Sample Security realm for OpenLDAP and WLS7

Similar Messages

• LDAP realm for authentication and ACL in Database

  We are thinking of using LDAP realm for authentication and we want to use ACL from a Database. But the documentation says: "WebLogic Server defers to the LDAP realm for authentication, but not for authorization. Authorization is accomplished with access control lists (ACLs), which are defined in the weblogic.properties file"
  Can we use LDAP realm for authentication and manage our ACL from a Database? or do we have to use the weblogic.properties file? Do the weblogic security API help in the above scenario? Thanks Ram

  Unfortunately, there is no easy way to do this in wls 6.0.
  The only way to handle it is to write your own custom realm
  that uses ldap for users and groups and a database for acls -
  probably not a viable alternative.
  -Tom
  "kevin doherty" <[email protected]> wrote:
  >
  Jeffrey Hirsch <[email protected]> wrote:
  You should be able to use the DelegatedRealm interface to utilize the authentication methods from LDAP and the authorization methods from RDBMSRealm...
  I'm trying to do this too, but we are using WL6 and I see that the DelegatedRealm interface has been deprecated in this version. I'd greatly appreciate more information on doing this in WL6.
  Thanks!
  -kd

• HT201363 I cannot find the answers to my security questions for Itunes and cannot figure out how to reset them

  I cannot find the answers to my security questions for ITunes and cannot figure out how to reset the questions.

  You need to ask Apple to reset your security questions; ways of contacting them include phoning AppleCare and asking for the Account Security team, clicking here and picking a method for your country, and filling out and submitting this form.
  They wouldn't be security questions if they could be bypassed without Apple verifying your identity.
  (105414)

• One custom security realm for many wl servers?

  Is it possible to use one custom security realm for many weblogic servers...ie
  one login for all application on different weblogic server.

  Is it possible to use one custom security realm for many weblogic servers...ie
  one login for all application on different weblogic server.

• Need RICEF Security specfifications for Interfaces and Conversions

  Hi All,
  I need RICEF security specfications for Interfaces and Conversions. Can anyone provide any input on this.
  Regards
  Plaban

  Hi Plaban,
  Thanks for the detailed explanation. As mentioned, as per my knowledge there is no specific guideline/template that you may adapt while designing the security design for the Interfaces and Conversions.
  However, the most common issues that occurs with IDOCs is with file interfaces are related to file permissions, file ownership and character conversions moving between platforms.
  Ensure that the appropriate authorization (read/write and with filters) authorization is provided. Identify the various levels of authorizations required and implement the same.
  Further, most issues with ALE interfaces are with RFC user ID permissions. Ensure that the appropriate and only the Required authorization is provided to these IDs. This way you can tighten the authorization to the specific level. You may need to completely test the functionality before implementing this.
  It is always important to understand these limitations during the functional design. If any specific additional functionality is required, you may need to have a custom based solution.
  Hope this answers your question!!
  Warm Regards,
  Raghu

• ON RESTORING 1601 ERROR COMING HOE WE SET SECURE SETTING FOR RESTORE AND UPDATE

  ON RESTORING 1601 ERROR COMING HOE WE SET SECURE SETTING FOR RESTORE AND UPDATE

  If you don't have a sim card in the phone, you won't be able to activate it. You can't activate any GSM iPhone without a valid sim card installed in the phone. The sim itself need not be activated, but it must be valid & present.

• Proper security realm for ecommerce user

  I would like to use j2ee security on our ecommerce site (isUserInRole, getUserPrincipal,
  web.xml declarative functionality to protect resources), but my problem is not
  knowing what security realm to I use to manage the user. The site has thousands
  of users and they need the ability to create an account which will determine their
  "role" based on what membership fee they paid. After they have an account they
  can login an have access to sections of the site that are permitted to them based
  on role. All the examples I've seen about weblogic security is using LDAPs or
  their internal RDMS. How can I have weblogic use our own database or is there
  a best practice to accomplish the task I need? Any information would be helpful!!

