OpenSSO uses Directory Manager as default dn
Hi,
We're trying to integrate OpenSSO with 11G DS, however the issue is that OpenSSO uses Directory Manager as default dn. We're not comfortable doing it as we would not be able to distinguish who executed the problematic command. Usually only support personals are allowed to use DM.
Does anyone has workaround on this? Any Suggestions!
Thanks !
We opened up an Oracle case, Engineer initially replied that changing the bind dn was not possible (even though the doc seemed to indicate that it was). After reading the engineer's email comments, (he said he had tested); I replied that I did not believe that his testing process was valid.
Please let me know if there is a link, or something so that we can test in our environment. Surely, we would like Oracle approval on this before moving ahead.
Thanks a lot for all your responses.
Similar Messages
-
Unable to mail-enable a document library when using Directory Management Service in SharePoint 2013
I'm not able to mail-enable a library document while Directory Management Service is enabled. This behavior only happens when Directory Management Service is turned on.
Correlation ID: a8c7b29c-d193-90b5-ae14-64cd1143445f
Note that I have the OU created and permissions setup properly according to MS official documentation.Hi,
According to your post, my understanding is that you failed to mail-enable a library document while Directory Management Service is enabled.
Please make sure you configure the incoming email correctly.
For more information, you can refer to:
https://hosting.intermedia.net/support/kb/default.asp?id=2439
http://davecoleman146.com/2010/10/20/how-to-setup-mail-enabled-document-libraries-in-sharepoint-2010-part-1/
If so and the error message persists, please check the SharePoint ULS log to find more information about this error, the ULS log file is in the location: C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\15\LOGS
You can check the ULS log by the methods here:
http://blog.credera.com/technology-insights/microsoft-solutions/troubleshooting-sharepoint-errors/
Best Regards,
Linda Li
Linda Li
TechNet Community Support -
When to use directory management service in SharePoint incoming email configuration and what would be the disadvantage if I do not use it.
http://technet.microsoft.com/en-us/library/cc263260%28v=office.15%29.aspx#section2
It allows you to create distribution groups from SharePoint. If you don't enable it then you won't be able to do that. -
Disable directory lookup using skype manager
Is there a way to disable Skype directory search using Skype Manager?
Thank you!According to the Administrator Guide, there is a way to restrict importing of contacts; you can research further here:
https://support.skype.com/resources/sites/SKYPE/content/live/DOCUMENTS/0/DO5/en_US/skype-it-administ...
I do not know of a way in Skype Manager to block a user affiliated with a Skype Manager profile from searching the Skype directory for other Skype users.
Here's a link to the Skype Manager User Guide so it's handy:
http://www.skype.com/go/business.guides.manager.user.guide
Was your question answered? Please click on the Accept as a Solution link so everyone can quickly find what works! Like a post or want to say, "Thank You" - ?? Click on the Kudos button!
Trustworthy information: Brian Krebs: 3 Basic Rules for Online Safety and Consumer Reports: Guide to Internet Security Online Safety Tip: Change your passwords often! -
Use Profile Manager to configure 802.1x authentication to Active Directory
I have an OS X Lion Server running profile manager, and I want to authenticate Macs against Active Directory. My test machine is running Lion as well.
If I configure the profile to for WPA/WPA2 Enterprise security type and PEAP protocol with a generic user name and password with explicit access on the RADIUS server, the machine can get on the 802.1x network
If I configure the profile to "Use as a Login Window configuration", the machine can get on the 802.1x network after entering the user name and password of an authorized RADIUS user.
Here's my problem:
I want to enable authentication for machines that are members of the Active Directory domain, but when I use the "Use Directory Authentication" option to authenticate with the target machine's directory credentials, the machine does not connect to my 802.1x network.
Any thoughts?
Thanks!!!!I'm trying to do the same thing, but I'm using Mountain Lion Profile Manager. If I can't get this to work I'm going to try SCEP and certificate authentication.
-
Unable to start Manager server using Node Manager
Hi,
I have deployed Admin server in one of my unix machine(machine1) and i able to start my Admin server using node manager, and when i try to start my Managed server in another machine(machine2) using the node manager(that machine node manager) its throwing error;
Note: am able to start Managed server using Adminurl and able to connect to Managed server node manager successfully,
but not able to start Managed server using node manager
its giving exception as below;
error:- wls:/nm/webdomain> nmStart('ms1')
Starting server ms1 ...
