UserManager in 10.1.3...

I've read that the custom UserManager is deprecated in OC4J 10.1.3 and that a custom LoginModule is the preferred choice now. I am just getting my feet wet with JAAS and had a couple of questions:
I wrote a custom user manager for OC4J 10.1.2 to take advantage of proxy authentication in Oracle. All was working well and I was happy with it. Now, I have written a custom login module to mimic my original user manager. In my testing environment, the only way I could get my custom login module to be called was to add the user's name to jazn-data.xml (I am testing in 10.1.2 as I am having other issues migrating to 10.1.3). This was not a requirement for my custom user manager and is not a feasible option as we have over 100 users that change periodically. Also, the LDAP security provider is not an option due to management decisions.
Is there a way to tell the JAZNUserManager XML provider to "authorize" all users and let my custom login module authenticate the user? Or am I going to have to implement my own custom JAAS 1.0 compliant security provider?
Thank you,
Jason

Hi, Frank:
Thank you for your reply. You are right, the User and UserManager class are just deprecated in 10.1.3, not deleted. So we should be able to continue using it. At least it does not give out error when compiling or running.
I debugged into following line of source code in both 10.1.2 and 10.1.3 and found some difference which I think crirtical.
User user = eRequest.getApplication().getUserManager().getUser(username);
In 10.1.2, eRequest.getApplication().getUserManager() returns an object which is our customed UserManager type by implementing com.evermind.security.UserManager; and getUser() returns an object which is our customed User type by implementing com.evermind.security.User.
But in 10.1.3, eRequest.getApplication().getUserManager() returns object with type com.evermind.server.deployment.UserManagerConfig$Generic, and getUser() returns object with type oracle.security.jazn.oc4j.JAZNUserAdaptor.
What I am trying to do now is to recreate our customed User and customed UserManager class by implementing the 2 new types in 10.1.3. Will see if they will work.
Do you have any idea how should I deal with the change and make it work as 10.1.2?
Thank You!

Similar Messages

  • Bug in 10.1.2.0.0? Doesn't return UserManager properly

    I've found this is a problem only with the standalone version of OC4J 10.1.2.0.0
    I'm trying to lookup my custom user manager in my web application:
    MyUserManager uManager = (MyUserManager) ctx.lookup("java:comp/UserManager");It only returns the JAZNUserManager each and every time.
    Has the context changed or are further configuration changes required?
    I'm declaring my user manager in META-INF/orion-application.xml in my ear archive - no different to normal.
    Anthony

    I've found this is a problem only with the standalone
    version of OC4J 10.1.2.0.0You mean it works correctly in Oracle 10gAS?I have yet to test the main application server.
    It only returns the JAZNUserManager each and every time.Pardon my ignorance, what are you expecting it to return?Well in previous revisions it has always returned the custom UserManager I have declared in my orion-application.xml.
    In my orion-application.xml file I have:
    <user-manager class="com.security.model.MyUserManager" display-name="MyUserManager">
         <property name="jdbcDriver" value="com.mysql.jdbc.Driver" />
         <property name="dbUrl" value="jdbc:mysql://localhost/mysql" />
         <property name="dbUser" value="user" />
         <property name="dbPass" value="user" />
    </user-manager>If I modify the application.xml file and place my own Custom UserManager there it affects the whole server. In my case it should only affect the current application it is declared in.
    I've already spent a week on this with metalink and we resolved that this is the way it should work.
    Going back to revision 9.0.4.0.0 of the OC4J standalone this problem does not exist and I get the Custom User manager returned that was declared.
    Even the standalone_guide.pdf in 10.1.2.0.0 still has the same reference that this should work - but it does not.
    Anthony

  • Custom UserManager and Enterprise Manager administration

    Can Enterprise Manager be used to Add/Remove Users and Groups for a Customer UserManager? I remember reading somewhere that Add/Remove only worked for the XML-file based implementations. Now I can't find where I read that.

    Not likely. That is the reason why they published the Apex 2.1 'database management' pages.
    Express Edition doesn't support Java in the database. Enterprise Manager is based on Java. You CAN use Grid Control for some of the stuff, but it's incomplete.

  • How to migrate from existing Database Usermanagement to Active Directory?

    Hello experts,
    we are running a portal with more than 2000 users. So far our user management is done by the portal´s own identity management with the database as data source.
    However for many reasons instead of the database we would like to use an existing company´s Active Directory (=AD) as a data source for identity management. That means that we would like only to use the AD-users and AD-groups in the portal.
    All users who are in the portal´s database now you can find also in the existing company´s Active Directory. Luckily the users have the same ID both in the database and in the AD.
    We know that the migration form the database to AD is a big issue since many portal objects depend on the existing structures. However because the IDs of users are identical in both systems we hope to finde a way to "override" the existing usermanagement data with the AD data without loosing the existing settings (e.g. KM-Permissions, user profiles etc.).
    Generally I am asking you if you have had already experience with changing the user management´s datasource of an already "living" portal (several 1000 users) to Active Directory User Managent.
    What problems can occour?
    Which modifications need to be done?
    Which portal´s objects are affected by the migration?
    Is a migration possible at all?
    I will appreciate all suggestions, remarks, ideas.
    Thanks in advance.
    Thomas

