War file and access control

Similar Messages

• War file and access control with WebLogic

  I am trying to put some access control on different files in my war-file, but just can't get it to work... It seems like all roles defined in weblogic.properties gives the user access to all files in the war. I just don't understand the connections between the security realm, the weblogicURL.policy file and the web.xml file... If I do not specify a weblogic.security.URLAclFile, no access control is done at all.
  This is how my weblogic.properties file looks like:
  weblogic.security.URLAclFile=e:\\weblogic\\weblogicURL.policy
  weblogic.password.koko=kokokoko
  weblogic.password.arnebelinda=arne1234
  weblogic.security.group.ppuseradmins=arnebelinda
  and my weblogicURL.policy:
  deny Principal weblogic.security.acl.GroupImpl "everyone" {
  Permission weblogic.security.acl.URLAcl "weblogic.url", "/admin/-";
  and finally, my web.xml-file:
  <!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.2//EN"
  "http://java.sun.com/j2ee/dtds/web-app_2_2.dtd">
  <web-app>
       <session-config>
            <session-timeout>30</session-timeout>
       </session-config>
       <welcome-file-list>
            <welcome-file>index.jsp</welcome-file>
       </welcome-file-list>
       <security-constraint>
            <web-resource-collection>
                 <web-resource-name>admin</web-resource-name>
                 <url-pattern>index.jsp</url-pattern>          </web-resource-collection>
            <auth-constraint>
                 <role-name>ppuseradmins</role-name>
            </auth-constraint>
       </security-constraint>
       <login-config>
            <auth-method>BASIC</auth-method>
            <realm-name>WebLogic Server</realm-name>
       </login-config>
       <security-role>
            <role-name>ppuseradmins</role-name>
       </security-role>
  </web-app>
  it does not matter which user is part of the ppuseradmins group. The user koko is not a member, but is given access to my whole .war anyway (after submitting correct username/password). Omitting the <realm-name> does not seem to work either; the default realm is not used, instead null is used.
  Does anybody have a clue? I would really appreciate it!
  I am using WebLogic 5.1 sp 9
  best regards,
  PJ

  In you pocily file entry, you have specified "/admin/-"
  However, in the <security-constraint> element in web.xml, your <url-pattern> is not set to /admin
  Could that be the problem ?

• User management and Access Control in HCM Cloud

  Hello,
  Information is scarce about User management and Access Control in Oracle Cloud generally. Today, I have two questions :
  - How can I bridge HCM Cloud user store with my on-premise IDM or security repository in order to allow identty governance to flow to HCM Cloud service ?
  The only information I got was that you can declare manually and by bulk import through files my users. This is not really interresting as I have an automatic IDM with workflows and identity control on provisioning and de-provisioning.
  Is there a SPML or proprietary endpoint to do it automatically ? What are the prerequisites ? Do I have to implement OIM on my side ?
  - Once my users are created, how can I do webSSO from my internal security repositories to the HCM Cloud service ?
  I do not want to distribute new set of login / passwords to my users. Is it possible to do Identity Federation (SAML 2.0 or WS-Fed) with HCM Cloud service ? What are the prerequisites ? Do I have to implement OAM on my side ?
  I accept all pieces of information you can give me on this topic to help me understand the funcitonalites, limits and options offered by Oracle Cloud and more precisely by HCM Cloud service.
  Best regards,

  OIDDAS has limited capability of access control and information hiding. Presently, the permissions and privileges can be set at a realm level, and fine grained access control / information hiding cannot be done.
  At present, the only way to restrict view and access control is by appplying ACLs (which is not the safest bet).

• Porting *.war files and *.ear files to Weblogic 10.3

  If we can figure this issue out, I'll see if I can't publish/post a
  maven-based solution in the Maven and Oracle forums so that others
  will not have to go through our pain.
  We are having all the usual problems regarding where Weblogic expects
  to find things and what exclusions need to be made in weblogic.xml for
  war files and weblogic-application.xml for ear files. Any insights
  would be deeply appreciated.
  Here is what our exploded war structure currently looks like.
  |____index.jsp
  |____WEB-INF
  | |____lib
  | | |____...a long list of jar files
  | |____tags
  | | |____...a short list of tag files
  | |____applicationContext.xml
  | |____web.xml
  | |____content
  | | |____...a bunch of jsps
  | |____tlds
  | | |____...some tlds
  | |____classes
  | | |____mailProperties.properties
  | | |____struts.xml
  | | |____logback.xml
  | | |____com ... the root of our class heiarchy
  |____images
  | |____...a list of images
  |____META-INF
  | |____maven
  | | |____com
  | | | |____project-name
  | | | | |____pom.xml
  | | | | |____pom.properties
  | |____MANIFEST.MF
  |____script
  | |____...some java script files
  |____style
  | |____...some css files
  Exceptions when trying to deploy are as follows:
  INFO: ... initialized Struts-Spring integration successfully
  java.lang.Exception: Could not load
  servers/AdminServer/tmp//appmergegen_1254502686535_OurApp/war/WEB-INF/classes/com...
  at com.opensymphony.xwork2.util.finder.ClassFinder.readClassDef(ClassFinder.java:745)
  at com.opensymphony.xwork2.util.finder.ClassFinder.<init>(ClassFinder.java:148)
  The exception above repeats for every .class file found below
  WEB-INF/classes/com, i.e. the the ones in this module rather than the
  ones in included modules.
  Checking the file system shows that there is no such directory as
  "appmergegen_1254502686535_conap". I'm uncertain if there is actually
  supposed to be anything there, but it would seem like it.
  I've a theory that if we can solve the above issue, we can solve the
  rest ourselves.
  It would also be handy to know what packages may cause conflicts.

