UserManager in 10.1.3...
I've read that the custom UserManager is deprecated in OC4J 10.1.3 and that a custom LoginModule is the preferred choice now. I am just getting my feet wet with JAAS and had a couple of questions:
I wrote a custom user manager for OC4J 10.1.2 to take advantage of proxy authentication in Oracle. All was working well and I was happy with it. Now, I have written a custom login module to mimic my original user manager. In my testing environment, the only way I could get my custom login module to be called was to add the user's name to jazn-data.xml (I am testing in 10.1.2 as I am having other issues migrating to 10.1.3). This was not a requirement for my custom user manager and is not a feasible option as we have over 100 users that change periodically. Also, the LDAP security provider is not an option due to management decisions.
Is there a way to tell the JAZNUserManager XML provider to "authorize" all users and let my custom login module authenticate the user? Or am I going to have to implement my own custom JAAS 1.0 compliant security provider?
Thank you,
Jason
Hi, Frank:
Thank you for your reply. You are right, the User and UserManager class are just deprecated in 10.1.3, not deleted. So we should be able to continue using it. At least it does not give out error when compiling or running.
I debugged into following line of source code in both 10.1.2 and 10.1.3 and found some difference which I think crirtical.
User user = eRequest.getApplication().getUserManager().getUser(username);
In 10.1.2, eRequest.getApplication().getUserManager() returns an object which is our customed UserManager type by implementing com.evermind.security.UserManager; and getUser() returns an object which is our customed User type by implementing com.evermind.security.User.
But in 10.1.3, eRequest.getApplication().getUserManager() returns object with type com.evermind.server.deployment.UserManagerConfig$Generic, and getUser() returns object with type oracle.security.jazn.oc4j.JAZNUserAdaptor.
What I am trying to do now is to recreate our customed User and customed UserManager class by implementing the 2 new types in 10.1.3. Will see if they will work.
Do you have any idea how should I deal with the change and make it work as 10.1.2?
Thank You!
Similar Messages
-
Bug in 10.1.2.0.0? Doesn't return UserManager properly
I've found this is a problem only with the standalone version of OC4J 10.1.2.0.0
I'm trying to lookup my custom user manager in my web application:
MyUserManager uManager = (MyUserManager) ctx.lookup("java:comp/UserManager");It only returns the JAZNUserManager each and every time.
Has the context changed or are further configuration changes required?
I'm declaring my user manager in META-INF/orion-application.xml in my ear archive - no different to normal.
AnthonyI've found this is a problem only with the standalone
version of OC4J 10.1.2.0.0You mean it works correctly in Oracle 10gAS?I have yet to test the main application server.
It only returns the JAZNUserManager each and every time.Pardon my ignorance, what are you expecting it to return?Well in previous revisions it has always returned the custom UserManager I have declared in my orion-application.xml.
In my orion-application.xml file I have:
<user-manager class="com.security.model.MyUserManager" display-name="MyUserManager">
<property name="jdbcDriver" value="com.mysql.jdbc.Driver" />
<property name="dbUrl" value="jdbc:mysql://localhost/mysql" />
<property name="dbUser" value="user" />
<property name="dbPass" value="user" />
</user-manager>If I modify the application.xml file and place my own Custom UserManager there it affects the whole server. In my case it should only affect the current application it is declared in.
I've already spent a week on this with metalink and we resolved that this is the way it should work.
Going back to revision 9.0.4.0.0 of the OC4J standalone this problem does not exist and I get the Custom User manager returned that was declared.
Even the standalone_guide.pdf in 10.1.2.0.0 still has the same reference that this should work - but it does not.
Anthony -
Custom UserManager and Enterprise Manager administration
Can Enterprise Manager be used to Add/Remove Users and Groups for a Customer UserManager? I remember reading somewhere that Add/Remove only worked for the XML-file based implementations. Now I can't find where I read that.
Not likely. That is the reason why they published the Apex 2.1 'database management' pages.
Express Edition doesn't support Java in the database. Enterprise Manager is based on Java. You CAN use Grid Control for some of the stuff, but it's incomplete. -
How to migrate from existing Database Usermanagement to Active Directory?
Hello experts,
we are running a portal with more than 2000 users. So far our user management is done by the portal´s own identity management with the database as data source.
However for many reasons instead of the database we would like to use an existing company´s Active Directory (=AD) as a data source for identity management. That means that we would like only to use the AD-users and AD-groups in the portal.
All users who are in the portal´s database now you can find also in the existing company´s Active Directory. Luckily the users have the same ID both in the database and in the AD.
We know that the migration form the database to AD is a big issue since many portal objects depend on the existing structures. However because the IDs of users are identical in both systems we hope to finde a way to "override" the existing usermanagement data with the AD data without loosing the existing settings (e.g. KM-Permissions, user profiles etc.).
Generally I am asking you if you have had already experience with changing the user management´s datasource of an already "living" portal (several 1000 users) to Active Directory User Managent.
What problems can occour?
Which modifications need to be done?
Which portal´s objects are affected by the migration?
Is a migration possible at all?
I will appreciate all suggestions, remarks, ideas.
Thanks in advance.
