Role password

Similar Messages

• How to disable role password in Solaris 11

  Roles can only be assumed by logged in users. That is the definition of a role. Therefore role authentication is to some extent double authentication. The user has already authenticated as himself when he logged in and the sysadmin has enough trust in him to grant him a certain role. So why would he need to authenticate to the role? Isn't that double authentication ? Anyway I can see why that makes sense on a role like 'root' but on other more normal types of roles ? Really?
  Anyway that is not what this posting is about. It is about me not being able to figure out how to disable role password in Oracle 11.
  In Solaris 10 I would do:
  <pre>passwd -r files -d myrole</pre>
  That would set the myrole account to a no password account and that would be enough to disable it.
  In Solaris 11 I cannot make this work. I suspect this is because of the introduction of the roleauth attribute but I've tried all possible combinations:
  <pre>passwd -r files -d myrole</pre>
  <pre>rolemod -K roleauth=user myrole</pre>
  or
  <pre>passwd -r files -d myrole</pre>
  <pre>rolemod -K roleauth=role myrole</pre>
  Can't make any of these work.
  Pls help.

  Hello MrMonza,
  I do not completely understand what you are looking for. Perhaps it would help if you explained, for which purpose you want to use your new role.
  In short, a role is simply a user account, to which you cannot login directly. As to every user account, rights are assigned to each role. And as for every user account, you have to provide a password for it.
  If you want to switch to a role without password, this is nearly the same as extending the rights of your account.
  This is possible by assigning additional profiles to it via /etc/user_attr. Privileged commands, written by you, and connected to these profiles, can be defined in /etc/security/exec_attr.d/local-entries. These commands can be called via pfexec, see pfexec(1), which grants privileges (e.g. uid=0) for just the call.
  See also user_attr(4), prof_attr(4), exec_attr(4) and the "SEE ALSO" sections in there.
  Profiles can be chosen from the predefined profiles in /etc/security/prof_attr.d, or they can be self-assembled from these profiles and authorizations from /etc/security/auth_attr.d.
  New profiles should be stored in /etc/security/prof_attr.d/local-entries.

• Can I enable a role using a encrypted password ?

  Sir,
  I encrypt the role password using dbms_obfuscation package. Can I enable a role using such a password before decrypting it ?
  Thanks a lot
  Stephen

  Stephen,
  if this is a purely database related question, I suggest to try it on the database forum.
  Frank

• Can I set a role using a encrypted password ?

  Sir,
  I encrypt the role password using dbms_obfuscation package. Can I enable a role using such a password before decrypting it ?
  Thanks a lot
  Stephen

  dbms_obfuscation does not create passwords. A password is not something you can decrypt ! At least until today (maybe tomorrow...).
  you can use the command of chris or simply
  alter role ROLEX identified by 'SWATCH';
  alter ROLE X identified by values '8E9A9A5413F0B5EE';

• Default role  with password - reality check

  I support the database for an application. We upgraded from Oracle10 to Oracle11 9 months ago. Then recently we applied the OCT CPU.
  The application admin says that they have a program that has recently stopped working that worked after the Oracle11 upgrade.
  The application user has a default role which has a password. Is that possible? A default role with a password. Would this have ever worked in any version of Oracle?

