Required methods in custom realms

Can anyone help.Being very new to this topic I have a few questions.I have been tasked to the job of constructing a custom security realm. All I want to do in this realm is to authenticated users, all the other tasks are to be passed to the caching realm, and therefore the WLSRealm.My questions are, What methods as an absolute minimum would I need to implement to supply the WLS with what It needs?What is the calling sequence of events made by the WLS against the realm?Were can I find more information regarding custom realms?RegardsPaul.

Hi,
Thank you for your question.
We are currently looking into this issue and will give you an update as soon as possible.
Thank you for your understanding and support.
Linda Li                
Forum Support
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
[email protected]
Linda Li
TechNet Community Support

Similar Messages

  • auth-method BASIC with custom realm

    I've set up my web.xml with <auth-method>BASIC, and I've defined a custom realm
    for authentication. When I enter a valid userid/password at login, I can trace
    authUserPassword() in my custom realm, and I can see that it is returning an object
    which is a subclass of weblogic.security.acl.User, as it should. However, rather
    than acknowledging a successful login and moving on, the login dialog is redisplayed,
    (minus password). Further attempts to enter the same userid/password don't invoke
    authUserPassword(), presumably since the "failed" login is still cached. What
    am I missing?

    Have a look in the web server log to see under what account the failed
    accesses took place, that will help in identifying the cause.
    "Bill Welch" <[email protected]> wrote in message
    news:3b2a6431$[email protected]..
    >
    I've set up my web.xml with <auth-method>BASIC, and I've defined a customrealm
    for authentication. When I enter a valid userid/password at login, I cantrace
    authUserPassword() in my custom realm, and I can see that it is returningan object
    which is a subclass of weblogic.security.acl.User, as it should. However,rather
    than acknowledging a successful login and moving on, the login dialog isredisplayed,
    (minus password). Further attempts to enter the same userid/passworddon't invoke
    authUserPassword(), presumably since the "failed" login is still cached.What
    am I missing?

  • Strange behavior w/ custom realm

    Hi,
    I've implemented a custom realm that exhibits a couple of inconsistencies
    that I'm hoping someone here has encountered:
    1. I've implemented AbstractListableRealm and overridden every method. I
    print out a debugging message and return null out of all the methods that
    return an object. I've developed a web app for which I require
    authentication for all URLs (i.e. /*). The login page comes up fine when I
    request a URL. The interesting this is that none of the authenticate
    methods or authUserPassword are ever called. Is this the correct behavior?
    If so, where do the passwords get checked?
    2. Authentication will always succeed as long as you type in a valid
    username; the password never seems to get checked. This is probably related
    to (1), but since authenticate or authUserPassword are never called, I don't
    see how authentication can ever fail.
    I'm running this against WLS5.1 sp8. The user list is stored in a database
    that I load once and cache in a Hashtable.
    Thanks in advance,
    Dhiren

    Decided to swap back in the Enermax PS (430W) since it had higher ratings for 5v and 3.3v (20A max on the 12V rail, the neo480 had dual 12v rails of 18A and 15A)
    Same thing happens - Power LED goes out when running doom3 or even a windowed DX9 3D demo app (i.e. something increasing the load)
    I guess it's a motherboard issue then...
    and the system did lock up once today (on the 3rd time running
    rthdribl  (windowed DirectX9 benchmark)
    http://www.daionet.gr.jp/~masa/rthdribl/
    I wonder how responsive MSI is going to be on this (no reply to my mail earlier this week) and  I'm not sure newegg would do anything on this but I guess I can call them to ask.

  • Admin Console Integration for Users in a Custom Realm

    We are implementing a custom realm and are having troubles getting our Users to
    show up in the User list.
    Our user class extends weblogic.security.acl.User, and is forced to use the default
    CTOR because our data access layer requires it.
    Unfortunately, getName() returns null if the User(String) constructor is not used.
    Furthermore, Identity::setName() is final, so it seems as though there is no
    way to set the user's name after construction.
    I am correct in this?
    If so, any thoughts on whether it is worth going down the path of making my user
    class implement Principal instead of extending weblogic.security.acl.User? I
    would be forced to try to guess at what methods in User are required to integrate
    with the admin console, I believe. I have not been able to find any documentation
    that specifies what api/contract the console uses when it attempts to display
    user, role, acl information for a custom realm.
    Any advice would be greatly appreciated.
    -chris

