Question abount custom security in WL 7.0

Similar Messages

• Custom security provider exception

  Good day, colleagues. I want to raise an old topic.
  I use custom security provider exceptions:
  -AccountExpiredException
  -AccountLockedException
  However, the login() method only captures FailedLoginException
  try
    CallbackHandler pwcall = new weblogic.security.URLCallbackHandler(user, pass.getBytes("UTF-8"));
    subject = weblogic.security.services.Authentication.login(pwcall);
    weblogic.servlet.security.ServletAuthentication.runAs(subject, request);
  catch (javax.security.auth.login.LoginException e) {
    e.printStackTrace();
  javax.security.auth.login.FailedLoginException: [Security:090304]Authentication Failed: User ...
    at weblogic.security.providers.authentication.LDAPAtnLoginModuleImpl.login(LDAPAtnLoginModuleImpl.java:240)
    at com.bea.common.security.internal.service.LoginModuleWrapper$1.run(LoginModuleWrapper.java:110)
    at java.security.AccessController.doPrivileged(Native Method)
  I found similar questions IdentityAssertion custom exception, FailedLoginException asked many years ago for WLS 9.2
  Their solution (wlp.propogate.login.exception.cause=true) does not work for WLS 10.3.
  How to propagate original LoginException?
  Or exception message only.

  I did it! look closely to source code:
  javax.security.auth.login.LoginContext:875
  if (moduleStack[i].entry.getControlFlag() == AppConfigurationEntry.LoginModuleControlFlag.REQUISITE) {
    // if REQUISITE, then immediately throw an exception
    if (methodName.equals(ABORT_METHOD) || methodName.equals(LOGOUT_METHOD)) {
         if (firstRequiredError == null)
              firstRequiredError = le;
    } else {
         throwException(firstRequiredError, le);
  } else if (moduleStack[i].entry.getControlFlag() == AppConfigurationEntry.LoginModuleControlFlag.REQUIRED) {
    // mark down that a REQUIRED module failed
    if (firstRequiredError == null)
         firstRequiredError = le;
  } else {
    // mark down that an OPTIONAL module failed
    if (firstError == null)
         firstError = le;
  javax.security.auth.login.LoginContext:922
  // we went thru all the LoginModules.
  if (firstRequiredError != null) {
    // a REQUIRED module failed -- return the error
    throwException(firstRequiredError, null);
  } else if (success == false && firstError != null) {
    // no module succeeded -- return the first error
    throwException(firstError, null);
  } else...
  I set Control flag: OPTION to DefaultAuth (was REQUIRED)
  and order it after my LoginModule. (restart required!)
  Now I catch my exceptions %)

• JSF 2.0 Custom security tag

  We are migrating a JSF 1.2 application to JSF 2.0. Earlier we have developed a custom security by extending BodyTagSupport. In JSF 2.0 I have replaced BodyTagSupport with TagSupport and no compilation issues. In my taglib.xml if I configure this Tag with a handler-class[Which is how it was earlier] While running I am getting a class cast exception of not able to cast to TagHandler and If I configure this tag as component[I extended UIComponentELTag] I am getting error message as not able to cast to UIComponent.
  Has any one developed a custom security tag, for examle check user role and if allowed dynamically display set of buttons or skip the particualr body part completely. By doStartTag()[EVAL_BODY_INCLUDE/SKIP_BODY]?
  Edited by: user11864278 on Apr 14, 2011 1:07 PM

  We are not extending TagHandler, I am trying to develop a custom EL Body tag that was earlier done with BodyTagSupport in JSF 1.2. In JSF 2.0 I believe I need to do this by extedning FacetTag in JSF 2.0, when I extend FacetTag and register it as a <handler-class> in taglib.xml I get a TagHandler class cast exception, as by default any Tag configured as Handler-class get cast into TAGHANDLER in JSF 2.0.
  To make my question better, How can I develop a custom tag extending FacetTag?

