Using Identity Assetor, desciptor in Web.xml
The auth method useed is CLIENT_CERT to initiate the Identity assertor. Can you initiate the Identity Assertor with other type of auth's like FORM. I am creating a web application where I woul like for it to fall back on FORM if the Identity Assertor fails. How can I do that?
Thanks,
Varun
Try these:
Servlet servlet = bajaContext.getService(Servlet.class, null);
ServletConfig config = bajaContext.getService(ServletConfig.class, null);
Similar Messages
-
hello
can anybody explain about , when we need <jsp-file> in web.xml
and why we use this tag in place of <url-pattern>?If you want to declare a JSP in your web.xml file you use the jsp-file tag instead of the servlet-class tag. Normally there is no need to declare a JSP in the web.xml file unless you want to use init-params.
Usually people can access a JSP directly wether it is declared in the web.xml or not. So it is not that the jsp-file tag replaces the url-pattern tag so much as the url-pattern tag is not needed for a JSP. However notthing prevents you from declaring the JSP in the web.xml and then mapping the JSP to a different url that doesn't end in '.jsp'. -
Using Identity Management for Securing Web Services
My goal is to associate my services with an Oracle Internet Directory. I made some attempts to set up SAML authentication for the web services, but it didn't have the right outcome.
(My identity management server and OID is up and running and I have successfully made authentication modules for other web applications)
Here is what I did:
1. I wrote a simple java file, used jdeveloper tools to create and deploy it as a web service to OC4J. I associated an identity management server with this service through OC4J web tools as security provider.
2. I made a data control for the web service and put it in an ADF application . (client)
3. I deployed the client project(2) to OC4J.
I could use the web service through the page.
Then
I secured the webservice to expect SAML for authentication.
Surprisingly, the client could still communicate with the webservice, Why? Shouldn't it have rejected the request because of the problem in SAML token? (The proxy and the data control were not secured, and didn't provide any SAML tokens)
4.
I added login page to my client project (through ADF security wizard). It used idenity management for authentication successfully. login process completes and web service data control is displayed.
5. I want the authentication information to be propagated through the page so that the web service receives the data and uses Identity Management.
I know I should add <property name="oracle.security.wss.propagate.identity" value ="true"/>
to one of the configuration files, but don't know where exactly.
Best Regards,
FarbodIt doesnt matter whether the service is invoked as part of your larger process or not, if it is performing any business critical operation then it should be secured.
The idea of SOA / designing services is to have the services available so that it can be orchestrated as part of any other business process.
Today you may have secured your parent services and tomorrow you could come up with a new service which may use one of the existing lower level services.
If all the services are in one Application server you can make the configuration/development environment lot easier by securing them using the Gateway.
Typical probelm with any gateway architecture is that the service is available without any security enforcement when accessed directly.
You can enforce rules at your network layer to allow access to the App server only from Gateway.
When you have the liberty to use OWSM or any other WS-Security products, i would stay away from any extensions. Two things to consider
The next BPEL developer in your project may not be aware of Security extensions
Centralizing Security enforcement will make your development and security operations as loosely coupled and addresses scalability.
Thanks
Ram -
Using Servlet Parameters defined in web.xml
Hi all,
would like to use some of the properties of the UIX-Servlet within my UIX application (they may be configured in web.xml).
But how to get to the Servlet? Typically, one just gets a BajaContext which does not provide access to the servlet itself....
any ideas?
Thanx, Ernst.Try these:
Servlet servlet = bajaContext.getService(Servlet.class, null);
ServletConfig config = bajaContext.getService(ServletConfig.class, null); -
Alternate deployment descriptor for an exploded war (web.xml/weblogic.xml)
Hi.
I believe this is a simple question: Am i able to deploy an exploded war directory using an alternate deployment descriptor (web.xml outside the directory structure of my application)? According to the docs, I can do it for an ear, but I'm not sure if it can be done for an war.
http://download.oracle.com/docs/cd/E13222_01/wls/docs81b/deployment/concepts.html#1001945
http://download.oracle.com/docs/cd/E13222_01/wls/docs81/config_xml/Application.html#AltDescriptorPath
Thanks in advance.
Best regards,
Daniel.Or should i use a deployment plan?
http://download.oracle.com/docs/cd/E13222_01/wls/docs103/deployment/config.html#wp1057141 -
How to configure ADF application to use OAM Identity Assertion ? web.xml
We have a web application developed using ADF (application development framework) and deployed on WebCenter 11.1.1.2 (weblogic 10.3.2)
OID Authentication and OAM identity assertion is configured in WebLogic 10.3.2 .
