Portal Security with existing JSP Applications

Similar Messages

• How to use Portal SSO with existing BSP application

  Hi all,
  we run SAP EP 6.0 here and have a single start BSP page of
  an application integrated with the SAP appintegrator for BSP. The rest of the existing BSP application still uses
  the login functionality based on CL_BSP_LOGIN_APPLICATION
  and is not integrated in the portal.
  Problem: If a user directly accesses one of the "old" BSP pages, he should be redirected to the portal to auth. him via SSO and afterwards the original BSP page with all its parameters should be processed.
  How to deal with that? Is there a similar mechanism like with the BSP_LOGIN_APP in between for the SAP EP?
  Thanks for your help!
  -RAINER-

  I think that doesnt solve the problem.
  I have 2 systems: SAP ECC with all BSPs and the portal on another system. So I have to entry points: Via portal using the appIntegrator BSP or directly to the ECC.
  As-is: If the auth. for the BSP appl. fails, the user is re-directed via the error page given in the service (SICF)
  to a BSP login app. and from there to the requested page.
  No portal in this concept.
  Must-be: A user is still able to directly access a BSP on the SAP ECC by entering the URL in the browser. It's not a must entering via the portal first.
  So when the login failed on the ECC (no SSO ticket), he should be redirected to the portal for getting his SSO.
  After he signed in successfully the user will be forwarded to the BSP page he entered in the browser the first place.
  I can't see a way to use the URL iView. I am thinking of simply changing the login mechanism of the BSP using the portal login functionality.
  The link you gave me offers an implementation of CL_ICF_SYSTEM_LOGIN. Any ideas?
  Regards,
  -RAINER-

• Use Sun Java Studio 2 with Existing Java Application

  I have started using Sun Java Studio 2 and having fun and little difficulty creating a new Java web application from scatch. My question is where do I find information on Java Studio configuration to allow Java Studio to load up and modify Java server pages/forms in an existing Java application that I did not write?
  The Java application has been created with Javabeans and using BEA Weblogic version 7, with a SQL-Server 2000 database backend.
  Below is a bit of code out of one of the main Java forms.
  <%@ page buffer="256kb" autoFlush="false" errorPage="../../common/system/error.jsp"
  import="psdi.jsp.beans.*, psdi.jsp.common.*, psdi.jsp.app.wotrack.*, psdi.jsp.util.* , psdi.mbo.* , psdi.util.* "%>
  I have looked around and have not found what I need to setup in Java Studio to allow me to load up a form and view it in the Visual designer, I keep getting errors on the psdi. references and cannot load up any pages.
  I see on the server install ia folder under the main root <DIR> called <apps>, and inside the <apps> folder is a folder called <jsp> and in the <jsp> folder are sub folders for each main module within the application with all the related .jsp files. I have been manually editing the .jsp files using Windows Notpad and saving the changes. Then I rebuild the .ear file and my changes work fine. Since I have a lot of changes to make there has to be a better way than using Notpad.
  My hope is somewhere is a point-by-point document on what to so I can use Sun Java Studio 2 to make my changes in a visual IDE.
  Any assistance would really be appreciated.

  Hi Giri,
  Yep, this I know,b ut when I do I get errors messages and am looking for some form of point-bypoint instuction that better explains how to setup up custom libraries in Sun Java Studio, custom tags, etc.

• Security in an jsp application using BIBeans

  Hi all,
  We are developing a system with BIB to access OLAP 9.2.0.5. We need to implement some access rules at database level, i.e. user 1 can read levels 1, 2 and 3 of a hierarchical dimension, but user 2 can only read level 3. We do not know how to pass this database rules to BI catalog user, or replace this BI user with database connection information, to have more than one different user connection accessing the system. Anyone can help me?
  thanks in advance,
  Alexandre Martins - Commit Consultores - Brazil