    Hello experts,
    the current permissions in the KM-Objects are based on both groups and users from database.
    Because it is not possible to modify the Group´s Display Name in the portal´s database we would also like to use LDAP-Groups in the portal: All users and groups in the portal shall be managed by Active Directory in future.
    In the Active Directory it is possible to modify the Display Name of groups. This is a necessary feature because of reorganisations of departments in our company which occur from time to time.
    Creating new groups with the new department names is not an option because one has to assign all department members to the new group again. Otherwise one need to asign the new group to the ACLs of all KM objects in question. This is a too big deal.
    However, thank you for that hint Michael.
    Any other experiences?
    I will appreciate any ideas, foreseen problems.
    Thomas

  • JAZN userManager (oracle.security.jazn.oc4j.JAZNUserManager) fails to initialize

    We are testing the JAZN callInfo sample. I have OID version 3.0.1.0, and Oracle9iAS (9.0.3.0.0) Containers for J2EE. We setup the jazn to use LDAP.
    When starting oc4j we get the following:
    java -jar oc4j.jar Error instantiating application 'callerInfo' at file:/u01/app/oracle/products/9iAS/j2ee/home/jazn/demo/callerInfo/callerInfo.ear: Error initializing userManager 'oracle.security.jazn.oc4j.JAZNUserManager': java.lang.StringIndexOutOfBoundsException (String index out of range: 32)
    Oracle9iAS (9.0.3.0.0) Containers for J2EE initialized
    We see it this connect to ldap and get a reply. I feel the string back is larger than jazn is expecting.
    We check the tcp traffic and see it connecting:
    09:10:57.377851 buckwheat.jxn.wcom.com.389 > buckwheat.jxn.wcom.com.35082: P 15:2641(2626) ack 131 win 32767 <nop,nop,timestamp 26118724 26118721> (DF)
    0x0000     4500 0a76 8468 4000 4006 6450 9f62 8482     E..v.h@[email protected]..
    0x0010     9f62 8482 0185 890a 1594 0e68 15e8 7584     .b.........h..u.
    0x0020     8018 7fff 37d6 0000 0101 080a 018e 8a44     ....7..........D
    0x0030     018e 8a41 3082 0a3e 0201 0264 820a 3704     ...A0..>...d..7.
    0x0040     1063 6e3d 4f72 6163 6c65 436f 6e74 6578     .cn=OracleContex
    0x0050     7430 820a 2130 1504 0263 6e31 0f04 0d4f     t0..!0...cn1...O
    0x0060     7261 636c 6543 6f6e 7465 7874 3044 040b     racleContext0D..
    0x0070     6f62 6a65 6374 636c 6173 7331 3504 0374     objectclass15..t
    0x0080     6f70 040b 6f72 636c 436f 6e74 6578 7404     op..orclContext.
    0x0090     106f 7263 6c43 6f6e 7465 7874 4175 7838     .orclContextAux8
    0x00a0     3204 0f6f 7263 6c52 6f6f 7443 6f6e 7465     2..orclRootConte
    0x00b0     7874 3016 040b 6f72 636c 7665 7273 696f     xt0...orclversio
    0x00c0     6e31 0704 0539 3030 3030 3081 9104 116f     n1...900000....o
    0x00d0     7263 6c65 6e74 7279 6c65 7665 6c61 6369     rclentrylevelaci
    0x00e0     317c 047a 6163 6365 7373 2074 6f20 656e     1|.zaccess.to.en
    0x00f0     7472 7920 6279 2067 726f 7570 3d22 636e     try.by.group="cn
    0x0100     3d4f 7261 636c 654e 6574 4164 6d69 6e73     =OracleNetAdmins
    0x0110     2c63 6e3d 4f72 6163 6c65 436f 6e74 6578     ,cn=OracleContex
    0x0120     7422 2028 6164 6429 2062 7920 6772 6f75     t".(add).by.grou
    0x0130     703d 2263 6e3d 4f72 6163 6c65 4442 4372     p="cn=OracleDBCr
    0x0140     6561 746f 7273 2c63 6e3d 4f72 6163 6c65     eators,cn=Oracle
    0x0150     436f 6e74 6578 7422 2028 6164 6429 3082     Context".(add)0.
    0x0160     0914 0407 6f72 636c 6163 6931 8209 0704     ....orclaci1....
    0x0170     7d61 6363 6573 7320 746f 2065 6e74 7279     }access.to.entry
    0x0180     2062 7920 6772 6f75 703d 2263 6e3d 4f72     .by.group="cn=Or
    0x0190     6163 6c65 436f 6e74 6578 7441 646d 696e     acleContextAdmin
    0x01a0     732c 636e 3d47 726f 7570 732c 636e 3d4f     s,cn=Groups,cn=O
    0x01b0     7261 636c 6543 6f6e 7465 7874 2220 2862     racleContext".(b
    0x01c0     726f 7773 652c 6164 642c 6465 6c65 7465     rowse,add,delete
    0x01d0     2920 6279 202a 2028 6272 6f77 7365 2c6e     ).by.*.(browse,n
    0x01e0     6f61 6464 2c6e 6f64 656c 6574 6529 0481     oadd,nodelete)..
    0x01f0     a461 6363 6573 7320 746f 2061 7474 723d     .access.to.attr=
    0x0200     282a 2920 6279 2067 726f 7570 3d22 636e     (*).by.group="cn
    0x0210     3d4f 7261 636c 6543 6f6e 7465 7874 4164     =OracleContextAd
    0x0220     6d69 6e73 2c63 6e3d 4772 6f75 7073 2c63     mins,cn=Groups,c
    0x0230     6e3d 4f72 6163 6c65 436f 6e74 6578 7422     n=OracleContext"
    0x0240     2028 7265 6164 2c73 6561 7263 682c 7772     .(read,search,wr
    0x0250     6974 652c 7365 6c66 7772 6974 652c 636f     ite,selfwrite,co
    0x0260     6d70 6172 6529 2062 7920 2a20 2872 6561     mpare).by.*.(rea
