Programmatic access to Login Module instances
Does anyone know how, through code, to access (via JAAS or SAP APIs - prefer JAAS) configured Login Module instances?
I want to retrieve a list of LoginModule instances or LoginModule names.
Thanks.
James Walkup
MomentumSI Inc
Hi,
There are different ways. as you said You can either drop it in jre/lib folder or a clsspath setting will do.
But some times the server will not be able to catch up those libs so You can set the path to these libs in config tool. This will ensure the server will take these libs for sure.
If you have set the classpath NWDS will take this reference
Similar Messages
-
Login module BasicPasswordLoginModule
Hi all!
I need to configure a Web application on the SAP J2EE engine to use BasiPasswordLoginModule, so it could ask for user and pasword, but it doesn´t work.
I have configured it in the visual adminstrator Security Provider Service, and I have write this code in my servlet
LoginContext lc;
try{
lc = new LoginContext("sap.com/belma4asdfEAR*belma4asdf");
lc.login();
}catch(LoginException le){
PrintWriter pw = response.getWriter();
pw.print(le.getMessage());
pw.print("
pw.print(le.getCause());
pw.flush();
return;
It produces the output
Access Denied.
com.sap.engine.services.security.exceptions.BaseSecurityException: Internal server error. An error log with ID is created. For more information contact your system administrator.
Access Denied.
com.sap.engine.services.security.exceptions.BaseLoginException: Access Denied.
at com.sap.engine.services.security.login.FastLoginContext.login(FastLoginContext.java:233)
at com.sap.engine.system.SystemLoginModule.login(SystemLoginModule.java:90)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:324)
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:675)
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:129)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:610)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.login.LoginContext.invokeModule(LoginContext.java:607)
at javax.security.auth.login.LoginContext.login(LoginContext.java:534)
at eds.hcenergia.pruebas.belma.Belma.process(Belma.java:53)
at eds.hcenergia.pruebas.belma.Belma.doGet(Belma.java:20)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:740)
It looks like if it was trying to access another login module, instead of the BasicPasswordLoginModule.
Do I need any other configuration?
Thank in advance,Thanks bvr, but that´s not the problem.
As I´m using a standard login module, there is no problem with the class loader.
I have found that I was wrong, because I found in a log that the BasicPasswordLoginModule is been called, an ended with an error.
There is an entry in the log with the exception:
Caught java.lang.NullPointerException
at com.sap.engine.services.security.resource.ResourceHandleImpl.listResources(ResourceHandleImpl.java:49)
at com.sap.engine.services.security.resource.ResourceContextImpl.getResourceAliases(ResourceContextImpl.java:147)
at com.sap.engine.services.security.remoteimpl.resource.RemoteSecurityResourcesImpl.getResourceAliases(RemoteSecurityResourcesImpl.java:131)
at com.sap.engine.services.security.remoteimpl.resource.RemoteSecurityResourcesImplp4_Skel.dispatch(RemoteSecurityResourcesImplp4_Skel.java:128)
at com.sap.engine.services.rmi_p4.DispatchImpl._runInternal(DispatchImpl.java:304)
at com.sap.engine.services.rmi_p4.DispatchImpl._run(DispatchImpl.java:193)
at com.sap.engine.services.rmi_p4.server.P4SessionProcessor.request(P4SessionProcessor.java:122)
at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
at java.security.AccessController.doPrivileged(Native Method)
at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:100)
at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:170)
Then, another entry saying:
"Login module com.sap.engine.services.security.server.jaas.BasicPasswordLoginModule from authentication stack basic errors while authenticating the caller. Most probably the authentication stack is not set up correctly."
And finally an entry with the exception I have copy above in the post.
Thanks in advance for any answer. -
Help - using custom login module with embedded jdev oc4j to access ejb 3
Hi All (Frank ??),
I'm just wondering if anyone has successfully been able to leverage a custom login module in combination
with a client that connects to a local EJB 3 stateless session bean through Jdeveloper 10.1.3.2's embedded oc4j.
I have spent 2+ days trying to get this to work - and i think I resound now to the fact im going to
have to deploy to oc4j standalone instead.
I got close.. but finally was trumped with the following error from the client trying to access the ejb:-
javax.naming.NoPermissionException: Not allowed to look up XXXXXX, check the namespace-access tag
setting in orion-application.xml for details.
Using the various guides available, I had no problem getting the custom login module working
with a local servlet running from JDev's embedded oc4j.. however with ejb - no such luck.
I have a roles table (possible values Member, Admin) - that maps to sr_Member and sr_Admin
respectively in various config files.
I'm using EJB 3 annotations for protecting methods .. for example
@RolesAllowed("sr_Member")
Steps that I had to do so far :-
In <jdevhome>\jdev\system\oracle.jwee.10.1.3.40.66\embedded-oc4j\config\system-jazn-data.xml1) Add custom login module
<application>
<name>current-workspace-app</name>
<login-modules>
<login-module>
<class>kr.security.KnowRushLoginModule</class>
<control-flag>required</control-flag>
<options>
<option>
<name>dataSource</name>
<value>jdbc/DB_XE_KNOWRUSHDS</value>
</option>
<option>
<name>user.table</name>
<value>users</value>
</option>
<option>
<name>user.pk.column</name>
<value>id</value>
</option>
<option>
<name>user.name.column</name>
<value>email_address</value>
</option>
<option>
<name>user.password.column</name>
<value>password</value>
</option>
<option>
<name>role.table</name>
<value>roles</value>
</option>
<option>
<name>role.to.user.fk.column</name>
<value>user_id</value>
</option>
<option>
<name>role.name.column</name>
<value>name</value>
</option>
</options>
</login-module>
</login-modules>
</application>2) Grant login rmi permission to roles associated with custom login module (also in system-jazn-data.xml)
<grant>
<grantee>
<principals>
<principal>
<realm-name>jazn.com</realm-name>
<type>role</type>
<class>kr.security.principals.KRRolePrincipal</class>
<name>Admin</name>
</principal>
</principals>
</grantee>
<permissions>
<permission>
<class>com.evermind.server.rmi.RMIPermission</class>
<name>login</name>
</permission>
</permissions>
</grant>
<grant>
<grantee>
<principals>
<principal>
<realm-name>jazn.com</realm-name>
<type>role</type>
<class>kr.security.principals.KRRolePrincipal</class>
<name>Member</name>
</principal>
</principals>
</grantee>
<permissions>
<permission>
<class>com.evermind.server.rmi.RMIPermission</class>
<name>login</name>
</permission>
</permissions>
</grant>3) I've tried creating various oracle and j2ee deployment descriptors (even though ejb-jar.xml and orion-ejb-jar.xml get created automatically when running the session bean in jdev).
My ejb-jar.xml contains :-
<?xml version="1.0" encoding="utf-8"?>
<ejb-jar xmlns ....
<assembly-descriptor>
<security-role>
<role-name>sr_Admin</role-name>
</security-role>
<security-role>
<role-name>sr_Member</role-name>
</security-role>
</assembly-descriptor>
</ejb-jar>Note- i'm not specifying the enterprise-beans stuff, as JDev seems to populate this automatically.
My orion-ejb-jar.xml contains ...
<?xml version="1.0" encoding="utf-8"?>
<orion-ejb-jar ...
<assembly-descriptor>
<security-role-mapping name="sr_Admin">
<group name="Admin"></group>
</security-role-mapping>
<security-role-mapping name="sr_Member">
<group name="Member"></group>
</security-role-mapping>
<default-method-access>
<security-role-mapping name="sr_Member" impliesAll="true">
</security-role-mapping>
</default-method-access>
</assembly-descriptor>My orion-application.xml contains ...
<?xml version="1.0" encoding="utf-8"?>
<orion-application xmlns ...
<security-role-mapping name="sr_Admin">
<group name="Admin"></group>
</security-role-mapping>
<security-role-mapping name="sr_Member">
<group name="Member"></group>
</security-role-mapping>
<jazn provider="XML">
<property name="role.mapping.dynamic" value="true"></property>
<property name="custom.loginmodule.provider" value="true"></property>
</jazn>
<namespace-access>
<read-access>
<namespace-resource root="">
<security-role-mapping name="sr_Admin">
<group name="Admin"/>
<group name="Member"/>
</security-role-mapping>
</namespace-resource>
</read-access>
<write-access>
<namespace-resource root="">
<security-role-mapping name="sr_Admin">
<group name="Admin"/>
<group name="Member"/>
</security-role-mapping>
</namespace-resource>
</write-access>
</namespace-access>
</orion-application>My essentially auto-generated EJB 3 client does the following :-
Hashtable env = new Hashtable();
env.put(Context.SECURITY_PRINCIPAL, "matt.shannon");
env.put(Context.SECURITY_CREDENTIALS, "welcome1");
final Context context = new InitialContext(env);
KRFacade kRFacade = (KRFacade)context.lookup("KRFacade");
...And throws the error
20/04/2007 00:55:37 oracle.j2ee.rmi.RMIMessages
EXCEPTION_ORIGINATES_FROM_THE_REMOTE_SERVER
WARNING: Exception returned by remote server: {0}
javax.naming.NoPermissionException: Not allowed to look
up KRFacade, check the namespace-access tag setting in
orion-application.xml for details
at
com.evermind.server.rmi.RMIClientConnection.handleLookupRe
sponse(RMIClientConnection.java:819)
at
com.evermind.server.rmi.RMIClientConnection.handleOrmiComm
andResponse(RMIClientConnection.java:283)
....I can see from the console that the user was successfully authenticated :-
20/04/2007 00:55:37 kr.security.KnowRushLoginModule validate
WARNING: [KnowRushLoginModule] User matt.shannon authenticated
And that user is granted both the Admin, and Member roles.
The test servlet using basic authentication correctly detects the user and roles perfectly...
public void doGet(HttpServletRequest request,
HttpServletResponse response)
throws ServletException, IOException
LOGGER.log(Level.INFO,LOGPREFIX +"doGet called");
response.setContentType(CONTENT_TYPE);
PrintWriter out = response.getWriter();
out.println("<html>");
out.println("<head><title>ExampleServlet</title></head>");
out.println("<body>");
out.println("<p>The servlet has received a GET. This is the reply.</p>");
out.println("<br> getRemoteUser = " + request.getRemoteUser());
out.println("<br> getUserPrincipal = " + request.getUserPrincipal());
out.println("<br> isUserInRole('sr_Admin') = "+request.isUserInRole("sr_Admin"));
out.println("<br> isUserInRole('sr_Memeber') = "+request.isUserInRole("sr_Member"));Anyone got any ideas what could be going wrong?
cheers
Matt.
Message was edited by:
mshannonThanks for the response. I checked out your blog and tried your suggestions. I'm sure it works well in standalone OC4J, but i was still unable to get it to function correctly from JDeveloper embedded.
Did you ever get the code working directly from JDeveloper?
Your custom code essentially seems to be the equivalent of a grant within system-jazn-data.xml.
For example, the following grant to a custom jaas role (JAAS_ADMIN) that gets added by my custom login module gives them rmi login access :-
<grant>
<grantee>
<principals>
<principal>
<realm-name>jazn.com</realm-name>
<type>role</type>
<class>kr.security.principals.KRRolePrincipal</class>
<name>JAAS_Admin</name>
</principal>
</principals>
</grantee>
<permissions>
<permission>
<class>com.evermind.server.rmi.RMIPermission</class>
<name>login</name>
</permission>
</permissions>
</grant>If I add the following to orion-application.xml
<!-- Granting login permission to users accessing this EJB. -->
<namespace-access>
<read-access>
<namespace-resource root="">
<security-role-mapping>
<group name="JAAS_Admin"></group>
</security-role-mapping>
</namespace-resource>
</read-access>Running a standalone client against the embedded jdev oc4j server gives the namespace-access error.
I tried out your code by essentially creating a static reference to a singleton class that does the role lookup/provisioning with rmi login grant :-
From custom login module :-
private static KRSecurityHelper singleton = new KRSecurityHelper();
protected Principal[] m_Principals;
Vector v = new Vector();
v.add(singleton.getCustomRmiConnectRole());
// set principals in LoginModule
m_Principals=(Principal[]) v.toArray(new Principal[v.size()]);
Singleton class :-
package kr.security;
import com.evermind.server.rmi.RMIPermission;
import java.util.logging.Level;
import java.util.logging.Logger;
import oracle.security.jazn.JAZNConfig;
import oracle.security.jazn.policy.Grantee;
import oracle.security.jazn.realm.Realm;
import oracle.security.jazn.realm.RealmManager;
import oracle.security.jazn.realm.RealmRole;
import oracle.security.jazn.realm.RoleManager;
import oracle.security.jazn.policy.JAZNPolicy;
import oracle.security.jazn.JAZNException;
public class KRSecurityHelper
private static final Logger LOGGER = Logger.getLogger("kr.security");
private static final String LOGPREFIX = "[KRSecurityHelper] ";
public static String CUSTOM_RMI_CONNECT_ROLE = "remote_connect";
private RealmRole m_Role = null;
public KRSecurityHelper()
LOGGER.log(Level.FINEST,LOGPREFIX +"calling JAZNConfig.getJAZNConfig");
JAZNConfig jc = JAZNConfig.getJAZNConfig();
LOGGER.log(Level.FINEST,LOGPREFIX +"calling jc.getRealmManager");
RealmManager realmMgr = jc.getRealmManager();
try
// Get the default realm .. e.g. jazn.com
LOGGER.log(Level.FINEST,LOGPREFIX +"calling jc.getGetDefaultRealm");
Realm r = realmMgr.getRealm(jc.getDefaultRealm());
LOGGER.log(Level.INFO,LOGPREFIX +"default realm: "+r.getName());
// Access the role manager for the remote connection role
LOGGER.log(Level.FINEST,
LOGPREFIX +"calling default_realm.getRoleManager");
RoleManager roleMgr = r.getRoleManager();
LOGGER.log(Level.INFO,LOGPREFIX +"looking up custom role '"
CUSTOM_RMI_CONNECT_ROLE "'");
RealmRole rmiConnectRole = roleMgr.getRole(CUSTOM_RMI_CONNECT_ROLE);
if (rmiConnectRole == null)
LOGGER.log(Level.INFO,LOGPREFIX +"role does not exist, create it...");
rmiConnectRole = roleMgr.createRole(CUSTOM_RMI_CONNECT_ROLE);
LOGGER.log(Level.FINEST,LOGPREFIX +"constructing new grantee");
Grantee gtee = new Grantee(rmiConnectRole);
LOGGER.log(Level.FINEST,LOGPREFIX +"constructing login rmi permission");
RMIPermission login = new RMIPermission("login");
LOGGER.log(Level.FINEST,
LOGPREFIX +"constructing subject.propagation rmi permission");
RMIPermission subjectprop = new RMIPermission("subject.propagation");
// make policy changes
LOGGER.log(Level.FINEST,LOGPREFIX +"calling jc.getPolicy");
JAZNPolicy policy = jc.getPolicy();
if (policy != null)
LOGGER.log(Level.INFO, LOGPREFIX
+ "add to policy grant for RMI 'login' permission to "
+ CUSTOM_RMI_CONNECT_ROLE);
policy.grant(gtee, login);
LOGGER.log(Level.INFO, LOGPREFIX
+ "add to policy grant for RMI 'subject.propagation' permission to "
+ CUSTOM_RMI_CONNECT_ROLE);
policy.grant(gtee, subjectprop);
// m_Role = rmiConnectRole;
m_Role = roleMgr.getRole(CUSTOM_RMI_CONNECT_ROLE);
LOGGER.log(Level.INFO, LOGPREFIX
+ m_Role.getName() + ":" + m_Role.getFullName() + ":" + m_Role.getFullName());
else
LOGGER.log(Level.WARNING,LOGPREFIX +"Cannot find jazn policy!");
else
LOGGER.log(Level.INFO,LOGPREFIX +"custom role already exists");
m_Role = rmiConnectRole;
catch (JAZNException e)
LOGGER.log(Level.WARNING,
LOGPREFIX +"Cannot configure JAZN for remote connections");
public RealmRole getCustomRmiConnectRole()
return m_Role;
}Using the code approach and switching application.xml across so that namespace access is for the group remote_connect, I get the following error from my bean :-
INFO: Login permission not granted for current-workspace-app (test.user)
Thus, the login permission that I'm adding through the custom remote_connect role does not seem to work. Even if it did, i'm pretty sure I would still get that namespace error.
