Retrieve ejb security roles list
Hi,
in a EJB stateless session bean is it possible to retrieve, by EJB context, the list of configured roles related to the current user?
Thanks in advance.
bye
Rob
Based on the link given here is the xml. This XML already exists in the application and has such structure
<security-permission>
<security-role-map>
<role-name>developer</role-name>
<server-role-name>role1</server-role-name>
<server-role-name>role2</server-role-name>
<server-role-name>role3</server-role-name>
<server-role-name>role4</server-role-name>
<server-role-name>role5</server-role-name>
</security-role-map>
</security-permission>
My question is, which of the following annotation will work:
@RolesAllowed(value=)
or
@RolesAllowed(value=) //currently I am using this.
Edited by: Arpit Goyal on Feb 27, 2009 4:39 AM
Similar Messages
-
Problem mapping LoginModule roles to ejb security roles
I have "successfully" managed to implement the DBSystemLoginModule. When I run my application I successfully authenticate to the database, the login module successfully retrieves the users roles from the database and adds them to the subject:
PassiveCallbackHandler cbh = new PassiveCallbackHandler(username, password);
LoginContext lc = new LoginContext("current-workspace-app", cbh);
lc.login();
I then perform a lookup on a bean using the same user:
Hashtable env = new Hashtable();
env.put(Context.INITIAL_CONTEXT_FACTORY, "oracle.j2ee.rmi.RMIInitialContextFactory");
env.put("java.naming.security.principal",username);
env.put("java.naming.security.credentials",password);
env.put("java.naming.provider.url", "ormi://localhost:23891/current-workspace-app");
Context ic = new InitialContext(env);
final SessionEJBHome sessionEJBHome =
(SessionEJBHome) PortableRemoteObject.narrow( ic.lookup( "SessionEJB" ), SessionEJBHome.class );
Finally, I create an instance of the bean and call a method of this bean.
SessionEJB sessionEJB;
sessionEJB = sessionEJBHome.create( );
sessionEJB.testMe( );
I am expecting (hoping) that the roles retrieved from the database by the login module may be used to authenticate the ejb methods. i.e. if (in ejb-jar.xml) the method "testMe" has a method-permission with role-name of "ABC" then this method may only be accessed if the user is a member of the "ABC" role retrieved from the database by the login module. However I get the message:
"username is not allowed to call this EJB method"
When I add a security-role-mapping in orion-ejb-jar.xml mapping the role "ABC" to the group "ABC" (and impliesALL="true") then the method is called successfully. However, if I add a security-role-mapping mapping the role "DEF" to the group "DEF" (which the user is not a member of) the ejb method is (wrongly) called successfully (with implies all="false" the method always fails). In other words there seems to be no mapping of the roles retrieved by the login module to the ejb security roles.
Can anyone please enlighten me on how I can achieve the mapping of the ejb security roles to the roles obtained from the login module.
Thanks
PS I have this problem with JDeveloper 10.1.3 (Developer Preview 10.1.3.0.2.223 and Early Access 10.1.3.0.3.3412)Hi Sebastian,
yes, it is possible to do such mapping. And here how it works:
1. define security roles in the ejb-jar.xml within the <security-role>. For example:
<security-role>
<role-name>test</role-name>
</security-role>
2. then you map the roles those roles to server security roles using the <security-role-map> tag of the ejb-j2ee-engine.xml descriptor.
<security-permission>
<security-role-map>
<role-name>test</role-name>
<server-role-name>myUMErole</server-role-name>
</security-role-map>
</security-permission>
the myUMErole must be defined in the UME!
Does this answer your question? -
Hello,
I am using JDeveloper 3.2.2 to deploy EJBs to an 8.1.7 DB. Could someone point me in the direction of some documentation that would explain the concept of security roles and users for EJB methods? Do the users have to map to real users in the DB or how are they handled etc.
Thanks in advance,
- NikBased on the link given here is the xml. This XML already exists in the application and has such structure
<security-permission>
<security-role-map>
<role-name>developer</role-name>
<server-role-name>role1</server-role-name>
<server-role-name>role2</server-role-name>
<server-role-name>role3</server-role-name>
<server-role-name>role4</server-role-name>
<server-role-name>role5</server-role-name>
</security-role-map>
</security-permission>
My question is, which of the following annotation will work:
@RolesAllowed(value=)
or
@RolesAllowed(value=) //currently I am using this.
