War file and access control with WebLogic

Similar Messages

• War file and access control

            I am trying to put some access control on different files in my war-file, but just
            can't get it to work... It seems like all roles defined in weblogic.properties
            gives the user access to all files in the war. I just don't understand the connections
            between the security realm, the weblogicURL.policy file and the web.xml file...
            If I do not specify a weblogic.security.URLAclFile, no access control is done
            at all.
            This is how my weblogic.properties file looks like:
            weblogic.security.URLAclFile=e:\\weblogic\\weblogicURL.policy
            weblogic.password.koko=kokokoko
            weblogic.password.arnebelinda=arne1234
            weblogic.security.group.ppuseradmins=arnebelinda
            and my weblogicURL.policy:
            deny Principal weblogic.security.acl.GroupImpl "everyone" {
            Permission weblogic.security.acl.URLAcl "weblogic.url", "/admin/-";
            and finally, my web.xml-file:
            <!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.2//EN"
            "http://java.sun.com/j2ee/dtds/web-app_2_2.dtd">
            <web-app>
            <session-config>
            <session-timeout>30</session-timeout>
            </session-config>
            <welcome-file-list>
            <welcome-file>index.jsp</welcome-file>
            </welcome-file-list>
            <security-constraint>
            <web-resource-collection>
            <web-resource-name>admin</web-resource-name>
            <url-pattern>index.jsp</url-pattern> </web-resource-collection>
            <auth-constraint>
            <role-name>ppuseradmins</role-name>
            </auth-constraint>
            </security-constraint>
            <login-config>
            <auth-method>BASIC</auth-method>
            <realm-name>WebLogic Server</realm-name>
            </login-config>
            <security-role>
            <role-name>ppuseradmins</role-name>
            </security-role>
            </web-app>
            it does not matter which user is part of the ppuseradmins group. The user koko
            is not a member, but is given access to my whole .war anyway (after submitting
            correct username/password). Omitting the <realm-name> does not seem to work either;
            the default realm is not used, instead null is used.
            Does anybody have a clue? I would really appreciate it!
            I am using WebLogic 5.1 sp 9
            best regards,
            PJ
            

  In you pocily file entry, you have specified "/admin/-"
  However, in the <security-constraint> element in web.xml, your <url-pattern> is not set to /admin
  Could that be the problem ?

• Wl6.1, war files and 2 letter jar files....

  Hi,I have finally found why my WAR file isn't loading with weblogic 6.1. It seems that it doesn't like two letter class libraries (eg ab.jar) and will through a vague error message at deployment (Prefix string too short). I don't know what has changed between 6.0.2 and 6.1 in this area, but its worth making it apparent to developers in general.Regards,Mark BarryHewlett-Packard Consulting

  Are you saying that this error doesn't occur in 6.0?
  I think i knew what's the problem is, but it would be helpful if you could post the stack trace?
  Mark Barry wrote:
  Hi,I have finally found why my WAR file isn't loading with weblogic 6.1. It seems that it doesn't like two letter class libraries (eg ab.jar) and will through a vague error message at deployment (Prefix string too short). I don't know what has changed between 6.0.2 and 6.1 in this area, but its worth making it apparent to developers in general.Regards,Mark BarryHewlett-Packard Consulting

• Porting *.war files and *.ear files to Weblogic 10.3

  If we can figure this issue out, I'll see if I can't publish/post a
  maven-based solution in the Maven and Oracle forums so that others
  will not have to go through our pain.
  We are having all the usual problems regarding where Weblogic expects
  to find things and what exclusions need to be made in weblogic.xml for
  war files and weblogic-application.xml for ear files. Any insights
  would be deeply appreciated.
  Here is what our exploded war structure currently looks like.
  |____index.jsp
  |____WEB-INF
  | |____lib
  | | |____...a long list of jar files
  | |____tags
  | | |____...a short list of tag files
  | |____applicationContext.xml
  | |____web.xml
  | |____content
  | | |____...a bunch of jsps
  | |____tlds
  | | |____...some tlds
  | |____classes
  | | |____mailProperties.properties
  | | |____struts.xml
  | | |____logback.xml
  | | |____com ... the root of our class heiarchy
  |____images
  | |____...a list of images
  |____META-INF
  | |____maven
  | | |____com
  | | | |____project-name
  | | | | |____pom.xml
  | | | | |____pom.properties
  | |____MANIFEST.MF
  |____script
  | |____...some java script files
  |____style
  | |____...some css files
  Exceptions when trying to deploy are as follows:
  INFO: ... initialized Struts-Spring integration successfully
  java.lang.Exception: Could not load
  servers/AdminServer/tmp//appmergegen_1254502686535_OurApp/war/WEB-INF/classes/com...
  at com.opensymphony.xwork2.util.finder.ClassFinder.readClassDef(ClassFinder.java:745)
  at com.opensymphony.xwork2.util.finder.ClassFinder.<init>(ClassFinder.java:148)
  The exception above repeats for every .class file found below
  WEB-INF/classes/com, i.e. the the ones in this module rather than the
  ones in included modules.
  Checking the file system shows that there is no such directory as
  "appmergegen_1254502686535_conap". I'm uncertain if there is actually
  supposed to be anything there, but it would seem like it.
  I've a theory that if we can solve the above issue, we can solve the
  rest ourselves.
  It would also be handy to know what packages may cause conflicts.

