Password Caching in SALT when using Basic Authentication?
We are experiencing an issue in which a user changes their logon password using a thick client application, but is unable to use the changed password when connecting to the same password store through the SALT gateway.
We suspect that either the browser or the SALT Gateway itself is caching the password. How is this designed to work? Do we have to send something in the header to force it use the password being sent?
We suspect the user is submitting the logon request from an existing browser window which authenticated against SALT prior to them changing the password in the thick client.
Thanks
Amin
As far as I know, vendors are not required to rely on a JAAS LoginContext to perform BASIC auth. Different vendor implementations may do different things. So you may have to rely on a programmatic logout API, but I'm not personally aware of any standard API for this.
Similar Messages
-
(JAAS) Getting LoginContext when using BASIC authentication
I am using basic authentication in JAAS to authenticate users for JSF web resources. My web.xml is configured as follows:
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>eccgroup</realm-name>
</login-config>
How can I get hold of the LoginContext that (I assume) was created in order to logout?
The Principal is available on the HTTPRequest but I cannot find where the LoginContext is stored?As far as I know, vendors are not required to rely on a JAAS LoginContext to perform BASIC auth. Different vendor implementations may do different things. So you may have to rely on a programmatic logout API, but I'm not personally aware of any standard API for this.
-
How to log out using BASIC authentication
Hi,
we are using JSC and Sun Appserver8.
To authenticate we are using BASIC authentication and it works well.
Now we need to do a log out function because of new demands.
Is it possible to log out when using BASIC authentication ?
If so, how?
/Regards KristerIf you are using Basic Authentication, you may not be able to force log out. In that case you may have to use form based authentication.
Please read more details here
http://httpd.apache.org/docs/1.3/howto/auth.html
(Look at the topic How do I log out?)
- Winston
http://blogs.sun.com/winston -
Interactive form using Basic Authentication
Hi,
I am getting the following problem when deploying the Adobe Interactive Form application developed using Basic Authentication onto the server.
com.sap.tc.webdynpro.services.exceptions.WDRuntimeException: Error during call to AdobeDocumentServer: Processing exception during a "Render" operation.
Request start time: Tue Jul 04 12:04:51 GMT+05:30 2006
at com.sap.tc.webdynpro.clientserver.adobe.AdobeFormHelper.createPDFDocumentForUIElement(AdobeFormHelper.java:486)
at com.sap.tc.webdynpro.clientserver.uielib.adobe.impl.InteractiveForm.afterHandleActionEvent(InteractiveForm.java:185)
at com.sap.tc.webdynpro.clientserver.cal.ClientApplication.afterHandleActionEvent(ClientApplication.java:1154)
at com.sap.tc.webdynpro.clientserver.task.WebDynproMainTask.handleActionEvent(WebDynproMainTask.java:402)
at com.sap.tc.webdynpro.clientserver.task.WebDynproMainTask.execute(WebDynproMainTask.java:649)
at com.sap.tc.webdynpro.clientserver.cal.AbstractClient.executeTasks(AbstractClient.java:59)
at com.sap.tc.webdynpro.clientserver.cal.ClientManager.doProcessing(ClientManager.java:248)
at com.sap.tc.webdynpro.serverimpl.defaultimpl.DispatcherServlet.doWebDynproProcessing(DispatcherServlet.java:154)
at com.sap.tc.webdynpro.serverimpl.defaultimpl.DispatcherServlet.doContent(DispatcherServlet.java:116)
at com.sap.tc.webdynpro.serverimpl.defaultimpl.DispatcherServlet.doGet(DispatcherServlet.java:48)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:740)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:390)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:264)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:347)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:325)
at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:887)
at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:241)
at com.sap.engine.services.httpserver.server.Client.handle(Client.java:92)
at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:148)
at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
at java.security.AccessController.doPrivileged(Native Method)
at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:100)
at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:170)
Please suggest me, how I can solve it.
Also I have done only the Basic Authentication, so is there any need for SSL Configuration.
Regards
TiffnyHi Krishanu,
Thanks for your responseI have checked the url that I had put in Web Service as http://versa:80/AdobeDocumentServices/Config?style=document
and when I run this url which seems to be working fine and on run it I test it, also it gives wsdl url which is
http://versa:80/AdobeDocumentServices/Config?wsdl&style=document
and on clicking this url it opens the xml document.
