Query on Access gate

I have the following requirement :
The requested protected URL is having the UserId as a query string and this has to be matched with UserId of logged-in user after authentication.
So could you please suggest which is the approach I need to follow:
1. Create a custom access gate which can do the authentication and also implement the logic of comparison.
or
2. Install a webgate and configure the redirect url to a servlet which can process the request and compare the userid in the requested URL and the logged in userid and subsequently redirect to the originally requested page.

My suggestion is that the only reasonably secure way to approach this is to write a custom authZ plugin that will only authorize the request when the querystring param matches the profile attribute. I've seen similar things done to enforce user specific content in the URI or querysting. With this approach, you can consume the authZ processing decision via either WebGate or AccessGate equally.
If you are working in the context of a servlet filter (for example) then you could, as you suggest, have OAM WebGate populate a header variable with the ID and write some comparison logic around that. I suspect you'll find various security concerns with this depending on how you are set up. All depends how critical the security is for you.
Go with the authZ plugin if security is the primary driver.
Mark

Similar Messages

How to find out the query is accessing the DB tables or not

Hi Gurus ,
How to find out the query is accessing the DB tables or not.
Where exactly we will find this information in SAP BW.
I know that this information we can find in ST03. But where exactly we will find the query information along with DB information?

Lakshmi
Activate BI Technical Content for Query analysis and run query against that.
Hope this helps
Thanks
sat

Custom Access Gate for tomcat in solaris 10 AMD 64

i need write custom AccessGate in java, without install AccessServer SDK in server solaris 10 ADM64, is it possible?

NO. You must install the Asdk in a supported platform, configure the accessgate, policy to be able to develop an access gate.

Multiple webgates pointing to one access gate entry in OAM

Can we install webgates on multiple boxes and point to same access gate entry in OAM.
Are there any issues with this kind of configuration?
Any opinion?

Hi,
It is technically possible to do this, and makes sense when all the WebGates are logically the same (for example, they all reside on instances of load balanced web servers).
When the WebGates reside on logically different web servers, then it will be more difficult to have different policies protecting similarly named resources on the different web server. For example,eg you may want to protect /admin differently on the different web servers, and you will not be able to use Preferred HTTP Host to achieve this when they share the same AccessGate definition. Also, you will not be able to set different timeouts on the different WebGates, or have different settings for such things as IPValidation or cookie domains.
Regards,
Colin

There are no functions containing returntype = 'query' and access!

Hi there
I am trying to add a recordset after defining a datasource and I keep getting the error when I do a CFC query search
there are no functions containing returntype = 'query' and access!. I have attached an image to show the error messag I get.
Can someone help me fix this? my datasource shows up as correctly configured in cold fusion and the mysql database is well configured as well.

okay, adding another function to the CFC and saving it makes
it suddenly, magically visible to the function invocation window?
I don't understand.

Custom Access Gate for 2FA authentication

Hello OAM Gurus,
I am trying to build a custom accessgate which can authenticate user using our 2FA technology for a protected resource accessed initially. I have written a servlet to do this wherein I am expecting somehow when user tries to access the protected resource the user will be redirected to this servlet. The custom AccessGate will be running on a seperate server under a J2EE container. The problem has been 2 folds.
1. I am unable to figure out how do I protect a resource (create a policy) on a web server which will be protected by my access gate.
2. In My servlet how will I get the URL for the protected resource. I initially assumed that it should be referer.
Here is the flow that I am looking at:
User goes to a protected resource on a web server --> redirected to my servlet --> performs 2FA --> Servlet checks if user is authorised to access the resource --> redirect the user to the resource .
Can somebody please help.
Thanks,
Gunjan

Henrik,
there is no SDK for OAM 11g so far, this might come in one of the next patch sets.
You could resort to integrate with OAAM.
--olaf

Custom access gate

I wrote a custom access gate for j2ee application (servlet filter). When I create a resource object, I use request URI, is it correct?
ObResourceRequest resource = new ObResourceRequest("http", request.getRequestURI(), request.getMethod());
The reason I am asking is that in the developer's guide they have a sample which uses (accidentally or not) following syntax- //server/uri (with no port)
Thanks,
-Alex