This has been such a frustrating process. All the custom login module samples using embedded JDeveloper show simple j2ee servlet protection based on settings in web.xml.
There are no samples showing jdeveloper embedded oc4j using ejb with custom login modules.
Hopefully the oc4j jdev gurus like Frank can write a paper that demonstrates this.
Matt. -
Accessing LDAP in a custom JAAS login module
Hi,
I have developed a custom jaas login module in CE 7.1. I created a java dc which contains a class extending AbstractLoginModule. This DC is deployed on to the server using an EAR DC. I am trying to access LDAP in the custom login module. I am trying to establish an SSL connection to LDAP. For this purpose i have created a custom socket factory class which extends SSLSocketFactory. I used the code below to establish the connection.
Hashtable<String,String> env=new Hashtable<String,String>();
DirContext dirContext=null;
env.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL,ldapURL);
env.put(Context.SECURITY_PROTOCOL,"ssl");
env.put("java.naming.ldap.factory.socket", "com.test.ldap.MySSLSocketFactory");
dirContext=new InitialDirContext(env);
MySSLSocketFactory is the name of custom socket factory.
During a login process, the above code results in error because the connection to LDAP server could not be established. However the same code when executed in a webdynpro DC is working without any problem. What could be the reason for this?
This is the error i could see in defaultTrace
javax.naming.CommunicationException: js24.na.domain.net:636 [Root exception is java.lang.ClassNotFoundException: com.test.ldap.MySSLSocketFactory
Loader Info -
ClassLoader name: [service:security]
Living status: alive
Direct parent loaders:
[system:Frame]
[library:j2eeca]
[service:timeout]
[service:com.sap.security.core.ume.service]
[service:adminadapter]
Resources:
/usr/sap/SV3/J10/j2ee/cluster/bin/services/security/lib/private/sap.comtcjesecurityimpl.jar
at com.sun.jndi.ldap.Connection.<init>(Connection.java:205)
at com.sun.jndi.ldap.LdapClient.<init>(LdapClient.java:118)
at com.sun.jndi.ldap.LdapClient.getInstance(LdapClient.java:1579)
at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2681)
at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:299)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193)
at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136)
at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:66)
at com.sap.engine.system.naming.provider.DefaultInitialContext._getDefaultInitCtxt(DefaultInitialContext.java:64)
at com.sap.engine.system.naming.provider.DefaultInitialContext.<init>(DefaultInitialContext.java:45)
at com.sap.engine.system.naming.provider.DefaultInitialContextFactory.getInitialContext(DefaultInitialContextFactory.java:41)
at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667)
at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:247)
at javax.naming.InitialContext.init(InitialContext.java:223)
at javax.naming.InitialContext.<init>(InitialContext.java:197)
at javax.naming.directory.InitialDirContext.<init>(InitialDirContext.java:82)Hi,
I used an EJB to perform the LDAP search and called the EJB from the login module. It is working as expected.
Regards,
Shabeer -
Accessing application module instances directly from the AMPool
Hi!
I´m want to create an Application Module Pool Monitor, actually I need to know how many fetched rows an Application Module instance has.
I made a jsp, that do the following:
ApplicationPool pool = (ApplicationPool)poolMgr.getResourcePool(poolname);
int instanceCount = pool.getInstanceCount();
for (int i = 0; i < instanceCount; i++){
ApplicationModule am = pool.getInstance(i);
and then works with the am instances, calculating the rows that each VO has fetched.
Now, It is not yet clear to me if, when I use "pool.getInstance(i)",
I'm locking the instance that is being use by another session (an user session), or trying to get a lock,
and possibly creating a deadlock. Or the AMPool administrates the lock and I don´t need to worry about it.
Thank in advance, and sorry for my bad english!
(i forgot to mention, I´m using adf - bc 10.1.2 )
Message was edited by:
user506477Sure, we are having RAM problems, sometimes, and for reasons that are still unclear, a process begins to consume memory.
What we need rigth now, is a tool that tell us how many rows in memory has each user, and which ViewObject is creating them. The idea is to make some kind of monitor that shows that, the AM that each user has, an the state of their VOs.
I used the JSP in this page as a reference:
http://radio.weblogs.com/0118231/stories/2004/05/10/gettingApplicationModulePoolStatisticsToAidWithSizeTuning.html
I´m not trying to create a new AM management mechanism, simply a tool that shows the status of the application (and perhaps allows me, for instance, to clear the cache of a VO that has to many rows fetched).
In my JSP I obtain an instance of the AMs using "pool.getInstance(i)", and access then the associated VOs. But I don´t know if accesing the AMs this way could create problems with users that have an AM assigned to them, for example, a deadlock.
Thanks! -
Custom Login Module for Tomcat to procted apps using Oracle Access Manager
Hi all,
I have the following scenario.
A web application deployed in Tomcat to be protected using OAM. One solution is to use Access Gate though we have other alternative as Proxy infront of Tomcat with a webgate. Now I am implementing the Access Gate solution.
So, when the user clicks the tomcat application, then the prompt (BASIC) appears for login details. custom login module should kick in and take those login details and authenticate against OAM using Access SDK API.
I have created access gate profile and installed Access SDK. Ran the ConfigureAccessGateTool as well.
I did some research googling for login module. I came to know that we need to write a custom realm for it. So, this realm implementation involves specifying role-name etc., in web.xml where the role-name would have been defined in tomcat-users.xml.
This means that the user trying to authenticate against OAM has to have some roles defined in Tomcat to login. I didnot understand the flow end to end as how this will work.
Please let me know if anybody has done this of customization.
Thanks,
Mahendra.Hi Ambarish,
Initially I thought of implementing the way you suggested in Option 2.
But there will be various redirections when we use option 2 as the login page should redirect it to a page where OAM authentication and authorization stuff has to be handled. And accordingly we have to redirect it to specific pages upon successful atn and atz. Hence, I was opted using Custom Login Module.
However, I have been trying Option 2 now. In web.xml, I have specified a login page with FORM scheme. The login redirects it to another page say OAM_Authentication_Handler.jsp. Here we code which serves atn and atz. Upon doing this, I have observed that the protected resource in OAM is not getting evaluated using the method
String ms_protocol = "http";
String ms_method = "GET";
String ms_resource = "http://localhost:8080/FormLogin/private.jsp";
ObResourceRequest rrq = new ObResourceRequest(ms_protocol, ms_resource, ms_method);
The method rrq.isProtected() is returning false which implies it to unprotected. I have tested using Access Tester for the resource and it results in expected behaviour.
Is there any limitation here by using this approach?
Any ideas?
Thanks,
Mahendra. -
Login module access to third-party libraries?
G'day,
I have a simple login module that is currently deployed in Netweaver 2004s. It is callable by both Netweaver AS and Netweaver Portal, and was implemented using Netweaver Developer Studio.
I would like to have this login module use third-party libraries, but I am not sure of the best approach to take here.
Do I just drop the third-party libraries into the jre/lib/endorsed directory of the JDK, or is there a better way of putting the third-party libraries onto the classpath?
When I edit the server/provider.xml file of the login module library in Developer Studio, it only allows me to make references to jar files that currently exist in the workspace. So adding references to external jar files does not seem to be supported here.
Is there a proper place to drop third-party jar files, so that they can be used by my login module?
--GeoffHi,
There are different ways. as you said You can either drop it in jre/lib folder or a clsspath setting will do.
But some times the server will not be able to catch up those libs so You can set the path to these libs in config tool. This will ensure the server will take these libs for sure.
If you have set the classpath NWDS will take this reference -
Third party SSO with a custom login module
Hello everyone,
I've found a few posts on the forum with questions similar to mine, but none have been answered. I'm using a 3rd party authentication product along with a custom implementation of the AbstractLoginModule interface.
The setup is standard: A 3rd party agent is installed on a reverse proxy web server to SAP. The agent is configured to protect SAP resources, and it handles the login screens and authentication. Once the user has been authenticated, the AbstractLoginModule implementation kicks in, decrypts and validates an SSO token, retrieves the username from it and creates an SAP Principal.
The login ticket template is configured as follows:
1. EvaluateTicketLoginModule SUFFICIENT
2. MyLoginModule REQUISITE
3. CreateTicketLoginModule OPTIONAL
One of the integration's key requirements is that direct interaction with standard SAP authentication must be avoided. More specifically, the user should never need to enter an SAP password. I'm only seeing two problems, both of which violate this requirement.
The first is in cases where there is no existing SAP user that matches the authenticated user. In this case, the third party token and SAP Principal are created, the abort method is called, and the user is redirected to the SAP login page. I need to either bring to user back to the third party login page or to a custom error page~.
The second problem occurs when an SAP password change is required. Again in this case, an SAP form is displayed after the module has created the Principal (although once the user changes the SAP password, all's well). If I were to disable mandatory password changes, would this apply to fat client access as well? If so, then it's not a viable option.
The general idea in both instances is that the SAP I'd appreciate any help or suggestions.
Thanks
~ Since the SSO token applies to applications outside of SAP, I may add a login module parameter to make this a configurable choice. (I.e. allow the administrator to decide whether to inform the user that SAP authentication failed while preserving the SSO token, or to destroy the token and force re-authentication). However, if there is a way to configure the "bad credentials" URL outside of the module's code/parameters, it may be better to place the choice there.Hi Julius,
Thank you for the quick response - and on a Sunday, no less!
I have considered verifying that the user existed in SAP before creating the Principal. One might argue that that would be the common sense thing to do. The reason I've held off is that the error should be so rare that it may not justify the overhead. There's a requirement to have a one-to-one username mapping between SAP and the authentication application. It would be more efficient to assume that this requirement has been met and to handle the Exception when it hasn't been. Of course, that doesn't mean that it's the right way to go.
+_Julius Bussche wrote:_+
For the first concern, if they can access the logon page directly (anyway) you could disable it as you do not want any password based logons (right?) and redirect it to your external page or an error page.
Yes, this is what I'm hoping to do, but I'm not sure how to do it. Here are some comments and questions about this:
1. What's involved in disabling the login page? I would think you'd need to replace it with something else rather than just switch it off. Could I limit this change to the login ticket template so that other templates (basic authentication, for example) are still available?
2. Keep in mind that users will never get past the "real" login page unless they have been authenticated. This complicates matters because we're dealing with a scenario in which the user has already been authenticated but doesn't exist in SAP. Therefore, it wouldn't make sense to go back to either login page.
3. What's involved in redirecting to an external page? Is this an explicit redirect in the module code, or can it be decoupled from the module? It's not a big deal, but it would be nice to avoid mandatory module parameters for relative paths to error pages.
I think the question I'm after is: "Can I simply change an SAP login URL parameter to point to a custom error page, and allow everything to work as it does now (where SAP handles the redirect)". If so, could I limit the scope of the change to the login ticket template? What would be even better is if I could configure SAP's response to this error. Somewhere, it's currently configured to display the login page. Ideally, I'd be able to configure it to display myErrorPage, and then set myErrorPage to the appropriate URL.
+_Julius Bussche wrote:_+
For the second concern, I assume that there are no valid passwords involved here which might have expired, so as long as the user does not have the option to activate a password again and anyway cannot logon via password as the option is not presented... then you should be fine here as well with a forward proxy. Not sure which Java APIs are offered here, but you could check this together with the existence check and react to both prior to accessing SAP "from the outside".
The problem here is that the SAP passwords are needed outside of the integration. It's true that whether an SAP password has expired is irrelevant to the integration. However, this is a Web-based integration; SAP passwords must still be available to users who have access to other clients. With this in mind, could I create a user password policy that disables password expiration and automatic password change, but only apply it to Web client access? If not, do you know how I might override SAPu2019s behavior?
Once again, thank you for taking your time to help me out. I am very grateful.
- John -
Hi All,
I am implementing the JAAS login module. I have created the class file, Library file and also created the SDA file .But while configuring an Application to Use the Login Module in Policy Configurations Components which Components should i choose to apply login module for portal.
My Scenario
While logging into portal with a user id it should check the password in the some other system.
For this which component should I choose in the Policy Configurations → Authentication tab > components in Visual administrator.
