eligible binary patches
MSI (s) (64:9C) [14:19:30:150]: The file represented by File table key 'ilwrap.exe' has no eligible binary patches
MSI (s) (64:9C) [14:19:30:150]: Dumping binary patch manager data...
Action ended 14:19:30: InstallFiles. Return value 1.
Action start 14:19:30: PatchFiles.
Action ended 14:19:30: PatchFiles. Return value 1.
Action start 14:19:30: DuplicateFiles.
Action ended 14:19:30: DuplicateFiles. Return value 1.
Action start 14:19:30: BindImage.
Action ended 14:19:30: BindImage. Return value 1.
Action start 14:19:30: CreateShortcuts.
Action ended 14:19:30: CreateShortcuts. Return value 1.
Action start 14:19:30: RegisterClassInfo.
Action ended 14:19:30: RegisterClassInfo. Return value 1.
Action start 14:19:30: RegisterExtensionInfo.
Action ended 14:19:30: RegisterExtensionInfo. Return value 1.
Action start 14:19:30: RegisterProgIdInfo.
Action ended 14:19:30: RegisterProgIdInfo. Return value 1.
Action start 14:19:30: RegisterMIMEInfo.
Action ended 14:19:30: RegisterMIMEInfo. Return value 1.
Action start 14:19:30: WriteRegistryValues.
Action ended 14:19:30: WriteRegistryValues. Return value 1.
Action start 14:19:30: WriteIniValues.
Action ended 14:19:30: WriteIniValues. Return value 1.
Action start 14:19:30: WriteEnvironmentStrings.
Action ended 14:19:30: WriteEnvironmentStrings. Return value 1.
Action start 14:19:30: RegisterFonts.
Action ended 14:19:30: RegisterFonts. Return value 1.
Action start 14:19:30: InstallODBC.
Action ended 14:19:30: InstallODBC. Return value 0.
Action start 14:19:30: RegisterTypeLibraries.
Action ended 14:19:30: RegisterTypeLibraries. Return value 1.
Action start 14:19:30: SelfRegModules.
Action ended 14:19:30: SelfRegModules. Return value 1.
Action start 14:19:30: RegisterComPlus.
Action ended 14:19:30: RegisterComPlus. Return value 1.
Action start 14:19:30: InstallServices.
Action ended 14:19:30: InstallServices. Return value 1.
Action start 14:19:30: StartServices.
Action ended 14:19:30: StartServices. Return value 1.
Action start 14:19:30: InstallExecute.
Action ended 14:19:32: InstallExecute. Return value 1.
Action start 14:19:32: RunILauncher.
Action ended 14:19:32: RunILauncher. Return value 1.
Action start 14:19:32: RegisterUser.
Action ended 14:19:32: RegisterUser. Return value 1.
Action start 14:19:32: RegisterProduct.
Action ended 14:19:32: RegisterProduct. Return value 1.
Action start 14:19:32: PublishComponents.
Action ended 14:19:32: PublishComponents. Return value 1.
Action start 14:19:32: MsiPublishAssemblies.
Action ended 14:19:32: MsiPublishAssemblies. Return value 0.
Action start 14:19:32: PublishFeatures.
Action ended 14:19:32: PublishFeatures. Return value 1.
Action start 14:19:32: PublishProduct.
Action ended 14:19:32: PublishProduct. Return value 1.
Action start 14:19:32: InstallFinalize.
MSI (s) (64:9C) [14:19:59:637]: Product: F-Secure Client Security -- Error 1722. There is a problem with this Windows Installer package. A program run as part of the setup did not finish as expected. Contact your support personnel or package vendor. Action RunILauncher, location: C:\Programmer\F-Secure\FSMSI\ilwrap.exe, command: fsc_jar.jar /U /F /ROFTWARE\Data Fellows\F-Secure\ILauncher /C
Action ended 14:19:59: InstallFinalize. Return value 3.
Action ended 14:19:59: INSTALL. Return value 3.
Action ended 14:19:59: ExecuteAction. Return value 3.
Action start 14:19:59: FatalError.
DEBUG: Error 2826: Control BottomLine on dialog FatalError extends beyond the boundaries of the dialog to the right by 7 pixels
The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2826. The arguments are: FatalError, BottomLine, to the right
Action ended 14:20:01: FatalError. Return value 2.
Action ended 14:20:01: INSTALL. Return value 3.
=== Logging stopped: 21-08-2008 14:20:01 ===
MSI (c) (D4:10) [14:20:01:594]: Product: F-Secure Client Security -- Installation failed.Hi nikki7,
Are you using a non-english operating system? If you are, then the KnowledgeBase article I included below should be helpful. I hope this helps!
Error -2705 from the MSI Installer Built with the Visual Studio .NET Installation Builder: http://digital.ni.com/public.nsf/allkb/19CA3B8F15B4FB9386256DDA006DFED8?OpenDocument
Regards,
Jason D
Applications Engineer
National Instruments -
Security realm - Security:097533 - Developing own authentication provider
hi everyone,
i Developing own authentication provider and i installed a security patch, so while i restarting the weblogic server encountered the below Exeption:
<10/05/2013 05:54:33 PM COT> <Error> <Security> <BEA-090870> <The realm "myrealm" failed to be loaded: weblogic.security.service.SecurityServiceException: com.bea.common.engine.ServiceInitializationException: com.bea.common.engine.SecurityServiceRuntimeException: [Security:097533]SecurityProvider service class name for AS400Realm is not specified..
weblogic.security.service.SecurityServiceException: com.bea.common.engine.ServiceInitializationException: com.bea.common.engine.SecurityServiceRuntimeException: [Security:097533]SecurityProvider service class name for AS400Realm is not specified.
at weblogic.security.service.CSSWLSDelegateImpl.initializeServiceEngine(CSSWLSDelegateImpl.java:341)
at weblogic.security.service.CSSWLSDelegateImpl.initialize(CSSWLSDelegateImpl.java:220)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.InitializeServiceEngine(CommonSecurityServiceManagerDelegateImpl.java:1789)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initializeRealm(CommonSecurityServiceManagerDelegateImpl.java:443)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.loadRealm(CommonSecurityServiceManagerDelegateImpl.java:841)
Truncated. see log file for complete stacktrace
Caused By: com.bea.common.engine.ServiceInitializationException: com.bea.common.engine.SecurityServiceRuntimeException: [Security:097533]SecurityProvider service class name for AS400Realm is not specified.
at com.bea.common.engine.internal.ServiceEngineImpl.findOrStartService(ServiceEngineImpl.java:365)
at com.bea.common.engine.internal.ServiceEngineImpl.findOrStartService(ServiceEngineImpl.java:315)
at com.bea.common.engine.internal.ServiceEngineImpl.lookupService(ServiceEngineImpl.java:257)
at com.bea.common.engine.internal.ServicesImpl.getService(ServicesImpl.java:72)
at weblogic.security.service.internal.WLSIdentityServiceImpl.initialize(WLSIdentityServiceImpl.java:46)
Truncated. see log file for complete stacktrace
Caused By: com.bea.common.engine.SecurityServiceRuntimeException: [Security:097533]SecurityProvider service class name for AS400Realm is not specified.