Actually, URI and URL are quite similar (see RFC 3986). You must provide the string that should match in OAM by combining the host identifier and the protected resource.
Example:
${host_identifier}${protected_resource}
eg. host_identifier = http://forums.oracle.com:80
host_identifier = http://10.10.10.10:80
protected_resource = /forums/post!reply.jspa?messageID=9186341
eg. http://forums.oracle.com:80/forums/post!reply.jspa?messageID=9186341
eg. http://10.10.10.10:80/forums/post!reply.jspa?messageID=9186341
HTH,
--olaf

Query Builder access for end users

Hi,
I have a group of users who would like to have 'Query Builder' access.
Is it possible to directly access query builder without actually login-in into application builder.
Thanks in advance
Aali

No, but you could build a form to mimic it... Check out this thread from a few days ago: Query Builder functionality
Thank you,
Tony Miller
Webster, TX
On the road of life...There are 'windshields', and there are 'bugs'
(splat!)
"Squeegees Wanted"
If this question is answered, please mark the thread as closed and assign points where earned..

How to make the Access Gate SDK work with Web Gate

When we want control the display of one area in one page, we can define this area as one resource then control the access of it. But when the user has been authenticated in the application, how can we get the user session and then call Access Gate SDK to check if the user is authorized? The following is one utility class to archive it.
* $Id: CreateUserAction.java,v 1.1 2005/10/11 23:19:34 jason Exp $
* $Revision: 1.1 $
* $Date: 2005/10/11 23:19:34 $
* Copyright (C) 1972 - 2005, Oracle Co. All Rights Reserved
* The program(s) herein may be used and/or copied only with
* the written permission of Oracle Co. or in accordance with
* the terms and conditions stipulated in the agreement/contract
* under which the program(s) have been supplied.
package oblix.view;
import com.oblix.access.ObAccessException;
import com.oblix.access.ObConfig;
import com.oblix.access.ObResourceRequest;
import com.oblix.access.ObUserSession;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
* @author zhoujian
public class OblixUtil {
private static String ObSSOCookie = "ObSSOCookie";
private OblixUtil() {
* Check if the user is Authorized
* @param request
* @param rescourceUrl
* @return
public static boolean isAuthorized(HttpServletRequest request,
String rescourceUrl) {
return isAuthorized(request, "http", rescourceUrl, "GET");
* Check if the user is Authorized
* @param request
* @param resourceType
* @param rescourceUrl
* @param resourceMethod
* @return
private static boolean isAuthorized(HttpServletRequest request,
String resourceType, String rescourceUrl, String resourceMethod) {
try {
ObConfig.initialize();
ObResourceRequest resource = new ObResourceRequest(resourceType,
rescourceUrl, resourceMethod);
ObUserSession session = getObUserSession(request);
return session.isAuthorized(resource);
} catch (ObAccessException oe) {
oe.printStackTrace();
ObConfig.shutdown();
return false;
* Get the Oblix user session from the request.
* @param request
* @return
* @throws ObAccessException
private static ObUserSession getObUserSession(HttpServletRequest request)
throws ObAccessException {
String token = getCookieValueByName(request.getCookies(), ObSSOCookie);
if (token != null) {
return new ObUserSession(token);
return null;
private static String getCookieValueByName(Cookie[] cookies, String name) {
for (int i = 0; i < cookies.length; i++) {
if (cookies[i].getName().equalsIgnoreCase(name)) {
return cookies[i].getValue();
return null;
}

Couple of options. You seem have to taken the Access Gate based approach. I will throw this in any way and you can make a call which one you want to use.
If its a web application you can control authorization based on Resource by defining policy in the Access Manager.
You mentioned aout display of one area in one page. That should be driven off of User attribute or custom logic. If it is driven off of User attribute then you can return header variable and you can check in the code as opposed to writing custom access gate.
Now if you do want to write custom access gate when the resource is already protected by a Web gate,
you can get the ObSSOCookie from the users browser session.
You can pass the URL to the IsAuthorized method and call.
Now here you have to install the Access Server SDK on the server, create custom access gate and then write the code and deploy it on that server.
THanks
Ram

How to make the Access Gate work

have been following the developers guide to write an access gate. my application(simple html) is running on JBoss, want to protect this resouce using the access gate. JAccessGate.java is working fine however the access gate is not intercepting the resource request.
how do i configure Jboss with the Access Server so that the Access Gate process the request.
the servlet example isn't working ... constants.REQUEST isn't being recognised despite adding all the pkg's.
it would be helpful if someone could share the steps to achieve this.
that apart any idea about how the reverse proxy works ?
thanks and regards
Edited by: user642640 on Jun 6, 2009 4:14 AM