• Cannot assign custom security manager to repository

  Hello,
  I've been following the details on how to implement a read-only security manager (https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/e2ddd63d-0b01-0010-46bb-e092790068cb) and I have run into the following problem:
  After following the instructions for option B in the document (creating a security manager only) and  deploying my project, the new security manager appears in the list of managers on the admin screen (Content Management -> Repository Managers -> Security Manager) but it is not available in the drop down list of security managers for my repository. Without that entry I cannot apply the new security manager to my repository.
  According to the document, the new security manager should be part of this list but it is not even after I've restarted the J2EE engine.
  The document is dated May 2006 so perhaps there have been some changes to the system that are not covered in the document. We are running NW 7.0 SP14.
  Any help in determining why my custom security manager is not part of the security manager drop down list would be appreciated.

  Ok, after much decompiling and inspection of the standard KM security manager implementations I found the answer to my question.
  Basically I found that the security manager tutorial only applies if you plan on using your custom security manager with your own custom repository manager. You cannot apply a security manager created using that document to a standard KM repository manager.
  In my case I want to apply a custom security manager to a standard KM File System Repository. By inspecting the SFSRepositoryManager.cc.xml file I found the following entry:
  <attribute name="securitymgr.ref" type="ref" refType="/cm/repository_managers/security_managers/SecurityManager" mandatory="false" hotReload="true" />
  The refType value defines which security managers are displayed in the drop down list of available Security Managers at runtime for the repository manager. In order to get a custom security manager to be available you must define the cc.xml for your custom security manager so that it extends "SecurityManager" not "SecurityManagerMi" as the tutorial describes.
  Changing the extension means your security manager implementation must also change so that it extends com.sapportals.wcm.repository.manager.AbstractRepositorySubManager and implements com.sapportals.wcm.repository.manager.ISecurityManager.
  Now if only I could figure out how to reward points to myself .....

• SSRS Custom Security / Sql Server Data Tools / SQL Management Studio?

  We are planning on implementing custom security for SSRS via IAuthenticationExtension and IAuthorizationExtension.
  Once we switch SSRS from Windows security to our own custom security (based upon external user table in sql), how will that affect:
  1. Publishing reports from SSDT for VS2013
  2. Connecting / Managing SSRS from SQL Mgmt Studio
  SSRS 2014
  scott

  Hi scott_m,
  According to your description, you want to know effect when using custom Authentication and Authorization. Right?
  In Reporting Services, for deploying a report from SSDT to report server, it requires the current user has permission to create reports. It's has nothing to do with the Authentication and Authorization. For managing SSRS in SSMS, it's directly accessing
  the report server database. It will not call the web service, the custom Authentication and Authorization will not effect managing.
  For the internal working of Authentication and Authorization in Reporting Services, please refer to links below:
  Authorization in Reporting Services
  Authentication in Reporting Services
  If you have any question, please feel free to ask.
  Best Regards,
  Simon Hou
  "In Reporting Services, for deploying a report from SSDT to report server, it requires the current
  user has permission to create reports."
  Simon, How does SSDT know who the current user is when custom authentication is enabled in SSRS?
  thanks
  scott

• Unable to provide custom security impelmentation (BPELProcessValidator)

  Hey Gurus,
  I got a question regarding custom implementation of BPELProcessValidator class.
  My project requires me to secure each Business Process hosted in Ora BPEL PM.
  I have implemented my custom class MyValidator that extends BPELProcessValidator.
  I would like to use this class as my security implementation. As per the documentation
  I invoke the oc4j instance that hosts Oracle BPEL with a directive -Doracle.bpel.customvalidator=D:\OraBPELPM\security.properties
  security.properties file contains the name of the Java class that provides the security implementation.
  This does not work though. BPEL PM doesnt even try to load this class. Do let me know if I am missing
  something.
  Please refer to the presentation at http://www.oracle.com/technology/products/ias/bpel/pdf/bpelsecextenstionphase2.pdf
  My BPEL build : 10.1.2.0.2 [build #2196 ] - type: release
  I would appreciate any pointers/code/doc that would help me implement custom security provider for BPEL.
  Abhijeet