    0x0270     642c 7365 6172 6368 2c6e 6f77 7269 7465     d,search,nowrite
    0x0280     2c6e 6f73 656c 6677 7269 7465 2c63 6f6d     ,noselfwrite,com
    0x0290     7061 7265 2904 81dd 6163 6365 7373 2074     pare)...access.t
    0x02a0     6f20 656e 7472 7920 6669 6c74 6572 3d28     o.entry.filter=(
    0x02b0     6f62 6a65 6374 636c 6173 733d 6f72 636c     objectclass=orcl
    0x02c0     4e65 7453 6572 7669 6365 2920 6279 2067     NetService).by.g
    0x02d0     726f 7570 3d22 636e 3d4f 7261 636c 6544     roup="cn=OracleD
    0x02e0     4253 6563 7572 6974 7941 646d 696e 732c     BSecurityAdmins,
    0x02f0     636e 3d4f 7261 636c 6543 6f6e 7465 7874     cn=OracleContext
    0x0300     2220 2862 726f 7773 652c 6164 642c 6465     ".(browse,add,de
    0x0310     6c65 7465 2920 6279 2067 726f 7570 3d22     lete).by.group="
    0x0320     636e 3d4f 7261 636c 654e 6574 4164 6d69     cn=OracleNetAdmi
    0x0330     6e73 2c63 6e3d 4f72 6163 6c65 436f 6e74     ns,cn=OracleCont
    0x0340     6578 7422 2028 6272 6f77 7365 2c61 6464     ext".(browse,add
    0x0350     2c64 656c 6574 6529 2062 7920 2a20 2862     ,delete).by.*.(b
    0x0360     726f 7773 652c 6e6f 6164 642c 6e6f 6465     rowse,noadd,node
    0x0370     6c65 7465 2904 81ec 6163 6365 7373 2074     lete)...access.t
    0x0380     6f20 656e 7472 7920 6669 6c74 6572 3d28     o.entry.filter=(
    0x0390     6f62 6a65 6374 636c 6173 733d 6f72 636c     objectclass=orcl
    0x03a0     4e65 7444 6573 6372 6970 7469 6f6e 4c69     NetDescriptionLi
    0x03b0     7374 2920 6279 2067 726f 7570 3d22 636e     st).by.group="cn
    0x03c0     3d4f 7261 636c 6543 6f6e 7465 7874 4164     =OracleContextAd
    0x03d0     6d69 6e73 2c63 6e3d 4772 6f75 7073 2c63     mins,cn=Groups,c
    0x03e0     6e3d 4f72 6163 6c65 436f 6e74 6578 7422     n=OracleContext"
    0x03f0     2028 6272 6f77 7365 2c61 6464 2c64 656c     .(browse,add,del
    0x0400     6574 6529 2062 7920 6772 6f75 703d 2263     ete).by.group="c
    0x0410     6e3d 4f72 6163 6c65 4e65 7441 646d 696e     n=OracleNetAdmin
    0x0420     732c 636e 3d4f 7261 636c 6543 6f6e 7465     s,cn=OracleConte
    0x0430     7874 2220 2862 726f 7773 652c 6164 642c     xt".(browse,add,
    0x0440     6465 6c65 7465 2920 6279 202a 2028 6272     delete).by.*.(br
    0x0450     6f77 7365 2c6e 6f61 6464 2c6e 6f64 656c     owse,noadd,nodel
    0x0460     6574 6529 0481 e861 6363 6573 7320 746f     ete)...access.to
    0x0470     2065 6e74 7279 2066 696c 7465 723d 286f     .entry.filter=(o
    0x0480     626a 6563 7463 6c61 7373 3d6f 7263 6c4e     bjectclass=orclN
    0x0490     6574 4465 7363 7269 7074 696f 6e29 2062     etDescription).b
    0x04a0     7920 6772 6f75 703d 2263 6e3d 4f72 6163     y.group="cn=Orac
    0x04b0     6c65 436f 6e74 6578 7441 646d 696e 732c     leContextAdmins,
    0x04c0     636e 3d47 726f 7570 732c 636e 3d4f 7261     cn=Groups,cn=Ora
    0x04d0     636c 6543 6f6e 7465 7874 2220 2862 726f     cleContext".(bro
    0x04e0     7773 652c 6164 642c 6465 6c65 7465 2920     wse,add,delete).
    0x04f0     6279 2067 726f 7570 3d22 636e 3d4f 7261     by.group="cn=Ora
    0x0500     636c 654e 6574 4164 6d69 6e73 2c63 6e3d     cleNetAdmins,cn=
    0x0510     4f72 6163 6c65 436f 6e74 6578 7422 2028     OracleContext".(
    0x0520     6272 6f77 7365 2c61 6464 2c64 656c 6574     browse,add,delet
    0x0530     6529 2062 7920 2a20 2862 726f 7773 652c     e).by.*.(browse,
    0x0540     6e6f 6164 642c 6e6f 6465 6c65 7465 2904     noadd,nodelete).
    0x0550     81e8 6163 6365 7373 2074 6f20 656e 7472     ..access.to.entr
    0x0560     7920 6669 6c74 6572 3d28 6f62 6a65 6374     y.filter=(object
    0x0570     636c 6173 733d 6f72 636c 4e65 7441 6464     class=orclNetAdd
    0x0580     7265 7373 4c69 7374 2920 6279 2067 726f     ressList).by.gro
    0x0590     7570 3d22 636e 3d4f 7261 636c 6543 6f6e     up="cn=OracleCon
    0x05a0     7465 7874 4164 6d69 6e73 2c63 6e3d 4772     textAdmins,cn=Gr
    0x05b0     6f75 7073 2c63 6e3d 4f72 6163 6c65 436f     oups,cn=OracleCo
    0x05c0     6e74 6578 7422 2028 6272 6f77 7365 2c61     ntext".(browse,a
    0x05d0     6464 2c64 656c 6574 6529 2062 7920 6772     dd,delete).by.gr
    0x05e0     6f75 703d 2263 6e3d 4f72 6163 6c65 4e65     oup="cn=OracleNe
    0x05f0     7441 646d 696e 732c 636e 3d4f 7261 636c     tAdmins,cn=Oracl
    0x0600     6543 6f6e 7465 7874 2220 2862 726f 7773     eContext".(brows
    0x0610     652c 6164 642c 6465 6c65 7465 2920 6279     e,add,delete).by
    0x0620     202a 2028 6272 6f77 7365 2c6e 6f61 6464     .*.(browse,noadd
    0x0630     2c6e 6f64 656c 6574 6529 0481 e461 6363     ,nodelete)...acc
    0x0640     6573 7320 746f 2065 6e74 7279 2066 696c     ess.to.entry.fil
    0x0650     7465 723d 286f 626a 6563 7463 6c61 7373     ter=(objectclass
    0x0660     3d6f 7263 6c4e 6574 4164 6472 6573 7329     =orclNetAddress)
