Programmatic Authentication API

Readin through the WL Server 8.1 docs on security, there is a section which talks
about "Using the Programmatic Authentication API" in web apps, as opposed to posting
to j_security_check. That section talks about two built-in CallbackHandler impls
named SimpleCallbackHandler and URLCallbackHandler. What is the purpose of the
URLCallbackHandler? Specifically, what is the URL passed into the constrauctor
supposed to represent?
The docs say to look at the javadoc comments which, unfortunately, are completely
useless.
TIA

"Steve Ebersole" <[email protected]> wrote in message
news:3f9532fa$[email protected]..
>
Readin through the WL Server 8.1 docs on security, there is a sectionwhich talks
about "Using the Programmatic Authentication API" in web apps, as opposedto posting
to j_security_check. That section talks about two built-inCallbackHandler impls
named SimpleCallbackHandler and URLCallbackHandler. What is the purposeof the
URLCallbackHandler? Specifically, what is the URL passed into theconstrauctor
supposed to represent?
The URLcallbackhandler is used primarily for fat clients that are using jaas
to login
into the server. The url is that of the server.

Similar Messages

  • Weblogic Security Programmatic Authentication API

    Hi all,
    I am trying to use weblogic authentication API with weblogic 11g and jdeveloper 11.1.1.2.
    According to programming security document, we can use weblogic.security.SimpleCallbackHandler or weblogic.security.URLCallbackHandler class.
    But i don't see any library to import those class.
    where can i download those library?
    With Regards,
    Wai Phyo

    Where can i get this Jar(com.bea.core.weblogic.security_2.0.1.0.jar). I have installed Weblogic10.3 on jdk1.6 and it has com.bea.core.weblogic.security_1.0.0.0_6-0-3-0.jar which does not have the weblogic.security.spi.AuthenticationProviderV2.
    Any help on this will be really appreciated.
    Thanks.
    Ajay

  • Authentication APIs

    Guys,
    can any one tell me from where i can download the API for Identity Server Authentication for ex.com.sun.identity.authentication api.
    Thanks,
    Ramnath

    Hi,
    Let me first let you know my requirement. Actually, I have to implement SSO between Oracle e-Business Suite v12 and a third party system.
    In this use case, incoming request first goes to third party system that will take authentication and authorization decision and upon successful it will add user name in the http header and forward the request to Oracle e-Business Suite login code.
    So, we have to modify/extend the login code from Oracle e-Business Suite so that it could read the value of HTTP Header, which was set by the third party application and then we will have to locate this user in FND_USER.
    My questions around this are:
    1- Does Oracle e-Business Suite provide APIs to locate any user if user name/userid is given?If yes, then please provide me the link to understand the usage of this API.
    2- The name of the file which does the job of login/authentication?
    Thanks,
    Shyam

  • Examples of creating Page Def and Data Bindings programmatically by API

    We are trying to find any examples creating Page Def and Data Bindings programmatically by API. We are working on a new project in which we need to generate Page Def and Data Bindings dynamically by API.

    Hi,
    I am not aware of such an API
    Frank

  • Authentication APIs in Oracle e-Business Suite

    Hi All,
    Does Oracle e-business suite offers any authentication APIs?
    If yes, then please provide me pointer for the same.
    Thanks,
    Shyam

    Hi,
    Let me first let you know my requirement. Actually, I have to implement SSO between Oracle e-Business Suite v12 and a third party system.
    In this use case, incoming request first goes to third party system that will take authentication and authorization decision and upon successful it will add user name in the http header and forward the request to Oracle e-Business Suite login code.
    So, we have to modify/extend the login code from Oracle e-Business Suite so that it could read the value of HTTP Header, which was set by the third party application and then we will have to locate this user in FND_USER.
    My questions around this are:
    1- Does Oracle e-Business Suite provide APIs to locate any user if user name/userid is given?If yes, then please provide me the link to understand the usage of this API.
    2- The name of the file which does the job of login/authentication?
    Thanks,
    Shyam

  • Programmatic authentication using Struts

    Are there any examples of Programmatic authentication within the application using Struts as the controller?
    (p 2-83 of developer's guide)