How to configure security in ADF application (web.xml or weblogic.xml) so that it uses OAM identity assertion (already configured as authentication providers in weblogic server)
Any pointers or documentation so that application (developed using ADF) check for identity tocken and verifies it with one of identity assertion providers.John,
I have to concur. With OAM you don't need this. OAM intercepts the calls and inserts a cookie for WLS to get user information from.
I strongly advise to go through the above mention OFM Security Guide. Esp. Chapter 10 tells you in every detail how to implement OAM SSO with WLS (with or without OHS as a proxy).
Reading this chapter saves you time and turnarounds on this topic...
--olaf -
Help! web.xml security without using WAR files
I'm currently using the RDBMSRealm and URL ACL security for my app. I would like to use the web.xml descriptor for security so that I can specify login pages and such. We currently are not using WAR files. I've been having alot of trouble setting this up. Is there a way to use the RDBMS realm along with the web.xml security? It looks like it should work, but I can't seem to get it to function. How do I specify the regular document root as a webapp? I'm currently running WLS 5.1 with SP4. Thanks.
The RDBMSRealm is just the authentication mechanism underneath WLS versus the
web.xml of the WebApplication which describes all the access control for that WebApp.
the later being scoped only to that WebApp.
you don't need to deploy in a war file, you can expand the archive into an identical
directory structure and then just point us towards the top level of that structure.
see: http://www.weblogic.com/docs51/classdocs/webappguide.html
.paul
chris wrote:
I'm currently using the RDBMSRealm and URL ACL security for my app. I would like to use the web.xml descriptor for security so that I can specify login pages and such. We currently are not using WAR files. I've been having alot of trouble setting this up. Is there a way to use the RDBMS realm along with the web.xml security? It looks like it should work, but I can't seem to get it to function. How do I specify the regular document root as a webapp? I'm currently running WLS 5.1 with SP4. Thanks. -
How can I get the context-parm from a web.xml file using struts?
Hello:
I need get the context-param from the web.xml file of my web project using struts. I want configurate the jdbc datasource connection pooling here. For example:
<context-param>
<param-name>datasource</param-name>
<param-value>jdbc/formacion</param-value>
<description>Jdbc datasource</description>
</context-param>
and then from any Action class get this parameter.
Similar using a simple server can be:
/** Initiates new XServlet */
public void init(ServletConfig config) throws ServletException {
for (Enumeration e = config.getInitParameterNames(); e.hasMoreElements();) {
System.out.println(e.nextElement());
super.init(config);
String str = config.getInitParameter("datasource");
System.out.println(str);
public void doPost(HttpServletRequest req, HttpServletResponse res)
throws ServletException, IOException {
// res.setContentType( );
System.out.println("Got post request in XServlet");
PrintWriter out = res.getWriter();
out.println("nada");
out.flush();
out.close();
but only this works for init-params, if I use
<servlet>
<servlet-name>MyServlet</servlet-name>
<display-name>MyServlet</display-name>
<servlet-class>myExamples.servlet.MyServlet</servlet-class>
<init-param>
<param-name>datasource</param-name>
<param-value>jdbc/formacion</param-value>
</init-param>
</servlet>
inside my web.xml. I need something similar, but using struts inside the action class for that I can get the context-params and call my database.
Thank youTo get context parameters from your web.xml file you can simply get the ActionServlet object from an implementing action object class. In the perform (or execute) method make the following call.
ServletContext context = getServlet().getServletContext();
String tempContextVar =
context.getInitParameter("<your context param >"); -
How to use dynamic file as welcome-file-list in web.xml
I have configured my web.xml file as this,
<web-app>
<context-param>
<param-name>javax.faces.DEFAULT_SUFFIX</param-name>
<param-value>.xhtml</param-value>
</context-param>
<servlet>
<servlet-name>Faces Servlet</servlet-name>
<servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>Faces Servlet</servlet-name>
<url-pattern>*.jsf</url-pattern>
</servlet-mapping>
<welcome-file-list>
<welcome-file>login.jsf</welcome-file>
</welcome-file-list>
</web-app>
and my login.xhtml file as this,
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"
xmlns:ui="http://java.sun.com/jsf/facelets"
xmlns:h="http://java.sun.com/jsf/html"
xmlns:c="http://java.sun.com/jstl/core"
xmlns:f="http://java.sun.com/jsf/core">
<body>
<f:view>
<h:form>
UserName:<h:inputText id="userName"
value="#{bean.userName}" rendered="true"
required="true"/>
Password:<h:inputText id="password"
value="#{bean.password}" rendered="true"
required="true"/>
<h:commandButton id="submit" value="Submit" action="#{bean.authenticate}" />
</h:form>
</f:view>
</body>
</html>
but when i deploy this using tomcat and try to put url as this,
http://localhost:8080/project
Its not identifying welcome file from web.xml
I am getting error like this,
The requested resource (/project/) is not available.