    0x0670     2062 7920 6772 6f75 703d 2263 6e3d 4f72     .by.group="cn=Or
    0x0680     6163 6c65 436f 6e74 6578 7441 646d 696e     acleContextAdmin
    0x0690     732c 636e 3d47 726f 7570 732c 636e 3d4f     s,cn=Groups,cn=O
    0x06a0     7261 636c 6543 6f6e 7465 7874 2220 2862     racleContext".(b
    0x06b0     726f 7773 652c 6164 642c 6465 6c65 7465     rowse,add,delete
    0x06c0     2920 6279 2067 726f 7570 3d22 636e 3d4f     ).by.group="cn=O
    0x06d0     7261 636c 654e 6574 4164 6d69 6e73 2c63     racleNetAdmins,c
    0x06e0     6e3d 4f72 6163 6c65 436f 6e74 6578 7422     n=OracleContext"
    0x06f0     2028 6272 6f77 7365 2c61 6464 2c64 656c     .(browse,add,del
    0x0700     6574 6529 2062 7920 2a20 2862 726f 7773     ete).by.*.(brows
    0x0710     652c 6e6f 6164 642c 6e6f 6465 6c65 7465     e,noadd,nodelete
    0x0720     2904 8201 1461 6363 6573 7320 746f 2061     )....access.to.a
    0x0730     7474 723d 282a 2920 2066 696c 7465 723d     ttr=(*)..filter=
    0x0740     286f 626a 6563 7463 6c61 7373 3d6f 7263     (objectclass=orc
    0x0750     6c4e 6574 5365 7276 6963 6529 2062 7920     lNetService).by.
    0x0760     6772 6f75 703d 2263 6e3d 4f72 6163 6c65     group="cn=Oracle
    0x0770     436f 6e74 6578 7441 646d 696e 732c 636e     ContextAdmins,cn
    0x0780     3d47 726f 7570 732c 636e 3d4f 7261 636c     =Groups,cn=Oracl
    0x0790     6543 6f6e 7465 7874 2220 2872 6561 642c     eContext".(read,
    0x07a0     7365 6172 6368 2c77 7269 7465 2c73 656c     search,write,sel
    0x07b0     6677 7269 7465 2c63 6f6d 7061 7265 2920     fwrite,compare).
    0x07c0     6279 2067 726f 7570 3d22 636e 3d4f 7261     by.group="cn=Ora
    0x07d0     636c 654e 6574 4164 6d69 6e73 2c63 6e3d     cleNetAdmins,cn=
    0x07e0     4f72 6163 6c65 436f 6e74 6578 7422 2028     OracleContext".(
    0x07f0     636f 6d70 6172 652c 7365 6172 6368 2c72     compare,search,r
    0x0800     6561 642c 7772 6974 6529 2062 7920 2a20     ead,write).by.*.
    0x0810     2872 6561 642c 7365 6172 6368 2c63 6f6d     (read,search,com
    0x0820     7061 7265 2c6e 6f77 7269 7465 2c6e 6f73     pare,nowrite,nos
    0x0830     656c 6677 7269 7465 2904 8201 1c61 6363     elfwrite)....acc
    0x0840     6573 7320 746f 2061 7474 723d 282a 2920     ess.to.attr=(*).
    0x0850     2066 696c 7465 723d 286f 626a 6563 7463     .filter=(objectc
    0x0860     6c61 7373 3d6f 7263 6c4e 6574 4465 7363     lass=orclNetDesc
    0x0870     7269 7074 696f 6e4c 6973 7429 2062 7920     riptionList).by.
    0x0880     6772 6f75 703d 2263 6e3d 4f72 6163 6c65     group="cn=Oracle
    0x0890     436f 6e74 6578 7441 646d 696e 732c 636e     ContextAdmins,cn
    0x08a0     3d47 726f 7570 732c 636e 3d4f 7261 636c     =Groups,cn=Oracl
    0x08b0     6543 6f6e 7465 7874 2220 2872 6561 642c     eContext".(read,
    0x08c0     7365 6172 6368 2c77 7269 7465 2c73 656c     search,write,sel
    0x08d0     6677 7269 7465 2c63 6f6d 7061 7265 2920     fwrite,compare).
    0x08e0     6279 2067 726f 7570 3d22 636e 3d4f 7261     by.group="cn=Ora
    0x08f0     636c 654e 6574 4164 6d69 6e73 2c63 6e3d     cleNetAdmins,cn=
    0x0900     4f72 6163 6c65 436f 6e74 6578 7422 2028     OracleContext".(
    0x0910     636f 6d70 6172 652c 7365 6172 6368 2c72     compare,search,r
    0x0920     6561 642c 7772 6974 6529 2062 7920 2a20     ead,write).by.*.
    0x0930     2872 6561 642c 7365 6172 6368 2c63 6f6d     (read,search,com
    0x0940     7061 7265 2c6e 6f77 7269 7465 2c6e 6f73     pare,nowrite,nos
    0x0950     656c 6677 7269 7465 2904 8201 1961 6363     elfwrite)....acc
    0x0960     6573 7320 746f 2061 7474 723d 282a 2920     ess.to.attr=(*).
    0x0970     2066 696c 7465 723d 286f 626a 6563 7463     .filter=(objectc
    0x0980     6c61 7373 3d6f 7263 6c4e 6574 4465 7363     lass=orclNetDesc
    0x0990     7269 7074 696f 6e29 2062 7920 6772 6f75     ription).by.grou
    0x09a0     703d 2263 6e3d 4f72 6163 6c65 436f 6e74     p="cn=OracleCont
    0x09b0     6578 7441 646d 696e 732c 636e 3d47 726f     extAdmins,cn=Gro
    0x09c0     7570 732c 636e 3d4f 7261 636c 6543 6f6e     ups,cn=OracleCon
    0x09d0     7465 7874 2220 2872 6561 642c 7365 6172     text".(read,sear
    0x09e0     6368 2c77 7269 7465 2c73 656c 6677 7269     ch,write,selfwri
    0x09f0     7465 2c63 6f6d 7061 7265 2920 6279 2067     te,compare).by.g
    0x0a00     726f 7570 3d22 636e 3d4f 7261 636c 654e     roup="cn=OracleN
    0x0a10     6574 4164 6d69 6e73 2c63 6e3d 4f72 6163     etAdmins,cn=Orac
    0x0a20     6c65 436f 6e74 6578 7422 2028 636f 6d70     leContext".(comp
    0x0a30     6172 652c 7365 6172 6368 2c72 6561 642c     are,search,read,
    0x0a40     7772 6974 6529 2020 6279 202a 2028 7265     write)..by.*.(re
    0x0a50     6164 2c73 6561 7263 682c 636f 6d70 6172     ad,search,compar
    0x0a60     652c 6e6f 7772 6974 652c 6e6f 7365 6c66     e,nowrite,noself
