Sitemap

Amicuk Programming Answers

Assign application roles after authentication

-0001-11-30   Views:0

Advertisement

Hi, It's been some time now I'm struggling with this issue... I have a client application (not a web one) trying to access an EJB resource. The EJB is first looked up through jndi and then asked to invoke a method, say test(). In ejb-jar.xml I have t

Hi,
It's been some time now I'm struggling with this issue...
I have a client application (not a web one) trying to access an EJB resource.
The EJB is first looked up through jndi and then asked to invoke a method, say test().
In ejb-jar.xml I have the following:
<security-role >
<role-name>AN_APP_ROLE</role-name>
</security-role>
<method-permission >
<role-name>AN_APP_ROLE</role-name>
<method >
<ejb-name>EJB NAME</ejb-name>
<method-intf>Remote</method-intf>
<method-name>test</method-name>
<method-params>
</method-params>
</method>
</method-permission>
I manage to have OID perform the authentication, so that I can perform the EJB lookup and call non protected methods. Issues arise when trying to get the roles working.
I know that i can <security-role-mapping> AN_APP_ROLE to an oid group; what I am trying to accomplish is to have oid do the authentication and be able to fetch the application roles from a database.
As a starting point what I've done is a client LoginModule that first authenticates against the OID (by looking up an EJB resource) and then, in the commit(), do the following:
this.subject.getPrincipals ().add (new RoleExtended("AN_APP_ROLE"));
Nevertheless access is denied when the client tries to access the protected test() method.
It seems that somehow even if the Subject has the role within its principals, the container doesn't threat it such.
I am pretty stuck, and starting to wonder if this is the right approach...Nevertheless I don't think putting the application roles in oid is a good idea, since application roles should remain an application property not a enterprise directory one.
Any hint?!
cheers,
Francesco
p.s: in jazn.xml I have
<property name="role.mapping.dynamic" value="true"/>

The replay answer
Advertisement
Hi,
It's been some time now I'm struggling with this issue...
I have a client application (not a web one) trying to access an EJB resource.
The EJB is first looked up through jndi and then asked to invoke a method, say test().
In ejb-jar.xml I have the following:
<security-role >
<role-name>AN_APP_ROLE</role-name>
</security-role>
<method-permission >
<role-name>AN_APP_ROLE</role-name>
<method >
<ejb-name>EJB NAME</ejb-name>
<method-intf>Remote</method-intf>
<method-name>test</method-name>
<method-params>
</method-params>
</method>
</method-permission>
I manage to have OID perform the authentication, so that I can perform the EJB lookup and call non protected methods. Issues arise when trying to get the roles working.
I know that i can <security-role-mapping> AN_APP_ROLE to an oid group; what I am trying to accomplish is to have oid do the authentication and be able to fetch the application roles from a database.
As a starting point what I've done is a client LoginModule that first authenticates against the OID (by looking up an EJB resource) and then, in the commit(), do the following:
this.subject.getPrincipals ().add (new RoleExtended("AN_APP_ROLE"));
Nevertheless access is denied when the client tries to access the protected test() method.
It seems that somehow even if the Subject has the role within its principals, the container doesn't threat it such.
I am pretty stuck, and starting to wonder if this is the right approach...Nevertheless I don't think putting the application roles in oid is a good idea, since application roles should remain an application property not a enterprise directory one.
Any hint?!
cheers,
Francesco
p.s: in jazn.xml I have
<property name="role.mapping.dynamic" value="true"/>

Go to See the other 3 answers

Assign application roles after authentication

Category:DefaultRelease time:-0001-11-30Views:130

Hi, It's been some time now I'm struggling with this issue... I have a client application (not a web one) trying to access an EJB resource. The EJB is first looked up through jndi and then asked to invoke a method, say test(). In ejb-jar.xml I have t[More]

Assign Application Roles

Category:DefaultRelease time:2015-10-11Views:130

Hi All, I am new to SOA and I want to know how to assign application roles (Not global roles) through EM Console. As, I am unable to assign the roles through  BPM workspace. I can go to the administrator tab and assign the roles to me. But in the tas[More]

Error assigning users to application Role in Obiee 11.1.1.7.0

Category:DefaultRelease time:2015-10-11Views:130

Hello I installed Obiee 11.1.1.7.0 both on Windows and Linux platform and after that, I successfully set Active Directory integration. I have a problem assigning users to Application Role in EM. When I'm trying to search a user on Display name, the P[More]

OBIEE 11g issue - same user assigned to the multiple application role

Category:DefaultRelease time:2015-10-11Views:130

Hi All, We are facing an issue when assigning a user to the multiple application role and applying the data level filter on the different column of the same table. For example, we have a table Department with three columns Department No, Department n[More]