  Default role with password is a feature even available with Oracle XE. Default roles are activated without requiring role password in Oracle 10.2:
  SQL> drop user admin cascade;
  User dropped.
  SQL> drop user test cascade;
  User dropped.
  SQL> drop role rwp;
  Role dropped.
  SQL> select * from v$version;
  BANNER
  Oracle Database 10g Express Edition Release 10.2.0.1.0 - Product
  PL/SQL Release 10.2.0.1.0 - Production
  CORE    10.2.0.1.0      Production
  TNS for 32-bit Windows: Version 10.2.0.1.0 - Production
  NLSRTL Version 10.2.0.1.0 - Production
  SQL>
  SQL> create user admin identified by oraclexe;
  User created.
  SQL> grant create session, create table to admin;
  Grant succeeded.
  SQL> grant unlimited tablespace to admin;
  Grant succeeded.
  SQL> grant create user to admin;
  Grant succeeded.
  SQL> grant create role to admin;
  Grant succeeded.
  SQL>
  SQL> create user test identified by oraclexe;
  User created.
  SQL> grant create session to test;
  Grant succeeded.
  SQL>
  SQL> connect admin/oraclexe;
  Connected.
  SQL> create table t(x varchar2(10));
  Table created.
  SQL> insert into t values('admin OK');
  1 row created.
  SQL> commit;
  Commit complete.
  SQL> create role rwp identified by oraclexe;
  Role created.
  SQL> grant all on t to rwp;
  Grant succeeded.
  SQL> grant rwp to test;
  Grant succeeded.
  SQL>
  SQL> connect test/oraclexe;
  Connected.
  SQL> select * from session_roles;
  ROLE
  RWP
  SQL> select * from admin.t;
  X
  admin OK
  SQL> insert into admin.t values('test OK');
  1 row created.
  SQL> commit;
  Commit complete.
  SQL> select * from admin.t;
  X
  admin OK
  test OK
  SQL>There have been changes between Oracle 10.2 and 11.2 because the same script fails in 11.2 unless the role is set with the password:
  SQL> drop user admin cascade;
  User dropped.
  SQL> drop user test cascade;
  User dropped.
  SQL> drop role rwp;
  Role dropped.
  SQL> select * from v$version;
  BANNER
  Oracle Database 11g Enterprise Edition Release 11.2.0.1.0 - Production
  PL/SQL Release 11.2.0.1.0 - Production
  CORE    11.2.0.1.0      Production
  TNS for Linux: Version 11.2.0.1.0 - Production
  NLSRTL Version 11.2.0.1.0 - Production
  SQL>
  SQL> create user admin identified by oraclexe;
  User created.
  SQL> grant create session, create table to admin;
  Grant succeeded.
  SQL> grant unlimited tablespace to admin;
  Grant succeeded.
  SQL> grant create user to admin;
  Grant succeeded.
  SQL> grant create role to admin;
  Grant succeeded.
  SQL>
  SQL> create user test identified by oraclexe;
  User created.
  SQL> grant create session to test;
  Grant succeeded.
  SQL>
  SQL> connect admin/oraclexe;
  Connected.
  SQL> create table t(x varchar2(10));
  Table created.
  SQL> insert into t values('admin OK');
  1 row created.
  SQL> commit;
  Commit complete.
  SQL> create role rwp identified by oraclexe;
  Role created.
  SQL> grant all on t to rwp;
  Grant succeeded.
  SQL> grant rwp to test;
  Grant succeeded.
  SQL>
  SQL> connect test/oraclexe;
  Connected.
  SQL> select * from session_roles;
  no rows selected
  SQL> select * from admin.t;
  select * from admin.t
  ERROR at line 1:
  ORA-00942: table or view does not exist
  SQL> insert into admin.t values('test OK');
  insert into admin.t values('test OK')
  ERROR at line 1:
  ORA-00942: table or view does not exist
  SQL> commit;
  Commit complete.
  SQL> select * from admin.t;
  select * from admin.t
  ERROR at line 1:
  ORA-00942: table or view does not exist
  SQL>
  SQL> set role rwp identified by oraclexe;
  Role set.
  SQL> select * from session_roles;
  ROLE
  RWP
  SQL> select * from admin.t;
  X
  admin OK
  SQL> insert into admin.t values('test OK');
  1 row created.
  SQL> commit;
  Commit complete.
  SQL> select * from admin.t;
  X
  admin OK
  test OK
  SQL>10.2 Security Guide says:
  If you are granted a role protected by a password, then you can enable or disable the role by supplying the proper password for the role in a SET ROLE statement. However, if the role is made a default role and enabled at connect time, then the user is not required to enter a password.
  11.1 and 11.2 Secuirty Guide says:
  If a user is granted a role protected by a password, then you can enable or disable the role by supplying the proper password for the role in the SET ROLE statement. You cannot authenticate a password-authenticated role on logon, even if you add it to the list of default roles. You must explicitly enable it with the SET ROLE  statement using the required password.
  Edited by: P. Forstmann on 20 févr. 2010 10:28

• Hard-coded username/password in Dev10g Forms PL/SQL code...