  It sounds like you have many users in your database, but not that many roles
  & policies.
  Probably you can use the DefaultRoleMapper and DefaultAuthorizer for your
  roles & policies.
  You need a database based authentication provider. Check out the sample
  dbms authentication provider on the dev2dev center:
  http://dev2dev.bea.com/codelibrary/code/sec_rdbms.jsp
  -tm
  "fed " <[email protected]> wrote in message
  news:4010111d$[email protected]..
  >
  I would like to use j2ee security on our ecommerce site (isUserInRole,getUserPrincipal,
  web.xml declarative functionality to protect resources), but my problem isnot
  knowing what security realm to I use to manage the user. The site hasthousands
  of users and they need the ability to create an account which willdetermine their
  "role" based on what membership fee they paid. After they have an accountthey
  can login an have access to sections of the site that are permitted tothem based
  on role. All the examples I've seen about weblogic security is usingLDAPs or
  their internal RDMS. How can I have weblogic use our own database or isthere
  a best practice to accomplish the task I need? Any information would behelpful!!

• How to configure security realm for Active Directory ?

  Hi,
  Can any body suggest how to configure security realm in weblogic 8.1
  I have simple login page where in user can enter his credentials, and i have MS-Active Directory where we maintain all users.
  users who loged into web application has to be authenticated from Active Directory.
  please suggest what are the steps that we need to follow
  thanks in advance

  Hi Sankar,
  You can login to the weblogic server admin console and create a new realm.
  Once you have created the realm you can add the authentication provider.You add the Active Authentication Provider.But you must have the the configuration inforamation of MS AD.You can read my blog http://dev2dev.bea.com/blog/bishnu_kumar/
  where the integration is with iPlanet LDAP.Steps will be similar.
  You must have a login portlet in your portal application and that should have been in accordance with j2ee security standards.For example you may use basic authentication or userlogin control or p13n API
  Regards
  Bishnu

• Security tools for audit and penetration testing weblogic server 10.3.5.0 and other

  hi all
  is it possible please introduce me the best softwares for auditing and penetration testing on weblogic server 10.3.5 (scan the machine for finding vulnerabilities and unsecured configuration in web logic server)
  thanks for your attention
  good luck

  This is a good one
  IBM developerWorks : Download : IBM Security AppScan V8.8

• SAP Security Report for single and composite roles

  Hi
    I have a requirement to create a cutomize report in SAP Security.
  I have to display Composite roles,corresponding single roles,the tcodes assigned to those single roles and the description of t- codes. The selection screen has composite roles,single role and T-code which are optional.User can enter selection in any of the selection critreria.How should I go on this?If user gives only composite roles on the selection for e.g 'TEST'. for this role I get suppose 3 child roles 'TEST1' 'TEST2' 'TEST3' from table AGR_AGRS.Now to get the tcodes i go to table 'AR_1251' and I get the tcodes.
  But if user give only single role on the selection for eg 'TEST2' ,for this single role 'TEST2' there would be multiple composite roles.for e.g, 'TEST' 'SAP1' 'SAP2' etc..Now if go to get the tcodes for this single role in AGR_1251,I will ceatainly get the tcodes for eg MM01,FB01,etc.But then how would I know whether MM01 belongs to composite role 'TEST' SAP1' or SAP2' for the single role 'TEST2'.
  Please advise.
  Thanks
  Edited by: Julius Bussche on Aug 13, 2009 4:52 PM
  Subject title improved

  I though of seperate selection options for singles and composites, but you also said:
  > But if user give only single role on the selection for eg 'TEST2' ,for this single role 'TEST2' there would be multiple composite roles.
  My suggestion would be to build better single roles, but that is just me...
  Cheers,
  Julius

• Configure security realm for external Access Manager in App server 8.1

  Hi All,
  I would like to protect my j2ee application using access manager running on an external host.
  I would like to configure the security realm in Sun app Server 8.1 for the external Access Manager
  external host & port of AM is:
  http://svrd234d.dnn.com.au:58765
  Please verify if these are the correct settings for the agentRealm configuration on Sun App server 8.1.
  classname="com.sun.amagent.as.realm.AgentRealm"
  property name="jaas-context" value="agentRealm"
  property name="base-dn" value="ou=People,dc=dnn,dc=com,dc=au"
  property name="hostURL " value="http://svrd234d.dnn.com.au:58765"