ThomasHello experts,
the current permissions in the KM-Objects are based on both groups and users from database.
Because it is not possible to modify the Group´s Display Name in the portal´s database we would also like to use LDAP-Groups in the portal: All users and groups in the portal shall be managed by Active Directory in future.
In the Active Directory it is possible to modify the Display Name of groups. This is a necessary feature because of reorganisations of departments in our company which occur from time to time.
Creating new groups with the new department names is not an option because one has to assign all department members to the new group again. Otherwise one need to asign the new group to the ACLs of all KM objects in question. This is a too big deal.
However, thank you for that hint Michael.
Any other experiences?
I will appreciate any ideas, foreseen problems.
Thomas -
We are testing the JAZN callInfo sample. I have OID version 3.0.1.0, and Oracle9iAS (9.0.3.0.0) Containers for J2EE. We setup the jazn to use LDAP.
When starting oc4j we get the following:
java -jar oc4j.jar Error instantiating application 'callerInfo' at file:/u01/app/oracle/products/9iAS/j2ee/home/jazn/demo/callerInfo/callerInfo.ear: Error initializing userManager 'oracle.security.jazn.oc4j.JAZNUserManager': java.lang.StringIndexOutOfBoundsException (String index out of range: 32)
Oracle9iAS (9.0.3.0.0) Containers for J2EE initialized
We see it this connect to ldap and get a reply. I feel the string back is larger than jazn is expecting.
We check the tcp traffic and see it connecting:
09:10:57.377851 buckwheat.jxn.wcom.com.389 > buckwheat.jxn.wcom.com.35082: P 15:2641(2626) ack 131 win 32767 <nop,nop,timestamp 26118724 26118721> (DF)
0x0000 4500 0a76 8468 4000 4006 6450 9f62 8482 E..v.h@[email protected]..
0x0010 9f62 8482 0185 890a 1594 0e68 15e8 7584 .b.........h..u.
0x0020 8018 7fff 37d6 0000 0101 080a 018e 8a44 ....7..........D
0x0030 018e 8a41 3082 0a3e 0201 0264 820a 3704 ...A0..>...d..7.
0x0040 1063 6e3d 4f72 6163 6c65 436f 6e74 6578 .cn=OracleContex
0x0050 7430 820a 2130 1504 0263 6e31 0f04 0d4f t0..!0...cn1...O
0x0060 7261 636c 6543 6f6e 7465 7874 3044 040b racleContext0D..
0x0070 6f62 6a65 6374 636c 6173 7331 3504 0374 objectclass15..t
0x0080 6f70 040b 6f72 636c 436f 6e74 6578 7404 op..orclContext.
0x0090 106f 7263 6c43 6f6e 7465 7874 4175 7838 .orclContextAux8
0x00a0 3204 0f6f 7263 6c52 6f6f 7443 6f6e 7465 2..orclRootConte
0x00b0 7874 3016 040b 6f72 636c 7665 7273 696f xt0...orclversio
0x00c0 6e31 0704 0539 3030 3030 3081 9104 116f n1...900000....o
0x00d0 7263 6c65 6e74 7279 6c65 7665 6c61 6369 rclentrylevelaci
0x00e0 317c 047a 6163 6365 7373 2074 6f20 656e 1|.zaccess.to.en
0x00f0 7472 7920 6279 2067 726f 7570 3d22 636e try.by.group="cn
0x0100 3d4f 7261 636c 654e 6574 4164 6d69 6e73 =OracleNetAdmins
0x0110 2c63 6e3d 4f72 6163 6c65 436f 6e74 6578 ,cn=OracleContex
0x0120 7422 2028 6164 6429 2062 7920 6772 6f75 t".(add).by.grou
0x0130 703d 2263 6e3d 4f72 6163 6c65 4442 4372 p="cn=OracleDBCr
0x0140 6561 746f 7273 2c63 6e3d 4f72 6163 6c65 eators,cn=Oracle
0x0150 436f 6e74 6578 7422 2028 6164 6429 3082 Context".(add)0.
0x0160 0914 0407 6f72 636c 6163 6931 8209 0704 ....orclaci1....
0x0170 7d61 6363 6573 7320 746f 2065 6e74 7279 }access.to.entry
0x0180 2062 7920 6772 6f75 703d 2263 6e3d 4f72 .by.group="cn=Or
0x0190 6163 6c65 436f 6e74 6578 7441 646d 696e acleContextAdmin
0x01a0 732c 636e 3d47 726f 7570 732c 636e 3d4f s,cn=Groups,cn=O
0x01b0 7261 636c 6543 6f6e 7465 7874 2220 2862 racleContext".(b
0x01c0 726f 7773 652c 6164 642c 6465 6c65 7465 rowse,add,delete
0x01d0 2920 6279 202a 2028 6272 6f77 7365 2c6e ).by.*.(browse,n
0x01e0 6f61 6464 2c6e 6f64 656c 6574 6529 0481 oadd,nodelete)..