Error Starting server ms1: weblogic.nodemanager.NMException: Exception while starting server 'ms1'
Managed server log: -
<Dec 13, 2011 3:40:17 PM> <INFO> <NodeManager> <Working directory is '/root/Oracle/Middleware/user_projects/domains/webdomain'>
[root@LinuxVM ~]# cat /root/Oracle/Middleware/user_projects/domains/webdomain/servers/ms1/logs/ms1.out00071
<Dec 13, 2011 3:40:17 PM> <INFO> <NodeManager> <Starting WebLogic server with command line: /root/Oracle/Middleware/jrockit_160_24_D1.1.2-4/jre/bin/java -Dweblogic.Name=ms1 -Dbea.home=/root/Oracle/Middleware -Djava.security.policy=/root/Oracle/Middleware/wlserver_10.3/server/lib/weblogic.policy -Djava.library.path="/root/Oracle/Middleware/jrockit_160_24_D1.1.2-4/jre/lib/i386/jrockit:/root/Oracle/Middleware/jrockit_160_24_D1.1.2-4/jre/lib/i386:/root/Oracle/Middleware/jrockit_160_24_D1.1.2-4/jre/../lib/i386:/root/Oracle/Middleware/patch_wls1035/profiles/default/native:/root/Oracle/Middleware/patch_ocp360/profiles/default/native:/root/Oracle/Middleware/wlserver_10.3/server/native/linux/i686:/root/Oracle/Middleware/wlserver_10.3/server/native/linux/i686/oci920_8" -Djava.class.path=/root/Oracle/Middleware/patch_wls1035/profiles/default/sys_manifest_classpath/weblogic_patch.jar:/root/Oracle/Middleware/patch_ocp360/profiles/default/sys_manifest_classpath/weblogic_patch.jar:/root/Oracle/Middleware/jrockit_160_24_D1.1.2-4/lib/tools.jar:/root/Oracle/Middleware/wlserver_10.3/server/lib/weblogic_sp.jar:/root/Oracle/Middleware/wlserver_10.3/server/lib/weblogic.jar:/root/Oracle/Middleware/modules/features/weblogic.server.modules_10.3.5.0.jar:/root/Oracle/Middleware/wlserver_10.3/server/lib/webservices.jar:/root/Oracle/Middleware/modules/org.apache.ant_1.7.1/lib/ant-all.jar:/root/Oracle/Middleware/modules/net.sf.antcontrib_1.1.0.0_1-0b2/lib/ant-contrib.jar::/root/Oracle/Middleware -Dweblogic.system.BootIdentityFile=/root/Oracle/Middleware/user_projects/domains/webdomain/servers/ms1/data/nodemanager/boot.properties -Dweblogic.nodemanager.ServiceEnabled=true weblogic.Server >
<Dec 13, 2011 3:40:17 PM> <INFO> <NodeManager> <Working directory is '/root/Oracle/Middleware/user_projects/domains/webdomain'>
Nodemanager log:
<Dec 13, 2011 3:40:17 PM> <INFO> <webdomain> <ms1> <Rotated server output log to "/root/Oracle/Middleware/user_projects/domains/webdomain/servers/ms1/logs/ms1.out00070">
<Dec 13, 2011 3:40:17 PM> <INFO> <webdomain> <ms1> <Server error log also redirected to server log>
<Dec 13, 2011 3:40:17 PM> <INFO> <webdomain> <ms1> <Starting WebLogic server with command line: /root/Oracle/Middleware/jrockit_160_24_D1.1.2-4/jre/bin/java -Dweblogic.Name=ms1 -Dbea.home=/root/Oracle/Middleware -Djava.security.policy=/root/Oracle/Middleware/wlserver_10.3/server/lib/weblogic.policy -Djava.library.path="/root/Oracle/Middleware/jrockit_160_24_D1.1.2-4/jre/lib/i386/jrockit:/root/Oracle/Middleware/jrockit_160_24_D1.1.2-4/jre/lib/i386:/root/Oracle/Middleware/jrockit_160_24_D1.1.2-4/jre/../lib/i386:/root/Oracle/Middleware/patch_wls1035/profiles/default/native:/root/Oracle/Middleware/patch_ocp360/profiles/default/native:/root/Oracle/Middleware/wlserver_10.3/server/native/linux/i686:/root/Oracle/Middleware/wlserver_10.3/server/native/linux/i686/oci920_8" -Djava.class.path=/root/Oracle/Middleware/patch_wls1035/profiles/default/sys_manifest_classpath/weblogic_patch.jar:/root/Oracle/Middleware/patch_ocp360/profiles/default/sys_manifest_classpath/weblogic_patch.jar:/root/Oracle/Middleware/jrockit_160_24_D1.1.2-4/lib/tools.jar:/root/Oracle/Middleware/wlserver_10.3/server/lib/weblogic_sp.jar:/root/Oracle/Middleware/wlserver_10.3/server/lib/weblogic.jar:/root/Oracle/Middleware/modules/features/weblogic.server.modules_10.3.5.0.jar:/root/Oracle/Middleware/wlserver_10.3/server/lib/webservices.jar:/root/Oracle/Middleware/modules/org.apache.ant_1.7.1/lib/ant-all.jar:/root/Oracle/Middleware/modules/net.sf.antcontrib_1.1.0.0_1-0b2/lib/ant-contrib.jar::/root/Oracle/Middleware -Dweblogic.system.BootIdentityFile=/root/Oracle/Middleware/user_projects/domains/webdomain/servers/ms1/data/nodemanager/boot.properties -Dweblogic.nodemanager.ServiceEnabled=true weblogic.Server >
<Dec 13, 2011 3:40:17 PM> <INFO> <webdomain> <ms1> <Working directory is '/root/Oracle/Middleware/user_projects/domains/webdomain'>