at com.bea.common.security.internal.legacy.service.SecurityProviderImpl.init(SecurityProviderImpl.java:42)
at com.bea.common.engine.internal.ServiceEngineImpl.findOrStartService(ServiceEngineImpl.java:363)
at com.bea.common.engine.internal.ServiceEngineImpl.findOrStartService(ServiceEngineImpl.java:315)
at com.bea.common.engine.internal.ServiceEngineImpl.lookupService(ServiceEngineImpl.java:257)
at com.bea.common.engine.internal.ServicesImpl.getService(ServicesImpl.java:72)
Truncated. see log file for complete stacktrace
this is the config.xml :
<domain xmlns="http://xmlns.oracle.com/weblogic/domain" xmlns:sec="http://xmlns.oracle.com/weblogic/security" xmlns:wls="http://xmlns.oracle.com/weblogic/security/wls" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://xmlns.oracle.com/weblogic/security/xacml http://xmlns.oracle.com/weblogic/security/xacml/1.0/xacml.xsd http://xmlns.oracle.com/weblogic/security/providers/passwordvalidator http://xmlns.oracle.com/weblogic/security/providers/passwordvalidator/1.0/passwordvalidator.xsd http://xmlns.oracle.com/weblogic/domain http://xmlns.oracle.com/weblogic/1.0/domain.xsd http://xmlns.oracle.com/weblogic/security http://xmlns.oracle.com/weblogic/1.0/security.xsd http://xmlns.oracle.com/weblogic/security/wls http://xmlns.oracle.com/weblogic/security/wls/1.0/wls.xsd http://xmlns.oracle.com/weblogic/security/extension http://xmlns.oracle.com/weblogic/1.0/security.xsd">
<name>base_domain</name>
<domain-version>12.1.1.0</domain-version>
<security-configuration>
<name>base_domain</name>
<realm>
<sec:authentication-provider xsi:type="wls:default-authenticatorType"></sec:authentication-provider>
<sec:authentication-provider xsi:type="wls:default-identity-asserterType">
<sec:active-type>AuthenticatedUser</sec:active-type>
</sec:authentication-provider>
<sec:authentication-provider xmlns:ext="http://xmlns.oracle.com/weblogic/security/extension" xsi:type="ext:as400-realmType">
<sec:name>AS400Realm</sec:name>
<sec:control-flag>OPTIONAL</sec:control-flag>
</sec:authentication-provider>
<sec:role-mapper xmlns:xac="http://xmlns.oracle.com/weblogic/security/xacml" xsi:type="xac:xacml-role-mapperType"></sec:role-mapper>
<sec:authorizer xmlns:xac="http://xmlns.oracle.com/weblogic/security/xacml" xsi:type="xac:xacml-authorizerType"></sec:authorizer>
<sec:adjudicator xsi:type="wls:default-adjudicatorType"></sec:adjudicator>
<sec:credential-mapper xsi:type="wls:default-credential-mapperType"></sec:credential-mapper>
<sec:cert-path-provider xsi:type="wls:web-logic-cert-path-providerType"></sec:cert-path-provider>
<sec:cert-path-builder>WebLogicCertPathProvider</sec:cert-path-builder>
<sec:user-lockout-manager>
<sec:lockout-enabled>false</sec:lockout-enabled>
</sec:user-lockout-manager>
<sec:deploy-role-ignored>false</sec:deploy-role-ignored>
<sec:deploy-policy-ignored>false</sec:deploy-policy-ignored>
<sec:security-dd-model>DDOnly</sec:security-dd-model>
<sec:name>myrealm</sec:name>
<sec:password-validator xmlns:pas="http://xmlns.oracle.com/weblogic/security/providers/passwordvalidator" xsi:type="pas:system-password-validatorType">
<sec:name>SystemPasswordValidator</sec:name>
<pas:min-password-length>8</pas:min-password-length>
<pas:min-numeric-or-special-characters>1</pas:min-numeric-or-special-characters>
</sec:password-validator>
</realm>
<default-realm>myrealm</default-realm>
<credential-encrypted>{AES}kyVB/9J9Fbvp11tAnYgn6grV6wQwNZZGHSh2JLQtesxS46Re+QCfIAttNE5JugllQvUHOhE+pz0AnEfYL2p5q2oeRsjqoQz2/1Lg8x+3WMoKic0xnRzw2RWoFjQo3F9x</credential-encrypted>
<node-manager-username>weblogic</node-manager-username>
<node-manager-password-encrypted>{AES}4jkSbv5dMOl6cRpRa4QwB83XVavtq168cV4L+NSFDcI=</node-manager-password-encrypted>
<cross-domain-security-enabled>true</cross-domain-security-enabled>
</security-configuration>
<server>
<name>AdminServer</name>
<listen-address>localhost</listen-address>
<staging-mode>nostage</staging-mode>
</server>
<embedded-ldap>
<name>base_domain</name>
<credential-encrypted>{AES}9YeG1UFRNQzM0v6/j8cFvT9x9fkJUl1FJOWGInl5dax26FgMNEVwKNxOBHvW2opm</credential-encrypted>
</embedded-ldap>
<configuration-version>12.1.1.0</configuration-version>
this is the mbean xml (A400Realmmbean.xml):
<?xml version="1.0" ?>
<!DOCTYPE MBeanType SYSTEM "commo.dtd">
<MBeanType Name = "AS400Realm" DisplayName = "AS400Realm"
Package = "co.com.claro.security"
Extends = "weblogic.management.security.authentication.Authenticator"
PersistPolicy = "OnUpdate"
>
<MbeanAttribute Name = "ProviderClassName" Type = "java.lang.String"
Writeable = "false"
Default =
""co.com.claro.AS400Realm""
/>
<MBeanAttribute Name = "Description" Type = "java.lang.String"
Writeable = "false" Default = ""My Identity Assertion Provider""
/>
<MBeanAttribute Name = "Version" Type = "java.lang.String"
Writeable = "false" Default = ""1.0""
/>
</MBeanType>
and the runtime class:
AS400Realm.java:
* To change this template, choose Tools | Templates
* and open the template in the editor.
