Topic
IC4NOTICE: developerWorks Community will be offline May 29-30, 2015 while we upgrade to the latest version of IBM Connections. For more information, read our upgrade FAQ.
6 replies Latest Post - ‏2014-02-17T15:00:09Z by MandeepG
zbychfish
zbychfish
52 Posts
ACCEPTED ANSWER

Pinned topic ISIM 6.0 - security domain in WAS for organizational feed

‏2012-11-14T15:19:58Z |
Hi,
I am trying create the organizational feed to new ISIM 6.0
The new version assumes Security Domain and I have successfully logged to ISIM using WSLogin profile

system.setJavaProperty("java.security.auth.login.config", "c:\\jaas.conf");
system.setJavaProperty("com.ibm.CORBA.ConfigURL", "c:\\sas.client.props");
system.setJavaProperty("com.ibm.CORBA.securityServerHost", "10.8.8.10");
system.setJavaProperty("com.ibm.CORBA.securityServerPort", "2809");
contextFactory = "com.ibm.itim.apps.impl.websphere.WebSpherePlatformContextFactory";
appServerUrl = "iiop://10.8.8.10:2809";
ejbUser = "itim manager";
ejbPswd = "XXXX";
env = new Packages.java.util.Hashtable();
env.put(Packages.com.ibm.itim.apps.InitialPlatformContext.CONTEXT_FACTORY, contextFactory);
env.put(Packages.com.ibm.itim.apps.PlatformContext.PLATFORM_URL, appServerUrl);
env.put(Packages.com.ibm.itim.apps.PlatformContext.PLATFORM_PRINCIPAL, ejbUser);
env.put(Packages.com.ibm.itim.apps.PlatformContext.PLATFORM_CREDENTIALS, ejbPswd);
env.put(Packages.com.ibm.itim.apps.PlatformContext.PLATFORM_REALM, "itimCustomRealm");
platform = Packages.com.ibm.itim.apps.InitialPlatformContext(env);
handler = new Packages.com.ibm.websphere.security.auth.callback.WSCallbackHandlerImpl(ejbUser, "itimCustomRealm", ejbPswd);
lc = new Packages.javax.security.auth.login.LoginContext("WSLogin", handler);
lc.login();

Then I have tried to get the root of Organization

var container = new Packages.com.ibm.itim.apps.identity.ContainerManager(platform, userSubject);
root = container.getRoot();
and I have received an error:

com.ibm.itim.apps.ApplicationException: CORBA NO_PERMISSION 0x0 No; nested exception is:
org.omg.CORBA.NO_PERMISSION:
>> SERVER (id=4773e3aa, host=ISIM) TRACE START:
>> org.omg.CORBA.NO_PERMISSION: java.rmi.AccessException: ; nested exception is:
com.ibm.websphere.csi.CSIAccessException: SECJ0053E: Authorization failed for ??? while invoking (Home)ITIM#api_ejb.jar#enroleejb.OrganizationManagerHome create::2 null vmcid: 0x0 minor code: 0 completed: No

I assume that I have problem with correct configuration of CORBA in client environment

BTW: When I switched off security domain I can logon using old (5.1) method and get Root container info

Any suggestion?
  • lotim
    lotim
    72 Posts
    ACCEPTED ANSWER

    Re: ISIM 6.0 - security domain in WAS for organizational feed

    ‏2013-08-01T11:23:54Z  in response to zbychfish

    Hi,

    I have the same situation, same .CORBA.NO_PERMISSION error with com.ibm.websphere.csi.CSIAccessException: SECJ0053E: Authorization failed for ??? while invoking...

    The strange thing is that the ISIM java examples work fine but I can not seem to get passed this error, would be great if someone could chime in on this problem?

    /L-O

    • zbychfish
      zbychfish
      52 Posts
      ACCEPTED ANSWER

      Re: ISIM 6.0 - security domain in WAS for organizational feed

      ‏2013-08-01T13:30:27Z  in response to lotim

      Problem solved.

      The CORBA environment is not set in TDI java runtime

      Use configuration from ISIM WAS

      Should works!!!

       

      • lotim
        lotim
        72 Posts
        ACCEPTED ANSWER

        Re: ISIM 6.0 - security domain in WAS for organizational feed

        ‏2013-08-02T07:41:26Z  in response to zbychfish

        Hi!

        Thanks for the feedback!

        Can you elaborate a bit more regarding where I find the configuration in ISIM WAS and do you use system.setJavaProperty to set the cobra environment in TDI?

        Is this the place in ISIM WAS to find the cobra settings?
        Security domains > ISIMSecurityDomain > Custom properties

        Thanks,

        L-O

        Updated on 2013-08-02T07:43:28Z at 2013-08-02T07:43:28Z by lotim
        • zbychfish
          zbychfish
          52 Posts
          ACCEPTED ANSWER

          Re: ISIM 6.0 - security domain in WAS for organizational feed

          ‏2013-08-02T10:39:37Z  in response to lotim

          Hi,

          Java orb configuration is stored in orb.property file in lib directory of jre home.

