[svn:bz-trunk] 20680: Tomcat 7 Login Module work, due to the Tomcat 7 Security framework change we need to work out the security integration piece for tomcat 7 .

Similar Messages

• Sometimes my computer takes too long to connect to new website. I am running a pretty powerful work program at same time, what is the best solution? Upgrading speed from cable network, is it a hard drive issue? do I need to "clean out" the computer?

  Many times my computer takes too long to connect to new website. I have wireless internet (time capsule) and I am running a pretty powerful real time financial work program at same time, what is the best solution? Upgrading speed from cable network? is it a hard drive issue? do I only need to "clean out" the computer? Or all of the above...not to computer saavy.  It is a Macbook Pro  osx 10.6.8 (late 2010).

  Almost certainly none of the above!  Try each of the following in this order:
  Select 'Reset Safari' from the Safari menu.
  Close down Safari;  move <home>/Library/Caches/com.apple.Safari/Cache.db to the trash; restart Safari.
  Change the DNS servers in your network settings to use the OpenDNS servers: 208.67.222.222 and 208.67.220.220
  Turn off DNS pre-fetching by entering the following command in Terminal and restarting Safari:
            defaults write com.apple.safari WebKitDNSPrefetchingEnabled -boolean false

• I just bought a power adapter and it is not working, says "not charging".   The same for the mobile charger.   Anything I need to do in the setting?

  I just bought a power adapter and it is not working, says "not charging".   The same for the mobile charger.   Anything I need to do in the setting?

  The device is locked to the carrier it was purchased through unless you specifically purchased it as unlocked directly from Apple.
  Only the carrier to whom it is locked can authorize it's unlocking.  To do so, the user much contact them to start the unlock process.

• When I click "Clear now" to clear the cache, nothing happens, no acknowlegement the the cache is cleared, and I need to know whether the function is working.

  login problem at an arts forum... login works at other sites.
  I can't log in. They gave me a new password and were able to log in with it, doesn't work for me. They suggested clearing cache.
  I removed a cookie from that site, and tried to clear the cache, but suspect I was unsuccessful. When I go to the login, after attempting to clear the cache and removing cookie, the login form is immediately filled in with a password, which could be the old one or the new one, they are unfortunately the same number of letters.
  How do I get the cache clear if the edit preferences thing is not working?

  As a quick test for cookie or cache problems you can try to switch Private Browsing mode on to see if that allows to log in.
  You can either use Tools > Start Private Browsing or set a check mark in:
  * Tools > Options > Privacy: [ ] "Automatically start Firefox in a private browsing session"
  To see all the History and Cookie settings, select: Tools > Options > Privacy > History: Firefox will: "Use custom settings for history"<br />
  Do not forget to exit Private Browsing mode after you have finished the login test.

• Need to bridge out my fios actiontech (gateway) for working from home

  Hi,
  I need to bridge out my actiontech gateway and add a 4-port router in order to work from home.
  I have no idea how exactly to do that?
  Are there any instructions anywhere for this sort of thing?  
  I have fios tv, too and I don't want to mess up the features of that.
  Thank you!!!!!

  DLipman wrote:
  ... I'm a firm believer that yoiu always get at the root of a problem and solve that problem and to not answer what someone "may think" is a solution ... You used the the qualifying word "perhaps" yourself because we just don't know and we need lagoonc to provide the underlying facts in this case.
  No question about it.  It's time that we demand that all writers to these pages employ only approved terminology and adhere to precise and narrowly defined standards of expression.

• [svn:bz-trunk] 20976: bug fix BLZ 602 IPv6 address isn' t properly resolved when used in dynamic url in the proxy service

  Revision: 20976
  Revision: 20976
  Author:   [email protected]
  Date:     2011-03-28 09:20:34 -0700 (Mon, 28 Mar 2011)
  Log Message:
  bug fix BLZ 602 IPv6 address isn't properly resolved when used in dynamic url in the proxy service
  checkintests pass
  Modified Paths:
      blazeds/trunk/modules/core/src/flex/messaging/messages/HTTPMessage.java

  Firstly, there's no such thing as Apache 9.3, there's Apache 1 (and subversions) and Apache 2 (and subversions). Your error message -
  Oracle-HTTP-Server/1.3.28Shows you're using Apache 1.3.28
  Secondly, I'm confused by your comment -
  I do not have Apache 9.3 or higher but I think oracle should offer this in its companion CDOracle does offer the Apache server, if you're saying you didn't get it from Oracle then where did your Apache server come from?
  Thirdly, I notice from your config file -
  ErrorLog "|E:\oracle\product\10.1.0\Companion\Apache\Apache\bin\rotatelogs logs/error_log 43200"That you're piping the logs through rotatelogs, are you sure the logfiles haven't just been renamed?