    0x0a70     7772 6974 6529      write)
    JAZN is setup as following
    java -jar jazn.jar -getconfig
    <jazn provider="LDAP" location="ldap://buckwheat:389" default-realm="sample_subrealm" />
    oracle@buckwheat:/u01/app/oracle/products/9iAS/j2ee/home> java -jar jazn.jar -getconfig sample_subrealm
    <jazn provider="LDAP" location="ldap://buckwheat:389" default-realm="sample_subrealm" />
    <OC4J_HOME>/config/jazn.xml
    <?xml version="1.0" encoding="UTF-8" standalone='yes'?>
    <!--
    <!DOCTYPE jazn PUBLIC "JAZN Config" "http://xmlns.oracle.com/ias/dtds/jazn.dtd">
    <jazn provider="XML" location="./jazn-data.xml" />
    -->
    <jazn provider="LDAP"
    default-realm="sample_subrealm"
    location="ldap://buckwheat:389" />
    <OC4J_HOME>/j2ee/home/jazn/demo/callerInfo/etc/orion-application.xml
    <?xml version="1.0"?>
    <!DOCTYPE orion-application PUBLIC "-//Evermind//DTD J2EE Application runtime 1.2//EN" "http://xmlns.oracle.com/ias/dtds/orion-application.dtd">
    <orion-application deployment-version="1.0.2.2" default-data-source="jdbc/OracleDS">
    <web-module id="callerInfo-web" path="callerInfo-web.war" />
    <persistence path="persistence" />
    <!-- mapping for realm "jazn.com"
    <security-role-mapping name="sr_manager">
    <group name="administrators" />
    </security-role-mapping>
    <security-role-mapping name="sr_developer">
    <group name="users" />
    </security-role-mapping>
    -->
    <!-- mapping for realm "sample_subrealm" -->
    <security-role-mapping name="sr_manager">
    <group name="manager" />
    </security-role-mapping>
    <security-role-mapping name="sr_developer">
    <group name="developer" />
    </security-role-mapping>
    <!-- h -->
    <!-- use JAZN-XML by default
    <jazn provider="XML" location="./jazn-data.xml" />
    -->
    <!-- use JAZN-LDAP instead -->
    <jazn provider="LDAP" default-realm="sample_subrealm" location="ldap://buckwheat.jxn.wcom.com:389" />
    <!-- -->
    <log>
    <file path="application.log" />
    </log>
    <namespace-access>
    <read-access>
    <namespace-resource root="">
    <security-role-mapping name="&lt;jndi-user-role&gt;">
    <group name="administrators" />
    </security-role-mapping>
    </namespace-resource>
    </read-access>
    <write-access>
    <namespace-resource root="">
    <security-role-mapping name="&lt;jndi-user-role&gt;">
    <group name="administrators" />
    </security-role-mapping>
    </namespace-resource>
    </write-access>
    </namespace-access>
    </orion-application>
    <OC4J_HOME>/j2ee/home/jazn/demo/callerInfo/etc/web.xml
    <?xml version="1.0"?>
    <!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.2//EN" "http://java.sun.com/j2ee/dtds/web-app_2_2.dtd">
    <web-app>
    <display-name>JAZN Demo: CallerInfo</display-name>
    <servlet>
    <servlet-name>callerInfo</servlet-name>
    <description>Servlet retrieves remote user info</description>
    <servlet-class>oracle.security.jazn.samples.http.CallerInfo</servlet-class>
    <!-- role name used in code -->
    <security-role-ref>
    <role-name>FOO</role-name>
    <role-link>sr_manager</role-link>
    </security-role-ref>
    <security-role-ref>
    <role-name>ar_manager</role-name>
    <role-link>sr_manager</role-link>
    </security-role-ref>
    <security-role-ref>
    <role-name>ar_developer</role-name>
    <role-link>sr_developer</role-link>
    </security-role-ref>
    </servlet>
    <servlet-mapping>
    <servlet-name>callerInfo</servlet-name>
    <url-pattern>/callerInfo/*</url-pattern>
    </servlet-mapping>
    <servlet-mapping>
    <servlet-name>callerInfo</servlet-name>
    <url-pattern>/callerInfoA</url-pattern>
    </servlet-mapping>
    <servlet-mapping>
    <servlet-name>callerInfo</servlet-name>
    <url-pattern>/callerInfoB</url-pattern>
    </servlet-mapping>
    <!-- security roles -->
    <security-role>
    <role-name>sr_manager</role-name>
    </security-role>
    <security-role>
    <role-name>sr_developer</role-name>
    </security-role>
    <!-- security constraints -->
    <security-constraint>
    <web-resource-collection>
    <web-resource-name>CallerInfoA</web-resource-name>
    <url-pattern>/callerInfoA</url-pattern>
    </web-resource-collection>
    <!-- authorization -->
    <auth-constraint>
    <role-name>sr_developer</role-name>
    </auth-constraint>
    </security-constraint>
    <security-constraint>
    <web-resource-collection>
    <web-resource-name>CallerInfoB</web-resource-name>
    <url-pattern>/callerInfoB</url-pattern>
    </web-resource-collection>
    <!-- authorization -->
    <auth-constraint>
    <role-name>sr_manager</role-name>
    </auth-constraint>
    </security-constraint>
    <!-- authentication -->
    <login-config>
    <auth-method>BASIC</auth-method>
    </login-config>
    </web-app>