    My comments mixed with your text
    "Chris Goodacre" <[email protected]> wrote:
    >
    We are implementing a custom realm and are having troubles getting our
    Users to
    show up in the User list.
    Our user class extends weblogic.security.acl.User, and is forced to use
    the default
    CTOR because our data access layer requires it.
    Unfortunately, getName() returns null if the User(String) constructor
    is not used.Yes.
    Furthermore, Identity::setName() is final, so it seems as though there
    is no
    way to set the user's name after construction.
    I am correct in this?Yes. Changing a user's name on a constructed user object is like mutating that
    user to another user - a security hole. It isn't allowed.
    >
    If so, any thoughts on whether it is worth going down the path of making
    my user
    class implement Principal instead of extending weblogic.security.acl.User?I'd try to stay with extending weblogic.security.acl.User, but also implement
    weblogic.security.acl.CredentialChanger, so you can change passwords through the
    console (otherwise you get NullPointerExceptions).
    You really want to get around not being able to supply a user name as part of
    the ctor.
    I
    would be forced to try to guess at what methods in User are required
    to integrate
    with the admin console, I believe. I have not been able to find any
    documentation
    that specifies what api/contract the console uses when it attempts to
    display
    user, role, acl information for a custom realm.
    Any advice would be greatly appreciated.
    -chris1. Your realm should extend AbstractManageableRealm and implement DebuggableRealm
    if you want to integrate with the console.
    2. The only contract is to implement all the methods!
    3. Check the type of the user and group objects being passed to your realm - if
    they're not your user and group type, reject the call.
    4. The documentation is indeed terrible, and often wrong. The examples shipped
    are incomplete (the RBDMS realm shipped has approx 1/3 of the functionality).
    You'll get good with jad.
    Should all be better in 7.0 with JAAS. The realm interfaces is a dog.
    Good luck,
    simon.

  • How to access "Alternative Realm" or "Custom Realm" from components like Servlet ?

    Hello,
    Says if I have alternative realm or my custom realm which implement
    "ManageableRealm" interface. How can I access the realm from other
    component, like Servlet or EJB in same WLS ? I tried using code like this
    BasicRealm realm =
    Realm.getRealm("XmlRealm","weblogic","myclass.DebugRealm");
    if (realm != null) {
    Class realmClass = realm.getClass();
    out.println("Realm is " + realmClass.getName());
    Which "myclass.DebugRealm" is classname of my own realm. This realm works
    fine when using for authentication and authorization. But when I run this
    code on servlet, it seems that it doesn't return the realm it created when
    starting WLS, I mean the one that served authentication and authorization.
    But it create a new instance of this class (I knew it 'cos I put debug
    message in its constructor). So how can I get reference to the realm
    instance which is created when starting WLS ?
    Thank you in an advance,
    Siros

    Hello again,
    Sorry to say that now I've got the way. I post here again for someone who
    may face that same problem.
    So strange that, I just changed the realm name in below code to "custom" and
    then it works !! My realm is extended from "AbstractListableRealm" class and
    I think I named my realm as "XmlRealm" in it constructor by call
    super("XmlRealm");
    But seems like its "getName()" method always return "custom", so in servlet
    code, it' rather be.
    BasicRealm realm = Realm.getRealm("custom");
    if (realm != null) {
    Class realmClass = realm.getClass();
    out.println("Realm is " + realmClass.getName());
    This works fine and no instance of realm is created. Anyway I saw that
    constructor of "AbstractListableRealm" take String argument for "name" of
    the realm. So why it's always "custom" ???
    Comments are welcome,
    Siros
    "Siros Supavita" <[email protected]> wrote in message
    news:[email protected]..
    Hello,
    Says if I have alternative realm or my custom realm which implement
    "ManageableRealm" interface. How can I access the realm from other
    component, like Servlet or EJB in same WLS ? I tried using code like this
    BasicRealm realm =
    Realm.getRealm("XmlRealm","weblogic","myclass.DebugRealm");
    if (realm != null) {
    Class realmClass = realm.getClass();
    out.println("Realm is " + realmClass.getName());
    Which "myclass.DebugRealm" is classname of my own realm. This realm works
    fine when using for authentication and authorization. But when I run this
    code on servlet, it seems that it doesn't return the realm it created when
    starting WLS, I mean the one that served authentication and authorization.
    But it create a new instance of this class (I knew it 'cos I put debug
    message in its constructor). So how can I get reference to the realm
    instance which is created when starting WLS ?
    Thank you in an advance,
    Siros

  • Custom Realm Bug in WebLogic SP3?

    I recently upgraded WebLogic 6.1 from SP1 to SP3 and am now
    receiving a ClassCastException when invoking the checkPermission
    method on a Custom realm ACL that extends weblogic.security.acl.AclImpl.
    This code worked fine in SP1. It seems that other developers
    have experienced this problem when applying service packs to
    WebLogic 5. Any one else encountering this problem with
    WebLogic 6 and what is the workaround? (Stack trace attached)
    TIA
    [aclimplexception.txt]

    I was unable to determine the cause of the problem, but I was
    able to identify that AclImpl was changed between SP1 and SP3.
    I updated SP3's weblogic.jar with the weblogic.security.acl.AclImpl
    class in the weblogic.jar from SP1 and the exception went away.
    I did not see anything in the release notes for SP2 and SP3
    that indicate what may have changed. Does anyone know?
    "Jason Southern" <[email protected]> wrote:
    >
    >
    >
    I recently upgraded WebLogic 6.1 from SP1 to SP3 and am now
    receiving a ClassCastException when invoking the checkPermission
    method on a Custom realm ACL that extends weblogic.security.acl.AclImpl.
    This code worked fine in SP1. It seems that other developers
    have experienced this problem when applying service packs to
    WebLogic 5. Any one else encountering this problem with
    WebLogic 6 and what is the workaround? (Stack trace attached)
    TIA