  Hi Clemens,
  Thanks for quick reply. I got something going today. However I still have some issues. Now the BPEL engine is not able to find the class that I have implemented.
  at java.lang.Thread.run(Thread.java:534)
  <2006-02-28 12:31:53,296> <ERROR> <default.collaxa.cube.engine> <MessageHandle
  anager::createHandler>
  java.lang.ClassNotFoundException: BusinessProcess.MyValidator
  at com.evermind.naming.ContextClassLoader.findClass(ContextClassLoader
  ava:500)
  I tried to set the class path to point to the directory that contains BusinessProcess.MyValidator class. Set up the system CLASSPATH / Put this class in OC4J Lib and alike but never got it in with the classloader.
  Strange part is that through the same OC4J instace when i tried to invoke a method in this class through a JSP I got a response. This means the OC4J did have access to my class.
  Will you please let me know where I should put my classes so that collaxa implementation can find it.
  Also, may I know when the security tab in the BPEL domain manager will be available to external world.
  Regards
  Abhijeet

• [svn] 1053: Basic and custom security-constraint samples were added to the team app mainly for the doc team to have a reference .

  Revision: 1053
  Author: [email protected]
  Date: 2008-04-01 11:35:28 -0700 (Tue, 01 Apr 2008)
  Log Message:
  Basic and custom security-constraint samples were added to the team app mainly for the doc team to have a reference. The custom authentication sample uses the new ChannelSet.login and ChannelSet.logout methods.
  Modified Paths:
  blazeds/branches/3.0.x/apps/team/WEB-INF/flex/remoting-config.xml
  blazeds/branches/3.0.x/apps/team/WEB-INF/flex/services-config.xml
  Added Paths:
  blazeds/branches/3.0.x/apps/team/features/security-constraints/
  blazeds/branches/3.0.x/apps/team/features/security-constraints/README.txt
  blazeds/branches/3.0.x/apps/team/features/security-constraints/securityConstraint_Basic.m xml
  blazeds/branches/3.0.x/apps/team/features/security-constraints/securityConstraint_Custom. mxml
  Removed Paths:
  blazeds/branches/3.0.x/apps/team/features/remoting/remoting_AMF_SecurityConstraint_Basic. mxml

  Congrats to Carmelo!
   Windows Phone and Windows Store Apps Technical Guru - February 2015  
  Carmelo La Monica
  Windows Phone 8: control Nokia Maps (Part 3)
  JH: "Part 3 of the series how to work with the Nokia maps control. As the previous articles this one contains a lot of code snippets and some pictures. Good work!"
  Ed Price: "A great topic, a fantastic breakdown of sections with clear descriptions, and a nice mix of code formatting and helpful images! Another stellar article from Carmelo! Great job including the link back at the end to the portal
  article!"
  Ed Price, Azure & Power BI Customer Program Manager (Blog,
  Small Basic,
  Wiki Ninjas,
  Wiki)
  Answer an interesting question?
  Create a wiki article about it!

• I forget security info question, i forget security info question

  i forget security info question, i forget security info question

  The Three Best Alternatives for Security Questions and Rescue Mail
      1. Use Apple's Express Lane.
            Go to https://expresslane.apple.com ; click 'See all products and services' at the
            bottom of the page. In the next page click 'More Products and Services, then
            'Apple ID'. In the next page select 'Other Apple ID Topics' then 'Forgotten Apple
            ID security questions' and click 'Continue'. Please be patient waiting for the return
            phone call. It will come in time depending on how heavily the servers are being hit.
       2.  Call Apple Support in your country: Customer Service: Contact Apple support.
       3.  Rescue email address and how to reset Apple ID security questions.
  A substitute for using the security questions is to use 2-step verification:
  Two-step verification FAQ Get answers to frequently asked questions about two-step verification for Apple ID.