    OID 3.0.1.0 is the latest product release to public. I did add the Install data to allow it to work. I see the data in OID but when I connect with jazn I get error.
    java -jar jazn.jar -shell
    JAZN:> ls
    realms policy
    JAZN:> cd realms
    JAZN:> ls
    String index out of range: 32
    JAZN:> cd ../policy
    JAZN:> ls
    JAZN:> exit
    JAZN:>
    It does not error on policy dirictory but it does on the realm side. If I watch the tcp packets it is working.

  • J2EE Containers in 9.0.3.0.0 (Preview 3/25/02) don't handle custom UserManager

    I can't see any other place to report this, so I guess I'll do it here.
    We've written a custom UserManager that works in Orion 1.5.2 and, of course, Oracle J2EE Containers 1.0.2.2 but it gets stuck in an infinite loop calling the following function.
    protected boolean inGroup( String username, String groupname )
    I've watched it in the debugger, and the function is appropriately returning true to indicate that the user is a member of the group. The application's principal.xml looks like this:
    <principals>
         <groups>
              <group name="admin" />
         </groups>
         <users>
         </users>
    </principals>
    The users list is taken care of by our custom UserManager, and this same principals.xml works great in older versions.
    Any ideas?
    Tim

    Tim -- You may want to use the products-> Application Server -> J2EE forum in the future for this type of questions.
    As for your problem, I have not heard this before but I will see if I can make it fail or not.
    Thanks -- Jeff

  • 9.0.4 custom UserManager (it worked in 9.0.3)

    I have a UserManager that works with our app in 9.0.3. Am trying to migrate to 9.0.4 and the UserManager doesn't work.
    Our UserManager extends com.evermind.security.AbstractUserManager and our User class extends com.evermind.security.User. When run, there are no errors or exceptions. Our UserManager returns our custom User object, the authenticate method is called on it by the container (we rewrote the authenticate method to simply return true), and then the request is forward to the form-error-page defined in web.xml.
    Any ideas? We're desperate, the need to upgrade is being pushed from above...