  Hi ,
  I have developed an application which some logouts as the current user and logon to a new user is required.....
  For this reason i have written the simple pattern:
  logout;
  logon('X','X'||'@'||tns_var,FALSE);
  assuming that db-user user X does have the password X , for example.
  The end-users do not have direct access to this db-user... only via this piece of code and only in Forms web app.
  However , i wonder what may be another option for setting the passwd and where...?????
  I have considered to create a table - called db_users_passwd , for example- which would store both the names/passwords of db users...- maybe in encrypted format.
  This table would reside in the SYS or SYSTEM dataschema , with a strong password....
  I have also read , somewhere , that a wrapped packaged procedure which would return the passwd of the username passed as parameter ...is an option as well...
  Thanks....
  Sim

  That is more developed than our application. The one here was developed in Oracle 7.
  It just calls
    DBMS_SESSION.SET_ROLE(ROLE_1 ||' IDENTIFIED BY '|| PW);The above enables the process to select roles and role passwords from a table, which it uses to build a string used in this statement:
    DBMS_SESSION.SET_ROLE(roles_to_enable);You could do the above in a database package that your form or forms call. Seems like if the security process was only executed from the package, you could produce a very secure system.

• Set role in a form

  Hi,
  If I use DBMS_SESSION.SET_ROLE in a form to set a role with password protected, I must put the role password in my form. That what I do not want.
  Any idea to prevent this from happen?
  Thanks a lot
  Stephen

  A solution (which we used in the past within a application) is to put the role and password in a database table. The password should be stored encrypted (use e.g. dbms_obfuscation_toolkit to perform the encryption/descryption).
  At start up of the form you query the database table and set the role. The logged-in user should of course have select access to the table. The query of the database table can also be done by calling a database (package) procedure in which the query is done.
  Hope this will give you an idea how to proceed.

• Root Password after Solaris 11 Autoinstall?

  So this would normally be a simple thing since according to the docs, the default root password is "solaris" but it seems doesn't work after I reboot my newly installed solaris 11 system.
  I even tried reinstalling, and logging in while it installed and changing the password to something simple but even that doesn't work.
  What is odd that during the autoinstall, I can log in as root with the solaris password but after the system is rebooted(after fully installing) the root password doesn't appear to work.
  Am I supposed to set a root password in the manifest that would be used for the fully installed system?
  Thanks for any help!

  I figured out the problem. I completely forgot I had set up a system configuration profile and I set the root role password in it.

• Users and Password

  Hi,
  We have just configured the SOA discovery box v2.
  We want to use the Visual Administrator to configure the ADS services but the J2EE_ADMIN password i not indicated in the ESA_DISCOVERY_QUICK_GUIDE.
  (I tried admin and sap123 as password but it does not wotk)
  Can you please indicate waht is the default password for J2EE_ADMIN ?
  Also is there any predefined user on the Portal.
  Thanks,
  Momo

  You should download the SAP Discovery System Domonostration Acess 10/2006.
  It will give you all UID/ROLE/Password.
  J2EE Administrator:
  To manage the J2ee engine:
  Field User Action or Values
  User J2EE_ADMIN
  Password sapides123
  SDM:
  Field User Action or Values
  Password sapides123
  NWDS:
  Field User Action or Values
  Server iwdfvm2160
  Port 3900

• Need Help Regarding Users and Roles

  Hi,
  I have Created a role with Password authentication and in that role only object privilege (SELECT TABLE) and System Privilige (CREATE SESSION)
  Now I created user name abbasi and add above role to it and make that role as its default role.
  Now when I connect above user from SQL*Plus its Connected.
  I want to know since for there is Password Authentication then why during the session databse server not authenticate for role password.
  Actually I want to know real usage of password autheticated role.
  Regards.
  D.abbasi

  See the following demo
  SQL> conn aman/aman
  Connected.
  SQL> create user test identified by test;
  User created.
  SQL> create role test_role ;
  Role created.
  SQL> grant create session to test_role;
  Grant succeeded.
  SQL> create role dangerous identified by danger;
  Role created.
  SQL> grant drop any table to dangerous;
  Grant succeeded.
  SQL> grant dangerous, test_role to test;
  Grant succeeded.
  SQL> alter user test default role test_role;
  User altered.
  SQL> conn test/test
  Connected.
  SQL> select * from session_roles;
  ROLE
  TEST_ROLE
  SQL> select * from session_privs;
  PRIVILEGE
  CREATE SESSION
  SQL> set role dangerous;
  set role dangerous
  ERROR at line 1:
  ORA-01979: missing or invalid password for role 'DANGEROUS'
  SQL> set role dangerous identified by danger;
  Role set.
  SQL> select * from session_roles;
  ROLE
  DANGEROUS
  SQL> select * from session_privs;
  PRIVILEGE
  DROP ANY TABLEYou should not make the roles haivng the passwords as the default roles. Let them be there but not as the default roles. These roles can be enabled by the end user when he needs that. In my example, I have made a user TEST, two roles, TEST_ROLE, Dangerous. Dangerous is password protected and contains a priv drop any table. I have made TESt_role as the default role for the user and it becomes active. But for the dangerous,I need to supply the paswword. If I don't , I get an error like I have shown inthe example.
  HTH
  Aman....