  We are developing a jsp application with TAG libraries
  Ex.:
  <orabi:BIThinSession id="BIThinSession1" configuration="/Project1BIConfig1.xml" >
  <orabi:Presentation id="untitled1_Presentation1" location="Presentation1" />
  </orabi:BIThinSession>
  <FORM name="BIForm">
  <!-- Insert your Business Intelligence tags here -->
  <orabi:Render targetId="untitled1_Presentation1" parentForm="BIForm" />
  <%-- The InsertHiddenFields tag adds state fields to the parent form tag --%>
  <orabi:InsertHiddenFields parentForm="BIForm" biThinSessionId="BIThinSession1" />
  </FORM>
  This application hás a login screen, where the user will pass his database username and password, which corresponds equally to a user of same name at the BI Beans catalog.
  Here is the moment that we face the Problem: We can not change the user to switch to the database user. The catalog user is switched by BIUser().
  Workarounds performed:
       1 – We created a ConnectionProvider class to establish the connection with the properties and another class - AuthenticationProvider - to pass parameters to the connection.
            Problem: Could not pass parameters to Application Authentication class. Tried to force application to connect to authentication or vice-versa to pass username that was informed at login screen but this does not work.
       Ex.: trying to set this classes at configuration file (.xml).
       User “ALEX” has database access (OLAP , MOLAP) and catalog access .
  public class AuthenticationProvider implements oracle.dss.security.AuthenticationProvider {
  public void authenticate(Hashtable properties) throws BISecurityException {
  properties.put(“user_name”, “ALEX”);
  properties.put(“password”, “ALEX_1”);
  public class ConnectionProvider implements oracle.dss.security.ConnectionProvider {
  public Object connect(Hashtable properties) throws BISecurityException {
  Connection conn = null;
  try {
  DriverManager.registerDriver(new OracleDriver());
  String sUSER = properties.get("user_name").toString();
  String sPW = properties.get("password").toString();
  String connStr = "";
  if(properties.get("jdbctype").equals("thin")) {
  connStr = "jdbc:oracle:thin:@" +
  properties.get("hostname") + ":" +
  properties.get("port") + ":" +
  properties.get("sid");
  conn = (Connection)DriverManager.getConnection(connStr, sUSER, sPW);
  catch(Throwable t) { throw new BISecurityException("Erro na conexão!", t); }
  return conn;
       2 – Tried to get configuration through session searching all the connections and changing user to desired connection (in this case “thin”, MM.MDM) and reconnecting or disconnecting and reconnecting again.
  At this point, debugged the database connection and could see that username actually changed, but when the program reached the open presentation TAG received an error because TAG could not understand the connection.
       Ex.: This is in between session TAG
  <orabi:BIThinSession id="BIThinSession1" configuration="/Project1BIConfig1.xml" >
  <%
  ManagerFactory mf = BIThinSession1.getManagerFactory();
  MetadataManager mdm = null;
  if (mf != null) {
  mdm = (MetadataManager) mf.lookupManager(
  ManagerFactory.METADATA_MANAGER, null, true);
  if (mdm != null) {
  try {
  int iAttachStatus = mdm.getAttachStatus();
  if ((iAttachStatus != MM.ATTACHED) &&
  (iAttachStatus != MM.ATTACHING))
  mdm.attach();
  Connection[] connectionArray = mdm.getConnections();
  if (connectionArray != null) {
  int count = connectionArray.length;
  for (int index = 0; index < count; index++) {
  String driverType = connectionArray[index].getDriverType();
  if ( (driverType != null) &&
  (driverType.equals(MM.MDM)) &&
  (connectionArray[index].isConnected()) ) {
  if(driverType.equals(MM.MDM)) {
  connectionArray[index].setUsername("ALEX");
  connectionArray[index].setPassword("ALEX_1");
  connectionArray[index].reconnect(connectionArray[index].getPropertyBag());
  catch (Exception ex) {
  ex.printStackTrace(); // just for demo purpose
  %>
  <orabi:Presentation id="untitled1_Presentation1" location="Presentation1" />
  </orabi:BIThinSession>

• Integration with existing business applications

  Hi, could anyone share with us in what way OBIEE is commonly integrated into our existing business applications?
  By a linked page embedded or just let users log in to dashboard or any by api or by webservice or any others?
  Thanks!

  Hi
  please refer following links, so that you can get some understanding in using SOAP API of OBIEE with other technology(Java/PHP) web applications...
  http://oraclebizint.wordpress.com/2007/07/31/customizing-obi-ee-soap-api/
  http://gerardnico.com/wiki/ide/eclipse/eclipse_how_to_consume_a_webservice_with_wtp
  check below url in your local installation to see what are the web service methods available for you to communicate..
  http://localhost:9704/analytics/saw.dll?WSDL
  for a simple and easy way 'gourl' functionality can be used..but necessary care to be taken as you pass your username and password in url parameters..
  check below tutorial..
  http://oraclebizint.wordpress.com/2007/07/30/customizing-obi-ee-%E2%80%93-go-url-parameters/
  hope thats solves your problem!
  -Niranjan K

• Using portal security with reports

  Can anyone let me know how to use portal for security in reports? Any documents where I can find the info.? Pls. help!!