Thanks & Regards
Praveen.K.THi Dagfinn,
This is the log which i got once i Log into the portal . defaulttrace.0.trc
<!LOGHEADER[START]/>
<!HELP[Manual modification of the header may cause parsing problem!]/>
<!LOGGINGVERSION[1.5.3.7185 - 630]/>
<!NAME[./log/defaultTrace.trc]/>
<!PATTERN[defaultTrace.trc]/>
<!FORMATTER[com.sap.tc.logging.ListFormatter]/>
<!ENCODING[Cp1252]/>
<!FILESET[0, 20, 10485760]/>
<!PREVIOUSFILE[defaultTrace.19.trc]/>
<!NEXTFILE[defaultTrace.1.trc]/>
<!LOGHEADER[END]/>
#1.5#0014221E20B500680000019D00001484000426C21E13447B#1168515077593#com.sap.engine.services.httpserver##com.sap.engine.services.httpserver#XIAFUSER#347##cgnsap28_SNW_16885150#XIAFUSER#40a1f1a0a16711dbaec80014221e20b5#SAPEngine_Application_Thread[impl:3]_73##0#0#Error#1#/System/Server#Plain###User XIAFUSER, IP address
HTTP request processing failed. HTTP error [403] will be returned. The error is [You are not authorized to view the requested resource.No details available].#
#1.5#0014221E20B5006D0000009700001484000426C21F9057F2#1168515102562#com.sap.jms##com.sap.jms.server.sessioncontainer.InboundBus instance=default#J2EE_GUEST#0####4f88a420a16711dbbd2c0014221e20b5#SAPEngine_Application_Thread[impl:3]_1##0#0#Error##Plain###com.sap.jms.server.exception.JMSServerException: Cannot write to transaction log TX119.tx.
at com.sap.jms.server.sessioncontainer.transactionlog.TransactionLogFileImpl.store(TransactionLogFileImpl.java:289)
at com.sap.jms.server.sessioncontainer.handler.SessionHandler.onMessageRequest(SessionHandler.java:602)
at com.sap.jms.server.sessioncontainer.handler.SessionHandler.process(SessionHandler.java:103)
at com.sap.jms.server.sessioncontainer.InboundBus.process(InboundBus.java:143)
at com.sap.jms.server.sessioncontainer.InboundBus.enqueue(InboundBus.java:116)
at com.sap.jms.server.sessioncontainer.SessionContainer.receiveFromDispatcher(SessionContainer.java:63)
at com.sap.jms.server.routingcontainer.RoutingContainer.receiveFromDispatcher(RoutingContainer.java:447)
at com.sap.jms.server.JMSServerContainer.dispatchRequest(JMSServerContainer.java:572)
at com.sap.jms.server.SynchronousNetworkAdapter.sendAndWait(SynchronousNetworkAdapter.java:130)
at com.sap.jms.client.connection.Connection.sendPacket(Connection.java:656)
at com.sap.jms.client.session.Session.sendMessage(Session.java:1494)
at com.sap.jms.client.session.MessageProducer.send(MessageProducer.java:464)
at com.sap.jms.client.session.MessageProducer.send(MessageProducer.java:276)
at com.sap.jms.client.session.MessageProducer.send(MessageProducer.java:245)
at com.sap.aii.af.protocol.ispeak.services.timer.impl.ISPEventSession.postEvent(ISPEventSession.java:231)
at com.sap.aii.af.protocol.ispeak.services.timer.impl.ISPTimerEvent.fireEvent(ISPTimerEvent.java:298)
at com.sap.aii.af.protocol.ispeak.services.timer.impl.ISPTimerEvent.timeout(ISPTimerEvent.java:336)
at com.sap.engine.services.timeout.TimeoutNode.run(TimeoutNode.java:56)
at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
at java.security.AccessController.doPrivileged(Native Method)
at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:100)
at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:170)
Caused by: java.io.FileNotFoundException: C:
Documents and Settings
snwadm
sapjms
101a59e
1
TX119.tx (Access is denied)
at java.io.RandomAccessFile.open(Native Method)
at java.io.RandomAccessFile.<init>(RandomAccessFile.java:204)
at com.sap.jms.server.sessioncontainer.transactionlog.TransactionLogFileImpl$TxContextImpl.assureOpened(TransactionLogFileImpl.java:50)
at com.sap.jms.server.sessioncontainer.transactionlog.TransactionLogFileImpl.store(TransactionLogFileImpl.java:279)
... 21 more
#1.5#0014221E20B5006D0000009900001484000426C21F905D72#1168515102562#com.sap.jms.client.session.Session##com.sap.jms.client.session.Session#J2EE_GUEST#0####4f88a420a16711dbbd2c0014221e20b5#SAPEngine_Application_Thread[impl:3]_1##0#0#Error##Java###checkReceivedPacket
[EXCEPTION]
#1#javax.jms.JMSException: Cannot write to transaction log TX119.tx.
at com.sap.jms.protocol.notification.ServerExceptionResponse.getException(ServerExceptionResponse.java:271)
at com.sap.jms.client.session.Session.checkReceivedPacket(Session.java:2533)
at com.sap.jms.client.session.Session.sendMessage(Session.java:1496)
at com.sap.jms.client.session.MessageProducer.send(MessageProducer.java:464)
at com.sap.jms.client.session.MessageProducer.send(MessageProducer.java:276)
at com.sap.jms.client.session.MessageProducer.send(MessageProducer.java:245)
at com.sap.aii.af.protocol.ispeak.services.timer.impl.ISPEventSession.postEvent(ISPEventSession.java:231)
at com.sap.aii.af.protocol.ispeak.services.timer.impl.ISPTimerEvent.fireEvent(ISPTimerEvent.java:298)
at com.sap.aii.af.protocol.ispeak.services.timer.impl.ISPTimerEvent.timeout(ISPTimerEvent.java:336)
at com.sap.engine.services.timeout.TimeoutNode.run(TimeoutNode.java:56)
at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
at java.security.AccessController.doPrivileged(Native Method)
at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:100)
at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:170)
#1.5#0014221E20B5006D0000009A00001484000426C21F905F05#1168515102562#com.sap.aii.af.protocol.ispeak.services.timer.impl.ISPTimerEvent##com.sap.aii.af.protocol.ispeak.services.timer.impl.ISPTimerEvent.timeout()#J2EE_GUEST#0####4f88a420a16711dbbd2c0014221e20b5#SAPEngine_Application_Thread[impl:3]_1##0#0#Error#1#/Version#Plain###Exception occured during timer callback - Message posting Failed.#
#1.5#0014221E20B5006D0000009B00001484000426C21F907395#1168515102578#com.sap.jms##com.sap.jms.server.sessioncontainer.InboundBus instance=default#J2EE_GUEST#0####4f88a420a16711dbbd2c0014221e20b5#SAPEngine_Application_Thread[impl:3]_1##0#0#Error##Plain###com.sap.jms.server.exception.JMSServerException: Internal error.
at com.sap.jms.server.sessioncontainer.transactionlog.TransactionLogFileImpl$TxContextImpl.setState(TransactionLogFileImpl.java:131)
at com.sap.jms.server.sessioncontainer.transactionlog.TransactionLogFileImpl.setCommitState(TransactionLogFileImpl.java:391)
at com.sap.jms.server.sessioncontainer.handler.SessionHandler.onRollbackRequest(SessionHandler.java:430)
at com.sap.jms.server.sessioncontainer.handler.SessionHandler.process(SessionHandler.java:112)
at com.sap.jms.server.sessioncontainer.InboundBus.process(InboundBus.java:143)
at com.sap.jms.server.sessioncontainer.InboundBus.enqueue(InboundBus.java:116)
at com.sap.jms.server.sessioncontainer.SessionContainer.receiveFromDispatcher(SessionContainer.java:63)
at com.sap.jms.server.routingcontainer.RoutingContainer.receiveFromDispatcher(RoutingContainer.java:447)
at com.sap.jms.server.JMSServerContainer.dispatchRequest(JMSServerContainer.java:572)
at com.sap.jms.server.SynchronousNetworkAdapter.sendAndWait(SynchronousNetworkAdapter.java:130)
at com.sap.jms.client.connection.Connection.sendPacket(Connection.java:656)
at com.sap.jms.client.session.Session.rollback(Session.java:356)
at com.sap.engine.services.jmsconnector.cci.SessionImpl.rollback(SessionImpl.java:206)
at com.sap.aii.af.protocol.ispeak.services.timer.impl.ISPEventSession.close(ISPEventSession.java:249)
at com.sap.aii.af.protocol.ispeak.services.timer.impl.ISPTimerEvent.timeout(ISPTimerEvent.java:366)
at com.sap.engine.services.timeout.TimeoutNode.run(TimeoutNode.java:56)
at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
at java.security.AccessController.doPrivileged(Native Method)
at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:100)
at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:170)
Caused by: java.io.FileNotFoundException: C:
Documents and Settings
snwadm
sapjms
101a59e
1
TX119.tx (Access is denied)
at java.io.RandomAccessFile.open(Native Method)
at java.io.RandomAccessFile.<init>(RandomAccessFile.java:204)
at com.sap.jms.server.sessioncontainer.transactionlog.TransactionLogFileImpl$TxContextImpl.assureOpened(TransactionLogFileImpl.java:50)
at com.sap.jms.server.sessioncontainer.transactionlog.TransactionLogFileImpl$TxContextImpl.setState(TransactionLogFileImpl.java:123)
... 19 more
#1.5#0014221E20B5006D0000009D00001484000426C21F907951#1168515102578#com.sap.jms.client.session.Session##com.sap.jms.client.session.Session#J2EE_GUEST#0####4f88a420a16711dbbd2c0014221e20b5#SAPEngine_Application_Thread[impl:3]_1##0#0#Error##Java###checkReceivedPacket
[EXCEPTION]
#1#javax.jms.JMSException: Internal error.
at com.sap.jms.protocol.notification.ServerExceptionResponse.getException(ServerExceptionResponse.java:271)
at com.sap.jms.client.session.Session.checkReceivedPacket(Session.java:2533)
at com.sap.jms.client.session.Session.rollback(Session.java:357)
at com.sap.engine.services.jmsconnector.cci.SessionImpl.rollback(SessionImpl.java:206)
at com.sap.aii.af.protocol.ispeak.services.timer.impl.ISPEventSession.close(ISPEventSession.java:249)
at com.sap.aii.af.protocol.ispeak.services.timer.impl.ISPTimerEvent.timeout(ISPTimerEvent.java:366)
at com.sap.engine.services.timeout.TimeoutNode.run(TimeoutNode.java:56)
at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
at java.security.AccessController.doPrivileged(Native Method)
at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:100)
at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:170)
#1.5#0014221E20B5006D0000009E00001484000426C21F9087B7#1168515102578#com.sap.jms##com.sap.jms.server.sessioncontainer.InboundBus instance=default#J2EE_GUEST#0####4f88a420a16711dbbd2c0014221e20b5#SAPEngine_Application_Thread[impl:3]_1##0#0#Error##Plain###com.sap.jms.server.exception.JMSServerException: Internal error.
at com.sap.jms.server.sessioncontainer.transactionlog.TransactionLogFileImpl$TxContextImpl.setState(TransactionLogFileImpl.java:131)
at com.sap.jms.server.sessioncontainer.transactionlog.TransactionLogFileImpl.setCommitState(TransactionLogFileImpl.java:391)
at com.sap.jms.server.sessioncontainer.handler.SessionHandler.onRollbackRequest(SessionHandler.java:430)
at com.sap.jms.server.sessioncontainer.handler.SessionHandler.process(SessionHandler.java:112)
at com.sap.jms.server.sessioncontainer.InboundBus.process(InboundBus.java:143)
at com.sap.jms.server.sessioncontainer.InboundBus.enqueue(InboundBus.java:116)
at com.sap.jms.server.sessioncontainer.SessionContainer.receiveFromDispatcher(SessionContainer.java:63)
at com.sap.jms.server.routingcontainer.RoutingContainer.receiveFromDispatcher(RoutingContainer.java:447)
at com.sap.jms.server.JMSServerContainer.dispatchRequest(JMSServerContainer.java:572)
at com.sap.jms.server.SynchronousNetworkAdapter.sendAndWait(SynchronousNetworkAdapter.java:130)
at com.sap.jms.client.connection.Connection.sendPacket(Connection.java:656)
at com.sap.jms.client.session.Session.rollback(Session.java:356)
at com.sap.jms.client.session.Session.close(Session.java:184)
at com.sap.jms.client.xa.SessionAdapter.close(SessionAdapter.java:52)
at com.sap.engine.services.jmsconnector.spi.ManagedSession.sessionClosed(ManagedSession.java:279)
at com.sap.engine.services.jmsconnector.cci.SessionImpl.close(SessionImpl.java:119)
at com.sap.aii.af.protocol.ispeak.services.timer.impl.ISPEventSession.close(ISPEventSession.java:276)
at com.sap.aii.af.protocol.ispeak.services.timer.impl.ISPTimerEvent.timeout(ISPTimerEvent.java:366)
at com.sap.engine.services.timeout.TimeoutNode.run(TimeoutNode.java:56)
at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
at java.security.AccessController.doPrivileged(Native Method)
at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:100)
at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:170)
Caused by: java.io.FileNotFoundException: C:
Documents and Settings
snwadm
sapjms
101a59e
1
TX119.tx (Access is denied)
at java.io.RandomAccessFile.open(Native Method)
at java.io.RandomAccessFile.<init>(RandomAccessFile.java:204)
at com.sap.jms.server.sessioncontainer.transactionlog.TransactionLogFileImpl$TxContextImpl.assureOpened(TransactionLogFileImpl.java:50)
at com.sap.jms.server.sessioncontainer.transactionlog.TransactionLogFileImpl$TxContextImpl.setState(TransactionLogFileImpl.java:123)
... 22 more
#1.5#0014221E20B5006D000000A000001484000426C21F908D43#1168515102578#com.sap.jms.client.session.Session##com.sap.jms.client.session.Session#J2EE_GUEST#0####4f88a420a16711dbbd2c0014221e20b5#SAPEngine_Application_Thread[impl:3]_1##0#0#Error##Java###checkReceivedPacket
[EXCEPTION]
#1#javax.jms.JMSException: Internal error.
at com.sap.jms.protocol.notification.ServerExceptionResponse.getException(ServerExceptionResponse.java:271)
at com.sap.jms.client.session.Session.checkReceivedPacket(Session.java:2533)
at com.sap.jms.client.session.Session.rollback(Session.java:357)
at com.sap.jms.client.session.Session.close(Session.java:184)
at com.sap.jms.client.xa.SessionAdapter.close(SessionAdapter.java:52)
at com.sap.engine.services.jmsconnector.spi.ManagedSession.sessionClosed(ManagedSession.java:279)
at com.sap.engine.services.jmsconnector.cci.SessionImpl.close(SessionImpl.java:119)
at com.sap.aii.af.protocol.ispeak.services.timer.impl.ISPEventSession.close(ISPEventSession.java:276)
at com.sap.aii.af.protocol.ispeak.services.timer.impl.ISPTimerEvent.timeout(ISPTimerEvent.java:366)
at com.sap.engine.services.timeout.TimeoutNode.run(TimeoutNode.java:56)
at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
at java.security.AccessController.doPrivileged(Native Method)
at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:100)
at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:170)
#1.5#0014221E20B5006D000000A100001484000426C21F909BEE#1168515102578#com.sap.jms##com.sap.jms.server.sessioncontainer.InboundBus instance=default#J2EE_GUEST#0####4f88a420a16711dbbd2c0014221e20b5#SAPEngine_Application_Thread[impl:3]_1##0#0#Error##Plain###com.sap.jms.server.exception.JMSServerException: Internal error.