• How to get the roles/quotas

  Hi all,
  Db:oracle 9.2.0.6
  os:solaris 8
  can anyone please tell me.....how to get below details all of database users..like user roles,quotas....
  userid,default tablespace,default tablespace quota,system roles,other roles,password expairy.
  thanks,
  kk.

  kk001 wrote:
  Hi all,
  Db:oracle 9.2.0.6
  os:solaris 8
  can anyone please tell me.....how to get below details all of database users..like user roles,quotas....
  userid,default tablespace,default tablespace quota,system roles,other roles,password expairy.
  thanks,
  kk.
  You can query,
  -dba_users
  -dba_profiles
  -dba_roles
  -dba_tab_privs
  -etc
  Cheers

• Table does not exist - uri access

  Hello,
  I tried default browsing interface http://myserver:8080/oradb/SCOTT/EMP and after entering the password to xdb the result is ORA-19202: Error occurred in XML processing ORA-00942: table or view does not exist
  I checked listener on the server and http defined with 8080, and http://myserver:8080/ works fine and shows xml directory. I also added object privileges for SCOTT on EMP - just to be sure.
  What could be the problem ? Oracle 10.2.0.
  Thanks,
  Marina

  In web browser interface, it is no SCOTT or any other user login, only XDB...
  Have you tried? ;-)
  Security and privileges are set via the xdbconfig.xml file, in this case, via the servlet and servlet mapping
  - <servlet-mapping>
    <servlet-pattern>/oradb/*</servlet-pattern>
    <servlet-name>DBURIServlet</servlet-name>
    </servlet-mapping>
  - <servlet-mapping>it says "an authenticated user"
  - <servlet>
    <servlet-name>DBURIServlet</servlet-name>
    <servlet-language>C</servlet-language>
    <display-name>DBURI</display-name>
    <description>Servlet for accessing DBURIs</description>
  - <security-role-ref>
    <role-name>authenticatedUser</role-name>
    <role-link>authenticatedUser</role-link>
    </security-role-ref>
    </servlet>
  - <servlet>It provides security via the following (http://download.oracle.com/docs/cd/B28359_01/appdev.111/b28369/xdb15dbu.htm#sthref1591)
  DBUriServlet Security
  Servlet security is handled by Oracle Database using roles. When users log in to the servlet, they use their database user name and password. The servlet checks to ensure that the user logging has one of the roles specified in the configuration file using parameter security-role-ref). By default, the servlet is available to role authenticatedUser, and any user who logs into the servlet with a valid database password has this role.
  The role parameter can be changed to restrict access to any specific database roles. To change from the default authenticated-user role to a role that you have created, you modify the Oracle XML DB configuration file.
  So...
  SQL> select * from dba_roles where role like 'AUT%';
  ROLE                           PASSWORD
  AUTHENTICATEDUSER              NO

• Unable to configure Flatfile Reconciliation in OIM 9.1.0.1

  Hello,
  I am facing this weird issue with OIM in my new project. I have followed the below steps to configure the flatfile reconciliation using as a trusted source.
  1. Transport Provider- Shared Drive
  2. Format Provider- CSV
  I have filled the location for the Staging Directory(Parent) and Archiving directory. I am using Cp1251 for File Encoding.
  The problem which I am facing is that as soon as I move forward from the above step for Mapping, I do not see any fields under the Source and Reconciliation Staging
  in Step 3: Modify Connector Configuration. What could possibly be the reason for this? The flat file is already there in the parent directory location before starting the configuration of Flatfile GTC. There are no logs generated for this for obvious reasons. It would be great if someone can reply soon as I have been facing this issue since yesterday morning.