How to resolve this,
Thanks,
VinuthaThis might help:
http://forum.java.sun.com/thread.jspa?threadID=696586
As well, you might have to change the servlet-mapping in your web.xml. The url-pattern, I think, needs to be .xhtml. Your login.jsf file in the welcome list will need to be renamed to login.xhtml.
CowKing -
How to create a simple web.xml for using servlets
Hello i wanna configure the web.xml that i can use sevlets and beans, but how can i do that?
This is de directorie i have installed my webapp
C:\Tomcat 4.1\webapps\testapp
C:\Tomcat 4.1\webapps\test\WEB-INF\classes (in this dir, I wanna put my beans and servlets, I got one servlet and the name is LogIn.class).
And i wanna request my servlets with the url http://localhost:8080/testapp/servlet/LogIn
How can i create a very basic web.xml with working beans, servlets and session? It is for testing-use only, so the security is not important for me at this moment.
Tnxunder your web-inf
in your web.xml file you must map
the servlets
under the <web-app> tag type
<servlet>
<servlet-name>LogIn</servlet-name>
<servlet-class>com.LogIn</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>LogIn</servlet-name>
<url-pattern>/LogIn</url-pattern>
</servlet-mapping>ps: start using some IDE such as NetBeans or Ecclipse
since they will take care of mapping all servlets and Beans
and generate all the necessary files for your web-app -
Using security-constraint in web.xml; not recognizing url-pattern tag
I am creating a very simple jsp application within JDeveloper 10.1.3.1. I have 2 jsp files...a readData.jsp and a maintainData.jsp. I would like to deploy this application to Oracle Application Server 10.1.2.2. I would like to use Oracle Internet Directory with Single Sign on enabled. The deployment to OAS works fine. For the security, I would like an administrator user to get to both pages...and a user to only be able to see the readData.jsp. I used the security constraints on the properties of the web.xml file within JDeveloper. Here is my web.xml file:
<?xml version = '1.0' encoding = 'windows-1252'?>
<!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" "http://java.sun.com/dtd/web-app_2_3.dtd">
<web-app>
<description>Empty web.xml file for Web Application</description>
<session-config>
<session-timeout>35</session-timeout>
</session-config>
<mime-mapping>
<extension>html</extension>
<mime-type>text/html</mime-type>
</mime-mapping>
<mime-mapping>
<extension>txt</extension>
<mime-type>text/plain</mime-type>
</mime-mapping>
<security-constraint>
<web-resource-collection>
<web-resource-name>adm_full_access</web-resource-name>
<url-pattern>*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>adm_all</role-name>
</auth-constraint>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>usr_access</web-resource-name>
<url-pattern>readData.jsp</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>usr_all</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
</login-config>
<security-role>
<role-name>usr_all</role-name>
</security-role>
<security-role>
<role-name>adm_all</role-name>
</security-role>
</web-app>
When I deploy to OAS I added an OID account to the adm_all role...this works fine I can log on as that user and get to both jsps. But, when I add my user to the usr_all role within OAS I try to log on to the app...I then enter my SSO username and password and I get Access Denied errors from my browser when trying to access either page. I am confused about the <url-pattern> tag...is that relative to a directory within my deployment? Most of the examples I have seen use servlets...so I was wondering if I can even use the <url-pattern> tag to restrict/allow access to individual jsps? If someone could point me to some documentation on this set-up I would appreciate it!
