• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Tim Cooke
  • paul wheaton
  • Paul Clapham
  • Ron McLeod
Sheriffs:
  • Jeanne Boyarsky
  • Liutauras Vilda
Saloon Keepers:
  • Tim Holloway
  • Carey Brown
  • Roland Mueller
  • Piet Souris
Bartenders:

Help: LDAP Authentication x RMI

 
Greenhorn
Posts: 11
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I'm using Oracle Internet Directory (OID) for authentication and authorization of the users of mine applications J2EE. However, I have some difficulties to make the authentication when I need to make a communication RMI between two applications in differents OC4J instances.
I configured a properties file ('jndi.properties') in an "client application" to make a call RMI for a SessionBean of a "server application".
<!-- jndi.properties -->
java.naming.factory.initial=com.evermind.server.rmi.RMIInitialContextFactory
java.naming.provider.url=ormi://server/app
java.naming.security.principal=<user>
java.naming.security.credentials=<password>
dedicated.connection=true
<!-- end -->
When the "Server Application" makes the authentication in a XML file (jazn-data.xml or principals.xml), this communication (authentication) works, and "client application" obtains to recoup the information of the OID through the "server application".
But, when I configure the "server application" to make the authentication in the OID (changing the orion-application.xml with 'jazn provider=ldap'), I receive the following error: "error Lookup: javax.naming.AuthenticationException: Invalid username/password ".
<!-- orion-application.xml >
...
<jazn provider="LDAP" location="ldap://<server>:<porta>" default-realm="jazn.com">
<jazn-web-app auth-method="SSO"/>
</jazn-->
...
<!-- end -->
I believe problem still around the permission that I need to grant to User in the OID, that reflect the jazn-policy following:
<!-- jazn-data.xml -->
...
<jazn-policy>
<grant>
<grantee>
<principals>
<principal>
<realm-name>jazn.com</realm-name>
<type>user</type>
<class>oracle.security.jazn.spi.xml.XMLRealmRole</class>
<name>jazn.com/myUser</name>
</principal>
</principals>
</grantee>
<permissions>
<permission>
<class>com.evermind.server.rmi.RMIPermission</class>
<name>login</name>
</permission>
</permissions>
</grant>
</jazn-policy>
...

Observe that the User/Password specified in the properties file (jndi.properties) exists in the OID and that this problem ONLY happens when I need to make communication RMI between two applications.
Can anybody help me ?
Mauricio Silva.
 
High Plains Drifter
Posts: 7289
Netbeans IDE VI Editor
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I don't see how this problem has anything to do with RMI.
 
Mauricio Silva
Greenhorn
Posts: 11
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
The problem ONLY occurr with RMI communication.
Did you learn ?
 
Greenhorn
Posts: 6
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
We are also facing the same problem. Can anybody provide the solution to this.

Thanks in advance

regards,
Raja Ramesh Kumar M
 
Greenhorn
Posts: 4
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
The problem is that RMI cannot authenticate against form or SSO based authentication mechanisms (the same holds true for SOAP). What you need is basic HTTP authentication using LDAP. Oracle says that this is not supported in this release (10.1.2) of JAZN/iAS, however, I don't see why someone couldn't develop a custom authentication module similiar to a Third Party Authentication Module (TPAM).
 
Patrick Sculley
Greenhorn
Posts: 4
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
When you deploy your web app to OC4J, the working copy of orion-application.xml under (.../application-deployments) is updated with
<jazn-web-app auth-method="SSO"/>
The unsupported mehtod for accomlishing this is to remove this line from the deployed orion-application.xml. This will enable JAZN-LDAP to operate with BASIC HTTP Authentication. As stated above, this type of authentication is required for SOAP, Web Services, RMI..
 
Sheriff
Posts: 9109
12
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Are you using OC4J or OAS? In OAS you need to change a setting in the server. In OC4J, the functionality is not yet present.
 
With a little knowledge, a cast iron skillet is non-stick and lasts a lifetime.
reply
    Bookmark Topic Watch Topic
  • New Topic