0x01f0 a461 6363 6573 7320 746f 2061 7474 723d .access.to.attr=
0x0200 282a 2920 6279 2067 726f 7570 3d22 636e (*).by.group="cn
0x0210 3d4f 7261 636c 6543 6f6e 7465 7874 4164 =OracleContextAd
0x0220 6d69 6e73 2c63 6e3d 4772 6f75 7073 2c63 mins,cn=Groups,c
0x0230 6e3d 4f72 6163 6c65 436f 6e74 6578 7422 n=OracleContext"
0x0240 2028 7265 6164 2c73 6561 7263 682c 7772 .(read,search,wr
0x0250 6974 652c 7365 6c66 7772 6974 652c 636f ite,selfwrite,co
0x0260 6d70 6172 6529 2062 7920 2a20 2872 6561 mpare).by.*.(rea
0x0270 642c 7365 6172 6368 2c6e 6f77 7269 7465 d,search,nowrite
0x0280 2c6e 6f73 656c 6677 7269 7465 2c63 6f6d ,noselfwrite,com
0x0290 7061 7265 2904 81dd 6163 6365 7373 2074 pare)...access.t
0x02a0 6f20 656e 7472 7920 6669 6c74 6572 3d28 o.entry.filter=(
0x02b0 6f62 6a65 6374 636c 6173 733d 6f72 636c objectclass=orcl
0x02c0 4e65 7453 6572 7669 6365 2920 6279 2067 NetService).by.g
0x02d0 726f 7570 3d22 636e 3d4f 7261 636c 6544 roup="cn=OracleD
0x02e0 4253 6563 7572 6974 7941 646d 696e 732c BSecurityAdmins,
0x02f0 636e 3d4f 7261 636c 6543 6f6e 7465 7874 cn=OracleContext
0x0300 2220 2862 726f 7773 652c 6164 642c 6465 ".(browse,add,de
0x0310 6c65 7465 2920 6279 2067 726f 7570 3d22 lete).by.group="
0x0320 636e 3d4f 7261 636c 654e 6574 4164 6d69 cn=OracleNetAdmi
0x0330 6e73 2c63 6e3d 4f72 6163 6c65 436f 6e74 ns,cn=OracleCont
0x0340 6578 7422 2028 6272 6f77 7365 2c61 6464 ext".(browse,add
0x0350 2c64 656c 6574 6529 2062 7920 2a20 2862 ,delete).by.*.(b
0x0360 726f 7773 652c 6e6f 6164 642c 6e6f 6465 rowse,noadd,node
0x0370 6c65 7465 2904 81ec 6163 6365 7373 2074 lete)...access.t
0x0380 6f20 656e 7472 7920 6669 6c74 6572 3d28 o.entry.filter=(
0x0390 6f62 6a65 6374 636c 6173 733d 6f72 636c objectclass=orcl
0x03a0 4e65 7444 6573 6372 6970 7469 6f6e 4c69 NetDescriptionLi
0x03b0 7374 2920 6279 2067 726f 7570 3d22 636e st).by.group="cn
0x03c0 3d4f 7261 636c 6543 6f6e 7465 7874 4164 =OracleContextAd
0x03d0 6d69 6e73 2c63 6e3d 4772 6f75 7073 2c63 mins,cn=Groups,c
0x03e0 6e3d 4f72 6163 6c65 436f 6e74 6578 7422 n=OracleContext"
0x03f0 2028 6272 6f77 7365 2c61 6464 2c64 656c .(browse,add,del
0x0400 6574 6529 2062 7920 6772 6f75 703d 2263 ete).by.group="c
0x0410 6e3d 4f72 6163 6c65 4e65 7441 646d 696e n=OracleNetAdmin
0x0420 732c 636e 3d4f 7261 636c 6543 6f6e 7465 s,cn=OracleConte
0x0430 7874 2220 2862 726f 7773 652c 6164 642c xt".(browse,add,
0x0440 6465 6c65 7465 2920 6279 202a 2028 6272 delete).by.*.(br
0x0450 6f77 7365 2c6e 6f61 6464 2c6e 6f64 656c owse,noadd,nodel
0x0460 6574 6529 0481 e861 6363 6573 7320 746f ete)...access.to
0x0470 2065 6e74 7279 2066 696c 7465 723d 286f .entry.filter=(o
0x0480 626a 6563 7463 6c61 7373 3d6f 7263 6c4e bjectclass=orclN
0x0490 6574 4465 7363 7269 7074 696f 6e29 2062 etDescription).b
0x04a0 7920 6772 6f75 703d 2263 6e3d 4f72 6163 y.group="cn=Orac
0x04b0 6c65 436f 6e74 6578 7441 646d 696e 732c leContextAdmins,
0x04c0 636e 3d47 726f 7570 732c 636e 3d4f 7261 cn=Groups,cn=Ora
0x04d0 636c 6543 6f6e 7465 7874 2220 2862 726f cleContext".(bro
0x04e0 7773 652c 6164 642c 6465 6c65 7465 2920 wse,add,delete).
0x04f0 6279 2067 726f 7570 3d22 636e 3d4f 7261 by.group="cn=Ora
0x0500 636c 654e 6574 4164 6d69 6e73 2c63 6e3d cleNetAdmins,cn=
0x0510 4f72 6163 6c65 436f 6e74 6578 7422 2028 OracleContext".(
0x0520 6272 6f77 7365 2c61 6464 2c64 656c 6574 browse,add,delet
0x0530 6529 2062 7920 2a20 2862 726f 7773 652c e).by.*.(browse,
0x0540 6e6f 6164 642c 6e6f 6465 6c65 7465 2904 noadd,nodelete).