<Dec 13, 2011 3:40:17 PM> <INFO> <webdomain> <ms1> <Rotated server output log to "/root/Oracle/Middleware/user_projects/domains/webdomain/servers/ms1/logs/ms1.out00071">
<Dec 13, 2011 3:40:17 PM> <INFO> <webdomain> <ms1> <Server error log also redirected to server log>
<Dec 13, 2011 3:40:17 PM> <INFO> <webdomain> <ms1> <Server output log file is '/root/Oracle/Middleware/user_projects/domains/webdomain/servers/ms1/logs/ms1.out'>
<Dec 13, 2011 3:40:26 PM> <INFO> <webdomain> <ms1> <Server failed during startup so will not be restarted>
<Dec 13, 2011 3:40:26 PM> <WARNING> <Exception while starting server 'ms1'>
java.io.IOException: Server failed to start up. See server output log for more details.
at weblogic.nodemanager.server.AbstractServerManager.start(AbstractServerManager.java:200)
at weblogic.nodemanager.server.ServerManager.start(ServerManager.java:23)
at weblogic.nodemanager.server.Handler.handleStart(Handler.java:604)
at weblogic.nodemanager.server.Handler.handleCommand(Handler.java:119)
at weblogic.nodemanager.server.Handler.run(Handler.java:71)
at java.lang.Thread.run(Thread.java:662)You can start a managed server as follows:
print 'START NODE MANAGER';
startNodeManager(verbose='true', NodeManagerHome=nodemanagerhomelocation, ListenPort='5556', ListenAddress='localhost');
print 'CONNECT TO NODE MANAGER';
nmConnect(adminusername, adminpassword, 'localhost', '5556', domainname, domainlocation, 'ssl');
print 'START ADMIN SERVER';
nmStart('AdminServer');
nmServerStatus('AdminServer');
print 'CONNECT TO ADMIN SERVER';
connect(adminusername, adminpassword);
print 'START MANAGED SERVER';
start('VideotheekWebServer','Server');
nmServerStatus('VideotheekWebServer');
print 'START CLUSTER';
start('VideotheekCluster','Cluster');
nmServerStatus('VideotheekServer1');
nmServerStatus('VideotheekServer2');JVM properties are set using the admin console and edit the startup properties of your managed server (configuration, server start).
The properties file (startup.properties) is saved in the directory <domain-home>/servers/<server-name>/data/nodemanager. -
Path problem when use node manager to start Managed Server
Hi, I have met a problem:
My managed server's root directory is /usr/local/bea/cluster1/usr_projects/mydomain
My Node Manager 's default directory is /usr/local/bea/cluster1/weblogic700/common/nodemanager
I have some config file located under managed server's root directory and log
file is also should be generated in managed server's root directory.
But when I try to use node manager to startup/shutdown the Managed Server, I found
weblogic can not find the config file if I don't move the config file from Managed
server's root directory to node manager server's default directory. and also log
file was created under node manager's default directory.
It seems that managed server's default directory has been changed to node manager's
default directory.
What shall I do if I want Managed Server's default directory to be kept?Hi Lumin,
If the weblogic version is 8.1, there is a RootDirectory field in Remote
Start tab which should resolve your problem. Just enter the absolute
directory pathname on the machine where you are starting your managed server
and the current working directory of the managed server will be this
RootDirectory. Before 8.1, the RootDirectory was used for finding the config
file for weblogic but it was never used to change the working directory of
the managed server created by the node manager.
cheers,
gaurav.
"lumin" <[email protected]> wrote in message
news:3eb7a4ae$[email protected]..
>
Hi, I have met a problem:
My managed server's root directory is/usr/local/bea/cluster1/usr_projects/mydomain
My Node Manager 's default directory is/usr/local/bea/cluster1/weblogic700/common/nodemanager
>
I have some config file located under managed server's root directory andlog
file is also should be generated in managed server's root directory.
But when I try to use node manager to startup/shutdown the Managed Server,I found
weblogic can not find the config file if I don't move the config file fromManaged
server's root directory to node manager server's default directory. andalso log
file was created under node manager's default directory.
It seems that managed server's default directory has been changed to nodemanager's
default directory.