Couple of options. You seem have to taken the Access Gate based approach. I will throw this in any way and you can make a call which one you want to use.
If its a web application you can control authorization based on Resource by defining policy in the Access Manager.
You mentioned aout display of one area in one page. That should be driven off of User attribute or custom logic. If it is driven off of User attribute then you can return header variable and you can check in the code as opposed to writing custom access gate.
Now if you do want to write custom access gate when the resource is already protected by a Web gate,
you can get the ObSSOCookie from the users browser session.
You can pass the URL to the IsAuthorized method and call.
Now here you have to install the Access Server SDK on the server, create custom access gate and then write the code and deploy it on that server.
THanks
Ram

Multiple access gates with one ASDK

Hello All,
We have an ASDK installed on an application and configured an access gate to talk to OAM1 with datastore1. Now we have OAM2 with datastore2 and need this application to talk to the OAM2. OAM1 and OAM2 handle different sets of users.
Can we install another access gate on the same ASDK and talk to OAM2? If not please suggest the best way to provide SSO with both OAMs to the application?
Thanks in advance.

IDMGod,
I tried setting the environment variables, oracle doc below says
http://download.oracle.com/docs/cd/E15217_01/doc.1014/e12491/as_api.htm#CHDFCJEI
OBACCESS_INSTALL_DIR = SDK_install_dir
Points to the Access Manager SDK install root. (This is necessary only if your AccessGate does not specify SDK_install_dir as part of the ObConfig.initialize method).
From what I understood, this needs to changed by defining the parameters in ObConfig.initialize method. Since I already have an Access Gate1 configured, is it possible to change this value for that Access Gate? If so where can I find this method in the AccessGate1 (I used configureaccessgate utility for this, there is no custom code used in this accessgate)
When I install Access Gate2, do I need to write custom access gate code as mentioned in the examples in the above doc? or can I use the out of box access gate by running the configureaccessgate utility?
Thank you.

Access gate SDK, authentication and issues/bug

I have been trying to test authentication against CORE ID using the access gate SDK for java and following the samples that installed with the SDK.
I simulate user account lock-out and pwd to expire ( in two days) situations. Doing the form based access server authentication, I am able to see the error messages and in the case of locked a/c, it doesn't log me in.
Using access gate SDK, it successfully creates a ObUserSession object for the protected resource, shows user as LOGGED_IN and the getStatus() returns normal. There is no indication of the actual status of the user account on the server !
It does, catch the actual pwd expired status, as mentioned in the documentation.
Is there anything missing here ?

Couple of options. You seem have to taken the Access Gate based approach. I will throw this in any way and you can make a call which one you want to use.
If its a web application you can control authorization based on Resource by defining policy in the Access Manager.
You mentioned aout display of one area in one page. That should be driven off of User attribute or custom logic. If it is driven off of User attribute then you can return header variable and you can check in the code as opposed to writing custom access gate.
Now if you do want to write custom access gate when the resource is already protected by a Web gate,
you can get the ObSSOCookie from the users browser session.
You can pass the URL to the IsAuthorized method and call.
Now here you have to install the Access Server SDK on the server, create custom access gate and then write the code and deploy it on that server.
THanks
Ram

Convert SQL Server ROW_NUMBER() OVER(PARTITION BY() Query to Access

Hi,
I am having trouble with converting this SQL Server query to Access. If anyone can give me help I would appreciate it.
SELECT B.AMOUNT_REQUESTED, B.INIT_OFF, B.MBR_NBM, B.STATUS, B.APPLICATION_NBR
FROM
SELECT AMOUNT_REQUESTED, INIT_OFF, MBR_NBM, STATUS, APPLICATION_NBR, ROW_NUMBER() OVER(PARTITION BY MBR_NBM ORDER BY MBR_NBM) RN
FROM LOAN_DATA
WHERE APPLICATION_DATE BETWEEN '20150420' AND '20150425'
) B
WHERE RN = 1
ORDER BY B.MBR_NBM