0x0550 81e8 6163 6365 7373 2074 6f20 656e 7472 ..access.to.entr
0x0560 7920 6669 6c74 6572 3d28 6f62 6a65 6374 y.filter=(object
0x0570 636c 6173 733d 6f72 636c 4e65 7441 6464 class=orclNetAdd
0x0580 7265 7373 4c69 7374 2920 6279 2067 726f ressList).by.gro
0x0590 7570 3d22 636e 3d4f 7261 636c 6543 6f6e up="cn=OracleCon
0x05a0 7465 7874 4164 6d69 6e73 2c63 6e3d 4772 textAdmins,cn=Gr
0x05b0 6f75 7073 2c63 6e3d 4f72 6163 6c65 436f oups,cn=OracleCo
0x05c0 6e74 6578 7422 2028 6272 6f77 7365 2c61 ntext".(browse,a
0x05d0 6464 2c64 656c 6574 6529 2062 7920 6772 dd,delete).by.gr
0x05e0 6f75 703d 2263 6e3d 4f72 6163 6c65 4e65 oup="cn=OracleNe
0x05f0 7441 646d 696e 732c 636e 3d4f 7261 636c tAdmins,cn=Oracl
0x0600 6543 6f6e 7465 7874 2220 2862 726f 7773 eContext".(brows
0x0610 652c 6164 642c 6465 6c65 7465 2920 6279 e,add,delete).by
0x0620 202a 2028 6272 6f77 7365 2c6e 6f61 6464 .*.(browse,noadd
0x0630 2c6e 6f64 656c 6574 6529 0481 e461 6363 ,nodelete)...acc
0x0640 6573 7320 746f 2065 6e74 7279 2066 696c ess.to.entry.fil
0x0650 7465 723d 286f 626a 6563 7463 6c61 7373 ter=(objectclass
0x0660 3d6f 7263 6c4e 6574 4164 6472 6573 7329 =orclNetAddress)
0x0670 2062 7920 6772 6f75 703d 2263 6e3d 4f72 .by.group="cn=Or
0x0680 6163 6c65 436f 6e74 6578 7441 646d 696e acleContextAdmin
0x0690 732c 636e 3d47 726f 7570 732c 636e 3d4f s,cn=Groups,cn=O
0x06a0 7261 636c 6543 6f6e 7465 7874 2220 2862 racleContext".(b
0x06b0 726f 7773 652c 6164 642c 6465 6c65 7465 rowse,add,delete
0x06c0 2920 6279 2067 726f 7570 3d22 636e 3d4f ).by.group="cn=O
0x06d0 7261 636c 654e 6574 4164 6d69 6e73 2c63 racleNetAdmins,c
0x06e0 6e3d 4f72 6163 6c65 436f 6e74 6578 7422 n=OracleContext"
0x06f0 2028 6272 6f77 7365 2c61 6464 2c64 656c .(browse,add,del
0x0700 6574 6529 2062 7920 2a20 2862 726f 7773 ete).by.*.(brows
0x0710 652c 6e6f 6164 642c 6e6f 6465 6c65 7465 e,noadd,nodelete
0x0720 2904 8201 1461 6363 6573 7320 746f 2061 )....access.to.a
0x0730 7474 723d 282a 2920 2066 696c 7465 723d ttr=(*)..filter=
0x0740 286f 626a 6563 7463 6c61 7373 3d6f 7263 (objectclass=orc
0x0750 6c4e 6574 5365 7276 6963 6529 2062 7920 lNetService).by.
0x0760 6772 6f75 703d 2263 6e3d 4f72 6163 6c65 group="cn=Oracle
0x0770 436f 6e74 6578 7441 646d 696e 732c 636e ContextAdmins,cn
0x0780 3d47 726f 7570 732c 636e 3d4f 7261 636c =Groups,cn=Oracl
0x0790 6543 6f6e 7465 7874 2220 2872 6561 642c eContext".(read,
0x07a0 7365 6172 6368 2c77 7269 7465 2c73 656c search,write,sel
0x07b0 6677 7269 7465 2c63 6f6d 7061 7265 2920 fwrite,compare).
0x07c0 6279 2067 726f 7570 3d22 636e 3d4f 7261 by.group="cn=Ora
0x07d0 636c 654e 6574 4164 6d69 6e73 2c63 6e3d cleNetAdmins,cn=
0x07e0 4f72 6163 6c65 436f 6e74 6578 7422 2028 OracleContext".(
0x07f0 636f 6d70 6172 652c 7365 6172 6368 2c72 compare,search,r
0x0800 6561 642c 7772 6974 6529 2062 7920 2a20 ead,write).by.*.
0x0810 2872 6561 642c 7365 6172 6368 2c63 6f6d (read,search,com
0x0820 7061 7265 2c6e 6f77 7269 7465 2c6e 6f73 pare,nowrite,nos
0x0830 656c 6677 7269 7465 2904 8201 1c61 6363 elfwrite)....acc
0x0840 6573 7320 746f 2061 7474 723d 282a 2920 ess.to.attr=(*).