• Questions on MIDP Security

  Hi all,
  I've a few questions on MIDP security to seek help:
  1) Suppose I have a midlet to store confidential details on the mobile phone, if it doesn't make any connections to the internet, would anyone be able to retrieve the information I'd on the RMS?
  2) Again, assuming no internet connection is made by the midlet. Suppose I've a login screen that prompts for a password & uses MD5. Can anyone crack it?
  3) Is it possible to retrieve the midlet from the mobile phone itself onto a desktop?
  Thanks for the help!

  Yes, it is possible to retrieve the data stored in
  RMS.
  Just try it on a Nokia S60 phone:
  1. download and install FExplorer (free file
  explorer)
  2. go to: c:\system\midp\<vendor>\untrusted\<midlet
  name>\<?????> folder
  3. select rms.db
  3. choose options/send/SMS|MMS|e-mail|bluetooth|irda
  Of course cracking is a harder work...does this means that I can follow your step 1 & goto whichever midlet that I'm interested in & send the JAR/JAD file via SMS/MMS/Email/BlueTooth/IRDA?

• Custom secure views report is not restricting the data

  Hi,
  I have created few custom secure views reports and in which I have used the per_people_f , per_assignments_f secure views but when I am running this report from different responsibilities like (US Resp, UK Resp) it is producing the same number of records. From US resp it should produce the US employees and from UK it should produce the UK employees but this is not happening currently.it is a simple sql script which I registered as sql*plus executable.
  Can any one suggest if I am missing some thing? Urgent help would be appreciated.
  Thanks,
  Ashish

  Pl post details of OS, database and EBS versions. How have you implemented security ? What kind of concurrent program are you using ? Pl provide details. Also see these MOS Docs
  How To Enable Hr Security on Custom Reports?          (Doc ID 369345.1)
  Understanding and Using HRMS Security in Oracle HRMS          (Doc ID 394083.1)
  Need Custom Security Profile To Restrict Based On Employees Organization          (Doc ID 445142.1)
  HTH
  Srini

• Errors encountered while using a Custom Security Realm on a Platform Domain

  Hi,
  We have created a WebLogic Platform Domain. A WebLogic Portal application(Portal
  7.0) and some Web Service apps are running on this domain.
  We have created a Custom Security Realm b'cos of our application requirements
  and now when I startup the Platform Domain, I see lot of errors.
  Some of the errors typically are
  "<Jan 16, 2003 4:07:02 PM EST> <Error> <HTTP> <101256> <The run-as user: wlisystem,
  for the servlet: ApplicationView for the webapp: /WLI_AI_Workshop_Control_Web,
  could not be resolved to a valid user in the system. Please check if the user
  exists.
  javax.security.auth.login.LoginException: Authentication Failed: User wlisystem
  denied in Realm Adapter realm weblogic"
  or
  Unable to deploy EJB: wlai-eventprocessor-ejb.jar from wlai-eventprocessor-ejb.jar:weblogic.ejb20.WLDeploymentException:
  weblogic.ejb20.interfaces.PrincipalNotFoundException: Authentication Failed: User
  wlisystem denied in Realm Adapter realm weblogic
  Do we have to create any predefined user accounts in the Security Store to get
  rid of these errors. I would appreciate if anyone can suggest some tips or workarounds
  for configuring or creating a Custom Security Realm for Web Logic Platform Domain.
  Thanks
  Vikram