Assigning App Builder and Application roles using Account Administration Tool

Category:DefaultRelease time:-0001-11-30Views:130

If you have a DPS Enterprise or Professional Account and need to assign App Builder or Application role to an id to in case you need to create a new id with these roles, refer to the following documentation: Assigning App Builder and Application role[More]

Assigning user roles in my application in a programatic way

Category:DefaultRelease time:-0001-11-30Views:130

Hi, How can I assign user roles in a programatic way when I am using the Sun One 7 server? Is that possible? Thanks, Wanderley.Sorry, but I need to know HOW can I assign roles( RolesPrincipals) to the container Subject (using JAAS)? When I am using,[More]

Need help with data filtering on groups/application roles

Category:DefaultRelease time:-0001-11-30Views:130

Hello, I have a situation where I have to apply security on objects (reports, prompts etc) and dimension members (Essbase cube). So the idea is like this: Report 1: access to three users (U1, U2, U3), but for dimension Company they have separate righ[More]

Error while trying to assign a role via CUP in Portal

Category:DefaultRelease time:2015-10-11Views:130

Hello Experts, I am trying to  create a request to assign a role in EP via CUP ( 5.3) EP Connector is working fine as I have imported Portal roles etc SPML service is working fine I have done the  mapping in the Provisioning tab for Portal system log[More]

LDAP user to application role mapping

Category:DefaultRelease time:2015-10-11Views:130

Hi All, OBIEE 11.1.1.5 I have a table with ldap username and role. I have also configured external LDAP server in RPD. Users are able to login to portal. Can some one guide me, how to make sure that when user login to OBIEE automatically by table the[More]

Assigning the role to the group using MAXL

Category:DefaultRelease time:-0001-11-30Views:130

Hi, We are using Essbase 11.1.1.3 and Hyperion Financial Reports 11.1.13. I have created a role called "Standard_user_HFR" in shared Services and assgined Explorer and viewer to the role and i need to assign the role to the groups and i have aro[More]

Need Help for role based authentication

Category:DefaultRelease time:-0001-11-30Views:130

Hi, I am creating a web application which will run on Linux-apache using jsp and oracle as database. This web application will show information about customers. I want to create role based authentication, which has read only access for cuatomers so t[More]

Hot
I have been having a problem for at least almost 2 months with setting a new visual voicemail greeting. Everytime I go to the greeting part it says retrieving and it has been stuck in that part for a month. The latest update I got didn't do anything. [More]
I tried with installing pacman -S xorg-server and xorg-apps then i have given installation for kde and gnome using  pacman -Sy kde kdm xorg-xinit dbus gnome gnome-extra. But it is asking me to replace some softwares.. At the end after downloading whi [More]
The Apple video tutorial was just a commercial. Other info I found on Apple site was for the iPad. I have a MacBook Pro. I need to learn how to use iMovie '11 from the start. Very start. To borrow a line from a movie 'Talk to me like I'm a 5-year-old [More]
I'm using the following code to send a HTML and text e-mail (text for people with HTML-challenged email clients). I sent 2 emails to 2 email addresses which reside on the same server - eg. [email protected] and [email protected] - and read the emails with [More]
Hi experts, I'm having the following problem: I created an Interactive Form in WDA. The default language is 'enUS'. I want to translate the form to other languages, so I selected 'goto'-->'translation' and selected nlNL (dutch) as target language. Af [More]
I udpated pck from sp9 to sp14, now I want to Assign roles in Security Provider, but function is disabled, How to enable it? I installed successfully last time. but at that time, sap team in my company installed both a ABAP system and java system. th [More]
Happy 3G day everyone! I've taken off of work today and already completed the work I needed to for the day (Faxed some stuff and had a phone conference and went through my emails from overnight) I have nothing to do today but to wait! So did you take [More]
Hi, I've had the iphone 4 for a bit over 2 weeks now. All of the sudden, I notice that the phone does not make a locking noise, give me keypad tones play game music etc. I do however, get music playing with the ipod on it without headphones, as the m [More]
how to know about my iphone came fromIf you purchased it from a legitimate, authorized source, you wouldn't have to ask. Ask whoever you purchased it from. If you can activate it and look under Settings>General>About, check the model #. What does it [More]
Y can't I log into Facebook. Got new iPad and did the ISO7 update, now it won't work. Have reset it, deleted fb but still nothingIf cant log into Facebook, you will just have to go on to safari and do Facebook on there but also you could try deleting [More]