  Check this link
  http://download-uk.oracle.com/docs/html/B10314_01/pbr_sec_arch.htm#1004903
  HTH
  Vinayak

• How can I port an existing Tomcat (JSP) application in SAP Netweaver 2004s

  Hi All,
  I want to port an existing JSP application (using Tomcat as Web server) in SAP Web AS 6.40.
  Please any one suggest me.
  Eagerly looking forward to your reply......
  Thanks and Regards
  Avijit Dhar

  Hi,
  The maximum number of work processes depends on several things like the below.
  1)  Majorly on Your primary Memory
  2)  Hardware capacity
  3)  Operating systems
  4)  SAP version as well...
  You need to calculate the work processes with your primary memory.
  Every work process should take 150 mb space on memory.. so you need to increase the work processes that should be campatible with your primary memory.
  And please read the OSS notes as suggested by our frnds then go ahead with your rquirement.
  -Srini

• IP based security with JSP?

  Hi,
  How easy/hard would it be to implement IP based security in a JSP application? I.e. We want to restrict the IP addresses that can access our application.
  Is this something that can be done in the web.xml using the security contraints??
  Or is it much more ocmplex than this?
  (We want to prevent our customer from sharing the application with third-parties, so we can not rely on a firewall based approach)
  Thanks

  Well, for Apache, it's easier. I think for Location to work, you need virtual directories set up. I could be wrong... Or try using Directory intead of Location. I recall Location was for something special... but I forget the details. For Apache/Tomcat, I've usually used aliases to handle directories...
  Alias /ITMS "ITMS_HOME/tools/tomcat/jakarta-tomcat-4.0.3/webapps/ITMS"
  <Directory "ITMS_HOME/tools/tomcat/jakarta-tomcat-4.0.3/webapps/ITMS">
  AllowOverride None
  Options Indexes
  Order allow,deny
  Allow from all
  ExpiresActive On
  ExpiresByType application/octet-stream "access plus 7 days"
  ExpiresByType image/gif "access plus 7 days"
  ExpiresByType image/jpeg "access plus 7 days"
  ExpiresByType text/x-javascript "access plus 0 seconds"
  ExpiresByType text/css "modification plus 7 days"
  ExpiresByType text/html "access plus 0 seconds"
  ExpiresByType text/vnd.wap.wml "access plus 0 seconds"
  ExpiresDefault "now plus 1 month"
  </Directory>
  You can set up deny's from IP or IP range or domain.
  Deny from .domain.com
  Deny from 123.232.123.33
  Deny from 123.232.124.

• Integrating existing UI application with BPM workflow

  Hello ,
  We want to integrate the oracle BPM workflow with existing UI application (developed in JSP) , Question is how do i map human task from BPM process to existing UI JSP pages/modules .
  a sample module from application is like below -
  Application has two roles - Operator and Approver and UI pages for both roles are already created .
  Now from first UI page (using Operator role ) user will submit a request and then it should go and invoke the BPM workflow .I can do this using web service (BPM process exposed as web service ) .
  Now next step is where i have a problem - Assigning this request to another role - in BPM workflow i can create a Human task and assign role there but how do map
  this HT to my existing UI pages .
  Let me know if i am not clear on question .
  Thank You
  Rupesh
  Rupesh

  Hi Rupesh. If you want to integrate the oracle BPM workflow with existing UI application, you should see the Oracle SOA Suite 11g Handbook, in the Chapter 20. I'm sorry for don't gieve you the link. I found that book very helpful. Regards.

• Integrating existing Web application with Oracle Portal

  Hi,
  I have an existing application which is purely written in servlets and which is in use for quite some time. I have a requirement now of moving this application onto the Oracle Portal.
  I was just wondering if we have any quick meanse of doing this or we have to re develop from scratch in oracle Portal server(ByDefining page, Page templates..etc).
  Advance thanks for your help
  Thanks
  Sreedhar

  What do you mean with "moving this application onto the Oracle Portal"?
  The best expedite way is use in the portal a LINK that direct your users to the actual app.
  Another quick thing you could do is use the IFRAME TAG (only works in IE). This way you can embed your app in Portal (show it in some area in portal)
  Then comes the complex things:
  - You can activate SSO to your applications ( which is not THAT difficult)
  - You can PORTLATIZATE your app, this doesn't means that you have to rewrite all, but still you need to write in a "Oracle Java Way" some thing to get it work..
  You can see this link if you're using portal 10.1.2:
  http://download-east.oracle.com/docs/cd/B14099_19/portal.1012/b14134/pdg_java_intro.htm

• Portal Integration of an existing Web Application

  Dear all,
  we are preparing for the pbnw certification. Our way is to deploy our existing web application on the J2EE engine and make it accessible via the portal, i.e. where are taking the certification scenarios J2EE-DEP and BP-EP.
  Up to now, my idea is to integrate the web surface of our application into the portal as far as this is possible without too much effort. Alternatively it would be possible to access our application via an URL-iView however to my feeling this is not a real integration. Did I get things right assuming that would meet the requirements for pbnw certification?
  I read that it is necessary to follow the portal's look and feel by applying SAP's CSS. Does anyone know where to obtain these? And what is the easiest way to replace the currently used stylesheets by them?
  Millions of questions...
  Thanks a lot!
  Regards,
  Angela Grüner.