What shall I do if I want Managed Server's default directory to be kept? -
Directory manager resource question
Folks,
On page 273 on the Iplanet DS Admin Guide it says that the directory manager receives unlimited resources by default. Using Dirsync, I get limits on look throughs and size limits. Also, from the console, the DM can only display 5000 entries (is this a console limitation???).
Is this correct? If so, then why do dirsyncs fail to the message server fail unless I up those limits?
thanks,
keithI was wrong. It is not the directory manager but some guy named:
uid=msg-admin-wip.acu.edu-20030205161045, ou=People, o=<mail domain>, o=<mailhead>,dc=<school>,dc=edu
Once I fixed this entry's nsLookThroughLimit and nsSizeLimit and reset the defaults to 5000 and 200 respectively, dirsync still works.
I found this out only by searching through the ldap logs for who was connecting.
thanks and sorry,
keith -
Publishing Output of FSG Reports into Custom Directory instead of defaults
Hello,
We have a requirement of publishing the output of FSG Reports into a custom directory/network directory instead of default database directory. We are using report manager.
Please help !
Thx/Faisal Ahmad
Edited by: Faisal Ahmad on Apr 18, 2013 10:49 PMOh.. i thought you will hit here at last. But finding the path of the EXE every time in the client PC is not a suitable solution. So we cant hardcode the EXE path also.
But even here, we can handle in 2 ways.
1) Putting the EXE in the PATH variable of the SYSTEM
2) Finding the EXE path by reading the REGSITRY of the client PC.
But our current standards doesnt allows us to take either of this. Because we arent allowed to use HOST commands from the front end.
Anything else we can do to achieve apart from what i have said before
Many thanks for your participation and prompt replies.
Guru -
Error trying to log into Oracle Directory Manager
I am receiving an error message when I try to log into Oracle Directory Manager. This is the first time I am trying to log in, I am trying to login with the username cn=orcladmin, and with the password welcome, which is the default. I then receive the error message "Server is not up and running". I thought I started an OID instance with oidctl.
I am running on w2k.
I am using the default port 389, at least thats what I accepted while installing the infrastructre.
Any advise?From the main page for this forum (http://forums.adobe.com/community/creative_cloud) please see the announcement.
Creative Cloud is experiencing issues at this time. We are investigating and working to restore service as soon as possible. This post will be removed once the issue is solved. -
Hi,
after reading many Posts and Blogs i came to the conclusion that it is still unclear to me what is needed to Monitor Active Directory successfully and what is the securest way configuring the RunAs or Action Account. I hope the experts here can make a clear
Statement to answer the question for all time ;-)
1. Action Account:
Here is described what permissions and rights are needed to use a low-privileged account:
https://technet.microsoft.com/en-us/library/hh212808.aspx
Now you might say: that was asked and answered so many times..you are right, but the answer was from run as "local System" to "you Need local admin". So also the AD MP documentation still says you Need a local Admin account.
here are other references which says you Need local admin rights:
http://micloud.azurewebsites.net//2014/02/26/scom-agent-grayed-out-when-trying-to-monitor-domain-controllers/
Even Kevin Holman says here
https://social.technet.microsoft.com/Forums/systemcenter/en-US/2a0e5a2b-a3d9-42d4-8474-9f690007caa0/opsmgrlatency-cn-gets-auto-created-in-domain-not-configuration:
"Basically - if your domain controllers are running as local system default agent action account, in most cases you will not need to ever set up any replication monitoring run-as accounts.... as local system on a DC has all the rights necessary.
(in most cases).
"Simple questions: Is this really enought to Monitor every aspect of an ActiveDirectory Domain and Domain Controller using a low privilege account the the permissions in the article? Or is using local System better? Is there a difference when
using SCOM2012R2 with the new Agent? Most documentation referes to SCOM2007(except the replication Monitoring where it is clear that other permissions are needed:
http://blogs.technet.com/b/jimmyharper/archive/2009/05/20/configuring-or-disabling-replication-monitoring-in-the-active-directory-management-pack.aspx )The MP guide is not really clear about it. The only thing they are clear about is whenever you want to use client monitoring. In those situations low privileged will not work.
For each of the client-side monitoring scripts to run successfully, the
Action Account must be a member of the Administrators group on both the computer
on which the client management pack is running and the domain controller that is being monitored. The
Action Account must also be a member of the
Operations Manager Administrators group, which is configured through the Operations console in so that all the scripts that are configured on the Root Management Server can run properly
Both a local system and domain admin are a risk. If someone loads a malicious management pack that makes changes to the AD services you are screwed. The local system has unrestricted access to local resources including domain services.
The only reason I don't want a domain admin account in SCOM is that you have an additional layer where the password potentially could be retrieved. That's not the case with a local system account. But the risks are the same.