package co.com.claro.security;
import java.util.HashMap;
import javax.security.auth.login.AppConfigurationEntry;
import javax.security.auth.login.AppConfigurationEntry.LoginModuleControlFlag;
import weblogic.management.security.ProviderMBean;
import weblogic.security.provider.PrincipalValidatorImpl;
import weblogic.security.spi.AuthenticationProviderV2;
import weblogic.security.spi.IdentityAsserterV2;
import weblogic.security.spi.PrincipalValidator;
import weblogic.security.spi.SecurityServices;
import weblogic.security.principal.WLSGroupImpl;
import weblogic.security.principal.WLSUserImpl;
public final class AS400Realm implements AuthenticationProviderV2
private String description;
// private SimpleSampleAuthenticatorDatabase database;
private LoginModuleControlFlag controlFlag;
// public String PARAM_JAAS_CONTEXT = "jaas-context";
// public String PARAM_DATASOURCE_NAME = "jdbc/Oracle";
// public String DEFAULT_GROUP_NAME = "default";
public void initialize(ProviderMBean mbean, SecurityServices services)
System.out.println("AS400Realm.initialize");
AS400RealmMBean myMBean = (AS400RealmMBean)mbean;
description = myMBean.getDescription() + "\n" + myMBean.getVersion();
// database = new SimpleSampleAuthenticatorDatabase(myMBean);
String flag = myMBean.getControlFlag();
if (flag.equalsIgnoreCase("REQUIRED")) {
controlFlag = LoginModuleControlFlag.REQUIRED;
} else if (flag.equalsIgnoreCase("OPTIONAL")) {
controlFlag = LoginModuleControlFlag.OPTIONAL;
} else if (flag.equalsIgnoreCase("REQUISITE")) {
controlFlag = LoginModuleControlFlag.REQUISITE;
} else if (flag.equalsIgnoreCase("SUFFICIENT")) {
controlFlag = LoginModuleControlFlag.SUFFICIENT;
} else {
throw new IllegalArgumentException("invalid flag value" + flag);
public String getDescription()
return description;
public void shutdown()
System.out.println("AS400Realm.shutdown");
private AppConfigurationEntry getConfiguration(HashMap options)
options.put("PARAM_DATASOURCE_NAME", "jdbc/Oracle");
return new
AppConfigurationEntry(
"co.com.claro.security.AS400LoginModule",
controlFlag,
options
public AppConfigurationEntry getLoginModuleConfiguration()
HashMap options = new HashMap();
return getConfiguration(options);
public AppConfigurationEntry getAssertionModuleConfiguration()
HashMap options = new HashMap();
options.put("IdentityAssertion","true");
return getConfiguration(options);
public PrincipalValidator getPrincipalValidator()
return new PrincipalValidatorImpl();
public IdentityAsserterV2 getIdentityAsserter()
return null;
AS400LoginModule.java :
* To change this template, choose Tools | Templates
* and open the template in the editor.
package co.com.claro.security;
import com.ibm.as400.access.AS400;
import java.io.IOException;
import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.util.Enumeration;
import java.util.Map;
import java.util.Vector;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.naming.Context;
import javax.naming.InitialContext;
import javax.naming.NamingException;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.LoginException;
import javax.security.auth.login.FailedLoginException;
import javax.security.auth.spi.LoginModule;
import javax.sql.DataSource;
import weblogic.security.spi.WLSGroup;
import weblogic.security.spi.WLSUser;
import weblogic.security.principal.WLSGroupImpl;
import weblogic.security.principal.WLSUserImpl;
* @author dmunoz
final public class AS400LoginModule implements LoginModule {
private Subject subject;
private CallbackHandler callbackHandler;
private String PARAM_DATASOURCE_NAME = "jdbc/Oracle";
private String DEFAULT_GROUP_NAME = "default";
// Determine whether this is a login or assert identity
private boolean isIdentityAssertion;
// Authentication status
private boolean loginSucceeded;
private boolean principalsInSubject;
private Vector principalsForSubject = new Vector();
public void initialize(Subject subject, CallbackHandler callbackHandler, Map sharedState, Map options) {
// only called (once!) after the constructor and before login
System.out.println("SimpleSampleLoginModuleImpl.initialize");
this.subject = subject;
this.callbackHandler = callbackHandler;
// Check for Identity Assertion option
isIdentityAssertion =
"true".equalsIgnoreCase((String) options.get("IdentityAssertion"));
private boolean authenticateAS400(String user, String passwd) throws Exception {
String host ="172.31.2.80";//Config.getProperty(Config.AS400_AUTHENTICATION_HOST);
AS400 as400System;
as400System = new AS400(host, user, passwd);
return as400System.validateSignon();
public boolean login() throws LoginException {
// only called (once!) after initialize
System.out.println("SimpleSampleLoginModuleImpl.login");
// loginSucceeded should be false
// principalsInSubject should be false
Callback[] callbacks = getCallbacks();
String userName = getUserName(callbacks);
if (userName.length() > 0) {
if (!isIdentityAssertion) {
String passwordHave = getPasswordHave(userName, callbacks);
try{
loginSucceeded = authenticateAS400(userName, passwordHave);
}catch(Exception e){
Logger.getLogger(AS400LoginModule.class.getName()).log(Level.WARNING, null, e);
throw new LoginException(e.getMessage());
} else {
// anonymous login - let it through?
System.out.println("\tempty userName");
if (loginSucceeded) {
principalsForSubject.add(new WLSUserImpl(userName));
addGroupsForSubject(userName);
return loginSucceeded;
public boolean commit() throws LoginException {
// only called (once!) after login
// loginSucceeded should be true or false
// principalsInSubject should be false
// user should be null if !loginSucceeded, null or not-null otherwise
// group should be null if user == null, null or not-null otherwise
System.out.println("SimpleSampleLoginModule.commit");
if (loginSucceeded) {
subject.getPrincipals().addAll(principalsForSubject);
principalsInSubject = true;
return true;
} else {
return false;
public boolean abort() throws LoginException {
// The abort method is called to abort the authentication process. This is
// phase 2 of authentication when phase 1 fails. It is called if the
// LoginContext's overall authentication failed.
// loginSucceeded should be true or false
// user should be null if !loginSucceeded, otherwise null or not-null
// group should be null if user == null, otherwise null or not-null
// principalsInSubject should be false if user is null, otherwise true
// or false
System.out.println("SimpleSampleLoginModule.abort");
if (principalsInSubject) {
subject.getPrincipals().removeAll(principalsForSubject);
principalsInSubject = false;
return true;
public boolean logout() throws LoginException {
// should never be called
System.out.println("SimpleSampleLoginModule.logout");
return true;