  • Attaching a payment method to Customer Account

    Hi All,
    Please let me know the API to attach the payment methods to customer Account/Accout Site Use.
    Thanks,
    Sowmya

    You can use the following API's to do the required.
    a) hz_cust_account_site_v2pub.update_cust_acct_site
    b) hz_cust_account_site_v2pub.update_cust_site_use
    Thanks
    Shailendra

  • Help with Weblogic 6 sp1 Custom Realm !!!!

    We are trying to run Weblogic 6.0 sp1 with our current environment (ejb 1.1, custom
    security realm)
    We can compile and deploy our ejb 1.1 beans. We wish to start with ejb1.1 and
    move to ejb2.0 once we can get our custom security working.
    The JDBC connection pools are fine.
    Our custom security realm uses LDAP for user authentication and an Oracle table
    for authorization (acls).
    Earlier, I wrote to the board and received the below following instructions to
    use our existing custom realm in wl 60. You can read below, but I followed these
    instructions on Solaris 5.6.
    1. I ensured the SunOS patches were up to date.
    2. We ensured the LD_LIBRARY_PATH reflected weblogic 6 (and not 5.1). We moved
    the 5.1 classes over to wl6.
    3. We copied our custom realm properties file to the weblogic root and/or the
    config subdirectory (tried them both).
    4. We ensured the security realm class we wrote is in the classpath (we bunch
    all our serverside classes in a jar file anyway).
    5. Then we created a custom realm via the console &#8211; name BFXRealm and it&#8217;s
    class name <package>.BFXRealm, left configuration box blank.
    6. Then we created a custom caching realm BFXCachingREalm and set its basic realm
    as the custom realm, BFXRealm. All of the enable caches are checked to true.
    7. Then we set the default realm to the BFXCachingRealm.
    Now, when we perform a query, the everyone group should be implied. We don&#8217;t
    implement LDAP lookup on queries. If I try to run a query from a client, I see
    the client box connecting with the server:
    Last line - you can see the client box connecting to the server -
    <May 30, 2001 2:20:07 PM EDT> <Info> <J2EE> <Deployed : DefaultWebApp_myserver>
    <May 30, 2001 2:20:07 PM EDT> <Notice> <WebLogicServer> <WebLogic Server started>
    <May 30, 2001 2:20:07 PM EDT> <Info> <Configuration Management> <Backed up booted
    configuration /opt/apps/weblogic/beasp1/wlserver6.0sp1/./config/mydomain/config.xml
    at /opt/apps/weblogic/beasp1/wlserver6.0sp1/./config/mydomain/config.xml.booted>
    <May 30, 2001 2:20:07 PM EDT> <Notice> <WebLogicServer> <ListenThread listening
    on port 7001>
    <May 30, 2001 2:20:07 PM EDT> <Notice> <WebLogicServer> <SSLListenThread listening
    on port 7002>
    <May 30, 2001 2:20:08 PM EDT> <Info> <Posix Performance Pack> <System has file
    descriptor limits of - soft: '1024', hard: '1024'>
    <May 30, 2001 2:20:08 PM EDT> <Info> <Posix Performance Pack> <Using effective
    file descriptor limit of: '1024' open sockets/files.>
    <May 30, 2001 2:20:08 PM EDT> <Info> <Posix Performance Pack> <Allocating: '3'
    POSIX reader threads>
    <May 30, 2001 2:20:23 PM EDT> <Info> <HTTP> <[HTTP myserver] Created log stream
    /opt/apps/weblogic/beasp1/wlserver6.0sp1/config/mydomain/logs/access.log>
    <May 30, 2001 2:21:50 PM EDT> <Info> <WebLogicServer> <Adding address: 152.51.164.233/152.51
    The client receives the error:
    javax.naming.AuthenticationException. Root exception is java.lang.SecurityException:
    Authentication
    for user aws4270 denied in realm weblogic
    It&#8217;s as if the fileRealm.properties is only being looked at. We do not
    use this for our user/groups/acls in wl5.1.0 and we do not want to in wl6
    For &#8220;fun&#8221;, I added a user to the fileRealm.properties file via the
    console and ran a client query. It worked.
    But when I tried to call an ejbCreate from the client, I received these errors
    from the server:
    BFXSecurityRealmException is a custom exception we have written. A query works
    but a create does not - obviously cannot get to acl in database (?)
