Passing a security context over JMS?

Similar Messages

• How to pass the security context between different OC4J servers

  My problem is the following: it seems that there is no standard J2EE solution in a production environment with more than one J2EE application server products to pass the security context between different J2EE application servers.
  I have a distributed application on two different OC4J servers, let's say that we have the web layer (with servlets) deployed on a server instance Server1 and the EJBs deployed on a second OC4J server Server2. If an user is authenticated at the web tier (in Server1) it gets a Principal object. It seems that the same Principal object cannot be used for authorization in the second application server, Server2. This means that in the server Server2 the authentication should be done again. It means that it should be duplicated the mechanism for authentication on Server2 (together with the passwords, users, and so on), thing that is a clear disadvantage of this approach.
  Do you know if there is a specific OC4J solution for this approach?
  Thank you,
  Marinel

  I have a simmilar issue? Did you succeeded to find a solution?

• Can we pass J2EE security context to a xdp form?

  I am doing a J2ee application developement that a user will logon to the application and open the form,fill it and press submit button to call a web service. The form submit button is pointing to a web service that needs security authentication such as:
  <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
  <wsse:UsernameToken>
    <wsse:Username>user</wsse:Username>
    <wsse:Password>password</wsse:Password>
    </wsse:UsernameToken>
    </wsse:Security>
  I am wondering how to pass the security header info to the SOAP header so user doesn't have to type user name and password again when hiting submit button since he already logon to the apllication. Can and how the LiveCycle Forms server take the header info from Java API call and fill the submit button SOAP security header?  I got stucked here and I would really appreciate if someone can guide me on this.  Thanks.
  Jinyu

  Is my question in a wrong topic? I want to know how your guys handle the forms web service call with wsse:UsernameToken authentication enabled. Can forms API be used to pass the security header info? Thanks.

• How to get security context in BPEL to get Logged in UserId

  Hi All,
  We have a requirement of getting security context in BPEL flow and from that we want to extract currentUserId. The requirement is to know who has initiated the composite flow. We are not passing userId in the event payload. In ADF we get the same through following expression:
  ADFContext.getCurrent().getSecurityContext().getUserName()
  Is there any similar api which we can access to get currentUserId?
  Thanks,
  Naga

  Hi,
  If your BPEL has oracle/wss_username_token_service_policy you can retrieve the username from the SOAP headers...
  Have a look at this...
  http://yuanmengblog.blogspot.com.au/2012/09/extracting-and-passing-wss-name-token.html
  Cheers,
  Vlad