  Dear Angela
  Please have a look at the following Weblog link which gives a detailed description of the method to create a URL iView using Application Integrator:
  /people/markus.pfeffer/blog/2005/12/14/integrating-your-web-front-ends-into-the-sap-enterprise-portal-using-the-application-integrator
  If you adopt this method to create the URL iView, then it meets the requirement for EP-BP Certification.
  The blog also includes an example of HTML code with applied SAP CSS. Please go through this section to implement EP look and feel.
  Hope this helps!
  Regards
  Atima

• Want to install BI 7.0  on existing portal system with oracle Solaris 10

  Hi gurus
  I want to install (BI 7.0, solaris10, oracle) system on existing portal system with oracle and solaris 10 OS....
  kindly let me know the how to add and create the project in already existing system for new BI system...is there any specific or need to care ful to install one more system on the same instance..
  Thanks in  advance

  Hi balaji,
  If you portal version is 7 then proceed as follows.
  BI 7.0 required ABAP and Java engine.
  You can install the ABAP part alone and then use the existing portal that you have currently for BI also.
  Apply the BI-JAVA related support packs in the portal.
  Establish the connectivity between BI-EP as it is required for BEx Web application.
  For establishing the connectivity refer
  https://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/00c4742a-3a4b-2b10-b4ae-b03d08bcde6e
  Use this following link for reference for further reference.
  https://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/004e5f27-374b-2b10-4da9-894986fd04c7
  regards,
  chandru.

• Are JSP applications Secure ????

  Hi all,
  We develop software based on the J2EE, and the products we develop come with a licensing, so even though we plan to give the entire source code to the client, for more number of user licenses the client has to contact us. In such a scenario, and development being based on JSP core, and we giving the code to the client, it is highly insecure that the code can be easily De-compiled and the code which handles the licensing stuff be commented out or removed. Under such circumstances, how are we to build secure JSP applications. Is there any other alternative to this apart from code obfuscation ? Can code obfuscation be done to JSP pages too, and how secure is it going to be since ultimately i can get the code from the servlet inside the work folder of the servlet / jsp container ?
  Can anyone throw some light on this ?
  Cheers,
  -Prashant.

  Hi Cetin & Grant,
  I do agree with you both, but dont we as developers
  anticipate such things and plan for it well ahead. If
  that is the case then if it is going to be a crime
  free world out there then why do we need all these
  security & protection mechanisms. I guess my message
  was misunderstood or rather what I wanted to say wasnt
  properly given in words ?No, I understood - I just disagree that there's a Java-specific problem here.
  Let me restate what I actually wanted to know, let us
  take for example an application created using
  Microsoft technologies, as I am going to distribute it
  in binary form or an executable form, the person who
  buys it from me cannot re-engineer it that easily as
  compared to a java-based application. This is due to
  the fact that De-compilers are very easily available
  nowadays which can easily help in re-engineering,
  under such circumstances as Java Developers is it not
  our duty to find out alternate measures to handle such
  occurances.The key disagreement I have with you, I guess, centers on the phrase "distribute it in binary form or an executable form, the person who buys it from me cannot re-engineer it that easily". I will point out that (speaking of Microsoft products) Microsoft Office and Windows itself are quite possibly the most-pirated applications in existence - and neither is written in Java. Both are typically available in pirated versions within days of being released (sometimes even before release!).
  Piracy via decompiling has been happening for decades. I have, in fact, watched someone break a license-based protection scheme on a compiled binary in about 30 minutes, using nothing more than a debugger and a hex-editor.
  You should probably obfuscate your code, yes. You should probably have a licensing scheme, yes. You should almost certainly not spend very many machine- or thought-cycles on it - the best you can do is deter the "casual thief". And it's not a problem caused by, nor even exacerbated much by, Java. Some very bright people in our industry have spent a lot of time working on preventing piracy - and we've failed.
  Am I missing anything here. Does Sun provide any
  explanation to this, like kind of using code
  obfuscators etc.Obfuscation helps, yes. Try Google and search for "java obfuscator"; there are a number of them out there.
  That you're planning on giving your source to your customers makes the problem even more exciting. My take would be, don't spend more than a week on designing and implementing whatever scheme you come up with. That should be sufficient to protect your product from most customers (because most customers are, in fact, honest!) Sprinkle copyright notices liberally throughtout your code, and in the bytecode as well (think compiled-in "public static final String copyright = "blah blah blah 2003";"). Make sure your license agreement mentions draconic penalties for theft. Then, make sure that your product delivers good value for the dollar, and is dead easy to install and run legally. This is about the best you can do.
  Your stuff will be used illegally - but the goal is to keep that down to levels that are manageable (i.e., profitable for you and your company).
  Good luck!
  Grant

• Problems with Complete Bi JSP Application.