    and why the ejb20 errors? We just want to start with ejb 1.1
    In SeqStoreSecurityHelper.isUserAuthorized(): schema = seqStore.INTNUC, class
    = bioseq, project = HIPPI, permission = create
    <May 30, 2001 2:50:10 PM EDT> <Info> <EJB> <EJB Exception in method: ejbCreate:
    com.gw.bioinfo.exception.BFXSecurityRealmException: BFX-90000: A BFXSecurityRealmException
    occurred.
    com.gw.bioinfo.exception.BFXSecurityRealmException: BFX-90000: A BFXSecurityRealmException
    occurred.
    at com.gw.bioinfo.ejb.bioSeq.BioSequenceBean.ejbCreate(BioSequenceBean.java:1562)
    at com.gw.bioinfo.ejb.bioSeq.BioSequenceBeanImpl.ejbCreate(BioSequenceBeanImpl.java:833)
    at java.lang.reflect.Method.invoke(Native Method)
    at weblogic.ejb20.manager.DBManager.create(DBManager.java:408)
    at weblogic.ejb20.internal.EntityEJBHome.create(EntityEJBHome.java:353)
    at com.gw.bioinfo.ejb.bioSeq.BioSequenceBeanHomeImpl.create(BioSequenceBeanHomeImpl.java:111)
    at com.gw.bioinfo.ejb.bioSeq.BioSequenceBeanHomeImpl_WLSkel.invoke(BioSequenceBeanHomeImpl_WLSkel.java:78)
    at weblogic.rmi.internal.BasicServerAdapter.invoke(BasicServerAdapter.java:373)
    at weblogic.rmi.cluster.ReplicaAwareServerRef.invoke(ReplicaAwareServerRef.java:128)
    at weblogic.rmi.internal.BasicServerAdapter.invoke(BasicServerAdapter.java:237)
    at weblogic.rmi.internal.BasicRequestHandler.handleRequest(BasicRequestHandler.java:118)
    at weblogic.rmi.internal.BasicExecuteRequest.execute(BasicExecuteRequest.java:17)
    at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:137)
    at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:120)
    The client receives the error:
    java.rmi.RemoteException: EJB Exception:; nested exception is:
    com.gw.bioinfo.exception.BFXSecurityRealmException: BFX-90000: A BFXSecurityRealmException
    o
    ccurred.
    com.gw.bioinfo.exception.BFXSecurityRealmException: BFX-90000: A BFXSecurityRealmException
    occurred.
    HOW CAN WE GET THE SERVER TO BYPASS FILEREALM and use BFXREALM ???????????
    Thanks,
    Anne
    Subject: Re: Do Custom Security Realms have to use Mbeans?
    Date: 17 May 2001 06:38:23 -0800
    From: "Tom Moreau" <[email protected]>
    Newsgroup: weblogic.developer.interest.security
    Yes this can be done. Here's how:
    1) I'll assume that the classname to your custom realm is "com.yourcompany.YourCustomRealm"
    2) I'll assume that your custom realm has some kind of properties file from which
    it reads its configuration data. Let's call this file "YourCustomRealm.properties"
    3) Copy YourCustomRealm.properties to every machine that you're running wls on
    (you are probably already doing this today).
    4) Make sure that com.yourcompany.YourCustomRealm is in the classpath when you
    start wls (you should already be doing this today)
    5) In 5.1, there used to be some utility classes that customers used for their
    custom realms - something about Pools & Factories. These have been renamed in
    6.0. If you're using these classes, then go to your 5.1 weblogic jar file and
    pull out these classes and add them to your classpath for 6.0.
    6) In the console, create a custom realm and set it's realm class name to com.yourcompany.YourCustomRealm.
    Leave the configuration data section blank.
    7) In the console, configure your custom realm as the alternate realm. That is,
    create a caching realm and set it's basic realm to your custom realm, then set
    the realm's caching realm to the caching realm you just created.
    I'm pretty sure this should work for you. We did this to provide a patch that
    let 6.0 users uses the LDAPRealm rewrite from 5.1.
    The downside is that you don't get single point of administration - that is, you
    have to make your custom realm's configuration data (YourCustomRealm.properties)
    available on all the machines you're running WLS on. If you rework your custom
    realm, then the configuration data gets put in the custom realm configuration
    you create via the console and automatically copied to other machines for you.
    - Tom