0x0850 2066 696c 7465 723d 286f 626a 6563 7463 .filter=(objectc
0x0860 6c61 7373 3d6f 7263 6c4e 6574 4465 7363 lass=orclNetDesc
0x0870 7269 7074 696f 6e4c 6973 7429 2062 7920 riptionList).by.
0x0880 6772 6f75 703d 2263 6e3d 4f72 6163 6c65 group="cn=Oracle
0x0890 436f 6e74 6578 7441 646d 696e 732c 636e ContextAdmins,cn
0x08a0 3d47 726f 7570 732c 636e 3d4f 7261 636c =Groups,cn=Oracl
0x08b0 6543 6f6e 7465 7874 2220 2872 6561 642c eContext".(read,
0x08c0 7365 6172 6368 2c77 7269 7465 2c73 656c search,write,sel
0x08d0 6677 7269 7465 2c63 6f6d 7061 7265 2920 fwrite,compare).
0x08e0 6279 2067 726f 7570 3d22 636e 3d4f 7261 by.group="cn=Ora
0x08f0 636c 654e 6574 4164 6d69 6e73 2c63 6e3d cleNetAdmins,cn=
0x0900 4f72 6163 6c65 436f 6e74 6578 7422 2028 OracleContext".(
0x0910 636f 6d70 6172 652c 7365 6172 6368 2c72 compare,search,r
0x0920 6561 642c 7772 6974 6529 2062 7920 2a20 ead,write).by.*.
0x0930 2872 6561 642c 7365 6172 6368 2c63 6f6d (read,search,com
0x0940 7061 7265 2c6e 6f77 7269 7465 2c6e 6f73 pare,nowrite,nos
0x0950 656c 6677 7269 7465 2904 8201 1961 6363 elfwrite)....acc
0x0960 6573 7320 746f 2061 7474 723d 282a 2920 ess.to.attr=(*).
0x0970 2066 696c 7465 723d 286f 626a 6563 7463 .filter=(objectc
0x0980 6c61 7373 3d6f 7263 6c4e 6574 4465 7363 lass=orclNetDesc
0x0990 7269 7074 696f 6e29 2062 7920 6772 6f75 ription).by.grou
0x09a0 703d 2263 6e3d 4f72 6163 6c65 436f 6e74 p="cn=OracleCont
0x09b0 6578 7441 646d 696e 732c 636e 3d47 726f extAdmins,cn=Gro
0x09c0 7570 732c 636e 3d4f 7261 636c 6543 6f6e ups,cn=OracleCon
0x09d0 7465 7874 2220 2872 6561 642c 7365 6172 text".(read,sear
0x09e0 6368 2c77 7269 7465 2c73 656c 6677 7269 ch,write,selfwri
0x09f0 7465 2c63 6f6d 7061 7265 2920 6279 2067 te,compare).by.g
0x0a00 726f 7570 3d22 636e 3d4f 7261 636c 654e roup="cn=OracleN
0x0a10 6574 4164 6d69 6e73 2c63 6e3d 4f72 6163 etAdmins,cn=Orac
0x0a20 6c65 436f 6e74 6578 7422 2028 636f 6d70 leContext".(comp
0x0a30 6172 652c 7365 6172 6368 2c72 6561 642c are,search,read,
0x0a40 7772 6974 6529 2020 6279 202a 2028 7265 write)..by.*.(re
0x0a50 6164 2c73 6561 7263 682c 636f 6d70 6172 ad,search,compar
0x0a60 652c 6e6f 7772 6974 652c 6e6f 7365 6c66 e,nowrite,noself
0x0a70 7772 6974 6529 write)
JAZN is setup as following
java -jar jazn.jar -getconfig
<jazn provider="LDAP" location="ldap://buckwheat:389" default-realm="sample_subrealm" />
oracle@buckwheat:/u01/app/oracle/products/9iAS/j2ee/home> java -jar jazn.jar -getconfig sample_subrealm
<jazn provider="LDAP" location="ldap://buckwheat:389" default-realm="sample_subrealm" />
<OC4J_HOME>/config/jazn.xml
<?xml version="1.0" encoding="UTF-8" standalone='yes'?>
<!--
<!DOCTYPE jazn PUBLIC "JAZN Config" "http://xmlns.oracle.com/ias/dtds/jazn.dtd">
<jazn provider="XML" location="./jazn-data.xml" />
-->
<jazn provider="LDAP"
default-realm="sample_subrealm"
location="ldap://buckwheat:389" />
<OC4J_HOME>/j2ee/home/jazn/demo/callerInfo/etc/orion-application.xml
<?xml version="1.0"?>
<!DOCTYPE orion-application PUBLIC "-//Evermind//DTD J2EE Application runtime 1.2//EN" "http://xmlns.oracle.com/ias/dtds/orion-application.dtd">
<orion-application deployment-version="1.0.2.2" default-data-source="jdbc/OracleDS">
<web-module id="callerInfo-web" path="callerInfo-web.war" />
<persistence path="persistence" />
<!-- mapping for realm "jazn.com"
<security-role-mapping name="sr_manager">
<group name="administrators" />
</security-role-mapping>
<security-role-mapping name="sr_developer">
<group name="users" />
</security-role-mapping>
-->
<!-- mapping for realm "sample_subrealm" -->
<security-role-mapping name="sr_manager">
<group name="manager" />
</security-role-mapping>
<security-role-mapping name="sr_developer">
<group name="developer" />
</security-role-mapping>
<!-- h -->
<!-- use JAZN-XML by default
<jazn provider="XML" location="./jazn-data.xml" />
-->
<!-- use JAZN-LDAP instead -->
<jazn provider="LDAP" default-realm="sample_subrealm" location="ldap://buckwheat.jxn.wcom.com:389" />
<!-- -->
<log>
<file path="application.log" />
</log>
<namespace-access>
<read-access>
<namespace-resource root="">
<security-role-mapping name="<jndi-user-role>">
<group name="administrators" />
</security-role-mapping>