See: https://msdn.microsoft.com/en-us/library/ms677973%28v=vs.85%29.aspx
But this not an answer to your question. :-) -
Problem using extension manager CS5 with command line
Hi All,
I had posted my question here : http://forums.adobe.com/message/4695419#4695419, but was advised to do so here as well..
I have a requirement to get the path of all the installed Extension Managers on any Windows system for the purpose of installing an extension.. I thought, there would be no problem in getting the path from the registry. There was no problem in Win XP, but the same does not work for Win 7.. I googled, and found alternate ways to get the path.
Here is the link : http://forums.adobe.com/thread/851359. I followed the instructions in this post, but failed to get this working for CS5 as mentioned in my previous thread... No problem for CS5.1 and CS6.. Why is that?
I want to get this working for CS5, CS5.1, CS6... How can I get the path of all the Extension Manager versions installed on a Windows system?
Please refer to the following screenshots to get a better understanding of my problem,
I created a jsx file named "Result.jsx", which I saved in my D drive, with the following code,
resultFile = new File("D:/result.log");
resultFile.open("w");
resultFile.write(BridgeTalk.__diagnostics__);
resultFile.close();
If I run this directly from ESTK CS5, there is no problem, and I get the result.log file. I tried to execute this script via command line as shown in the screenshot,
On executing the above, I got the following error,
What is going wrong?
Please help!I am sorry for the poor documentation of Extension Manager which causes you so much trouble.
1. You can use BridgeTalk API to ask specific version of Extension Manager to do something. There is sample in packaging_extension.pdf about this. You don't need to know the installation path of Extension Manager. One thing to note is that the value of bt.target is version specific, i.e. "exman-5.0", "exman-5.5" send this message to different version of Extension Manager, so you can change this value to install/enable/disable/remove extensions using different version of Extension Manager. More detailed documentation of BridgeTalk can be found by clicking "Help" menu then clicking "Javascript Tools Guide CS5" in "Adobe ExtendScript Toolkit CS5".
2. Specific version of Extension Manager only manage extensions for corresponding version of product. You should use Extension Manager CS5 to install extensions for Photoshop CS5. The reason that the extension you installed for Photoshop CS5.1 using Extension Manager CS5.5 is displayed for Photoshop CS5 in Extension Manager CS5 is that two versions of Photoshop specified the same directory for Extension Manager to manage extensions. This is a defect and will cause some problems if multiple versions of Photoshop co-existed in one machine. But "to find previous (CS5) extension manager and to enable it" should work for you, I guess you use command line to enable it and specify wrong product name (see #3) so that it doesn't work.
3. When using command line, you should specify "product" attribute with the name displayed at the left panel of Extension Manager. So "Photoshop CS5 32" is correct. Remember to enclose it with double quote because of existence of space character.
4. As above mentioned, use display name of Photoshop, and call proper version of Extension Manager by BridgeTalk. -
.........I have deleted the .ini file associated with the profile file and the profile file itself...have tried to locate the "lock" file but cannot find the file in the specified path on the support forum for this problem....I believe there is a file mounted in another directory somewhere that firefox is seeing....I would really like to be able to use firefox as the default browser on this new linux (ubuntu) install...it was working prior to my trying to import my profile from the windows partition.....
See this. <br />
https://support.mozilla.com/en-US/kb/Firefox+hangs#Hang_at_exit -
Using container managed form-based security in JSF
h1. Using container managed, form-based security in a JSF web app.
A Practical Solution
h2. {color:#993300}*But first, some background on the problem*{color}
The Form components available in JSF will not let you specify the target action, everything is a post-back. When using container security, however, you have to specifically submit to the magic action j_security_check to trigger authentication. This means that the only way to do this in a JSF page is to use an HTML form tag enclosed in verbatim tags. This has the side effect that the post is not handled by JSF at all meaning you can't take advantage of normal JSF functionality such as validators, plus you have a horrible chimera of a page containing both markup and components. This screws up things like skinning. ([credit to Duncan Mills in this 2 years old article|http://groundside.com/blog/DuncanMills.php?title=j2ee_security_a_jsf_based_login_form&more=1&c=1&tb=1&pb=1]).
In this solution, I will use a pure JSF page as the login page that the end user interacts with. This page will simply gather the input for the username and password and pass that on to a plain old jsp proxy to do the actual submit. This will avoid the whole problem of having to use verbatim tags or a mixture of JSF and JSP in the user view.
h2. {color:#993300}*Step 1: Configure the Security Realm in the Web App Container*{color}
What is a container? A container is basically a security framework that is implemented directly by whatever app server you are running, in my case Glassfish v2ur2 that comes with Netbeans 6.1. Your container can have multiple security realms. Each realm manages a definition of the security "*principles*" that are defined to interact with your application. A security principle is basically just a user of the system that is defined by three fields:
- Username
- Group
- Password
The security realm can be set up to authenticate using a simple file, or through JDBC, or LDAP, and more. In my case, I am using a "file" based realm. The users are statically defined directly through the app server interface. Here's how to do it (on Glassfish):
1. Start up your app server and log into the admin interface (http://localhost:4848)
2. Drill down into Configuration > Security > Realms.
3. Here you will see the default realms defined on the server. Drill down into the file realm.
4. There is no need to change any of the default settings. Click the Manage Users button.
5. Create a new user by entering username/password.
Note: If you enter a group name then you will be able to define permissions based on group in your app, which is much more usefull in a real app.