• SOAP over JMS Problem

  I'm trying to call a SOAP over JMS Service form the BPEL process manager. For a simple example I use the Apache CXF example with Active MQ. The service has the following WSDL:
  <?xml version="1.0" encoding="UTF-8"?>
  <wsdl:definitions xmlns="http://schemas.xmlsoap.org/wsdl/" xmlns:jms="http://cxf.apache.org/transports/jms" xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/" xmlns:tns="http://cxf.apache.org/jms_greeter" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/" xmlns:x1="http://cxf.apache.org/jms_greeter/types" name="JMSGreeterService" targetNamespace="http://cxf.apache.org/jms_greeter">
       <wsdl:types>
            <schema targetNamespace="http://cxf.apache.org/jms_greeter/types" xmlns="http://www.w3.org/2001/XMLSchema" elementFormDefault="qualified">
                 <element name="sayHi">
                      <complexType/>
                 </element>
                 <element name="sayHiResponse">
                      <complexType>
                           <sequence>
                                <element name="responseType" type="xsd:string"/>
                           </sequence>
                      </complexType>
                 </element>
                 <element name="greetMe">
                      <complexType>
                           <sequence>
                                <element name="requestType" type="xsd:string"/>
                           </sequence>
                      </complexType>
                 </element>
                 <element name="greetMeResponse">
                      <complexType>
                           <sequence>
                                <element name="responseType" type="xsd:string"/>
                           </sequence>
                      </complexType>
                 </element>
                 <element name="greetMeOneWay">
                      <complexType>
                           <sequence>
                                <element name="requestType" type="xsd:string"/>
                           </sequence>
                      </complexType>
                 </element>
            </schema>
       </wsdl:types>
       <wsdl:message name="sayHiRequest">
            <wsdl:part name="in" element="x1:sayHi"/>
       </wsdl:message>
       <wsdl:message name="sayHiResponse">
            <wsdl:part name="out" element="x1:sayHiResponse"/>
       </wsdl:message>
       <wsdl:message name="greetMeRequest">
            <wsdl:part name="in" element="x1:greetMe"/>
       </wsdl:message>
       <wsdl:message name="greetMeResponse">
            <wsdl:part name="out" element="x1:greetMeResponse"/>
       </wsdl:message>
       <wsdl:message name="greetMeOneWayRequest">
            <wsdl:part name="in" element="x1:greetMeOneWay"/>
       </wsdl:message>
       <wsdl:portType name="JMSGreeterPortType">
            <wsdl:operation name="sayHi">
                 <wsdl:input name="sayHiRequest" message="tns:sayHiRequest"/>
                 <wsdl:output name="sayHiResponse" message="tns:sayHiResponse"/>
            </wsdl:operation>
            <wsdl:operation name="greetMe">
                 <wsdl:input name="greetMeRequest" message="tns:greetMeRequest"/>
                 <wsdl:output name="greetMeResponse" message="tns:greetMeResponse"/>
            </wsdl:operation>
            <wsdl:operation name="greetMeOneWay">
                 <wsdl:input name="greetMeOneWayRequest" message="tns:greetMeOneWayRequest"/>
            </wsdl:operation>
       </wsdl:portType>
       <wsdl:binding name="JMSGreeterPortBinding" type="tns:JMSGreeterPortType">
            <soap:binding style="document" transport="http://cxf.apache.org/transports/jms"/>
            <wsdl:operation name="greetMe">
                 <soap:operation soapAction="" style="document"/>
                 <wsdl:input name="greetMeRequest">
                      <soap:body use="literal"/>
                 </wsdl:input>
                 <wsdl:output name="greetMeResponse">
                      <soap:body use="literal"/>
                 </wsdl:output>
            </wsdl:operation>
            <wsdl:operation name="sayHi">
                 <soap:operation soapAction="" style="document"/>
                 <wsdl:input name="sayHiRequest">
                      <soap:body use="literal"/>
                 </wsdl:input>
                 <wsdl:output name="sayHiResponse">
                      <soap:body use="literal"/>
                 </wsdl:output>
            </wsdl:operation>
            <wsdl:operation name="greetMeOneWay">
                 <soap:operation style="document" soapaction=""/>
                 <wsdl:input name="greetMeOneWayRequest">
                      <soap:body use="literal"/>
                 </wsdl:input>
            </wsdl:operation>
       </wsdl:binding>
       <wsdl:service name="JMSGreeterService">
            <wsdl:port name="GreeterPort" binding="tns:JMSGreeterPortBinding">
                 <jms:address destinationStyle="queue" jndiConnectionFactoryName="ConnectionFactory" jndiDestinationName="dynamicQueues/test.cxf.jmstransport.queue">
                      <jms:JMSNamingProperty name="java.naming.factory.initial" value="org.apache.activemq.jndi.ActiveMQInitialContextFactory"/>
                      <jms:JMSNamingProperty name="java.naming.provider.url" value="tcp://localhost:61616"/>
                 </jms:address>
                 <jms:clientConfig useConduitIdSelector="false"/>
            </wsdl:port>
       </wsdl:service>
  </wsdl:definitions>
  When trying to call the service i get the follwing errror:
  <messages>
  <input>
  <Invoke_2_greetMeOneWay_InputVariable>
  <part xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" name="in">
  <greetMeOneWay xmlns="http://cxf.apache.org/jms_greeter/types">
  <requestType>
  sdfsdf!
  </requestType>
  </greetMeOneWay>
  </part>
  </Invoke_2_greetMeOneWay_InputVariable>
  </input>
  <fault>
  <bindingFault xmlns="http://schemas.oracle.com/bpel/extension">
  <part name="summary">
  <summary>
  Unable to find an available port
  </summary>
  </part>
  </bindingFault>
  </fault>
  </messages>
  When using a JMS Adapter Service i can access the queue without any problems.
  Any ideas? Thanks!