  Alright, my research points to the idea that this might have something to do with staging. Since this is a dev setup we don't have any managed servers or anything. All we have is AdminServer and that is it. We have only one domain and it is "base_domain". Does anyone know if this is wrong?

• War Files And Their Deployment and Redeployment

  Howdy
  I have a WAR file that a developer gave me which I deployed on a Linux box no problem.
  Now I would like to add a jsp file and custom tag to this application.
  This is what I tried:
  I turned the war file into a zip file extracted the contents and then added my jsp page the class file for the custom tag modified the web.xml file for the tag and added a tld file for the tag as well.
  Then I rezipped the files and renamed to a .war file and deployed it on the linux box. The previous existing files work but my new jsp page comes up with a HTTP 404 Not Found error.
  Now the new jsp and custom tag work on my development machine just not on the live server when reployed into the other existing app.
  What am I missing? Or am I totally off with trying to redeploy the app in this way?
  Any help appreciated.
  Adam

  For deployment you need to use ant

• [BUG] deploytk.dll file and activex control is NOT uninstalled

  deploytk.dll file and activex control is NOT uninstalled, when you uninstall the latest JRE.
  I have uninstalled the latest JRE, but the file deploytk.dll is still present in c:\windows\system32\ and the related activex control deploytk.dll 6.0.190.4 is loaded in IE8. Please fix this bug.
  Windows Vista SP2

  Unfortunately, it was *all* of my ActiveX controls that wouldn't load. That said, A user of the Info-LabVIEW list came up with the answer: reinstall the RunTime engine - wierd....
  thanks,
  Christopher
  Copyright © 2004-2015 Christopher G. Relf. Some Rights Reserved. This posting is licensed under a Creative Commons Attribution 2.5 License.

• Inside Identity and Access Control products

  Hello,
  For the past few months I was working on a blog which can help understanding under the hood of identity and access control products. Please have a look into it and let me know how to improve the contents.
  http://identitycontrol.blogspot.com

  Latest Topics
  1) Video of Federated Access Control
  2) RSA Conference 2007

• Inside identity and access control products : blog

  Frinends,
  Visit my blog http://identitycontrol.blogspot.com to get inside working of the identity and access control products. My efforts here is to explain insides in a simple language.
  Latest topic i added is "SAML in action"
  Please post your comments also so I can improve the contents.
  Thanks

  Thanks a lot idmguru!!
  your efforts are simply awesome..
  -Yash Bansal

• War file and deployment

  Hi,
  im new to j2ee and there are some qns i hope you can help me with.
  1. why is there a need to put my jsp and servlets in a .war file?
  2. where do i do my placements of ejb and jsp into the respective jar and war files? in my web server?
  thanks a lot!

  1. why is there a need to put my jsp and servlets in a .war file?Answer- As technology evolved over ther period of time, it became more and more evident that the smaller and easier the things the better it is. WAR format is a ZIP format created to deploy your web application data. Hence called WAR(Web Application Archive). It usually contains your Images, JSP pages, and servlets and other related helper files needed by your web application. Java being a cross platform technology, it becomes easy and standardized to distribute your application(web) to other vendors/teams/people if one makes use of a WAR file. Once dropped in the root directory of the App server(i mean the proper webapp directory) the application server is smart enuf to load your WAR file and create respective directory structure.
  2. where do i do my placements of ejb and jsp into the respective jar and war files? in my web server?Answer:- When you add the EJB files and distribute it along with your WAR file, its called EAR(Enterprise Archive) which is WAR+ EJB jar files. As for the JSP's they form a part of the WAR and should be bundled up while creating the WAR file.
  Hope this answers the question.

• Inside of idm and access control products

  Hello Friends,
  For the past few months I was working on a blog where I shared my past experiences with the IAM products, New technologies and problems faced in the products at a conceptual level. I thought of sharing that with experienced team of technocrats like you. Please have a look into this and let me how how can I improve this.
  blog URL --> http://identitycontrol.blogspot.com/
  Thanks
  idmguru

  Frinends,
  Visit my blog http://identitycontrol.blogspot.com to get inside working of the identity and access control products. My efforts here is to explain insides in a simple language.
  Latest topic i added is "SAML in action"
  Please post your comments also so I can improve the contents.
  Thanks

• I used MobileMe/idisk to hold all of my files and access from my iPad.  It worked beautifully.  What is the best way to do that now?