Edited by: Arpit Goyal on Feb 27, 2009 4:39 AM -
Ejb security role & bea implementation
A role has been defined in ejb-jar as following:
<security-role>
<description><![CDATA[Deployer User]]></description>
<role-name>deployer</role-name>
</security-role>
<method-permission>
<description><![CDATA[Deployer Method Permission]]></description>
<role-name>deployer</role-name>
<method>
<description><![CDATA[All method for CCPStateBean]]></description>
<ejb-name>CCPStateBean</ejb-name>
<method-name>*</method-name>
</method>
</method-permission>
If the principal is included in the weblogic-ejb-jar as below, and the jndi lookup
includes the SECURITY_PRINCIPAL (e.g., jzhu), the code works fine.
<security-role-assignment>
<role-name>deployer</role-name>
<principal-name>jzhu</principal-name>
</security-role-assignment>
The problem comes when the principal is not included as above weblogic-ejb-jar
instead a role "deployer" is defined in WLS's, The user ("jzhu") is defined in
the deployer group. And the deployer group belongs to deployer role. The defaultRoleMapper
is enabled. In this scenario, the access failed due to insufficient permission.
Can ejb-jar's role relates to WLS's role. Please advise. THX.
-JohnThanks for the information. It works. I wish bea monitor this newsgroup since this
is not in their document. By the way, the following links clarifies the relationship
between DD and admin console security configuration.
http://edocs.bea.com/wls/docs70/security/cli_apps.html#1090734
-John
"Arjuna Chala" <[email protected]> wrote:
I don't know about "defaultRoleMapper", but this works
<security-role-assignment>
<role-name>deployer</role-name>
<principal-name>deployer</principal-name>
</security-role-assignment>
where <role-name> maps to a ejb-jar role and <principal-name> maps to
a
weblogic group (in this case).
"john" <[email protected]> wrote in message
news:[email protected]..
A role has been defined in ejb-jar as following:
<security-role>
<description><![CDATA[Deployer User]]></description>
<role-name>deployer</role-name>
</security-role>
<method-permission>
<description><![CDATA[Deployer Method Permission]]></description>
<role-name>deployer</role-name>
<method>
<description><![CDATA[All method for CCPStateBean]]></description>
<ejb-name>CCPStateBean</ejb-name>
<method-name>*</method-name>
</method>
</method-permission>
If the principal is included in the weblogic-ejb-jar as below, andthe
jndi lookup
includes the SECURITY_PRINCIPAL (e.g., jzhu), the code works fine.
<security-role-assignment>
<role-name>deployer</role-name>
<principal-name>jzhu</principal-name>
</security-role-assignment>
The problem comes when the principal is not included as aboveweblogic-ejb-jar
instead a role "deployer" is defined in WLS's, The user ("jzhu") isdefined in
the deployer group. And the deployer group belongs to deployer role.The
defaultRoleMapper
is enabled. In this scenario, the access failed due to insufficientpermission.
Can ejb-jar's role relates to WLS's role. Please advise. THX.
-John -
How to list principals in the security role?
Does anybody know how to list principals assigned to a security role programmatically?
The role assigment is specified in weblogic.xml files for web applications and
weblogic-ejb-jar.xml files for EJBs.
Any help would be much appreciated,
MargaretI think it's not possible. However, what you can do is to assign a role to a
group (this relationship being statically defined in weblogic.xml) and then
manipulate the group membership in order to assign users to the role on the
fly.
"Margaret Oberc" <[email protected]> wrote in message
news:3b127763$[email protected]..
>
Does anybody know how to list principals assigned to a security roleprogrammatically?
The role assigment is specified in weblogic.xml files for webapplications and
weblogic-ejb-jar.xml files for EJBs.
Any help would be much appreciated,
Margaret -
Configure security-role and method permission for EJB 3.0 using Jdev 11g
The EJB 3.0 session bean created by Jdev 11g EJB wizard does not have ejb-jar.xml. Where and how can security-role and method permission for the EJB be configured?