</namespace-resource>
</read-access>
<write-access>
<namespace-resource root="">
<security-role-mapping name="<jndi-user-role>">
<group name="administrators" />
</security-role-mapping>
</namespace-resource>
</write-access>
</namespace-access>
</orion-application>
<OC4J_HOME>/j2ee/home/jazn/demo/callerInfo/etc/web.xml
<?xml version="1.0"?>
<!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.2//EN" "http://java.sun.com/j2ee/dtds/web-app_2_2.dtd">
<web-app>
<display-name>JAZN Demo: CallerInfo</display-name>
<servlet>
<servlet-name>callerInfo</servlet-name>
<description>Servlet retrieves remote user info</description>
<servlet-class>oracle.security.jazn.samples.http.CallerInfo</servlet-class>
<!-- role name used in code -->
<security-role-ref>
<role-name>FOO</role-name>
<role-link>sr_manager</role-link>
</security-role-ref>
<security-role-ref>
<role-name>ar_manager</role-name>
<role-link>sr_manager</role-link>
</security-role-ref>
<security-role-ref>
<role-name>ar_developer</role-name>
<role-link>sr_developer</role-link>
</security-role-ref>
</servlet>
<servlet-mapping>
<servlet-name>callerInfo</servlet-name>
<url-pattern>/callerInfo/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>callerInfo</servlet-name>
<url-pattern>/callerInfoA</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>callerInfo</servlet-name>
<url-pattern>/callerInfoB</url-pattern>
</servlet-mapping>
<!-- security roles -->
<security-role>
<role-name>sr_manager</role-name>
</security-role>
<security-role>
<role-name>sr_developer</role-name>
</security-role>
<!-- security constraints -->
<security-constraint>
<web-resource-collection>
<web-resource-name>CallerInfoA</web-resource-name>
<url-pattern>/callerInfoA</url-pattern>
</web-resource-collection>
<!-- authorization -->
<auth-constraint>
<role-name>sr_developer</role-name>
</auth-constraint>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>CallerInfoB</web-resource-name>
<url-pattern>/callerInfoB</url-pattern>
</web-resource-collection>
<!-- authorization -->
<auth-constraint>
<role-name>sr_manager</role-name>
</auth-constraint>
</security-constraint>
<!-- authentication -->
<login-config>
<auth-method>BASIC</auth-method>
</login-config>
</web-app>OID 3.0.1.0 is the latest product release to public. I did add the Install data to allow it to work. I see the data in OID but when I connect with jazn I get error.
java -jar jazn.jar -shell
JAZN:> ls
realms policy
JAZN:> cd realms
JAZN:> ls
String index out of range: 32
JAZN:> cd ../policy
JAZN:> ls
JAZN:> exit
JAZN:>
It does not error on policy dirictory but it does on the realm side. If I watch the tcp packets it is working. -
I can't see any other place to report this, so I guess I'll do it here.
We've written a custom UserManager that works in Orion 1.5.2 and, of course, Oracle J2EE Containers 1.0.2.2 but it gets stuck in an infinite loop calling the following function.
protected boolean inGroup( String username, String groupname )
I've watched it in the debugger, and the function is appropriately returning true to indicate that the user is a member of the group. The application's principal.xml looks like this:
<principals>
<groups>
<group name="admin" />
</groups>
<users>
</users>
</principals>
The users list is taken care of by our custom UserManager, and this same principals.xml works great in older versions.
Any ideas?
TimTim -- You may want to use the products-> Application Server -> J2EE forum in the future for this type of questions.
As for your problem, I have not heard this before but I will see if I can make it fail or not.
Thanks -- Jeff -
9.0.4 custom UserManager (it worked in 9.0.3)
I have a UserManager that works with our app in 9.0.3. Am trying to migrate to 9.0.4 and the UserManager doesn't work.
Our UserManager extends com.evermind.security.AbstractUserManager and our User class extends com.evermind.security.User. When run, there are no errors or exceptions. Our UserManager returns our custom User object, the authenticate method is called on it by the container (we rewrote the authenticate method to simply return true), and then the request is forward to the form-error-page defined in web.xml.
