Programmatic authentication in OC4J

In my web application I use a custom JAAS login module to authenticate users and cannot use standard authentication methods (Form-based, Basic etc). In this case getUserPrincipal() method always returns null. How can I programmatically authenticate users so that I could use this method and declarative security?
Thank you in advance
Ivan

Ivan. I strongly suggest you to download the VSM Example based on J2EE 1.2. (webstore.jar)
It is based on a very friendly MVC Framework, and it is easy to extend to use a form-based authentication and more features.
I hope this may be helpful.
Francisco

Similar Messages

  • Programmatic Authentication API

    Readin through the WL Server 8.1 docs on security, there is a section which talks
    about "Using the Programmatic Authentication API" in web apps, as opposed to posting
    to j_security_check. That section talks about two built-in CallbackHandler impls
    named SimpleCallbackHandler and URLCallbackHandler. What is the purpose of the
    URLCallbackHandler? Specifically, what is the URL passed into the constrauctor
    supposed to represent?
    The docs say to look at the javadoc comments which, unfortunately, are completely
    useless.
    TIA

    "Steve Ebersole" <[email protected]> wrote in message
    news:3f9532fa$[email protected]..
    >
    Readin through the WL Server 8.1 docs on security, there is a sectionwhich talks
    about "Using the Programmatic Authentication API" in web apps, as opposedto posting
    to j_security_check. That section talks about two built-inCallbackHandler impls
    named SimpleCallbackHandler and URLCallbackHandler. What is the purposeof the
    URLCallbackHandler? Specifically, what is the URL passed into theconstrauctor
    supposed to represent?
    The URLcallbackhandler is used primarily for fat clients that are using jaas
    to login
    into the server. The url is that of the server.

  • Any one else have problems using 'FORM' based authentication in OC4J?

    Since I couldn't find any information on this from Oracle I went with the specifications from Orion.
    I am using Oracle Internet Directory Server for authentication of OC4J apps. I followed Orions specs for writing and pluging in your own usermanger to make calls to OID. Everything works fine when I use BASIC authentication but when I use FORM based authentication it fails to send the browser to the original url that was requested.
    The browser just displays a blank screen?
    You can tell that the client is authenticated because you can just request the URL again and it's displayed without prompting for a username/password.
    For the login in screen the only specs Orion gives is that your form has to have an action of 'j_security_check' and pass 'j_username' and 'j_password'.
    Does oracle have another way to do this, or has anyone else experienced this and no a way to fix it?

    Tom,
    Custom user authentication in Oc4J 1.0.2.2 is same in both Oc4J and Orion and we have tested that form based authentication works
    fine. In 9iAS Release 2 Oracle has an integerated JAAS implementation with OC4J which you can configure either to authenticate users from a encrypted file or users stored in OID.

  • Programmatic authentication using Struts

    Are there any examples of Programmatic authentication within the application using Struts as the controller?
    (p 2-83 of developer's guide)

    Peter,
    I was able to implement the login screen on the JhsDemoStart, but when I try to implement it on my own application I get the following message:
    No view defined for dataObject glaverbel.zgn.model.JhsUser. Please specify in dataObjects.properties which view should be used.
    Here's the content of dataObjects.properties:
    glaverbel.zgn.model.JhsUser.JhsUsersView=JhsUsersView
    glaverbel.zgn.model.TimeSheets.TabTimeZgn_tsf_8010jView=TabTimeZgn_tsf_8010jView
    glaverbel.zgn.model.ZgnTasks.ZgnTskRlovLovView=ZgnTskRlovLovView
    glaverbel.zgn.model.ZgnResActLovZgn_tsf_8010jLovView.ZgnResActLovZgn_tsf_8010jLovView=ZgnResActLovZgn_tsf_8010jLovView
    glaverbel.zgn.model.SubActivities.ZgnSacRlovLovView=ZgnSacRlovLovView
    glaverbel.zgn.model.TravelNights.TabMissionZgn_tsf_8010jView=TabMissionZgn_tsf_8010jView
    glaverbel.zgn.model.Countries.ZgnCtyRlovLovView=ZgnCtyRlovLovView
    Here's the content of deployment.properties:
    glaverbel.zgn.model.JhsUser=ZgnProvider
    glaverbel.zgn.model.TimeSheets=ZgnProvider
    glaverbel.zgn.model.ZgnTasks=ZgnProvider
    glaverbel.zgn.model.ZgnResActLovZgn_tsf_8010jLovView=ZgnProvider
    glaverbel.zgn.model.SubActivities=ZgnProvider
    glaverbel.zgn.model.TravelNights=ZgnProvider
    glaverbel.zgn.model.Countries=ZgnProvider
    Here's the section that validates user in struts-config.xml:
    <action path="validateLoginUser" type="oracle.jheadstart.controller.struts.action.ValidateScreenLogin">
    <set-property property="dataObjectInterface" value="glaverbel.zgn.model.JhsUser"/>
    <forward name="success" path="forwardToRequestedURL" />
    <forward name="userError" path="uix/LoginPage.uix"/>
    </action>
    When I remove the authentication filter in web.xml, it works fine.
    The application module works fine as well.
    It seems it's the ValidateScreenLogin that cannot find the ressource glaverbel.zgn.model.JhsUser.
    Any Idea?