    We are trying to run Weblogic 6.0 sp1 with our current environment (ejb 1.1, custom
    security realm)
    We can compile and deploy our ejb 1.1 beans. We wish to start with ejb1.1 and
    move to ejb2.0 once we can get our custom security working.
    The JDBC connection pools are fine.
    Our custom security realm uses LDAP for user authentication and an Oracle table
    for authorization (acls).
    Earlier, I wrote to the board and received the below following instructions to
    use our existing custom realm in wl 60. You can read below, but I followed these
    instructions on Solaris 5.6.
    1. I ensured the SunOS patches were up to date.
    2. We ensured the LD_LIBRARY_PATH reflected weblogic 6 (and not 5.1). We moved
    the 5.1 classes over to wl6.
    3. We copied our custom realm properties file to the weblogic root and/or the
    config subdirectory (tried them both).
    4. We ensured the security realm class we wrote is in the classpath (we bunch
    all our serverside classes in a jar file anyway).
    5. Then we created a custom realm via the console &#8211; name BFXRealm and it&#8217;s
    class name <package>.BFXRealm, left configuration box blank.
    6. Then we created a custom caching realm BFXCachingREalm and set its basic realm
    as the custom realm, BFXRealm. All of the enable caches are checked to true.
    7. Then we set the default realm to the BFXCachingRealm.
    Now, when we perform a query, the everyone group should be implied. We don&#8217;t
    implement LDAP lookup on queries. If I try to run a query from a client, I see
    the client box connecting with the server:
    Last line - you can see the client box connecting to the server -
    <May 30, 2001 2:20:07 PM EDT> <Info> <J2EE> <Deployed : DefaultWebApp_myserver>
    <May 30, 2001 2:20:07 PM EDT> <Notice> <WebLogicServer> <WebLogic Server started>
    <May 30, 2001 2:20:07 PM EDT> <Info> <Configuration Management> <Backed up booted
    configuration /opt/apps/weblogic/beasp1/wlserver6.0sp1/./config/mydomain/config.xml
    at /opt/apps/weblogic/beasp1/wlserver6.0sp1/./config/mydomain/config.xml.booted>
    <May 30, 2001 2:20:07 PM EDT> <Notice> <WebLogicServer> <ListenThread listening
    on port 7001>
    <May 30, 2001 2:20:07 PM EDT> <Notice> <WebLogicServer> <SSLListenThread listening
    on port 7002>
    <May 30, 2001 2:20:08 PM EDT> <Info> <Posix Performance Pack> <System has file
    descriptor limits of - soft: '1024', hard: '1024'>
    <May 30, 2001 2:20:08 PM EDT> <Info> <Posix Performance Pack> <Using effective
    file descriptor limit of: '1024' open sockets/files.>
    <May 30, 2001 2:20:08 PM EDT> <Info> <Posix Performance Pack> <Allocating: '3'
    POSIX reader threads>
    <May 30, 2001 2:20:23 PM EDT> <Info> <HTTP> <[HTTP myserver] Created log stream
    /opt/apps/weblogic/beasp1/wlserver6.0sp1/config/mydomain/logs/access.log>
    <May 30, 2001 2:21:50 PM EDT> <Info> <WebLogicServer> <Adding address: 152.51.164.233/152.51
    The client receives the error:
    javax.naming.AuthenticationException. Root exception is java.lang.SecurityException:
    Authentication
    for user aws4270 denied in realm weblogic
    It&#8217;s as if the fileRealm.properties is only being looked at. We do not
    use this for our user/groups/acls in wl5.1.0 and we do not want to in wl6
    For &#8220;fun&#8221;, I added a user to the fileRealm.properties file via the
    console and ran a client query. It worked.
    But when I tried to call an ejbCreate from the client, I received these errors
    from the server:
    BFXSecurityRealmException is a custom exception we have written. A query works
    but a create does not - obviously cannot get to acl in database (?)
    and why the ejb20 errors? We just want to start with ejb 1.1
    In SeqStoreSecurityHelper.isUserAuthorized(): schema = seqStore.INTNUC, class
    = bioseq, project = HIPPI, permission = create
    <May 30, 2001 2:50:10 PM EDT> <Info> <EJB> <EJB Exception in method: ejbCreate:
    com.gw.bioinfo.exception.BFXSecurityRealmException: BFX-90000: A BFXSecurityRealmException
    occurred.
    com.gw.bioinfo.exception.BFXSecurityRealmException: BFX-90000: A BFXSecurityRealmException
    occurred.
    at com.gw.bioinfo.ejb.bioSeq.BioSequenceBean.ejbCreate(BioSequenceBean.java:1562)
    at com.gw.bioinfo.ejb.bioSeq.BioSequenceBeanImpl.ejbCreate(BioSequenceBeanImpl.java:833)
    at java.lang.reflect.Method.invoke(Native Method)
    at weblogic.ejb20.manager.DBManager.create(DBManager.java:408)
    at weblogic.ejb20.internal.EntityEJBHome.create(EntityEJBHome.java:353)
    at com.gw.bioinfo.ejb.bioSeq.BioSequenceBeanHomeImpl.create(BioSequenceBeanHomeImpl.java:111)
    at com.gw.bioinfo.ejb.bioSeq.BioSequenceBeanHomeImpl_WLSkel.invoke(BioSequenceBeanHomeImpl_WLSkel.java:78)
    at weblogic.rmi.internal.BasicServerAdapter.invoke(BasicServerAdapter.java:373)
    at weblogic.rmi.cluster.ReplicaAwareServerRef.invoke(ReplicaAwareServerRef.java:128)
    at weblogic.rmi.internal.BasicServerAdapter.invoke(BasicServerAdapter.java:237)
    at weblogic.rmi.internal.BasicRequestHandler.handleRequest(BasicRequestHandler.java:118)
    at weblogic.rmi.internal.BasicExecuteRequest.execute(BasicExecuteRequest.java:17)
    at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:137)
    at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:120)
    The client receives the error:
    java.rmi.RemoteException: EJB Exception:; nested exception is:
    com.gw.bioinfo.exception.BFXSecurityRealmException: BFX-90000: A BFXSecurityRealmException
    o
    ccurred.
    com.gw.bioinfo.exception.BFXSecurityRealmException: BFX-90000: A BFXSecurityRealmException
    occurred.
    HOW CAN WE GET THE SERVER TO BYPASS FILEREALM and use BFXREALM ???????????
    Thanks,
    Anne
    Subject: Re: Do Custom Security Realms have to use Mbeans?
    Date: 17 May 2001 06:38:23 -0800
    From: "Tom Moreau" <[email protected]>
    Newsgroup: weblogic.developer.interest.security
    Yes this can be done. Here's how:
    1) I'll assume that the classname to your custom realm is "com.yourcompany.YourCustomRealm"
    2) I'll assume that your custom realm has some kind of properties file from which
    it reads its configuration data. Let's call this file "YourCustomRealm.properties"
    3) Copy YourCustomRealm.properties to every machine that you're running wls on
    (you are probably already doing this today).
    4) Make sure that com.yourcompany.YourCustomRealm is in the classpath when you
    start wls (you should already be doing this today)
    5) In 5.1, there used to be some utility classes that customers used for their
    custom realms - something about Pools & Factories. These have been renamed in
    6.0. If you're using these classes, then go to your 5.1 weblogic jar file and
    pull out these classes and add them to your classpath for 6.0.
    6) In the console, create a custom realm and set it's realm class name to com.yourcompany.YourCustomRealm.
    Leave the configuration data section blank.
    7) In the console, configure your custom realm as the alternate realm. That is,
    create a caching realm and set it's basic realm to your custom realm, then set
    the realm's caching realm to the caching realm you just created.
    I'm pretty sure this should work for you. We did this to provide a patch that
    let 6.0 users uses the LDAPRealm rewrite from 5.1.
    The downside is that you don't get single point of administration - that is, you
    have to make your custom realm's configuration data (YourCustomRealm.properties)
    available on all the machines you're running WLS on. If you rework your custom
    realm, then the configuration data gets put in the custom realm configuration
    you create via the console and automatically copied to other machines for you.
    - Tom