  Did you download AS8.1 agent under http://www.sun.com/download/products.xml?id=4266924d?
  If you can unjar am_as81_agent_2_1.jar after installing the J2EE agent, you will find AgentRealm.class under com.sun.amagent.as.realm.
  Please also note that page 161 of J2EE agent guide shows how to disable AgentRealm to better fit your agent policy mode. Check it out http://docs-pdf.sun.com/816-6884-10/816-6884-10.pdf
  Jerry

• Security settings for print and file sharing on a wireless network.

  I would like to gather some security information on file and print sharing on my wireless network before I set it up . What steps do I need to take to make it secure? Is it better to just buy a wirelss print server?
  Thanks

  You can secure the wireless network, set a password on the shared resources or both.
  The box said windows xp or better... So I installed Linux!

• Sample ABAP code for userexits, and calling bapi's

  Hi,
  Can someone please send me sample ABAP code
  1) to do extractor enhancement using user exit.
  2) ABAP program to call BAPI to read live cache order series data in SNP and write to Idocs through some ports.
  3) ABAP routine to generate file name (based on date/country)in the infopackage to upload flatfiles.
  Thank you very much in advance and appreciate any help.
  Regards
  Prasad

  hai ,
  check this code...
  *& Tables
  tables : tstc,     "SAP Transaction Codes
           tadir,    "Directory of Repository Objects
           modsapt,  "SAP Enhancements - Short Texts
           modact,   "Modifications
           trdir,    "System table TRDIR
           tfdir,    "Function Module
           enlfdir,  "Additional Attributes for Function Modules
           tstct.    "Transaction Code Texts
  *& Variables
  data : jtab like tadir occurs 0 with header line.
  data : field1(30).
  data : v_devclass like tadir-devclass.
  *& Selection Screen Parameters
  selection-screen begin of block a01 with frame title text-001.
  selection-screen skip.
  parameters : p_tcode like tstc-tcode obligatory.
  selection-screen skip.
  selection-screen end of block a01.
  *& Start of main program
  start-of-selection.
  Validate Transaction Code
    select single * from tstc
      where tcode eq p_tcode.
  Find Repository Objects for transaction code
    if sy-subrc eq 0.
      select single * from tadir
         where pgmid    = 'R3TR'
           and object   = 'PROG'
           and obj_name = tstc-pgmna.
      move : tadir-devclass to v_devclass.
      if sy-subrc ne 0.
        select single * from trdir
           where name = tstc-pgmna.
        if trdir-subc eq 'F'.
          select single * from tfdir
            where pname = tstc-pgmna.
          select single * from enlfdir
            where funcname = tfdir-funcname.
          select single * from tadir
            where pgmid    = 'R3TR'
              and object   = 'FUGR'
              and obj_name = enlfdir-area.
          move : tadir-devclass to v_devclass.
        endif.
      endif.
  Find SAP Modifactions
      select * from tadir
        into table jtab
        where pgmid    = 'R3TR'
          and object   = 'SMOD'
          and devclass = v_devclass.
      select single * from tstct
        where sprsl eq sy-langu
          and tcode eq p_tcode.
      format color col_positive intensified off.
      write:/(19) 'Transaction Code - ',
      20(20) p_tcode,
      45(50) tstct-ttext.
      skip.
      if not jtab[] is initial.
        write:/(95) sy-uline.
        format color col_heading intensified on.
        write:/1 sy-vline,
        2 'Exit Name',
        21 sy-vline ,
        22 'Description',
        95 sy-vline.
        write:/(95) sy-uline.
        loop at jtab.
          select single * from modsapt
          where sprsl = sy-langu and
          name = jtab-obj_name.
          format color col_normal intensified off.
          write:/1 sy-vline,
          2 jtab-obj_name hotspot on,
          21 sy-vline ,
          22 modsapt-modtext,
          95 sy-vline.
        endloop.
        write:/(95) sy-uline.
        describe table jtab.
        skip.
        format color col_total intensified on.
        write:/ 'No of Exits:' , sy-tfill.
      else.
        format color col_negative intensified on.
        write:/(95) 'No User Exit exists'.
      endif.
    else.
      format color col_negative intensified on.
      write:/(95) 'Transaction Code Does Not Exist'.
    endif.
  Take the user to SMOD for the Exit that was selected.
  at line-selection.
    get cursor field field1.
    check field1(4) eq 'JTAB'.
    set parameter id 'MON' field sy-lisel+1(10).
    call transaction 'SMOD' and skip first screen.

