• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

WebLogic Security - Problems whle calling weblogic custom Authentication

 
Greenhorn
Posts: 3
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I have created a weblogic custom authentication provider. This is packaged in a jar file called MyAuth.jar.
I have kept that jar file in WL_HOME/server/lib/mbeantypes.

I started the weblogic 10.2 server. I logged into the Admin console.
Inside Security Releam I created a new Authentication provider and selected my MyAuth Authenication provider.

Now I created a webApplication and want to call this authenication provider to authenicate the username / password of the user.

How will I call this provider through the program.

I tried using Authentication.login(username, password, request, response)
method. But I am getting some exception.
I am not able to find the exact cause of this problem.

Can someone tell me how to call this custom Authentication provider through my program?
 
Bartender
Posts: 6663
5
MyEclipse IDE Firefox Browser Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

But I am getting some exception.



What is the exception ?

Can someone tell me how to call this custom Authentication provider through my program?



Is the provider not supposed to do that on its own. Declaratively, I would expect the provider to understand my auth requirements. Example, mention the user principal, group etc in web.xml and the provider should be able to tell me through j_security_check if the user exists in the realm. Is that not what you are trying to do ?
 
Prasanna Kanvinde
Greenhorn
Posts: 3
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I want to know whether my call Authentication.login(usename, password, request, response) is correct or not.

Or

Is there another way to call the authenticator.

Also How will Weblogic 10.2 decide which authenticator to call if I have many custom providers

I have written my program in this fashion

Sopln("Before Calling");
Authentication.login(usename, password, request, response)
Sopln("After Calling");

It prints Before calling and stops. I do not know what the exception is. I have put sopln in my provider class, these are also not getting printed.

I don't even know whether my custom provider gets called or not.

I did not find this anywhere in the BEA doc or anywhere on the internet.

I want to make sure that my provider gets called. What is the way of doing this?

Can someone please help in resolving this issue.?
 
Deepak Bala
Bartender
Posts: 6663
5
MyEclipse IDE Firefox Browser Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

It prints Before calling and stops. I do not know what the exception is. I have put sopln in my provider class, these are also not getting printed.



Did you try catching one ?

Why are you trying to explicitly call this authenticator ?

Inside Security Releam I created a new Authentication provider and selected my MyAuth Authenication provider.



You have already configured the authenticator so why not use a declarative config ?
 
Prasanna Kanvinde
Greenhorn
Posts: 3
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
What is a declarative config?

Do I need to call this authenticator explicitly? If not, then, what is the way to make sure that this gets called?

If I do not call this authenticator then it does not get called while login the user.

 
Deepak Bala
Bartender
Posts: 6663
5
MyEclipse IDE Firefox Browser Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Lets say you use a LDAP authentication provider. Weblogic's job is to tell anyone asking weblogic if a particular user name and password are valid. It is the provider's job to enable the client and weblogic to understand each other. I am assuming the provider provides some interfaces that enable you to define this since I have never implemented the provider myself.

Once you assign the provider to weblogic, you can use the security based elements in web.xml to constrain a web resource and require that a user be authenticated. This in tandem with weblogic.xml can enable what you are trying to do. The web.xml file can use declarative form based authentication for example.

Here is some help for web.xml from WL 10 docs

http://edocs.bea.com/wls/docs100/webapp/web_xml.html#wp1017885

I think mapping users to principal can be done with this element in weblogic.xml (WL 10 docs)

http://edocs.bea.com/wls/docs100/webapp/weblogic_xml.html#wp1040908
 
Greenhorn
Posts: 9
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
@Prasanna : Can you send us the source code or the domain's config.xml, I was trying to implement a custom authentication but it's giving me exception when server starts up

<Jun 2, 2010 9:19:32 AM EEST> <Error> <Security> <BEA-090870> <The realm "myrealm" failed to be loaded: weblogic.security.service.SecurityServiceException: com.bea.common.engine.Se
rviceInitializationException: com.bea.common.engine.SecurityServiceRuntimeException: [Security:097533]SecurityProvider service class name for My Authentication Trial is not specified..

I don't understand what the problem is, I have already placed the jar file in WL_HOME/server/lib/mbeantypes
reply
    Bookmark Topic Watch Topic
  • New Topic