Thank you.I was able to get this to work. By doing the following:
<security-constraint>
<web-resource-collection>
<web-resource-name>adm_full_access</web-resource-name>
<url-pattern>*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>adm_all</role-name>
</auth-constraint>
</security-constraint>
I was restricting access to all other groups by uisng <url-pattern>*</url-pattern>. Any other security-constraints set-up after that will not work. So saying * requires usr_all will restrict ALL webpages to ONLY adm_all, regardless of what future constraints say. So, my first security-constraints lists all directories or pages that every user can access. My next security-constraint then list resources that only my admins (adm_all) can acess. Any other security constraints then are set-up for each user role that I have...if adm_all should have access to these then the <role-name>adm_all</role-name> is added to each security constraint. -
Having a few problems with error pages and web.xml with browsers caching the error
pages and strange errors coming out of weblogic.servlet.intenal.WebAppServletContext
I'm trying to set a web app up so that all http errors and all exceptions are
routed thruogh predefined resources. For now, I'm simply send 400 errors to 400.html
and the ServletException, IOException and RuntimeException to respective html
pages.
What I'm finding is that the error codes work fine but the exceptions are only
be routed to the correct error page for the first call to the servlet after server
restart.
So for example, I have my servlet throwing a ServletException as a test case.
The weblogic server log shows that ServletException is thrown, and the correct
error page for ServletExceptions is shown.
If I change the Servlet code to throw IOException in place of SevletException,
the weblogic.log shows that IOExceptyion is being thrown (so the servlet has deployed
successfully), however the Servletxception error page is shown on the browser.
I'm using IE6 and I've changed the setting such that a new page is requested every
time using the tools-internet options-temp internet files-settings option to "check
for new versions of stored pages: Every visit to the page".
Despite this, the servlet exception error page still appears.
If you clear the cache from the temp intenet files->delete files IE option, the
correct errror page will be shown so it appears that the browser cache is being
used after all.
everytime I delete the temp intenet files I get the correct error page on the
first request after but then not after that.
I have implemented the service method for this test to throw the exceptions -
does this make a differecne?
As a test, I have moved the imlpementation to the doGet method instead bu I now
get a strange eror from weblogic comlpaining about an arrayOutOfBoundsException
because eror codes in the web.xml are not supported! - see error above.
Any help is appreciated
Have you tried setting pragama no cache?
<META HTTP-EQUIV="Pragma" CONTENT="no-cache">
cheersmbg"Aaton" <[email protected]> wrote in message
news:[email protected]...
>
> Having a few problems with error pages and web.xml with browsers caching
the error
> pages and strange errors coming out of
weblogic.servlet.intenal.WebAppServletContext
>
> I'm trying to set a web app up so that all http errors and all exceptions
are
> routed thruogh predefined resources. For now, I'm simply send 400 errors
to 400.html
> and the ServletException, IOException and RuntimeException to respective
html
> pages.
>
> What I'm finding is that the error codes work fine but the exceptions are
only
> be routed to the correct error page for the first call to the servlet
after server
> restart.
>
> So for example, I have my servlet throwing a ServletException as a test
case.
> The weblogic server log shows that ServletException is thrown, and the
correct
> error page for ServletExceptions is shown.
>
> If I change the Servlet code to throw IOException in place of
SevletException,
> the weblogic.log shows that IOExceptyion is being thrown (so the servlet
has deployed
> successfully), however the Servletxception error page is shown on the
browser.
>
> I'm using IE6 and I've changed the setting such that a new page is
requested every
> time using the tools-internet options-temp internet files-settings option
to "check
> for new versions of stored pages: Every visit to the page".
>
> Despite this, the servlet exception error page still appears.
>
> If you clear the cache from the temp intenet files->delete files IE
option, the
> correct errror page will be shown so it appears that the browser cache is
being
> used after all.
>
> everytime I delete the temp intenet files I get the correct error page on
the
> first request after but then not after that.
>
> I have implemented the service method for this test to throw the
exceptions -
> does this make a differecne?
>
> As a test, I have moved the imlpementation to the doGet method instead bu
I now
> get a strange eror from weblogic comlpaining about an
arrayOutOfBoundsException
> because eror codes in the web.xml are not supported! - see error above.
>
> Any help is appreciated
-
What is the best way to find a file on the servers disk without using web.xml?
What is the best way to find a file on the servers disk without using web.xml?
I want to find a configuration file not contained within the war file I have
created. Is there a way to pass information into the ServletContext with out
rebuilding the ear or war files? Tomcat 4.0 can do this in its server configuration
files. Does BEA have the equivalent?