I entered a group named "Users" since my app will only have one set of permissions and all users should be authenticated and treated the same.
That way I will be able to set permissions to resources for the "Users" group that will apply to all users that have this group assigned.
TIP: After you get everything working, you can hook it all up to JDBC instead of "file" so that you can manage your users in a database.
h2. {color:#993300}*Step 2: Create the project*{color}
Since I'm a newbie to JSF, I am using Netbeans 6.1 so that I can play around with all of the fancy Visual Web JavaServer Faces components and the visual designer.
1. Start by creating a new Visual Web JSF project.
2. Next, create a new subfolder under your web root called "secure". This is the folder that we will define a Security Constraint for in a later step, so that any user trying to access any page in this folder will be redirected to a login page to sign in, if they haven't already.
h2. {color:#993300}*Step 3: Create the JSF and JSP files*{color}
In my very simple project I have 3 pages set up. Create the following files using the default templates in Netbeans 6.1:
1. login.jsp (A Visual Web JSF file)
2. loginproxy.jspx (A plain JSPX file)
3. secure/securepage.jsp (A Visual Web JSF file... Note that it is in the sub-folder named secure)
Code follows for each of the files:
h3. {color:#ff6600}*First we need to add a navigation rule to faces-config.xml:*{color}
<navigation-rule>
<from-view-id>/login.jsp</from-view-id>
<navigation-case>
<from-outcome>loginproxy</from-outcome>
<to-view-id>/loginproxy.jspx</to-view-id>
</navigation-case>
</navigation-rule>
NOTE: This navigation rule simply forwards the request to loginproxy.jspx whenever the user clicks the submit button. The button1_action() method below returns the "loginproxy" case to make this happen.
h3. {color:#ff6600}*login.jsp -- A very simple Visual Web JSF file with two input fields and a button:*{color}
<?xml version="1.0" encoding="UTF-8"?>
<jsp:root version="2.1"
xmlns:f="http://java.sun.com/jsf/core"
xmlns:h="http://java.sun.com/jsf/html"
xmlns:jsp="http://java.sun.com/JSP/Page"
xmlns:webuijsf="http://www.sun.com/webui/webuijsf">
<jsp:directive.page
contentType="text/html;charset=UTF-8"
pageEncoding="UTF-8"/>
<f:view>
<webuijsf:page
id="page1">
<webuijsf:html id="html1">
<webuijsf:head id="head1">
<webuijsf:link id="link1"
url="/resources/stylesheet.css"/>
</webuijsf:head>
<webuijsf:body id="body1" style="-rave-layout: grid">
<webuijsf:form id="form1">
<webuijsf:textField binding="#{login.username}"
id="username" style="position: absolute; left: 216px; top:
96px"/>
<webuijsf:passwordField binding="#{login.password}" id="password"
style="left: 216px; top: 144px; position: absolute"/>
<webuijsf:button actionExpression="#{login.button1_action}"
id="button1" style="position: absolute; left: 216px; top:
216px" text="GO"/>
</webuijsf:form>
</webuijsf:body>
</webuijsf:html>
</webuijsf:page>
</f:view>
</jsp:root>h3. *login.java -- implent the
button1_action() method in the login.java backing bean*
public String button1_action() {
setValue("#{requestScope.username}",
(String)username.getValue());
setValue("#{requestScope.password}", (String)password.getValue());
return "loginproxy";
}h3. {color:#ff6600}*loginproxy.jspx -- a login proxy that the user never sees. The onload="document.forms[0].submit()" automatically submits the form as soon as it is rendered in the browser.*{color}
{code}
<?xml version="1.0" encoding="UTF-8"?>
<jsp:root xmlns:jsp="http://java.sun.com/JSP/Page"
version="2.0">
<jsp:output omit-xml-declaration="true" doctype-root-element="HTML"
doctype-system="http://www.w3.org/TR/html4/loose.dtd"
doctype-public="-W3CDTD HTML 4.01 Transitional//EN"/>
<jsp:directive.page contentType="text/html"
pageEncoding="UTF-8"/>
<html>
<head> <meta
http-equiv="Content-Type" content="text/html;
charset=UTF-8"/>
<title>Logging in...</title>
</head>
<body
onload="document.forms[0].submit()">
<form
action="j_security_check" method="POST">
<input type="hidden" name="j_username"
value="${requestScope.username}" />
<input type="hidden" name="j_password"
value="${requestScope.password}" />
</form>
</body>
</html>
</jsp:root>
{code}
h3. {color:#ff6600}*secure/securepage.jsp -- A simple JSF{color}
target page, placed in the secure folder to test access*
{code}
<?xml version="1.0" encoding="UTF-8"?>