  • How to do LDAP authentication in OC4J instance?

    Need to configure third party LDAP authentication for an application deployed in OC4J instance. How to configure this?

    Hi,
    I think that links will be useful to you!
    http://download-uk.oracle.com/docs/cd/B15904_01/web.1012/b14013/configoc4j.htm
    http://www.oracle.com/technology/sample_code/tech/java/codesnippet/security/jaznldap/index.html
    Afonso

  • Digital Certificate  authentication in OC4J

    Hi
    Currently I am trying to configure standalone oc4j to authenticate the user using x.509 certifcates. The below is my secure-web-site.xml file.
    <web-site port="43" protocol="ajp13"
    display-name="Default Oracle9iAS Containers for J2EE Web Site" secure="true" needs-client-auth="true" >
    <!-- Uncomment the following line when using clustering -->
         <!-- <frontend host="your_host_name" port="80" /> -->
         <!-- The default web-app for this site, bound to the root -->
         <default-web-app application="default" name="defaultWebApp" root="/j2ee" />
         <web-app application="default" name="dms" root="/dmsoc4j" />
         <!-- Access Log, where requests are logged to -->
         <access-log path="../log/default-web-access.log" />
         <web-app application="bc4j" name="webapp" root="/webapp" />
         <web-app application="bc4j" name="cabo" root="/cabo" />
         <web-app application="soap" name="soap" root="/soap" />
         <ssl-config keystore="../ssl/keystore" keystore-password="123456" />
    </web-site>
    But when I am starting oc4j , the below error message is displayed.
    Node started with id=-1289667325
    Error initializing web-site at ./secure-web-site.xml: Unknown deployment root-tag attribute: needs-client-auth
    Oracle9iAS (9.0.3.0.0) Containers for J2EE initialized
    Could you please help me in sorting out this problem.
    Thanks

    Just configure a separate port for certificate-based logins. Configure a handler for 403 responce on the web server - redirect to the LDAP authentication URL.

  • Digest Authentication with OC4J standalone

    Hi,
    I am using oc4j 9.0.3 standalone web container . I used axis application as soap engine for deploying a web service in the oc4j . I want to implement HTTP digest authentication for my webservice.
    I am forced to use the same verison of OC4J due to some reasons. Could anyone help me in knowing the procedure for the HTTP digest authentication implementation using oc4j903 asap.
    Advance thanks for help

    could anyone please reply to this thread asap

  • OPS$ Account Authentication in OC4J

    Hi,
    We have an existing database which uses OPS$ account authentication in Oracle Forms 6i. Fine.
    But, I need to access the same database from a JSP Application deployed to OC4J. Does OC4J and JDBC support OPS$ authentication in any way?
    Thanks,
    Jeremy

    HI,
    Thanks for the response. Actually, I want all users to log in individually, rather than share a JDBC connection username and password. The users currently use Oracle Forms 6i and log in with the "/" username (which then uses remote authentication on the database).
    The issue is that they I'm not able to use this kind of authentication via JDBC as, as far as I understand it, this is a feature of SQL*Net (which JDBC does not "use").
    The workaround is that the users were created as "create user x identified by y" and not "create user x identified externally" so that they're able to log in both ways. I'm only able to do this because we're using the "OPS$" prefix.
    1) using remote authentication
    2) Explicitly specifying username and password.
    Cheers,
    Jeremy

  • How to define the CallbackHandler in programmatic authentication

    Hi there,
    we have an own authentication stack named "ticket" and want to trigger its checks programmatically in a servlet, serving as a kind of gatekeeper and redirecting to the proper URL if login was sucessful. According to the documentation, this is one of two options ("programmatically" vs. "configured").
    Since I didn't find an appropriate code sample, I tried to figure it out on my own:
    protected void doPost(
      HttpServletRequest request,
      HttpServletResponse response)
        throws ServletException, IOException {
        try {
          LoginContext lc = new LoginContext(authenticationStack);
          lc.login();                                        
         String redirectURL = getRedirectURL(request);
         response.sendRedirect(redirectURL);
        catch (LoginException le) {
    When the servlet is called, we get the error:
    Error: No CallbackHandler available to garner authentication information from the user. ticket
    I guess that the CallbackHandler has to somehow pass the HTTP request object to the authentication layer. I have seen that there is a constructor for LoginContext having a callbackHandler as second argument. But I wonder what to fill in there.
    Can someone help me what to fill in for "callbackHandler"? Is there a sample code containing an implementation of this interface for this very simple and straightforward servlet case?
    Thanks and regards,
    Rüdiger