  Above all, really thank you for your precious help.
  I thought about resolving the problem with JMS because it was studied to resolve asynchronous message delivery, which is what I'm trying to achieve.
  So, I think I'll try the second solution you indicated. Let's see if I understood:
  1- my customer decides to send some messages he wants to send [to better understand, I'll call them SMS] through the interface I developed
  2- a new JMS Message is created
  3- a MDB wake up and performs the initial steps to connect throught native calls
  4- new MDB wake up and, using the connection, send created SMS
  5- another process use the connection to read the StatusInd and create a new JMS Message to describe the message status
  My implementation doubt is that I must send a lot of SMS (around 4000 SMS in one action), so, in pass 4, should I create 4000 MDB instances? It should be a clean implementation, maybe this way I could use also correlation id/replyto headers in passage 5, but I would it waste many resources?
  And, also, how can I implement the "native calls"? Is there a way to create a class that support this proprietary protocol?
  And what about creating the connections with the server? Should I use java.net.socket?
  Really thank you,
  Andrea
  P.S.
  I'll look for implementing it using Arjuna+JBoss ;)

• Why is it that on a 5s you can by pass all security measures via Siri, where as the 4S asks for an unlock?

  On a 5s you can by pass all security measures via Siri, where as the 4S asks for an unlock.  Why?

  My daughter has had her Razr for about 9 months now.  About two weeks ago she picked up her phone in the morning on her way to school when she noticed two cracks, both starting at the camera lens. One goes completely to the bottom and the other goes sharply to the side. She has never dropped it and me and my husband went over it with a fine tooth comb. We looked under a magnifying glass and could no find any reason for the glass to crack. Not one ding, scratch or bang. Our daughter really takes good care of her stuff, but we still wanted to make sure before we sent it in for repairs. Well we did and we got a reply from Motorola with a picture of the cracks saying this was customer abuse and that it is not covered under warranty. Even though they did not find any physical damage to back it up. Well I e-mailed them back and told them I did a little research and found pages of people having the same problems. Well I did not hear from them until I received a notice from Fed Ex that they were sending the phone back. NOT FIXED!!! I went to look up why and guess what there is no case open any more for the phone. It has been wiped clean. I put in the RMA # it comes back not found, I put in the ID #, the SN# and all comes back not found. Yet a day earlier all the info was there. I know there is a lot more people like me and all of you, but they just don't want to be bothered so they pay to have it fix, just to have it do it again. Unless they have found the problem and only fixing it on a customer pay only set up. I am furious and will not be recommending this phone to anyone. And to think I was considering this phone for my next up grade! NOT!!!!

• Passing a FileReference objet over a LocalConnection

  Since the flash 10 fileReference security update, my uploader
  has had to reworked. The uploader has 2 parts, one is the backbone
  with all the fileReference objects, and the other is a manager that
  is the core UI. The two SWFs communicate through a LocalConnection.
  The site where the uploader is implemented is a fully dynamic AJAX
  site, and the objective was the create a system that would allow
  users to upload files while still being able to browse the site...
  and keep everything in the same window.
  All was well until the flash 10 fileReference security
  update. I understand why the update was made, but I'm still looking
  for a solution to my problem. Now that the update requires a
  MouseEvent in order to open the browse() method, I'm having
  troubles getting my FileRefence objects to the backbone. Before I
  called a function over a LocalConnection to trigger a
  FileReference.browse() method in the backbone so I could store the
  fileRefence objects there, but that solution no longer works. I
  have tried passing the FileReference objects over a LocalConnection
  (objects keep their class thanks to the
  DevArc
  LocalConnectionManager) but the FileReference object is empty.
  I have tried serializing the object with .writeObject(), but
  again when I .readObject() I end up with a fileReference object but
  with no properties. Any ideas if there is a solution here?
  Thanks in advance.

  Ryan - I ran into the same problem. All the reference info is
  gone once you serialize the object. I have tried
  registerClassAlias('flas.net.FileReference') and that keeps the
  object in tact, but the info is all gone.
  Any other ideas? I need some flex magic here.

• Set security context

  While using business objects we set the security context as we connect to the database. How would we do that with Crystal Reports?