at com.sap.jms.server.sessioncontainer.transactionlog.TransactionLogFileImpl$TxContextImpl.setState(TransactionLogFileImpl.java:131)
at com.sap.jms.server.sessioncontainer.transactionlog.TransactionLogFileImpl.setCommitState(TransactionLogFileImpl.java:391)
at com.sap.jms.server.sessioncontainer.handler.SessionHandler.onRollbackRequest(SessionHandler.java:430)
at com.sap.jms.server.sessioncontainer.handler.SessionHandler.process(SessionHandler.java:112)
at com.sap.jms.server.sessioncontainer.InboundBus.process(InboundBus.java:143)
at com.sap.jms.server.sessioncontainer.InboundBus.enqueue(InboundBus.java:116)
at com.sap.jms.server.sessioncontainer.SessionContainer.receiveFromDispatcher(SessionContainer.java:63)
at com.sap.jms.server.routingcontainer.RoutingContainer.receiveFromDispatcher(RoutingContainer.java:447)
at com.sap.jms.server.JMSServerContainer.dispatchRequest(JMSServerContainer.java:572)
at com.sap.jms.server.SynchronousNetworkAdapter.sendAndWait(SynchronousNetworkAdapter.java:130)
at com.sap.jms.client.connection.Connection.sendPacket(Connection.java:656)
at com.sap.jms.client.session.Session.rollback(Session.java:356)
at com.sap.jms.client.session.Session.close(Session.java:184)
at com.sap.jms.client.connection.Connection.close(Connection.java:132)
at com.sap.engine.services.jmsconnector.cci.QueueConnectionFactoryImpl.connectionClosed(QueueConnectionFactoryImpl.java:215)
at com.sap.engine.services.jmsconnector.cci.ConnectionImpl.close(ConnectionImpl.java:268)
at com.sap.engine.services.jmsconnector.cci.QueueConnectionImpl.close(QueueConnectionImpl.java:69)
at com.sap.aii.af.protocol.ispeak.services.timer.impl.ISPEventSession.close(ISPEventSession.java:287)
at com.sap.aii.af.protocol.ispeak.services.timer.impl.ISPTimerEvent.timeout(ISPTimerEvent.java:366)
at com.sap.engine.services.timeout.TimeoutNode.run(TimeoutNode.java:56)
at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
at java.security.AccessController.doPrivileged(Native Method)
at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:100)
at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:170)
Caused by: java.io.FileNotFoundException: C:
Documents and Settings
snwadm
sapjms
101a59e
1
TX119.tx (Access is denied)
at java.io.RandomAccessFile.open(Native Method)
at java.io.RandomAccessFile.<init>(RandomAccessFile.java:204)
at com.sap.jms.server.sessioncontainer.transactionlog.TransactionLogFileImpl$TxContextImpl.assureOpened(TransactionLogFileImpl.java:50)
at com.sap.jms.server.sessioncontainer.transactionlog.TransactionLogFileImpl$TxContextImpl.setState(TransactionLogFileImpl.java:123)
... 23 more
#1.5#0014221E20B5006D000000A300001484000426C21F90A23A#1168515102578#com.sap.jms.client.session.Session##com.sap.jms.client.session.Session#J2EE_GUEST#0####4f88a420a16711dbbd2c0014221e20b5#SAPEngine_Application_Thread[impl:3]_1##0#0#Error##Java###checkReceivedPacket
[EXCEPTION]
#1#javax.jms.JMSException: Internal error.
at com.sap.jms.protocol.notification.ServerExceptionResponse.getException(ServerExceptionResponse.java:271)
at com.sap.jms.client.session.Session.checkReceivedPacket(Session.java:2533)
at com.sap.jms.client.session.Session.rollback(Session.java:357)
at com.sap.jms.client.session.Session.close(Session.java:184)
at com.sap.jms.client.connection.Connection.close(Connection.java:132)
at com.sap.engine.services.jmsconnector.cci.QueueConnectionFactoryImpl.connectionClosed(QueueConnectionFactoryImpl.java:215)
at com.sap.engine.services.jmsconnector.cci.ConnectionImpl.close(ConnectionImpl.java:268)
at com.sap.engine.services.jmsconnector.cci.QueueConnectionImpl.close(QueueConnectionImpl.java:69)
at com.sap.aii.af.protocol.ispeak.services.timer.impl.ISPEventSession.close(ISPEventSession.java:287)
at com.sap.aii.af.protocol.ispeak.services.timer.impl.ISPTimerEvent.timeout(ISPTimerEvent.java:366)
at com.sap.engine.services.timeout.TimeoutNode.run(TimeoutNode.java:56)
at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
at java.security.AccessController.doPrivileged(Native Method)
at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:100)
at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:170)
#1.5#0014221E20B5006D000000A400001484000426C21F90A3F8#1168515102578#com.sap.aii.af.protocol.ispeak.services.timer.impl.ISPEventSession##com.sap.aii.af.protocol.ispeak.services.timer.impl.ISPEventSession.close()#J2EE_GUEST#0####4f88a420a16711dbbd2c0014221e20b5#SAPEngine_Application_Thread[impl:3]_1##0#0#Error#1#/Version#Plain###Errors occured while closing Event Session#
#1.5#0014221E20B5006D000000A500001484000426C21F90A4EB#1168515102578#com.sap.aii.af.protocol.ispeak.services.timer.impl.ISPEventSession##com.sap.aii.af.protocol.ispeak.services.timer.impl.ISPEventSession.close()#J2EE_GUEST#0####4f88a420a16711dbbd2c0014221e20b5#SAPEngine_Application_Thread[impl:3]_1##0#0#Error#1#/Version#Plain###Error From List = javax.jms.JMSException: Internal error.
at com.sap.jms.protocol.notification.ServerExceptionResponse.getException(ServerExceptionResponse.java:271)
at com.sap.jms.client.session.Session.checkReceivedPacket(Session.java:2533)
at com.sap.jms.client.session.Session.rollback(Session.java:357)
at com.sap.engine.services.jmsconnector.cci.SessionImpl.rollback(SessionImpl.java:206)
at com.sap.aii.af.protocol.ispeak.services.timer.impl.ISPEventSession.close(ISPEventSession.java:249)
at com.sap.aii.af.protocol.ispeak.services.timer.impl.ISPTimerEvent.timeout(ISPTimerEvent.java:366)
at com.sap.engine.services.timeout.TimeoutNode.run(TimeoutNode.java:56)
at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
at java.security.AccessController.doPrivileged(Native Method)
at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:100)
at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:170)
#1.5#0014221E20B5006D000000A600001484000426C21F90A642#1168515102578#com.sap.aii.af.protocol.ispeak.services.timer.impl.ISPEventSession##com.sap.aii.af.protocol.ispeak.services.timer.impl.ISPEventSession.close()#J2EE_GUEST#0####4f88a420a16711dbbd2c0014221e20b5#SAPEngine_Application_Thread[impl:3]_1##0#0#Error#1#/Version#Plain###Error From List = javax.jms.JMSException: Internal error.
at com.sap.jms.protocol.notification.ServerExceptionResponse.getException(ServerExceptionResponse.java:271)
at com.sap.jms.client.session.Session.checkReceivedPacket(Session.java:2533)
at com.sap.jms.client.session.Session.rollback(Session.java:357)
at com.sap.jms.client.session.Session.close(Session.java:184)
at com.sap.jms.client.xa.SessionAdapter.close(SessionAdapter.java:52)
at com.sap.engine.services.jmsconnector.spi.ManagedSession.sessionClosed(ManagedSession.java:279)
at com.sap.engine.services.jmsconnector.cci.SessionImpl.close(SessionImpl.java:119)
at com.sap.aii.af.protocol.ispeak.services.timer.impl.ISPEventSession.close(ISPEventSession.java:276)
at com.sap.aii.af.protocol.ispeak.services.timer.impl.ISPTimerEvent.timeout(ISPTimerEvent.java:366)
at com.sap.engine.services.timeout.TimeoutNode.run(TimeoutNode.java:56)
at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
at java.security.AccessController.doPrivileged(Native Method)
at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:100)
at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:170)
#1.5#0014221E20B5006D000000A700001484000426C21F90A7C8#1168515102578#com.sap.aii.af.protocol.ispeak.services.timer.impl.ISPEventSession##com.sap.aii.af.protocol.ispeak.services.timer.impl.ISPEventSession.close()#J2EE_GUEST#0####4f88a420a16711dbbd2c0014221e20b5#SAPEngine_Application_Thread[impl:3]_1##0#0#Error#1#/Version#Plain###Error From List = javax.jms.JMSException: Internal error.
at com.sap.jms.protocol.notification.ServerExceptionResponse.getException(ServerExceptionResponse.java:271)
at com.sap.jms.client.session.Session.checkReceivedPacket(Session.java:2533)
at com.sap.jms.client.session.Session.rollback(Session.java:357)
at com.sap.jms.client.session.Session.close(Session.java:184)
at com.sap.jms.client.connection.Connection.close(Connection.java:132)
at com.sap.engine.services.jmsconnector.cci.QueueConnectionFactoryImpl.connectionClosed(QueueConnectionFactoryImpl.java:215)
at com.sap.engine.services.jmsconnector.cci.ConnectionImpl.close(ConnectionImpl.java:268)
at com.sap.engine.services.jmsconnector.cci.QueueConnectionImpl.close(QueueConnectionImpl.java:69)
at com.sap.aii.af.protocol.ispeak.services.timer.impl.ISPEventSession.close(ISPEventSession.java:287)
at com.sap.aii.af.protocol.ispeak.services.timer.impl.ISPTimerEvent.timeout(ISPTimerEvent.java:366)
at com.sap.engine.services.timeout.TimeoutNode.run(TimeoutNode.java:56)
at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
at java.security.AccessController.doPrivileged(Native Method)
at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:100)
at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:170)
#1.5#0014221E20B5006E000000A300001484000426C21FE01941#1168515107796#com.sap.engine.services.httpserver##com.sap.engine.services.httpserver#XIAFUSER#352##cgnsap28_SNW_16885150#XIAFUSER#52a4ff50a16711dbc8230014221e20b5#SAPEngine_Application_Thread[impl:3]_36##0#0#Error#1#/System/Server#Plain###User XIAFUSER, IP address
HTTP request processing failed. HTTP error [403] will be returned. The error is [You are not authorized to view the requested resource.No details available].#
#1.5#0014221E20B50069000000E300001484000426C220EE5949#1168515125500#com.sapmarkets.bam.jmxadapter.util.LogDirectory##com.sapmarkets.bam.jmxadapter.util.LogDirectory#J2EE_ADMIN#244####3fc43bd0a16711dba4820014221e20b5#SAPEngine_Application_Thread[impl:3]_28##0#0#Error#1#/System/Server#Plain###Error writing log directory entryG:
tmp
CGNSAP28_SNW_01_16885150_lv_.xml (Access is denied)#
#1.5#0014221E20B50069000000E500001484000426C220EE5AE4#1168515125500#com.sapmarkets.bam.jmxadapter.sapjlog.AbstractFileLogHandler##com.sapmarkets.bam.jmxadapter.sapjlog.AbstractFileLogHandler#J2EE_ADMIN#244####3fc43bd0a16711dba4820014221e20b5#SAPEngine_Application_Thread[impl:3]_28##0#0#Error#1#/System/Server#Plain###com.sapmarkets.bam.util.BAMRuntimeException: Error occured while trying to register a new log#
#1.5#0014221E20B50069000000E700001484000426C220EE5C53#1168515125500#com.sapmarkets.bam.jmxadapter.sapjlog.AbstractFileLogHandler##com.sapmarkets.bam.jmxadapter.sapjlog.AbstractFileLogHandler#J2EE_ADMIN#244####3fc43bd0a16711dba4820014221e20b5#SAPEngine_Application_Thread[impl:3]_28##0#0#Error#1#/System/Server#Plain###com.sapmarkets.bam.util.BAMRuntimeException: <Localization failed: ResourceBundle='com.sapmarkets.bam.util.LogViewerMessages', ID='Error while writing to directory.', Arguments: []> : Can't find resource for bundle java.util.PropertyResourceBundle, key Error while writing to directory.#
#1.5#0014221E20B50069000000E900001484000426C220EE6731#1168515125500#com.sapmarkets.bam.jmxadapter.sapjlog.AbstractFileLogHandler##com.sapmarkets.bam.jmxadapter.sapjlog.AbstractFileLogHandler#J2EE_ADMIN#244####3fc43bd0a16711dba4820014221e20b5#SAPEngine_Application_Thread[impl:3]_28##0#0#Error#1#/System/Server#Plain###Originated from: com.sapmarkets.bam.util.BAMRuntimeException: <Localization failed: ResourceBundle='com.sapmarkets.bam.util.LogViewerMessages', ID='Error while writing to directory.', Arguments: []> : Can't find resource for bundle java.util.PropertyResourceBundle, key Error while writing to directory.
at com.sapmarkets.bam.jmxadapter.util.LogDirectory.write(LogDirectory.java:779)
at com.sapmarkets.bam.jmxadapter.sapjlog.AbstractFileLogHandler.addToDirectory(AbstractFileLogHandler.java:361)
at com.sapmarkets.bam.jmxadapter.sapjlog.AbstractFileLogHandler.registerLogAsMBean(AbstractFileLogHandler.java:249)
at com.sapmarkets.bam.jmxadapter.sapjlog.AbstractFileLogHandler.registerLogMBean(AbstractFileLogHandler.java:151)
at com.sapmarkets.bam.jmxadapter.sapjlog.AbstractFileLogHandler.registerLogMBean(AbstractFileLogHandler.java:85)
at com.sapmarkets.bam.jmxadapter.sapjlog.AbstractFileLogHandler.registerLogMBean(AbstractFileLogHandler.java:402)
at com.sapmarkets.bam.jmxadapter.sapjlog.AbstractFileLogHandler.handleEvent(AbstractFileLogHandler.java:469)
at com.sap.tc.logging.LoggingManager.notifyAddLog(LoggingManager.java:342)
at com.sap.tc.logging.LogController.addLog(LogController.java:1317)
at com.sap.sql.trace.SQLTrace.onJ2ee(SQLTrace.java:323)
at com.sap.engine.services.log_configurator.admin.LogConfigurator.setSQLTrace(LogConfigurator.java:1373)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:324)
at com.sap.pj.jmx.introspect.DefaultMBeanInvoker.setAttribute(DefaultMBeanInvoker.java:217)
at com.sap.pj.jmx.mbeaninfo.AdditionalInfoProviderMBean.setAttribute(AdditionalInfoProviderMBean.java:244)
at com.sap.pj.jmx.server.MBeanServerImpl.setAttribute(MBeanServerImpl.java:849)
at com.sap.pj.jmx.server.interceptor.MBeanServerWrapperInterceptor.setAttribute(MBeanServerWrapperInterceptor.java:399)
at com.sap.engine.services.jmx.CompletionInterceptor.setAttribute(CompletionInterceptor.java:520)
at com.sap.pj.jmx.server.interceptor.BasicMBeanServerInterceptor.setAttribute(BasicMBeanServerInterceptor.java:403)
at com.sap.jmx.provider.ProviderInterceptor.setAttribute(ProviderInterceptor.java:289)
at com.sap.engine.services.jmx.RedirectInterceptor.setAttribute(RedirectInterceptor.java:466)
at com.sap.pj.jmx.server.interceptor.MBeanServerInterceptorChain.setAttribute(MBeanServerInterceptorChain.java:312)
at com.sap.engine.services.jmx.MBeanServerSecurityWrapper.setAttribute(MBeanServerSecurityWrapper.java:378)
at com.sap.engine.services.jmx.MBeanServerInvoker.invokeMbs(MBeanServerInvoker.java:146)
at com.sap.engine.services.jmx.ClusterInterceptor.invokeMbs(ClusterInterceptor.java:212)
at com.sap.engine.services.jmx.ClusterInterceptor.setAttribute(ClusterInterceptor.java:1260)
at com.sap.engine.services.jmx.MBeanServerInterceptorInvoker.invokeMbs(MBeanServerInterceptorInvoker.java:117)
at com.sap.engine.services.jmx.connector.p4.P4ConnectorServerImpl.invokeMbs(P4ConnectorServerImpl.java:61)
at com.sap.engine.services.jmx.connector.p4.P4ConnectorServerImplp4_Skel.dispatch(P4ConnectorServerImplp4_Skel.java:64)
at com.sap.engine.services.rmi_p4.DispatchImpl._runInternal(DispatchImpl.java:320)
at com.sap.engine.services.rmi_p4.DispatchImpl._run(DispatchImpl.java:198)
at com.sap.engine.services.rmi_p4.server.P4SessionProcessor.request(P4SessionProcessor.java:129)
at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
at java.security.AccessController.doPrivileged(Native Method)
at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:100)
at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:170)
#1.5#0014221E20B5006B000000D300001484000426C22119800E#1168515128328#com.sap.engine.services.httpserver##com.sap.engine.services.httpserver#XIAFUSER#355##cgnsap28_SNW_16885150#XIAFUSER#5edd0c90a16711dbb44c0014221e20b5#SAPEngine_Application_Thread[impl:3]_24##0#0#Error#1#/System/Server#Plain###User XIAFUSER, IP address
HTTP request processing failed. HTTP error [403] will be returned. The error is [You are not authorized to view the requested resource.No details available].#
#1.5#0014221E20B5006B000000D400001484000426C2215A561B#1168515132578#com.sap.jms##com.sap.jms.server.sessioncontainer.InboundBus instance=default#J2EE_GUEST#0##cgnsap28_SNW_16885150#XIAFUSER#5edd0c90a16711dbb44c0014221e20b5#SAPEngine_Application_Thread[impl:3]_24##0#0#Error##Plain###com.sap.jms.server.exception.JMSServerException: Cannot write to transaction log TX11d.tx.