    The tests were positive. The above code will go productive.
    Just for documentation purposes, before finally deleting unused  code parts, I copy them into this thread:
    Invoking a single authentication method, not a complete stack
    This can be achieved with code similar to the following:
    /* Einzelne Anmeldung, kein ganzer Stack!!! */
    ILogonAuthentication authenticator = UMFactory.getLogonAuthenticator();;
      try {                        
        authenticator.logon(request, response, authenticationStack);
       String redirectURL = getRedirectURL(request);
       response.sendRedirect(redirectURL);
      } catch (LoginException e) {
            response.setHeader( "WWW-Authenticate", authenticationRealm);
            response.sendError(HttpServletResponse.SC_UNAUTHORIZED,
                "SRM-Anmeldung '" + authenticationStack + "' fehlgeschlagen");                    
    A callback handler for test purposes
    If you want to know which callbacks are triggered by your authentication stack, you can define your own callback handler and pass it to the login context instead. 
    I worked with a local (inner) class for this purpose. I had to use reflection to dynamically call a "getName" method, since the actual callback classes where partly hidden.
    /* Wird nicht mehr benötigt, wir können direkt den SAPJ2EECallbackHandler instanziieren */
    private static class TheCallbackHandler implements CallbackHandler {
      private HttpServletRequest request;
      private HttpServletResponse response;
      private TheCallbackHandler(HttpServletRequest request, HttpServletResponse response) {
        this.request  = request;               
        this.response = response;               
    public void handle(Callback[] callbacks)
        throws IOException, UnsupportedCallbackException {
          NameCallback nc = null;
         PrintWriter rw = response.getWriter();
         rw.println(callbacks.length + "Zeilen. <br>");
        for (int i=0;i<callbacks.length;i++) {
            rw.println( i + ":" + callbacks<i>.getClass().getName()+"<br>");
      for (int i = 0; i < callbacks.length; i++) {
    // Müssen Reflection benutzen, denn die folgende Klasse ist leider unerreichbar
    // com.sap.engine.lib.security.http.HttpGetterCallback
         String getName = null;
         Object retVal;
         try {
            retVal = callbacks<i>.getClass().getMethod("getName",null).invoke(callbacks<i>, null );
            getName = (String) retVal ;
            rw.println( getName + "<br>");
            } catch ( Throwable e) {
                e.printStackTrace( response.getWriter() );

  • Weblogic Security Programmatic Authentication API

    Hi all,
    I am trying to use weblogic authentication API with weblogic 11g and jdeveloper 11.1.1.2.
    According to programming security document, we can use weblogic.security.SimpleCallbackHandler or weblogic.security.URLCallbackHandler class.
    But i don't see any library to import those class.
    where can i download those library?
    With Regards,
    Wai Phyo

    Where can i get this Jar(com.bea.core.weblogic.security_2.0.1.0.jar). I have installed Weblogic10.3 on jdk1.6 and it has com.bea.core.weblogic.security_1.0.0.0_6-0-3-0.jar which does not have the weblogic.security.spi.AuthenticationProviderV2.
    Any help on this will be really appreciated.
    Thanks.
    Ajay

  • Programmatically start embedded oc4j

    I’m writing an extension. The extension contains a servlet. When someone uses the extention for the first time (clicking an icon, selecting a menu option, etc) I’d like to start an instance of the embedded oc4j and have my servlet running on it. I guess I’d want to be able to assign the ports it’s running on too so that I could avoid conflicts...
    Anyone have any ideas on how I could achieve this? Can the embedded oc4j be started from my java code? Also, would I need to package up my servlet/web.xml into a war file? I’ve been trying to track down the code that’s executed with you do a right-click -> run on a servlet but haven’t yet found it.
    any advice would be helpful as I’m pretty new at writing extensions for jdeveloper.
    thanks ,
    Dylan

    sorry.
    We're using the the 11g technology preview.
    The extension will help communicate to other services in our orginization. We use a servlet for this communication.
    Basically, I'd like the user to be able to right-click a file in the navigator pane and select a custom menu item that we've added. This will bring up a browser (I got this working based on code in the extensions samples) that is pointed to our servlet.
    I'd like to package this servlet with our extension. That way, when they install our extention they not only get the code that adds the new menu item, but the servlet as well. So the first time the user clicks the our menu item , it fires up the embedded oc4j with our servlet.
    thx,
    Dylan