For example,
<assembly-descriptor>
<security-role>
<role-name>managers</role-name>
</security-role>
<method-permission>
<role-name>managers</role-name>
<method>
<ejb-name>Employees</ejb-name>
<method-name>setSalary</method-name>
<method-params>
<method-param>java.lang.Long</method-param>
</method-params>
</method>
</method-permission>
</assembly-descriptor>user516954,
By default annotations are used. However, you can create a new descriptor and that will take presidence over any declared annotation.
--Ric -
Warning: EJB referenced an unknown security role?
Hello,
I get a weird error from WL 5.1 (SP6), using the default WLPropertyRealm.
In the EJB I have the following check:
if (ctx.isCallerInRole("ConspiratorRole"))
System.out.println ("the user is in the ConspiratorRole role");
At run time, I get the following warning in the WL window:
Fri Nov 10 12:56:58 EST 2000:<I>
<EJB JAR deployment D:/weblogic/myserver/myBean.jar>
Warning: EJB "unu" referenced an unknown security role
However:
- the role IS defined (see ejb-jar.xml)
- has an associated principal (see weblogic-ejb-jar.xml)
- there is a principal defined in weblogic.properties
- this principal (and this role) is actually used in practice to access the
bean. Which works.
So why the warning?
Any hint appreciated,
Thanks.
ejb-jar.xml:
<assembly-descriptor>
<security-role>
<description>description of the ConspiratorRole</description>
<role-name>ConspiratorRole</role-name>
</security-role>
</assembly-descriptor>
weblogic-ejb-jar.xml:
<weblogic-ejb-jar>
<security-role-assignment>
<role-name>ConspiratorRole</role-name>
<principal-name>Conspirator</principal-name>
</security-role-assignment>
</weblogic-ejb-jar>You should not reference the role link in you code.The role link is used to
connect the role name in you code to the
role name in your deployment descripment. Only if this link is set up as you
have done below, will the isCallerInRole return true.
- Sri
Alf wrote:
I reviewed older postings and found indications of what appears to be a bug
in WL: that isCallerInRole always return false for role names but returns
correct values if the role names are linked with a reference in
<security-role-ref>. So, according to the DTD at
http://edocs.bea.com/wle/dd/ddref.htm#1038338 I added the following in
ejb-jar.xml:
<ejb-jar>
<enterprise-beans>
<session>
<security-role-ref>
<role-name>ConspiratorRole</role-name>
<role-link>ConspiratorRoleLink</role-link>
</security-role-ref>
and added 2 lines in the bean to test the both the role and the reference
if (ctx.isCallerInRole("ConspiratorRole"))
System.out.println ("the user is in the ConspiratorRole role");
if (ctx.isCallerInRole("ConspiratorRoleLink"))
System.out.println ("the user is in the ConspiratorRoleLink
role");
The unexpected result was a NullPointerException at
weblogic.ejb.internal.BaseEJBContext.isCallerInRole(BaseEJBContext.java:665)
Can anyone shed some light? Thanks.
"Alf" <alf> wrote in message news:[email protected]...
Hello,
I get a weird error from WL 5.1 (SP6), using the default WLPropertyRealm.
In the EJB I have the following check:
if (ctx.isCallerInRole("ConspiratorRole"))
System.out.println ("the user is in the ConspiratorRole role");
At run time, I get the following warning in the WL window:
Fri Nov 10 12:56:58 EST 2000:<I>
<EJB JAR deployment D:/weblogic/myserver/myBean.jar>
Warning: EJB "unu" referenced an unknown security role
However:
- the role IS defined (see ejb-jar.xml)
- has an associated principal (see weblogic-ejb-jar.xml)
- there is a principal defined in weblogic.properties
- this principal (and this role) is actually used in practice to accessthe
bean. Which works.
So why the warning?
Any hint appreciated,
Thanks.
ejb-jar.xml:
<assembly-descriptor>
<security-role>
<description>description of the ConspiratorRole</description>
<role-name>ConspiratorRole</role-name>
</security-role>
</assembly-descriptor>
weblogic-ejb-jar.xml:
<weblogic-ejb-jar>
<security-role-assignment>
<role-name>ConspiratorRole</role-name>
<principal-name>Conspirator</principal-name>
</security-role-assignment>
</weblogic-ejb-jar> -
Security-role and security-role-assignment not working in WL7.0
Hello all..