  I used MobileMe/idisk to hold all of my files and access from my iPad.  It worked beautifully.  What is the best way to do that now?
  In particular, I am having issues with documents that already exist on my Mac and trying to get my iPad to access them. 

  A popular option seems to be DropBox.

• Difference between .war file and .ear file

  Hi,
  what is the difference between .war file and .ear file ?
  Please let me know with appropriate explanation.

  War file means web application archive. It is archived file having a collection of JSP, servlets and static pages that together costitute a web application. It contains one WEB-INF directory which will have a file named web.xml which defines the structure of the web application.
  On the other side EAR file is Enterprise application archive. It is file having packaged content of one or more modules into a single archive so that the deployment of all the modules can be done simultaneously on the application server. It also contains XML files called deployment descriptors which gives the details of the deployment method. This deployment descriptor will be present in the folder META-INF folder.
  So the main difference betwwen the two is that Ear file is having collection of various modules to be deployed on the application server while the WAR file is used to deploy the web applications.

• Behaviour differences between  war file and exploded directory

  Hi,
  I'm baffled by differences in how my web app behaves when deploy in a war file and when deployed in exploded directory.
  Firstly when I deploy in exploded directory format (using wldeploy in ant) - the jsps do not precompile. However, when I deploy the war file - again using ant and wldeploy - precompile works just fine - and general performance seems better.
  Secondly - the webapp has a pdf file - which is used as a template to dynamically produce a document. When deployed
  in exploded format - the webapp works fine and is able to read the pdf. However, when I deploy in war file, the pdf cannot be read.
  Surely the behaviour should be the same whether we deploy as a war or exploded.
  Someone please help
  Tariq

  Some behaviors will be different between a WAR file deployment and an exploded WAR deployment.
  With respect to JSP precompile, you just say "they do not precompile", so I can't tell anything about that.
  When you read files from an exploded WAR, you can reference them in two ways: as a resource, or as an absolute file path. When you read files from a WAR file, you can only read files as a resource, and not as an absolute file path. You're not giving any information about how you're reading the file, so I can't tell about that either.
  You'd have to provide more detail to get better answers.

• War files and configuration files

  Hi,
  I'm trying to deploy servlets using a WAR file. Everything works fine except I can't read the configuration files from the servlet code.
  The code reading the configuration file is as follows:
  input = ClassLoader.getSystemResourceAsStream("test.properties");
  properties.load(input);
  Of course this code assumes that the file "test.properties" is in the class path.
  Where should I put the property file in the WAR file so that it is in the class path?
  If this can�t be done, how should I structure my code around this problem?
  I�m using Tomcat 3.2�
  Thank you very much

  I haven't had any trouble accessing properties files in the WEB-INF\classes using the following...
  public class MyAnchor
       private static Properties properties = new Properties();
       static
            URL url = MyAnchor.class.getResource("mywebapp.properties");
            try
            properties.load(url.openStream());
            catch(Exception e)
            e.printStackTrace();
  public static final String PROP_CONSTANT_1 = properties.getProperty("prop_constant_1");
  But I have now run into problems when trying to create a WAR file with the J2EE Deploy Tool, which will only allow *.class files to sit in the WEB-INF\classes directory.
  I'll be really annoyed if I have to change the properties file name to mywebapp.class just to get around this problem.
  Has anyone else found this?? I know I can add the *.props manually, but again would prefer not to.
  I'm hoping its only a J2EE problem and deploying to other servers will not have this requirement.

• Cannot sort in file/folder access control list in 8 or Server 2012

  I use Windows 8 and Server 2012 Datacenter (with GUI).  In 7/2008R2, I was formerly able to get properties on a file or folder, go to Security tab, click Advanced, and sort the access control list by type, access, inherited from, etc.  Now, it
  doesn't do anything when I click on the headings.   I know I did not find this during the Beta or Release Preview periods, but I do wish this feature would be added back.
  I tried to send this through MS Connect, but they said it was a Server 2008 issue.  Does that mean that it was never supposed to sort?  But I argue that 8 and Server 2012 have the bug.  Here is an image of the window I am referring to, for
  clarification:

  This is really frustrating. Just got 2012 R2 management server and a week after, I noticed the same issue. The only difference is that I'm sorting AD delegation, with 150+ ACEs. While having huge lists of ACEs, it is a must of being able to sort them
  by different columns. Sad that it is considered a bug - it's usually an opposite, when a bug is offered as a feature...
  I still hope this will be fixed with time to come, else - it will be more practical to use PowerShell than such handicapped GUI.
  MCSE, MCITP