  • OC4J 10.0.3 Standalone LDAP / OID JAZN Authentication

    I have tried to setup OID based authentication on OC4J 10.0.3, but I can't get it working. Here is my log output:
    ==> log/oc4j.err.log <==
    04/10/27 16:21:28 java.lang.NoClassDefFoundError: oracle/ldap/util/Guid
    04/10/27 16:21:28 at oracle.security.jazn.spi.ldap.LDAPRealmManager.getrealms(Unknown Source)
    04/10/27 16:21:28 at oracle.security.jazn.spi.ldap.LDAPRealmManager.getRealms(Unknown Source)
    04/10/27 16:21:28 at oracle.security.jazn.oc4j.JAZNUserManager.getUMType(Unknown Source)
    04/10/27 16:21:28 at oracle.security.jazn.oc4j.JAZNUserManager.getUM(Unknown Source)
    04/10/27 16:21:28 at oracle.security.jazn.oc4j.JAZNUserManager.<init>(Unknown Source)
    04/10/27 16:21:28 at com.evermind.server.XMLServerConfig.mkUserManager(XMLServerConfig.java:174)
    04/10/27 16:21:28 at com.evermind.server.XMLServerConfig.initUserManager(XMLServerConfig.java:328)
    04/10/27 16:21:28 at com.evermind.server.XMLServerConfig.initUserManagers(XMLServerConfig.java:235)
    04/10/27 16:21:28 at com.evermind.server.XMLServerConfig.postInit(XMLServerConfig.java:636)
    04/10/27 16:21:28 at com.evermind.server.deployment.EnterpriseArchive.postInit(EnterpriseArchive.java:1028)
    04/10/27 16:21:28 at com.evermind.xml.XMLConfig.init(XMLConfig.java:187)
    04/10/27 16:21:28 at com.evermind.xml.XMLConfig.init(XMLConfig.java:96)
    04/10/27 16:21:28 at com.evermind.server.deployment.EnterpriseArchive.init(EnterpriseArchive.java:1685)
    04/10/27 16:21:28 at com.evermind.server.ServerComponent.init(ServerComponent.java:181)
    04/10/27 16:21:28 at com.evermind.server.XMLApplicationServerConfig.parseApplicationConfig(XMLApplicationServerConfig.java:1701)
    04/10/27 16:21:28 at com.evermind.server.XMLApplicationServerConfig.postInit(XMLApplicationServerConfig.java:269)
    04/10/27 16:21:28 at com.evermind.xml.XMLConfig.init(XMLConfig.java:187)
    04/10/27 16:21:28 at com.evermind.xml.XMLConfig.init(XMLConfig.java:96)
    04/10/27 16:21:28 at com.evermind.server.XMLApplicationServerConfig.init(XMLApplicationServerConfig.java:1995)
    04/10/27 16:21:28 at com.evermind.server.ApplicationServerLauncher.run(ApplicationServerLauncher.java:70)
    04/10/27 16:21:28 at java.lang.Thread.run(Thread.java:534)
    04/10/27 16:21:28 oracle.security.jazn.JAZNException: The system is unable to retreive the specified realm(s).
    04/10/27 16:21:28 at oracle.security.jazn.spi.ldap.LDAPRealmManager.getrealms(Unknown Source)
    04/10/27 16:21:28 at oracle.security.jazn.spi.ldap.LDAPRealmManager.getRealms(Unknown Source)
    04/10/27 16:21:28 at oracle.security.jazn.oc4j.JAZNUserManager.getUMType(Unknown Source)
    04/10/27 16:21:28 at oracle.security.jazn.oc4j.JAZNUserManager.getUM(Unknown Source)
    04/10/27 16:21:28 at oracle.security.jazn.oc4j.JAZNUserManager.<init>(Unknown Source)
    04/10/27 16:21:28 at com.evermind.server.XMLServerConfig.mkUserManager(XMLServerConfig.java:174)
    04/10/27 16:21:28 at com.evermind.server.XMLServerConfig.initUserManager(XMLServerConfig.java:328)
    04/10/27 16:21:28 at com.evermind.server.XMLServerConfig.initUserManagers(XMLServerConfig.java:235)
    04/10/27 16:21:28 at com.evermind.server.XMLServerConfig.postInit(XMLServerConfig.java:636)
    04/10/27 16:21:28 at com.evermind.server.deployment.EnterpriseArchive.postInit(EnterpriseArchive.java:1028)
    04/10/27 16:21:28 at com.evermind.xml.XMLConfig.init(XMLConfig.java:187)
    04/10/27 16:21:28 at com.evermind.xml.XMLConfig.init(XMLConfig.java:96)
    04/10/27 16:21:28 at com.evermind.server.deployment.EnterpriseArchive.init(EnterpriseArchive.java:1685)
    04/10/27 16:21:28 at com.evermind.server.ServerComponent.init(ServerComponent.java:181)
    04/10/27 16:21:28 at com.evermind.server.XMLApplicationServerConfig.parseApplicationConfig(XMLApplicationServerConfig.java:1701)
    04/10/27 16:21:28 at com.evermind.server.XMLApplicationServerConfig.postInit(XMLApplicationServerConfig.java:269)
    04/10/27 16:21:28 at com.evermind.xml.XMLConfig.init(XMLConfig.java:187)
    04/10/27 16:21:28 at com.evermind.xml.XMLConfig.init(XMLConfig.java:96)
    04/10/27 16:21:28 at com.evermind.server.XMLApplicationServerConfig.init(XMLApplicationServerConfig.java:1995)
    04/10/27 16:21:28 at com.evermind.server.ApplicationServerLauncher.run(ApplicationServerLauncher.java:70)
    04/10/27 16:21:28 at java.lang.Thread.run(Thread.java:534)