  • Errors encountered when trying to use a Custom Realm on BEA Weblogic Platform Domain .....

    Hi,
    We have created a WebLogic Platform Domain. A WebLogic Portal application(Portal
    7.0) and some Web Service apps are running on this domain.
    We have created a Custom Security Realm b'cos of our application requirements
    and now when I startup the Platform Domain, I see lot of errors.
    Some of the errors typically are
    "<Jan 16, 2003 4:07:02 PM EST> <Error> <HTTP> <101256> <The run-as user: wlisystem,
    for the servlet: ApplicationView for the webapp: /WLI_AI_Workshop_Control_Web,
    could not be resolved to a valid user in the system. Please check if the user
    exists.
    javax.security.auth.login.LoginException: Authentication Failed: User wlisystem
    denied in Realm Adapter realm weblogic"
    or
    Unable to deploy EJB: wlai-eventprocessor-ejb.jar from wlai-eventprocessor-ejb.jar:weblogic.ejb20.WLDeploymentException:
    weblogic.ejb20.interfaces.PrincipalNotFoundException: Authentication Failed: User
    wlisystem denied in Realm Adapter realm weblogic
    Do we have to create any predefined user accounts in the Security Store to get
    rid of these errors. I would appreciate if anyone can suggest some tips or workarounds
    for configuring or creating a Custom Security Realm for Web Logic Platform Domain.
    Thanks
    Vikram

    with 7.0 try to create system in your custom realm.. that may help.
    -kiran
    "Vikram" <[email protected]> wrote in message
    news:[email protected]...
    >
    Kiran,
    First time around, the Custom realm was not authenticating the user. I gotthe
    code to authenticate the user successfully. Now the WebLogic serverwouldn't even
    start. It would give me an error message which says "User System is notauthorized
    to boot Weblogic Server". For your reference, I am attaching the Log file.My
    custom realm classes output some debugging statements in the log file.From the
    log file u will see that the users are getting authenticated successfully.
    Please let me know if you have a custom realm working for you. I might bemissing
    something.
    Appreciate your help.
    Thanks
    Vikram
    "kirann" <[email protected]> wrote:
    does your realm able to authenticate user "wlisystem".
    thanks
    kiran
    "Vikram Datla" <[email protected]> wrote in message
    news:[email protected]...
    Hi,
    We have created a WebLogic Platform Domain. A WebLogic Portalapplication(Portal
    7.0) and some Web Service apps are running on this domain.
    We have created a Custom Security Realm b'cos of our applicationrequirements
    and now when I startup the Platform Domain, I see lot of errors.
    Some of the errors typically are
    "<Jan 16, 2003 4:07:02 PM EST> <Error> <HTTP> <101256> <The run-asuser:
    wlisystem,
    for the servlet: ApplicationView for the webapp:/WLI_AI_Workshop_Control_Web,
    could not be resolved to a valid user in the system. Please check ifthe
    user
    exists.
    javax.security.auth.login.LoginException: Authentication Failed: Userwlisystem
    denied in Realm Adapter realm weblogic"
    or
    Unable to deploy EJB: wlai-eventprocessor-ejb.jar fromwlai-eventprocessor-ejb.jar:weblogic.ejb20.WLDeploymentException:
    weblogic.ejb20.interfaces.PrincipalNotFoundException: AuthenticationFailed: User
    wlisystem denied in Realm Adapter realm weblogic
    Do we have to create any predefined user accounts in the Security Storeto
    get
    rid of these errors. I would appreciate if anyone can suggest sometips or
    workarounds
    for configuring or creating a Custom Security Realm for Web Logic
    Platform
    Domain.
    Thanks
    Vikram

