Weblogic custom loginModule

Similar Messages

• How to allow user chaning his password in OBIEE 11g weblogic custom LDAP?

  Hi,
  How to allow user chaning his password in OBIEE 11g weblogic custom LDAP?
  I need to give user an option to do so, without the intervention of any Administrator. I also do not want to make user a Administrator else he will be able to login in weblogic and can do any damages unknowingly.....
  Regards,
  Rahul

  Hi,
  Replace the line in the instantconfig.xml
  <WebMessage name=”kmsgChangePasswordLink”><!–<HTML><sawm:messageRef name=”kmsgUIChangePassword”/></HTML>–></WebMessage>
  with
  <WebMessage name=”kmsgChangePasswordLink”><HTML><sawm:messageRef name=”kmsgUIChangePassword”/></HTML></WebMessage>

• Custom LoginModule not found, error "Found in negative cache"

  Hi all,
  I am working with NetWeaver 2004s SR3 SP14 on SuSE 10 with Oracle.  I am
  writing a custom LoginModule and I get this error in the default trace file when my
  sample app tries to use my login module:
  [EXCEPTION]
  {1}#2#com.mycompany.dc.netweaver.MyLoginModule#java.lang.ClassNotFoundException:
  com.mycompany.dc.netweaver.MyLoginModule
  Found in negative cache
  The class name for my login module is: MyLoginModule and it is in library:
  MyLoginModuleLibrary (so the name of the library project in Developer
  Studio is MyLoginModuleLibrary and it is the component name in
  server/provider.xml for that project).  MyLoginModule requires the use of
  classes in another library also written by my company (called
  mycompany_libs).  To complicate matters, mycompany_libs uses JNI.  I tried
  adding the JNI library directory to the LD_LIBRARY_PATH shell variable
  (set before running startsap in the sidadm user's shell).  Though I
  could find few references to developing using JNI (so if someone out there
  has references for using JNI with Netweaver, it would be great, and very
  helpful if you would post them). 
  I was able to successfully deploy MyLoginModuleLibrary and mycompany_libs.
  I put the following in the property: LoginModuleClassLoaders in the
  security provider properties:
  library:mycompany.com~MyLoginModuleLibrary,library:mycompany.com~mycompany_libs
  (Note:  I changed the provider name server/provider.xml to mycompany.com
  for both libraries: MyLoginModuleLibrary and mycompany_libs and that is the
  reason why I have the "mycompany.com~" prefix before each library name.)
  I added mycompany_libs to the references in server/provider.xml for
  MyLoginModuleLibrary.  The references look good in the ClassLoader viewer.
  But I still get this error.  I've restarted the server several times to
  try to clear the negative cache (using stopsap, then startsap), but to no
  avail. 
  One thing that I find interesting (and it could be a possible clue to the
  problem) is that neither library:mycompany.com~MyLoginModuleLibrary nor
  library:mycomany.com~mycompany_libs appears in the ClassLoader name
  or in the References in the error message in the log file.  I don't know why not
  (I would guess that both of these entries should be in the references and Class
  loader name in the log file).
  Any ideas? 
  -- Katrina

  I tried 2 tests:
  (1) I kept all names the same, but removed all of the complexity from the login module.  This new login module would just return true when login() is called and add the principal: "sillyuser at testing dot com" to the principal list when commit() is called.
  (2) Just like the first test (i.e. a very simple login module that does no real authentication at all), except I changed the name of the library, the LoginModule class, and the jar file.  The provider name was still mycompany.com.  I corrected references in LoginModuleLibraryLoaders property in Security Provider.
  Test (1) had the same error (ClassNotFoundException "Found in negative cache"), but test (2) worked!  It was able to load my login module and I was able to see the trace entries in the log file.
  So, I guess the problem is that the "negative cache" is not getting cleared.  Anyone know how to clear it?
  Thanks,
  Katrina

• Problems with SAP logging,tracing in custom LoginModule

  Hello,
  We are developing a custom logimodule for our J2EE application on WebAS.
  We are using eclipse IDE to develop the code.
  We want to use the SAP logging framework in the custom loginmodule.
  In this regard we have certain queries:
  - If we hard code the log(category) and trace(location) file location in our loginmodules
  the logging, tracing works fine i.e. we are able to see the traces etc. in the files at the specified location.
  - Our requirement is that we want to leverage the logging tracing mechanism provided by the J2EE engine.That is we want that our traces should appear in the WebAS defaultTrace.0.trc file. Also we want that the trace properties for our loginmodule like severity, TraceFormatting etc. could be configured using the WebAS visual admin tool etc.
  As per documentation to configure tracing, we navigated to Log Configurator in visual Admin tool and from there to the destination tab but we don't see our LoginModule int the list of destinations.
  How could we enforce our LoginModule to use defaultTrace.0.trc file and let J2EE engine decide
  the logging properties like severity etc. for our LoginModule.
  Thanks
  Alok