Any ideas? We're desperate, the need to upgrade is being pushed from above...There was a bug in 9.0.4 that has been fixed in 9.0.4.1. Please apply the 9.0.4.1 patchset and see whether this is resolved
-Debu -
Hi,
does anybody know how to get IUser for the current user?
I know how to get current IUser from com.sap.security.api package:
IWDClientUser wdcu = WDClientUser.getCurrentUser();
IUser sapUser = wdcu.getSAPUser();
but I need to have IUser from com.sapportals.portal.security.usermanagement package.
Regards,
LadislavLadislav,
Try this:
Get the IUser uisng the API com.sap.security.api.IUser and store it in a variable, say <i>sapUser</i>.
Then,
// Convert the logged in user to old EP5 usermanagement API
com.sapportals.portal.security.usermanagement.IUser user = null;
try
com.sapportals.portal.security.usermanagement.IUser user = WPUMFactory.getUserFactory().getEP5User(sapUser);
catch (UserManagementException e)
e.printStackTrace();
Bala -
How to access to Custom UserManager
Hi,
How to access to my own UserManager from an EJB ? with lookup ?
I have got own custom UserManager, and I access it with a lookup from an EJB (UserManagerEJB) in the same application, but I get the next error :
OrionUserManagerEJB javax.naming.NameNotFoundException: ejb/UserManager not found in Orion
UserManagerEJB
This same code works fine in OC4J 9.0.3 but not works in OC4J 10.0.3, please help me !Hi,
I visited all webs and I readed all articles referents to UserManager but I don't found the solution.
I use the nex code to lookup my UserManager :
Context ctx=new InitialContext();
UserManager um=(UserManager)ctx.lookup("java:comp/UserManager");
And I user the next factory :
com.evermind.server.ApplicationInitialContextFactory
I tried with com.evermind.server.rmi.RMIInitialContextFactory too, but not works it.
I don't understand the problem ! why the same code works fine in OC4J 9.0.3 and not works in OC4J 10.0.3 ? Any response ? -
Azure Mobile Services and ASP Identity - Exception when using UserManager
I've reviewed
this post in the AMS forum and it doesn't really answer the question. I already know how to integrate authentication, but Identity implements a lot of boilerplate user management code that I don't want to have to reproduce. My question is: Is it possible
to use Asp Identity framework with Azure Mobile Services? Since AMS Back End has Microsoft ASP.NET Identity Core/Owin as dependencies, I would think that the answer is yes, that they are compatible?
I have been progressing as if it were possible, but yet, now when I go to try to use the Identity UserManager, I am getting the exception stated in
this asp.net identity bug. Are there references in Azure Mobile Services Back End to previous versions of Microsoft.AspNet.Identity that would result in mismatched assembly versions?
I have tried uninstalling and reinstalling Asp.Net Identity, even to the pre-release of 2.2.0, but I am still getting the exception that it couldn't load the CultureAwaiter. I have asked in that post if the bug has been fixed, but from the scant evidence of
the posts and lack of responses, I would think that the bug has been fixed.
ibGibThe bug referenced in the original post shows that the required version is 2.1. I found that when I published to Azure, even though I had the correct (2.1) versions of the NuGet packages installed, the loaded dlls were not the correct versions. I do not
know if this is an Azure problem or an Azure Mobile Services problem.
I came to this conclusion by looking at the loaded Identity dlls in a new, up-to-date mvc app, and then looking at the same loaded dlls while debugging in Azure. The Azure dlls are older versions than the up-to-date MVC app versions. I figure that somewhere
along the lines, Azure Mobile Services is loading the incorrect version of the Identity dlls, even though I have the correct versions installed via NuGet. Maybe there is another explanation.
But regardless, I should be able to use the up-to-date versions of Identity in order to address bugs in the Identity framework. It would be nice if an AMS person would clarify about the dll versioning. I did come across
this SO comment by someone who seems to be an AMS guru, but it doesn't seem to make sense. It does, however, seem to corroborate my and BinLaw's observed behavior of the backend dlls.
ibGib -
Dependencies for usermanagement in KM application
Hi,
I created a km portal application which uses the apis from the package com.sapportals.portal.security.usermanagement. Using the jarclass finder, I was able to find these jars/add them to the classpath/build and finally deploy.
However, when I convert this application to a DC, I get errrors on building the DC:
package com.sapportals.portal.security.usermanagement does not exist
[javac] ERROR: import com.sapportals.portal.security.usermanagement.IUser;
[javac] ERROR: ^
[javac] ERROR: import com.sapportals.portal.security.usermanagement.UserManagementException;
[javac] ERROR: ^
I've already added SC dependencies for KM-BC, KM-CM, JTECHS, J2EE, BUILDT, etc..
Under used DCs, I was able to add used dependency on DC tckmfrwk. However, I can't find the corresponding DC for 'com.sapportals.portal.security.usermanagement'..
Can anyone point me to the right SC/DC to include for the above? Thanks.
~PrachiHi Prachi,
when you use Development Components, then you have to add the required library as "Used DC" to our project. The libraries will be added automatically to your build path.
Try also to include the following SCs:
- SAP_JTECHS -> epbc.prtapi._api
- EP_BUILDT -> com.sap.security.api
Otherwise you have to include the required libraries as External Library.