  • Creating a custom realm for tomcat. Help and suggestions please.

    Has anybody ever created a custom realm to authenticate users in tomcat.
    I would like to use form based login with my own realm.
    The form requires 3 fields to log in (hence the custom realm) . I would also like to be able to use the built-in functions like isuserinrole.
    If anybody has experience with this or knows of a place where to get valuable information please let me know.
    Thanks in advance!

    Hi
    Tomcatx.x.x uses the realm sandbox security tecnique
    1)In you'r abcd/web-inf/WEB.xml file
    write the realm config scripts for the required
    jsp/servlet pages[similar will be found in
      Tomcat/webapps/examples/web-inf/web.xml]
    2)In Tomcatx.x.x/conf/tomcat_users.xml
    declare the realm id/pass/roles
    3)If still not able to do then study the web.xml (pdf)
    avaliable at websiter http://www.moreservlets.com

  • Urgent-------ACLs with Custom Realm.

    Can anyone list acls that have to define in my Custom Realm to start default server
    successfully?
    Thanks.

    Have a look in the web server log to see under what account the failed
    accesses took place, that will help in identifying the cause.
    "Bill Welch" <[email protected]> wrote in message
    news:3b2a6431$[email protected]..
    >
    I've set up my web.xml with <auth-method>BASIC, and I've defined a customrealm
    for authentication. When I enter a valid userid/password at login, I cantrace
    authUserPassword() in my custom realm, and I can see that it is returningan object
    which is a subclass of weblogic.security.acl.User, as it should. However,rather
    than acknowledging a successful login and moving on, the login dialog isredisplayed,
    (minus password). Further attempts to enter the same userid/passworddon't invoke
    authUserPassword(), presumably since the "failed" login is still cached.What
    am I missing?

  • Custom Realm for SJSAS 9.x using JAAS documentation too vague

    Hello there,
    I am trying to implement a custom realm for a particular web application on my SJSAS 9.x server. So far I have been unsuccessful and receive the following message in my server.log:
    [#|2006-10-20T13:51:56.390-0300|INFO|sun-appserver-pe9.0|javax.enterprise.system.core.security|_ThreadID=11;_ThreadName=httpWorkerThread-8080-1;javious;|SEC5046: Audit: Authentication refused for [javious].|#]
    The documentation I have been using for reference is at:
    http://docs.sun.com/app/docs/doc/819-3659/6n5s6m58k?a=view#beabs
    However, I have a number of questions.
    First of all, this section referenced by the URL above is identified as "Creating a custom realm". Then the second sentence of this section states "Note that client-side JAAS login modules are not suitable for use with the Application Server". Does this not mean that JAAS login modules are not suitable for use with SJSAS web applications since they are components of the Application Server? Is there a reason for providing information on creating a custom realm for this application server in which it is not suitable for? Why isn't it suitable for the application server? What if I want to implement my own realm for my web application so that I can maintain my application users separately in another application?
    Secondly, this section explains that I can create a custom realm simply by creating a custom JAAS login module and a custom realm class. It then goes on to explain how to construct these classes and what to include in them. Notably, the documentation states the following:
    The authenticateUser() method must end with the following sequence:
    String[] grpList;
    // populate grpList with the set of groups to which
    // _username belongs in this realm, if any
    return commitUserAuthentication(_username, _password,
      _currentRealm, grpList);Having looked at the API for authenticateUser I discovered that it is a void method, however the documentation states to return a value from "commitUserAuthentication(..). Also, my commitUserAuthentication method only excepts a single argument of type String[] representing a list of group names, therefore I am unable to supply the additional arguments as documented. This is confusing.
    Once finished reading the documentation, I am left hanging with hardly a clue as to what to do with these two new classes. Now having implemented a custom login module on Tomcat 5.x in earlier days, I did happen to have some experience to know to edit the security.properties, policy, and login.conf files. So anyhow from here I end up stumbling blindly through configuration of my domain1/login.conf and domain1/server.policy files. I also attempted to add my new realm within the admin console under security/realms and dropped my new jar file (with two classes) into the app server lib directory.
    All in all, this completely fails to work. I have even placed System.out.println statements in all of my implemented methods and none of this actually shows up in my server.log file. Why is this section so vague? Why isn't there a step-by-step example from start to finish of how to implement a simple custom realm in SJSAS9?
    Does anybody have any helpful suggestions?