  I created a new flat file and a new connector. Now I am facing a different issue. The data is getting reconciled as per the reconciliation events and the Status is "Event Received".
  Basic Mapping is;
  login->User_login
  firstname->First name
  lastname->Last name
  organization->Organization Name
  User Type->Xellerate Type
  Employee Type->Role
  Password-> hardcoded as "abcd@12345"
  The error which I am getting is;
  2012-10-27 09:03:29,370 DEBUG [XELLERATE.DATABASE] select evt.evt_key, evt.evt_name, evt.evt_package from dob dob, evt evt, dvt dvt where dob.dob_key=dvt.dob_key and dvt.evt_key=evt.evt_key and (dob.dob_name='com.thortech.xl.dataobj.tcADJ' or dob.dob_name='com.thortech.xl.dataobj.tcTableDataObj' or dob.dob_name='com.thortech.xl.dataobj.tcDataObj' ) and dvt.dvt_post_update_sequence>0 order by dvt.dvt_post_update_sequence
  2012-10-27 09:03:29,371 INFO [XELLERATE.PERFORMANCE] Query: DB: 1, LOAD: 0, TOTAL: 1
  2012-10-27 09:03:29,372 DEBUG [XELLERATE.SERVER] Class/Method: tcADJ/eventPreInsert left.
  2012-10-27 09:03:29,372 DEBUG [XELLERATE.SERVER] Class/Method: tcTableDataObj:getAllowedOperation entered.
  2012-10-27 09:03:29,372 DEBUG [XELLERATE.SERVER] Class/Method: tcTableDataObj:getAllowedOperation - Data: mstableName - Value: adj
  2012-10-27 09:03:29,372 DEBUG [XELLERATE.SERVER] Class/Method: tcTableDataObj:getAllowedOperation:else entered.
  2012-10-27 09:03:29,372 DEBUG [XELLERATE.SERVER] Class/Method: tcTableDataObj:getAllowedOperation:if moData.isNull entered.
  2012-10-27 09:03:29,372 DEBUG [XELLERATE.SERVER] Class/Method: tcTableDataObj:preWrite entered.
  2012-10-27 09:03:29,372 DEBUG [XELLERATE.DATABASE] select usr_key from usr where USR_LOGIN=? and USR_STATUS!='Deleted'
  2012-10-27 09:03:29,373 INFO [XELLERATE.PERFORMANCE] Query: DB: 1, LOAD: 0, TOTAL: 1
  2012-10-27 09:03:29,373 DEBUG [XELLERATE.SERVER] Class/Method: tcTableDataObj:preWrite left.
  2012-10-27 09:03:29,373 DEBUG [XELLERATE.SERVER] Class/Method: tcTableDataObj:getPreparedStatementForUpdate entered.
  2012-10-27 09:03:29,373 DEBUG [XELLERATE.SERVER] Class/Method: tcTableDataObj:getWhere entered.
  2012-10-27 09:03:29,373 DEBUG [XELLERATE.SERVER] Class/Method: tcTableDataObj:getWhere - Data: psKeyName - Value: adj_key
  2012-10-27 09:03:29,373 DEBUG [XELLERATE.SERVER] Class/Method: tcTableDataObj:getWhere - Data: msKeyValue - Value: 14
  2012-10-27 09:03:29,373 DEBUG [XELLERATE.SERVER] Class/Method: tcTableDataObj:getWhere left.
  2012-10-27 09:03:29,374 DEBUG [XELLERATE.SERVER] Class/Method: tcTableDataObj:getPreparedStatementForUpdate left.
  2012-10-27 09:03:29,374 DEBUG [XELLERATE.DATABASE] update adj set ADJ_PERSIST=?, ADJ_INST_NAME=?, ADJ_UPDATE=?, adj_rowver=? where adj_key=14 and adj_rowver=HEXTORAW('0000000000000000')
  2012-10-27 09:03:29,374 DEBUG [XELLERATE.PREPAREDSTATEMENT] Class/Method: tcDataBase/writeStatement - Data: psSql - Value: update adj set ADJ_PERSIST=?, ADJ_INST_NAME=?, ADJ_UPDATE=?, adj_rowver=? where adj_key=14 and adj_rowver=HEXTORAW('0000000000000000')
  2012-10-27 09:03:29,374 DEBUG [XELLERATE.PREPAREDSTATEMENT] Class/Method: tcDataBase/writeStatement: Param: 1 is set to null
