File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes Security and the fly likes Add OPSS security to a java EE application Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Murach's Java Servlets and JSP this week in the Servlets forum!
JavaRanch » Java Forums » Engineering » Security
Bookmark "Add OPSS security to a java EE application" Watch "Add OPSS security to a java EE application" New topic
Author

Add OPSS security to a java EE application

Keerthy Jayraj
Greenhorn

Joined: May 15, 2012
Posts: 1
Hi,
I have a Java EE application running on a standalone WLS. Now I have to implement OPSS for authorization purpose.

Iam trying to add a JPSFilter in web.xml as follows:
<filter>
<filter-name>JpsFilter</filter-name>
<filter-class>oracle.security.jps.ee.http.JpsFilter</filter-class>
<init-param>
<param-name>enable.anonymous</param-name>
<param-value>true</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>JpsFilter</filter-name>
<url-pattern>/servletTest</url-pattern>
<dispatcher>FORWARD</dispatcher>
<dispatcher>REQUEST</dispatcher>
<dispatcher>INCLUDE</dispatcher>
</filter-mapping>

Now i am unable to access the URL /servletTest as an anonymous user.I am Getting the follwing stacktrace.

java.security.AccessControlException: access denied (oracle.security.jps.JpsPermission AppSecurityContext.setApplicationID.null)
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:374)
at java.security.AccessController.checkPermission(AccessController.java:546)
at oracle.security.jps.util.JpsAuth$AuthorizationMechanism$3.checkPermission(JpsAuth.java:458)
at oracle.security.jps.util.JpsAuth.checkPermission(JpsAuth.java:518)
at oracle.security.jps.util.JpsAuth.checkPermission(JpsAuth.java:544)
at oracle.security.jps.runtime.AppSecurityContext.setApplicationID(AppSecurityContext.java:109)
at oracle.security.jps.internal.api.runtime.AppSecurityContext.setApplicationID(AppSecurityContext.java:53)
at oracle.security.jps.internal.common.util.SetApplicationIDAction.run(SetApplicationIDAction.java:39)
at java.security.AccessController.doPrivileged(Native Method)
at oracle.security.jps.ee.http.JpsAbsFilter.doFilter(JpsAbsFilter.java:192)
at oracle.security.jps.ee.http.JpsFilter.doFilter(JpsFilter.java:71)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at weblogic.servlet.internal.RequestDispatcherImpl.invokeServlet(RequestDispatcherImpl.java:527)
at weblogic.servlet.internal.RequestDispatcherImpl.forward(RequestDispatcherImpl.java:253)
at weblogic.servlet.jsp.PageContextImpl.forward(PageContextImpl.java:159)
at jsp_servlet.__index._jspService(__index.java:80)
at weblogic.servlet.jsp.JspBase.service(JspBase.java:34)
at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:301)
at weblogic.servlet.internal.ServletStubImpl.onAddToMapException(ServletStubImpl.java:416)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:327)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:184)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun(WebAppServletContext.java:3729)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3696)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2273)
at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2179)
at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1490)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:256)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)


How can i add role management to this; ie enable access for /servletTest for one particular role? say anonymous-role itself?
 
Don't get me started about those stupid light bulbs.
 
subject: Add OPSS security to a java EE application
 
Similar Threads
Problems with Java Melody
Managed beans aren't constructed running on JBoss 5.1.0 (works fine with Tomcat 6)
Running an applet in Wicket 1.3.5
Writing Russian characters to XML file
richfaces and problems with navigation