    Well, once again, I'm going to have to provide my own answer.
    After much waiting and then deciding to invest much time researching documentation and tracking down information to assist in my solution, I have manage to find the golden egg for my own recipe of a solution.
    In addition to the very helpful info I have found at:
    http://developers.sun.com/prodtech/appserver/reference/techart/as8_authentication/index.html
    I have mange to get my custom realm to work with the additional configuration of my sun-application.xml for my ear file. Even though I only wanted to specify my custom realm for my web.xml file, it turns out that in addition to this, I had to also define it in my sun-application.xml file (manually in XML text mode - within Netbeans 5.5) as follows:
    <sun-application>
        <realm>mycustrealm</realm>
        <security-role-mapping>
            <role-name>mycust_role</role-name>
            <group-name>mycust_group</group-name>
        </security-role-mapping>
    </sun-application>

  • Policy Director Custom Realm for Weblogic

    I would like more information on how the Policy Director custom Realm for Weblogic
    works. What all methods are implemented and so on. If anyone could send me the source
    code of the custom Realm that would be of great help.
    Thanks in advance,
    Krish

    Well, once again, I'm going to have to provide my own answer.
    After much waiting and then deciding to invest much time researching documentation and tracking down information to assist in my solution, I have manage to find the golden egg for my own recipe of a solution.
    In addition to the very helpful info I have found at:
    http://developers.sun.com/prodtech/appserver/reference/techart/as8_authentication/index.html
    I have mange to get my custom realm to work with the additional configuration of my sun-application.xml for my ear file. Even though I only wanted to specify my custom realm for my web.xml file, it turns out that in addition to this, I had to also define it in my sun-application.xml file (manually in XML text mode - within Netbeans 5.5) as follows:
    <sun-application>
        <realm>mycustrealm</realm>
        <security-role-mapping>
            <role-name>mycust_role</role-name>
            <group-name>mycust_group</group-name>
        </security-role-mapping>
    </sun-application>

  • Programmatically Updating a custom realm

    Hi,
    We have created a custom realm that uses a rdbms. We have a piece of code that creates
    a new user in the db, and puts them into the appropriate group,
    but since we are using a caching realm, the
    groups are not being updated automatically with this new user
    being in this group. How can we programmatically call the add member method
    or even refresh the cache.
    Cheers
    Joel

    In File > Options > Reporting Tab do you have the option Update Connected Repository Objects on Open enabled?

  • Custom Realm using LDAP?

    Hi,
    has anyone implemented a custom realm using LDAP? I was suprised to learn that
    ACLs are not supported in the LDAPRealm. Our corporate direction is to have a
    central LDAP security store - including ACLs. Unfortunately the LDAP server is
    MS SiteServer! Anyway, I assume this means I need to implement a custom realm
    - unless there is an alternative.
    -chris

    You are correct - you'll need to write a custom
    realm to do this.
    -Tom
    "Chris Jones" <[email protected]> wrote:
    >
    Hi,
    has anyone implemented a custom realm using LDAP? I was suprised to
    learn that
    ACLs are not supported in the LDAPRealm. Our corporate direction is
    to have a
    central LDAP security store - including ACLs. Unfortunately the LDAP
    server is
    MS SiteServer! Anyway, I assume this means I need to implement a custom
    realm
    - unless there is an alternative.
    -chris

Maybe you are looking for

  • How do you tell what RAM chips your RAM has without seeing the actual chips?

    I was wondering about the possibility of actually having Winbond chips in Corsair RAM as I have the Corsair TwinX 1024 DDR3200LL RAM and my system has been completely stable for a month and a half with no BSODs.  Granted, I have not yet overclocked,

  • XQuerry Mappings

    When i am trying to translate the request xml using request xsd to purchase order xml using purchase order xsd. I used XQuery mappings to Generate the output purchase order xml,but i am getting problems with name spaces,and it is not displaying all t

  • Problem creating new ABAP Technical System in SLD

    I newly installed a ECC 5 IDES system (ABAP + JAVA) on my computer for ABAP and Webdynpro learning. I got problem when I try to create new ABAP Technical System in SLD. I put my steps of installation here so you know my full story. 1. Install Central

  • Displaying urdu in report

    I am saving data in the form of urdu in the database through setting regional language. But I m unable to display that stored data in the report in urdu language. if I set nls_lange = utf8 then developer does'nt let me log in and raise an error that

  • Attachments in Mobile Sales

    Hi guys, When we are trying to put into attachment it is giving error saying Size of Attachement is greater then the Maximum size allowed What should we do to enable attachments. I will surely reward your valuable answers