private void throwLoginException(String msg) throws LoginException {
System.out.println("Throwing LoginException(" + msg + ")");
throw new LoginException(msg);
private void throwFailedLoginException(String msg) throws FailedLoginException {
System.out.println("Throwing FailedLoginException(" + msg + ")");
throw new FailedLoginException(msg);
private Callback[] getCallbacks() throws LoginException {
if (callbackHandler == null) {
throwLoginException("No CallbackHandler Specified");
Callback[] callbacks;
if (isIdentityAssertion) {
callbacks = new Callback[1];
} else {
callbacks = new Callback[2];
callbacks[1] = new PasswordCallback("password: ", false);
callbacks[0] = new NameCallback("username: ");
try {
callbackHandler.handle(callbacks);
} catch (IOException e) {
throw new LoginException(e.toString());
} catch (UnsupportedCallbackException e) {
throwLoginException(e.toString() + " " + e.getCallback().toString());
return callbacks;
private String getUserName(Callback[] callbacks) throws LoginException {
String userName = ((NameCallback) callbacks[0]).getName();
if (userName == null) {
throwLoginException("Username not supplied.");
System.out.println("\tuserName\t= " + userName);
return userName;
private void addGroupsForSubject(String userName) {
try {
for (Enumeration e = getGroupNamesAS400(userName);
e.hasMoreElements();) {
String groupName = (String) e.nextElement();
System.out.println("\tgroupName\t= " + groupName);
principalsForSubject.add(new WLSGroupImpl(groupName));
} catch (Exception ex) {
Logger.getLogger(AS400LoginModule.class.getName()).log(Level.SEVERE, null, ex);
public Enumeration getGroupNamesAS400(String usuario)
throws Exception {
if(usuario == null) {
throw new Exception("Usuario no puede ser vacio");
Vector<String> grupos = new Vector<String>();
grupos.add(DEFAULT_GROUP_NAME);
Connection conn = null;
ResultSet rs = null;
PreparedStatement statement = null;
try {
Context c = new InitialContext();
DataSource dst = (DataSource) c.lookup(PARAM_DATASOURCE_NAME);
conn = dst.getConnection();
String query = "SELECT COD_ROL AS ROL " +
"FROM gestionnew.us_rol_perfil " +
"JOIN gestionnew.usuarios " +
"ON us_rol_perfil.id_perfil = usuarios.id_perfil " +
"WHERE upper(usuarios.usuariorr) = ?";
statement = conn.prepareStatement(query);
statement.setString(1, usuario.toUpperCase());
rs = statement.executeQuery();
while (rs.next()) {
grupos.add(rs.getString("ROL"));
} catch (SQLException ex) {
Logger.getLogger(AS400LoginModule.class.getName()).log(Level.SEVERE, null, ex);
} catch (NamingException ex) {
Logger.getLogger(AS400LoginModule.class.getName()).log(Level.SEVERE, null, ex);
} finally {
if (conn != null) {
try {
conn.close();
} catch (SQLException ex) {
Logger.getLogger(AS400LoginModule.class.getName()).log(Level.SEVERE, null, ex);
if (rs != null) {
try {
rs.close();
} catch (SQLException ex) {
Logger.getLogger(AS400LoginModule.class.getName()).log(Level.SEVERE, null, ex);
if (statement != null) {
try {
statement.close();
} catch (SQLException ex) {
Logger.getLogger(AS400LoginModule.class.getName()).log(Level.SEVERE, null, ex);
return grupos.elements();
private String getPasswordHave(String userName, Callback[] callbacks) throws
LoginException {
PasswordCallback passwordCallback = (PasswordCallback) callbacks[1];
char[] password = passwordCallback.getPassword();
passwordCallback.clearPassword();
if (password == null || password.length < 1) {
throwLoginException("Authentication Failed: User " + userName +
". Password not supplied");
String passwd = new String(password);
System.out.println("\tpasswordHave\t= " + passwd);
return passwd;
thankshi everyone,
i Developing own authentication provider and i installed a security patch, so while i restarting the weblogic server encountered the below Exeption:
<10/05/2013 05:54:33 PM COT> <Error> <Security> <BEA-090870> <The realm "myrealm" failed to be loaded: weblogic.security.service.SecurityServiceException: com.bea.common.engine.ServiceInitializationException: com.bea.common.engine.SecurityServiceRuntimeException: [Security:097533]SecurityProvider service class name for AS400Realm is not specified..
weblogic.security.service.SecurityServiceException: com.bea.common.engine.ServiceInitializationException: com.bea.common.engine.SecurityServiceRuntimeException: [Security:097533]SecurityProvider service class name for AS400Realm is not specified.
at weblogic.security.service.CSSWLSDelegateImpl.initializeServiceEngine(CSSWLSDelegateImpl.java:341)
at weblogic.security.service.CSSWLSDelegateImpl.initialize(CSSWLSDelegateImpl.java:220)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.InitializeServiceEngine(CommonSecurityServiceManagerDelegateImpl.java:1789)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initializeRealm(CommonSecurityServiceManagerDelegateImpl.java:443)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.loadRealm(CommonSecurityServiceManagerDelegateImpl.java:841)
Truncated. see log file for complete stacktrace
Caused By: com.bea.common.engine.ServiceInitializationException: com.bea.common.engine.SecurityServiceRuntimeException: [Security:097533]SecurityProvider service class name for AS400Realm is not specified.
at com.bea.common.engine.internal.ServiceEngineImpl.findOrStartService(ServiceEngineImpl.java:365)
at com.bea.common.engine.internal.ServiceEngineImpl.findOrStartService(ServiceEngineImpl.java:315)
at com.bea.common.engine.internal.ServiceEngineImpl.lookupService(ServiceEngineImpl.java:257)
at com.bea.common.engine.internal.ServicesImpl.getService(ServicesImpl.java:72)
at weblogic.security.service.internal.WLSIdentityServiceImpl.initialize(WLSIdentityServiceImpl.java:46)
Truncated. see log file for complete stacktrace
Caused By: com.bea.common.engine.SecurityServiceRuntimeException: [Security:097533]SecurityProvider service class name for AS400Realm is not specified.
at com.bea.common.security.internal.legacy.service.SecurityProviderImpl.init(SecurityProviderImpl.java:42)
at com.bea.common.engine.internal.ServiceEngineImpl.findOrStartService(ServiceEngineImpl.java:363)
at com.bea.common.engine.internal.ServiceEngineImpl.findOrStartService(ServiceEngineImpl.java:315)
at com.bea.common.engine.internal.ServiceEngineImpl.lookupService(ServiceEngineImpl.java:257)
at com.bea.common.engine.internal.ServicesImpl.getService(ServicesImpl.java:72)
Truncated. see log file for complete stacktrace
this is the config.xml :