  Hi,
  No, I´m not yet in the middle of a update. I want to apply some support package using JSPM, and it need to SDM run in integrated mode, but my sdm don´t start in integrated mode,
  Feb 18, 2009 5:51:57 PM  Info:
  Feb 18, 2009 5:51:57 PM  Info: ============================================
  Feb 18, 2009 5:51:57 PM  Info: =   Starting to execute command 'server'   =
  Feb 18, 2009 5:51:57 PM  Info: ============================================
  Feb 18, 2009 5:51:57 PM  Info: Starting SDM - Software Deployment Manager...
  Feb 18, 2009 5:51:58 PM  Info: tc/SL/SDM/SDM/sap.com/SAP AG/7.0014.20071029094708.0000
  Feb 18, 2009 5:51:59 PM  Info: SDM operation mode successfully set to: Integrated
  Feb 18, 2009 5:52:00 PM  Info: JStartupFramework is active
  Feb 18, 2009 5:52:00 PM  Info: Operation mode of SDM in JStartupFramework is "Integrated".
  Feb 18, 2009 5:52:00 PM  Info: Check if Server is running already.
  Feb 18, 2009 5:52:01 PM  Info: OK server is not running. Enable SDM Process in JStartupFramework.
  Feb 18, 2009 5:52:01 PM  Info: enabling SDM Process with JStartupFramework
  Feb 18, 2009 5:52:01 PM  Info: enabled SDM Process with JStartupFramework
  Feb 18, 2009 5:52:01 PM  Info: Successfully enabled SDM Process in JStartupFramework.
  Feb 18, 2009 6:04:11 PM  Error: SDM server startup not finished after 600 seconds. Giving up.
  Feb 18, 2009 6:04:11 PM  Error: Could not start SDM. Processing error. Return code: 4
  For these reason I want to extend the timeout value, or any other idea.
  Thanks.

• Will jdev 11g support customer loginmodule DBTableOraDataSource?

  Hi,
  In jdev10132,custom loginmdule DBTableOraDataSource is very useful,but in 11g tp3 ,I did not find where I can define this with integrated oc4j,will 11g production release support this?And with 11g support Human Task ,which need more user info ,such as appoval chain,will It support these interesting function? If yes how to do this,if not which solution is recommondede?
  Any advice are appreciate
  lixinzh
  2008/1/17

  Hi,
  yes it will support DBTableOraDataSource (and custom LoginModules in general) because its a part of the security architecture in OC4J. Does human task authenticate against the container using JavaEE? If yes then it can be authenticated, if not then you would need something else - I would assume it requires WS security
  Frank

• How to verify that embedded OC4J is loading Custom LoginModule?

  I've written a custom login module to authenticate against a custom datastore. I've added a system property
  java.security.auth.login.config=C:\javadev\...\jaas.configas recommended by Yvonne here: Re: Custom LoginModule used by BC4J
  I still get the following when I load a UIX page out of this module:
  msg=JBO-33021: Failed authenticate user nullThere are many debug System.out(...) statements in the code (including in the initialize() function) but none are showing up in the OC4J console. Does anyone know how to verify that the LoginModule is indeed getting loaded? Is it normal for these System.out() statements not to show in the OC4J console?
  I get the impression that the LoginModule is not being loaded but I'm not sure if those traces are enough...
  Thanks,
  /sfl