I have also checked the Log, where I find that
#1.5#00132120E8600063000000440000106C000417BF56A46124#1152010466682#com.adobe.AdobeDocumentServices#com.adobe/AdobeDocumentServices#com.adobe.AdobeDocumentServices#ADSUSER#8739#SAP J2EE Engine JTA Transaction : [038153a00111]###744037e00b4b11dbbc1700132120e860#SAPEngine_Application_Thread[impl:3]_32##0#0#Error#1#/System/Server#Plain###Processing exception during a "Render" operation.
Request start time: Tue Jul 04 16:24:23 GMT+05:30 2006
<b>com.adobe.ProcessingError: File not found error writing stream:</b> <Render><Template><Name> "http://versa:80/webdynpro/dispatcher/local/TravelRequest/TravelRequestApp/wd_keyHC0DDbOBtzpF0n9-a_pEPA==/sapwebdynpro.xft;jsessionid=(J2EE3675400)ID2045061650DB01945523008391574204End;saplb_*=(J2EE3675400)3675450?sap.session.download=4&sap-wd-cltwndid=7425f9200b4b11dbc43100132120e860&sap-wd-appwndid=Id7425f9200b4b11dbc43100132120e86011&sap-wd-norefresh=true :
java.io.FileNotFoundException: IO error detected while retrieving input stream for: http://versa:80/webdynpro/dispatcher/local/TravelRequest/TravelRequestApp/wd_keyHC0DDbOBtzpF0n9-a_pEPA==/sapwebdynpro.xft;jsessionid=(J2EE3675400)ID2045061650DB01945523008391574204End;saplb_*=(J2EE3675400)3675450?sap.session.download=4&sap-wd-cltwndid=7425f9200b4b11dbc43100132120e860&sap-wd-appwndid=Id7425f9200b4b11dbc43100132120e86011&sap-wd-norefresh=true :
java.io.IOException: Server returned HTTP response code: 503 for URL: http://versa:80/webdynpro/dispatcher/local/TravelRequest/TravelRequestApp/wd_keyHC0DDbOBtzpF0n9-a_pEPA==/sapwebdynpro.xft;jsessionid=(J2EE3675400)ID2045061650DB01945523008391574204End;saplb_*=(J2EE3675400)3675450?sap.session.download=4&sap-wd-cltwndid=7425f9200b4b11dbc43100132120e860&sap-wd-appwndid=Id7425f9200b4b11dbc43100132120e86011&sap-wd-norefresh=true
Can you tell me which file it is looking for.
Regards
Tiffny -
Interactive Report - search does not work when using custom authentication
Apex 3.2.x
I can authenticate fine with my custom authentication and all of my pages work okay except for one page that uses the Interactive Report feature. When I click 'Filter' then enter the column name, operation (contains, =, like, etc.) and the expression, then click the 'Apply' button, the page just re-displays and my filter information is missing?
If I first login to Apex, select and run my application, the Interactive Report features work just fine. What's missing?More information:
After login into my Apex workspace (development environment), when I display the Interactive Report and click debug I see this debug message:
"using existing session report settings"
When I login using my application's custom authentication and click debug I see this debug message:
"creating session report settings as copy of public saved report"
Based on this, it appears that my session info in not set correctly when using custom authentication... but I'm not sure what needs to be set.
Edited by: user9108091 on Oct 22, 2010 6:44 AM -
Prompting for password and username only when using dynamic parameters
Post Author: Co3023
CA Forum: Crystal Reports
How do I stop CR XI prompting for password and username only when using dynamic parameters. When no dynamic parameters are used CR XI isn't prompting for the DB user name and password. The report is run from an application which passes the user name and password. I am using Oracle and the problem is both with the native oracle driver and the ODBC RDO driver.Post Author: jehanzeb
CA Forum: Crystal Reports
I didnt ask you to change it to static I said I took the parameters totally out of the report. Saved it. Then re-enter the dynamic parameters into the report and it worked for me. That might have worked for you, not sure why you changed it to static.
Ok I have just created a quick report using dynamic parameters, it didnt ask me for the username password.