<jsp:root version="2.1"
xmlns:f="http://java.sun.com/jsf/core"
xmlns:h="http://java.sun.com/jsf/html"
xmlns:jsp="http://java.sun.com/JSP/Page" xmlns:webuijsf="http://www.sun.com/webui/webuijsf">
<jsp:directive.page
contentType="text/html;charset=UTF-8"
pageEncoding="UTF-8"/>
<f:view>
<webuijsf:page
id="page1">
<webuijsf:html id="html1">
<webuijsf:head id="head1">
<webuijsf:link id="link1"
url="/resources/stylesheet.css"/>
</webuijsf:head>
<webuijsf:body id="body1" style="-rave-layout: grid">
<webuijsf:form id="form1">
<webuijsf:staticText id="staticText1" style="position:
absolute; left: 168px; top: 144px" text="A Secure Page"/>
</webuijsf:form>
</webuijsf:body>
</webuijsf:html>
</webuijsf:page>
</f:view>
</jsp:root>
{code}
h2. {color:#993300}*_Step 4: Configure Declarative Security_*{color}
This type of security is called +declarative+ because it is not configured programatically. It is configured by declaring all of the relevant parameters in the configuration files: *web.xml* and *sun-web.xml*. Once you have it configured, the container (application server and java framework) already have the implementation to make everything work for you.
*web.xml will be used to define:*
- Type of security - We will be using "form based". The loginpage.jsp we created will be set as both the login and error page.
- Security Roles - The security role defined here will be mapped (in sun-web.xml) to users or groups.
- Security Constraints - A security constraint defines the resource(s) that is being secured, and which Roles are able to authenticate to them.
*sun-web.xml will be used to define:*
- This is where you map a Role to the Users or Groups that are allowed to use it.
+I know this is confusing the first time, but basically it works like this:+
*Security Constraint for a URL* -> mapped to -> *Role* -> mapped to -> *Users & Groups*
h3. {color:#ff6600}*web.xml -- here's the relevant section:*{color}
{code}
<security-constraint>
<display-name>SecurityConstraint</display-name>
<web-resource-collection>
<web-resource-name>SecurePages</web-resource-name>
<description/>
<url-pattern>/faces/secure/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
<http-method>HEAD</http-method>
<http-method>PUT</http-method>
<http-method>OPTIONS</http-method>
<http-method>TRACE</http-method>
<http-method>DELETE</http-method>
</web-resource-collection>
<auth-constraint>
<description/>
<role-name>User</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<realm-name/>
<form-login-config>
<form-login-page>/faces/login.jsp</form-login-page>
<form-error-page>/faces/login.jsp</form-error-page>
</form-login-config>
</login-config>
<security-role>
<description/>
<role-name>User</role-name>
</security-role>
{code}
h3. {color:#ff6600}*sun-web.xml -- here's the relevant section:*{color}
{code}
<security-role-mapping>
<role-name>User</role-name>
<group-name>Users</group-name>
</security-role-mapping>
{code}
h3. {color:#ff6600}*Almost done!!!*{color}
h2. {color:#993300}*_Step 5: A couple of minor "Gotcha's"_ *{color}
h3. {color:#ff6600}*_Gotcha #1_*{color}
You need to configure the "welcome page" in web.xml to point to faces/secure/securepage.jsp ... Note that there is *_no_* leading / ... If you put a / in there it will barf all over itself .
h3. {color:#ff6600}*_Gotcha #2_*{color}
Note that we set the <form-login-page> in web.xml to /faces/login.jsp ... Note the leading / ... This time, you NEED the leading slash, or the server will gag.
*DONE!!!*
h2. {color:#993300}*_Here's how it works:_*{color}
1. The user requests the a page from your context (http://localhost/MyLogin/)
2. The servlet forwards the request to the welcome page: faces/secure/securepage.jsp
3. faces/secure/securepage.jsp has a security constraint defined, so the servlet checks to see if the user is authenticated for the session.
4. Of course the user is not authenticated since this is the first request, so the servlet forwards the request to the login page we configured in web.xml (/faces/login.jsp).
5. The user enters username and password and clicks a button to submit.
6. The button's action method stores away the username and password in the request scope.
7. The button returns "loginproxy" navigation case which tells the navigation handler to forward the request to loginproxy.jspx
8. loginproxy.jspx renders a blank page to the user which has hidden username and password fields.