at com.sap.jms.server.sessioncontainer.transactionlog.TransactionLogFileImpl.store(TransactionLogFileImpl.java:289)
at com.sap.jms.server.sessioncontainer.handler.SessionHandler.onMessageRequest(SessionHandler.java:602)
at com.sap.jms.server.sessioncontainer.handler.SessionHandler.process(SessionHandler.java:103)
at com.sap.jms.server.sessioncontainer.InboundBus.process(InboundBus.java:143)
at com.sap.jms.server.sessioncontainer.InboundBus.enqueue(InboundBus.java:116)
at com.sap.jms.server.sessioncontainer.SessionContainer.receiveFromDispatcher(SessionContainer.java:63)
at com.sap.jms.server.routingcontainer.RoutingContainer.receiveFromDispatcher(RoutingContainer.java:447)
at com.sap.jms.server.JMSServerContainer.dispatchRequest(JMSServerContainer.java:572)
at com.sap.jms.server.SynchronousNetworkAdapter.sendAndWait(SynchronousNetworkAdapter.java:130)
at com.sap.jms.client.connection.Connection.sendPacket(Connection.java:656)
at com.sap.jms.client.session.Session.sendMessage(Session.java:1494)
at com.sap.jms.client.session.MessageProducer.send(MessageProducer.java:464)
at com.sap.jms.client.session.MessageProducer.send(MessageProducer.java:276)
at com.sap.jms.client.session.MessageProducer.send(MessageProducer.java:245)
at com.sap.aii.af.protocol.ispeak.services.timer.impl.ISPEventSession.postEvent(ISPEventSession.java:231)
at com.sap.aii.af.protocol.ispeak.services.timer.impl.ISPTimerEvent.fireEvent(ISPTimerEvent.java:298)
at com.sap.aii.af.protocol.ispeak.services.timer.impl.ISPTimerEvent.timeout(ISPTimerEvent.java:336)
at com.sap.engine.services.timeout.TimeoutNode.run(TimeoutNode.java:56)
at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
at java.security.AccessController.doPrivileged(Native Method)
at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:100)
at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:170)
Caused by: java.io.FileNotFoundException: C:
Documents and Settings
snwadm
sapjms
101a59e
1
TX11d.tx (Access is denied)
at java.io.RandomAccessFile.open(Native Method)
at java.io.RandomAccessFile.<init>(RandomAccessFile.java:204)
at com.sap.jms.server.sessioncontainer.transactionlog.TransactionLogFileImpl$TxContextImpl.assureOpened(TransactionLogFileImpl.java:50)
at com.sap.jms.server.sessioncontainer.transactionlog.TransactionLogFileImpl.store(TransactionLogFileImpl.java:279)
... 21 more
#1.5#0014221E20B5006B000000D600001484000426C2215A5C1E#1168515132578#com.sap.jms.client.session.Session##com.sap.jms.client.session.Session#J2EE_GUEST#0##cgnsap28_SNW_16885150#XIAFUSER#5edd0c90a16711dbb44c0014221e20b5#SAPEngine_Application_Thread[impl:3]_24##0#0#Error##Java###checkReceivedPacket
[EXCEPTION]
#1#javax.jms.JMSException: Cannot write to transaction log TX11d.tx.
at com.sap.jms.protocol.notification.ServerExceptionResponse.getException(ServerExceptionResponse.java:271)
at com.sap.jms.client.session.Session.checkReceivedPacket(Session.java:2533)
at com.sap.jms.client.session.Session.sendMessage(Session.java:1496)
at com.sap.jms.client.session.MessageProducer.send(MessageProducer.java:464)
at com.sap.jms.client.session.MessageProducer.send(MessageProducer.java:276)
at com.sap.jms.client.session.MessageProducer.send(MessageProducer.java:245)
at com.sap.aii.af.protocol.ispeak.services.timer.impl.ISPEventSession.postEvent(ISPEventSession.java:231)
at com.sap.aii.af.protocol.ispeak.services.timer.impl.ISPTimerEvent.fireEvent(ISPTimerEvent.java:298)
at com.sap.aii.af.protocol.ispeak.services.timer.impl.ISPTimerEvent.timeout(ISPTimerEvent.java:336)
at com.sap.engine.services.timeout.TimeoutNode.run(TimeoutNode.java:56)
at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
at java.security.AccessController.doPrivileged(Native Method)
at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:100)
at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:170)
#1.5#0014221E20B5006B000000D700001484000426C2215A5D37#1168515132578#com.sap.aii.af.protocol.ispeak.services.timer.impl.ISPTimerEvent##com.sap.aii.af.protocol.ispeak.services.timer.impl.ISPTimerEvent.timeout()#J2EE_GUEST#0##cgnsap28_SNW_16885150#XIAFUSER#5edd0c90a16711dbb44c0014221e20b5#SAPEngine_Application_Thread[impl:3]_24##0#0#Error#1#/Version#Plain###Exception occured during timer callback - Message posting Failed.#
#1.5#0014221E20B5006B000000D800001484000426C2215A7168#1168515132593#com.sap.jms##com.sap.jms.server.sessioncontainer.InboundBus instance=default#J2EE_GUEST#0##cgnsap28_SNW_16885150#XIAFUSER#5edd0c90a16711dbb44c0014221e20b5#SAPEngine_Application_Thread[impl:3]_24##0#0#Error##Plain###com.sap.jms.server.exception.JMSServerException: Internal error.
at com.sap.jms.server.sessioncontainer.transactionlog.TransactionLogFileImpl$TxContextImpl.setState(TransactionLogFileImpl.java:131)
at com.sap.jms.server.sessioncontainer.transactionlog.TransactionLogFileImpl.setCommitState(TransactionLogFileImpl.java:391)
at com.sap.jms.server.sessioncontainer.handler.SessionHandler.onRollbackRequest(SessionHandler.java:430)
at com.sap.jms.server.sessioncontainer.handler.SessionHandler.process(SessionHandler.java:112)
at com.sap.jms.server.sessioncontainer.InboundBus.process(InboundBus.java:143)
at com.sap.jms.server.sessioncontainer.InboundBus.enqueue(InboundBus.java:116)
at com.sap.jms.server.sessioncontainer.SessionContainer.receiveFromDispatcher(SessionContainer.java:63)
at com.sap.jms.server.routingcontainer.RoutingContainer.receiveFromDispatcher(RoutingContainer.java:447)
at com.sap.jms.server.JMSServerContainer.dispatchRequest(JMSServerContainer.java:572)
at com.sap.jms.server.SynchronousNetworkAdapter.sendAndWait(SynchronousNetworkAdapter.java:130)
at com.sap.jms.client.connection.Connection.sendPacket(Connection.java:656)
at com.sap.jms.client.session.Session.rollback(Session.java:356)
at com.sap.engine.services.jmsconnector.cci.SessionImpl.rollback(SessionImpl.java:206)
at com.sap.aii.af.protocol.ispeak.services.timer.impl.ISPEventSession.close(ISPEventSession.java:249)
at com.sap.aii.af.protocol.ispeak.services.timer.impl.ISPTimerEvent.timeout(ISPTimerEvent.java:366)
at com.sap.engine.services.timeout.TimeoutNode.run(TimeoutNode.java:56)
at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
at java.security.AccessController.doPrivileged(Native Method)
at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:100)
at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:170)
Caused by: java.io.FileNotFoundException: C:
Documents and Settings
snwadm
sapjms
101a59e
1
TX11d.tx (Access is denied)
at java.io.RandomAccessFile.open(Native Method)
at java.io.RandomAccessFile.<init>(RandomAccessFile.java:204)
at com.sap.jms.server.sessioncontainer.transactionlog.TransactionLogFileImpl$TxContextImpl.assureOpened(TransactionLogFileImpl.java:50)
at com.sap.jms.server.sessioncontainer.transactionlog.TransactionLogFileImpl$TxContextImpl.setState(TransactionLogFileImpl.java:123)
... 19 more
#1.5#0014221E20B5006B000000DA00001484000426C2215A7665#1168515132593#com.sap.jms.client.session.Session##com.sap.jms.client.session.Session#J2EE_GUEST#0##cgnsap28_SNW_16885150#XIAFUSER#5edd0c90a16711dbb44c0014221e20b5#SAPEngine_Application_Thread[impl:3]_24##0#0#Error##Java###checkReceivedPacket
[EXCEPTION]
#1#javax.jms.JMSException: Internal error.
at com.sap.jms.protocol.notification.ServerExceptionResponse.getException(ServerExceptionResponse.java:271)
at com.sap.jms.client.session.Session.checkReceivedPacket(Session.java:2533)
at com.sap.jms.client.session.Session.rollback(Session.java:357)
at com.sap.engine.services.jmsconnector.cci.SessionImpl.rollback(SessionImpl.java:206)
at com.sap.aii.af.protocol.ispeak.services.timer.impl.ISPEventSession.close(ISPEventSession.java:249)
at com.sap.aii.af.protocol.ispeak.services.timer.impl.ISPTimerEvent.timeout(ISPTimerEvent.java:366)
at com.sap.engine.services.timeout.TimeoutNode.run(TimeoutNode.java:56)
at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
at java.security.AccessController.doPrivileged(Native Method)
at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:100)
at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:170)
#1.5#0014221E20B5006B000000DB00001484000426C2215A836C#1168515132593#com.sap.jms##com.sap.jms.server.sessioncontainer.InboundBus instance=default#J2EE_GUEST#0##cgnsap28_SNW_16885150#XIAFUSER#5edd0c90a16711dbb44c0014221e20b5#SAPEngine_Application_Thread[impl:3]_24##0#0#Error##Plain###com.sap.jms.server.exception.JMSServerException: Internal error.
at com.sap.jms.server.sessioncontainer.transactionlog.TransactionLogFileImpl$TxContextImpl.setState(TransactionLogFileImpl.java:131)
at com.sap.jms.server.sessioncontainer.transactionlog.TransactionLogFileImpl.setCommitState(TransactionLogFileImpl.java:391)
at com.sap.jms.server.sessioncontainer.handler.SessionHandler.onRollbackRequest(SessionHandler.java:430)
at com.sap.jms.server.sessioncontainer.handler.SessionHandler.process(SessionHandler.java:112)
at com.sap.jms.server.sessioncontainer.InboundBus.process(InboundBus.java:143)
at com.sap.jms.server.sessioncontainer.InboundBus.enqueue(InboundBus.java:116)
at com.sap.jms.server.sessioncontainer.SessionContainer.receiveFromDispatcher(SessionContainer.java:63)
at com.sap.jms.server.routingcontainer.RoutingContainer.receiveFromDispatcher(RoutingContainer.java:447)
at com.sap.jms.server.JMSServerContainer.dispatchRequest(JMSServerContainer.java:572)
at com.sap.jms.server.SynchronousNetworkAdapter.sendAndWait(SynchronousNetworkAdapter.java:130)
at com.sap.jms.client.connection.Connection.sendPacket(Connection.java:656)
at com.sap.jms.client.session.Session.rollback(Session.java:356)
at com.sap.jms.client.session.Session.close(Session.java:184)
at com.sap.jms.client.xa.SessionAdapter.close(SessionAdapter.java:52)
at com.sap.engine.services.jmsconnector.spi.ManagedSession.sessionClosed(ManagedSession.java:279)
at com.sap.engine.services.jmsconnector.cci.SessionImpl.close(SessionImpl.java:119)
at com.sap.aii.af.protocol.ispeak.services.timer.impl.ISPEventSession.close(ISPEventSession.java:276)
at com.sap.aii.af.protocol.ispeak.services.timer.impl.ISPTimerEvent.timeout(ISPTimerEvent.java:366)
at com.sap.engine.services.timeout.TimeoutNode.run(TimeoutNode.java:56)
at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
at java.security.AccessController.doPrivileged(Native Method)
at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:100)
at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:170)
Caused by: java.io.FileNotFoundException: C:
Documents and Settings
snwadm
sapjms
101a59e
1
TX11d.tx (Access is denied)
at java.io.RandomAccessFile.open(Native Method)
at java.io.RandomAccessFile.<init>(RandomAccessFile.java:204)
at com.sap.jms.server.sessioncontainer.transactionlog.TransactionLogFileImpl$TxContextImpl.assureOpened(TransactionLogFileImpl.java:50)
at com.sap.jms.server.sessioncontainer.transactionlog.TransactionLogFileImpl$TxContextImpl.setState(TransactionLogFileImpl.java:123)
... 22 more
#1.5#0014221E20B5006B000000DD00001484000426C2215A88D2#1168515132593#com.sap.jms.client.session.Session##com.sap.jms.client.session.Session#J2EE_GUEST#0##cgnsap28_SNW_16885150#XIAFUSER#5edd0c90a16711dbb44c0014221e20b5#SAPEngine_Application_Thread[impl:3]_24##0#0#Error##Java###checkReceivedPacket
[EXCEPTION]
#1#javax.jms.JMSException: Internal error.
at com.sap.jms.protocol.notification.ServerExceptionResponse.getException(ServerExceptionResponse.java:271)
at com.sap.jms.client.session.Session.checkReceivedPacket(Session.java:2533)
at com.sap.jms.client.session.Session.rollback(Session.java:357)
at com.sap.jms.client.session.Session.close(Session.java:184)
at com.sap.jms.client.xa.SessionAdapter.close(SessionAdapter.java:52)
at com.sap.engine.services.jmsconnector.spi.ManagedSession.sessionClosed(ManagedSession.java:279)
at com.sap.engine.services.jmsconnector.cci.SessionImpl.close(SessionImpl.java:119)
at com.sap.aii.af.protocol.ispeak.services.timer.impl.ISPEventSession.close(ISPEventSession.java:276)
at com.sap.aii.af.protocol.ispeak.services.timer.impl.ISPTimerEvent.timeout(ISPTimerEvent.java:366)
at com.sap.engine.services.timeout.TimeoutNode.run(TimeoutNode.java:56)
at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
at java.security.AccessController.doPrivileged(Native Method)
at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:100)
at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:170)
#1.5#0014221E20B5006B000000DE00001484000426C2215A95CC#1168515132593#com.sap.jms##com.sap.jms.server.sessioncontainer.InboundBus instance=default#J2EE_GUEST#0##cgnsap28_SNW_16885150#XIAFUSER#5edd0c90a16711dbb44c0014221e20b5#SAPEngine_Application_Thread[impl:3]_24##0#0#Error##Plain###com.sap.jms.server.exception.JMSServerException: Internal error.