Can you create a sample report - just to test the db? and see if it works? add only 1 or 2 fields in the report, create parameters (dynamic) and see if it works
why don't you embed the username and password in your application, it won't ask for username password then. -
Error when using SAP authentication for Designer
my error is:
[repo_proxy 13] SessionFacade::openSessionLogon with user info has failed(The
secSAPR3 DLL could not be found or does not exist(hr=#0x80042a01)
can you help me?
regardshi,
pls refer the link
Error when using SAP authentication for Designer
try re-installing BOE and check
hope it helps,
sundar -
So we have an Exchange 2013 environment, and a CRM solution that requires basic authentication to EWS internally. Problem is, after a reboot of our Exchange server, all of our Outlook clients begin prompting for username and password (which nothing
works) which also starts locking users AD accounts out due to failed login attempts (somehow). If I disabled basic authentication on EWS, Outlook authenticates as normal using NTLM and there are no issues. Once Outlook has authenticated, I can
turn back on basic authentication, and Outlook will be fine until the next time the Exchange server is rebooted.
Any ideas?Hi,
According to your description, I understand that Outlook client prompted for username and password when Exchange server restart and basic authentication is enabled for EWS.
If I misunderstand your concern, please do not hesitate to let me know.
It’s normal. This caused by the difference between basic authentication and NTML authentication:
Basic, with any version of Outlook prior to 2010, results in a pop up dialog asking for creds. Outlook 2010 makes the 'save this password' actually work, so in an Outlook 2010 or later world, Basic can mean no need to authenticate every time you open/reconnect,
but in all earlier versions, you will have to enter creds every time.
NTLM, when used by a client that is domain joined and logged in with cached creds, results in the client simply sending the cached in creds to the server, resulting in what looks like a pretty seamless single sign on experience. However, if you want to do pre-authentication
at something like TMG, and not let the traffic go all the way to CAS, you need to configure TMG for this.
Thanks
Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected]
Allen Wang
TechNet Community Support -
Help needed for using BASIC authentication through JDBCRealm
Help needed.
Hello,
I am doing a degree project, so far it works fine in my local machine, I need to try it on my virtual hosting (as it is a live server).
My project requires JDBCRealm, that is BASIC authentication loading access data from mysql database. Normally this setup can be done in Server.xml file, because my Tomcat hosting is a virtual one, I only have permission to access the web.xml file.
My question is: is it possible to get it done in an alternative way? In web.xml? Some properties file maybe?
Thank you very much.You can set this up for your context using META-INF/context.xml instead of working with server.xml.
Make a directory called META-INF under your webapp ( it'll be at the same level as WEB-INF ). Under this, add a context.xml with all your context specific configuration including the realm. A sample is below
<?xml version="1.0" encoding="UTF-8"?>
<Context path="/myApp" reloadable="true">
<Realm
className="org.apache.catalina.realm.JDBCRealm"
driverName="com.microsoft.jdbc.sqlserver.SQLServerDriver"
connectionURL="jdbc:microsoft:sqlserver://127.0.0.1:1433;DatabaseName=myDB;SelectMethod=Cursor;"
connectionName="username" connectionPassword="password"
digest="MD5" userTable="users" userNameCol="userid" userCredCol="userpassword"
userRoleTable="user_roles" roleNameCol="rolename"
/>
</Context>Hope this helps.
People on the forum help others voluntarily, it's not their job.
Help them help you.
Learn how to ask questions first: http://faq.javaranch.com/java/HowToAskQuestionsOnJavaRanch
---------------------------------------------------------------- -
Need to enter password twice to login (when using lightdm)
Hi!
I need to enter my password twice before I can login (note that I need to enter it correctly both times). After the first time, the screen goes blank for a second and then returns to the login screen.
I'm using the latest versions lightdm 1:1.10.1-2 and lightdm-gtk2-greeter 1:1.8.4-2 (and I'm logging into an Xfce session).
The relevant part of /var/log/lightdm/lightdm.log is:
[+11.38s] DEBUG: Session pid=345: Started with service 'lightdm', username 'test'
[+14.95s] DEBUG: Session pid=313: User test authorized
[+15.03s] DEBUG: Session pid=345: Running command /etc/lightdm/Xsession startxfce4
[+15.04s] DEBUG: Session pid=345: Logging to .xsession-errors
[+15.29s] DEBUG: Session pid=345: Exited with return value 0
[+15.71s] DEBUG: Seat: Active display server stopped, starting greeter
[+15.71s] DEBUG: Seat: Creating greeter session
This shows that the sessions quits after .26 seconds after running and returns to the greeter. The second time I log in it appears to work fine.