    04/10/27 16:21:28 Caused by: java.lang.NoClassDefFoundError: oracle/ldap/util/Guid
    04/10/27 16:21:28 ... 21 more
    ==> log/stdout.log <==
    04/10/27 16:21:28 JAAS: Configuration properties={deployment.url=file:/home/users/jamesw/oc4j_10.0.3/j2ee/home/config/application.xml, config=jazn.xml}
    04/10/27 16:21:28 JAAS: Configuration file=/home/users/jamesw/oc4j_10.0.3/j2ee/home/config/jazn.xml
    04/10/27 16:21:28 JAAS: Configuration file=/home/users/jamesw/oc4j_10.0.3/j2ee/home/config/jazn.xml
    04/10/27 16:21:28 JAAS: Configuration properties={ldap.user=cn=orcladmin, location=ldap://oradev.trans.corp:3060, ldap.password={903}R0zophVsScl77An7/urdwMvyvOnenvNI, provider.type=LDAP}
    04/10/27 16:21:28 JAAS: Configuration properties={ldap.user=cn=orcladmin, location=ldap://oradev.trans.corp:3060, deployment.url=file:/home/users/jamesw/oc4j_10.0.3/j2ee/home/config/jazn.xml, ldap.password={903}R0zophVsScl77An7/urdwMvyvOnenvNI, provider.type=LDAP}
    04/10/27 16:21:28 JAAS: config=jazn.xml path=/home/users/jamesw/oc4j_10.0.3/j2ee/home/config/jazn.xml
    04/10/27 16:21:28 JAAS: Verify file=config/jazn.xml
    04/10/27 16:21:28 JAAS: Configuration file=config/jazn.xml
    04/10/27 16:21:28 JAAS: Configuration file=config/jazn.xml
    04/10/27 16:21:28 JAAS: Configuration properties={ldap.user=cn=orcladmin, location=ldap://oradev.trans.corp:3060, ldap.password={903}R0zophVsScl77An7/urdwMvyvOnenvNI, provider.type=LDAP}
    04/10/27 16:21:28 JAAS: Configuration properties={ldap.user=cn=orcladmin, location=ldap://oradev.trans.corp:3060, deployment.url=file:/home/users/jamesw/oc4j_10.0.3/j2ee/home/config/jazn.xml, ldap.password={903}R0zophVsScl77An7/urdwMvyvOnenvNI, provider.type=LDAP}
    04/10/27 16:21:29 Auto-unpacking /home/users/jamesw/oc4j_10.0.3/j2ee/home/applications/pillar.ear...
    ==> log/server.log <==
    04/10/27 16:21:29 Auto-unpacking /home/users/jamesw/oc4j_10.0.3/j2ee/home/applications/pillar.ear...
    ==> log/stdout.log <==
    done.
    04/10/27 16:21:30 Auto-unpacking /home/users/jamesw/oc4j_10.0.3/j2ee/home/applications/pillar/support.war...
    ==> log/server.log <==
    04/10/27 16:21:30 Auto-unpacking /home/users/jamesw/oc4j_10.0.3/j2ee/home/applications/pillar.ear... done.
    ==> log/stdout.log <==
    done.
    04/10/27 16:21:31 Auto-unpacking /home/users/jamesw/oc4j_10.0.3/j2ee/home/applications/pillar/intranet.war...
    ==> log/oc4j.err.log <==
    04/10/27 16:21:32 java.lang.NoClassDefFoundError: oracle/ldap/util/Guid
    04/10/27 16:21:32 at oracle.security.jazn.spi.ldap.LDAPRealmManager.getrealms(Unknown Source)
    04/10/27 16:21:32 at oracle.security.jazn.spi.ldap.LDAPRealmManager.getRealms(Unknown Source)
    04/10/27 16:21:32 at oracle.security.jazn.oc4j.JAZNUserManager.getUMType(Unknown Source)
    04/10/27 16:21:32 at oracle.security.jazn.oc4j.JAZNUserManager.getUM(Unknown Source)
    04/10/27 16:21:32 at oracle.security.jazn.oc4j.JAZNUserManager.<init>(Unknown Source)
    04/10/27 16:21:32 at com.evermind.server.XMLServerConfig.mkUserManager(XMLServerConfig.java:174)
    04/10/27 16:21:32 at com.evermind.server.XMLServerConfig.initUserManager(XMLServerConfig.java:328)
    04/10/27 16:21:32 at com.evermind.server.XMLServerConfig.initUserManagers(XMLServerConfig.java:235)
    04/10/27 16:21:32 at com.evermind.server.XMLServerConfig.postInit(XMLServerConfig.java:636)
    04/10/27 16:21:32 at com.evermind.server.deployment.EnterpriseArchive.postInit(EnterpriseArchive.java:1028)
    04/10/27 16:21:32 at com.evermind.xml.XMLConfig.init(XMLConfig.java:187)
    04/10/27 16:21:32 at com.evermind.server.ServerComponent.initDeployment(ServerComponent.java:271)
    04/10/27 16:21:32 at com.evermind.server.ServerComponent.initDeployment(ServerComponent.java:245)
    04/10/27 16:21:32 at com.evermind.server.XMLApplicationServerConfig.parseApplicationConfig(XMLApplicationServerConfig.java:1702)
    04/10/27 16:21:32 at com.evermind.server.XMLApplicationServerConfig.postInit(XMLApplicationServerConfig.java:330)
    04/10/27 16:21:32 at com.evermind.xml.XMLConfig.init(XMLConfig.java:187)
    04/10/27 16:21:32 at com.evermind.xml.XMLConfig.init(XMLConfig.java:96)
    04/10/27 16:21:32 at com.evermind.server.XMLApplicationServerConfig.init(XMLApplicationServerConfig.java:1995)
    04/10/27 16:21:32 at com.evermind.server.ApplicationServerLauncher.run(ApplicationServerLauncher.java:70)
    04/10/27 16:21:32 at java.lang.Thread.run(Thread.java:534)