• [svn:fx-trunk] 7073: When looking around a tab group to determine which object to focus on, not only should the object be selected, but it should also be enabled and visible.

  Revision: 7073
  Author:   [email protected]
  Date:     2009-05-19 08:27:59 -0700 (Tue, 19 May 2009)
  Log Message:
  When looking around a tab group to determine which object to focus on, not only should the object be selected, but it should also be enabled and visible.
  QA Notes:
  Doc Notes:
  Bugs: SDK-19717
  Reviewers: Alex
  Ticket Links:
      http://bugs.adobe.com/jira/browse/SDK-19717
  Modified Paths:
      flex/sdk/trunk/frameworks/projects/framework/src/mx/managers/FocusManager.as

  Revision: 7073
  Author:   [email protected]
  Date:     2009-05-19 08:27:59 -0700 (Tue, 19 May 2009)
  Log Message:
  When looking around a tab group to determine which object to focus on, not only should the object be selected, but it should also be enabled and visible.
  QA Notes:
  Doc Notes:
  Bugs: SDK-19717
  Reviewers: Alex
  Ticket Links:
      http://bugs.adobe.com/jira/browse/SDK-19717
  Modified Paths:
      flex/sdk/trunk/frameworks/projects/framework/src/mx/managers/FocusManager.as

• [svn:bz-trunk] 23072: - fixed failing test on J2EE version based on . Net changes.

  Revision: 23072
  Revision: 23072
  Author:   [email protected]
  Date:     2011-10-20 06:59:14 -0700 (Thu, 20 Oct 2011)
  Log Message:
  - fixed failing test on J2EE version based on .Net changes.
  Modified Paths:
      blazeds/trunk/qa/apps/qa-regress/testsuites/mxunit/tests/remotingService/dataTypes/Boolea nTypesTest.mxml

  The first thing I would do is go the the CF administrator and
  make sure all of your DEBUG information is being displayed. By
  default, some isn't. A lot of times when you get a .net error and
  it tells you nothing, go to the area below Execution Time and there
  is an exceptions area. That is usually where .NET errors are
  returned (system.nullReferenceException for example).
  When passing in strings, I typically assign it to a variable,
  then pass in the variable. It shouldn't matter, but sometimes I
  have run into issues with passing a string in. In your second
  object, look at the date object. The Coldfusion date object and the
  .Net date object are not the same. Hope this helps.

• My six year old set up the restrictions code on my iPad and he doesn't remember the code he used. How can I find out the code. I already tried reseting the iPad and it did not work.

  How can I retrive the passcode for Restrictions? I already tried reseting my iPad to factory settings but did not work.

  I believe there is a way to reset the settings only, but I'm not sure if that applies to restrictions. Maybe there is a way on the computer?

• The "Apple ID Password box along with the keyboard keeps popping up on my iPad and stays there.  I have changed my email address on my iMac but my old one still remains on the iPad.  Also changed password.  Nothing works!  I can't use the iPad like this!

  The "apple ID Password" box along with the keyboard pops up when I turn the iPad on and it stays there.  I have changed my email address on my iMac and also changed my password.  The old email address is still on the iPad.  Anyway, I can't use the iPad because can't get the apple id password box to go away.  Thanks for any help!

  This is an older photo but the sleep and home buttons are still in the same place on all iPads. The home button is the round button at the bottom of the iPad and the sleep button is also called the on/off button and it is at the top right corner of the iPad.

• I have adobe photoshop elements 10. it is on a computor that will no longer work. is their anyway to her it on my new computor  with out the install disc

  i have the disc but this laptop does not have a disc drive

  Hello,
  as we can see your (and your new pc) can use the access to the Internet. So I want to suggest that you go to the Adobe download site to get a "try" Version of PSE 10. With your Serial number you can convert it to a "real" Version.
  Good luck!
  Hans-Günter

• Hey are you there to help withhelp with the sync section of settings I need to work with the HTC exchange

  can you help me in general but mostly provide all the particular bits of information I need to correctly manually set up sync for my htc exchange my phone is an HTC One m8.
  << Private information removed to comply with Verizon Wireless Terms of Service >>
  Message was edited by: Verizon Moderator

  << Private information removed to comply with Verizon Wireless Terms of Service >>