I have already reported this bug to the lightdm development team (https://bugs.launchpad.net/ubuntu/+sour … ug/1333538), but I'm thinking that it might be an Arch-specific issue. My ~/.xsession-errors contains many lines stating that xfdesktop is trying to start, but it is already running:
xfdesktop[2276] is already running; assuming --reload
** (xfdesktop:2274): WARNING **: xfdesktop: already running, quitting.
xfdesktop[2277] is already running; assuming --reload
xfdesktop[2282] is already running; assuming --reload
xfdesktop[2285] is already running; assuming --reload
xfdesktop[2284] is already running; assuming --reload
xfdesktop[2275] is already running; assuming --reload
xfdesktop[2279] is already running; assuming --reload
xfdesktop[2280] is already running; assuming --reload
xfdesktop[2283] is already running; assuming --reload
xfdesktop[2278] is already running; assuming --reload
xfdesktop[2281] is already running; assuming --reload
xfdesktop[2286] is already running; assuming --reload
xfdesktop[2298] is already running; assuming --reload
xfdesktop[2297] is already running; assuming --reload
xfdesktop[2296] is already running; assuming --reload
xfdesktop[2303] is already running; assuming --reload
xfdesktop[2288] is already running; assuming --reload
xfdesktop[2290] is already running; assuming --reload
xfdesktop[2293] is already running; assuming --reload
xfdesktop[2307] is already running; assuming --reload
xfdesktop[2302] is already running; assuming --reload
xfdesktop[2292] is already running; assuming --reload
xfdesktop[2300] is already running; assuming --reload
xfdesktop[2304] is already running; assuming --reload
xfdesktop[2305] is already running; assuming --reload
xfdesktop[2306] is already running; assuming --reload
xfdesktop[2308] is already running; assuming --reload
xfdesktop[2314] is already running; assuming --reload
xfdesktop[2321] is already running; assuming --reload
xfdesktop[2309] is already running; assuming --reload
xfdesktop[2312] is already running; assuming --reload
xfdesktop[2335] is already running; assuming --reload
xfdesktop[2311] is already running; assuming --reload
xfdesktop[2339] is already running; assuming --reload
xfdesktop[2327] is already running; assuming --reload
xfdesktop[2338] is already running; assuming --reload
xfdesktop[2334] is already running; assuming --reload
xfdesktop[2337] is already running; assuming --reload
xfdesktop[2341] is already running; assuming --reload
xfdesktop[2346] is already running; assuming --reload
xfdesktop[2343] is already running; assuming --reload
xfdesktop[2350] is already running; assuming --reload
xfdesktop[2347] is already running; assuming --reload
xfdesktop[2349] is already running; assuming --reload
xfdesktop[2356] is already running; assuming --reload
xfdesktop[2351] is already running; assuming --reload
xfdesktop[2361] is already running; assuming --reload
xfdesktop[2359] is already running; assuming --reload
xfdesktop[2362] is already running; assuming --reload
xfdesktop[2363] is already running; assuming --reload
xfdesktop[2364] is already running; assuming --reload
xfdesktop[2369] is already running; assuming --reload
xfdesktop[2366] is already running; assuming --reload
xfdesktop[2371] is already running; assuming --reload
xfdesktop[2367] is already running; assuming --reload
xfdesktop[2376] is already running; assuming --reload
xfdesktop[2372] is already running; assuming --reload
xfdesktop[2375] is already running; assuming --reload
xfdesktop[2377] is already running; assuming --reload
xfdesktop[2379] is already running; assuming --reload
xfdesktop[2381] is already running; assuming --reload
xfdesktop[2378] is already running; assuming --reload
xfdesktop[2380] is already running; assuming --reload
xfdesktop[2382] is already running; assuming --reload
xfdesktop[2383] is already running; assuming --reload
xfdesktop[2384] is already running; assuming --reload
xfdesktop[2385] is already running; assuming --reload
xfdesktop[2386] is already running; assuming --reload
xfdesktop[2387] is already running; assuming --reload
xfdesktop[2390] is already running; assuming --reload
xfdesktop[2388] is already running; assuming --reload
xfdesktop[2389] is already running; assuming --reload
xfdesktop[2391] is already running; assuming --reload
xfdesktop[2393] is already running; assuming --reload
xfdesktop[2394] is already running; assuming --reload
xfdesktop[2392] is already running; assuming --reload
xfdesktop[2395] is already running; assuming --reload
The problem does not occur when using GDM instead of lightdm. I'm grateful for any hints that point me in the right direction to solve this issue - thanks!cle1109 wrote:I have already reported this bug to the lightdm development team (https://bugs.launchpad.net/ubuntu/+sour … ug/1333538), but I'm thinking that it might be an Arch-specific issue.
