Session creation with container managed security

I implemented container managed security, first question does the container creates session automatically when login is successful ?
second is there a way to do some processing when a user is authenticated like some event gets fired and listeners are called ?

You have to enclose input component into an <h:form></h:form>.
Note that the various Form components available in JSF will not let you specify the target action, everything is a post-back.
I suggest you this article: [J2EE Security - A JSF based Login Form|http://groundside.com/blog/DuncanMills.php?title=j2ee_security_a_jsf_based_login_form&more=1&c=1&tb=1&pb=1]
[Is This User Logged In?|http://mowyourlawn.com/blog/?p=6]

Similar Messages

EJB 3.0 Security with ACEGI and not with Container Managed Security

Hi,
     Currently we are using EJB 2.0 in our project, We want to use EJB 3.0
     But for security we want to use Spring ACEGI Security and we don�t want to use container managed security (No Portability, Difficult, �)
     ACEGI supports Servlet/JSP security very well (I am able to call isUserInRole(), getUserPrincipal() because ACEGI implements by ServletRequestWrapper in a filter)
     But for EJB, it lacks this feature. (There is no standard EJB interceptor API as there is with servlets (using filters), so there's no generic way of modify in the EJB context for the invocation)
     Without using container managed security, Is there any way to propogate my security context from Servlet Layer to EJB Layer, So that I can use EJB Declartive security and getCallerPrincipal(), isCallerInRole() API.
     For more info please see this thread http://forum.springframework.org/showthread.php?t=26514
     Why don�t you provide standard EJB interceptor API as there is with servlets (using filters), so there I am able add security identity to EJB context.
     I am eagerly waiting for the reply

Reason: javax.naming.NameNotFoundException: jdbc not bound
Although i am quite new to this as well i would say that there is a problem with your connection with the database.
It seems it cannot connect to Mysql.
have you download the mysql package library and imported it ?
Also in your deploy folder in you Jboss
have you altered the jdbc to connect to you database in your dataset ? ( i am not sure about mysql, but postgre reguired this)
Most probably it would be the same in mysql.
<connection-url>jdbc:postgresql://127.0.0.1:5432/Dissertation</connection-url>
Not sure if this is what you reguire, i am new at this my self

SHA-1 Encryption is not working in Container managed security

Hi,
I have to turn to your help after no luck with other possible resource.
I implemented container managed security on my apps and it works well without the encrypted password(clear text) in the table column. Now I referred OC4J Security guide to implement the password encryption as follows:
1. Using the DBTableOraDataSourceLoginModule, set the option pw_encoding_class = oracle.security.jazn.login.module.db.util.DBLoginModuleSHA1Encoder
2. run the following procedure:
DECLARE
    l_password VARCHAR2(50) := 'welcome';
    l_password_raw RAW(128) := utl_raw.CAST_TO_RAW(l_password);
    l_encrypted_raw RAW(2048);
    l_encrypted_string VARCHAR2(2048);
    l_encrypted_string2 VARCHAR2(2048);
BEGIN
    dbms_output.put_line('Password in String: ' || l_password);
    dbms_output.put_line('Password in raw: ' || l_password_raw);
    l_encrypted_raw := dbms_crypto.hash(l_password_raw, dbms_crypto.HASH_SH1);
    dbms_output.put_line('SH1: ' || l_encrypted_raw);
    l_encrypted_string := UTL_ENCODE.BASE64_ENCODE(l_encrypted_raw);
    dbms_output.put_line('Base64Encoding: ' || l_encrypted_string);
END;
3. update the clear text password with the SHA-1 encrypted password and encoded in Base64Encoding (in my case, it's the parameter "l_encrypted_string")Now I run the application and login says "password not matching!" If anyone know what's going on, please advise me what's wrong...pls
thanks very much,

Hi,
hard to say without knowing the code the OC4J team uses in their login module. I know they based it on a JAAS LoginModule I wrote some years ago, but they did change some parts of it. In the original version. the password was read from the database and then compared with the provided password string. Using encryption it uses a class to encode and decode the password queried from teh database. My guess is that the returned string - after decoding - doesn't meet the password string you provide when authenticating. Since this piece of code is owned by the OC4J team, I suggest to try the Application Server forum or the Security forum
Frank