<domain xmlns="http://xmlns.oracle.com/weblogic/domain" xmlns:sec="http://xmlns.oracle.com/weblogic/security" xmlns:wls="http://xmlns.oracle.com/weblogic/security/wls" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://xmlns.oracle.com/weblogic/security/xacml http://xmlns.oracle.com/weblogic/security/xacml/1.0/xacml.xsd http://xmlns.oracle.com/weblogic/security/providers/passwordvalidator http://xmlns.oracle.com/weblogic/security/providers/passwordvalidator/1.0/passwordvalidator.xsd http://xmlns.oracle.com/weblogic/domain http://xmlns.oracle.com/weblogic/1.0/domain.xsd http://xmlns.oracle.com/weblogic/security http://xmlns.oracle.com/weblogic/1.0/security.xsd http://xmlns.oracle.com/weblogic/security/wls http://xmlns.oracle.com/weblogic/security/wls/1.0/wls.xsd http://xmlns.oracle.com/weblogic/security/extension http://xmlns.oracle.com/weblogic/1.0/security.xsd">
<name>base_domain</name>
<domain-version>12.1.1.0</domain-version>
<security-configuration>
<name>base_domain</name>
<realm>
<sec:authentication-provider xsi:type="wls:default-authenticatorType"></sec:authentication-provider>
<sec:authentication-provider xsi:type="wls:default-identity-asserterType">
<sec:active-type>AuthenticatedUser</sec:active-type>
</sec:authentication-provider>
<sec:authentication-provider xmlns:ext="http://xmlns.oracle.com/weblogic/security/extension" xsi:type="ext:as400-realmType">
<sec:name>AS400Realm</sec:name>
<sec:control-flag>OPTIONAL</sec:control-flag>
</sec:authentication-provider>
<sec:role-mapper xmlns:xac="http://xmlns.oracle.com/weblogic/security/xacml" xsi:type="xac:xacml-role-mapperType"></sec:role-mapper>
<sec:authorizer xmlns:xac="http://xmlns.oracle.com/weblogic/security/xacml" xsi:type="xac:xacml-authorizerType"></sec:authorizer>
<sec:adjudicator xsi:type="wls:default-adjudicatorType"></sec:adjudicator>
<sec:credential-mapper xsi:type="wls:default-credential-mapperType"></sec:credential-mapper>
<sec:cert-path-provider xsi:type="wls:web-logic-cert-path-providerType"></sec:cert-path-provider>
<sec:cert-path-builder>WebLogicCertPathProvider</sec:cert-path-builder>
<sec:user-lockout-manager>
<sec:lockout-enabled>false</sec:lockout-enabled>
</sec:user-lockout-manager>
<sec:deploy-role-ignored>false</sec:deploy-role-ignored>
<sec:deploy-policy-ignored>false</sec:deploy-policy-ignored>
<sec:security-dd-model>DDOnly</sec:security-dd-model>
<sec:name>myrealm</sec:name>
<sec:password-validator xmlns:pas="http://xmlns.oracle.com/weblogic/security/providers/passwordvalidator" xsi:type="pas:system-password-validatorType">
<sec:name>SystemPasswordValidator</sec:name>
<pas:min-password-length>8</pas:min-password-length>
<pas:min-numeric-or-special-characters>1</pas:min-numeric-or-special-characters>
</sec:password-validator>
</realm>
<default-realm>myrealm</default-realm>
<credential-encrypted>{AES}kyVB/9J9Fbvp11tAnYgn6grV6wQwNZZGHSh2JLQtesxS46Re+QCfIAttNE5JugllQvUHOhE+pz0AnEfYL2p5q2oeRsjqoQz2/1Lg8x+3WMoKic0xnRzw2RWoFjQo3F9x</credential-encrypted>
<node-manager-username>weblogic</node-manager-username>
<node-manager-password-encrypted>{AES}4jkSbv5dMOl6cRpRa4QwB83XVavtq168cV4L+NSFDcI=</node-manager-password-encrypted>
<cross-domain-security-enabled>true</cross-domain-security-enabled>
</security-configuration>
<server>
<name>AdminServer</name>
<listen-address>localhost</listen-address>
<staging-mode>nostage</staging-mode>
</server>
<embedded-ldap>
<name>base_domain</name>
<credential-encrypted>{AES}9YeG1UFRNQzM0v6/j8cFvT9x9fkJUl1FJOWGInl5dax26FgMNEVwKNxOBHvW2opm</credential-encrypted>
</embedded-ldap>
<configuration-version>12.1.1.0</configuration-version>
this is the mbean xml (A400Realmmbean.xml):
<?xml version="1.0" ?>
<!DOCTYPE MBeanType SYSTEM "commo.dtd">
<MBeanType Name = "AS400Realm" DisplayName = "AS400Realm"
Package = "co.com.claro.security"
Extends = "weblogic.management.security.authentication.Authenticator"
PersistPolicy = "OnUpdate"
>
<MbeanAttribute Name = "ProviderClassName" Type = "java.lang.String"
Writeable = "false"
Default =
""co.com.claro.AS400Realm""
/>
<MBeanAttribute Name = "Description" Type = "java.lang.String"
Writeable = "false" Default = ""My Identity Assertion Provider""
/>
<MBeanAttribute Name = "Version" Type = "java.lang.String"
Writeable = "false" Default = ""1.0""
/>
</MBeanType>
and the runtime class:
AS400Realm.java:
* To change this template, choose Tools | Templates
* and open the template in the editor.
package co.com.claro.security;
import java.util.HashMap;
import javax.security.auth.login.AppConfigurationEntry;
import javax.security.auth.login.AppConfigurationEntry.LoginModuleControlFlag;
import weblogic.management.security.ProviderMBean;
import weblogic.security.provider.PrincipalValidatorImpl;
import weblogic.security.spi.AuthenticationProviderV2;
import weblogic.security.spi.IdentityAsserterV2;
import weblogic.security.spi.PrincipalValidator;
import weblogic.security.spi.SecurityServices;
import weblogic.security.principal.WLSGroupImpl;
import weblogic.security.principal.WLSUserImpl;
public final class AS400Realm implements AuthenticationProviderV2
private String description;
// private SimpleSampleAuthenticatorDatabase database;
private LoginModuleControlFlag controlFlag;
// public String PARAM_JAAS_CONTEXT = "jaas-context";
// public String PARAM_DATASOURCE_NAME = "jdbc/Oracle";
// public String DEFAULT_GROUP_NAME = "default";
public void initialize(ProviderMBean mbean, SecurityServices services)
System.out.println("AS400Realm.initialize");
AS400RealmMBean myMBean = (AS400RealmMBean)mbean;
description = myMBean.getDescription() + "\n" + myMBean.getVersion();
// database = new SimpleSampleAuthenticatorDatabase(myMBean);
String flag = myMBean.getControlFlag();
if (flag.equalsIgnoreCase("REQUIRED")) {
controlFlag = LoginModuleControlFlag.REQUIRED;
} else if (flag.equalsIgnoreCase("OPTIONAL")) {
controlFlag = LoginModuleControlFlag.OPTIONAL;
} else if (flag.equalsIgnoreCase("REQUISITE")) {
controlFlag = LoginModuleControlFlag.REQUISITE;
} else if (flag.equalsIgnoreCase("SUFFICIENT")) {
controlFlag = LoginModuleControlFlag.SUFFICIENT;
} else {
throw new IllegalArgumentException("invalid flag value" + flag);
public String getDescription()
return description;
public void shutdown()
System.out.println("AS400Realm.shutdown");
private AppConfigurationEntry getConfiguration(HashMap options)
options.put("PARAM_DATASOURCE_NAME", "jdbc/Oracle");
return new
AppConfigurationEntry(
"co.com.claro.security.AS400LoginModule",
controlFlag,
options
public AppConfigurationEntry getLoginModuleConfiguration()
HashMap options = new HashMap();
return getConfiguration(options);
public AppConfigurationEntry getAssertionModuleConfiguration()
HashMap options = new HashMap();
options.put("IdentityAssertion","true");
return getConfiguration(options);
public PrincipalValidator getPrincipalValidator()
return new PrincipalValidatorImpl();
public IdentityAsserterV2 getIdentityAsserter()
return null;
AS400LoginModule.java :
* To change this template, choose Tools | Templates
* and open the template in the editor.