    Peter,
    I was able to implement the login screen on the JhsDemoStart, but when I try to implement it on my own application I get the following message:
    No view defined for dataObject glaverbel.zgn.model.JhsUser. Please specify in dataObjects.properties which view should be used.
    Here's the content of dataObjects.properties:
    glaverbel.zgn.model.JhsUser.JhsUsersView=JhsUsersView
    glaverbel.zgn.model.TimeSheets.TabTimeZgn_tsf_8010jView=TabTimeZgn_tsf_8010jView
    glaverbel.zgn.model.ZgnTasks.ZgnTskRlovLovView=ZgnTskRlovLovView
    glaverbel.zgn.model.ZgnResActLovZgn_tsf_8010jLovView.ZgnResActLovZgn_tsf_8010jLovView=ZgnResActLovZgn_tsf_8010jLovView
    glaverbel.zgn.model.SubActivities.ZgnSacRlovLovView=ZgnSacRlovLovView
    glaverbel.zgn.model.TravelNights.TabMissionZgn_tsf_8010jView=TabMissionZgn_tsf_8010jView
    glaverbel.zgn.model.Countries.ZgnCtyRlovLovView=ZgnCtyRlovLovView
    Here's the content of deployment.properties:
    glaverbel.zgn.model.JhsUser=ZgnProvider
    glaverbel.zgn.model.TimeSheets=ZgnProvider
    glaverbel.zgn.model.ZgnTasks=ZgnProvider
    glaverbel.zgn.model.ZgnResActLovZgn_tsf_8010jLovView=ZgnProvider
    glaverbel.zgn.model.SubActivities=ZgnProvider
    glaverbel.zgn.model.TravelNights=ZgnProvider
    glaverbel.zgn.model.Countries=ZgnProvider
    Here's the section that validates user in struts-config.xml:
    <action path="validateLoginUser" type="oracle.jheadstart.controller.struts.action.ValidateScreenLogin">
    <set-property property="dataObjectInterface" value="glaverbel.zgn.model.JhsUser"/>
    <forward name="success" path="forwardToRequestedURL" />
    <forward name="userError" path="uix/LoginPage.uix"/>
    </action>
    When I remove the authentication filter in web.xml, it works fine.
    The application module works fine as well.
    It seems it's the ValidateScreenLogin that cannot find the ressource glaverbel.zgn.model.JhsUser.
    Any Idea?

  • Programmatic authentication in OC4J

    In my web application I use a custom JAAS login module to authenticate users and cannot use standard authentication methods (Form-based, Basic etc). In this case getUserPrincipal() method always returns null. How can I programmatically authenticate users so that I could use this method and declarative security?
    Thank you in advance
    Ivan

    Ivan. I strongly suggest you to download the VSM Example based on J2EE 1.2. (webstore.jar)
    It is based on a very friendly MVC Framework, and it is easy to extend to use a form-based authentication and more features.
    I hope this may be helpful.
    Francisco

  • How to define the CallbackHandler in programmatic authentication

    Hi there,
    we have an own authentication stack named "ticket" and want to trigger its checks programmatically in a servlet, serving as a kind of gatekeeper and redirecting to the proper URL if login was sucessful. According to the documentation, this is one of two options ("programmatically" vs. "configured").
    Since I didn't find an appropriate code sample, I tried to figure it out on my own:
    protected void doPost(
      HttpServletRequest request,
      HttpServletResponse response)
        throws ServletException, IOException {
        try {
          LoginContext lc = new LoginContext(authenticationStack);
          lc.login();                                        
         String redirectURL = getRedirectURL(request);
         response.sendRedirect(redirectURL);
        catch (LoginException le) {
    When the servlet is called, we get the error:
    Error: No CallbackHandler available to garner authentication information from the user. ticket
    I guess that the CallbackHandler has to somehow pass the HTTP request object to the authentication layer. I have seen that there is a constructor for LoginContext having a callbackHandler as second argument. But I wonder what to fill in there.
    Can someone help me what to fill in for "callbackHandler"? Is there a sample code containing an implementation of this interface for this very simple and straightforward servlet case?
    Thanks and regards,
    Rüdiger