  Alright, my research points to the idea that this might have something to do with staging. Since this is a dev setup we don't have any managed servers or anything. All we have is AdminServer and that is it. We have only one domain and it is "base_domain". Does anyone know if this is wrong?

• User management and Access Control in HCM Cloud

  Hello,
  Information is scarce about User management and Access Control in Oracle Cloud generally. Today, I have two questions :
  - How can I bridge HCM Cloud user store with my on-premise IDM or security repository in order to allow identty governance to flow to HCM Cloud service ?
  The only information I got was that you can declare manually and by bulk import through files my users. This is not really interresting as I have an automatic IDM with workflows and identity control on provisioning and de-provisioning.
  Is there a SPML or proprietary endpoint to do it automatically ? What are the prerequisites ? Do I have to implement OIM on my side ?
  - Once my users are created, how can I do webSSO from my internal security repositories to the HCM Cloud service ?
  I do not want to distribute new set of login / passwords to my users. Is it possible to do Identity Federation (SAML 2.0 or WS-Fed) with HCM Cloud service ? What are the prerequisites ? Do I have to implement OAM on my side ?
  I accept all pieces of information you can give me on this topic to help me understand the funcitonalites, limits and options offered by Oracle Cloud and more precisely by HCM Cloud service.
  Best regards,

  OIDDAS has limited capability of access control and information hiding. Presently, the permissions and privileges can be set at a realm level, and fine grained access control / information hiding cannot be done.
  At present, the only way to restrict view and access control is by appplying ACLs (which is not the safest bet).

• Access control with JSP

  We have been working with a design company to design our website HTML. However, a portion of these HTML files need to be password protected, all of these files are stored in one particular folder called "/tools". The problem here is that these files should only be accessible if the user has logged into the site, and the design firm has given all of these files an .html extension, which means that they will not be able to run embedded JSP code.
  From what I understand, if I want to create access control in these .html files I will need to rename them all to .jsp and then update all the links to these files to use the .jsp extension. But the design firm is telling me that their other clients never needed to do this and were able to use JSP to control access to the folder itself. They said that it is possible using JSP to prevent access to a particular folder on the webserver, and that anybody without a valid login or session who tries to access the files in the folder can be redirected to the login page. All of this can be achieved without having to insert JSP code into the password-protected HTML files and renaming them with a .jsp extension. Is this true? We want to avoid doing this because there are a lot of HTML files and links that will need to be changed if we rename the files to .jsp.
  I'm still a relative beginner with JSP and have never heard of any functionality which allows JSP to stop a browser from accessing a particular folder on the server. Am I missing something here? Is there really a better way of doing this without using JSP code?
  I have thought about putting the folder in an offline location and then using a controller JSP/servlet to check the user's login status and then read & display the HTML file from the offline folder. But I am not sure if this is really an efficient way of doing this.
  Any suggestions?
  Thanks,
  Phil

  You can set up a servlet filter in the web.xml. That lets you intercept every single request to certain areas of the app, and modify/redirect it if necessary.
  Example: This sets up a filter that runs on all requests to the "/tools" directory:
  In web.xml:
     <filter>
       <filter-name>testFilter</filter-name>
       <filter-class>com.TestFilter</filter-class>
     </filter>
     <filter-mapping>
       <filter-name>testFilter</filter-name>
       <url-pattern>/tools/*</url-pattern>
     </filter-mapping>And an example java class of a filter. This one just logs the request URI.
  package com;
  import java.io.IOException;
  import javax.servlet.Filter;
  import javax.servlet.FilterChain;
  import javax.servlet.FilterConfig;
  import javax.servlet.ServletException;
  import javax.servlet.ServletRequest;
  import javax.servlet.ServletResponse;
  import javax.servlet.http.HttpServletRequest;
  public class TestFilter implements Filter{
       public void init(FilterConfig arg0) throws ServletException {}
       public void destroy() {}
       public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
            if (request instanceof HttpServletRequest){
                 HttpServletRequest req = (HttpServletRequest)request;
                 System.out.println("Servicing request for " + req.getRequestURI());
                 chain.doFilter(request, response);
  }