Some EJB components that worked fine in WebLogic 6.1 no longer work in
WL7.0. It has to do with the security-role and security-role-assignment
descriptor elements no longer allowing anonymous users to be included in the
authorization for a bean.
For example, in WL6.1 placing these items in ejb-jar.xml:
<assembly-descriptor>
<security-role>
<role-name>Employees</role-name>
</security-role>
<method-permission>
<role-name>Employees</role-name>
<method>
<ejb-name>CustomerEJB</ejb-name>
<method-name>*</method-name>
</method>
</method-permission>
and mapping WebLogic default users to this role in weblogic-ejb-jar.xml:
<security-role-assignment>
<role-name>Employees</role-name>
<principal-name>guest</principal-name>
<principal-name>system</principal-name>
</security-role-assignment>
worked fine for clients creating their context using a simple
InitialContext() constructor without specifying SECURITY_PRINCIPAL or
SECURITY_CREDENTIALS. These users were basically "guest" to WebLogic, and
the security-role-assignment element above told WebLogic that "guest" was in
the Employees role for purposes of this EJB archive.
Worked in WL6.1, no longer works in WL7.0. Client receives typical
permission exception:
java.rmi.AccessException: Security violation: insufficient permission to
access method 'create'
If I explicity connect as "system" things are fine, or I can create a new
user in the default realm in WebLogic, put a matching <principal-name>
element in the section above, and connect as that user. Note that if I leave
off the <security-role> section completely, or set the required role name to
"everyone", the anonymous access works fine. Apparently the anonymous user
is a member of "everyone" behind the scenes even though "everyone" does not
appear in the realm list of groups or roles.
So, my question boils down to this: Is there a "magic" username in WL7 like
"guest" was in WL6.1 that can be mapped to the required role name, or must
every client connection use a true weblogic-created user with appropriate
role assignments used to map it to the required role name.
-Greg
P.S. Note that none of the EJB examples provided with WL used
<security-role>..
Check out my WebLogic 6.1 Workbook for O'Reilly EJB Third Edition
www.amazon.com/exec/obidos/ASIN/1931822468 or www.titan-books.comBelow are the screen shots for PFCG:
-
Hello !
I read that controlled access to EJB methods can be achieved by mean of defining security roles (in the EJB deployment descriptors). I also read that each time an EJB method is called, the EJB client's Principal is forwarded to the EJB context. What I dont't know is how to establish a link between the client's principal and EBJ security roles ? I guess it should be possible. If not how should the method isCallerInRole work ? Can anyone help me ?
Pascal.The primary concept for EJB security is that of "roles"
A user may be in one or more roles. It is only roles that have particular access rights, not users. So for instance, the "administrator" role might have certain access right, that the "client" roles might not. If a user is switched from being a "client" to an "administrator" (or is given both roles), that user will then have access to all the methods accessible to the "administrator" role.
Each method can be restricted based upon roles. The restrictions are listed in the <assembly-descriptor> tag. First of all, all roles must be listed. Then for each method, the access rights are listed by role. An example is shown below:
<assembly-descriptor>
<security-role>
<role-name>administrator</role-name>
</security-role>
<security-role>
<role-name>client</role-name>
</security-role>
<method-permission>
<role-name>administrator</role-name>
<role-name>client</role-name>
<method>
<ejb-name>StockQuotes</ejb-name>
<method-name>buy</method-name>
</method>
<method>
<ejb-name>StockQuotes</ejb-name>
<method-name>getPrice</method-name>
</method>
</method-permission>
</assembly-descriptor>
Each method-permission tag may list one or more role names, followed by one or more methods that are accessible for that role. The "*" character may be used to specify method names (indicating all methods.) For multiple methods with the same name, the EJB specifications allow detailed parameter lists and interface type to identify methods uniquely, but this is outsie the scope of this tutorial -- check reference material if you need to do this.
The actual mapping from user names to security roles, and the specification of user names and passwords is application-server dependent.
Hope this helps -
Why security-role-assignment is required ?