    The tests were positive. The above code will go productive.
    Just for documentation purposes, before finally deleting unused  code parts, I copy them into this thread:
    Invoking a single authentication method, not a complete stack
    This can be achieved with code similar to the following:
    /* Einzelne Anmeldung, kein ganzer Stack!!! */
    ILogonAuthentication authenticator = UMFactory.getLogonAuthenticator();;
      try {                        
        authenticator.logon(request, response, authenticationStack);
       String redirectURL = getRedirectURL(request);
       response.sendRedirect(redirectURL);
      } catch (LoginException e) {
            response.setHeader( "WWW-Authenticate", authenticationRealm);
            response.sendError(HttpServletResponse.SC_UNAUTHORIZED,
                "SRM-Anmeldung '" + authenticationStack + "' fehlgeschlagen");                    
    A callback handler for test purposes
    If you want to know which callbacks are triggered by your authentication stack, you can define your own callback handler and pass it to the login context instead. 
    I worked with a local (inner) class for this purpose. I had to use reflection to dynamically call a "getName" method, since the actual callback classes where partly hidden.
    /* Wird nicht mehr benötigt, wir können direkt den SAPJ2EECallbackHandler instanziieren */
    private static class TheCallbackHandler implements CallbackHandler {
      private HttpServletRequest request;
      private HttpServletResponse response;
      private TheCallbackHandler(HttpServletRequest request, HttpServletResponse response) {
        this.request  = request;               
        this.response = response;               
    public void handle(Callback[] callbacks)
        throws IOException, UnsupportedCallbackException {
          NameCallback nc = null;
         PrintWriter rw = response.getWriter();
         rw.println(callbacks.length + "Zeilen. <br>");
        for (int i=0;i<callbacks.length;i++) {
            rw.println( i + ":" + callbacks<i>.getClass().getName()+"<br>");
      for (int i = 0; i < callbacks.length; i++) {
    // Müssen Reflection benutzen, denn die folgende Klasse ist leider unerreichbar
    // com.sap.engine.lib.security.http.HttpGetterCallback
         String getName = null;
         Object retVal;
         try {
            retVal = callbacks<i>.getClass().getMethod("getName",null).invoke(callbacks<i>, null );
            getName = (String) retVal ;
            rw.println( getName + "<br>");
            } catch ( Throwable e) {
                e.printStackTrace( response.getWriter() );

  • ESSO-LM Secondary Authentication API

    Hi
    I am facing problem to implement Custom Secondary Authentication Library with ESSO -LM for Passphrase prompt.
    I have gone through documents, but it is not helpful up to much extend.
    Does anyone have implemented this one or any idea?

    You can do it by changing authentication level in LMconsole.
    Chage the setting write this setting to hklm.
    Check also documents for AM. you will get helped.

  • Password Caching in SALT when using Basic Authentication?

    We are experiencing an issue in which a user changes their logon password using a thick client application, but is unable to use the changed password when connecting to the same password store through the SALT gateway.
    We suspect that either the browser or the SALT Gateway itself is caching the password. How is this designed to work? Do we have to send something in the header to force it use the password being sent?
    We suspect the user is submitting the logon request from an existing browser window which authenticated against SALT prior to them changing the password in the thick client.
    Thanks
    Amin

    As far as I know, vendors are not required to rely on a JAAS LoginContext to perform BASIC auth. Different vendor implementations may do different things. So you may have to rely on a programmatic logout API, but I'm not personally aware of any standard API for this.

  • (JAAS) Getting LoginContext when using BASIC authentication

    I am using basic authentication in JAAS to authenticate users for JSF web resources. My web.xml is configured as follows:
    <login-config>
    <auth-method>BASIC</auth-method>
    <realm-name>eccgroup</realm-name>
    </login-config>
    How can I get hold of the LoginContext that (I assume) was created in order to logout?
    The Principal is available on the HTTPRequest but I cannot find where the LoginContext is stored?

    As far as I know, vendors are not required to rely on a JAAS LoginContext to perform BASIC auth. Different vendor implementations may do different things. So you may have to rely on a programmatic logout API, but I'm not personally aware of any standard API for this.

  • Programmatic interface to get zone's root file system

    Hi,
    I am a newcomer to solaris zones. Is there any programmatic (C API) way to know the path to root file system of a zone given its name, from the global zone?
    Thanks!