  Crystal doesn't support it in that way. You simply enter the log on info, User Name and Password, and Cr connects. You can use a Universe to set up Security Context and Cr then passes the user info through and the Universe handles what the user can and can not see.
  This generalizing because you did not say what DB you are using or what version of Crystal Reports.
  Or if you are using the OEM build for Business One...
  There is in later versions a Special Field to get/set the CEUser which you can use in the record selection formula.
  Don

• Sharing application security context

  Hi,
  I have two different applications on my weblogic server (one weblogic server). When I am logged into Application B, I need to access application A's page (open up a new window with application A's page and pass appropriate parameter).
  Is this functionality possible? If so, I would appreciate any suggestion to achieve this functionality.
  (Subject title may be little bit confusing but that is the best I could think offf....)
  Thank you for your help,
  -Raj

  Hi,
  depends on what you mean by application security context:
  1. policies
  set the same name for the application.name in the JPS filter before deploying the application to WLS as explained here
  http://docs.oracle.com/cd/E25054_01/core.1111/e10043/devmancfg.htm#BCGFGCGF
  This way both applications share the same policies
  2. authentication
  In this case you either
  - use basic authentication in which case the browser ensures you are authenticated when accessing application A
  - use Single Sign-On (OAM)
  Frank

• Licensing -Security Contexts on ASA5585-X

                     All,
  I have a customer with 2 ASA 5585-X and they are looking at running a total of 20 Security contexts in failover mode on these two firewalls. From a licensing perspective, Can I get 10 security contexts on each of these firewalls and that gives me a cumulative context number of 20.I am not sure though if I will be able to run all 20 contexts in failover mode on both firewalls.
  This is the document I am reading but not very clear.
  http://www.cisco.com/en/US/docs/security/asa/asa90/license/license_management/license.html#wp1345944
  Thanks

  Hi,
  If you want to split the 20 Security Contexts between 2 differents ASAs then you are looking at configuring a  Active/Active Failover environment.
  If you want all Security Contexts to be Active only on one physical ASA at a time (while the other is there to take over when the main one fails) then you are looking at configuring a Active/Standby Failover enviroment.
  So in other words
  Each units 10 Security Context license will be combined between the units
  You can either use 20 Security Contexs on a single physical unit at a time in Active/Standby
  OR you can divide the 20 Security Contexts between the 2 Physical ASAs in Active/ActiveFor example 10 Active in ASA1 and 10 Active in ASA2
  Also heres a partial quote from the Cisco document
  Failover License Requirements and Exceptions
  Failover units do not require the same license on each unit.
  Older versions of ASA software required that the licenses match on each  unit. Starting with Version 8.3(1), you no longer need to install  identical licenses. Typically, you buy a license only for the primary  unit; for Active/Standby failover, the secondary unit inherits the  primary license when it becomes active. If you have licenses on both  units, they combine into a single running failover cluster license. How Failover or ASA Cluster Licenses Combine
  For failover pairs or ASA clusters, the licenses on each unit are  combined into a single running cluster license. If you buy separate  licenses for each unit, then the combined license uses the following  rules: For example, for failover: You  have two ASA 5540 ASAs, one with 20 contexts and the other with 10  contexts; the combined license allows 30 contexts. For Active/Active  failover, the contexts are divided between the two units. One unit can  use 18 contexts and the other unit can use 12 contexts, for example, for  a total of 30.
  - Jouni

• How to share security context between different application ?

  Hi all,
  I have two applications(ADF faces + BC, JDev 10.1.3.1) deployed into OAS 10.1.3.1.
  The two applications are :
  1) SalesApp -> main menu page = SalesMenu.jspx
  2) ReportApp -> main menu page = ReportMenu.jspx
  I want implement security using CustomLogin.
  The question is :
  How can I share security context between the applications ?
  What I mean is, from SalesMenu.jspx there is one menu item to jump into ReportMenu.jspx, and I want user no need to Login again, Login is once and the user is recognized in the two apps. How to achieve that ?
  Thank you for your help,
  xtanto

  Xtanto,
  actually you can't if these are separate J2EE application deployments. The session is not shared and thus the authentication is lost. I heard that OracleAs is planning to implement a feature that allows you to share the session and thus a context between two J2EE deployments. I am not 100 % sure this is the case and will check with OC4J Product Management
  Frank