ADF Security to J2EE Container Managed Security Problems

Hi al!
I had ADF security enabled in my application. I've added roles and users to embedded OC4J Server Preferences..., configured authorization using pageDefs... (following the Introduction to ADF Security in JDeveloper 10.1.3.2 howto).
For the sake of friendlier user and roles management I decided to go to 2EE Container Managed Security (I want application manager in production environment to be able to manage users in only one place, not in DB table and extra for web app). I followed Frank Nimphius's Database Authentication and Authorization in J2EE Container Managed Security article.
Now I have some problems. I removed users and roles from embedded OC4J Server Preferences... (I believe this are used only for ADF security, am I right?). I can log to application with admin user account (app index page doesn't have any binds and even pageDef), but when trying to access admin pages I get 401 Unauthorized page.
What am I doing wrong, probably I've forgotten something? I'm a bit confused now with users and roles settings and ADF and container managed security.
Part of my web.xml file:
<servlet>
<servlet-name>adfAuthentication</servlet-name>
<servlet-class>oracle.adf.share.security.authentication.AuthenticationServlet</servlet-class>
<init-param>
<param-name>success_url</param-name>
<param-value>/faces/app/index.jspx</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>adfAuthentication</servlet-name>
<url-pattern>/adfAuthentication/*</url-pattern>
</servlet-mapping>
<security-role>
<description>Admins</description>
<role-name>admin_role</role-name>
</security-role>
<security-role>
<description>Users</description>
<role-name>user_role</role-name>
</security-role>
<security-role>
<role-name>oc4j-administrators</role-name>
</security-role>
<security-constraint>
<web-resource-collection>
<web-resource-name>AllAdmins</web-resource-name>
<url-pattern>faces/admin/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>admin_role</role-name>
</auth-constraint>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>AllUsers</web-resource-name>
<url-pattern>faces/app/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>user_role</role-name>
<role-name>admin_role</role-name>
</auth-constraint>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>adfAuthentication</web-resource-name>
<url-pattern>/adfAuthentication</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>oc4j-administrators</role-name>
<role-name>user_role</role-name>
<role-name>admin_role</role-name>
</auth-constraint>
</security-constraint>
Do I have to remove this adfAuthentication tags?
I know I've made things a bit complicated for me now and for anyone to help, but I hope I will get at least some pointers what to do now and maybe some explanation about roles in container managed security? Is it enaugh to have security constraints and roles defined in web.xml file or they have to be defined somewhere else also (beside the database)?
Thank you in advance!
Bye
PS
Maybe stack trace after login:
FINE: LoginConfigProvider.ctr: lmm=[LoginModuleManager: jznCfg=[JAZNConfig null], appConfigEntries={oracle.security.jazn.oc4j.CertificateAuthenticator=[javax.security.auth.login.AppConfigurationEntry@3625d0], oracle.security.jazn.tools.Admintool=[javax.security.auth.login.AppConfigurationEntry@eca6e7], oracle.security.jazn.oc4j.WebCoreIDSSOAuthenticator=[javax.security.auth.login.AppConfigurationEntry@c1c7c4], oracle.security.jazn.oc4j.DigestAuthenticator=[javax.security.auth.login.AppConfigurationEntry@221f81], oracle.security.wss.jaas.SAMLAuthManager=[javax.security.auth.login.AppConfigurationEntry@426e05], oracle.security.jazn.oc4j.JAZNUserManager=[javax.security.auth.login.AppConfigurationEntry@145240a], current-workspace-app=[javax.security.auth.login.AppConfigurationEntry@4120aa], oracle.security.wss.jaas.JAASAuthManager=[javax.security.auth.login.AppConfigurationEntry@1c78f98]}]
24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule initialize
FINE: [DBTableOraDataSourceLoginModule] option data_source_name = jdbc/TESTDbDS
24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule initialize
FINE: [DBTableOraDataSourceLoginModule] option table = APPLICATION_USER
24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule initialize
FINE: [DBTableOraDataSourceLoginModule] option groupMembershipTableName = APPLICATION_ROLE
24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule initialize
FINE: [DBTableOraDataSourceLoginModule] option usernameField = USR_EMAIL
24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule initialize
FINE: [DBTableOraDataSourceLoginModule] option passwordField = USR_PSW
24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule initialize
FINE: [DBTableOraDataSourceLoginModule] option groupMembershipGroupFieldName = ROLE_NAME
24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule initialize
FINE: [DBTableOraDataSourceLoginModule] option user_pk_column = USR_EMAIL
24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule initialize
FINE: [DBTableOraDataSourceLoginModule] option roles_fk_column = USR_EMAIL
24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule initialize
FINE: [DBTableOraDataSourceLoginModule] option pw_encoding_class = null
24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule initialize
FINE: [DBTableOraDataSourceLoginModule] option realm_column = null
24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule initialize
FINE: [DBTableOraDataSourceLoginModule] option application_realm = null
24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule initialize
FINE: [DBTableOraDataSourceLoginModule] option casing = toupper
24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule login
FINE: [DBTableOraDataSourceLoginModule]login called on DBTableLoginModule
24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule login
FINE: [DBTableOraDataSourceLoginModule]Calling callbackhandler ...
24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule login
FINE: [DBTableOraDataSourceLoginModule]Username returned by callback = admin
24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule login
FINE: [DBTableOraDataSourceLoginModule]Username changed to case as defined by toupper to ADMIN
24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule performDbAuthentication
FINE: [DBTableOraDataSourceLoginModule]User query string: select USR_EMAIL,USR_PSW from APPLICATION_USER where USR_EMAIL= (?)
24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule performDbAuthentication
FINE: [DBTableOraDataSourceLoginModule]User primary key value found = ADMIN
24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule performDbAuthentication
FINE: [DBTableOraDataSourceLoginModule]Password encoded by: oracle.security.jazn.login.module.db.util.DBLoginModuleClearTextEncoder
24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule performDbAuthentication
FINE: [DBTableOraDataSourceLoginModule]User ADMIN authenticated successfully
24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule performDbAuthentication
FINE: [DBTableOraDataSourceLoginModule]Roles query string: select ROLE_NAME from APPLICATION_ROLE where USR_EMAIL= (?)
24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule performDbAuthentication
FINE: [DBTableOraDataSourceLoginModule]DBUser Principal Name: ADMIN
24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule performDbAuthentication
FINE: [DBTableOraDataSourceLoginModule]DBRole Principal Name: admin_role
24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule login
FINE: [DBTableOraDataSourceLoginModule]Logon Successful = true
24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule commit
FINE: [DBTableOraDataSourceLoginModule]Subject contains 0 Principals before auth
24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule commit
FINE: [DBTableOraDataSourceLoginModule]Local LM commit succeeded
24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule commit
FINE: [DBTableOraDataSourceLoginModule]Subject contains 2 Principals after auth
24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule commit
FINE: [DBTableOraDataSourceLoginModule]Cleaning internal state!

