Sitemap

Amicuk Programming Answers

Assign application roles after authentication

-0001-11-30   Views:0

Advertisement

Hi, It's been some time now I'm struggling with this issue... I have a client application (not a web one) trying to access an EJB resource. The EJB is first looked up through jndi and then asked to invoke a method, say test(). In ejb-jar.xml I have t

Hi,
It's been some time now I'm struggling with this issue...
I have a client application (not a web one) trying to access an EJB resource.
The EJB is first looked up through jndi and then asked to invoke a method, say test().
In ejb-jar.xml I have the following:
<security-role >
<role-name>AN_APP_ROLE</role-name>
</security-role>
<method-permission >
<role-name>AN_APP_ROLE</role-name>
<method >
<ejb-name>EJB NAME</ejb-name>
<method-intf>Remote</method-intf>
<method-name>test</method-name>
<method-params>
</method-params>
</method>
</method-permission>
I manage to have OID perform the authentication, so that I can perform the EJB lookup and call non protected methods. Issues arise when trying to get the roles working.
I know that i can <security-role-mapping> AN_APP_ROLE to an oid group; what I am trying to accomplish is to have oid do the authentication and be able to fetch the application roles from a database.
As a starting point what I've done is a client LoginModule that first authenticates against the OID (by looking up an EJB resource) and then, in the commit(), do the following:
this.subject.getPrincipals ().add (new RoleExtended("AN_APP_ROLE"));
Nevertheless access is denied when the client tries to access the protected test() method.
It seems that somehow even if the Subject has the role within its principals, the container doesn't threat it such.
I am pretty stuck, and starting to wonder if this is the right approach...Nevertheless I don't think putting the application roles in oid is a good idea, since application roles should remain an application property not a enterprise directory one.
Any hint?!
cheers,
Francesco
p.s: in jazn.xml I have
<property name="role.mapping.dynamic" value="true"/>

The replay answer
Advertisement
Hi,
It's been some time now I'm struggling with this issue...
I have a client application (not a web one) trying to access an EJB resource.
The EJB is first looked up through jndi and then asked to invoke a method, say test().
In ejb-jar.xml I have the following:
<security-role >
<role-name>AN_APP_ROLE</role-name>
</security-role>
<method-permission >
<role-name>AN_APP_ROLE</role-name>
<method >
<ejb-name>EJB NAME</ejb-name>
<method-intf>Remote</method-intf>
<method-name>test</method-name>
<method-params>
</method-params>
</method>
</method-permission>
I manage to have OID perform the authentication, so that I can perform the EJB lookup and call non protected methods. Issues arise when trying to get the roles working.
I know that i can <security-role-mapping> AN_APP_ROLE to an oid group; what I am trying to accomplish is to have oid do the authentication and be able to fetch the application roles from a database.
As a starting point what I've done is a client LoginModule that first authenticates against the OID (by looking up an EJB resource) and then, in the commit(), do the following:
this.subject.getPrincipals ().add (new RoleExtended("AN_APP_ROLE"));
Nevertheless access is denied when the client tries to access the protected test() method.
It seems that somehow even if the Subject has the role within its principals, the container doesn't threat it such.
I am pretty stuck, and starting to wonder if this is the right approach...Nevertheless I don't think putting the application roles in oid is a good idea, since application roles should remain an application property not a enterprise directory one.
Any hint?!
cheers,
Francesco
p.s: in jazn.xml I have
<property name="role.mapping.dynamic" value="true"/>

Go to See the other 3 answers

Assign application roles after authentication

Category:DefaultRelease time:-0001-11-30Views:130

Hi, It's been some time now I'm struggling with this issue... I have a client application (not a web one) trying to access an EJB resource. The EJB is first looked up through jndi and then asked to invoke a method, say test(). In ejb-jar.xml I have t[More]

Assign Application Roles

Category:DefaultRelease time:2015-10-11Views:130

Hi All, I am new to SOA and I want to know how to assign application roles (Not global roles) through EM Console. As, I am unable to assign the roles through  BPM workspace. I can go to the administrator tab and assign the roles to me. But in the tas[More]

Error assigning users to application Role in Obiee 11.1.1.7.0

Category:DefaultRelease time:2015-10-11Views:130

Hello I installed Obiee 11.1.1.7.0 both on Windows and Linux platform and after that, I successfully set Active Directory integration. I have a problem assigning users to Application Role in EM. When I'm trying to search a user on Display name, the P[More]