• War Files And Their Deployment and Redeployment

  Howdy
  I have a WAR file that a developer gave me which I deployed on a Linux box no problem.
  Now I would like to add a jsp file and custom tag to this application.
  This is what I tried:
  I turned the war file into a zip file extracted the contents and then added my jsp page the class file for the custom tag modified the web.xml file for the tag and added a tld file for the tag as well.
  Then I rezipped the files and renamed to a .war file and deployed it on the linux box. The previous existing files work but my new jsp page comes up with a HTTP 404 Not Found error.
  Now the new jsp and custom tag work on my development machine just not on the live server when reployed into the other existing app.
  What am I missing? Or am I totally off with trying to redeploy the app in this way?
  Any help appreciated.
  Adam

  For deployment you need to use ant

• [BUG] deploytk.dll file and activex control is NOT uninstalled

  deploytk.dll file and activex control is NOT uninstalled, when you uninstall the latest JRE.
  I have uninstalled the latest JRE, but the file deploytk.dll is still present in c:\windows\system32\ and the related activex control deploytk.dll 6.0.190.4 is loaded in IE8. Please fix this bug.
  Windows Vista SP2

  Unfortunately, it was *all* of my ActiveX controls that wouldn't load. That said, A user of the Info-LabVIEW list came up with the answer: reinstall the RunTime engine - wierd....
  thanks,
  Christopher
  Copyright © 2004-2015 Christopher G. Relf. Some Rights Reserved. This posting is licensed under a Creative Commons Attribution 2.5 License.

• HOWTO Get the text of "combo box" and "labe" controls with JavaAccessBridge

  HOWTO Get the text of "combo box" and "labe" controls with JavaAccessBridge.
  Please help,
  I'm trying to use the Java Access Bridge (JAB) 2.1 to get the text in Java Applet controls. I've been able to use the sample code in AccessInfo.cpp sample that comes with JAB to get text from "text" controls in a Java Applet. To clarify, I am referring to the "role" in the AccessibleContextInfo struct being set to "text" or "combo box" or "label".
  The problem is, when I use the AccessInfo.cpp sample to get text from a "combo box", the accessibleText data member comes back as FALSE, and thus any of the JAB text functions like GetAccessibleTextInfo fail to get any text information from "combo box" or "label" controls.
  I've also tried GetCurrentAccessibleValueFromContext on the "combo box" and "label" controls, but the text returned is empty.
  Can anyone help?

  I have new information in regards to this issue. A contact from Sun did get to me in email and relayed that that "label" objects store their text in the "name" data member of the AccessibleContext structure. This was a big help.
  But I'm still stuck trying to get information from "combo box" and other controls, like "push button". The contact said, the Java Access Bridge does not provide all the information because it is already implemented by other interfaces like AccessibleComponent, AccessibleAction, or AccessibleSelection. The contact did not allude to whether these opther interfaces can be used along side the Java Access Bridge or not. So, I'm left a step closer to the goal, but still stuck without the full solution.
  Can one take the Java Access Bridge functions, like say those used in the Ferret sample, and close the gap to get text back from "combo box", "push button", and other controls by using some other API in conjunction?

• War file and deployment

  Hi,
  im new to j2ee and there are some qns i hope you can help me with.
  1. why is there a need to put my jsp and servlets in a .war file?
  2. where do i do my placements of ejb and jsp into the respective jar and war files? in my web server?
  thanks a lot!

  1. why is there a need to put my jsp and servlets in a .war file?Answer- As technology evolved over ther period of time, it became more and more evident that the smaller and easier the things the better it is. WAR format is a ZIP format created to deploy your web application data. Hence called WAR(Web Application Archive). It usually contains your Images, JSP pages, and servlets and other related helper files needed by your web application. Java being a cross platform technology, it becomes easy and standardized to distribute your application(web) to other vendors/teams/people if one makes use of a WAR file. Once dropped in the root directory of the App server(i mean the proper webapp directory) the application server is smart enuf to load your WAR file and create respective directory structure.
  2. where do i do my placements of ejb and jsp into the respective jar and war files? in my web server?Answer:- When you add the EJB files and distribute it along with your WAR file, its called EAR(Enterprise Archive) which is WAR+ EJB jar files. As for the JSP's they form a part of the WAR and should be bundled up while creating the WAR file.
  Hope this answers the question.