Hi there!
I have another question about this. I've modified a bit DBRolePrincipal class to see what's going on. At the beginning of the equals(Object another) method I added this lines:
log("method equals start",0);
log("another type = " + another.getClass(), 0);
if (another instanceof Principal)
Principal mine = (Principal)another;
log("Principal mine.getName() = " + mine.getName(), 0);
The result is this output (after navigating to page that gives 401 forbidden):
07/10/12 08:38:36 [DBRolePrincipal] method equals start
07/10/12 08:38:36 [DBRolePrincipal] another type = class oracle.security.jazn.oc4j.JAZNUserAdaptor
07/10/12 08:38:36 [DBRolePrincipal] Principal mine.getName() = admin_user
07/10/12 08:38:36 [DBRolePrincipal] method equals start
07/10/12 08:38:36 [DBRolePrincipal] another type = class oracle.adf.share.security.authentication.ADFRolePrincipal
07/10/12 08:38:36 [DBRolePrincipal] Principal mine.getName() = anyone
07/10/12 08:38:36 [DBRolePrincipal] method equals start
07/10/12 08:38:36 [DBRolePrincipal] another type = class oracle.security.jazn.oc4j.JAZNUserAdaptor
07/10/12 08:38:36 [DBRolePrincipal] Principal mine.getName() = admin_user
07/10/12 08:38:36 [DBRolePrincipal] method equals start
07/10/12 08:38:36 [DBRolePrincipal] another type = class oracle.adf.share.security.authentication.ADFRolePrincipal
07/10/12 08:38:36 [DBRolePrincipal] Principal mine.getName() = anyone
07/10/12 08:38:36 [DBRolePrincipal] method equals start
07/10/12 08:38:36 [DBRolePrincipal] another type = class oracle.security.jazn.oc4j.JAZNUserAdaptor
07/10/12 08:38:36 [DBRolePrincipal] Principal mine.getName() = admin_user
07/10/12 08:38:36 [DBRolePrincipal] method equals start
07/10/12 08:38:36 [DBRolePrincipal] another type = class oracle.adf.share.security.authentication.ADFRolePrincipal
07/10/12 08:38:36 [DBRolePrincipal] Principal mine.getName() = anyone
07/10/12 08:38:36 [DBRolePrincipal] method equals start
07/10/12 08:38:36 [DBRolePrincipal] another type = class oracle.security.jazn.oc4j.JAZNUserAdaptor
07/10/12 08:38:36 [DBRolePrincipal] Principal mine.getName() = admin_user
07/10/12 08:38:36 [DBRolePrincipal] method equals start
07/10/12 08:38:36 [DBRolePrincipal] another type = class oracle.adf.share.security.authentication.ADFRolePrincipal
07/10/12 08:38:36 [DBRolePrincipal] Principal mine.getName() = anyone
07/10/12 08:38:36 [DBRolePrincipal] method equals start
07/10/12 08:38:36 [DBRolePrincipal] another type = class oracle.security.jazn.oc4j.JAZNUserAdaptor
07/10/12 08:38:36 [DBRolePrincipal] Principal mine.getName() = admin_user
07/10/12 08:38:36 [DBRolePrincipal] method equals start
07/10/12 08:38:36 [DBRolePrincipal] another type = class oracle.adf.share.security.authentication.ADFRolePrincipal
07/10/12 08:38:36 [DBRolePrincipal] Principal mine.getName() = anyone
07/10/12 08:38:36 [DBRolePrincipal] method equals start
07/10/12 08:38:36 [DBRolePrincipal] another type = class oracle.security.jazn.oc4j.JAZNUserAdaptor
07/10/12 08:38:36 [DBRolePrincipal] Principal mine.getName() = admin_user
07/10/12 08:38:36 [DBRolePrincipal] method equals start
07/10/12 08:38:36 [DBRolePrincipal] another type = class oracle.adf.share.security.authentication.ADFRolePrincipal
07/10/12 08:38:36 [DBRolePrincipal] Principal mine.getName() = anyone
07/10/12 08:38:36 [DBRolePrincipal] method equals start
07/10/12 08:38:36 [DBRolePrincipal] another type = class oracle.security.jazn.oc4j.JAZNUserAdaptor
07/10/12 08:38:36 [DBRolePrincipal] Principal mine.getName() = admin_user
07/10/12 08:38:36 [DBRolePrincipal] method equals start
07/10/12 08:38:36 [DBRolePrincipal] another type = class oracle.adf.share.security.authentication.ADFRolePrincipal
07/10/12 08:38:36 [DBRolePrincipal] Principal mine.getName() = anyone
Why is the name of ADFRolePrincipal always anyone? When I sign in with this user the output says:
07/10/12 08:46:09 [DBTableOraDatasourceLoginModule] User query string: select USERNAME,PASSWORD from ACTIVE_APP_USER_V where USERNAME= (?)
07/10/12 08:46:09 [DBTableOraDatasourceLoginModule] User primary key value found = admin_user
07/10/12 08:46:09 [DBTableOraDatasourceLoginModule] Password encoded by: oracle.sample.dbloginmodule.util.DBLoginModuleCearTextEncoder
07/10/12 08:46:09 [DBTableOraDatasourceLoginModule] User admin_user authenticated successfully
07/10/12 08:46:09 [DBTableOraDatasourceLoginModule] Roles query string: select ROLE_NAME from ACTIVE_APP_ROLE_V where USERNAME= (?)
07/10/12 08:46:09 [DBTableOraDatasourceLoginModule] DBRole Principal Name: admin_role
07/10/12 08:46:09 [DBTableOraDatasourceLoginModule] DBUser Principal Name: admin_user
07/10/12 08:46:09 [DBTableOraDatasourceLoginModule] Logon Successful = true
07/10/12 08:46:09 [DBTableOraDatasourceLoginModule] Subject contains 0 Principals before auth
07/10/12 08:46:09 [DBUserPrincipal] method equals start
07/10/12 08:46:09 [DBUserPrincipal] another type = class oracle.sample.dbloginmodule.principals.DBRolePrincipal
07/10/12 08:46:09 [DBTableOraDatasourceLoginModule] Local LM commit succeeded
07/10/12 08:46:09 [DBTableOraDatasourceLoginModule] Subject contains 2 Principals after auth
07/10/12 08:46:09 [DBTableOraDatasourceLoginModule] Cleaning internal state!
Frank, if you haven't given up on this issue yet could you please try to explain this to me? Why doesn't admin_role principal never get compared in [equals[/i] method?
Thank you!
BB