• Seeking recommendations for handling large binary documents with security(preferable) for inbound and outbound scenarios from OSB- SOA and SOA- OSB

  Hi,
  I am currently working on a project with the following requirements
  1. Client transfers binary document (between 1-20MB in size) from OSB proxy to SOA composite to Content Management system
  2. Client retrieves binary document (between 1-20MB in size) from Content Management system to SOA composite to OSB proxy
  In otherwords, a inbound and outbound integration.
  What I have tried so far and my results:
  Scenario A
  1. Enabled MTOM on SOA composite by attaching wsmtom policy
  2. Created an OSB business service and consumed the SOA composite application
  3. Enabled MTOM on OSB proxy and business service and configured it to pass by reference
  Scenario B
  1. Enabled MTOM and security on SOA composite by attaching wsmtom policy and SAML policy
  2. Created an OSB business service and consumed the SOA composite application
  3. Enabled MTOM on OSB proxy and business service and configured it to pass by reference
  I have a demo integration setup that writes a binary document to a file using the above steps. My SOA composite has a file adapter that writes the binary data to an external file and it is exposed as a web service with a simple WSDL definition that has an inline XSD schema with an single element of base64binary type. I have added a mediator that maps this base64binary element node to the file adapter's input node.
  Result for Scenario A with file size less than 1 MB:
  Flawless execution with sub-second response times
  Result for Scenario A with file size of 8MB
  First attempt: SOA composite faults with database transaction related error, solved by increasing JTA timeout
  Second attempt: Flawless execution, but file transfer took over 100 seconds to complete. This is very poor performance and my suspicions are that this cannot be the expected behaviour, but I dont know the internal workings of the SOA composite and why its taking this long.
  Result for Scenario B:
  The OSB business service does not accept/recognize the SAML policy in the WSDL and suggests to configure OWSM policies manually, but OWSM policy in OSB does not have the wsmtom policy. Regardless of this, any permutation of MTOM + WSS security in this integration scenario either did not work outright or MTOM optimization was not happening ie binary data was materalizing in the message body.
  I have only about 3 weeks left to implement a viable solution and the closest ive come to a solution is Scenario A but that +100 second response time for an 8MB file is really worrying.
  I would appreciate any level of guidance, recommendations or suggestions as to how I go about tackling this problem.
  Thanks
  regards,
  Johnny

  I think this is due to the underlying mechanism of weblogic classloading..
  You can contact oracle support @ https://support.oracle.com to report issues. Roughly this is the process .
  1- get the Oracle Customer Support Identifier (CSI) for the client you are working for.
  2- Create a user profile quoting the CSI. This will send an approval request to oracle support admins at your client.
  3- Get the oracle support admins at your client site to approve your request for support access.
  4-Once they approve , you can access the support site and raise service requests.

• Windows Security asking for username and password to access college intranet.

  I'm trying to access my college intranet form home and I get a dialog box called "windows security". It asks for a username and password. I've never set up a username or password. I've been onto internet setting>security and enabled "automatic
  logon with current username and password", this did not work. Please help, I really need to get onto the site!

  trying to access my college intranet form home
  Contact your college network support.  The syntax for specifying your authentication may be different than you usually use when you are just connecting there locally.
  Robert Aldwinckle