  Thanks much for the prompt reply and debugging tips Steve and Avi!
  I used both switches (-DApplicationServerDebug and -verbose:class) and still no sign of the class being loaded; none of the traces (I did trace in the construct, though I failed to mention in my original post) nor do any of the app server or jvm debug messages show any sign of the LoginModule being loaded. So now I'm fairly certain I'm going about the wrong way to get this module loaded. Should I also be posting this to the JDeveloper forum?
  My application module configuration is as follows:
  jbo.security.config=<blank> (is this right?)
  jbo.security.context=oracle.security.jazn
  jbo.security.enforce=Must
  jbo.security.loginmodule=customModuleThe command line to the JVM contains:
  -Djava.security.auth.login.config=C:\javadev\jdev9052\j2ee\home\config\jaas.config[yes Avi, I was unfortunately imposed an M$ env. by the powers that be : ( ]
  And, well I've been trying a lot of different things w/ the jaas.config file:
  customModule{
  myPack.controller.MyLoginModule required;
  myApp{
  myPack.controller.MyLoginModule required;
  myPack.LookupModuleLocal{
  myPack.controller.MyLoginModule required;
  myPack.LookupModule{
  myPack.controller.MyLoginModule required;
  Ws-MyProg-webapp{
  myPack.controller.MyLoginModule required;
  default{
  myPack.controller.MyLoginModule required;
  current-workspace-app{
  myPack.controller.MyLoginModule required;
  };Any idea where I'm going wrong? Do I need to do anything else to get this module loaded? At first I thought I needed to modify the jazn-data.xml file but I saw a note in another thread Custom LoginModule used by BC4J which says that it's not necessary to modify it when using a custom LoginModule. Is this right, or should I be modifying that file?
  Thanks,
  java.lang.Object - jobject ;- )

• Weblogic 11g custom LoginModule

  Hello experts!
  I have implemented a custom JAAS LoginModule, but I can't find any documentation how to register this module in WebLogic 11g (I think the server version is 10). Could you briefly explain how to do this or send some link?
  Thank you in advance!

  Hi,
  You need to create a jaas.conf file referring to the LoginModule class as below.
  Sample {
  sample.module.SampleLoginModule required debug=true;
  Then specify the below parameter in the server startup script.
  -Djava.security.auth.login.config=<Pathto>jaas.config
  For Ex:
  set JAVA_OPTIONS=%JAVA_OPTIONS% -Djava.security.auth.login.config=<pathto>\jaas.config
  Regards,
  Andy.

• ADF wont work with custom LoginModule! Question for Mr. Nimphius!

  ive setup login module as shown in:
  http://www.oracle.com/technology/products/jdev/howtos/10g/jaassec/index.htm
  code:
  actionContext.getHttpServletRequest().isUserInRole("Administrators") works! but i also want this code to work in ADF:
  appmod.getSession().isUserInRole("Administrators")
  with default loginmodule "oracle.security.jazn.tools.Admintool" everything is ok! i can get roles in adf but with custom login module i cant!
  in ApplicationModule config i have setup
  jbo.security.config =
  jbo.security.context = oracle.security.jazn
  jbo.security.enforce = Must
  jbo.security.loginmodule = oracle.sample.dbloginmodule.DBTableLM.DBTableLoginModule
  please help!

  thank you very much for the reply!!!!
  i did what you told but no luck... :(((
  i still can not get user role from application module!
  this code:
  if (AppModule.getSession().isUserInRole("Administrators"))
  System.out.println("User is in role! ");
  simply does not work!
  ive tested on standallone oc4j, ive tested on embeded jdveloper 10.1.2.1 !
  i get NullPointerException at at oracle.jbo.server.security.jazn.JboJAZNUserManager.isUserInRole(JboJAZNUserManager.java:113)
  the thing is that i can use isUserInRole() from request but i can not from application modulle....
  ...ive lost hours in decompiling and tracking down ADF code just to realize that there is no way to use custom login module with ADF because the thing is hard coded to use xml or ldap..
  the only way i see how to solve the problem is to extend oracle.jbo.server.SessionImpl
  and override
  getUserRoles()
  and
  isUserInRole(String s)
  i can substitute session class with my own by setting
  SessionClass = oracle.jbo.server.ExtendedSessionImpl
  in file jboserver.properties (which is inside bc4jmt.jar)
  the easier way is to write my own function isUserInRole() in EntityImpl... i always can get user principal name with AppModule.getUserPrincipalName()
  what do you think?

• Customer LoginModule with BEA 7.0

  I am use BEA WebLogic 7.0 beta now, we want implement our own JAAS
  LoginModule,. Do any one know how to implement and integrate with
  WebLogic Server?
  Thanks,
  Paul

  Paul ,
  I presume that you are referring to a LoginModule on the Client side
  and not on server side...
  if you had the LoginModule working for WLS 6.1 ( refer to the examples
  bundled with it)..
  You should have it working by setting another property
  "java.security.auth.login.config" == "weblogic.security.jaas.Policy"
  - Harish
  [email protected] (Paul Z) wrote in message news:<[email protected]>...
  I am use BEA WebLogic 7.0 beta now, we want implement our own JAAS
  LoginModule,. Do any one know how to implement and integrate with
  WebLogic Server?
  Thanks,
  Paul