Glassfish 3.1 Container managed security - custom authentication

I have used custom authentication with tomcat and it works great. I am moving to glassfish 3.1 and want to set it up there now. I haven't found any specifics for glassfish 3.1. Anybody got it working in GF 3.1?
Thanks,
John

To follow up ...
I am using container managed security and form based authentication. My custom SJSAS login realm, however, never fails to authenticate users. Instead of failing authentication when a username and password match cannot be found, I add the user to an 'unknown-user' group who has no rights to the application.
I do this because I can then catch 403 errors for users who have failed authentication (because they are not authorized to access any pages), or for users who are not in the right role to access part of the application.
It's not the way that I would prefer to handle login 'failures', but it works.

Container Managed Security on Tomcat - configuring different auth-methods

I am trying to configure the container managed security on tomcat4. Or rather I am trying to add a further dimension to the configuration that already exists.
At the moment the entire application uses LDAP authentication and I would like to separate an area that requires further authentication. That is to say I would like everyone using the web application to authenticate using the existing Form-Based LDAP authentication but I would like only certain users to be able to use the data upload facility (whose code is stored in it's own directory).
This is the authentication bit of my web.xml:
<security-constraint>
    <web-resource-collection>
      <web-resource-name>qmrae</web-resource-name>
      <url-pattern>*.do</url-pattern>
      <url-pattern>*.jsp</url-pattern>
    </web-resource-collection>
    <auth-constraint>
      <role-name>*</role-name>
    </auth-constraint>
</security-constraint>
<login-config>
    <auth-method>FORM</auth-method>
    <realm-name>Form-Based Authentication Area</realm-name>
    <form-login-config>
      <form-login-page>/login.jsp</form-login-page>
      <form-error-page>/loginError.jsp</form-error-page>
    </form-login-config>
</login-config>My first hurdle is in understanding exactly how the application knows where to go for its authentication.
I had guessed that the realm-name would map "areas" of my application to realm configuration defined in my application's context area in Tomcat's web.xml but this doesnt seem to be the case. In fact I have read conflicting explanations as to what the realm-name is for. One source has said that this is only used for BASIC authentication as a way of naming the resulting pop up window - many others say it maps the login-config to the web-resource-name. However the latter doesnt make sense because the authentication works in my application at the moment even though those values are completely different (and indeed are different in most of the examples i've read on the web). Furthermore I can find any other mention of the defined realm-name in any other file (which of course be because i'm looking in the wrong place).
I was prepared to accept that the realm-name might not actually do anything and so I've been looking for examples of defining a different auth-method for different url-patterns but i've had no luck.
I know a user can have one or more roles but I dont have access to the LDAP server to set these up and haven't found anything about defining different auth-methods other than one thread in this forum suggesting that is wasnt possible on AIS.
This thread suggests that you can have more than one security-constraint but again i'm not sure about the auth methods and how you map an auth method to a security-constraint
http://forum.java.sun.com/thread.jspa?forumID=33&threadID=320918
To summarise my questions:
1) What are the functions of the realm-name and web-resource-name? Are they related?
2) Is it possible to configure different areas of an application to use different authentication methods? and if so, could you point me in the direction of relevant documentation
3) If (2) is not possible and I have to assign a new role to the privileged LDAP users, is it enough to define a new security-constraint? Could you describe the behaviour I could expect for users that have authenticated once and try to access this super-security area, will they be shown another login form or will it just let them in because the container is already aware of their permissions.
Many thanks for your attention,
Rachel

If you create your own Realm classes - look at JAAS - you can sort out your last login time, just wrap them around the DataSourceRealm.
As far as 'remind' him is concerned - I'm guessing you mean provider a reminder for the password based on the user name. If you use form based authentication you can put what ever you like on the page.

Container Managed Security

Hi,
Could you explain me what is the implication of "Container Managed Security"?
Thanks.
Pengyou

Container managed security in what context?
EJB access?
This means that the user must be in a role which is authenticated to execute the method(s) of the bean.
Resource access?
The container is responsible for authentication at the resource, for example at setting up the connection to a database.
Hope this helps

Event creation with status management

Hello esteemed gurus ... it's your friendly workflow noob again
It seems once people get a sniff that there is a someone who knows a bit about workflow in the company, everyone wants a piece of you!
So... I have been asked to setup a workflow that will trigger when a user changes a user status on an SD contract. I've done some reading and I believe I'm nearly there but need a little help ...
I have setup event creation with transaction BSVZ for object category VBK, specified my status profile, and business object BUS2034 and I'm using the event "CHANGED", within this I have set a status restriction to particular status of my user status profile.
In my workflow definition I have specified the start event "CHANGED" for my business object BUS2034.
The thing is, the workflow starts for every change to the contract, whereas I was expecting it to only start when the particular status I defined in my status management was set in the contract header.
Are there any additional settings I need to make in order to restrict the starting conditions of the this workflow?
Many thanks once again.
Neil

Hi Neil,
There is two options to restrict the workflow.
First one is start condition. You can check the workflow log. If your required field is populated in the Workflow container you can use start condition to restrict the workflow. In the Basic data of workflow template, Start condition is there. You can use the condition editor to set the condition.
If your field is not populated by default, then you can use check function module for this. You need to create one FM, and in transaction swe2, the FM needs to be Configured. The concept is, based on the Sales document number you can get the required field and check the condition inside the FM. If the condition satisfied just leave it. The workflow will be triggered. If the condition is not satisfied raise a Exception. So that the Workflow will not be triggered.
Thanks,
Viji.

