cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

access to InitialContext by username and password

Go to solution
Former Member

on ‎07-14-2006 12:09 PM

0 Kudos

hi,

I have implemented a web application, which gets resources via JNDI.

I am accessing JNDI by username and password:

Properties p = new Properties();

p.put(Context.INITIAL_CONTEXT_FACTORY, "com.sap.engine.services.jndi.InitialContextFactoryImpl");

p.put(Context.PROVIDER_URL, "localhost:50004");

p.put(Context.SECURITY_PRINCIPAL, "username1");

p.put(Context.SECURITY_CREDENTIALS, "password1");

javax.naming.Context ctx = new InitialContext(p);

Accessing the InitialContext works without any problems.

My webapplication provides the functionality, that the user can relogin within the application.

When the user pushes the relogin-button, the following code is run again

Properties p = new Properties();

p.put(Context.INITIAL_CONTEXT_FACTORY, guiConfig.getContext_factory());

p.put(Context.PROVIDER_URL, "com.sap.engine.services.jndi.InitialContextFactoryImpl");

p.put(Context.SECURITY_PRINCIPAL, "username2");

p.put(Context.SECURITY_CREDENTIALS, "password2");

javax.naming.Context ctx = new InitialContext(p);

So I would like to check the access to JNDI by username and password again.

Unfortunately I get an InitialContext EVEN WHEN MY PASSWORD IS WRONG.

It looks like InitialContext is not cleared and access to JNDI is not checked by username and password again.

Do I have to clear InitialContext before I relogin to the new InitialContext with the new username and new password; and if yes how can I do that?

Thanks for your help in advance!

Andreas

Message was edited by: Andreas Putscher

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎07-14-2006 12:19 PM
0 Kudos

Do you even require user name and password in the first case?

This is because your web application since is running inside the same environment , you need not even do all this stuff. From within your servlet, you can simply say

javax.naming.Context ctx = new InitialContext();

and you would still get a valid context reference to perform the lookup.

Credentials and the security stuff is required when you are connecting from outside the J2EE environment in which your server side components are living.

-- Amol

Show replies
Show replies
Former Member
‎07-15-2006 9:07 AM
0 Kudos

Hi Arnol,

You are perfectly right.

I have replaced

javax.naming.Context ctx = new InitialContext(p);

with

javax.naming.Context ctx = new InitialContext();

and J2EE environment still gave me an InitialContext. However if I do not specify any properties the InitialContext is initialized with user Guest.

So within a webapplication authentification by JNDI-InitialContext will not work.

Do you have an idea, how I can realize the relogin feature with authentification by username and password, I mentioned above, elsewhise?

Thanks for your help!

Andreas

former_member182372
Active Contributor
‎07-15-2006 9:49 AM
0 Kudos

Hi Andreas,

You can try to use method 

public Object addToEnvironment(String propName, Object propVal) throws NamingException

from Context interface. According to <a href="http://java.sun.com/j2se/1.4.2/docs/api/javax/naming/Context.html#addToEnvironment(java.lang.String,%20java.lang.Object)">this</a> it <i>Adds a new environment property to the environment of this context. If the property already exists, its value is <b>overwritten</b>. See class description for more details on environment properties.</i>

Best regards, Maksim Rashchynski.

Former Member
‎07-15-2006 3:23 PM
0 Kudos

Hi Maksim,

Thanks for your response.

Unfortunately the solution with Methode addToEnvironment() doesn't seem to work in my case:

When testing the following code for relogin purposes

1 javax.naming.Context ctx = new InitialContext();

2 ctx.addToEnvironment(Context.INITIAL_CONTEXT_FACTORY, "com.sap.engine.services.jndi.InitialContextFactoryImpl");

3 ctx.addToEnvironment(Context.PROVIDER_URL, "localhost:50004");

4 ctx.addToEnvironment(Context.SECURITY_PRINCIPAL, "username1");

5 ctx.addToEnvironment(Context.SECURITY_CREDENTIALS, "password1");

in line 1 J2EE environment returns user "Guest", line 2-5 DO set the environment variables. Nevertheless there is no check of username+password.

Any other suggestions?

Thanks for your help in advance!!!

Andreas

former_member182372
Active Contributor
‎07-16-2006 9:51 PM
0 Kudos

Hi Andreas,

2 and 3 you should apply by InitialContext creation.

Use 4 and 5 to relogin.

When you call lookup for example are new cridentials applied?

Best regards, Maksim rashchynski.

Former Member
‎07-17-2006 11:27 AM
0 Kudos

Hi Maksim

I have tried the following source (within my webapplication):

boolean isOldMethod = true;

if (isOldMethod) {

Properties p = new Properties();

p.put(Context.INITIAL_CONTEXT_FACTORY, "com.sap.engine.services.jndi.InitialContextFactoryImpl");

p.put(Context.PROVIDER_URL, "localhost:50004");

p.put(Context.SECURITY_PRINCIPAL, username);

p.put(Context.SECURITY_CREDENTIALS, password);

ctx = new InitialContext(p);

} else {

ctx = new InitialContext();

ctx.addToEnvironment(Context.INITIAL_CONTEXT_FACTORY, "com.sap.engine.services.jndi.InitialContextFactoryImpl");

ctx.addToEnvironment(Context.PROVIDER_URL, "localhost:50004");

ctx.addToEnvironment(Context.SECURITY_PRINCIPAL, username);

ctx.addToEnvironment(Context.SECURITY_CREDENTIALS, password);

}

Source code within on of my EJBs:

public void setSessionContext(SessionContext context) {

this.context = context;

}

public UserAuthorization getUserProfile(String userName, String applicationName) throws CasablancaException {

Principal prin = context.getCallerPrincipal();

//...

}

When I run oldMethod for INITIAL LOGIN and username+password are false,

- immediately an exception is thrown

-> THIS IS CORRECT BEHAVIOUR

When I run newMethod for INITIAL LOGIN and username+password are false,

- no exception is thrown,

- context.getCallerPrincipal() returns "Guest" (I have logged in with user "TESTUSER", who is Adminstrator)

-> WRONG BEHAVIOUR

When I run oldMethod for RELOGIN and username+password are false,

- no exception is thrown

- context.getCallerPrincipal() return the old user (Context HAS NOT CHANGED to new user)

-> WRONG BEHAVIOUR

When I run newMethod for RELOGIN and username+password are false,

- no exception is thrown

- context.getCallerPrincipal() return the old user (Context HAS NOT CHANGED to new user)

-> WRONG BEHAVIOUR

So in both cases (oldMethod and newMethod) no errors are thrown, but no Relogin to JNDI is performed.

Do you have any more suggestions?

Thanks for your help!

Andreas

Answers (1)

Answers (1)

Former Member
‎07-17-2006 5:43 PM
0 Kudos

Thanks for your help!

As I didn't get login via JNDI working, I am authenticating the user by directly calling UME and using a default system user for JNDI-calls.

Nethertheless I really, really apprecited your help!

Andreas

Show replies
Show replies
Ask a Question