This happens on all of my school's Ubuntu 12.04 computers and has for two years. -
User!UserID when using custom Authentication in SSRS2012
We are using FormsAuthentication with SSRS2012 for our custom authentication in SSRS2012.
What SSRS code determines User!UserID report expressionwhen using a custom authentication provider?
I ask this because if the FormsAuthCookie.UserName determines the User!UserID value, then I need to use a more unique value than FirstName/LastName when building the forms auth cookie.
thanks
scottHi scott,
UserID is the ID of the user running the report. If you are using Windows Authentication, this value is the domain account of the current user(Domain/username).
The value of User!UserID is determined by the Reporting Services security extension, which enables the authentication and authorization of users or groups; that is, it enables different users to log on to a report server and, based on their identities,
perform different tasks or operations.
By default, Reporting Services uses a Windows-based authentication extension, which uses Windows account protocols to verify the identities of users who claim to have accounts on the system. Reporting Services uses a role-based security system to authorize
users. The Reporting Services role-based security model is similar to the role-based security models of other technologies.
WorkFlow about authentication and authorization occur as follows:
https://msdn.microsoft.com/en-us/library/ms152825.aspx
The user credentials are submitted to the Reporting Services Web service through the
LogonUser method.
This member of the Reporting Services Web service can be used to pass user credentials to a report server for validation. Your underlying security extension implements
IAuthenticationExtension.LogonUser which contains your custom authentication code. In the Forms Authentication sample,
LogonUser, which performs an authentication check against the supplied credentials and a custom user store in a database. An example of an implementation of
LogonUser looks like this:
https://msdn.microsoft.com/en-us/library/ms152899.aspx
If you still have any problem, please feel free to ask.
Regards
Vicky Liu
If you have any feedback on our support, please click
here.
Vicky Liu
TechNet Community Support -
History Attributes when using Custom Authentication Type
assigned all History Attributes (in the Entity Object Editor) to my audit columns.
During run time, I find only Created By is assigned the SYSDATE, and Created On, Modified On, and Modified By are null.
I am using Custom Authentication Type.
I have read that the History Attributes only work the the JAAS authentication type. Appreciate any one confirming this.
Also, how do you implement History Attributes if you are using the Custom Authentication Type? Do you need to write Java code?
Thanks.
JohnHi,
confirmed it only works with container managed authentication performed through JAZN. You can't use this with custom security as otherwise this feature could be overwritten. Still you can provide your own implementation:
- create a custom table
- use the setAttr method on the RowImpl class of a VO to store the username
Frank -
JMS Wrappers can't cache JNDI lookups when using secured queues
Hi All!
We are working on a jms client, inside a webapp(servlets), using Weblogic 9.2 and Weblogic 10.3.
As we want to use secured queues and keep being efficient we tryed to use Weblogic JMS Wrappers, that should work according to the docs:
Enhanced Support for Using WebLogic JMS with EJBs and Servlets
http://download.oracle.com/docs/cd/E12840_01/wls/docs103/jms/j2ee.html
But we are facing a problem:
When we define a JMS Wrapper and try to cache JNDI lookups for the QueueConnectionFactory and Queue, as the docs recommend for efficiency, the connection to the queue is ignoring the user/pwd.
The JMS Wrapper is using <res-auth>Application</res-auth>.
We are creating the connection using createQueueConnection(user, pwd) from QueueConnectionFactory and after several tests it seems that the user and password are ingored unless a jndi lookup is made in the same thread, as if when there are not any thread credentials present user and password are ignored for the connection...
so the question is:
That behaviour goes against Weblogic JMS Wrapper documentation, doesn't it?