Distributed transactions with container-managed MDBs

          I have built a framework that employs a high rate of code reuse while abstracting
          the complexities of inter-application communication. This allows application
          developers to focus on solving their business needs and not worry about "the plumbing"
          between the applications.
          At this point, the framework is using container-managed MDBs for Topic destinations.
          MDBs were chosen because of their concurrent nature for processing JMS messages.
          Now that I have this framework up and running, I am trying to add distributed
          transaction support and am having trouble understanding what I need to do. Here
          is how the framework works:
          The MDB will recieve a message, unmarshall it into a business object, and then
          route that object to the appropriate business class where it is then processed
          accordingly. In most cases, the processing of this message object will require
          database interaction. If any error should occur while processing the message,
          all XAResources within the transaction should rollback and ultimately, the JMS
          message will be redelivered later.
          Here is what I'm trying to find out:
          1. When control is passed to an application and it gets a DB connection, will
          that DB resource be dynamically enlisted with the transaction?
          2. Must the DB connection come from the WLS DB pool to be enlisted with the transaction?
          I ask this because the current standard at this company is to use a home-grown
          DB connection pool for getting DB connections. This is due to the fact that not
          all applications here run in a WLS environment and they wanted a standard way
          of retrieving a DB connection across applications. They also sited problems with
          WLS 4.5.1 connection pool.
          3. The documentation states that only one database may be involved in a transaction.
          If a connection to another database is required, but not needed in the current
          transaction, will WLS ignore enlisting the 2nd DB resource, or throw an exception?
          4. Where can I find <B>detailed</B> information about this subject? Everything
          that I have read so far has barely scratched the surface for this specific topic.
          Thanks,
          Bob.


          Hi Bob,
          If you are using WLS's XA connection pool, then the XAResource associated with
          the XA connections are enlisted with the transaction transparently for you. Enlistments
          actually occur not at getConnection, but on demand when the JDBC objects are actually
          used.
          If you are not using WLS connection pools, then you would need to enlist the XAResource
          associated with the XA connections yourself. You can obtain the transaction associated
          with the current thread by calling weblogic.transaction.TxHelper.getTransaction(),
          and then call enlistResource on the transaction.
          Weblogic has provisions that allow one (and only one) non-XA connection pool to
          participate in a distributed transaction. In this case, you will get a SQLException
          when you try to obtain a connection from a second connection pool in the same
          distributed transaction. However, if you are using real XA connection pools,
          there is no limitation and any number of XA connection pools can participate in
          the same distributed transaction.
          We will try to incorporate more info in our online docs in the future.
          -- Priscilla Fung, BEA Systems, Inc.
          "Bob Peroutka" <[email protected]> wrote:
          >
          >I have built a framework that employs a high rate of code reuse while
          >abstracting
          >the complexities of inter-application communication. This allows application
          >developers to focus on solving their business needs and not worry about
          >"the plumbing"
          >between the applications.
          >
          >At this point, the framework is using container-managed MDBs for Topic
          >destinations.
          > MDBs were chosen because of their concurrent nature for processing JMS
          >messages.
          >
          >Now that I have this framework up and running, I am trying to add distributed
          >transaction support and am having trouble understanding what I need to
          >do. Here
          >is how the framework works:
          >
          >The MDB will recieve a message, unmarshall it into a business object,
          >and then
          >route that object to the appropriate business class where it is then
          >processed
          >accordingly. In most cases, the processing of this message object will
          >require
          >database interaction. If any error should occur while processing the
          >message,
          >all XAResources within the transaction should rollback and ultimately,
          >the JMS
          >message will be redelivered later.
          >
          >Here is what I'm trying to find out:
          >
          >1. When control is passed to an application and it gets a DB connection,
          >will
          >that DB resource be dynamically enlisted with the transaction?
          >
          >2. Must the DB connection come from the WLS DB pool to be enlisted with
          >the transaction?
          >
          >I ask this because the current standard at this company is to use a home-grown
          >DB connection pool for getting DB connections. This is due to the fact
          >that not
          >all applications here run in a WLS environment and they wanted a standard
          >way
          >of retrieving a DB connection across applications. They also sited problems
          >with
          >WLS 4.5.1 connection pool.
          >
          >3. The documentation states that only one database may be involved in
          >a transaction.
          > If a connection to another database is required, but not needed in the
          >current
          >transaction, will WLS ignore enlisting the 2nd DB resource, or throw
          >an exception?
          >
          >4. Where can I find <B>detailed</B> information about this subject?
          > Everything
          >that I have read so far has barely scratched the surface for this specific
          >topic.
          >
          >Thanks,
          >
          >Bob.

