jaas - Simple TAI (TrustAssociationInterceptor) with Websphere AS -


trying make simple implementation of tai. created tai class each user set login "user1" , "user-group" list without using userregistry. added role-group mapping ear-file ("user-group"=>"user-role"). added security constraint war: allow access resources users role "user role". after trying access page have 403 error:

[11.05.15 19:43:27:444 msk] 0000007c webcollaborat   secj0129e: ... user2:defaultwimfilebasedrealm ... default_host:/war/page.html, authorization failed, not granted of required roles: user-role

what wrong? using 8.5.5.

my tai implementation:

package ru.test.tai;  // imports  public class simpletai implements trustassociationinterceptor {     public simpletai() {         super();     }      public boolean istargetinterceptor(httpservletrequest req)             throws webtrustassociationexception {         system.out.println("istargetinterceptor called");         if (req.getrequesturi().matches(".*war.*")) {             system.out.println("true");             return true;         } else {             system.out.println("false");             return false;         }     }      public tairesult negotiatevalidateandestablishtrust(httpservletrequest req,             httpservletresponse resp) throws webtrustassociationfailedexception {          string userid = "user2";         string uniqueid = "user2";         list<string> groups = new arraylist<string>();         groups.add("user-group");         string key = "user1key";         subject subject = createsubject(userid, uniqueid, groups, key);         return tairesult.create(httpservletresponse.sc_ok, "notused", subject);     }      public int initialize(properties arg0)             throws webtrustassociationfailedexception {         return 0;     }      public string getversion() {         return "1.0";     }      public string gettype() {         return this.getclass().getname();     }      public void cleanup() {     }      private subject createsubject(string userid, string uniqueid, list groups,             string key) {         subject subject = new subject();         hashtable hashtable = new hashtable();         hashtable.put(attributenameconstants.wscredential_uniqueid, uniqueid);         hashtable.put(attributenameconstants.wscredential_securityname, userid);         hashtable.put(attributenameconstants.wscredential_groups, groups);         system.out.println("subject cache key " + key);         hashtable.put(attributenameconstants.wscredential_cache_key, key);         subject.getpubliccredentials().add(hashtable);          return subject;     } }

ibm-application-bnd.xml:

<?xml version="1.0" encoding="utf-8"?> <application-bnd xmlns="http://websphere.ibm.com/xml/ns/javaee"     xmlns:xsi="http://www.w3.org/2001/xmlschema-instance"     xsi:schemalocation="http://websphere.ibm.com/xml/ns/javaee          http://websphere.ibm.com/xml/ns/javaee/ibm-application-bnd_1_0.xsd"     version="1.0">      <security-role name="user-role">         <group name="user-group" />     </security-role> </application-bnd>

if using groups non existing in registry, in ibm-application-bnd.xml have add access-id (sample shows user, group):

<security-role name="user-role">    <user name="test" access-id="user:defaultwimfilebasedrealm/test"/>    <group name="user-group" access-id="group:defaultwimfilebasedrealm/user-group"/> </security-role>

realm should match configured user registry.


Comments

Post a Comment

Popular posts from this blog

android - MPAndroidChart - How to add Annotations or images to the chart -

i working latest mpandroidchart library , looking way add annotations or images clickable. example: once data reaches value event occurs want able display user - there multiple events can occur annotations (not sure if right word) or image added @ point in chart. any pointers welcome. check documentation of yaxis . focus on setspacetop(...) , setaxismaxvalue(...) methods. for background: bar-shadow , disable calling: barchart.setdrawbarshadow(false) or change color: bardataset.setbarshadowcolor(int color)
Read more

javascript - Add class to another page attribute using URL id - Jquery -

i have attached id url. ex: when click link 1 , has #tab-2 id , takes me landing page. in landing page have find element has #tab-2 id have add class .active . i tried no luck. please 1 correct code. thanks js fiddle link html <div class="menu"> <ul> <li><a href="http://jsfiddle.net/gscyoa0j/1/#tab-2">link 1</a></li> <li><a href="http://jsfiddle.net/gscyoa0j/1/#tab-44">link 2</a></li> <li><a href="http://jsfiddle.net/gscyoa0j/1/#tab-74">link 3</a></li> </ul> </div> landing page <div class="tab"> <ul> <li><a id="tab-2" class="active" >link 1 content</a></li> <li><a id="tab-44" >link 2 content</a></li> <li><a id="tab-74" >link 3 content</a></l...
Read more

firefox - Where is 'webgl.osmesalib' parameter? -

i'm trying webgl running on firefox (v37.0.2) via software acceleration mesa. tried following steps have been stated in article: http://www.binarytides.com/enable-webgl-firefox-ubuntu/ however, unable find parameter named ' webgl.osmesalib ' in about:config section? has been removed (or renamed)? if yes, how should instruct firefox use mesa's software acceleration webgl? looks support osmesa removed in favour llvmpipe.
Read more