4 Replies Latest reply: Oct 6, 2008 2:55 PM by PaKo RSS

    JDev 11g (Embbeded OC4J) JAAS problem

    663134
      Hi,
      I done some simple configuration for JAAS (users and roles in database) with 'Tools\Adf Security Wizard'. After that I copy some things to jps-config.xml (server file). My config files are:

      in jps-config.xml at C:\Documents and Settings\XXXXX\Application Data\JDeveloper\system11.1.1.0.22.49.49\o.j2ee\embedded-oc4j\config\

      <property value="true" name="custom.provider"/>
      <property value="doasprivileged" name="oracle.security.jps.jaas.mode"/>

      ...

      <serviceInstance provider="jaas.login.provider" name="dbxxxxx.loginmodule">
      <property value="oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule" name="loginModuleClassName"/>
      <property value="oracle.security.jazn.login.module.db.util.DBLoginModuleMD5Encoder" name="pw_encoding_class"/>
      <property value="false" name="debug"/>
      <property value="REQUIRED" name="jaas.login.controlFlag"/>
      <property value="false" name="addAllRoles"/>
      <property value="FINEST" name="log.level"/>
      <property value="password" name="passwordField"/>
      <property value="role_name" name="groupMembershipGroupFieldName"/>
      <property value="jdbc/XXXXXDS" name="data_source_name"/>
      <property value="user_id" name="roles_fk_column"/>
      <property value="usro_user_role" name="groupMembershipTableName"/>
      <property value="user_id" name="user_pk_column"/>
      <property value="login" name="usernameField"/>
      <property value="user_user" name="table"/>
      </serviceInstance>

      ...

      <jpsContext name="default">
      <serviceInstanceRef ref="credstore"/>
      <serviceInstanceRef ref="dbxxxxx.loginmodule"/>
      <serviceInstanceRef ref="idstore.xml"/>
      <serviceInstanceRef ref="policystore.xml"/>
      <serviceInstanceRef ref="idstore.loginmodule"/>
      <serviceInstanceRef ref="idm"/>
      </jpsContext>

      my orion-application.xml look like this:

      <?xml version = '1.0' encoding = 'UTF-8'?>
      <orion-application xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="http://xmlns.oracle.com/oracleas/schema/orion-application-11_0.xsd"/>

      I have similar configuration in jps-config.xml in my project (one difference is:)
      ...
      <jpsContexts default="test">
      <jpsContext name="test">
      <serviceInstanceRef ref="credstore"/>
      <serviceInstanceRef ref="dbxxxxx.loginmodule"/>
      </jpsContext>
      ...

      The problem is when I try to login into page (I put login and password to html page) - I have one warning in the debug console and I am redirected to the error login page. It looks like the login module is not enterted at all.

      login page:
      ...
      <form method="POST" action="j_security_check">
      <table>
      <tr><td>User name:</td><td><input type="text" name="j_username" /></td></tr>
      <tr><td>Password:</td><td><input type="password" name="j_password" /></td></tr>
      <tr><td><input type="submit" value="Login" /></td></td></tr>
      </table>
      </form>
      ...

      The warning is:

      2008-10-02 19:04:22 oracle.classloader.util.ClassLoadLogger log
      WARNING: Application loader current-workspace-app.web.test-ViewController-webapp:0.0.0 may not use /C:/jdeveloper/jdevstudio1111/j2ee/home/lib/oc4j-internal.jar (from <code-source> in META-INF/boot.xml in C:\jdeveloper\jdevstudio1111\j2ee\home\oc4j.jar)

      Do I have to import some libraries to embedded oc4j server or do some more configuration to start working with JAAS in jdev ??
      Is there any way to put embedded server in debug (FINEST) log mode to see what is happening on login ??

      PS
      Sory for my English :P
        • 1. Re: JDev 11g (Embbeded OC4J) JAAS problem
          Frank Nimphius-Oracle
          Hi,

          the warning seems to be unrelated. If possible, put print statements into your LoginModule to see what happens inside and if the user could be authenticated. Note that using ADF Security for authorization requires changes in the policy files to reference the custom principal classes. JDeveloper 11 releases with WLS, which means that this part of the security integration also has changed.

          I am planning to start blogging about security configuration in JDeveloper 11 as soon as the production release is out to address challenges like yours: http://www.oracle.com/technology/products/jdev/tips/fnimphius/index.html

          Frank
          • 2. Re: JDev 11g (Embbeded OC4J) JAAS problem
            PaKo
            Hi!

            I would first try to move your embedded OC4J from "C:\Documents and Settings\XXXXX\Application Data\JDeveloper\system11.1.1.0.22.49.49\o.j2ee\embedded-oc4j\". TP4 has a limitation not to support running from paths which contain spaces (like "C:\Documents and Settings\").

            Look here:
            [http://biemond.blogspot.com/2007/11/jdeveloper-11g-single-user-mode.html]

            It solved few of my problems...

            Still, keep in mind what Frank said: in R1 the security will chnage... I beleive many JAZN stuff will not be there anymore...

            Regards,

            PaKo
            • 3. Re: JDev 11g (Embbeded OC4J) JAAS problem
              663134
              Yes it could help but I used "oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule" witch is in one of oracle jar files - jazncore.jar. So System.out.println(...) is not so good solution.
              "Note that using ADF Security for authorization requires changes in the policy files to reference the custom principal classes." <- I dont understand that. In jdeveloper 10.1.3 you have to implement some interface for login module, user and roles and nothing else. Some people in the forum wrote that this configuration is enought (for jdeveloper 11g but I don't know witch version). I dont understand why this is so hard to configure - jazn in jdev 10 is much more simpler (acegi<spring> security is much more user friendly,      unfortunately jaas(oracle jazn) is the java standard :P)

              I am waiting for Your blog.
              • 4. Re: JDev 11g (Embbeded OC4J) JAAS problem
                PaKo
                Hi!

                As far as I understand, JAZN is not supported anymore in TP4 or in R1 of 11g. The new JSP (Java Security Platform) replaces old JAZN things so, your comparison with 10g JAZAN config is misleading. I also think that database login module you are using from jazn library is not supported with JPS. You can write custom login module for database login in your app, though.

                Anyhow, in order to run your app well, you should avoid spaces in path of your embedded OC4J! It will not work like this.

                Regards,

                PaKo