J2EE Container Managed Security doc and inquiry about what to do if I tweak

hello:
If the application_roles is taken out of the database schema, would the example still work with minimal changes? There is a possibility our organization may a separate department handling username and password while our app and our separate database will handle roles. Is there something I need to be aware of or is it just a matter of looking up the role in a separate table after authentication? Based on roles, users will have different authorities. is there something built in Oracle JDev?
Thanks

Hi,
you can do anything you want with custom LoginModules. If the provided database login module in OC4J is not sufficient then you can also build yur own login module (or use one of the three I built and published 2 years ago). So the answer is that it is not relevant of where the role definition comes from as long as it is associated with the user upon authentication
Frank

MDB container managed transaction demarcation not working in wls 6.1 beta

I have an MDB which sends the messages it receives onto another JMS
          destination within the onMessage method. These messages are not sent to
          the JMS destination unless I explicitly use a transacted session for the
          destination and subsequently commit the session. If I set the transacted
          parameter to Session as false the messages are sent. If I set the
          transacted parameter to true the messages will only be output if the
          session is committed. This is the standard behaviour for a JMS session
          but this is not the correct behaviour for an MDB running with
          container-managed transaction demarcation.
          For a start the transacted parameter to session should be ignored when
          run in the context of a container transaction and the commit method
          should thrown an exception as it is not allowed within the context of a
          container transaction.
          This is the MDB code and the deployment descriptor: -
          public class MessageBean implements MessageDrivenBean, MessageListener
          private String topicName = null;
          private TopicConnectionFactory topicConnectionFactory = null;
          private TopicConnection topicConnection = null;
          private TopicSession topicSession = null;
          private Topic topic = null;
          private TopicPublisher topicPublisher = null;
          private TextMessage textMessage=null;
          private transient MessageDrivenContext messageDrivenContext = null;
          private Context jndiContext;
          public final static String
          JMS_FACTORY="weblogic.examples.jms.TopicConnectionFactory";
          public final static String
          TOPIC="weblogic.examples.jms.exampleTopic";
          public MessageBean()
          public void setMessageDrivenContext(MessageDrivenContext
          messageDrivenContext)
          this.messageDrivenContext = messageDrivenContext;
          public void ejbCreate()
          public void onMessage(Message inMessage)
          try
          jndiContext = new InitialContext();
          topicConnectionFactory =
          (TopicConnectionFactory)jndiContext.lookup(JMS_FACTORY);
          topic = (Topic) jndiContext.lookup(TOPIC);
          topicConnection =
          topicConnectionFactory.createTopicConnection();
          topicConnection.start();
          // The transacted parameter should be ignored in the context of a
          container tx
          topicSession = topicConnection.createTopicSession(true,
          Session.AUTO_ACKNOWLEDGE);
          topicPublisher = topicSession.createPublisher(topic);
          textMessage = (TextMessage)inMessage;
          topicPublisher.publish(inMessage);
          // this is illegal in a container transaction
          topicSession.commit();
          topicConnection.close();
          catch (JMSException je)
          throw new EJBException(je);
          catch (NamingException ne)
          throw new EJBException(ne);
          public void ejbRemove()
          <?xml version="1.0" encoding="UTF-8"?>
          <!DOCTYPE ejb-jar PUBLIC '-//Sun Microsystems, Inc.//DTD Enterprise
          JavaBeans 2.0//EN' 'http://java.sun.com/dtd/ejb-jar_2_0.dtd'>
          <ejb-jar>
          <enterprise-beans>
          <message-driven>
          <display-name>MessageBean</display-name>
          <ejb-name>MessageBean</ejb-name>
          <ejb-class>MessageBean</ejb-class>
          <transaction-type>Container</transaction-type>
          <message-driven-destination>
          <destination-type>javax.jms.Queue</destination-type>
          </message-driven-destination>
          <security-identity>
          <description></description>
          <run-as>
          <description></description>
          <role-name></role-name>
          </run-as>
          </security-identity>
          </message-driven>
          </enterprise-beans>
          <assembly-descriptor>
          <container-transaction>
          <method>
          <ejb-name>MessageBean</ejb-name>
          <method-name>*</method-name>
          </method>
          <trans-attribute>Required</trans-attribute>
          </container-transaction>
          </assembly-descriptor>
          </ejb-jar>