    04/10/27 16:21:32 oracle.security.jazn.JAZNException: The system is unable to retreive the specified realm(s).
    04/10/27 16:21:32 at oracle.security.jazn.spi.ldap.LDAPRealmManager.getrealms(Unknown Source)
    04/10/27 16:21:32 at oracle.security.jazn.spi.ldap.LDAPRealmManager.getRealms(Unknown Source)
    04/10/27 16:21:32 at oracle.security.jazn.oc4j.JAZNUserManager.getUMType(Unknown Source)
    04/10/27 16:21:32 at oracle.security.jazn.oc4j.JAZNUserManager.getUM(Unknown Source)
    04/10/27 16:21:32 at oracle.security.jazn.oc4j.JAZNUserManager.<init>(Unknown Source)
    04/10/27 16:21:32 at com.evermind.server.XMLServerConfig.mkUserManager(XMLServerConfig.java:174)
    04/10/27 16:21:32 at com.evermind.server.XMLServerConfig.initUserManager(XMLServerConfig.java:328)
    04/10/27 16:21:32 at com.evermind.server.XMLServerConfig.initUserManagers(XMLServerConfig.java:235)
    04/10/27 16:21:32 at com.evermind.server.XMLServerConfig.postInit(XMLServerConfig.java:636)
    04/10/27 16:21:32 at com.evermind.server.deployment.EnterpriseArchive.postInit(EnterpriseArchive.java:1028)
    04/10/27 16:21:32 at com.evermind.xml.XMLConfig.init(XMLConfig.java:187)
    04/10/27 16:21:32 at com.evermind.server.ServerComponent.initDeployment(ServerComponent.java:271)
    04/10/27 16:21:32 at com.evermind.server.ServerComponent.initDeployment(ServerComponent.java:245)
    04/10/27 16:21:32 at com.evermind.server.XMLApplicationServerConfig.parseApplicationConfig(XMLApplicationServerConfig.java:1702)
    04/10/27 16:21:32 at com.evermind.server.XMLApplicationServerConfig.postInit(XMLApplicationServerConfig.java:330)
    04/10/27 16:21:32 at com.evermind.xml.XMLConfig.init(XMLConfig.java:187)
    04/10/27 16:21:32 at com.evermind.xml.XMLConfig.init(XMLConfig.java:96)
    04/10/27 16:21:32 at com.evermind.server.XMLApplicationServerConfig.init(XMLApplicationServerConfig.java:1995)
    04/10/27 16:21:32 at com.evermind.server.ApplicationServerLauncher.run(ApplicationServerLauncher.java:70)
    04/10/27 16:21:32 at java.lang.Thread.run(Thread.java:534)
    04/10/27 16:21:32 Caused by: java.lang.NoClassDefFoundError: oracle/ldap/util/Guid
    04/10/27 16:21:32 ... 20 more
    ==> log/stdout.log <==
    done.
    04/10/27 16:21:32 JAAS: Configuration properties={ldap.user=cn=orcladmin, location=ldap://oradev.trans.corp:3060, ldap.password={903}RU5sQbqWgXGfQi1gYZq22OM/WsLmyAlF, realm.default=trans, provider.type=LDAP}
    04/10/27 16:21:32 JAAS: Configuration properties={ldap.user=cn=orcladmin, location=ldap://oradev.trans.corp:3060, deployment.url=file:/home/users/jamesw/oc4j_10.0.3/j2ee/home/application-deployments/pillar/, ldap.password={903}RU5sQbqWgXGfQi1gYZq22OM/WsLmyAlF, realm.default=trans, provider.type=LDAP}
    ==> log/server.log <==
    04/10/27 16:21:32 10.0.3.0.0 Started
    ==> log/oc4j.err.log <==
    04/10/27 16:21:42 java.lang.UnsupportedOperationException
    04/10/27 16:21:42 at oracle.security.jazn.oc4j.AbstractUser.getPassword(Unknown Source)
    04/10/27 16:21:42 at oracle.security.jazn.oc4j.FilterUser.getPassword(Unknown Source)
    04/10/27 16:21:42 at com.evermind.security.SecuritySensitive.lookup(SecuritySensitive.java:217)
    04/10/27 16:21:42 at com.evermind.security.SecuritySensitive.decode(SecuritySensitive.java:114)
    04/10/27 16:21:42 at com.evermind.security.SecuritySensitive.decode(SecuritySensitive.java:131)
    04/10/27 16:21:42 at com.evermind.server.DataSourceConfig.getPassword(DataSourceConfig.java:570)
    04/10/27 16:21:42 at com.evermind.server.Application.initDataSource(Application.java:2105)
    04/10/27 16:21:42 at com.evermind.server.Application.initDataSources(Application.java:2635)
    04/10/27 16:21:42 at com.evermind.server.Application.preInit(Application.java:638)
    04/10/27 16:21:42 at com.evermind.server.Application.preInit(Application.java:526)
    04/10/27 16:21:42 at com.evermind.server.Application.setConfig(Application.java:200)
    04/10/27 16:21:42 at com.evermind.server.Application.setConfig(Application.java:170)
    04/10/27 16:21:42 at com.evermind.server.ApplicationServer.initializeApplications(ApplicationServer.java:1708)
    04/10/27 16:21:42 at com.evermind.server.ApplicationServer.setConfig(ApplicationServer.java:1412)
    04/10/27 16:21:42 at com.evermind.server.ApplicationServerLauncher.run(ApplicationServerLauncher.java:93)
    04/10/27 16:21:42 at java.lang.Thread.run(Thread.java:534)
    Has anyone run into this before? Can anyone confirm that this actually works in 10.0.3? Thanks.
    -James