at com.sap.jms.server.sessioncontainer.transactionlog.TransactionLogFileImpl$TxContextImpl.setState(TransactionLogFileImpl.java:131)
at com.sap.jms.server.sessioncontainer.transactionlog.TransactionLogFileImpl.setCommitState(TransactionLogFileImpl.java:391)
at com.sap.jms.server.sessioncontainer.handler.SessionHandler.onRollbackRequest(SessionHandler.java:430)
at com.sap.jms.server.sessioncontainer.handler.SessionHandler.process(SessionHandler.java:112)
at com.sap.jms.server.sessioncontainer.InboundBus.process(InboundBus.java:143)
at com.sap.jms.server.sessioncontainer.InboundBus.enqueue(InboundBus.java:116)
at com.sap.jms.server.sessioncontainer.SessionContainer.receiveFromDispatcher(SessionContainer.java:63)
at com.sap.jms.server.routingcontainer.RoutingContainer.receiveFromDispatcher(RoutingContainer.java:447)
at com.sap.jms.server.JMSServerContainer.dispatchRequest(JMSServerContainer.java:572)
at com.sap.jms.server.SynchronousNetworkAdapter.sendAndWait(SynchronousNetworkAdapter.java:130)
at com.sap.jms.client.connection.Connection.sendPacket(Connection.java:656)
at com.sap.jms.client.session.Session.rollback(Session.java:356)
at com.sap.jms.client.session.Session.close(Session.java:184)
at com.sap.jms.client.connection.Connection.close(Connection.java:132)
at com.sap.engine.services.jmsconnector.cci.QueueConnectionFactoryImpl.connectionClosed(QueueConnectionFactoryImpl.java:215)
at com.sap.engine.services.jmsconnector.cci.ConnectionImpl.close(ConnectionImpl.java:268)
at com.sap.engine.services.jmsconnector.cci.QueueConnectionImpl.close(QueueConnectionImpl.java:69)
at com.sap.aii.af.protocol.ispeak.services.timer.impl.ISPEventSession.close(ISPEventSession.java:287)
at com.sap.aii.af.protocol.ispeak.services.timer.impl.ISPTimerEvent.timeout(ISPTimerEvent.java:366)
at com.sap.engine.services.timeout.TimeoutNode.run(TimeoutNode.java:56)
at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
at java.security.AccessController.doPrivileged(Native Method)
at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:100)
at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:170)
Caused by: java.io.FileNotFoundException: C:
Documents and Settings
snwadm
sapjms
101a59e
1
TX11d.tx (Access is denied)
at java.io.RandomAccessFile.open(Native Method)
at java.io.RandomAccessFile.<init>(RandomAccessFile.java:204)
at com.sap.jms.server.sessioncontainer.transactionlog.TransactionLogFileImpl$TxContextImpl.assureOpened(TransactionLogFileImpl.java:50)
at com.sap.jms.server.sessioncontainer.transactionlog.TransactionLogFileImpl$TxContextImpl.setState(TransactionLogFileImpl.java:123)
... 23 more
#1.5#0014221E20B5006B000000E000001484000426C2215A9B81#1168515132593#com.sap.jms.client.session.Session##com.sap.jms.client.session.Session#J2EE_GUEST#0##cgnsap28_SNW_16885150#XIAFUSER#5edd0c90a16711dbb44c0014221e20b5#SAPEngine_Application_Thread[impl:3]_24##0#0#Error##Java###checkReceivedPacket
[EXCEPTION]
#1#javax.jms.JMSException: Internal error.
at com.sap.jms.protocol.notification.ServerExceptionResponse.getException(ServerExceptionResponse.java:271)
at com.sap.jms.client.session.Session.checkReceivedPacket(Session.java:2533)
at com.sap.jms.client.session.Session.rollback(Session.java:357)
at com.sap.jms.client.session.Session.close(Session.java:184)
at com.sap.jms.client.connection.Connection.close(Connection.java:132)
at com.sap.engine.services.jmsconnector.cci.QueueConnectionFactoryImpl.connectionClosed(QueueConnectionFactoryImpl.java:215)
at com.sap.engine.services.jmsconnector.cci.ConnectionImpl.close(ConnectionImpl.java:268)
at com.sap.engine.services.jmsconnector.cci.QueueConnectionImpl.close(QueueConnectionImpl.java:69)
at com.sap.aii.af.protocol.ispeak.services.timer.impl.ISPEventSession.close(ISPEventSession.java:287)
at com.sap.aii.af.protocol.ispeak.services.timer.impl.ISPTimerEvent.timeout(ISPTimerEvent.java:366)
at com.sap.engine.services.timeout.TimeoutNode.run(TimeoutNode.java:56)
at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
at java.security.AccessController.doPrivileged(Native Method)
at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:100)
at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:170)
#1.5#0014221E20B5006B000000E100001484000426C2215A9D34#1168515132593#com.sap.aii.af.protocol.ispeak.services.timer.impl.ISPEventSession##com.sap.aii.af.protocol.ispeak.services.timer.impl.ISPEventSession.close()#J2EE_GUEST#0##cgnsap28_SNW_16885150#XIAFUSER#5edd0c90a16711dbb44c0014221e20b5#SAPEngine_Application_Thread[impl:3]_24##0#0#Error#1#/Version#Plain###Errors occured while closing Event Session#
#1.5#0014221E20B5006B000000E200001484000426C2215A9E25#1168515132593#com.sap.aii.af.protocol.ispeak.services.timer.impl.ISPEventSession##com.sap.aii.af.protocol.ispeak.services.timer.impl.ISPEventSession.close()#J2EE_GUEST#0##cgnsap28_SNW_16885150#XIAFUSER#5edd0c90a16711dbb44c0014221e20b5#SAPEngine_Application_Thread[impl:3]_24##0#0#Error#1#/Version#Plain###Error From List = javax.jms.JMSException: Internal error.
at com.sap.jms.protocol.notification.ServerExceptionResponse.getException(ServerExceptionResponse.java:271)
at com.sap.jms.client.session.Session.checkReceivedPacket(Session.java:2533)
at com.sap.jms.client.session.Session.rollback(Session.java:357)
at com.sap.engine.services.jmsconnector.cci.SessionImpl.rollback(SessionImpl.java:206)
at com.sap.aii.af.protocol.ispeak.services.timer.impl.ISPEventSession.close(ISPEventSession.java:249)
at com.sap.aii.af.protocol.ispeak.services.timer.impl.ISPTimerEvent.timeout(ISPTimerEvent.java:366)
at com.sap.engine.services.timeout.TimeoutNode.run(TimeoutNode.java:56)
at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
at java.security.AccessController.doPrivileged(Native Method)
at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:100)
at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:170)
#1.5#0014221E20B5006B000000E300001484000426C2215A9F86#1168515132593#com.sap.aii.af.protocol.ispeak.services.timer.impl.ISPEventSession##com.sap.aii.af.protocol.ispeak.services.timer.impl.ISPEventSession.close()#J2EE_GUEST#0##cgnsap28_SNW_16885150#XIAFUSER#5edd0c90a16711dbb44c0014221e20b5#SAPEngine_Application_Thread[impl:3]_24##0#0#Error#1#/Version#Plain###Error From List = javax.jms.JMSException: Internal error.
at com.sap.jms.protocol.notification.ServerExceptionResponse.getException(ServerExceptionResponse.java:271)
at com.sap.jms.client.session.Session.checkReceivedPacket(Session.java:2533)
at com.sap.jms.client.session.Session.rollback(Session.java:357)
at com.sap.jms.client.session.Session.close(Session.java:184)
at com.sap.jms.client.xa.SessionAdapter.close(SessionAdapter.java:52)
at com.sap.engine.services.jmsconnector.spi.ManagedSession.sessionClosed(ManagedSession.java:279)
at com.sap.engine.services.jmsconnector.cci.SessionImpl.close(SessionImpl.java:119)
at com.sap.aii.af.protocol.ispeak.services.timer.impl.ISPEventSession.close(ISPEventSession.java:276)
at com.sap.aii.af.protocol.ispeak.services.timer.impl.ISPTimerEvent.timeout(ISPTimerEvent.java:366)
at com.sap.engine.services.timeout.TimeoutNode.run(TimeoutNode.java:56)
at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
at java.security.AccessController.doPrivileged(Native Method)
at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:100)
at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:170)
#1.5#0014221E20B5006B000000E400001484000426C2215AA0F9#1168515132593#com.sap.aii.af.protocol.ispeak.services.timer.impl.ISPEventSession##com.sap.aii.af.protocol.ispeak.services.timer.impl.ISPEventSession.close()#J2EE_GUEST#0##cgnsap28_SNW_16885150#XIAFUSER#5edd0c90a16711dbb44c0014221e20b5#SAPEngine_Application_Thread[impl:3]_24##0#0#Error#1#/Version#Plain###Error From List = javax.jms.JMSException: Internal error.
at com.sap.jms.protocol.notification.ServerExceptionResponse.getException(ServerExceptionResponse.java:271)
at com.sap.jms.client.session.Session.checkReceivedPacket(Session.java:2533)
at com.sap.jms.client.session.Session.rollback(Session.java:357)
at com.sap.jms.client.session.Session.close(Session.java:184)
at com.sap.jms.client.connection.Connection.close(Connection.java:132)
at com.sap.engine.services.jmsconnector.cci.QueueConnectionFactoryImpl.connectionClosed(QueueConnectionFactoryImpl.java:215)
at com.sap.engine.services.jmsconnector.cci.ConnectionImpl.close(ConnectionImpl.java:268)
at com.sap.engine.services.jmsconnector.cci.QueueConnectionImpl.close(QueueConnectionImpl.java:69)
at com.sap.aii.af.protocol.ispeak.services.timer.impl.ISPEventSession.close(ISPEventSession.java:287)
at com.sap.aii.af.protocol.ispeak.services.timer.impl.ISPTimerEvent.timeout(ISPTimerEvent.java:366)
at com.sap.engine.services.timeout.TimeoutNode.run(TimeoutNode.java:56)
at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
at java.security.AccessController.doPrivileged(Native Method)
at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:100)
at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:170)
#1.5#0014221E20B500690000010000001484000426C221AB8C9D#1168515137906#com.sap.engine.services.httpserver##com.sap.engine.services.httpserver#XIAFUSER#358##cgnsap28_SNW_16885150#XIAFUSER#6494fa30a16711dbb56f0014221e20b5#SAPEngine_Application_Thread[impl:3]_28##0#0#Error#1#/System/Server#Plain###User XIAFUSER, IP address
HTTP request processing failed. HTTP error [403] will be returned. The error is [You are not authorized to view the requested resource.No details available].#
#1.5#0014221E20B5006B000000E500001484000426C22324289D#1168515162593#com.sap.jms##com.sap.jms.server.sessioncontainer.InboundBus instance=default#J2EE_GUEST#0####7350a510a16711dba0c40014221e20b5#SAPEngine_Application_Thread[impl:3]_24##0#0#Error##Plain###com.sap.jms.server.exception.JMSServerException: Cannot write to transaction log TX121.tx.
at com.sap.jms.server.sessioncontainer.transactionlog.TransactionLogFileImpl.store(TransactionLogFileImpl.java:289)
at com.sap.jms.server.sessioncontainer.handler.SessionHandler.onMessageRequest(SessionHandler.java:602)
at com.sap.jms.server.sessioncontainer.handler.SessionHandler.process(SessionHandler.java:103)
at com.sap.jms.server.sessioncontainer.InboundBus.process(InboundBus.java:143)
at com.sap.jms.server.sessioncontainer.InboundBus.enqueue(InboundBus.java:116)
at com.sap.jms.server.sessioncontainer.SessionContainer.receiveFromDispatcher(SessionContainer.java:63)
at com.sap.jms.server.routingcontainer.RoutingContainer.receiveFromDispatcher(RoutingContainer.java:447)
at com.sap.jms.server.JMSServerContainer.dispatchRequest(JMSServerContainer.java:572)
at com.sap.jms.server.SynchronousNetworkAdapter.sendAndWait(SynchronousNetworkAdapter.java:130)
at com.sap.jms.client.connection.Connection.sendPacket(Connection.java:656)
at com.sap.jms.client.session.Session.sendMessage(Session.java:1494)
at com.sap.jms.client.session.MessageProducer.send(MessageProducer.java:464)
at com.sap.jms.client.session.MessageProducer.send(MessageProducer.java:276)
at com.sap.jms.client.session.MessageProducer.send(MessageProducer.java:245)
at com.sap.aii.af.protocol.ispeak.services.timer.impl.ISPEventSession.postEvent(ISPEventSession.java:231)
at com.sap.aii.af.protocol.ispeak.services.timer.impl.ISPTimerEvent.fireEvent(ISPTimerEvent.java:298)
at com.sap.aii.af.protocol.ispeak.services.timer.impl.ISPTimerEvent.timeout(ISPTimerEvent.java:336)
at com.sap.engine.services.timeout.TimeoutNode.run(TimeoutNode.java:56)
at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
at java.security.AccessController.doPrivileged(Native Method)
at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:100)
at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:170)
Caused by: java.io.FileNotFoundException: C:
Documents and Settings
snwadm
sapjms
101a59e
1
TX121.tx (Access is denied)
at java.io.RandomAccessFile.open(Native Method)
at java.io.RandomAccessFile.<init>(RandomAccessFile.java:204)
at com.sap.jms.server.sessioncontainer.transactionlog.TransactionLogFileImpl$TxContextImpl.assureOpened(TransactionLogFileImpl.java:50)
at com.sap.jms.server.sessioncontainer.transactionlog.TransactionLogFileImpl.store(TransactionLogFileImpl.java:279)
... 21 more
#1.5#0014221E20B5006B000000E700001484000426C223242E19#1168515162593#com.sap.jms.client.session.Session##com.sap.jms.client.session.Session#J2EE_GUEST#0####7350a510a16711dba0c40014221e20b5#SAPEngine_Application_Thread[impl:3]_24##0#0#Error##Java###checkReceivedPacket
[EXCEPTION]
#1#javax.jms.JMSException: Cannot write to transaction log TX121.tx.
at com.sap.jms.protocol.notification.ServerExceptionResponse.getException(ServerExceptionResponse.java:271)
at com.sap.jms.client.session.Session.checkReceivedPacket(Session.java:2533)
at com.sap.jms.client.session.Session.sendMessage(Session.java:1496)
at com.sap.jms.client.session.MessageProducer.send(MessageProducer.java:464)
at com.sap.jms.client.session.MessageProducer.send(MessageProducer.java:276)
at com.sap.jms.client.session.MessageProducer.send(MessageProducer.java:245)
at com.sap.aii.af.protocol.ispeak.services.timer.impl.ISPEventSession.postEvent(ISPEventSession.java:231)
at com.sap.aii.af.protocol.ispeak.services.timer.impl.ISPTimerEvent.fireEvent(ISPTimerEvent.java:298)
at com.sap.aii.af.protocol.ispeak.services.timer.impl.ISPTimerEvent.timeout(ISPTimerEvent.java:336)
at com.sap.engine.services.timeout.TimeoutNode.run(TimeoutNode.java:56)
at com.sap.engine.core.thread.impl3.ActionObject.run -
Custom Login Module Behavior (JAAS)...Help!