Please see the response in the EJB newsgroup.
          Also, could you kindly only post to a single newsgroup?
          Thanks.
          "Jimmy Johns" <[email protected]> wrote in message
          news:[email protected]...
          > I have an MDB which sends the messages it receives onto another JMS
          > destination within the onMessage method. These messages are not sent to
          > the JMS destination unless I explicitly use a transacted session for the
          >
          > destination and subsequently commit the session. If I set the transacted
          >
          > parameter to Session as false the messages are sent. If I set the
          > transacted parameter to true the messages will only be output if the
          > session is committed. This is the standard behaviour for a JMS session
          > but this is not the correct behaviour for an MDB running with
          > container-managed transaction demarcation.
          >
          > For a start the transacted parameter to session should be ignored when
          > run in the context of a container transaction and the commit method
          > should thrown an exception as it is not allowed within the context of a
          > container transaction.
          >
          > This is the MDB code and the deployment descriptor: -
          >
          > public class MessageBean implements MessageDrivenBean, MessageListener
          > {
          > private String topicName = null;
          > private TopicConnectionFactory topicConnectionFactory = null;
          > private TopicConnection topicConnection = null;
          > private TopicSession topicSession = null;
          > private Topic topic = null;
          > private TopicPublisher topicPublisher = null;
          > private TextMessage textMessage=null;
          > private transient MessageDrivenContext messageDrivenContext = null;
          >
          > private Context jndiContext;
          >
          > public final static String
          > JMS_FACTORY="weblogic.examples.jms.TopicConnectionFactory";
          > public final static String
          > TOPIC="weblogic.examples.jms.exampleTopic";
          >
          > public MessageBean()
          > {
          > }
          >
          > public void setMessageDrivenContext(MessageDrivenContext
          > messageDrivenContext)
          > {
          > this.messageDrivenContext = messageDrivenContext;
          > }
          >
          > public void ejbCreate()
          > {
          > }
          >
          > public void onMessage(Message inMessage)
          > {
          > try
          > {
          > jndiContext = new InitialContext();
          > topicConnectionFactory =
          > (TopicConnectionFactory)jndiContext.lookup(JMS_FACTORY);
          > topic = (Topic) jndiContext.lookup(TOPIC);
          > topicConnection =
          > topicConnectionFactory.createTopicConnection();
          > topicConnection.start();
          > // The transacted parameter should be ignored in the context of a
          > container tx
          > topicSession = topicConnection.createTopicSession(true,
          > Session.AUTO_ACKNOWLEDGE);
          > topicPublisher = topicSession.createPublisher(topic);
          > textMessage = (TextMessage)inMessage;
          > topicPublisher.publish(inMessage);
          > // this is illegal in a container transaction
          > topicSession.commit();
          > topicConnection.close();
          > }
          > catch (JMSException je)
          > {
          > throw new EJBException(je);
          > }
          > catch (NamingException ne)
          > {
          > throw new EJBException(ne);
          > }
          > }
          >
          > public void ejbRemove()
          > {
          > }
          > }
          >
          >
          >
          >
          > <?xml version="1.0" encoding="UTF-8"?>
          >
          > <!DOCTYPE ejb-jar PUBLIC '-//Sun Microsystems, Inc.//DTD Enterprise
          > JavaBeans 2.0//EN' 'http://java.sun.com/dtd/ejb-jar_2_0.dtd'>
          >
          > <ejb-jar>
          > <enterprise-beans>
          > <message-driven>
          > <display-name>MessageBean</display-name>
          > <ejb-name>MessageBean</ejb-name>
          > <ejb-class>MessageBean</ejb-class>
          > <transaction-type>Container</transaction-type>
          > <message-driven-destination>
          > <destination-type>javax.jms.Queue</destination-type>
          > </message-driven-destination>
          > <security-identity>
          > <description></description>
          > <run-as>
          > <description></description>
          > <role-name></role-name>
          > </run-as>
          > </security-identity>
          > </message-driven>
          > </enterprise-beans>
          > <assembly-descriptor>
          > <container-transaction>
          > <method>
          > <ejb-name>MessageBean</ejb-name>
          > <method-name>*</method-name>
          > </method>
          > <trans-attribute>Required</trans-attribute>
          > </container-transaction>
          > </assembly-descriptor>
          > </ejb-jar>
          >
          >
          >
          >
          >
          >
          >
          >

Container-managed / bean-managed transaction demarcation

I am trying to make sure I understand container-managed and bean-managed transaction demarcation and in particular where you have one bean calling another bean. What happens where one of the beans has container-managed transaction demarcation and the other bean-managed transaction demarcation. In fact the initial question to ask is, is this allowed?
Lets use an application scenario to illustrate the issue. The application has a payment transaction. Payments can be received in one of two ways:
1. As a payment at a branch where the individual payment is processed on a client application and resulting in the processing of a single payment transaction.
2. As a batch of payments received from a bank containing, potentially, thousands of payment transactions.
The proposed implementation for this uses two session beans. The first is a Payment session bean that implements the business logic as appropriate calling entity beans to persist the change. The second is a BatchPayment session bean. This processes the batch of payment transactions received from the bank. The BatchPayment reads through the batch of payments from a bank calling the Payment session bean for each payment transaction.
Lets look at the transactional properties of both session beans. In order to support the client application the Payment session bean can implicitly enforce transactional integrity and is therefore set to container-managed transaction demarcation. However the BatchPayment session bean will want to explicitly specify transaction demarcation for performance reasons. The transactional "commit" process is relatively expensive. When processing a large batch of transactions rather than performing a commit after every transaction is processed we want to perform the commit after a number of transactions have been processed. For example, we may decide that after every 100 transactions have been processed we commit. The processing will have a shorter elapsed time as we have not had to perform 99 commit processes. So the BatchPayment session bean will want to explicitly specify its transaction demarcation and will therefore be defined with bean-managed transaction demarcation.
How would this be implemented? A possible solution is:
Payment session bean implemented with container-managed transaction demarcation with transaction scope set to Required.
BatchPayment session bean implemented with bean-managed transaction demarcation with transaction scope set to Required.
When the client application is run it calls the Payment bean and the container-managed transaction demarcation ensures the transactional integrity of that transaction.
When a BatchPayment process is run it explicitly determines the transaction demarcation. Lets say that after every 100 Payment transactions (through 100 calls to the Payment session bean) have been processed the BatchPayment bean issues a commit. In this scenario however we have mixed container-managed and bean-managed transaction demarcation. Hence my original question. Can container-managed and bean-managed transaction demarcation be mixed? If not how is it possible to implement the requirements as described above?
Thanks for any thoughts.
Paul

BatchPayment session bean implemented with bean-managed transaction demarcation with transaction scope set to Required.Didn't quite understand this sentence.... if it's BMT it has no declarative transaction attributes such as "Required"....
Anyway, first of all I'll have to ask, Why at all would you want to commit in the middle of the business method? to get as much through as possible before a potential crash? :-)
Can container-managed and bean-managed transaction demarcation be mixed?Yes, of course. Just remember that the "direction" you are refering to ->
a BMT SB that propagates it's transaction to a method in a CMT SB that is demarcated with "Required" is the simplest case. If it were "reversed", or for that matter any BMT that might be called within an active transaction context must perform logic to manipulate the transaction state. For instance(and most common case), checking to see if a transaction is active and if so not to do anything(just use the one that is already active).
If not how is it possible to implement the requirements as described above?You could also implement this scenario with CMTs all the way through. your BatchPayment SB could consist of two methods, one (say, execute(Collection paymentsToExecute) ) with "Supports", and another(say executeBatchUnit(Collection paymentsToExecute, int beginIndex, int endIndex) ) with "RequiresNew".
then have the first just call the other with indexes denoting each time a group of payments.
Still, it does seem more suitable using BMT for these kind of things.....
Hope this helped....