    There was a bug in 9.0.4 that has been fixed in 9.0.4.1. Please apply the 9.0.4.1 patchset and see whether this is resolved
    -Debu

  • How to get current IUser (com.sapportals.portal.security.usermanagement)

    Hi,
    does anybody know how to get IUser for the current user?
    I know how to get current IUser from com.sap.security.api package:
    IWDClientUser wdcu = WDClientUser.getCurrentUser();
    IUser sapUser = wdcu.getSAPUser();
    but I need to have IUser from com.sapportals.portal.security.usermanagement package.
    Regards,
    Ladislav

    Ladislav,
    Try this:
    Get the IUser uisng the API com.sap.security.api.IUser and store it in a variable, say <i>sapUser</i>.
    Then,
    // Convert the logged in user to old EP5 usermanagement API
    com.sapportals.portal.security.usermanagement.IUser user = null;
    try
         com.sapportals.portal.security.usermanagement.IUser user = WPUMFactory.getUserFactory().getEP5User(sapUser);
    catch (UserManagementException e)
         e.printStackTrace();
    Bala

  • How to access to Custom UserManager

    Hi,
    How to access to my own UserManager from an EJB ? with lookup ?
    I have got own custom UserManager, and I access it with a lookup from an EJB (UserManagerEJB) in the same application, but I get the next error :
    OrionUserManagerEJB javax.naming.NameNotFoundException: ejb/UserManager not found in Orion
    UserManagerEJB
    This same code works fine in OC4J 9.0.3 but not works in OC4J 10.0.3, please help me !

    Hi,
    I visited all webs and I readed all articles referents to UserManager but I don't found the solution.
    I use the nex code to lookup my UserManager :
    Context ctx=new InitialContext();
    UserManager um=(UserManager)ctx.lookup("java:comp/UserManager");
    And I user the next factory :
    com.evermind.server.ApplicationInitialContextFactory
    I tried with com.evermind.server.rmi.RMIInitialContextFactory too, but not works it.
    I don't understand the problem ! why the same code works fine in OC4J 9.0.3 and not works in OC4J 10.0.3 ? Any response ?

  • Azure Mobile Services and ASP Identity - Exception when using UserManager

    I've reviewed
    this post in the AMS forum and it doesn't really answer the question. I already know how to integrate authentication, but Identity implements a lot of boilerplate user management code that I don't want to have to reproduce.  My question is: Is it possible
    to use Asp Identity framework with Azure Mobile Services? Since AMS Back End has Microsoft ASP.NET Identity Core/Owin as dependencies, I would think that the answer is yes, that they are compatible?
    I have been progressing as if it were possible, but yet, now when I go to try to use the Identity UserManager, I am getting the exception stated in
    this asp.net identity bug. Are there references in Azure Mobile Services Back End to previous versions of Microsoft.AspNet.Identity that would result in mismatched assembly versions?
    I have tried uninstalling and reinstalling Asp.Net Identity, even to the pre-release of 2.2.0, but I am still getting the exception that it couldn't load the CultureAwaiter. I have asked in that post if the bug has been fixed, but from the scant evidence of
    the posts and lack of responses, I would think that the bug has been fixed.
    ibGib

    The bug referenced in the original post shows that the required version is 2.1. I found that when I published to Azure, even though I had the correct (2.1) versions of the NuGet packages installed, the loaded dlls were not the correct versions. I do not
    know if this is an Azure problem or an Azure Mobile Services problem.
    I came to this conclusion by looking at the loaded Identity dlls in a new, up-to-date mvc app, and then looking at the same loaded dlls while debugging in Azure. The Azure dlls are older versions than the up-to-date MVC app versions. I figure that somewhere
    along the lines, Azure Mobile Services is loading the incorrect version of the Identity dlls, even though I have the correct versions installed via NuGet. Maybe there is another explanation.
    But regardless, I should be able to use the up-to-date versions of Identity in order to address bugs in the Identity framework. It would be nice if an AMS person would clarify about the dll versioning. I did come across
    this SO comment by someone who seems to be an AMS guru, but it doesn't seem to make sense. It does, however, seem to corroborate my and BinLaw's observed behavior of the backend dlls.
    ibGib

  • Dependencies for usermanagement in KM application

    Hi,
    I created a km portal application which uses the apis from the package com.sapportals.portal.security.usermanagement. Using the jarclass finder, I was able to find these jars/add them to the classpath/build and finally  deploy.
    However, when I convert this application to a DC, I get errrors on building the DC:
    package com.sapportals.portal.security.usermanagement does not exist
         [javac] ERROR: import com.sapportals.portal.security.usermanagement.IUser;
         [javac] ERROR:                                                      ^
    [javac] ERROR: import com.sapportals.portal.security.usermanagement.UserManagementException;
         [javac] ERROR:                                                      ^
    I've already added SC dependencies  for KM-BC, KM-CM, JTECHS, J2EE, BUILDT, etc..
    Under used DCs, I was able to add used dependency on DC tckmfrwk. However, I can't find the corresponding DC for 'com.sapportals.portal.security.usermanagement'..
    Can anyone point me to the right SC/DC to include for the above? Thanks.
    ~Prachi

    Hi Prachi,
    when you use Development Components, then you have to add the required library as "Used DC" to our project. The libraries will be added automatically to your build path.
    Try also to include the following SCs:
    - SAP_JTECHS -> epbc.prtapi._api
    - EP_BUILDT -> com.sap.security.api
    Otherwise you have to include the required libraries as External Library.
    Refer to this blog, it gives you an explanation of how to add an External Library DC.
    [Using KM API in Web Dynpro Application using Development Components|https://www.sdn.sap.com/irj/scn/weblogs?blog=/pub/wlg/11509]
    Best regards,
    Denis
    Edited by: Denis Schrodt on Jan 27, 2009 1:43 PM

  • [904] custom UserManager can't access JNDI?