• The server principal "XYuser" is not able to access the database "Ydb" under the current security context

  SQL2005 on winserver 2003. I have a view in Xdb that accesses tables in 2 different databases (Xdb and Ydb) on the same server. I have mixed mode security. I have a SQL user (XYuser) that has read access to all tables and views on both databases, yet when I try to access the view using a C# windows application I get the following error:
  The server principal "XYuser" is not able to access the database "Ydb" under the current security context
  This same scenario works under SQL 2000. I looked through the postings and tried to set TRUSTWORTHY ON on both databases but that didn't help. I can access any other views or tables on the SQL 2005 server, just not the one that joins the tables cross databases. Any help is much appreciated... john

  This appears to be a Login/Database Mapping issue.  I was having this problem, but was able to resolve it as follows:
  Using the SQL Server management Studio:
  In the Object explorer, under the SERVER security folder (not the database security folder), expand Logins. 
  That is: ServerName -> Security -> Logins
  NOT: ServerName -> Databases -> DatabaseName -> Security -> Users
  Select the Login that is having the troubles.  Right click on the Login and select ‘Properties.’
  The ‘User Mapping’ page should list all databases on the server with a check mark on the databases that the Login has been mapped to.  When I was getting the error, the database in question was not checked (even though the Login was assigned as a User on the database itself).  Map the Login by checking the box next to the database name.  Set the default schema.  Then select the roles for the Login in the Database role membership list box.  I selected db_datareader and public.  After clicking OK to save the changes, the problem was resolved.
  In order to ‘Map’ the Login, the Login must not already be as User on the database, so you may have to go to the database security (ServerName -> Databases -> DatabaseName -> Security -> Users) and delete the Login from the list of database Users before mapping the Login to the database.

• How to get contents of Soap Over JMS web service's wsdl file

  Hi,
  Is there a way to get the soap over jms webservice's wsdl file in browser? if yes please provide me the details how to get it.
  OR how can i get the contensts of WSDL file for soap over jms wsdl file.
  thanks in advance.

  I have the same question ("Assuming I can generate a wsdl file, can I recreate the SOAP request message from the WSDL file automatically (that matches the original request, which is hand build by me?)")
  Have you already found an answer to this?

• SOAP over JMS Sender Communication Channel - How to?

  Hello folks,
  I have an async. scenario in which a SOAP message is posted to a JMS queue, then SAP PI picks up the SOAP message, extracts the payload and maps it into an IDOC to SAP.
  Couple of questions...
  1. Does the JMS adapter supports SOAP over JMS?
  2. Can I get the entire SOAP envelope in SAP PI (just like the "do no use SOAP envelope" function works in the SOAP adapter) ?
  3. Is the above scenario possible? Given the fact that my scenario (i.e. ccBPM, mappings, etc..) is expecting a SOAP envelope as input?
  Thanks,
  Rob

  Ok, then I think I am on the right track, but still I cannot get this scenario to work.
  JMS (SOAP)-> SAP PI(ccBPM) --> IDOC
  I put SOAP messages on the sender queue, those messages dissapear from that queue, so I would expect that I can see them back in PI, but no trace is left behind in the monitoring area... It is like they've never been read from the input queue.
  What is happenning with those messages? The definition of the SOAP envelope has been uploaded as an external definition and linked to a message interface in the repository.
  JMS Communication channel checked but it is also fine.
  Any clues where to look?
  Thanks.

• JMS Adapter (for DI) does not allow passing username and password to JMS connection

  Post Author: PLed76
  CA Forum: Data Integration
  JMS Adapter (for DI) does not allow passing username and password to JMS connection. It has those fields only for MSMQ. Our Production environment does not allow us to connect to JMS (we use Tibco EMS) anonymously, so it prevents us from use of Data Integrator. Is there any way to pass those params, or obtain the correct version of JMS Adapter, or obtain source codes of the JMS Adapter so we can correct them ourselves (we can send you the corrected sources back) ? Thanks in advance for any help. (PL)ed76 Renaissance Capital

  Bump - Were having the same issue.
  Has anyone found a way to connect to Tibco with a user/pwd?
  Version 14.0.297.