Hi all.
We develop EJB application which uses:
* declarative security using <method-permission> in ejb-jar.xml
* our own RoleMapper SSP, which take mapping data from DB
(our Mapper doesn't use weblogic-ejb-jar.xml at all)
When I deploy my app without <security-role-assignment>
in weblogic-ejb-jar.xml I receive the deployment exception:
<quote>
The security-role MY_ROLE, defined in ejb-jar.xml,
is not correctly mapped to a security principal.
Make sure the security-role has a corresponding
security-role-assignment element in the
weblogic-ejb-jar.xml descriptor.
</quote>
Yes, this is absolutely correct --
I didn't define the mapping in *.xml advisedly,
because of it is defined in DB and my own Mapper
retrieves data required for role mapping from DB,
not from descriptor *.xml
Questions are:
==============
1. why <security-role-assignment> is so strictly required ? :(
2. is it possible to use declarative security with own RoleMapper ?
3. if `yes` then how to get rid of the exception ?
I have one workaround:
to add to weblogic-ejb-jar.xml fake mapping for
each EJB role used in ejb-jar.xml:
<security-role-assignment>
<role-name>MY_ROLE</role-name>
<principal-name>FaKe_Blah_bLAH</principal-name>
</security-role-assignment>
In this case all works fine,
but workaround smells very very bad :(
Thanks in advance.
Best regards,
Eugene VoytitskyHello,
could you provide addition information on the server version and the facets installed in the dynamic web and EAR project ?
thanks
Raj -
J2EE, get all security roles
On a J2EE application server (preferable from in a Servlet, but EJB is also fine), how do I get an array or list of all security roles?
I want to present the user who creates for example a forum topic to define which roles can view it.On a J2EE application server (preferable from in a
Servlet, but EJB is also fine), how do I get an array
or list of all security roles?
I want to present the user who creates for example a
forum topic to define which roles can view it.Short answer: You cant, because there is no such functionality mandated by either the servlet or the ejb specs.
Long answer: You can, but it will be particular to the registry implementation you use, and will also mandate some naming scheme to map between for example ldap groups and authentication roles.
Br - J -
How to get security roles in a JSF portlet
I need to get the LDAP user-roles available in the Sun Portal Server 7 in my JSF-168 portlet.
I've added the mapping file, updated the portlet.xml and web.xml, deployed the portlet (psconsole). But the portlet shows the "content not available" error with javax....title title.
I've probably messed up the descriptors, but I don't see what is wrong. Here they are:
roleMaps.properties
cn\=VSM.Administrator,dc\=neco,dc\=cz=Administrator
web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="2.4">
<context-param>
<param-name>javax.faces.STATE_SAVING_METHOD</param-name>
<param-value>server</param-value>
</context-param>
<context-param>
<param-name>javax.faces.CONFIG_FILES</param-name>
<param-value>/WEB-INF/navigation.xml,/WEB-INF/managed-beans.xml</param-value>
</context-param>
<context-param>
<param-name>com.sun.faces.validateXml</param-name>
<param-value>true</param-value>
</context-param>
<context-param>
<param-name>com.sun.faces.verifyObjects</param-name>
<param-value>false</param-value>
</context-param>
<filter>
<filter-name>UploadFilter</filter-name>
<filter-class>com.sun.rave.web.ui.util.UploadFilter</filter-class>
<init-param>
<description>
The maximum allowed upload size in bytes. If this is set
to a negative value, there is no maximum. The default
value is 1000000.
</description>
<param-name>maxSize</param-name>
<param-value>1000000</param-value>
</init-param>
<init-param>
<description>
The size (in bytes) of an uploaded file which, if it is
exceeded, will cause the file to be written directly to
disk instead of stored in memory. Files smaller than or
equal to this size will be stored in memory. The default
value is 4096.