    Our app has a custom UserManager which works in 1.0.2.2. In the init method, our user manager is trying to lookup a datasource (defined in the global data-sources.xml) whose name has been passed as a property in application.xml file.
    While trying to perform the jndi lookup for the datasource in 9.0.4, we are getting the following error:
    javax.naming.NamingException: Not in an application scope - start Orion with the -userThreads switch if using user-created threads
    I've tried -userThreads option but makes no difference.
    What do I need to configure to make this work?
    TIA,
    - nik.

    Me again!
    So I found that I can't do jndi lookup (NamingException) for the datasource as mentioned, in the init method.
    However, the very same jndi lookup was successful in the overridden authenticate method, called by oc4j when trying to authenticate the user.
    Go figure!
    TIA,
    - nik.

  • OC4J, JNDI lookup and UserManager

    Hi
    Recently we decided to upgrade our Oracle9iAS to 9.0.3 from 9.0.2 and its JVM to 1.4.2_02 from 1.3.1.
    We have 2 customs implementations of UserManager that worked in the earlier version and, after the upgrade, it became unstable. Each UserManager uses a connection to a database provided by a DataSource, which is retrieved by a JNDI lookup. This lookup throws a NameNotFoundException after some time of execution. A container restart solves the problem, but it appears again later.
    What´s happening?
    Jose Antonio.

    Hi
    Recently we decided to upgrade our Oracle9iAS to 9.0.3 from 9.0.2 and its JVM to 1.4.2_02 from 1.3.1.
    We have 2 customs implementations of UserManager that worked in the earlier version and, after the upgrade, it became unstable. Each UserManager uses a connection to a database provided by a DataSource, which is retrieved by a JNDI lookup. This lookup throws a NameNotFoundException after some time of execution. A container restart solves the problem, but it appears again later.
    What´s happening?
    Jose Antonio.

  • Problem with embedded data-sources.xml and custom UserManager

    Hi all,
    Our application uses a custom UserManager, which is basically extended from the JDBC UserManager, declared as follows in orion-application.xml:
         <user-manager class="com.infocorpnow.a2g.security.oracle.A2GUserManager">
              <property name="table" value="pos.users" />
              <property name="userNameField" value="username" />
              <property name="passwordFiled" value="password" />
              <property name="dataSource" value="jdbc/A2GDS" />
              <property name="groupMemberShipTableName" value="pos.user_roles" />
              <property name="groupMemberShipGroupFieldName" value="role_name" />
              <property name="groupMemberShipUserNameFieldName" value="login_id" />
         </user-manager>
    Since we want to be able to deploy the application several times on the application server, and therefore have each deployment of the ear point to its own datasource (i.e. its own local "A2GDS"), we've found out how to embed data-sources.xml inside the EAR file we're deploying, and modify the orion-application.xml as follows:
         <data-sources path="./data-sources.xml" />
    And then place data-sources.xml in the same meta-inf folder as the orion-application.xml.
    This has worked fine when deploying to the standalone OC4J.
    Now when I try to deploy the exact same EAR file in Oracle 9iAS, and I get to the User Manager screen, the Custom User Manager does not show up correctly. It did show up prior to me embedding the data-sources.xml. Please help? This is fairly urgent.
    Thanks
    Jason

    I should also mention I'm using the Java Edition of 9iAS R2 (9.0.3 container) on Solaris.

  • Import com.sapportals.portal.security.usermanagement.IUser;  is deprecated

    import com.sapportals.portal.security.usermanagement.IUser;  is deprecated
    Is there any alternative???

    Hi,
    could please tell me, what kind of jar-file I have to add to the project to use
    com.sapportals.portal.security.usermanagement.IUser ?
    Thank you in advance.
    Kind regards, Patrick.

Maybe you are looking for

  • Motion won't export just hangs

    I've been using Motion more recently and was wondering about a few things. When exporting I often get a hang during exporting an HD project using the Sequence settings (ProRes 444). Motion just sits at frame 1 and doesn't advance. I have to force qui

  • Import failed with canon 6d footage after latest update

    After I updated to Final Cut X 10.0.8, I've been getting "Import Failed" messages during the import process when taking in footage from my Canon 6D The import process also seems to be going very slow (slower than usual) I've tried duplicating the SD

  • Location of Service Manager notification template guid in database

    Hopefully this is a quick question. Looking at the XML for a subscription definition. Specifically, I can see that the Template is specified via a guid, and presumably, this guid is stored in the Service Manager database somewhere. Does anyone know w

  • Process.getRuntime problem

    Hi, I have a written a command line program (GeneratePDF) which generates PDF. I am calling this program from another Java Bean (ViewPDF) in my JSP application to generate PDF. To do so, I called the program as below. String commandJava = "java -Xms2

  • Cannot use Premiere Pro CS6 - Crash on open

    I got crash when any project open beforethe window of the project opens, also with new project. Premiere create the project and then when try to open the windows it crash. I got irreversible error. I have a new iMac 27 i7 with fusion drive. never use