• Problem with role mapping in custom login module

  Hi all,
  I have developed custom login modules. They don't use the default user store but own data tables holding the necessary user information.
  Login works fine. But there is one big problem: Only those users that exist with the same user-id in the default user store get roles assigned to it. Whicht leads to 403-errors in my web application.
  Now, this is weired because a user with id 'Susi' has completely different passwords in my custom tables and in the user store, therefore it shouldn't be possible to authenticate 'Susi' against the default user management.
  Next thing is, I don't use the default login modules at all. So why does the application validates against the user store?
  I thought a source of the  problem might be that I don't set the roles correctly. I set the roles as a principal to the subject. I have chosen the role based mapping  in the web-engine.xml and mapped all my custom roles to the server role 'guests'.
  Could anybody think of a solution to this problem ?
  Thanks,  Astrid

  Astrid,
  Sorry to go off-topic on your post...but I have a question in relation to how you deploy your login module. Do you deploy the login module with your application ? I've developed a login module that I would like to deploy by itself, I currently deploy it with the calculator example and it works fine like this, but I need to deploy it by itself. Any tips you can give would be greatly appreciated.
  I've tried to use the deploytool and deploy the module as a library...but I get a "cannot  load a login module" in the logs when authenticating a user.

• Custom login module for EP7.4 with Captcha

  Hi
  I am trying to create a custom login module which validates the captcha shown at the login screen using SAP help link:
  http://help.sap.com/saphelp_nw73/helpdata/en/48/ff4faf222b3697e10000000a42189b/content.htm?frameset=/en/48/fcea4f62944e88e10000000a421937/frameset.htm&current_toc=/en/74/8ff534d56846e2abc61fe5612927bf/plain.htm&node_id=20
  The session is being set in the Captcha servlet which is used to render the image on the login page.
  However when I am trying to compare it with input or print the session value, its throwing an exception.
  I checked in the NWA logs and it just shows the following error message:
  6. com.temp.loginModule.MyLoginModuleClass OPTIONAL ok exception true Authentication did not succeed.
  Please help me analyse the error stack. Can someone point where do i check the detailed logs to trace the issue?
  Please find below source of my login module.
  package com.temp.loginModule;
  import java.io.IOException;
  import java.util.Map;
  import javax.security.auth.login.LoginException;
  import javax.security.auth.Subject;
  import javax.security.auth.callback.CallbackHandler;
  import javax.security.auth.callback.Callback;
  import javax.security.auth.callback.NameCallback;
  import javax.security.auth.callback.UnsupportedCallbackException;
  import nl.captcha.Captcha;
  import com.sap.engine.interfaces.security.auth.AbstractLoginModule;
  import com.sap.engine.lib.security.http.HttpGetterCallback;
  import com.sap.engine.lib.security.http.HttpCallback;
  import com.sap.engine.lib.security.LoginExceptionDetails;
  import com.sap.engine.lib.security.Principal;
  public class MyLoginModuleClass extends AbstractLoginModule{
    private CallbackHandler callbackHandler = null;
    private Subject subject = null;
    private Map sharedState = null;
    private Map options = null;
    // This is the name of the user you have created on
    // the AS Java so you can test the login module
    private String userName = null;
    private boolean successful;
    private boolean nameSet;
    public void initialize(Subject subject, CallbackHandler callbackHandler,
    Map sharedState, Map options) {
    // This is the only required step for the method
    super.initialize(subject, callbackHandler, sharedState, options);
    // Initializing the values of the variables
    this.callbackHandler = callbackHandler;
    this.subject = subject;
    this.sharedState = sharedState;
    this.options = options;
    this.successful = false;
    this.nameSet = false;
    * Retrieves the user credentials and checks them. This is
    * the first part of the authentication process.
    public boolean login() throws LoginException {
  // HttpGetterCallback httpGetterCallback = new HttpGetterCallback(); 
  //       httpGetterCallback.setType(HttpCallback.REQUEST_PARAMETER); 
  //       httpGetterCallback.setName("captchaInput"); 
         String value = null; 
  //       try { 
  //       callbackHandler.handle(new Callback[] { httpGetterCallback }); 
  //           String[] arrayRequestparam = (String[]) httpGetterCallback.getValue(); 
  //           if(arrayRequestparam!=null && arrayRequestparam.length>0)
  //           value = arrayRequestparam[0]; 
  //       } catch (UnsupportedCallbackException e) { 
  //       throwNewLoginException("An error occurred while trying to validate credentials."); 
  //       } catch (IOException e) { 
  //            throwUserLoginException(e, LoginExceptionDetails.IO_EXCEPTION); 
    value = getRequestValue("captchaInput");
    userName = getRequestValue("j_username");
    HttpGetterCallback httpGetterCallbackSessionCaptcha = new HttpGetterCallback(); 
    httpGetterCallbackSessionCaptcha.setType(HttpCallback.SESSION_ATTRIBUTE); 
    httpGetterCallbackSessionCaptcha.setName("myCaptchaLogin"); 
    try { 
    callbackHandler.handle(new Callback[] { httpGetterCallbackSessionCaptcha }); 
    Captcha arraySessionParam = (Captcha) httpGetterCallbackSessionCaptcha.getValue();