Is there then any other way to access efficiently secured queues using a servlet as a client? (iit's not an option for us to use mdbs, or ejbs).
If it helps, this seems related to this still opened spring-weblogic issue: SPR-2941 --> http://jira.springframework.org/browse/SPR-2941 and SPR-4720 --> http://jira.springframework.org/browse/SPR-4720
Thanxs
And here goes our DDs and code to reproduce:
First in pretty format:
web.xml --> http://pastebin.com/f5f85e8d4
weblogic.xml --> http://pastebin.com/f2fbe10cc
Client code --> http://pastebin.com/f586d32d9
And now emmebded in the msg:
web.xml
<?xml version="1.0" encoding="UTF-8"?>
<weblogic-web-app
xmlns="http://www.bea.com/ns/weblogic/90"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.bea.com/ns/weblogic/90
http://www.bea.com/ns/weblogic/90/weblogic-web-app.xsd">
<description>WebLogic Descriptor</description>
<resource-description>
<res-ref-name>jms/QCF</res-ref-name>
<jndi-name>weblogic.jms.ConnectionFactory</jndi-name>
</resource-description>
</weblogic-web-app>weblogic.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="2.4" xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">
<display-name> QCFWrapperCredentialsTest </display-name>
<description> QCFWrapperCredentialsTest </description>
<servlet id="Servlet_1">
<servlet-name>QCFWrapperCredentialsTest</servlet-name>
<servlet-class>QCFWrapperCredentialsTest</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping id="ServletMapping_1">
<servlet-name>QCFWrapperCredentialsTest</servlet-name>
<url-pattern>/Test</url-pattern>
</servlet-mapping>
<resource-ref>
<res-ref-name>jms/QCF</res-ref-name>
<res-type>javax.jms.QueueConnectionFactory</res-type>
<res-auth>Application</res-auth>
<res-sharing-scope>Shareable</res-sharing-scope>
</resource-ref>
</web-app>And our test client:
import java.io.*;
import java.util.Properties;
import javax.jms.*;
import javax.naming.*;
import javax.servlet.http.*;
public class QCFWrapperCredentialsTest extends HttpServlet {
QueueConnectionFactory factory = null;
Queue queue = null;
String jndiName = "java:comp/env/jms/QCF";
String queueName= "jms/ColaEntradaConsultas";
String user = "usuarioColas";
String pwd = "12345678";
String userjndi = "usuarioColas";
String pwdjndi = "12345678";
String serverT3URL="t3://127.0.0.1:7007";
public void init() {
setupJNDIResources();
private void setupJNDIResources(){
try {
Properties props = new Properties();
props.put("java.naming.factory.initial",
"weblogic.jndi.WLInitialContextFactory");
props.put("java.naming.provider.url",serverT3URL );
props.put("java.naming.security.principal", userjndi);// usr
props.put("java.naming.security.credentials", pwdjndi);// pwd
InitialContext ic = new InitialContext(props);
factory = (QueueConnectionFactory) ic.lookup(jndiName);
queue = (Queue) ic.lookup(queueName);
} catch (NamingException e) {
e.printStackTrace();
public void service(HttpServletRequest req, HttpServletResponse res) {
res.setContentType("text/html");
Writer wr = null;
try {
wr = res.getWriter();
//Comment this out, do a lookup for each request and it will work
//setupJNDIResources();
String user = this.user;
String pwd = this.pwd;
//read users and passwords from the request in case they are present
if (req.getParameter("user") != null) {
user = req.getParameter("user");
if (req.getParameter("pwd") != null) {
pwd = req.getParameter("pwd");
wr.write("JNDI User: *" + userjndi + "* y pwd: *" + pwdjndi + "*<p>");
wr.write("Queue User: *" + user + "* y pwd: *" + pwd + "*<p>");
//Obtain a connection using user/pwd
QueueConnection conn = factory.createQueueConnection(user, pwd);
QueueSession ses = conn.createQueueSession(true,
Session.SESSION_TRANSACTED);
QueueSender sender = ses.createSender(queue);
TextMessage msg = ses.createTextMessage();
msg.setText("Hi there!");
conn.start();
sender.send(msg);
ses.commit();
sender.close();
ses.close();
conn.close();
} catch (Exception e) {
e.printStackTrace();
try {
wr.write(e.toString());
} catch (Exception e2) {
e2.printStackTrace();
finally{
try {
wr.close();
} catch (IOException e) {
e.printStackTrace();
}Edited by: user2525402 on Feb 9, 2010 7:14 PMThanks Tom,
Quite a useful response .-)
Leaving aside the fact that weblogic behaviour with jms wrappers and secured queues seems to not be working as the docs says...