    I am now running into the exact same message.
    Has anybody actually got this working ?

  • Custom login module on OC4J 10.1.3.3.0

    Hi,
    I need to implement custom web form-based authentication on OC4J, in order to port an existing JBoss app. I was following Frank's example at http://www.oracle.com/technology/products/jdev/howtos/10g/jaassec/index.htm. Trying to access protected pages will correctly redirect to the j_security_check page, and from there call my custom login module - through LoginContext. The issue is that - even if the LoginModule correctly authenticates user's credentials, the request still doesn't get through, coming back to the authentication page.
    I perform the deployment using Oracle Enterprise Manager, and the relevant files are:
    web.xml:
    <login-config>
    <auth-method>FORM</auth-method>
    <realm-name>testJAAS</realm-name>
    <form-login-config>
    <form-login-page>/jsp/login.jsp</form-login-page>
    <form-error-page>/jsp/login.jsp</form-error-page>
    </form-login-config>
    </login-config>
    <!-- Security constraints -->
    <security-constraint>
         <web-resource-collection>
         <web-resource-name>Test Secure Application</web-resource-name>
         <description>Requires users to authenticate</description>
         <url-pattern>faces/*</url-pattern>
         <http-method>POST</http-method>
         <http-method>GET</http-method>
         <http-method>HEAD</http-method>     
         <http-method>PUT</http-method>     
         </web-resource-collection>     
         <auth-constraint>
         <description>Only allow role1 users</description>
         <role-name>role1</role-name>
         </auth-constraint>     
         <user-data-constraint>
         <description>Encryption is not required for the application in general. </description>
         <transport-guarantee>NONE</transport-guarantee>
         </user-data-constraint>
    </security-constraint>
    <!-- Define the security role(s) -->
    <security-role>
    <description>Example role</description>
    <role-name>role1</role-name>
    </security-role>
    orion-web.xml:
    schema-major-version="10" schema-minor-version="0" >
         <!-- Uncomment this element to control web application class loader behavior.
              <web-app-class-loader search-local-classes-first="true" include-war-manifest-class-path="true" />
         -->
         <resource-ref-mapping name="jdbc/lics" />
         <security-role-mapping name="role1">
              <group name="oc4j-app-administrators" />
         </security-role-mapping>
         <web-app>
         </web-app>
    orion-application.xml:
         <jazn provider="XML" >
              <property name="jaas.username.simple" value="true" />
              <property name="custom.loginmodule.provider" value="true" />
              <property name="role.mapping.dynamic" value="true" />
         </jazn>
    system-jazn-data.xml:
    <jazn-loginconfig>
         <application>
              <name>le5</name>
              <login-modules>
                   <login-module>
                        <class>com.tx.lic.oc4jsx.ext.LicLoginModule</class>
                        <control-flag>required</control-flag>
                        <options>
                             <option>
                                  <name>defaultRole</name>
                                  <value>role1</value>
                             </option>
                        </options>
                   </login-module>
              </login-modules>
         </application>
    I assume something is wrong with the deployment configuration, b/c when I specifically add users to the defined role1 role, it works fine(see below). But this is not an option, since users should only be specified in the data store of the LoginModule.
    Doing as above, the orion-web.xml is below:
         <resource-ref-mapping name="jdbc/lic" />
         <security-role-mapping name="role1">
              <group name="oc4j-app-administrators" />
              <user name="user1" />
              <user name="user2" />
         </security-role-mapping>
    Any insight would be much appreciated. Thanks.