Problem: After successful authentication through a custom login module, the screen stays on the login screen and does not go to the iview you clicked on...
I have created a login module as documented [here|http://help.sap.com/saphelp_nw04s/helpdata/en/46/3ce9402f3f8031e10000000a1550b0/frameset.htm].
I have added a new entry in the authschemes.xml file:
<authscheme name="cglogon">
<authentication-template>
form
</authentication-template>
<priority>21</priority>
<frontendtype>2</frontendtype>
<frontendtarget>com.sap.portal.runtime.logon.certlogon</frontendtarget>
</authscheme>
As you can see above, i wanted to try to use the standard sap screen: com.sap.portal.runtime.logon.certlogon
Also, the logon module stack called "form" contains one and only one login module: mycompany.com.CGLoginModuleClass (REQUISITE)
Here is also the code to my Login() method of my module:
public boolean login() throws LoginException
Exception exception_on_the_way = null;
String passwordString = "";
NameCallback nc = new NameCallback("User:");
PasswordCallback pc = new PasswordCallback("Password:", false);
Callback[] callbacks = new Callback[] { nc, pc };
try
callbackHandler.handle(callbacks);
catch (IOException e)
exception_on_the_way = e;
catch (UnsupportedCallbackException e)
exception_on_the_way = e;
String userid = nc.getName();
char[] password = pc.getPassword();
pc.clearPassword();
if (userid.length() == 0)
throw new LoginException(MISSING_UID);
else
userName = userid;
if (password.length == 0)
throw new LoginException(MISSING_PASSWORD);
else
passwordString = new String(password);
try
refreshUserInfo(userName);
catch (SecurityException e)
exception_on_the_way = e;
if (exception_on_the_way != null)
// A productive application should write an entry
// into the trace here
exception_on_the_way.printStackTrace();
throw new LoginException("Could not handle callbacks");
String eccLoginResult = "";
//eccLoginResult = validateECCAuthentication(userName, passwordString);
if (!eccLoginResult.equals(""))
//throwNewLoginException(eccLoginResult);
//throw new LoginException(USER_AUTH_FAILED);
throwNewLoginException("Wrong UserId/Password", LoginExceptionDetails.WRONG_USERNAME_PASSWORD_COMBINATION);
else
successful = true;
if (sharedState.get(AbstractLoginModule.NAME) == null)
sharedState.put(AbstractLoginModule.NAME, userName);
nameSet = true;
return true;
I set up a random iview in the portal to use our new authentication scheme: cglogon by changing the iview property Authentication Scheme.
After clicking the logon button, My login() method gets called and sucessful is set to true. Also the commit() method gets called.
Problem: However, the screen gets redirected to the logon screen again...
Here is the trace in the logs:
Used Passport Type: 3
#[Security Context : [Security Session (3929) for kcf created at Thu Nov 06 08:40:44 PST 2008]]#
#1.5 #0018FE8C6FD8007200003781000041C100045B07FD434AB8#1225989778316#com.sap.engine.services.security.sessionmanagement##com.sap.engine.services.security.sessionmanagement#kcf#3929##castoldi_EPX_176065950#KCF#a839a030ac2111ddb3dd0018fe8c6fd8#SAPEngine_Application_Thread[impl:3]_35##0#0#Debug##Java###Persistent listeners of {0} notified#1#[Security Context : [Security Session (3929) for kcf created at Thu Nov 06 08:40:44 PST 2008]]#
#1.5 #0018FE8C6FD8007200003782000041C100045B07FD4353D2#1225989778319#com.sap.engine.services.security.authentication.programmatic#sap.com/irj#com.sap.engine.services.security.authentication.programmatic.logon#kcf#3929##castoldi_EPX_176065950#KCF#a839a030ac2111ddb3dd0018fe8c6fd8#SAPEngine_Application_Thread[impl:3]_35##0#0#Path##Java###Entering method with ({0})#1#com.sap.engine.services.servlets_jsp.server.runtime.client.HttpServletRequestFacade@2cbd9a10, com.sap.engine.services.servlets_jsp.server.runtime.client.HttpServletResponseFacade@5db3e73e, cglogon#
#1.5 #0018FE8C6FD8007200003783000041C100045B07FD435510#1225989778319#com.sap.engine.services.security.policyconfiguration#sap.com/irj#com.sap.engine.services.security.policyconfiguration#kcf#3929##castoldi_EPX_176065950#KCF#a839a030ac2111ddb3dd0018fe8c6fd8#SAPEngine_Application_Thread[impl:3]_35##0#0#Debug##Java###Security context [{0}] successfully loaded from cache.#1#form#
#1.5 #0018FE8C6FD8007200003784000041C100045B07FD43559B#1225989778319#com.sap.engine.services.security.policyconfiguration#sap.com/irj#com.sap.engine.services.security.policyconfiguration#kcf#3929##castoldi_EPX_176065950#KCF#a839a030ac2111ddb3dd0018fe8c6fd8#SAPEngine_Application_Thread[impl:3]_35##0#0#Path##Plain###Entering PolicyConfigurationSecurityContext.getAuthenticationContext()#
#1.5 #0018FE8C6FD8007200003785000041C100045B07FD43560F#1225989778319#com.sap.engine.services.security.policyconfiguration#sap.com/irj#com.sap.engine.services.security.policyconfiguration#kcf#3929##castoldi_EPX_176065950#KCF#a839a030ac2111ddb3dd0018fe8c6fd8#SAPEngine_Application_Thread[impl:3]_35##0#0#Path##Plain###Exiting PolicyConfigurationSecurityContext.getAuthenticationContext()#
#1.5 #0018FE8C6FD8007200003786000041C100045B07FD435864#1225989778320#com.sap.engine.services.security.policyconfiguration#sap.com/irj#com.sap.engine.services.security.policyconfiguration#kcf#3929##castoldi_EPX_176065950#KCF#a839a030ac2111ddb3dd0018fe8c6fd8#SAPEngine_Application_Thread[impl:3]_35##0#0#Debug##Java###New policy configuration modification context successfully created for configuration with path [{0}].#1#security/configurations/form#
#1.5 #0018FE8C6FD8007200003787000041C100045B07FD4358F8#1225989778320#com.sap.engine.services.security.policyconfiguration#sap.com/irj#com.sap.engine.services.security.policyconfiguration#kcf#3929##castoldi_EPX_176065950#KCF#a839a030ac2111ddb3dd0018fe8c6fd8#SAPEngine_Application_Thread[impl:3]_35##0#0#Path##Plain###Entering Storage.getStorage(Configuration config)#
#1.5 #0018FE8C6FD8007200003788000041C100045B07FD435983#1225989778320#com.sap.engine.services.security.policyconfiguration#sap.com/irj#com.sap.engine.services.security.policyconfiguration#kcf#3929##castoldi_EPX_176065950#KCF#a839a030ac2111ddb3dd0018fe8c6fd8#SAPEngine_Application_Thread[impl:3]_35##0#0#Debug##Java###New storage [{0}] created.#1#com.sap.engine.services.security.server.storage.AtomicStorage@3091c97c#
#1.5 #0018FE8C6FD8007200003789000041C100045B07FD435A00#1225989778320#com.sap.engine.services.security.policyconfiguration#sap.com/irj#com.sap.engine.services.security.policyconfiguration#kcf#3929##castoldi_EPX_176065950#KCF#a839a030ac2111ddb3dd0018fe8c6fd8#SAPEngine_Application_Thread[impl:3]_35##0#0#Path##Plain###Exiting Storage.getStorage(Configuration config)#
#1.5 #0018FE8C6FD800720000378A000041C100045B07FD435A7B#1225989778320#com.sap.engine.services.security.policyconfiguration#sap.com/irj#com.sap.engine.services.security.policyconfiguration#kcf#3929##castoldi_EPX_176065950#KCF#a839a030ac2111ddb3dd0018fe8c6fd8#SAPEngine_Application_Thread[impl:3]_35##0#0#Path##Plain###Entering Storage.begin()#
#1.5 #0018FE8C6FD800720000378B000041C100045B07FD435B31#1225989778321#com.sap.engine.services.security.policyconfiguration#sap.com/irj#com.sap.engine.services.security.policyconfiguration#kcf#3929##castoldi_EPX_176065950#KCF#a839a030ac2111ddb3dd0018fe8c6fd8#SAPEngine_Application_Thread[impl:3]_35##0#0#Debug##Java###New configuration handler [{0}] created.#1#com.sap.engine.core.configuration.impl.ConfigurationHandlerImpl@334304cd#
#1.5 #0018FE8C6FD800720000378C000041C100045B07FD435BC8#1225989778321#com.sap.engine.services.security.policyconfiguration#sap.com/irj#com.sap.engine.services.security.policyconfiguration#kcf#3929##castoldi_EPX_176065950#KCF#a839a030ac2111ddb3dd0018fe8c6fd8#SAPEngine_Application_Thread[impl:3]_35##0#0#Path##Plain###Exiting Storage.begin()#
#1.5 #0018FE8C6FD800720000378D000041C100045B07FD435C3A#1225989778321#com.sap.engine.services.security.policyconfiguration#sap.com/irj#com.sap.engine.services.security.policyconfiguration#kcf#3929##castoldi_EPX_176065950#KCF#a839a030ac2111ddb3dd0018fe8c6fd8#SAPEngine_Application_Thread[impl:3]_35##0#0#Debug##Plain###New modification bundle started for the current thread.#
#1.5 #0018FE8C6FD800720000378E000041C100045B07FD435CC6#1225989778321#com.sap.engine.services.security.policyconfiguration#sap.com/irj#com.sap.engine.services.security.policyconfiguration#kcf#3929##castoldi_EPX_176065950#KCF#a839a030ac2111ddb3dd0018fe8c6fd8#SAPEngine_Application_Thread[impl:3]_35##0#0#Debug##Java###Trying to get configuration [{0}] from storage; write access [{1}]; create if missing [{2}]#3#security/configurations/form/security/authentication#false#false#
#1.5 #0018FE8C6FD800720000378F000041C100045B07FD435DC0#1225989778321#com.sap.engine.services.security.policyconfiguration#sap.com/irj#com.sap.engine.services.security.policyconfiguration#kcf#3929##castoldi_EPX_176065950#KCF#a839a030ac2111ddb3dd0018fe8c6fd8#SAPEngine_Application_Thread[impl:3]_35##0#0#Debug##Java###Configuration returned from storage successfully [{0}].#1#security/configurations/form/security/authentication#
#1.5 #0018FE8C6FD8007200003790000041C100045B07FD436148#1225989778322#com.sap.engine.services.security.policyconfiguration#sap.com/irj#com.sap.engine.services.security.policyconfiguration#kcf#3929##castoldi_EPX_176065950#KCF#a839a030ac2111ddb3dd0018fe8c6fd8#SAPEngine_Application_Thread[impl:3]_35##0#0#Path##Plain###Entering Storage.forget()#
#1.5 #0018FE8C6FD8007200003791000041C100045B07FD436225#1225989778322#com.sap.engine.services.security.policyconfiguration#sap.com/irj#com.sap.engine.services.security.policyconfiguration#kcf#3929##castoldi_EPX_176065950#KCF#a839a030ac2111ddb3dd0018fe8c6fd8#SAPEngine_Application_Thread[impl:3]_35##0#0#Path##Plain###Exiting Storage.forget()#
#1.5 #0018FE8C6FD8007200003792000041C100045B07FD43629D#1225989778322#com.sap.engine.services.security.policyconfiguration#sap.com/irj#com.sap.engine.services.security.policyconfiguration#kcf#3929##castoldi_EPX_176065950#KCF#a839a030ac2111ddb3dd0018fe8c6fd8#SAPEngine_Application_Thread[impl:3]_35##0#0#Debug##Plain###Successful forget of modification bundle for the current thread.#
#1.5 #0018FE8C6FD8007200003793000041C100045B07FD4363B9#1225989778323#com.sap.engine.services.security.authentication.logincontext#sap.com/irj#com.sap.engine.services.security.authentication.logincontext#kcf#3929##castoldi_EPX_176065950#KCF#a839a030ac2111ddb3dd0018fe8c6fd8#SAPEngine_Application_Thread[impl:3]_35##0#0#Info##Plain###Re-authentication requested.#
#1.5 #0018FE8C6FD8007200003794000041C100045B07FD4364BA#1225989778323#com.sap.engine.services.security.policyconfiguration#sap.com/irj#com.sap.engine.services.security.policyconfiguration#kcf#3929##castoldi_EPX_176065950#KCF#a839a030ac2111ddb3dd0018fe8c6fd8#SAPEngine_Application_Thread[impl:3]_35##0#0#Debug##Java###Security context [{0}] successfully loaded from cache.#1#form#
#1.5 #0018FE8C6FD8007200003795000041C100045B07FD436534#1225989778323#com.sap.engine.services.security.policyconfiguration#sap.com/irj#com.sap.engine.services.security.policyconfiguration#kcf#3929##castoldi_EPX_176065950#KCF#a839a030ac2111ddb3dd0018fe8c6fd8#SAPEngine_Application_Thread[impl:3]_35##0#0#Path##Plain###Entering PolicyConfigurationSecurityContext.getAuthenticationContext()#
#1.5 #0018FE8C6FD8007200003796000041C100045B07FD4365A6#1225989778323#com.sap.engine.services.security.policyconfiguration#sap.com/irj#com.sap.engine.services.security.policyconfiguration#kcf#3929##castoldi_EPX_176065950#KCF#a839a030ac2111ddb3dd0018fe8c6fd8#SAPEngine_Application_Thread[impl:3]_35##0#0#Path##Plain###Exiting PolicyConfigurationSecurityContext.getAuthenticationContext()#
#1.5 #0018FE8C6FD8007200003797000041C100045B07FD439765#1225989778336#com.sap.engine.services.security.authentication.logincontext#sap.com/irj#com.sap.engine.services.security.authentication.logincontext#kcf#3929##castoldi_EPX_176065950#KCF#a839a030ac2111ddb3dd0018fe8c6fd8#SAPEngine_Application_Thread[impl:3]_35##0#0#Info##Java###User [{0}] attempt to re-authenticate.#1#kcf#
#1.5 #0018FE8C6FD8007200003798000041C100045B07FD439CA1#1225989778337#com.sap.engine.services.security.sessionmanagement#sap.com/irj#com.sap.engine.services.security.sessionmanagement#kcf#3929##castoldi_EPX_176065950#KCF#a839a030ac2111ddb3dd0018fe8c6fd8#SAPEngine_Application_Thread[impl:3]_35##0#0#Info##Java###Principal {0} assigned to {1}#2#kcf#[Security Session (3929) for kcf created at Thu Nov 06 08:40:44 PST 2008]#
#1.5 #0018FE8C6FD8007200003799000041C100045B07FD439D6C#1225989778338#com.sap.engine.services.security.sessionmanagement#sap.com/irj#com.sap.engine.services.security.sessionmanagement#kcf#3929##castoldi_EPX_176065950#KCF#a839a030ac2111ddb3dd0018fe8c6fd8#SAPEngine_Application_Thread[impl:3]_35##0#0#Info##Java###Subject {0} assigned to {1}#2#Subject:
Principal: kcf
#[Security Session (3929) for kcf created at Thu Nov 06 08:40:44 PST 2008]#
#1.5 #0018FE8C6FD800720000379A000041C100045B07FD439DF3#1225989778338#com.sap.engine.services.security.authentication.logincontext#sap.com/irj#com.sap.engine.services.security.authentication.logincontext#kcf#3929##castoldi_EPX_176065950#KCF#a839a030ac2111ddb3dd0018fe8c6fd8#SAPEngine_Application_Thread[impl:3]_35##0#0#Info##Java###Re-authentication for user [{0}] successfull.#1#kcf#
#1.5 #0018FE8C6FD800720000379C000041C100045B07FD439F9B#1225989778338#com.sap.engine.services.security.authentication.logincontext#sap.com/irj#com.sap.engine.services.security.authentication.logincontext#kcf#3929##castoldi_EPX_176065950#KCF#a839a030ac2111ddb3dd0018fe8c6fd8#SAPEngine_Application_Thread[impl:3]_35##0#0#Info#1#/System/Security/Authentication#Plain###LOGIN.OK
User: kcf
Authentication Stack: form
Login Module Flag Initialize Login Commit Abort Details
1. mycompany.com.CGLoginModuleClass REQUISITE ok true true
Central Checks true #
#1.5 #0018FE8C6FD800720000379D000041C100045B07FD43A10D#1225989778338#com.sap.engine.services.security.authentication.programmatic#sap.com/irj#com.sap.engine.services.security.authentication.programmatic.logon#kcf#3929##castoldi_EPX_176065950#KCF#a839a030ac2111ddb3dd0018fe8c6fd8#SAPEngine_Application_Thread[impl:3]_35##0#0#Debug##Plain###Security session assigned successfully to the http session.#