    A truss of zoneadm list -cv shows a bunch of zone related calls like:
    zone_lookup()
    zone_list()
    zone_getattr()
    Using the truss output as an example and including /usr/include/sys/zones.h and linking to libzonecfg
    (and maybe libzoneinfo) seems like a fairly straight-forward path to getting the info you are looking for.
    You could also parse /etc/zones/index
    which is (on my s10_63 machine) a colon seperated flat file containing [zone:install state:root path] that looks like:
    global:installed:/
    demo1:installed:/zones/demo1
    demo2:installed:/zones/demo2
    demo3:installed:/zones/demo3
    foo:installed:/zones/foo
    ldap1:installed:/zones/ldap1
    Neither of these methods are documented, so they are certainly subject to change or removal.
    Good luck!
    -William Hathaway

  • Web Services Authentication Error - AUTH_0005

    Authentication via the AuthenticationService is successful, returning a  valid Session ID.  Authentication via passing an AuthenticationToken in  the SOAP Header fails with an error of AUTH_0005 The user name header is  invalid ....
    We are calling newScale web  services from an external application.  Making a call to the  AuthenticationService using this SOAP request is successful:
    <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:aut="http://authentication.api.newscale.com">
        <soapenv:Header/>
        <soapenv:Body>
           <aut:authenticate>
              <aut:userName>username</aut:userName>
              <aut:password>password</aut:password>
           </aut:authenticate>
        </soapenv:Body>
    </soapenv:Envelope>
    The return data is:
    <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
        <soap:Header>
           <AuthenticationToken>
              <Username>username</Username>
              <SessionId>1FD9023262278342CACF63D0D6C5A8F2</SessionId>
           </AuthenticationToken>
        </soap:Header>
        <soap:Body>
           <ns1:authenticateResponse xmlns:ns1="http://authentication.api.newscale.com">
              <ns1:personInfo>
                 <active xmlns="http://authentication.api.newscale.com">false</active>
                 <email xmlns="http://authentication.api.newscale.com">[email protected]</email>
                 <employeeCode xsi:nil="true" xmlns="http://authentication.api.newscale.com"/>
                 <firstName xmlns="http://authentication.api.newscale.com">user</firstName>
                 <homeOrganizationalUnitName xsi:nil="true" xmlns="http://authentication.api.newscale.com"/>
                 <lastName xmlns="http://authentication.api.newscale.com">name</lastName>
                 <localeName xsi:nil="true" xmlns="http://authentication.api.newscale.com"/>
                 <login xmlns="http://authentication.api.newscale.com">username</login>
                 <managerEmail xsi:nil="true" xmlns="http://authentication.api.newscale.com"/>
                 <managerName xsi:nil="true" xmlns="http://authentication.api.newscale.com"/>
                 <managerPhone xsi:nil="true" xmlns="http://authentication.api.newscale.com"/>
                 <placeName xsi:nil="true" xmlns="http://authentication.api.newscale.com"/>
                 <status xmlns="http://authentication.api.newscale.com">0</status>
                 <timeZoneName xsi:nil="true" xmlns="http://authentication.api.newscale.com"/>
                 <title xsi:nil="true" xmlns="http://authentication.api.newscale.com"/>
              </ns1:personInfo>
           </ns1:authenticateResponse>
        </soap:Body>
    </soap:Envelope>
    However,  when we pass credentials in an AuthenticationToken when accessing any  of the other services, we get an error.  For example:
    <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:req="http://requisition.api.newscale.com">
        <soapenv:Header>
           <req:AuthenticationToken>
              <req:Username>username</req:Username>
              <req:Password>password</req:Password>
           </req:AuthenticationToken>
        </soapenv:Header>
        <soapenv:Body>
           <req:getServiceDefinition>
              <req:initiatorLoginName>username</req:initiatorLoginName>
              <req:customerLoginName>username</req:customerLoginName>
              <req:serviceName>VMSpinup</req:serviceName>
           </req:getServiceDefinition>
        </soapenv:Body>
    </soapenv:Envelope>
    Yields this error:
    <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
        <soap:Body>
           <soap:Fault>
              <faultcode>soap:Server</faultcode>
              <faultstring>The user name header is invalid. It is  either not present or empty!. Please send a valid  header.</faultstring>
              <detail>
                 <RequisitionFault xmlns="http://requisition.api.newscale.com">
                    <errorCode>AUTH_0005</errorCode>
                    <errorMessage>The user name header is invalid. It  is either not present or empty!. Please send a valid  header.</errorMessage>
                 </RequisitionFault>
              </detail>
           </soap:Fault>
        </soap:Body>
    </soap:Envelope>
    Unfortunately,  I cannot find any details on the meaning of this error or what its  cause is.  There appears to be a valud SOAP header.  Is it talking about  the HTTP header instead?
    Thanks.