Refer to this blog, it gives you an explanation of how to add an External Library DC.
[Using KM API in Web Dynpro Application using Development Components|https://www.sdn.sap.com/irj/scn/weblogs?blog=/pub/wlg/11509]
Best regards,
Denis
Edited by: Denis Schrodt on Jan 27, 2009 1:43 PM -
[904] custom UserManager can't access JNDI?
Our app has a custom UserManager which works in 1.0.2.2. In the init method, our user manager is trying to lookup a datasource (defined in the global data-sources.xml) whose name has been passed as a property in application.xml file.
While trying to perform the jndi lookup for the datasource in 9.0.4, we are getting the following error:
javax.naming.NamingException: Not in an application scope - start Orion with the -userThreads switch if using user-created threads
I've tried -userThreads option but makes no difference.
What do I need to configure to make this work?
TIA,
- nik.Me again!
So I found that I can't do jndi lookup (NamingException) for the datasource as mentioned, in the init method.
However, the very same jndi lookup was successful in the overridden authenticate method, called by oc4j when trying to authenticate the user.
Go figure!
TIA,
- nik. -
OC4J, JNDI lookup and UserManager
Hi
Recently we decided to upgrade our Oracle9iAS to 9.0.3 from 9.0.2 and its JVM to 1.4.2_02 from 1.3.1.
We have 2 customs implementations of UserManager that worked in the earlier version and, after the upgrade, it became unstable. Each UserManager uses a connection to a database provided by a DataSource, which is retrieved by a JNDI lookup. This lookup throws a NameNotFoundException after some time of execution. A container restart solves the problem, but it appears again later.
What´s happening?
Jose Antonio.Hi
Recently we decided to upgrade our Oracle9iAS to 9.0.3 from 9.0.2 and its JVM to 1.4.2_02 from 1.3.1.
We have 2 customs implementations of UserManager that worked in the earlier version and, after the upgrade, it became unstable. Each UserManager uses a connection to a database provided by a DataSource, which is retrieved by a JNDI lookup. This lookup throws a NameNotFoundException after some time of execution. A container restart solves the problem, but it appears again later.
What´s happening?
Jose Antonio. -
Problem with embedded data-sources.xml and custom UserManager
Hi all,
Our application uses a custom UserManager, which is basically extended from the JDBC UserManager, declared as follows in orion-application.xml:
<user-manager class="com.infocorpnow.a2g.security.oracle.A2GUserManager">
<property name="table" value="pos.users" />
<property name="userNameField" value="username" />
<property name="passwordFiled" value="password" />
<property name="dataSource" value="jdbc/A2GDS" />
<property name="groupMemberShipTableName" value="pos.user_roles" />
<property name="groupMemberShipGroupFieldName" value="role_name" />
<property name="groupMemberShipUserNameFieldName" value="login_id" />
</user-manager>
Since we want to be able to deploy the application several times on the application server, and therefore have each deployment of the ear point to its own datasource (i.e. its own local "A2GDS"), we've found out how to embed data-sources.xml inside the EAR file we're deploying, and modify the orion-application.xml as follows:
<data-sources path="./data-sources.xml" />
And then place data-sources.xml in the same meta-inf folder as the orion-application.xml.
This has worked fine when deploying to the standalone OC4J.
Now when I try to deploy the exact same EAR file in Oracle 9iAS, and I get to the User Manager screen, the Custom User Manager does not show up correctly. It did show up prior to me embedding the data-sources.xml. Please help? This is fairly urgent.
Thanks
JasonI should also mention I'm using the Java Edition of 9iAS R2 (9.0.3 container) on Solaris.
-
import com.sapportals.portal.security.usermanagement.IUser; is deprecated
Is there any alternative???Hi,
could please tell me, what kind of jar-file I have to add to the project to use
com.sapportals.portal.security.usermanagement.IUser ?
Thank you in advance.
Kind regards, Patrick.
Maybe you are looking for
-
Motion won't export just hangs
I've been using Motion more recently and was wondering about a few things. When exporting I often get a hang during exporting an HD project using the Sequence settings (ProRes 444). Motion just sits at frame 1 and doesn't advance. I have to force qui
-
Import failed with canon 6d footage after latest update
After I updated to Final Cut X 10.0.8, I've been getting "Import Failed" messages during the import process when taking in footage from my Canon 6D The import process also seems to be going very slow (slower than usual) I've tried duplicating the SD
-
Location of Service Manager notification template guid in database
Hopefully this is a quick question. Looking at the XML for a subscription definition. Specifically, I can see that the Template is specified via a guid, and presumably, this guid is stored in the Service Manager database somewhere. Does anyone know w
-
Process.getRuntime problem
Hi, I have a written a command line program (GeneratePDF) which generates PDF. I am calling this program from another Java Bean (ViewPDF) in my JSP application to generate PDF. To do so, I called the program as below. String commandJava = "java -Xms2
-
Cannot use Premiere Pro CS6 - Crash on open
I got crash when any project open beforethe window of the project opens, also with new project. Premiere create the project and then when try to open the windows it crash. I got irreversible error. I have a new iMac 27 i7 with fusion drive. never use