  2012-10-27 09:03:29,374 DEBUG [XELLERATE.PREPAREDSTATEMENT] Class/Method: tcDataBase/writeStatement: Param: 2 is set to null
  2012-10-27 09:03:29,374 DEBUG [XELLERATE.PREPAREDSTATEMENT] Class/Method: tcDataBase/writeStatement: Param (Timestamp): 3 is set to 2012-10-27 09:03:29.372
  2012-10-27 09:03:29,374 DEBUG [XELLERATE.PREPAREDSTATEMENT] Class/Method: tcDataBase/writeStatement: Param (ByteArray): 4 is set to java.io.ByteArrayInputStream@126ec30c
  2012-10-27 09:03:29,376 INFO [XELLERATE.PERFORMANCE] Query: DB: 2
  2012-10-27 09:03:29,377 DEBUG [XELLERATE.AUDITOR] Class/Method: AuditEngine/getAuditEngine entered.
  2012-10-27 09:03:29,377 DEBUG [XELLERATE.SERVER] Class/Method: tcADJ/eventPostUpdat entered.
  2012-10-27 09:03:29,377 DEBUG [XELLERATE.SERVER] Class/Method: tcADJ/updateAdpStatus entered.
  2012-10-27 09:03:29,377 DEBUG [XELLERATE.SERVER] Class/Method: tcDataBase/readPartialStatement entered.
  2012-10-27 09:03:29,377 INFO [XELLERATE.DATABASE] DB read: select adp.adp_key, adp_status, adp_rowver from adp adp, adt adt where adt.adp_key = adp.adp_key and adt.adt_key = 16
  2012-10-27 09:03:29,377 DEBUG [XELLERATE.DATABASE] select adp.adp_key, adp_status, adp_rowver from adp adp, adt adt where adt.adp_key = adp.adp_key and adt.adt_key = 16
  2012-10-27 09:03:29,378 INFO [XELLERATE.PERFORMANCE] Query: DB: 1, LOAD: 0, TOTAL: 1
  2012-10-27 09:03:29,378 DEBUG [XELLERATE.SERVER] Class/Method: tcADJ:updateAdpStatus - Data: sAdpStatus - Value: Recompile
  2012-10-27 09:03:29,378 DEBUG [XELLERATE.SERVER] Class/Method: tcADJ/updateAdpStatus left.
  2012-10-27 09:03:29,378 DEBUG [XELLERATE.SERVER] Class/Method: tcDataBase/readPartialStatement entered.
  2012-10-27 09:03:29,378 INFO [XELLERATE.DATABASE] DB read: select evt.evt_key, evt.evt_name, evt.evt_package from dob dob, evt evt, dvt dvt where dob.dob_key=dvt.dob_key and dvt.evt_key=evt.evt_key and (dob.dob_name='com.thortech.xl.dataobj.tcADJ' or dob.dob_name='com.thortech.xl.dataobj.tcTableDataObj' or dob.dob_name='com.thortech.xl.dataobj.tcDataObj' ) and dvt.dvt_post_update_sequence>0 order by dvt.dvt_post_update_sequence
  2012-10-27 09:03:29,379 DEBUG [XELLERATE.DATABASE] select evt.evt_key, evt.evt_name, evt.evt_package from dob dob, evt evt, dvt dvt where dob.dob_key=dvt.dob_key and dvt.evt_key=evt.evt_key and (dob.dob_name='com.thortech.xl.dataobj.tcADJ' or dob.dob_name='com.thortech.xl.dataobj.tcTableDataObj' or dob.dob_name='com.thortech.xl.dataobj.tcDataObj' ) and dvt.dvt_post_update_sequence>0 order by dvt.dvt_post_update_sequence
  2012-10-27 09:03:29,380 INFO [XELLERATE.PERFORMANCE] Query: DB: 1, LOAD: 0, TOTAL: 1
  2012-10-27 09:03:29,380 DEBUG [XELLERATE.SERVER] Class/Method: tcADJ/eventPostUpdat left.
  2012-10-27 09:03:29,380 DEBUG [XELLERATE.SERVER] Class/Method: tcDataObj/save left.
  2012-10-27 09:03:29,393 DEBUG [XELLERATE.ACCOUNTMANAGEMENT] Class/Method: UsernamePasswordLoginModule/initialize - Data: dburl - Value: {2}
  2012-10-27 09:03:29,393 DEBUG [XELLERATE.ACCOUNTMANAGEMENT] Class/Method: UsernamePasswordLoginModule/initialize - Data: dbuser - Value: {2}
  Please suggest what i should do now.
  Edited by: user13355494 on Oct 26, 2012 2:46 AM