  Hello Vikram,
  Are you using the new WLS 7.0 security framework? It is not supported for
  Portal 7.0. For Portal 7.0 apps you have to use compatibility mode (6.x
  style) security.
  Ture Hoefner
  BEA Systems, Inc.
  www.bea.com
  "Vikram Datla" <[email protected]> wrote in message
  news:3e273015$[email protected]..
  >
  Hi,
  We have created a WebLogic Platform Domain. A WebLogic Portalapplication(Portal
  7.0) and some Web Service apps are running on this domain.
  We have created a Custom Security Realm b'cos of our applicationrequirements
  and now when I startup the Platform Domain, I see lot of errors.
  Some of the errors typically are
  "<Jan 16, 2003 4:07:02 PM EST> <Error> <HTTP> <101256> <The run-as user:wlisystem,
  for the servlet: ApplicationView for the webapp:/WLI_AI_Workshop_Control_Web,
  could not be resolved to a valid user in the system. Please check if theuser
  exists.
  javax.security.auth.login.LoginException: Authentication Failed: Userwlisystem
  denied in Realm Adapter realm weblogic"
  or
  Unable to deploy EJB: wlai-eventprocessor-ejb.jar fromwlai-eventprocessor-ejb.jar:weblogic.ejb20.WLDeploymentException:
  weblogic.ejb20.interfaces.PrincipalNotFoundException: AuthenticationFailed: User
  wlisystem denied in Realm Adapter realm weblogic
  Do we have to create any predefined user accounts in the Security Store toget
  rid of these errors. I would appreciate if anyone can suggest some tips orworkarounds
  for configuring or creating a Custom Security Realm for Web Logic PlatformDomain.
  >
  Thanks
  Vikram

• SQL Query in Custom Security when creating Security Profile

  Hello all,
  I've created a security profile with Custom security and provided a simple query in Custom Security tab-
  PERSON.PERSON_ID = FND_GLOBAL.EMPLOYEE_ID
  Custom security option is "Restrict the people visible to each user using this profile"
  I am not able to see the record as expected.
  If I Hardcode the person ID "PERSON.PERSON_ID = 13449" with "Restrict the people visible to each user using this profile", I am able to see the record.
  If I Hardcode the person ID "PERSON.PERSON_ID = 13449" with "Restrict the people visible to this profile", I am able to see the record after running PERSLM and same is in PER_PERSON_LISTS.
  Am I correct in checking with FND_GLOBAL.EMPLOYEE_ID?
  (This was mentioned in system administrator guide :
  "+Oracle HRMS assesses the custom security when the user signs on. In addition, the custom security code can include references to user specific variables, for example, fnd_profile.value() and fnd_global.employee_id.+"
  docs.oracle.com/cd/E18727_01/doc.121/e13509/T2096T2098.htm).
  I have tried with FND_GLOBAL.USER_ID / FND_PROFILE.VALUE('USER_ID') / :ASG_ID (seeded query has a join with this bind variable) - not happening.
  I've given options as below :
  Employees = None
  Contingent Worker = Restricted
  Applicant = None
  Contacts = All
  Candidates = All
  All other options - Defaulted
  Thanks,
  Sumanth

  Resolved this - One cannot see self's employee record in the form for which this is setup.
  Hence the below query though correct in syntax did not show any data.
  PERSON.PERSON_ID = FND_GLOBAL.EMPLOYEE_ID
  My original requirement was that all employees belonging to one's Organization should be displayed, and this is working fine with an updated query for the same.
  Thanks,
  Sumanth

• Questions in Custom Tag

  Hi,
  I have couple of questions in Custom Libraray Tags:
  1) How I can from Tag Java file to open a new JSP window without the toolbars and determine the window size.
  2) How I can read a JSP parameter from Tag Java file. For example I have a field called "x" in JSP is not connected to the TAG by setAttribute.
  3) How I can pass a dynamic value to custom tag. <route:routeList agentID = "1" >
  how I can change the "1" to a field. When I change it to: <route:routeList agentID = "<%=request.getParameter("agentID")%>" > or to <route:routeList agentID = <%=request.getParameter("agentID")%> > I get empty value, even though the field has a value.
  Thank you ...