• Failed to initialize my custom LoginModule

  Hello,
  I just developped a loginmodule. I also tried with several examples I found on the forum (thanks for this help). When I start Tomcat Th constructor of the LoginModule is successfull but Tomcat stops before the call of the initialize method.
  I get the flollowing exception :
  IllegalArgumentException: argument type mismatch.
  I supposed it's a problem in my server.xml :
  <Host name="localhost" debug="0" appBase="webapps" unpackWARs="true" autoDeploy="true">
  <Context path="/testAppli" reloadable="true" docBase="D:\Appl\eclipse\workspace\testAppli" workDir="D:\Appl\eclipse\workspace\testAppli\work\org\apache\jsp">
  <Realm className="com.testappli.MyLoginModule" debug="3" appName="testAppli" userClassNames="com.testappli.MyPrincipal" roleClassNames="com.testappli.MyRolePrincipal">
  </Realm>
  </Context>     
  </Host>
  I don't understand where are the needed arguments of the initialize method :
  public void initialize(Subject subject, CallbackHandler callbackHandler, Map sharedState, Map options) {
  // Save configuration values
  this.subject = subject;
  this.callbackHandler = callbackHandler;
  this.sharedState = sharedState;
  this.options = options;
  Thanks for your help

  Hello,
  I'm sorry you're running into problems with our installer.  Could you try to download and install the appropriate installer from the following post:
  Where can I find direct downloads of Flash Player for Windows or Macintosh?
  Thanks,
  Chris

• Custom Login Module Called by WebLogic

  I have managed to write and deploy a custom login module that works just fine with
  other app servers (except WebLogic). I am using WebLogic 6.1 with sp2. When WebLogic
  starts up, it seems to be calling my custom login module with a user of "system".
  I then get the following exception:
  Authentication Failed: Unexpected Exception, weblogic.security.acl.DefaultUserInfoImpl
  java.lang.ClassCastException: weblogic.security.acl.DefaultUserInfoImpl
  <<no stack trace available>>
  I have updated the Server.policy file to only point to my custom login module, WebLogic's
  system path points to the JAR with my login module and I can see the module get called.
  Any advice as to what WebLogic is doing here. This behavior does not seem to be
  compliant with the JAAS spec. Here is a snippet of my login method:
  public boolean login() throws LoginException {
  if (callbackHandler == null)
  throw new LoginException("Error: blah blah");
  Callback[] callbacks = new Callback[2];
  callbacks[0] = new NameCallback(USER);
  callbacks[1] = new PasswordCallback(PWD, false);
  try {
  callbackHandler.handle(callbacks);
  username = ((NameCallback)callbacks[USERCALLBACK]).getName();
  char[] tmpPassword = ((PasswordCallback)callbacks[PWDCALLBACK]).getPassword();
  if (tmpPassword == null) {
  tmpPassword = new char[0];
  password = new String(tmpPassword);
  Environment env = new Environment();
  env.setProviderUrl(url);
  env.setSecurityPrincipal(username);
  env.setSecurityCredentials(password);
  Authenticate.authenticate(env, subject);
  return verifyCredentials();
  } catch (java.io.IOException ioe) {
  throw new LoginException(ioe.toString());
  } catch (UnsupportedCallbackException uce) {
  throw new LoginException("Error: " + uce.getCallback().toString()
  + " not available");

  Weblogic 6.x does not support replaceable server side login modules and only
  supports login modules on the client.
  <[email protected]> wrote in message
  news:3cf36c98$[email protected]..
  >
  I have managed to write and deploy a custom login module that works justfine with
  other app servers (except WebLogic). I am using WebLogic 6.1 with sp2.When WebLogic
  starts up, it seems to be calling my custom login module with a user of"system".
  I then get the following exception:
  Authentication Failed: Unexpected Exception,weblogic.security.acl.DefaultUserInfoImpl
  java.lang.ClassCastException: weblogic.security.acl.DefaultUserInfoImpl
  <<no stack trace available>>
  I have updated the Server.policy file to only point to my custom loginmodule, WebLogic's
  system path points to the JAR with my login module and I can see themodule get called.
  Any advice as to what WebLogic is doing here. This behavior does notseem to be
  compliant with the JAAS spec. Here is a snippet of my login method:
  public boolean login() throws LoginException {
  if (callbackHandler == null)
  throw new LoginException("Error: blah blah");
  Callback[] callbacks = new Callback[2];
  callbacks[0] = new NameCallback(USER);
  callbacks[1] = new PasswordCallback(PWD, false);
  try {
  callbackHandler.handle(callbacks);
  username = ((NameCallback)callbacks[USERCALLBACK]).getName();
  char[] tmpPassword =((PasswordCallback)callbacks[PWDCALLBACK]).getPassword();
  >
  if (tmpPassword == null) {
  tmpPassword = new char[0];
  password = new String(tmpPassword);
  Environment env = new Environment();
  env.setProviderUrl(url);
  env.setSecurityPrincipal(username);
  env.setSecurityCredentials(password);
  Authenticate.authenticate(env, subject);
  return verifyCredentials();
  } catch (java.io.IOException ioe) {
  throw new LoginException(ioe.toString());
  } catch (UnsupportedCallbackException uce) {
  throw new LoginException("Error: " +uce.getCallback().toString()
  + " not available");