9. The hidden username and password fields grab the username and password variables from the request scope.
10. The loginproxy page is automatically submitted with the magic action "j_security_check"
11. j_security_check notifies the container that authentication needs to be intercepted and handled.
12. The container authenticates the user credentials.
13. If the credentials fail, the container forwards the request to the login.jsp page.
14. If the credentials pass, the container forwards the request to *+the last protected resource that was attempted.+*
+Note the last point! I don't know how, but no matter how many times you fail authentication, the container remembers the last page that triggered authentication and once you finally succeed the container forwards your request there!!!!+
+The user is now at the secure welcome page.+
If you have read this far, I thank you for your time, and I seriously question your ability to ration your time pragmatically.
Kerry RandolphIf you want login security on your web app, this is one way to do it. (the easiest way i have seen).
This method allows you to create a custom login form and error page using JSF.
The container handles the actual authentication and protection of the resources based on what you declare in web.xml and sun-web.xml.
This example uses a statically defined user/password, stored in a file, but you can also configure JDBC realm in Glassfish, so that that users can register for access and your program can store the username/passwrod in a database.
I'm new to programming, so none of this may be a good practice, or may not be secure at all.
I really don't know what I'm doing, but I'm learning, and this has been the easiest way that I have found to add authentication to a web app, without having to write the login modules yourself.
Another benefit, and I think this is key ***You don't have to include any extra code in the pages that you want to protect*** The container manages this for you, based on the constraints you declare in web.xml.
So basically you set it up to protect certain folders, then when any user tries to access pages in that folder, they are required to authenticate.
--Kerry -
How can I move my old iPhoto library into a Referenced Library format and use that as my default?
Hi, I have been using iPhoto for photo management where all the jpegs have been living, in organized events by date and subject for some time. I recently upgraded to aperture and am using the same iPhoto library. The issue I have is that I use Carbonite for my cloud back up and I am able to look at the pictures I have on my PC with the same folder organization I have them on my PC hard drive. This is apparently not possible for iPhoto library. The only way to access a picture on the iPhoto library in the cloud is to go through the master and hope you can find the specific picture since they are not organized in a comprehensible manner (like events or folders) in there.
So the only solution I can think of is to move the current iPhoto library to a referenced image library and use that as my default library from now on. This way I get cloud access and the events will hopefully turn into folders with dates and subjects that I can continue to keep organized to satisfy my OCD tendencies.
So the question I have is that:
1. How can I make a reference Library for Aperture/iPhoto?
2. How do I move the current library to the Referenced Library in an Organized manner? My wish list would be a series of folders labeled with the date and the subject, like I have in my iPhoto library right now.
3. If there is any alternative, your suggestions and recommendations would be much appreciated.
My computer: Mac Mini (Mid 2012), Lion, 16GB RAM.
Thank you kindly,Or is there a way to go through aperture to make a new reference library that I can move the masters into later?
you do not move the masters into a references library - you turn your current library into a referenced library. As Terence Devlin said:
File -> Relocate Masters
What you should set up:
Select a folder, where you want to store your referenced files - probably on an external drive.
Decide on a hierarchical folder structure inside this folder - that is completely up to you.
Select a project from your library and use the command "File -> Relocate Masters/Originals" to move the original image files to the folder where you want to go them to. Only take care not to send two projects to the same folder.
Alternatively, if you do not care about the folder structure Aperture will use, select all images at once from the "Photos" view and let Aperture decide how to assing the folders - in the "Relocate Originals" dialoge you can specify a subfolder format.
Regards
Léonie
Maybe you are looking for
-
Ipod touch 3g screen does not rotate after update
after upgrading my iPod Touch 3rd Generation os to ver 5.0.1 I have noticed that the screen will quit rotating. I can do a hard reset and it will rotate but after a very short period of time it quits rotating again.
-
Serious security bug in weblogic 6.0
when I use jaas authenticated to weblogic server 6.0. everything is beatiful. but I easily bypass the jaas authentication and could login to weblogic server 6.0 as anybody with any credential. Think about it, if I login as system and with wrong passw
-
Adobe has not been a big help with this. If anyone knows what might be causing this error - great, pls post. Otherwise, in order to work the problem myself, I need to know the file locations of Camera Raw within PS CC and also the file location of
-
Remotely invoke DS job and wait for job
Hi, We are running DS 4 SP2 on Linux and have generated our job script from the console. We need to be able to invoke a DS job from scheduler (autosys) running on AIX and wait for the DS job to complete so the return status is passed back to autosys.
-
Incorrect font display in dashboard = font problems everywhere?
My G4 Silverdoor been hanging and freezing A LOT! Sometimes, several times in a day. When I run Disk Warrior, the most frequent error is incorrect font encoding. I run all of the repairs, and the problems reappear. In Dashboard, several widgets have