#1.5 #0018FE8C6FD800720000379F000041C100045B07FD43CC17#1225989778349#com.sap.engine.services.security.authentication.programmatic#sap.com/irj#com.sap.engine.services.security.authentication.programmatic#kcf#3929##castoldi_EPX_176065950#KCF#a839a030ac2111ddb3dd0018fe8c6fd8#SAPEngine_Application_Thread[impl:3]_35##0#0#Path##Plain###Exiting logon with authenticated subject.#
#1.5 #0018FE8C6FD80072000037A0000041C100045B07FD43D9FE#1225989778353#com.sap.engine.services.security.authentication.programmatic#sap.com/irj#com.sap.engine.services.security.authentication.programmatic.isAuthenticated#kcf#3929##castoldi_EPX_176065950#KCF#a839a030ac2111ddb3dd0018fe8c6fd8#SAPEngine_Application_Thread[impl:3]_35##0#0#Path##Java###Entering method with ({0})#1#KCF#
#1.5 #0018FE8C6FD80072000037A1000041C100045B07FD43DAC6#1225989778353#com.sap.engine.services.security.authentication.programmatic#sap.com/irj#com.sap.engine.services.security.authentication.programmatic.isAuthenticated#kcf#3929##castoldi_EPX_176065950#KCF#a839a030ac2111ddb3dd0018fe8c6fd8#SAPEngine_Application_Thread[impl:3]_35##0#0#Path##Java###Exiting method with {0}#1#false#
#1.5 #0018FE8C6FD80072000037A2000041C100045B07FD440358#1225989778364#com.sap.engine.services.security.authentication.logonapplication#sap.com/irj#com.sap.engine.services.security.authentication.logonapplication.initBeans#kcf#3929##castoldi_EPX_176065950#KCF#a839a030ac2111ddb3dd0018fe8c6fd8#SAPEngine_Application_Thread[impl:3]_35##0#0#Info##Plain###LanguagesBean created#
#1.5 #0018FE8C6FD80072000037A3000041C100045B07FD44045E#1225989778364#com.sap.engine.services.security.authentication.logonapplication#sap.com/irj#com.sap.engine.services.security.authentication.logonapplication.executeRequest#kcf#3929##castoldi_EPX_176065950#KCF#a839a030ac2111ddb3dd0018fe8c6fd8#SAPEngine_Application_Thread[impl:3]_35##0#0#Info##Plain###No command found, forwarding to umLogonPage#
#1.5 #0018FE8C6FD80072000037A4000041C100045B07FD4429BF#1225989778373#com.sap.engine.services.security.sessionmanagement##com.sap.engine.services.security.sessionmanagement#kcf#3929##castoldi_EPX_176065950#KCF#a839a030ac2111ddb3dd0018fe8c6fd8#SAPEngine_Application_Thread[impl:3]_35##0#0#Path##Java###Entering SecurityContext.empty() on {0}#1#[Security Context : [Security Session (3929) for kcf created at Thu Nov 06 08:40:44 PST 2008]]#
#1.5 #0018FE8C6FD80072000037A5000041C100045B07FD442AC1#1225989778374#com.sap.engine.services.security.sessionmanagement##com.sap.engine.services.security.sessionmanagement#Guest#0##castoldi_EPX_176065950#KCF#a839a030ac2111ddb3dd0018fe8c6fd8#SAPEngine_Application_Thread[impl:3]_35##0#0#Debug##Java###Notifying persistent listener {0} of {1}#2#
User ID : kcf
Service Type : Web Request
Action Name : Appl.: irj:com.cg.ivu_saplogon_0
Action Type : http
Additional Info : null
CPU Time [us] : 0
Queue Time [us] : 4295152
No of ext. calls : 0
Edited by: K Ferguson on Nov 6, 2008 6:07 PMI am facing the same problem.
And how was is solved ?
Thanks -
OpenSSO Enterprise Login Module for IDM 7.1
I have a fully configured OpenSSO Enterprise environment running on Glassfish v2.1 and am trying to implement SSO into an IDM 7.1 environment that is also running on a Glassfish 2.1 server with a centrally managed v3.0 policy agent.
While working my way through the "Integration Guide" for IDM and OpenSSO I've come to the step where I am to change the Identity Manager Login Module Groups. We are not provisioning directly from IDM to OpenSSO but rather to the LDAP that OpenSSO authenticates with so I have not configured the OpenSSO resource adapter.
When I get to Assigning the Login Module I initially did not have the Sun OpenSSO Realm Login Module so i want back and added a custom resource called: com.waveset.adapter.SunAccessManagerRealmResourceAdapter which was available because I had put the openssoclientsdk.jar in the idm/WEB-INF/lib folder and added that to the class suffix in the JVM settings.
The Realm resource adapter appears to work as I can create a new instance and am prompted for the correct fields.
When i go back to assign the Login Module I now get a Sun Access Manager Realm Adapter in the dropdown box but cannot select it.
The question is, where do I get the custom login module that will allow IDM 7.1 to work with OpenSSO Enterprise?
Thanks, CraigHi ,
I am a colleague of Peter, just to straighten out our problem.
Our custom login module extends AMLoginModule and when the Access Manager instantiates the object it calls the method defined in AMLoginModule :
" public Callback[] getCallback(int index) "
This method contains a call to "AMModuleProperties.getModuleProperties(fileName);"
Our problem is, das the method is already called with filename being null, which is the cause for the Exception to be thrown.
So could anybody give us a hint what filename is supposed to be at this point? As it seems that Access Manager is lacking a property which it normally would associate with filename.
My first guess was that it is looking for <moduleName>.xml, but this file is properly located in "/etc/opt/SUNWam/config/xml" and accessible.
Any help appreciated.
Thank you in advance! -
Dynamic System Resolution and Custom Login Modules
I'm trying to achieve the following, and wondered whether anyone could validate that is possible, and possible solutions.
We want to use Dynamic System Resolution to programatically determine which system alias (and therefore which R3 client) should be returned based on the user. So far so good.
When the user logs in, we want them to be able to specify which R3 client they wish to use whilst logged in to EP. We are considering writing a custom login module to do this, which will strip the client the user wishes to use out of the j_user username, and stores the client value *somewhere* so that the Dynamic System Resolution code can access it and base the system alias it returns on the user's prefered client.
Considering the DSR code only has access to the IUser object it would be handy if our login module could store the prefered client as an attribute in the IUser object. Is it possible to set custom attributes in custom login modules for a given user?
We want to do this to avoid having to have an EP instance per client in a given R3 system, and to avoid duplicating worksets by creating delta linked copies and overriding the client number.
Any suggestions?
Cheers,
SteveHello,
Before even doing such an elaborated construction, I do not succeed in writing a working Dynamic System Resolution.
The service doing the resolution is never called when the method getSystemID() is invoked.
I know that the registry is read (I first test with a system alias which was in the PCD and get an error when debugging, I forget that you cannot use the same system alias in the PCD and in the Dynamic System Resolution service) but afterward the resolving service is not called.
Has anyone an idea ?
Thanks a lot
Best regards
Richard -
How to configure Login Modules Stack for Kerberos/LDAP
Hello collegues,
currenty we are working on UME configuration for the following use case.
Clustered portal instance NW2004s running on AIX should be able to authenificate two groups of users.
The first one is described by LDAP Data Source (Sun Directory Server) and using some artificial unique userID. Based on this userID, the SSO Ticket is created to get acces to the backend R/3 system. The LDAP schema has an "userdomain" attribute in it.
The new group using ADS. These users are happy using it, because they have windows-based authentification and don't forced to type any credentials during login.
There are plenty of blogs decribing how to connect ADS (even as a second DataSource) to UME.
There are two unsolved problems:
1. ADS account attributes does not have the userID needed to get an SSO Ticket
2. LDAP DataSource has no ADS password and can not be used for Kerberos authentification.
What could be a solution for this case? I am sure we need an extra login module which enrich the Subject (user, which is already authentificated by SPNego module) with userID, selected from LDAP DataSource based on user attributes.
Is there any other solution? May be I can mix some attributes in a DataSource configuration file?
Best regards
Sergej NaimarkHi Frank,
did you configure the SSO for an individual policy configuration or did you edit and save the changes the ticket policy config? I ask, b/c if you applied the changes to the individual policy config then the SSO with certificates will be used <b>only</b> when you access the applications for that policy config.
You can also double check the login module flags - perhaps the authentication check doesn't reach the ClientCertLM at all.
Since you followed the help portal instruction I assume you've enabled strong crypto - it is required for client cert SSO. Ano easily committed mistake is to also not use the HTTPS port in the access URL.
Let me know if this helps...
Yonko -
Custom Login Modules - JAAS API to get AppConfigurationEntry-s
After adding Login Modules via the Visual Admin for the J2EE engine, is there default application name by which they are registered (see "what.goes.here" in the snippet below)?
I need to access an instance of a JAAS Login Module.
import javax.security.auth.login.Configuration;
import javax.security.auth.login.AppConfigurationEntry;
Configuration c = Configuration.getConfiguration();
AppConfigurationEntry[] entries = c.getAppConfigurationEntry( "what.goes.here" );
Thanks.
James Walkup
MomentumSI Inc.
Austin, Texas, USAHello there again xtanto,
I blogged about this last year - perhaps you could run over to http://stegemanoracle.blogspot.com and have a look. I'd send you the exact link, but I cannot access blogspot from work.
John -
Opinions on implementing a JAAS login module to achieve SSO
We are looking at implementing SSO from a sharepoint website to the portal. The users who are accessing the Sharepoint site are using their own computers and are not members of the AD Domain, so they could theoretically be using any computer in the world to access Sharepoint.
the desired user experience looks something like this.
user--login> sharepoint site -no login--
>portal
One of the methods we are looking at to achieve this is to implement a custom JAAS login module that would authenticate the user if they are coming from the Sharepoint site.
I would like to get your opinions on how viable you think this method is. One of the goals of this method is ease of implementation, so if you can think of an easier way to implement this please let us know.
the method is basically this.
1. User logs into sharepoint using their AD username and password and establish an active session with sharepoint
2. user navigates to a link in sharepoint that points to a resource in the SAP Portal
3. we don't want the user to have to login to access the resource when they click on the link
4. to facilitate this, sharepoint has constructed the link in the following way
5. the link is an https link
6. the link has two additional parameters in addition to whatever is necessary to navigate to the resource
7. the parameters are
8. un = the users AD username
9. uh = sha1("secret_password_known_to_both_the_login_module_and_sharepoint" + "username")
10. the user clicks the link and is directed to the SAP portal
11. the sap portal has a custom JAAS login module which performs it's checks before the other login modules
12. the custom module computes ( sha1("secret_password_known_to_both_the_login_module_and_sharepoint" + un)) and then compares the result with uh, if they are equal, the custom login module authenticates the user bypassing any further need for authentication, otherwise authentication passes to the original authentication modules as normal.
If you think there is an easier way, please let us know. We are essentially looking for the easiest/fastest way to implement this functionality that is still secure.Hey Gary,
I'm currently using Apache running on RedHat that leverage Apache's mod_rewrite module. I've got a bank of 6 reverse proxies sitting in front of an SAP Portal and each proxy runs on a host with dual 3.33GHz processors and 8Gb or RAM. I know... they're waaay over-sized and they pretty much snooze all day.
This is the sole entry point for all SAP users and we sized them to accommodate the "worst case" of about 5000 (potential) named users, concurrently. Realistically, we've only ever had about 1500 unique users hitting the systems in a day (following an upgrade go-live, everybody is curious and wants to log on) and a typical load of about 500 to 750 users in a day.
Never had a real performance problem to speak of. As long as the proxies are tuned properly (ssl cache, sessions, etc.), you should be fine.
Setting header variables and some other "custom stuff" is handled in Perl (need Apache's mod_perl active). We've got a script that's called by all users before being passed to the Portal.
We used IISProxy.dll with an IIS web server a long time ago (5 years maybe?) but opted to can it in favor of the approach described above.
If you ask SAP, they'll recommend you use a WebDispatcher... and that's certainly an option as well.
-Kevin
Maybe you are looking for
-
Memory Card or Phone Issue????
Hi guys, I really need help so badly. I am using E71 and im having hardtime to transfer my files (photos, videos, and musics) from comp to my phone and vice versa. When i connecting my phone to comp using USB Cable the device will act as remova
-
How to hide a tabpages in a tab canvas
Hi All, I am using oracle Apps R12.2 and forms 10g version I have Tab canvas in my page and it contain two page. My requirement is when the user is "PROC HEAD" means the Tab_page2 is Visible and able to acces.When other user logged means the tab shou
-
My phone Number shows as unknown
my phone numbee is showing unknown in phone setting how do I correct that
-
Will a Thailand bought iPad work ok in the uk?
Hey guys, I am from the uk, currently living in bangkok. I am going home for two weeks over Xmas and want to buy a 16gb wi-fi ipad mini for my parents from here as they are cheaper but will it work ok? I brought an iPhone here with me and that works
-
I have PS elements 10 and just got a new canon 5d mkiii.
I have PS elements 10 and just got a new canon 5d mkiii. I can't get my files to open in camera raw. I checked my plug in and i have version 6.5. I did the camera raw update and downloaded the dng software.I also downloaded the adobe app manager. I a