  // System.out.println("****************************************************httpGetterCallbackSessionCaptcha" + (arraySessionParam==null?"null session":arraySessionParam.getAnswer())+
  // "\n captchaInput" + value+"*********************");
    if(arraySessionParam==null || !arraySessionParam.isCorrect(value)){
    throwNewLoginException("Entered code does not match with the image code.Session:"+(arraySessionParam==null?"null":arraySessionParam.getAnswer())+" Param:"+ value);
  // throwUserLoginException(new Exception("Entered code does not match with the image code."));
    httpGetterCallbackSessionCaptcha.setValue(null);
    } catch (UnsupportedCallbackException e) { 
    throwNewLoginException("An error occurred while trying to validate credentials."); 
    } catch (IOException e) { 
    throwUserLoginException(e, LoginExceptionDetails.IO_EXCEPTION); 
    // Retrieve the user credentials via the callback
    // handler.
    // In this case we get the user name from the HTTP
    // NameCallback.
  // NameCallback nameCallback = new NameCallback("User name: ");
    /* The type and the name specify which part of the HTTP request
    * should be retrieved. For Web container authentication, the
    * supported types are defined in the interface
    * com.sap.engine.lib.security.http.HttpCallback.
    * For programmatical authentication with custom callback
    * handler the supported types depend on the used callback handler.
  // try {
  // callbackHandler.handle(new Callback[] {nameCallback});
  // catch (UnsupportedCallbackException e) {
  // return false;
  // catch (IOException e) {
  // throwUserLoginException(e, LoginExceptionDetails.IO_EXCEPTION);
  // userName = nameCallback.getName();
  // if( userName == null || userName.length() == 0 ) {
  // return false;  
    /* When you know the user name, update the user information
    * using data from the persistence. The operation must
    * be done before the user credentials checks. This method also
    * checks the user name so that if a user with that name does not
    * exist in the active user store, a
    * java.lang.SecurityException is thrown.
  // try {
  // refreshUserInfo(userName);
  // } catch (SecurityException e) {
  // throwUserLoginException(e);
    /* Checks if the given user name starts with the specified
    * prefix in the login module options. If no prefix is specified,
    * then all users are trusted.
  // String prefix = (String) options.get("user_name_prefix");
  // if ((prefix != null) && !userName.startsWith(prefix)) {
  // throwNewLoginException("The user is not trusted.");
    /* This is done if the authentication of the login module is    
    * successful.
    * Only one and exactly one login module from the stack must put
    * the user name in the shared state. This user name represents
    * the authenticated user.
    * For example if the login attempt is successful, method
    * getRemoteUser() of
    * the HTTP request will retrieve exactly this name.
    if (sharedState.get(AbstractLoginModule.NAME) == null) {
    sharedState.put(AbstractLoginModule.NAME, userName);
    nameSet = true;
    successful = true;
    return true;
    * Commit the login. This is the second part of the authentication
    * process.
    * If a user name has been stored by the login() method,
    * the user name is added to the subject as a new principal.
    public boolean commit() throws LoginException {
    if (successful) {
    /* The principals that are added to the subject should
    * implement java.security.Principal.You can use the class
    * com.sap.engine.lib.security.Principal for this purpose.
    Principal principal = new Principal(userName);
    subject.getPrincipals().add(principal);
    /* If the login is successful, then the principal corresponding
    * to the <userName> (the same user name that has been added
    * to the subject) must be added in the shared state too.
    * This principal is considered to be the main principal
    * representing the user.
    * For example, this principal will be retrieved from method
    * getUserPrincipal() of the HTTP request.
    if (nameSet) {
    sharedState.put(AbstractLoginModule.PRINCIPAL, principal);
    } else {
    userName = null;
    return true;
    * Abort the authentication process.
    public boolean abort() throws LoginException {
    if (successful) {
    userName = null;
    successful = false;
    return true;
    * Log out the user. Also removes the principals and
    * destroys or removes the credentials that were associated 
    * with the user during the commit phase.
    public boolean logout() throws LoginException {
    // Remove principals and credentials from subject
    if (successful) {
    subject.getPrincipals(Principal.class).clear();
    successful = false;
    return true;
    private String getRequestValue(String parameterName) 
       throws LoginException { 
         HttpGetterCallback httpGetterCallback = new HttpGetterCallback(); 
         httpGetterCallback.setType(HttpCallback.REQUEST_PARAMETER); 
         httpGetterCallback.setName(parameterName); 
         String value = null; 
         try { 
        callbackHandler.handle(new Callback[] { httpGetterCallback }); 
             String[] arrayRequestparam = (String[]) httpGetterCallback.getValue(); 
             value = arrayRequestparam[0]; 
         } catch (UnsupportedCallbackException e) { 
              return null; 
         } catch (IOException e) { 
              throwUserLoginException(e, LoginExceptionDetails.IO_EXCEPTION); 
         return value; 
  Regards
  Ramanender Singh