Talking about workarounds:
Both workarounds you suggest works, but as you already noted, creating a new JNDI context just to inject credentials into the threads is overkill when high performance is needed.
I also found more information about the same issue here: http://sleeplessinslc.blogspot.com/2009/04/weblogic-jms-standalone-multi-threaded.html
And he suggest the same workaround, injecting credentials
So I tried the second approach, successfully, injecting credentials into the thread using the security API.
This way, using JMS wrappers and injecting credentials into the thread we get the best performance available, caching resource using wrappers and using credentials in a somewhat efficient way.
Now the test snippet looks like this:
import java.io.*;
import java.security.PrivilegedAction;
import java.util.Properties;
import javax.jms.*;
import javax.naming.*;
import javax.security.auth.Subject;
import javax.security.auth.login.LoginException;
import javax.servlet.http.*;
import weblogic.jndi.Environment;
import weblogic.security.auth.Authenticate;
public class JMSWrapperCredentialsTest extends HttpServlet {
QueueConnectionFactory factory = null;
Queue queue = null;
String jndiName = "java:comp/env/jms/QCF";
String queueName= "jms/ColaEntradaConsultas";
String user = "usuarioColas";
String pwd = "12345678";
String userjndi = "usuarioColas";
String pwdjndi = "12345678";
String serverT3URL="t3://127.0.0.1:7007";
public void init() {
setupJNDIResources();
private void setupJNDIResources(){
try {
Properties props = new Properties();
props.put("java.naming.factory.initial",
"weblogic.jndi.WLInitialContextFactory");
props.put("java.naming.provider.url",serverT3URL );
props.put("java.naming.security.principal", userjndi);// usr
props.put("java.naming.security.credentials", pwdjndi);// pwd
InitialContext ic = new InitialContext(props);
factory = (QueueConnectionFactory) ic.lookup(jndiName);
queue = (Queue) ic.lookup(queueName);
} catch (NamingException e) {
e.printStackTrace();
public void service(HttpServletRequest req, HttpServletResponse res) {
final HttpServletRequest fReq=req;
final HttpServletResponse fRes=res;
PrivilegedAction action = new java.security.PrivilegedAction() {
public java.lang.Object run() {
performRequest(fReq,fRes);
return null;
try {
Subject subject=createSingleSubject(serverT3URL,user,pwd);
weblogic.security.Security.runAs(subject, action);
} catch (Exception e) {
e.printStackTrace();
public void performRequest(HttpServletRequest req, HttpServletResponse res) {
res.setContentType("text/html");
Writer wr = null;
try {
wr = res.getWriter();
//Comment this out, do a lookup for each request and it will work
//setupJNDIResources();
String user = this.user;
String pwd = this.pwd;
//read users and passwords from the request in case they are present
if (req.getParameter("user") != null) {
user = req.getParameter("user");
if (req.getParameter("pwd") != null) {
pwd = req.getParameter("pwd");
wr.write("JNDI User: *" + userjndi + "* y pwd: *" + pwdjndi + "*<p>");
wr.write("Queue User: *" + user + "* y pwd: *" + pwd + "*<p>");
//Obtain a connection using user/pwd
QueueConnection conn = factory.createQueueConnection(user, pwd);
QueueSession ses = conn.createQueueSession(true,
Session.SESSION_TRANSACTED);
QueueSender sender = ses.createSender(queue);
TextMessage msg = ses.createTextMessage();
msg.setText("Hi there!");
conn.start();
sender.send(msg);
ses.commit();
sender.close();
ses.close();
conn.close();
} catch (Exception e) {
e.printStackTrace();
try {
wr.write(e.toString());
} catch (Exception e2) {
e2.printStackTrace();
finally{
try {
wr.close();
} catch (IOException e) {
e.printStackTrace();
private Subject createSingleSubject(String providerUrl, String userName, String password) {
Subject subject = new Subject();
// Weblogic env class
Environment env = new Environment();
if(providerUrl!=null)
env.setProviderUrl(providerUrl);
env.setSecurityPrincipal(userName);
env.setSecurityCredentials(password);
try {
// Weblogic Authenticate class will populate and Seal the subject
Authenticate.authenticate(env, subject);
return subject;
catch (LoginException e) {
throw new RuntimeException("Unable to Authenticate User", e);
catch (Exception e) {
throw new RuntimeException("Error authenticating user", e);
}Thanks a lot for the help -
Strange problem when using custom authentication schema
Hello,
I'm building a custom authentication system for the application. Basically, I followed the blog post from Martin: http://www.talkapex.com/2009/03/custom-authentication-status.html
However, the authentication seems working fine at the beginning when running the page 101 from Application Builder and log in, but when I log out from the application (redirect back to page 101) and try to log in with the same credentials, it gives error message "Invalid Login Credentials ". Also, when the application is accessed from public (open page 101 directly using another computer), the authentication doesn't work at all.
