This week's giveaway is in the Android forum.
We're giving away four copies of Android Security Essentials Live Lessons and have Godfrey Nolan on-line!
See this thread for details.
The moose likes Security and the fly likes Add OPSS security to a java EE application Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Engineering » Security
Bookmark "Add OPSS security to a java EE application" Watch "Add OPSS security to a java EE application" New topic
Author

Add OPSS security to a java EE application

Keerthy Jayraj
Greenhorn

Joined: May 15, 2012
Posts: 1
Hi,
I have a Java EE application running on a standalone WLS. Now I have to implement OPSS for authorization purpose.

Iam trying to add a JPSFilter in web.xml as follows:
<filter>
<filter-name>JpsFilter</filter-name>
<filter-class>oracle.security.jps.ee.http.JpsFilter</filter-class>
<init-param>
<param-name>enable.anonymous</param-name>
<param-value>true</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>JpsFilter</filter-name>
<url-pattern>/servletTest</url-pattern>
<dispatcher>FORWARD</dispatcher>
<dispatcher>REQUEST</dispatcher>
<dispatcher>INCLUDE</dispatcher>
</filter-mapping>

Now i am unable to access the URL /servletTest as an anonymous user.I am Getting the follwing stacktrace.

java.security.AccessControlException: access denied (oracle.security.jps.JpsPermission AppSecurityContext.setApplicationID.null)
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:374)
at java.security.AccessController.checkPermission(AccessController.java:546)
at oracle.security.jps.util.JpsAuth$AuthorizationMechanism$3.checkPermission(JpsAuth.java:458)
at oracle.security.jps.util.JpsAuth.checkPermission(JpsAuth.java:518)
at oracle.security.jps.util.JpsAuth.checkPermission(JpsAuth.java:544)
at oracle.security.jps.runtime.AppSecurityContext.setApplicationID(AppSecurityContext.java:109)
at oracle.security.jps.internal.api.runtime.AppSecurityContext.setApplicationID(AppSecurityContext.java:53)
at oracle.security.jps.internal.common.util.SetApplicationIDAction.run(SetApplicationIDAction.java:39)
at java.security.AccessController.doPrivileged(Native Method)
at oracle.security.jps.ee.http.JpsAbsFilter.doFilter(JpsAbsFilter.java:192)
at oracle.security.jps.ee.http.JpsFilter.doFilter(JpsFilter.java:71)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at weblogic.servlet.internal.RequestDispatcherImpl.invokeServlet(RequestDispatcherImpl.java:527)
at weblogic.servlet.internal.RequestDispatcherImpl.forward(RequestDispatcherImpl.java:253)
at weblogic.servlet.jsp.PageContextImpl.forward(PageContextImpl.java:159)
at jsp_servlet.__index._jspService(__index.java:80)
at weblogic.servlet.jsp.JspBase.service(JspBase.java:34)
at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:301)
at weblogic.servlet.internal.ServletStubImpl.onAddToMapException(ServletStubImpl.java:416)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:327)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:184)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun(WebAppServletContext.java:3729)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3696)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2273)
at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2179)
at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1490)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:256)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)


How can i add role management to this; ie enable access for /servletTest for one particular role? say anonymous-role itself?
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Add OPSS security to a java EE application
 
Similar Threads
Writing Russian characters to XML file
Problems with Java Melody
Managed beans aren't constructed running on JBoss 5.1.0 (works fine with Tomcat 6)
Running an applet in Wicket 1.3.5
richfaces and problems with navigation