  Hello.
  I can see perfectly my presentation, it connect with database perfectly, but when i creacte a complete bi Jsp Application to incorporate this Bi Bean Object , i have this problem.
  It generate a exception in MetadataManager and cannot connect with database.
  Could anybody help me?
  Thanks a lot.
  BIB-18007 Se ha producido una excepción de MetadataManager. BIB-10100 No se puede conectar a la base de datos. (Motivo: Consulte el error oracle.i1) BIB-16601 No se puede conectar a la base de datos. (Motivo: Consulte el error oracle.i1) oracle.i18n.util.builder.UnicodeMapChar oracle.i18n.util.builder.UnicodeMapChar
  Rastreo de pila
  javax.servlet.jsp.JspException: BIB-18007 Se ha producido una excepción de MetadataManager.
  BIB-10100 No se puede conectar a la base de datos. (Motivo: Consulte el error oracle.i1)
  BIB-16601 No se puede conectar a la base de datos. (Motivo: Consulte el error oracle.i1)
  oracle.i18n.util.builder.UnicodeMapChar
  oracle.i18n.util.builder.UnicodeMapChar
  at oracle.dss.addins.jspTags.PresentationTag.doStartTag(PresentationTag.java:293)
  at Analyze1.jspService(Analyze1.jsp:12)
  at com.orionserver.http.OrionHttpJspPage.service(OrionHttpJspPage.java:56)
  at oracle.jsp.runtimev2.JspPageTable.service(JspPageTable.java:347)
  at oracle.jsp.runtimev2.JspServlet.internalService(JspServlet.java:509)
  at oracle.jsp.runtimev2.JspServlet.service(JspServlet.java:413)
  at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
  at com.evermind.server.http.ResourceFilterChain.doFilter(ResourceFilterChain.java:65)
  at oracle.security.jazn.oc4j.JAZNFilter.doFilter(Unknown Source)
  at com.evermind.server.http.ServletRequestDispatcher.invoke(ServletRequestDispatcher.java:649)
  at com.evermind.server.http.ServletRequestDispatcher.forwardInternal(ServletRequestDispatcher.java:322)
  at com.evermind.server.http.HttpRequestHandler.processRequest(HttpRequestHandler.java:790)
  at com.evermind.server.http.HttpRequestHandler.run(HttpRequestHandler.java:270)
  at com.evermind.server.http.HttpRequestHandler.run(HttpRequestHandler.java:112)
  at com.evermind.util.ReleasableResourcePooledExecutor$MyWorker.run(ReleasableResourcePooledExecutor.java:186)
  at java.lang.Thread.run(Thread.java:534)

  This usually implies the JSP application cannot connect to the database listed in your runtime configuration setting of your BIDesigner.
  In the BIDesigner check to see how the runtime connection is configured. There are two options:
  a) Use design settings - this will use the local catalog in your JDev project
  b) you can create a specify a BIDesigner connection and a corresponding BI Catalog connection
  If you are using option (b) then make sure your presentation is copied to the BI Catalog. Then test all the connections including the catalog connection listed on the runtime settings tab of the BIDesigner.
  Hope this helps
  Business Intelligence Beans Product Management Team
  Oracle Corporation

• Public JSP application in Portal

  Hi
  I have one jsp application of consult db, how wake up in portal?, and what directory set jsp application?.
  I tried wake up my jsp aplication in Content Area who Java Application, but send me follow error:
  AppLoader Error
  An error occurred while processing this request :
  The page cannot be found. Please check your jar file and make sure that the requested page is there.
  Thanks for advance.

  not at all - we're doing the same. We've copied the libraries into out web applications library area and start iFS services to allow iFS interaction through the web app. I guess storing the JSP's in iFS might be an idea instead of something like CVS or SourceSafe as it's secure and (probably) being backed up through database backup policies. You could then use some process to publish that to the app server using something like Ant, but certainly you dont need to run a web application using the iFS sile system as the root for your web application.