Furthermore, I checked the table apex_workspace_access_log and found out that it has "AUTH_SUCCESS" even if using the fake credentials and the login failed (I use "apex_util.set_authentication_result (p_code => 3);" when auth function return false).
I couldn't find the cause of the problem, then I created the same custom authentication in apex.oracle.com. The problem doesn't appear anymore. To make sure they are same, I have double checked the custom authentication in both the development environment and the apex.oracle.com.
This is very strange to me and I don't know where to looking for the problem. Could you give me some advice of what may cause this problem. Thanks in advance!I found the problem myself. The cause is the VPD, the account table has VPD policy applied, which prevented public access.
-
Error in portlets while using Basic Authentication
We have the Portal on the web.Whenever anyone types the URL for the Portal welcome page he is prompted for a
username and a password(facilitated by the Apache Server security by adding the relevant tag in the httpd.conf file).The following is the tag added in the httpd.conf file:-
<Location /servlet>
AuthName "XXX"
AuthType Basic
AuthUserFile "F:/Oracle9iAS/Apache/Apache/bin/users"
require user kiran
</Location>
For a particular user we have added the Exchange portlet on his home page under a tab.Clicking on this particular tab gives the following error when the security is present.
The following error occurred when attempting to call the
initSession of the Web Provider: exchangeprovider_XXX
ORA-29532: Java call terminated by uncaught Java exception:
java.lang.UnsatisfiedLinkError: no oraawt in
java.library.path
However on removal of the security the same Exchange portlets is displayed without any errors.
Any help on the above would be welcome.
Thanks in advance.
Regds.
Kiran.Please check the OSS note below and install the mentioned patch accordingly:
[Note 1278687 - Exception in the IDocXMLProcessor (IDOC_ERROR_PARSE_FAILURE)|https://websmp230.sap-ag.de/sap(bD1wdCZjPTAwMQ==)/bc/bsp/spn/sapnotes/index2.htm?numm=1278687]
If it persists, check if are there any mapping errors on the Audit Logs for the failed message.
Maybe you are looking for
-
How do you export a pdf from acrobat dc to dropbox on a mac
I have been using dropbox for years and have never had a problem exporting a pdf to it until I got Adobe Acrobat DC. Please tell me how to export to a dropbox file.
-
How to prevent multiple purchases under one account
how do you make sure kids dont purchase songs already under my library? We have three people buying songs from different devices under one credit card. Thanks, Julie
-
Hi. I am using the iPhone 4S and when I'm searching for places using Google it does not automatically detect my location. How do I change this? FYI...under settings i
-
Item Number in Dynamic Table Quirk
I'm a new LC user, ramping up to speed on this package, thanks to everyone for the useful information here and other places. Using the great advice and info here, http://www.assuredynamics.com/wp-content/uploads/2010/11/Assure-Dynamics-Building-dynam
-
My phone has just developed the following problem: about every 5 seconds, the display goes blank (the backlight keeps on, if it was on), but I can see the flashing with backlight off. With the power save mode on, the display flashes quickly. The phon