  [email protected] ... Well, if you put something as an attribute in the pageContext object, you can get it... same as request or session scope attributes, but I thought the OP meant to do this (I guess not, though.. see below):
  <%
  String str = "...";
  %>
  <mytag:stuff .... />
  And within the stuff tag, use str as a variable. I don't believe that's possible, because the compiled page in effect becomes like this:
  String str = "...";
  doStuffTag(whatever the parameters are);
  Obviously that's not the right naming for the tag, but you get the idea...
  JavaUserProg....
  2) First, it's best to put quotes around the tag attributes...
  <INPUT readOnly style="WIDTH: 84px; HEIGHT: 22px" name="operation[<%= lineNum%>"] value="<%=operation%>">
  Second, do you mean you want to read from the tag what the HTML input field has in it? First, you have to submit the form, then the call request.getParameter("fieldname") to get the value. Otherwise, I'm not clear on what you are really trying to do.
  3) If the field in the tag is an int field: setAgentID(int)
  Then you can define the tag value as:
  <mytag:stuff agentID="1" />
  or
  <% int aid = 1; %>
  <mytag:stuff agentID="<%= aid %>" />
  If you just put a static string value like the first way, it converts it. If you put an expression, the expression has to match the type of value it really is. So int for int, String for String, Collection for Collection.

• How to pass custom cookie from report builder application to SSRS Custom Security Extension?

  We want to implement SSRS in SaaS model. We implemented Custom Security extension in order to authenticate users from other application. When user enters username/password, i would like to authenticate the user in other application and it will return some data which can be used for autherization. I am expecting the same set of data will be accessible during all autherization calls.
  Currently we are implementing this in Report Builder application. I couldn't able to persist the information in cookie. Report builder removes all the cookies exceprt one cookie which is used by report server.Is there any way to share the information in all reportbuilder autherization calls in same session?

  if you have your own data extension, you can using
  HttpContext.Current.Application.Add("yourkey",
  yourdata);
  to save your data, but the issue I met it the key, I cannot find a key depended on report builder. If I use username, if the user open 2 report builder, both of them will get the same key and same data, but at this case the data should be different.
  I hope it will help you.

• What is the best way to deploy/update custom security realm classes to WLS 6.0?

  From the WLS 6.0 console, I see that I can specify the Java class that
  implements my custom security realm but I am wondering what is the best way
  to deploy/update this code. I don't see a way to do this from the console.
  Does this mean that I have to manually copy the class files over that
  implement my custom security realm?

  Thanks Danut,
  A jar file seems to be a good way to package it up but it sounds like it
  still needs to be manually copied to each Weblogic server install directory
  post-installation and whenever it is updated. I thought it would be nice to
  be able to deploy/update the custom security realm by uploading it through
  the Console just as you can with web applications and EJBs.
  Brian
  "Danut Prisacaru" <[email protected]> wrote in message
  news:3aba2db0$[email protected]..
  You have to have your Custom Realm class in the class path. I usually havea
  jar file with all the Custom Realm classes and that jar I copy it in thelib
  folder. Then I modify "startWebLogic.cmd" and I add to the classpath
  ".\lib\CustomRealm.jar"
  set
  CLASSPATH=.;.\lib\weblogic_sp.jar;.\lib\weblogic.jar;.\lib\CustomRealm.jar;
  >
  Be aware that in order to have you custom realm besides creating thecustom
  realm using the console you also have to create a custom caching andchoose
  that one as your default caching realm.
  Here is how the security settings are looking in my "config.xml"
  <CustomRealm Name="CustomRealm"
  RealmClassName="Custom.appserver.weblogic.security.CustomRealm"/>
  <CachingRealm BasicRealm="CustomRealm" CacheCaseSensitive="true"
  Name="CustomCachingRealm"/>
  <Realm CachingRealm="CustomCachingRealm" FileRealm="wl_default_file_realm"
  Name="wl_default_realm"/>
  <FileRealm Name="wl_default_file_realm"/>
  <Security GuestDisabled="false"
  Name="mydomain" PasswordPolicy="wl_default_password_policy"
  Realm="wl_default_realm"/>
  Danut