</description>
<param-name>sizeThreshold</param-name>
<param-value>4096</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>UploadFilter</filter-name>
<servlet-name>Faces Servlet</servlet-name>
</filter-mapping>
<servlet>
<servlet-name>Faces Servlet</servlet-name>
<servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet>
<servlet-name>ExceptionHandlerServlet</servlet-name>
<servlet-class>com.sun.errorhandler.ExceptionHandler</servlet-class>
<init-param>
<param-name>errorHost</param-name>
<param-value>localhost</param-value>
</init-param>
<init-param>
<param-name>errorPort</param-name>
<param-value>25444</param-value>
</init-param>
</servlet>
<servlet>
<servlet-name>ThemeServlet</servlet-name>
<servlet-class>com.sun.rave.web.ui.theme.ThemeServlet</servlet-class>
</servlet>
<servlet>
<description>Generated By Sun Java Studio Creator</description>
<display-name>CreatorPortlet Wrapper</display-name>
<servlet-name>VSMPortal</servlet-name>
<servlet-class>org.apache.pluto.core.PortletServlet</servlet-class>
<init-param>
<param-name>portlet-class</param-name>
<param-value>com.sun.faces.portlet.FacesPortlet</param-value>
</init-param>
<init-param>
<param-name>portlet-guid</param-name>
<param-value>VSMPortal.VSMPortal</param-value>
</init-param>
</servlet>
<servlet-mapping>
<servlet-name>ExceptionHandlerServlet</servlet-name>
<url-pattern>/error/ExceptionHandler</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>ThemeServlet</servlet-name>
<url-pattern>/theme/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>VSMPortal</servlet-name>
<url-pattern>/VSMPortal/*</url-pattern>
</servlet-mapping>
<welcome-file-list>
<welcome-file>faces/null</welcome-file>
</welcome-file-list>
<error-page>
<exception-type>javax.servlet.ServletException</exception-type>
<location>/error/ExceptionHandler</location>
</error-page>
<error-page>
<exception-type>java.io.IOException</exception-type>
<location>/error/ExceptionHandler</location>
</error-page>
<error-page>
<exception-type>javax.faces.FacesException</exception-type>
<location>/error/ExceptionHandler</location>
</error-page>
<error-page>
<exception-type>com.sun.rave.web.ui.appbase.ApplicationException</exception-type>
<location>/error/ExceptionHandler</location>
</error-page>
<jsp-config>
<jsp-property-group>
<url-pattern>*.jspf</url-pattern>
<is-xml>true</is-xml>
</jsp-property-group>
</jsp-config>
<security-role>
<role-name>Administrator</role-name>
</security-role>
</web-app>
portlet.xml
<?xml version='1.0' encoding='UTF-8' ?>
<portlet-app xmlns='http://java.sun.com/xml/ns/portlet/portlet-app_1_0.xsd' xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance' xsi:schemaLocation='http://java.sun.com/xml/ns/portlet/portlet-app_1_0.xsd http://java.sun.com/xml/ns/portlet/portlet-app_1_0.xsd' version='1.0'>
<portlet>
<description>Created By Java Studio Creator</description>
<portlet-name>VSMPortal</portlet-name>
<display-name>VSMPortal Portlet</display-name>
<portlet-class>com.sun.faces.portlet.FacesPortlet</portlet-class>
<init-param>
<name>com.sun.faces.portlet.INIT_VIEW</name>
<value>/Uctarna.jsp</value>
</init-param>
<expiration-cache>0</expiration-cache>
<supports>
<mime-type>text/html</mime-type>
<portlet-mode>VIEW</portlet-mode>
</supports>
<supported-locale>en</supported-locale>
<portlet-info>
<title>VSMPortal</title>
<short-title>VSMPortal</short-title>
<keywords>Creator</keywords>
</portlet-info>
<security-role-ref>
<role-name>Administrator</role-name>
<role-link>Administrator</role-link>
</security-role-ref>
</portlet>
</portlet-app>If I don't use the security-role and security-role-ref tags, the portlet works, and the isUserInRole method obviously doesn't.Nobody uses the LDAP roles in a portlet? Anybody knows other thread discussing similar issue (I can't find anything)?
-
How to use security roles in Weblogic server?
Hello Gurus,
I am new to Weblogic server and I am trying to investigate how to make
use of security roles in weblogic server (5.1.0). Can anyone point me
to some documentation. Specifically, I am looking for instance level,
and method level security and how to use it.
Thanks for taking your time to read this e-mail.