While there is no equivalent to ROW_NUMBER(), it appears that you are just wanting the first row of each group, and that CAN be accomplished in Access, but I do wonder why you would WANT to do that in Access if your data is stored in SQL Server. As
Tom indicated a Pass Through query object is likely your best bet -- or a View in SQL Server, then create a Linked Table object that points to it.
To get the first of each group ... which is essentially a TOP n, where n = 1 ... so .. the first thing you will want to indentify is a second field to use as a Key in order to define the "first" row you want in the group. In your SQL
statement, you are ordering my mbr_nbm, so the secondary sort is unknown -- likely predicable, but unknown with out knowledge of the schema ... so, I will provide samples by using APPLICATION_DATE as the sort key.
This one is the "first" of a series with the assumption that the one you want is the one with the "biggest"/"most recent" APPLICATION_DATE.
SELECT vLoanData.AMOUNT_REQUESTED, vLoanData.INIT_OFF, vLoanData.MBR_NBM, vLoanData.STATUS, vLoanData.APPLICATION_NBR
FROM LOAN_DATA As vLoanData
INNER JOIN
(SELECT MBR_NBM, Max(APPLICATION_DATE) As LastAppDate
FROM LOAN_DATA As vLast
GROUP BY MBR_NBM) As vLastApp ON vLoanData.MBR_NBM = vLastApp.MBR_NBM And vLoadData.APPLICATION_DATE = vLastApp.LastAppDate
Or ... the following is a TOP n query where n = 1.
SELECT vLoanData.AMOUNT_REQUESTED, vLoanData.INIT_OFF, vLoanData.MBR_NBM, vLoanData.STATUS, vLoanData.APPLICATION_NBR
FROM LOAN_DATA As vLoanData
WHERE (vLoanData.MBR_NBM & '|' & vLoanData.APPLICATION_DATE)
IN (SELECT TOP 1 (vCorrelated.MBR_NBM & '|' & vCorrelated.APPLICATION_DATE) As Key
FROM LOAN_DATA As vCorrelated
WHERE vCorrelated.MBR_NBM = vLoanData.MBR_NBM
ORDER BY vCorrelated.MBR_NBM, vCorrelated.APPLICATION_DATE DESC)
This second example is not going to win you any points with respect to speed, but is truly a closer model to the TOP N type thing you are doing in SQL Server.
Hope that helps!
Brent Spaulding | Access MVP

SQL Query to Access Query

try to place () on segments of criteria; WHERE (p.SvcDate BETWEEN '03/19/2015' AND '06/17/2015') AND (p.PayCode '37') AND (e.Active = 'Y') - not sure will fix

I have the following Query in Access and as it is, it works. I needed to add a new modifier to the "WHERE" clause of "Payroll.PayCode '37' so that it is not taking that paycode into account. Once I added that modifier, the entire query quit working stating that the query was to complex. I proceeded to struggle with the query for a while and eventually broke down and completely recreated the query in MS SQL where I have it working with the Modifier. Once I moved it to Access 2013 I get the same error that the Query is to complex. Could someone please help me out with this. Here is my SQL Query.SQLSELECT p.EmployeeNumber, e.Fname, e.Lname, e.Address, e.City, e.ST, e.Zip, e.DOH, e.DOT, e.DOB, e.[Mrtl Status],e.jobTitle, e.Dept, ROUND(SUM((p.PayUnit)/13),0) AS [13 Week Avg], eb.Eligible, eb.[Agreement Received], eb.[Benefits Term Date],...
This topic first appeared in the Spiceworks Community

How to decrease the access time of a table (when a query is accessing it)

Hi
I have few master tables. Any of those table do not contains more than 1000 records. These tables are not updated frequently.
Now I want to make 6 or 7 table so that the access time becomes less than that of the others tables.
For example
say I have 10 master tables
table1
table2
table3
table4
table5
table6
table7
table8
table9
table10
Say the access time for a query that access these tables is 10ms.
I want to decrease the access time for table1, table2,table3 and table,4 say I want to make it 5 ms.
Could you please tell me how can I do that?
Regards

Hi,
As you have stated master tables, I am not sure, have you checked with"creating a Cluster" , might check once which might suffice your requirement else
1 - Check the design once again
2 - tune the queries
3 - Check for materialized view
further based on your inputs we can suggest or analyze some thing.
- Pavan Kumar N

Query on Access gate

Similar Messages

Maybe you are looking for