• Inside of idm and access control products

  Hello Friends,
  For the past few months I was working on a blog where I shared my past experiences with the IAM products, New technologies and problems faced in the products at a conceptual level. I thought of sharing that with experienced team of technocrats like you. Please have a look into this and let me how how can I improve this.
  blog URL --> http://identitycontrol.blogspot.com/
  Thanks
  idmguru

  Frinends,
  Visit my blog http://identitycontrol.blogspot.com to get inside working of the identity and access control products. My efforts here is to explain insides in a simple language.
  Latest topic i added is "SAML in action"
  Please post your comments also so I can improve the contents.
  Thanks

• I used MobileMe/idisk to hold all of my files and access from my iPad.  It worked beautifully.  What is the best way to do that now?

  I used MobileMe/idisk to hold all of my files and access from my iPad.  It worked beautifully.  What is the best way to do that now?
  In particular, I am having issues with documents that already exist on my Mac and trying to get my iPad to access them. 

  A popular option seems to be DropBox.

• Difference between .war file and .ear file

  Hi,
  what is the difference between .war file and .ear file ?
  Please let me know with appropriate explanation.

  War file means web application archive. It is archived file having a collection of JSP, servlets and static pages that together costitute a web application. It contains one WEB-INF directory which will have a file named web.xml which defines the structure of the web application.
  On the other side EAR file is Enterprise application archive. It is file having packaged content of one or more modules into a single archive so that the deployment of all the modules can be done simultaneously on the application server. It also contains XML files called deployment descriptors which gives the details of the deployment method. This deployment descriptor will be present in the folder META-INF folder.
  So the main difference betwwen the two is that Ear file is having collection of various modules to be deployed on the application server while the WAR file is used to deploy the web applications.

• Behaviour differences between  war file and exploded directory

  Hi,
  I'm baffled by differences in how my web app behaves when deploy in a war file and when deployed in exploded directory.
  Firstly when I deploy in exploded directory format (using wldeploy in ant) - the jsps do not precompile. However, when I deploy the war file - again using ant and wldeploy - precompile works just fine - and general performance seems better.
  Secondly - the webapp has a pdf file - which is used as a template to dynamically produce a document. When deployed
  in exploded format - the webapp works fine and is able to read the pdf. However, when I deploy in war file, the pdf cannot be read.
  Surely the behaviour should be the same whether we deploy as a war or exploded.
  Someone please help
  Tariq

  Some behaviors will be different between a WAR file deployment and an exploded WAR deployment.
  With respect to JSP precompile, you just say "they do not precompile", so I can't tell anything about that.
  When you read files from an exploded WAR, you can reference them in two ways: as a resource, or as an absolute file path. When you read files from a WAR file, you can only read files as a resource, and not as an absolute file path. You're not giving any information about how you're reading the file, so I can't tell about that either.
  You'd have to provide more detail to get better answers.

• Lost ability to right click multiple files and choose 'open with'

  In XP I can select a bunch of mp3 files, for example, right click and choose 'open with...' whatever application I want.
  In windows 7 I only get 'open with' in the context menu on single files. How do I enable 'open with' for a selection of files? Please tell me Windows 7 hasn't disabled this useful behaviour.

  Hi,
  You can change the register key to realize the function.
  For example, your mp3 player is windows media player, you can copy the following content (without quote) to the notepad and save it with the “.reg” extension.
  The context is below:
  Warning: While this procedure might solve the issue or problem, serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall the operating system. Microsoft cannot guarantee that these problems can be solved. Modify the registry at your own risk. For more information about modifying the registry, see Microsoft support article 256986.
  “Windows Registry Editor Version 5.00
  [HKEY_CLASSES_ROOT\*\shell]
  [HKEY_CLASSES_ROOT\*\shell\open with]
  @="open with player"
  [HKEY_CLASSES_ROOT\*\shell\open with\command]
  @="\"C:\\Program Files\\Windows Media Player\\wmplayer.exe\" \"%1\""
  [HKEY_CLASSES_ROOT\*\shell\removeproperties]
  "ProgrammaticAccessOnly"="Apartment"
  [HKEY_CLASSES_ROOT\*\shell\removeproperties\DropTarget]
  "CLSID"="{09a28848-0e97-4cef-b950-cea037161155}" ”
  You should change the bold text with the path of your player. After you’ve changed the key, you can right click the chosen MP3 files and choose “open with player” to play the music.
  If you still have some problems, please post here.