    Hi,
    role to group mapping doesn't seem to work for custom LoginModules. This means hat your web applcation (web.xml) should use th same role names as used on the database authentication. So remove
    <security-role-mapping name="role1">
    <group name="oc4j-app-administrators" />
    </security-role-mapping>
    from orion-web.xml and it should start wrking
    Frank

  • User external authentication

    hello,
    I have read documentation about the technique for SSO to enable authentication between SAP and non-SAP systems but I didn't find a solution for our problem.
    We seek a way to authenticate extern SAP users. We have two SAP systems (ERP and BI) and other non-SAP systems and we want users to authenticate once.
    For this reason we are interested in any other authentication mechanisms (eg HTTP authentication header, or otherwise) which has been possible programmatic authentication (from an external application, most likely written in. NET). We need to access the web interface for BI and ERP without the need for additional licenses (such as SAP Enterprise Portal).
    Please help me with a solution.
    Thanks you

    Hi,
    it's more complicated. First, I will tell you how it works with SAP Portal. A user authenticates against portal and he gets a logon ticket. The back end systems are configured that they accept only tickets signed by portal. So when user is pointed to a backend system it checks ticket and if everything is fine the user gets authenticated.
    So you could try to replicate this set up with your portal. The problem is that I don't know if there is a library for generating logon tickets. So you would have to figure out format of SAP logon tickets. 
    SAP provides a library that can be used to verify SAP logon tickets. So you could use the following approach. You would create a dummy service on ECC box that would require authentication. After authentication it would generate a logon ticket and redirect user to the portal. You would implement a custom logon procedure on your portal. You would just read a logon ticket (browser cookie) generated by ECC and verify it using SAP library. If everything is OK the user would get logged to portal. You would also configure BI system to accept tickets from ECC. It has some disadvantages. For example user needs to have direct access to ECC box but this could be solved using web dispatcher. Basically, you would set up ECC as an identity provider in SAML terminology.
    As you can see I ignored non-SAP systems because it really depends on what you can do with them. As I said there is a library from SAP for verifying SAP logon tickets. So you can create a custom logon procedure for all these systems.
    So to summarize it. Answer for the first question is maybe. Using SAML instead of proprietary SAP logon tickets might be more suitable. Other options could be to use proxies to do some translations between various formats. It's really hard to recommend anything without additional information. 
    Cheers

  • How To tell ADF Framework to use my authenticated subject?

    Hi,
    let's say that I have a subject instance which is authenticated through Weblogic server. Now I want to use this authenticated subject to protect my resources using ADF Security. So how should I tell this to ADF framework programmaically. For example I can think of storing my principal and roles in some type of objects and store it in session in a format that's understandable by the framework. By understandable I mean ADFContext.getCurrent.getSecurityContext.isUserAuthenticated returns true, getPrincipal returns my authenticated principal. I appreciate your helps.
    Best Regards,
    Salim

    Hi Chris,
    I want to implement programmatic authentication. I was able to authenticate given the LoginModule (weblogic.security.auth.login.UsernamePasswordLoginModule), LoginContext (javax.security.auth.login.LoginContext) and a callback handler.
    try {
    loginContext.login();
    Subject subject = loginContext.getSubject();
    It authenticates successfully. But he problem is that it does not push authenticated subject into session. My guess is that there should be a way to configure application server to use this subject for the session. I understand that adf security just delegates calls to application server. I thought may be there is a way to do it with adf. Thanks for the reply.
    Best Regards,
    Salim

Maybe you are looking for

  • Error : Your session is no longer valid. Please login again.

    Hi partners, I am getting next error message when users want to get access to this cloned environment: <b>Error : Your session is no longer valid. Please login again.</b> I have test everything: "AOL TEST", "Regeneration of JAR files" and "Clearing t

  • Firefox cannot load websites when connect/disconnect from any VPN connection

    I am consistently uses OpenVPN and RamsesVPN connectivity. But whenever i switch between the VPN connectivity or connect into any VPN or disconnects existing VPN connectivity. My Firefox Browser is unable to load new webpages/Refresh existing open TA

  • 3 items in one Cisco stencil - how to make one?

    Let's look into topology diagram - PPT.vss, stencil for "Firewall, Horizontal, Vertical, subdued" It's 3 of them, I need one. If I do "ungroup", everything becomes very weird (on the right) So anybody knows how to put just one on the diagram? I use g

  • Skype not detecting HP Webcam

    Hi,  I have a HP Pavilion DV3000 series laptop with Windows Vista Home Premium 32-bit. After the recent update of my Skype to 6.20 skype is not detecting my in-built webcam. I tried installing the older version as per other threads found in the commu

  • Upgrade Logic 7.0.1 to 7.2

    I'm trying to upgrade Logic 7.0.1 to 7.2. There used to be a nice cheap crossgrade that you could get for $49. Of course, I didn't have the money at the time. Now this crossgrade is no longer available, at least I can't find it anywhere! Here's an ar