    I posted this same question here on the form, bottom line this does not work. You need to pass in the username and password each time
    https://supportforums.cisco.com/message/3492955#3492955

  • API for modifyting config.xml (or reading it)

    In 5.1 there used to be T3ServicesDef.config() to get the weblogic.properties
    file.
    Since this file has been changed to XML format, is there any API
    to read it or modify it.
    In the Admin Guide it says:
    "WebLogic Server includes a configuration Application Programmatic
    Interface (API) which can be used by programs to modify configuration
    attributes of resources in the domain. "
    but I don't find any documentation on API and T3Services.config()
    has disappeared in 6.0.
    Can someone help me.
    Sushil

    There are Config MBeans to get information about the server configuration. Have
    a look at the Javadocs for the weblogic.management.configuration package for more
    info...
    Sushil Goel wrote:
    In 5.1 there used to be T3ServicesDef.config() to get the weblogic.properties
    file.
    Since this file has been changed to XML format, is there any API
    to read it or modify it.
    In the Admin Guide it says:
    "WebLogic Server includes a configuration Application Programmatic
    Interface (API) which can be used by programs to modify configuration
    attributes of resources in the domain. "
    but I don't find any documentation on API and T3Services.config()
    has disappeared in 6.0.
    Can someone help me.
    Sushil

  • Recommendations for a UML Library (programmatic)

    Hello All,
    Can anyone recommend a programmatic UML API?
    I want to generate UML diagrams by reverse engineering classes of interest that can be rendered in a web page. I was planning on using reflection to introspect my classes, so a programmatic library seems ideal. I'm also only interested in a subset of the classes fields. I'd like to eventually publish the maps to a wiki through maven.
    I am presently looking at Linguine Maps, but was interested if anyone knows of other ones I should evaluate as well, especially ones that render nicer looking diagrams.
    Thanks in Advance,
    Steven

    Hi Noel,
    Could you help
    provide a specific question?  I think your issue is out of our support.
    This forum is to discuss problems of C# code development.
    By the way , if you have some voice about
    C# video framework, please post your advice
    here.
    Have a nice day!
    Kristin
    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
    Click
    HERE to participate the survey.

Maybe you are looking for

  • Disaggregation of Key figure not in proportion at monthly bucket

    Dear Expert, Please find the below case. Here Key figure 2 is disaggregated based on Key figure 1 (Calculation Type P) also we maintained Time based disaggregation K. The issue is - if you check total, it is 13 for both key figures as shown in below

  • Firewire Hard Drive corrupts OS Lion and will not boot

    I have re-installed OS lion on my macbook pro 5-6 times now. There seems to be some conflict with my firewire hard drive enclosure which causing it not to boot shortly after using it when restarting. I am trying to get all my data off this hard drive

  • How to archives sales orders after a certain frame-say 1 week

    Basically We want the facility where the system automatically archives sls orders after a certain timeframe - ie one week. Sls order is raised for the customer, if during 7 days it is not processed through the SD cycle the system automatically archiv

  • EJB not bound

    Hello Recently i faced an Exception when i run the client that "EJB not Bound exception". It only comes on Entity bean when i run any session bean i run porperly i don't know whats happen with Entity bean plz guide me on that i m using Jboss server.

  • Want to send public message to all oracle apps users while instance up

    Dear For the oracle apps & db maintenance activities, i would like to send public message, example 'Application will not available for 30 minutes from now'. This message must pop-up on user session. How can i achieve this? Help me!