• How to retrieve user name from a given Subject?

  I am in a situation where I need to retrieve user name from the Subject that is populated when user logs in. I have the active Subject and I do following to get the principals in the subject and iterate through them:
  Set principals = subject.getPrincipals();
  Iterator ite = principals.iterator();
  while (ite.hasNext()) {
  Principal prin = (Principal)ite.next();
  String name = prin.getName();
  But this contains all the principals, including user name, roles, password, etc. How do I programmatically determine which one is user name?

  Don't you have different principal types? I am making a jaas module and I have different principals for roles, groups etc. I think of principals as attributes, the type in the attribute name and the principal name is the attribute value.
  To get all the principals of the type SomePrincipal, you can use:
  Set principals = subject.getPrincipals(SomePrincipal.class)
  You can also take som principal an test wether it is an instance of som type:
  if (Principal p instanceof SomePrincipal){..}
  An other solution which might be better if you have many different attributes is to store both attribute name and value in the name of the principal.
  If "mark" is a username the principal name will be "username:mark" el.
  Then it will be easy to find the username.

• Request for howto - error processing best practise

  Hi JDev Team. Something I would like to see in a future HOWTO would be error handling in a BC4J/JSP application. What is best practise? How do we make sure that when a database error occurs, we can trap the error and provide a friendly error message, or failing that, at least ensure the standard error is usable by a maintenance programmer. For eg. the following error occurs if a referential constraint restricts the delete:
  javax.servlet.jsp.JspException: JBO-26041: Failed to post data to database during "Delete": SQL Statement " DELETE FROM TECHTRANSFER.TTSITES Sites WHERE SITEID=:1".
  in fact the same error message is displayed for almost any database error - the programmer can't fix the problem when he has no idea what it is!! (same with update and insert)
  I wasn't going to request this until I had read all of the help available on error processing but the way this project is going I won't get time. If you think that it is adequately covered in the help, then fine, just let me know where.
  Thanks,
  Simon

  You can enclose your bc4j/jsp code with a try / catch expression. That way if a failure occurs, you can trap it, display a friendy error, and do whatever you want with the exception.
  What I have been doing for develpment purposes, is send via email a modified errorpage.jsp. Here is what gets emailed to me (*'s in potentially sensitive data) and displayed to the screen (I'm eventually going to replace all the displayed garbage with something friendly):
  An error occured in application PDC User Administration
  User Session Properties:
  Sesion ID: *********
  App ID: *********
  User Name: *********
  User ID: *********
  Priv Role: *********
  Password: *********
  Org No: *********
  First Name: skunitzer
  Last Name: ANALYST
  App Title : PDC User Administration
  Current Url: insertNewUser.jsp
  Specific error is javax.servlet.jsp.JspException: JBO-25013: Too many objects match the primary key oracle.jbo.Key[1423 ].
  Parameters:
  LastName
  Kunitzer
  EmailAddress
  [email protected]
  FirstName
  SteveLiveTest
  OrgNo
  PhoneWorkNo
  I have no phone #
  ExpireDate
  2001-04-26
  ExpireDateString
  jRQiIsFGANIbrGlihGTl[epofZmSNgEkGqbHN@iErHNPRi
  UserID
  UserPrivs
  Exception:
  javax.servlet.jsp.JspException: JBO-25013: Too many objects match the primary key oracle.jbo.Key[1423 ].
  Message:
  JBO-25013: Too many objects match the primary key oracle.jbo.Key[1423 ].
  Localized Message:
  JBO-25013: Too many objects match the primary key oracle.jbo.Key[1423 ].
  Stack Trace:
  javax.servlet.jsp.JspException: JBO-25013: Too many objects match the primary key oracle.jbo.Key[1423 ].
  at java.lang.Throwable.fillInStackTrace(Native Method)
  at java.lang.Throwable.fillInStackTrace(Compiled Code)
  at java.lang.Throwable.<init>(Compiled Code)
  at java.lang.Exception.<init>(Compiled Code)
  ...Stack Trace goes on but I won't bother with it anymore...
  While not always as specific as I would like, I have not had too much trouble hunting down the errors.
  null