package co.com.claro.security;
import com.ibm.as400.access.AS400;
import java.io.IOException;
import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.util.Enumeration;
import java.util.Map;
import java.util.Vector;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.naming.Context;
import javax.naming.InitialContext;
import javax.naming.NamingException;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.LoginException;
import javax.security.auth.login.FailedLoginException;
import javax.security.auth.spi.LoginModule;
import javax.sql.DataSource;
import weblogic.security.spi.WLSGroup;
import weblogic.security.spi.WLSUser;
import weblogic.security.principal.WLSGroupImpl;
import weblogic.security.principal.WLSUserImpl;
* @author dmunoz
final public class AS400LoginModule implements LoginModule {
private Subject subject;
private CallbackHandler callbackHandler;
private String PARAM_DATASOURCE_NAME = "jdbc/Oracle";
private String DEFAULT_GROUP_NAME = "default";
// Determine whether this is a login or assert identity
private boolean isIdentityAssertion;
// Authentication status
private boolean loginSucceeded;
private boolean principalsInSubject;
private Vector principalsForSubject = new Vector();
public void initialize(Subject subject, CallbackHandler callbackHandler, Map sharedState, Map options) {
// only called (once!) after the constructor and before login
System.out.println("SimpleSampleLoginModuleImpl.initialize");
this.subject = subject;
this.callbackHandler = callbackHandler;
// Check for Identity Assertion option
isIdentityAssertion =
"true".equalsIgnoreCase((String) options.get("IdentityAssertion"));
private boolean authenticateAS400(String user, String passwd) throws Exception {
String host ="172.31.2.80";//Config.getProperty(Config.AS400_AUTHENTICATION_HOST);
AS400 as400System;
as400System = new AS400(host, user, passwd);
return as400System.validateSignon();
public boolean login() throws LoginException {
// only called (once!) after initialize
System.out.println("SimpleSampleLoginModuleImpl.login");
// loginSucceeded should be false
// principalsInSubject should be false
Callback[] callbacks = getCallbacks();
String userName = getUserName(callbacks);
if (userName.length() > 0) {
if (!isIdentityAssertion) {
String passwordHave = getPasswordHave(userName, callbacks);
try{
loginSucceeded = authenticateAS400(userName, passwordHave);
}catch(Exception e){
Logger.getLogger(AS400LoginModule.class.getName()).log(Level.WARNING, null, e);
throw new LoginException(e.getMessage());
} else {
// anonymous login - let it through?
System.out.println("\tempty userName");
if (loginSucceeded) {
principalsForSubject.add(new WLSUserImpl(userName));
addGroupsForSubject(userName);
return loginSucceeded;
public boolean commit() throws LoginException {
// only called (once!) after login
// loginSucceeded should be true or false
// principalsInSubject should be false
// user should be null if !loginSucceeded, null or not-null otherwise
// group should be null if user == null, null or not-null otherwise
System.out.println("SimpleSampleLoginModule.commit");
if (loginSucceeded) {
subject.getPrincipals().addAll(principalsForSubject);
principalsInSubject = true;
return true;
} else {
return false;
public boolean abort() throws LoginException {
// The abort method is called to abort the authentication process. This is
// phase 2 of authentication when phase 1 fails. It is called if the
// LoginContext's overall authentication failed.
// loginSucceeded should be true or false
// user should be null if !loginSucceeded, otherwise null or not-null
// group should be null if user == null, otherwise null or not-null
// principalsInSubject should be false if user is null, otherwise true
// or false
System.out.println("SimpleSampleLoginModule.abort");
if (principalsInSubject) {
subject.getPrincipals().removeAll(principalsForSubject);
principalsInSubject = false;
return true;
public boolean logout() throws LoginException {
// should never be called
System.out.println("SimpleSampleLoginModule.logout");
return true;
private void throwLoginException(String msg) throws LoginException {
System.out.println("Throwing LoginException(" + msg + ")");
throw new LoginException(msg);
private void throwFailedLoginException(String msg) throws FailedLoginException {
System.out.println("Throwing FailedLoginException(" + msg + ")");
throw new FailedLoginException(msg);
private Callback[] getCallbacks() throws LoginException {
if (callbackHandler == null) {
throwLoginException("No CallbackHandler Specified");
Callback[] callbacks;
if (isIdentityAssertion) {
callbacks = new Callback[1];
} else {
callbacks = new Callback[2];
callbacks[1] = new PasswordCallback("password: ", false);
callbacks[0] = new NameCallback("username: ");
try {
callbackHandler.handle(callbacks);
} catch (IOException e) {
throw new LoginException(e.toString());
} catch (UnsupportedCallbackException e) {
throwLoginException(e.toString() + " " + e.getCallback().toString());
return callbacks;
private String getUserName(Callback[] callbacks) throws LoginException {
String userName = ((NameCallback) callbacks[0]).getName();
if (userName == null) {
throwLoginException("Username not supplied.");
System.out.println("\tuserName\t= " + userName);
return userName;
private void addGroupsForSubject(String userName) {
try {
for (Enumeration e = getGroupNamesAS400(userName);
e.hasMoreElements();) {
String groupName = (String) e.nextElement();
System.out.println("\tgroupName\t= " + groupName);
principalsForSubject.add(new WLSGroupImpl(groupName));
} catch (Exception ex) {
Logger.getLogger(AS400LoginModule.class.getName()).log(Level.SEVERE, null, ex);
public Enumeration getGroupNamesAS400(String usuario)
throws Exception {
if(usuario == null) {
throw new Exception("Usuario no puede ser vacio");
Vector<String> grupos = new Vector<String>();
grupos.add(DEFAULT_GROUP_NAME);
Connection conn = null;
ResultSet rs = null;
PreparedStatement statement = null;
try {
Context c = new InitialContext();
DataSource dst = (DataSource) c.lookup(PARAM_DATASOURCE_NAME);
conn = dst.getConnection();
String query = "SELECT COD_ROL AS ROL " +
"FROM gestionnew.us_rol_perfil " +
"JOIN gestionnew.usuarios " +
"ON us_rol_perfil.id_perfil = usuarios.id_perfil " +
"WHERE upper(usuarios.usuariorr) = ?";
statement = conn.prepareStatement(query);
statement.setString(1, usuario.toUpperCase());
rs = statement.executeQuery();
while (rs.next()) {
grupos.add(rs.getString("ROL"));
} catch (SQLException ex) {
Logger.getLogger(AS400LoginModule.class.getName()).log(Level.SEVERE, null, ex);
} catch (NamingException ex) {
Logger.getLogger(AS400LoginModule.class.getName()).log(Level.SEVERE, null, ex);
} finally {
if (conn != null) {
try {
conn.close();
} catch (SQLException ex) {
Logger.getLogger(AS400LoginModule.class.getName()).log(Level.SEVERE, null, ex);
if (rs != null) {
try {
rs.close();
} catch (SQLException ex) {
Logger.getLogger(AS400LoginModule.class.getName()).log(Level.SEVERE, null, ex);
if (statement != null) {
try {
statement.close();
} catch (SQLException ex) {
Logger.getLogger(AS400LoginModule.class.getName()).log(Level.SEVERE, null, ex);
return grupos.elements();
private String getPasswordHave(String userName, Callback[] callbacks) throws
LoginException {
PasswordCallback passwordCallback = (PasswordCallback) callbacks[1];
char[] password = passwordCallback.getPassword();
passwordCallback.clearPassword();
if (password == null || password.length < 1) {
throwLoginException("Authentication Failed: User " + userName +
". Password not supplied");
String passwd = new String(password);
System.out.println("\tpasswordHave\t= " + passwd);
return passwd;
thanks -
Uploading Security profiles & Security rights using sourcing Workbook
I am trying to use workbook to upload Security profiles & Security rights, and finding it difficult to get the "Resource" field mapping attributes in "eso_security_profiles" tab of the workbook. Is there a reference sheet for this, or a place from where I can map the display names with resource.