Thank You all in advance,
Hari.You should read the security information in the Servlet 2.2 specification
that WL 5.1 implements:
http://java.sun.com/products/servlet/download.html
Chapter 11 deals with declarative and programmatic security, and includes a
section on roles:
11.4 Roles
A role is an abstract logical grouping of users that is defined by the
Application Developer or
Assembler. When the application is deployed, these roles are mapped by a
Deployer to security
identities, such as principals or groups, in the runtime environment.
A servlet container enforces declarative or programmatic security for the
principal associated with
an incoming request based on the security attributes of that calling
principal. For example,
1. When a deployer has mapped a security role to a user group in the
operational environment. The
user group to which the calling principal belongs is retrieved from its
security attributes. If the
principal's user group matches the user group in the operational environment
that the security
role has been mapped to, the principal is in the security role.
2. When a deployer has mapped a security role to a principal name in a
security policy domain, the
principal name of the calling principal is retrieved from its security
attributes. If the principal is
the same as the principal to which the security role was mapped, the calling
principal is in the
security role.
Cameron Purdy
http://www.tangosol.com
"Hari" <[email protected]> wrote in message
news:[email protected]..
Hello Gurus,
I am new to Weblogic server and I am trying to investigate how to make
use of security roles in weblogic server (5.1.0). Can anyone point me
to some documentation. Specifically, I am looking for instance level,
and method level security and how to use it.
Thanks for taking your time to read this e-mail.
Thank You all in advance,
Hari. -
How can I limit/control the addition of auth. objects to security roles?
Checking the authorization object S_USER_VAL it seemed that it grants the ability to limit the addition of authorization objects, but I tried using a test ID in sandbox along with a test role, removing the object, creating ranges in order to limit to a certaing type of auth. objects and didn't work. S_USER_AGR will give me access to limit which type of roles I can modify, but I'm looking to restrict the addition of specific security objects to security roles. If anyone knows the answer to this please share! Thanks in advance for your help!!!!
Edited by: Armando Salas on Nov 29, 2011 7:41 PMHi Armando,
Try with auth.obj. S_USER_AUT. A suggestion. Search this objects with tcode SU24, for instance, for tcode PFCG and it gives a list with objects.
I hope this helps you
Regards
Eduardo -
Redirecting user to acustom page depending on security role after glassfish
Hi,
I have a JSF application using glassfish authentication mechanism. I'm planning to use a jdbc realm and form based authentication (I'm using a jsp page to get username and password) . I have 3 different user roles (student, admin and staff)
However I cannot find how to redirect a user to a different page (Ex: staff report page if the logged in user is in the security role staff). I have configured sun-web.xml and web.xml to map the roles and groups. The problem is after authentication the user is always redirected back to the home page, which is the login page. I understand this is how the glassfish authentication works by default. But is there a way to navigate the user to a different page depending on his role.
I'm new to EJB security. Please help me on this subject. Thanks a lot in advance.Check this blog post, which provides an alternate solution (You can choose the best possible solution based on your use-case).
http://andrejusb.blogspot.com/2007/10/security-in-oracle-adf-and-automatic.html
Thanks,
Navaneeth
Maybe you are looking for
-
Hi Experts Can you please tell me how we can calculate tax for assets while doing depreciation. what are the month-end & year-end activities in asset accounting. what is the use of assigning cost center in AA.
-
Help! Can't back up library to disc
My computer has cooties, so I plan to reformat and start over. The only things I'm afraid of losing are a few pictures and my iTunes library (about 10 gigs). When I try to back up library to CD-R, everything works until I see "Burning Disc...finishin
-
Hi All, How to add a link like "Export to PDF" in the context menu for KM documents and on click of that , the document will be exported as a PDF? Regards, Smita
-
Would apple replace a logic board for iPhone 5 if still under warranty?
There has been a logic board failure within the iPhone 5, no water damage to it just switched off and never came back on. Once happened to my iPod Touch and i just got a new one (happened within a month of me buying it and i bought it in HMV) The war
-
WHILE expression giving Error 306, wrong number or types of args in call to
WHILE expression giving Error 306, wrong number or types of args in call to '=' declare block_id block; item_id item; begin block_id := find_block(:system.cursor_block); item_id := find_item(:system.cursor_item); message