• How can I deliver to custom server-side LoginModule additional options?

  I need to deliver additional options to sever-side custom LoginModule when I use Weblogic Security Framework (Weblogic 9.2). How can I do it?

  So I'm guessing you want to take into account other factors in the auth decision? The sample authentication provider does show some additional context api's I believe, I haven't looked at it in awhile.
  I recommend that you concisely write your requirements with a detailed example and post the question in the WLS - Security forum which will have a more specialized focus on the security sub-system.
  WebLogic Server - Security

• Jsp Custom tags Weblogic 6.1

            Hi,
            I had posted a message before regarding the docs for weblogic custom tags, my
            query is whether the custom tags listed in the javadocs of weblogic api like BeanParamTag,
            FormAnchorTag etc should be used for development or not.
            Weblogic docs only talk about process, repeat and cache tags from development
            point of view.
            I'm studying the custom tags of weblogic 6.1.0 and i need to know whether the
            tags besides process,repeat and cache tags.
            Regards,
            Sujan
            

            Hi,
            I had posted a message before regarding the docs for weblogic custom tags, my
            query is whether the custom tags listed in the javadocs of weblogic api like BeanParamTag,
            FormAnchorTag etc should be used for development or not.
            Weblogic docs only talk about process, repeat and cache tags from development
            point of view.
            I'm studying the custom tags of weblogic 6.1.0 and i need to know whether the
            tags besides process,repeat and cache tags.
            Regards,
            Sujan
            

• Oc4j to Weblogic: JAAS login module in enterprise web application

  Hi Experts,
  I have a LoginModule defined in my existing EAR application.
  oc4j doc referece: http://download.oracle.com/docs/cd/B31017_01/web.1013/b28957/loginmod.htm#BABECDDC
  I already followed Developing Custom Security Provider : http://download.oracle.com/docs/cd/E12890_01/ales/docs32/dvspisec/progrmng.html
  How can I integrate LoginModule same way in weblogic..(10.3.4) thank you all in advance. Already know the process of MBean jar and configuring it in weblogic console.
  But Standalong MBean JAR can't find my Custom LoginModule defined in EAR which I am pointing from my CustomSecurityProvider thru
  getLoginModuleConfiguration()Thanks for reading my post.. hoping to get some response..

  is this even possible, is it a bug? anybody from weblogic team??

• How to store Custom principal in Oracle ADF security Framework

  Hi guys, hope somebody will help me out.
  I am facing the following issue, i need to have a custom principal instance after oracle adf security frame work does authenticate and authorize user.
  My custom principal instance should have per say addition attribute, say clientId. I am using Jdeveloper 11.1.2.4 and i setup weblogic to use ReadOnlySQLAuthenticator(it does most of desired functionality).
  As far as i get it, i would have to implement a custom provider to have a chance to implement a custom LoginModule, so i can set it up to use my custom principal, am i right ? and i am not sure how ReadOnlySQLAuthenticatorImpl that i chose in weblogic is bound to
  DBMSAtnLoginModuleImpl (i mean how does it knows what LoginModule should it use) and if i can , how can i make  ReadOnlySQLAuthenticatorImpl  use my custom LoginModule.
  Sorry if i violated forum rules.

  and i am not sure how ReadOnlySQLAuthenticatorImpl that i chose in weblogic is bound to
  DBMSAtnLoginModuleImpl (i mean how does it knows what LoginModule should it use)
  This info is returned by getLoginModuleConfiguration(): AuthenticationProvider (BEA WebLogic Server 10.0 API Reference)
  Dario