Example: If I want update the security rights for Currency attribute with in Master Data under Security Rights tab, we need to use "masterdata.Currency" in "Resource" field of "eso_security_profiles" tab in the workbook. similarly from where can we get the entire list of attributes and thier Resource.Hi,
When I take the download from localized resources (*.class_name), inorder to map the display security attributes to "Resource" in workbook, I am still unable to find the Resource for few attributes like..below..
Queued Messages
User Impersonation For Buyer
User Impersonation For Seller
Cache Configuration
Cluster Configuration
Daemon Alerts.....
and there are many more for which I dont have a match. Please suggest if there are any tips or considerations that we can help while trying to achieve this.
Thanks in advance.
Vinod. -
Netscape.security.AppletSecurityException: security.member access
Hi,
I have a jarred applet. Netscape4.7 reads it fine.
There is a class in the jarred file, that reads in a property file
from the server and populates some public fields in that same class.
And to do this, i have tried using reflection - the getFields/getDeclaredFields methods
of the 'Class' class. I get the following:
netscape.security.AppletSecurityException: security.member access
at java.lang.Throwable.<init>(Compiled Code)
at java.lang.Exception.<init>(Compiled Code)
at java.lang.RuntimeException.<init>(Compiled Code)
at java.lang.SecurityException.<init>(Compiled Code)
at netscape.security.AppletSecurityException.<init>(Compiled Code)
at netscape.security.AppletSecurityException.<init>(Compiled Code)
at netscape.security.AppletSecurity.checkMemberAccess(Compiled Code)
at netscape.security.AppletSecurity.checkMemberAccess(Compiled Code)
at java.lang.Class.checkMemberAccess(Compiled Code)
* at java.lang.Class.getDeclaredFields(Compiled Code)
I have used reflection in the main applet class of the jarred file,
(getDeclaredMethods/getMethods) and it works fine.
I was thinking that if the browser loads a class from over the
network, then it would atleast allow that class to perform reflection
on itself, if not on other classes.
Can anyone please enlighten me please ?
Thanks,
-r:)I got the solution, I thought I tried it with getFields,
but seems like i did not. The applet works with
getFields, and hence solves my problem.
Thanks all.
-r:)
Hi,
I have a jarred applet. Netscape4.7 reads it fine.
There is a class in the jarred file, that reads in a
property file
from the server and populates some public fields in
that same class.
And to do this, i have tried using reflection - the
getFields/getDeclaredFields methods
of the 'Class' class. I get the following:
netscape.security.AppletSecurityException:
security.member access
at java.lang.Throwable.<init>(Compiled Code)
at java.lang.Exception.<init>(Compiled Code)
at java.lang.RuntimeException.<init>(Compiled
d Code)
at java.lang.SecurityException.<init>(Compiled
d Code)
at
t
netscape.security.AppletSecurityException.<init>(Compil
d Code)
at
t
netscape.security.AppletSecurityException.<init>(Compil
d Code)
at
t
netscape.security.AppletSecurity.checkMemberAccess(Comp
led Code)
at
t
netscape.security.AppletSecurity.checkMemberAccess(Comp
led Code)
at java.lang.Class.checkMemberAccess(Compiled
d Code)
* at java.lang.Class.getDeclaredFields(Compiled Code)
I have used reflection in the main applet class of the
jarred file,
(getDeclaredMethods/getMethods) and it works fine.
I was thinking that if the browser loads a class from
over the
network, then it would atleast allow that class to
perform reflection
on itself, if not on other classes.
Can anyone please enlighten me please ?
Thanks,
-r:) -
IPhone iPhone SDK (build 9M2199a, beta 8) Security.h Security-Framework
Hi!
I've downloaded and installed the iPhone SDK (build 9M2199a, beta 8).
Now, i'm trying to write code to use the Keychain in iPhone but "SecItem.h" in "Security.h" (Security-Framework) is missing so the Attributes (kSecClass, ...) can't be found and the code doesn't compile.
Where i can get it ?
Thanks for help.
Message was edited by: iPhoneProjI had the same issue. The security code seem to only work if you build for Device|Debug. You can't run the code in the simulator.
-
my friend has found he has, since 2006, accumulated multiple apple ids. he's very concerned about icloud security – and security in general, having had his pc hacked repeatedly. how can he permanently delete the extra, apple ids, please? Thanks.
Hello, windypinesands.
Thank you for visiting Apple Support Communities.
If your friend is concerned with the security of his Apple ID or iCloud account, I would recommend reaching out to our Apple ID Account Security team to assist him with this issue.
Apple ID: Contacting Apple for help with Apple ID account security
http://support.apple.com/kb/HT5699
Cheers,
Jason H. -
just updated to IOS7 now Ipad is stuck at Apple ID security, add security questions, what now??
add your security questions. if its asking you for them, rather then set them up, then reset them using appleid.apple.com
-
Deployment des F-Secure Client Security 11.06
Guten Morgen bei der Installation der F-Secure Client Security 11.06 build 284 versucht der Installer das Cloudflare Netzwerk zu erreichen, ich vermute mal zum Hash Check ob es keine korrupte Installation ist. Grundsätzlich ist dagegen ja nichts einzuwenden, leider geht das Programm aber nicht über den Proxy, sondern versucht direkt raus zu gehen und hängt somit in der Firewall fest. Die Installation dauert somit ca 30 Minuten, da erst nach 20-25 Minuten ein Timeout erfolgt, und das Programm ohne das Cloudflare Netzwerk zu erreichen installiert. Hat jemand ähnliche Erfahrungen? Mache ich was falsch? Muss man beim erstellen der Installations.exe was beachten? Lokal ist der Proxy im Internetexplorer gesetzt. Danke schon im Vorfeld! Sollte ich im falschen Unterforum sein, bitte verschieben
Hallo David715, hast du ein http-Proxy in Einsatz? Wenn ja, hast du dieses im Policy Manager hinterlegt?Leider haben wir nicht ähnliche Erfahrungen.Leider können wir nicht sagen ob du was falsch macht.In diesem Fall, würde ich dich bitten unseren Kundensupport Telefonisch oder über unser Formular zu kontaktieren, damit wir das Problem lösen können. Ciao rioda
-
F-Secure Client Security missing
Hello all
F-Secure Client Security ver. 9.0 is missing from the Discovered Product list. The product appeared on the list up to ver. 7.9, after that no sign of it. Have anyone else experienced the same ?
Is F-Secure definition missing in the PRU, or is there anything else that causes this ?
Thank you in advance for all answers.