  Ramanender,
  JAAS modules usually requires a restart whenever you need to change them. So be very careful with what you expect once you re-deploy your code.
  Once the library is loaded it will never reload itself until you perform a restart of the VM. 
  Connect to the debug port may help, but basic debugging will not take you too far either.
  I would recommend you to use the log tracing facility on your code. Just enter the following class attribute:
  import com.sap.tc.logging.Location;
  private static final Location trace = Location.getLocation(<your_classname_here>.class);
  trace.warningT("Some Warning Text Here..." + variable here);
  trace.debugT("Some Warning Text Here..." + variable here);
  You may need to go NWA and set the Location Severity Level to Debug according to your needs.
  Leave the trace code on your module for IT personnel to debug it if necessary. Don't forget to have the severity level of your code properly set.
  Meaning: You don't want to have every trace message your module sills out with warningT() or infoT().
  There is a excellent blog here on how this works
  Then you will be able to inspect some variable contents while the callbackhandler is being executed.
  Pay special attention with the timing - variables have a lifetime when dealing with login modules.
  Use the entering(<method_name>) and exiting(<method_name> just ot make sure where in the code the variable should be populated and when.
  BR,
  Ivan

• Custom Login Module and failover

  I'm trying to figure out how to handle authentication when failover from one OC4J to another occurs. I have a custom login module using the example provided by Frank Nimphius (http://www.oracle.com/technology/products/jdev/howtos/10g/jaassec/index.htm)
  I see different results for this "external" custom login module than for either JAZN file store or for the built-in DBTableOraDataSourceLoginModule that comes with OC4J and am wondering why.
  Scenario 1 - File authentication using JAZN file store
  Results: Works well.
  Failover works and when failover occurs, the login page is not displayed. (no 2nd login is required).
  Scenario 2 - Custom login module using DB store through the OC4J built-in DBTableOraDataSourceLoginModule
  Results: Works well.
  Failover works and when failover occurs, the login page is not displayed. (no 2nd login is required).
  Scenario 3 (problematic scenario) - Custom login module using DB store through an external login module (not in OC4J). I used the DBTableOraDataSourceLoginModule from Frank
  Nimphius with no modifications for this test.
  Results: Failover works. But when failover occurs, the login page is displayed and the user has to login again. Question: Why doesn't failover also cover the authentication as in the previous 2 scenarios?
  Note: I tried to fix this by adding Java_sso. This does appear to take care of having to log in a second time but raises new issues. One is that authentication is called for every request. Then after the failover occurs, I see a log message indicating the login module aborted but authentication appears to succeed regardless.

  I'm trying to figure out how to handle authentication when failover from one OC4J to another occurs. I have a custom login module using the example provided by Frank Nimphius (http://www.oracle.com/technology/products/jdev/howtos/10g/jaassec/index.htm)
  I see different results for this "external" custom login module than for either JAZN file store or for the built-in DBTableOraDataSourceLoginModule that comes with OC4J and am wondering why.
  Scenario 1 - File authentication using JAZN file store
  Results: Works well.
  Failover works and when failover occurs, the login page is not displayed. (no 2nd login is required).
  Scenario 2 - Custom login module using DB store through the OC4J built-in DBTableOraDataSourceLoginModule
  Results: Works well.
  Failover works and when failover occurs, the login page is not displayed. (no 2nd login is required).
  Scenario 3 (problematic scenario) - Custom login module using DB store through an external login module (not in OC4J). I used the DBTableOraDataSourceLoginModule from Frank
  Nimphius with no modifications for this test.
  Results: Failover works. But when failover occurs, the login page is displayed and the user has to login again. Question: Why doesn't failover also cover the authentication as in the previous 2 scenarios?
  Note: I tried to fix this by adding Java_sso. This does appear to take care of having to log in a second time but raises new issues. One is that authentication is called for every request. Then after the failover occurs, I see a log message indicating the login module aborted but authentication appears to succeed regardless.