Regards,
Eric
You can specify the path to the file as a system property
eg
java -Dconfig.file.location=./mydirecotry/myfile.txt com.test.MyApp
"Eric White" <[email protected]> wrote in message
news:[email protected]..
>
> What is the best way to find a file on the servers disk without using
web.xml?
> I want to find a configuration file not contained within the war file I
have
> created. Is there a way to pass information into the ServletContext with
out
> rebuilding the ear or war files? Tomcat 4.0 can do this in its server
configuration
> files. Does BEA have the equivalent?
>
> Regards,
> Eric
-
How to config the web.xml file, when I use Richfaces + RI 1.2?
Hi there:
I want to use Richfaces + RI 1.2 to build a project. I don`t know how to config the web.xml file.
By the way, my web server is Tomcat 6.0, my JDK's version is 6u6. I don`t want to use the facelets.
thanks.
lxmjust add this before *</web-app>*
<context-param>
<param-name>org.richfaces.SKIN</param-name>
<param-value>blueSky</param-value>
</context-param>
<filter>
<display-name>RichFaces Filter</display-name>
<filter-name>richfaces</filter-name>
<filter-class>org.ajax4jsf.Filter</filter-class>
</filter>
<filter-mapping>
<filter-name>richfaces</filter-name>
<servlet-name>Faces Servlet</servlet-name>
<dispatcher>REQUEST</dispatcher>
<dispatcher>FORWARD</dispatcher>
<dispatcher>INCLUDE</dispatcher>
</filter-mapping> -
Using Variable in Web.xml/ Override value in web.xml
Environment : JBOSS 4.2 / Web application in java/jsp
*==============================================================*
Iam using a servelet in application, and paremeters is configured in web.xml at run time I need to change the value. A variable
see web.xml
{color:#ff0000}<param-value>C:/FILE_ATTACHMENTS{color}</param-value>
Instead of using a static folder name I need to use a variable, this veriable either i define in config.properties or ineed to pass through application
Web.Xml file
<?xml version="1.0" encoding="UTF-8"?>
<web-app id="WebApp_ID" version="2.4" xmlns="[http://java.sun.com/xml/ns/j2ee]" xmlns:xsi="[http://www.w3.org/2001/XMLSchema-instance]" xsi:schemaLocation="[http://java.sun.com/xml/ns/j2ee] [http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd]">
<display-name>VyasaWeb</display-name>
<servlet>
<servlet-name>VyasaServlet</servlet-name>
<servlet-class>com.jsos.download.VyasaServlet</servlet-class>
<init-param>
<param-name>dir</param-name>
param-value>C:/FILE_ATTACHMENTS</param-value>
</init-param>
</servlet>
<servlet-mapping>
<servlet-name>VyasaServlet</servlet-name>
<url-pattern>/servlet/VyasaServlet</url-pattern>
</servlet-mapping>
</web-app>
Is any way to use variable in web.xml or override the value ?
Please help
Vince
Edited by: VINCEJOHNSON on Jul 30, 2010 3:30 PMIf nothing else, why not just have your servlet load a configuration file on startup?
Maybe you are looking for
-
Directions sent from Mavericks 10.9.5 don't show up on iOS 8.3
I just noticed today while trying to send directions from my Mac (Mavericks 10.9.5) to my iPad (3rd generation, iOS 8.3) that it doesn't show up on notifications nor in the App itself. I've tried: Logging out of iCloud on both devices and logging bac
-
When I try to open a PDF file the reader flashes on the screen then closes
When I try to open a PDF file the reader flashes on the screen then closes. I have to open the reader, then search for the pdf file through the reader. I'm using Adobe Reader 11.0.5 with windows 7 service pack 1 home premium. Is there any way I can j
-
Where on the Mac can I find the math symbol for Pi. Ie. what is the Unicode number for Pi.?
Where on the Mac can I find the math symbol for Pi? Ie. what is the Unicode number for Pi.? I am using system 10.6.8 Jubbjubb.
-
Hi New to authoring in Flash CS3 Pro and Flash Lite, I would appreciate information about deploying a Flash Lite 2x SWF from my web site to an end user's cell phone. This would assume that the cell phone would have a Flash Lite 2.1 player installed,
-
Pointing a Class script to a library item dynamically
Hey all, So it's straight forward to: create a library item point it at a class script addChild(new Class()) Bosh, and then it does on the canvas whatever the script associated says it should do! I would love to be able to: create library items with