KjellSivOriginally Posted by KjellSiv
I forgot to tell what version we have:
ZCM: 10.3.0.0
ZAM: 10.3.0.53910
ZPM: 10.3.0.31
Jan 2010 PRU
KjellSiv
These F-secure products are available in the newest PRU:
F-Secure F-Secure Anti-Virus 2003 [+Definition Files, +Virus Engine]
F-Secure F-Secure Anti-Virus 2004 [+Definition Files, +Virus Engine]
F-Secure F-Secure Anti-Virus 2005 [+Definition Files, +Virus Engine]
F-Secure F-Secure Anti-Virus 2006 [+Definition Files, +Virus Engine, +Spy Defs]
F-Secure F-Secure Anti-Virus 2008 [+Definition Files, +Virus Engine, +Spy Defs]
F-Secure F-Secure Anti-Virus 2009 [+Definition Files, +Virus Engine]
F-Secure F-Secure Anti-Virus 5.xx [+Definition Files, +Virus Engine]
F-Secure F-Secure Anti-Virus 7.x [+Definition Files, +Virus Engine]
F-Secure F-Secure Anti-Virus Client Security 5.5 [+Definition Files, +Virus Engine]
F-Secure F-Secure Anti-Virus Client Security 6.0 [+Definition Files, +Virus Engine, +Spy Defs]
F-Secure F-Secure Anti-Virus for Citrix Servers 5.5 [+Definition Files, +Virus Engine]
F-Secure F-Secure Anti-Virus for MIMEsweeper 5.5 [+Definition Files, +Virus Engine]
F-Secure F-Secure Anti-Virus for Win. Srvrs 5.41 [+Definition Files, +Virus Engine]
F-Secure F-Secure Anti-Virus for Windows Servers 5.5 [+Definition Files, +Virus Engine]
F-Secure F-Secure Anti-Virus for Windows Servers 7.0 [+Definition Files, +Virus Engine]
F-Secure F-Secure Anti-Virus for Wkstns 5.41 [+Definition Files, +Virus Engine]
F-Secure F-Secure Anti-Virus for Workstations 5.43 [+Definition Files, +Virus Engine]
F-Secure F-Secure AV for Internet Gateways 6.x
F-Secure F-Secure AV for Internet Mail 6.x
F-Secure F-Secure BackWeb 6.x
F-Secure F-Secure Certificate Wizard 5.x
F-Secure F-Secure Client Security 7.x [+Definition Files, +Virus Engine, +Spy Defs]
F-Secure F-Secure Content Scanner Server 6.x [+Definition Files, +Virus Engine]
F-Secure F-Secure Distributed Firewall 5.x
F-Secure F-Secure FileCrypto 5.xx
F-Secure F-Secure FileCrypto Master Key Wiz. 5.x
F-Secure F-Secure Internet Gatekeeper 6.3 [+Definition Files, +Virus Engine]
F-Secure F-Secure Internet Gatekeeper 6.42 [+Definition Files, +Virus Engine]
F-Secure F-Secure Internet Gatekeeper 6.5 [+Definition Files, +Virus Engine]
F-Secure F-Secure Internet Security 2003 [+Definition Files, +Virus Engine]
F-Secure F-Secure Internet Security 2004 [+Definition Files, +Virus Engine]
F-Secure F-Secure Internet Security 2005 [+Definition Files, +Virus Engine]
F-Secure F-Secure Internet Security 2006 [+Definition Files, +Virus Engine, +Spy Defs]
F-Secure F-Secure Internet Security 2008 [+Definition Files, +Virus Engine, +Spy Defs]
F-Secure F-Secure Internet Security 2009 [+Definition Files, +Virus Engine]
F-Secure F-Secure Management Agent 4.5
F-Secure F-Secure Management Agent 5.x
F-Secure F-Secure Management Agent 7.x
F-Secure F-Secure Personal Express 6.0 [+Definition Files, +Virus Engine]
F-Secure F-Secure Policy Manager Console 5.xx
F-Secure F-Secure Policy Manager Console 6.x
F-Secure F-Secure Policy Manager Console 7
F-Secure F-Secure Policy Manager Server 5.xx
F-Secure F-Secure Policy Manager Server 6.x
F-Secure F-Secure Policy Manager Server 7
F-Secure F-Secure SSH Client 4.3
F-Secure F-Secure SSH Client 5.x
F-Secure F-Secure SSH Server 5.x
Maybe apply the latest PRU and see if it solves the problem?
Thomas -
Is there a version of F-Secure Linux Security for home users?
Will there be a Linux service anytime soon ?
-
Dynamic security using Security table in SSAS Tabular model
Hi,
Platform : SSAS Tabular model (VS 2010)
I need to apply Dynamic security using Security table(manually created) in Tabular model, Need to apply filter for 2 tables. I am able to
create roles in Tabular model using USERNAME() and LOOKUP() function it worked fine. But the problem is when i am trying to give full access for a particular column and limit the access in other column, it is not working properly.
Please find below table and guide me where i am falling short. In the Security table wherever you find ALL it means full access.
Security table
Login Name
Dim_Country
Dim_Customer
DOMAIN\User1
ALL
2
User1 should see all countries but Only 2,4 Customers
DOMAIN\User1
ALL
4
DOMAIN\User2
2
ALL
User2 should see all customers but Only 2,3 countries
DOMAIN\User2
3
ALL
DOMAIN\User3
ALL
ALL
User3 should see all Customers and Countries
DOMAIN\User4
1
3
User4 should see 1 Country and 3 Customer
ALL - means NO restriction
Numeric values indicate the Dimension IDs
Do let me know if further explanations required.
Thanks,
SundarHi Sundar,
According to your description, you want to implement dynamic security using Security table in SQL Server Analysis Services Tabular model, right?
It is very common to have data security implementation in BI projects either at databases or Cubes and sometimes this security implementation and maintenance goes out of control due to the dynamic flow of business information. Here are some links which describe
dynamic security implementation at SSAS tabular model using an external security table, please see:
http://bipassion.wordpress.com/2012/10/01/ssas-tabular-dynamic-security/
http://www.bidn.com/blogs/ChrisSchmidt/ssas/4332/dynamic-security-in-tabular
Regards,
Charlie Liao
TechNet Community Support -
Hello folks,
I am building custom reports in RPM to display ARM data but am struggling to get a security label assigned to the reports.
In the standard reports the security label changes according to the risks inputted but I can't see the wood for the trees in the expression used!
Any hints or tips?
Many thanks,
ChristianHi sea_lene,
In Reporting Services, each subreport instance is a separate query execution and a separate report processing task. So it the performance should be an issue. To improve the performance, we can consider changing the dataset query in the main report by using
one of the following mitigation strategies:
Collect data in a data warehouse and use the data warehouse as a data source for a single dataset.
Use SQL Server linked servers and write a query that retrieves data from multiple databases.
Use the OPEN ROWSET capability to specify different databases.
References:
Troubleshooting Reports: Report Performance
More tips to improve performance of SSRS reports
Hope this helps.
Thanks,
Katherine Xiong
Katherine Xiong
TechNet Community Support
Maybe you are looking for
-
How to hide fields using java script
Hi, I have some fields in my form that I want to hide on click of one checkbox. I have added the javascript into click event(change event also) of check box when previewing in the Adobe LiveCycle Designer, the fields are hidden successfully when I se
-
i have tried re installing itunes several times but this keeps happening.
-
X79A-GD65 8D - Booting problem
Sorry for the old bump, but any follow up solution that you got working?
-
Hp dv6, boot mngr missing, no recovery disk
I bought a dv6 from US and did not get a recovery disk along with it. Tried downloading a java software and it started hanging and all applications were meessing up, even norton stopped responding. have windows 7 that came installed from factory and
-
Error while uploading supplier catalog
Hi, We have CCM release 200_700 with support package SAPK-27004INCCM. While uploading supplier catalog, we get the following errors. Any suggestions please. Value assignment not valid for characteristic /CCM/ORIG_CATALOG_ID - char. was not assigned