OBIEE 11g issue - same user assigned to the multiple application role

Category:DefaultRelease time:2015-10-11Views:130

Hi All, We are facing an issue when assigning a user to the multiple application role and applying the data level filter on the different column of the same table. For example, we have a table Department with three columns Department No, Department n[More]

Assigning App Builder and Application roles using Account Administration Tool

Category:DefaultRelease time:-0001-11-30Views:130

If you have a DPS Enterprise or Professional Account and need to assign App Builder or Application role to an id to in case you need to create a new id with these roles, refer to the following documentation: Assigning App Builder and Application role[More]

Assigning user roles in my application in a programatic way

Category:DefaultRelease time:-0001-11-30Views:130

Hi, How can I assign user roles in a programatic way when I am using the Sun One 7 server? Is that possible? Thanks, Wanderley.Sorry, but I need to know HOW can I assign roles( RolesPrincipals) to the container Subject (using JAAS)? When I am using,[More]

Need help with data filtering on groups/application roles

Category:DefaultRelease time:-0001-11-30Views:130

Hello, I have a situation where I have to apply security on objects (reports, prompts etc) and dimension members (Essbase cube). So the idea is like this: Report 1: access to three users (U1, U2, U3), but for dimension Company they have separate righ[More]

Error while trying to assign a role via CUP in Portal

Category:DefaultRelease time:2015-10-11Views:130

Hello Experts, I am trying to  create a request to assign a role in EP via CUP ( 5.3) EP Connector is working fine as I have imported Portal roles etc SPML service is working fine I have done the  mapping in the Provisioning tab for Portal system log[More]

LDAP user to application role mapping

Category:DefaultRelease time:2015-10-11Views:130

Hi All, OBIEE 11.1.1.5 I have a table with ldap username and role. I have also configured external LDAP server in RPD. Users are able to login to portal. Can some one guide me, how to make sure that when user login to OBIEE automatically by table the[More]

Assigning the role to the group using MAXL

Category:DefaultRelease time:-0001-11-30Views:130

Hi, We are using Essbase 11.1.1.3 and Hyperion Financial Reports 11.1.13. I have created a role called "Standard_user_HFR" in shared Services and assgined Explorer and viewer to the role and i need to assign the role to the groups and i have aro[More]

Need Help for role based authentication

Category:DefaultRelease time:-0001-11-30Views:130

Hi, I am creating a web application which will run on Linux-apache using jsp and oracle as database. This web application will show information about customers. I want to create role based authentication, which has read only access for cuatomers so t[More]

Hot
I have written more or less same code like following to send file from server to browser in other web applications, where browser displays Save As dialog box to the user, but the same code doesn't work with portal. following code part of a page flow [More]
Hi, just wondering is it possible to retrieve more info regarding report parameters using web service, I can only get following: multiValuesAllowed name values basically could a call register some other classes than call.setReturnClass(ReportDefiniti [More]
I have an account with both the apple site (for here) and for the itunes music store (and i have a current credit card on my account). when I upgraded to itunes 7, it says i do not have an account now....even tho it says to use your apple login (whic [More]
I have been using VS C++ 2003 in combination with the oracle instant client 10.2.0.4 in our tool. We now moved to VS C++ 2008 (Express Edition) and oracle instant client 11.1.0.6.0 as listed at [http://www.oracle.com/technology/tech/oci/occi/occidown [More]
Solved! Go to Solution.Hi cristhered, Call Technical Support Select your country or region to view the callcentre numbers Country or Region Problem Determination - It is the customer's responsibility to follow the service request procedures that your [More]
hi I'm gind of new to java and I was wondering after I add a file to a package with the "package" keyword where do I put it and do I compile it?it was helpful but it didn't answer all my questions where do you put the file?You can put it whereve [More]
hi THIS IS SRIDHAR i have installed BO 3.0 ON My system after that i am installing BO Dataservices 3.1 on my system, in installation time when it is creating repository i am using BO mysql DATABASE,but it is giving problem i.e cannot open connection [More]
Hey, Is it prossible to specify a pdf-form name at the pre-save event? So you can add the current date to the pdf-forms name. Thanks in advance RonnyRAny help pls? Thank you    Read other 3 answers [More]
i have created a custom ItemXSL in my sharepoint 2013 root site (style library>xsl style sheets) in th subsite i have exported a content query webpart and changed the itemxsllink property and specified the path starting from my root site eg: /roots [More]
upgraded to ios 6. and lost all my pictures. Don't have a backup. Is there anythig I can do to recover them?Doesn't sound like you have iCloud? If not, then no, you are out of luck.... GBRead other 2 answers [More]