Container Managed Entity Beans and Client Identifier in Oracle

Is it possible to use Container Managed Entity Beans (EJB with CMP)
in a way that the Oracle database sessions still know the
individual Client Identifiers of the actual users
(not just the Identifier of the proxy user defined in the
Connection Pool)?
If Yes: How?
If No: The consequence would be that the
technologies EJB with CMP cannot be user together with
Oracle Virtual Private Databases (VPN) because VPN requires
some kind of Client Identifier.
I am grateful for any hint.
Regards,
Martin Siepmann
+49 (0)163 / 7765328

Not quite an auto-incrementing PK, but it is managed by the container. the following is from the turorial
Generating Primary Key Values
For some entity beans, the value of a primary key has a meaning for the business entity. For example, in an entity bean that represents a phone call to a support center, the primary key might include a time stamp that indicates when the call was received. But for other beans, the key's value is arbitrary--provided that it's unique. With container-managed persistence, these key values can be generated automatically by the EJB container. To take advantage of this feature, an entity bean must meet these requirements:
* In the deployment descriptor, the primary key class is defined as a java.lang.Object. The primary key field is not specified.
* In the home interface, the argument of the findByPrimaryKey method must be a java.lang.Object.
* In the entity bean class, the return type of the ejbCreate method must be a java.lang.Object.
In these entity beans, the primary key values are in an internal field that only the EJB container can access. You cannot associate the primary key with a persistent field or any other instance variable. However, you can fetch the bean's primary key by invoking the getPrimaryKey method, and you can locate the bean by invoking its findByPrimaryKey method.
Maybe that is good enough
christina

How to add a finder method in the container manager Bean in the weblogic6.1

in the environment jbuilder6 andweblogic6.1,use container manager entity Bean,it can automatic generate the findAll() method,I want to add a new method to find an element in the home interface,such as findByName(),name is a element of a table of the database.in the weblogic-cmp-rdbms-jar.xml,this is part of the fiile:
<finder>
<finder-name>findAll</finder-name>
<finder-query><![CDATA[ (= 1 1) ]]></finder-query>
</finder>
<finder>
<finder-name>findByName</finder-name>
<finder-param>java.lang.String</finder-param>
<finder-query><![CDATA[ (=name $name) ]]></finder-query>
</finder>
It can successfully compile the findAll(),but it is wrong when compile the findByName(),as follows
"www.ejbgrpx": Method Name: findByName
"www.ejbgrpx": Invalid specifications for a WebLogic RDBMS CMP EJB.
"www.ejbgrpx": ERROR: Error from ejbc: weblogic.ejb20.cmp11.rdbms.finders.IllegalExpressionException:
"www.ejbgrpx": While trying to process Finder
"www.ejbgrpx": Parameter Types: (java.lang.String)
"www.ejbgrpx": WebLogic Query: (= name $name)
"www.ejbgrpx": Finder Expressions: ()
"www.ejbgrpx": Could not parse WLQL expression: (= name $name) null
"www.ejbgrpx": ERROR: ejbc found errors
thank you

The finder methods that you are referring to are only simple finder methods. If you would like to add specialized finder methods, you can make your entity bean with bean managed persistence and not container managed. If you are using EJB 2.0, your entity bean with container managed persistence can use EJB QL for finder methods. You can search for this topic and/or download the EJB 2.0 specifications
Hope this helps

Container manager - error message

I'm trying to install SunMC 3.6.1 with container manager. when I go to the following url:
https://sunmc_server:6789/containers
I get the following:
Solaris Container Manager 3.6.1
When I click on this link, I get an error message:
There was an error while connecting to the Solaris Container Manager service. Restart the services and login again.
Restart Sun Management Center services and log in again.
I have seen others on this forum with the same problem, but no solution..........any ideas?

Please disable the HTTPS Everywhere addon. This dll file is from Firefox 4. If you would like to do a clean reinstall it may help.
Certain Firefox problems can be solved by performing a ''Clean reinstall''. This means you remove Firefox program files and then reinstall Firefox. Please follow these steps:
'''Note:''' You might want to print these steps or view them in another browser.
#Download the latest Desktop version of Firefox from http://www.mozilla.org and save the setup file to your computer.
#After the download finishes, close all Firefox windows (click Exit from the Firefox or File menu).
#Delete the Firefox installation folder, which is located in one of these locations, by default:
#*'''Windows:'''
#**C:\Program Files\Mozilla Firefox
#**C:\Program Files (x86)\Mozilla Firefox
#*'''Mac:''' Delete Firefox from the Applications folder.
#*'''Linux:''' If you installed Firefox with the distro-based package manager, you should use the same way to uninstall it - see [[Installing Firefox on Linux]]. If you downloaded and installed the binary package from the [http://www.mozilla.org/firefox#desktop Firefox download page], simply remove the folder ''firefox'' in your home directory.
#Now, go ahead and reinstall Firefox:
##Double-click the downloaded installation file and go through the steps of the installation wizard.
##Once the wizard is finished, choose to directly open Firefox after clicking the Finish button.
More information about reinstalling Firefox can be found [[Troubleshoot and diagnose Firefox problems#w_5-reinstall-firefox|here]].
<b>WARNING:</b> Do not run Firefox's uninstaller or use a third party remover as part of this process, because that could permanently delete your Firefox data, including but not limited to, extensions, cache, cookies, bookmarks, personal settings and saved passwords. <u>These cannot be easily recovered unless they have been backed up to an external device!</u>
Please report back to say if this helped you!
Thank you.

Session creation with container managed security

Similar Messages

Maybe you are looking for