          My orb file contains:

          # IBM JDK properties  
          org.omg.CORBA.ORBClass=com.ibm.CORBA.iiop.ORB
          org.omg.CORBA.ORBSingletonClass=com.ibm.rmi.corba.ORBSingleton
          javax.rmi.CORBA.StubClass=com.ibm.rmi.javax.rmi.CORBA.StubDelegateImpl
          javax.rmi.CORBA.PortableRemoteObjectClass=com.ibm.rmi.javax.rmi.PortableRemoteObject
          javax.rmi.CORBA.UtilClass=com.ibm.ws.orb.WSUtilDelegateImpl

          # WS Plugins
          com.ibm.CORBA.ORBPluginClass.com.ibm.ws.wlm.client.WLMClient
          com.ibm.CORBA.ORBPluginClass.com.ibm.ws.orbimpl.transport.WSTransport
          com.ibm.CORBA.ORBPluginClass.com.ibm.ws.orbimpl.WSORBPropertyManager
          com.ibm.CORBA.ORBPluginClass.com.ibm.ISecurityUtilityImpl.SecurityPropertyManager
          com.ibm.CORBA.ORBPluginClass.com.ibm.ws.orb.WSSubcontractInitImpl

          # WS Interceptors
          org.omg.PortableInterceptor.ORBInitializerClass.com.ibm.ws.Transaction.JTS.TxInterceptorInitializer
          org.omg.PortableInterceptor.ORBInitializerClass.com.ibm.ejs.ras.RasContextSupport
          org.omg.PortableInterceptor.ORBInitializerClass.com.ibm.ISecurityLocalObjectBaseL13Impl.ClientRIWrapper
          org.omg.PortableInterceptor.ORBInitializerClass.com.ibm.ws.activity.remote.cos.ActivityServiceClientInterceptor
          org.omg.PortableInterceptor.ORBInitializerClass.com.ibm.ISecurityLocalObjectBaseL13Impl.CSIClientRI
          org.omg.PortableInterceptor.ORBInitializerClass.com.ibm.debug.olt.ivbtrjrt.OLT_RI
          org.omg.PortableInterceptor.ORBInitializerClass.com.ibm.ws.wlm.client.WLMClientInitializer

          # WS ORB & Plugins properties
          com.ibm.ws.orb.transport.ConnectionInterceptorName=com.ibm.ISecurityLocalObjectBaseL13Impl.SecurityConnectionInterceptor
          com.ibm.ws.orb.transport.WSSSLClientSocketFactoryName=com.ibm.ws.security.orbssl.WSSSLClientSocketFactoryImpl
          com.ibm.CORBA.enableLocateRequest=true
          com.ibm.CORBA.ORBCharEncoding=UTF8
          com.ibm.CORBA.ForceTunnel=never
          com.ibm.CORBA.TransportMode=Pluggable
           

          the code similar to below should work:

          system.setJavaProperty("java.security.auth.login.config", "file:c:/IBM/OrangeHRM/TDI/jaas_login_was.conf");
          system.setJavaProperty("com.ibm.CORBA.securityServerHost", "192.168.168.10");
          system.setJavaProperty("com.ibm.CORBA.securityServerPort", "2809");
          system.setJavaProperty("com.ibm.CORBA.ConfigURL", "file:C:/IBM/WebSphere/AppServer/profiles/AppSrv01/properties/sas.client.props");
          system.setJavaProperty("com.ibm.SSL.ConfigURL", "file:C:/IBM/WebSphere/AppServer/profiles/AppSrv01/properties/ssl.client.props");
          contextFactory = "com.ibm.itim.apps.impl.websphere.WebSpherePlatformContextFactory";
          appServerUrl = "corbaloc:iiop:192.168.168.10:2809";
          ejbUser = "itim manager";
          ejbPswd = "password";

          env = new Packages.java.util.Hashtable();

          env.put(Packages.com.ibm.itim.apps.InitialPlatformContext.CONTEXT_FACTORY, contextFactory);
          env.put(Packages.com.ibm.itim.apps.InitialPlatformContext.PLATFORM_URL, appServerUrl);
          env.put(Packages.com.ibm.itim.apps.InitialPlatformContext.PLATFORM_PRINCIPAL, "itim manager");
          env.put(Packages.com.ibm.itim.apps.InitialPlatformContext.PLATFORM_CREDENTIALS, "password");
          env.put(Packages.com.ibm.itim.apps.InitialPlatformContext.PLATFORM_REALM, "ibmtestad");
          platform = Packages.com.ibm.itim.apps.InitialPlatformContext(env);
          handler = new Packages.com.ibm.websphere.security.auth.callback.WSCallbackHandlerImpl(ejbUser, "ibmtestad", ejbPswd);
          lc = new Packages.javax.security.auth.login.LoginContext("WSLogin", handler);
          lc.login();
          mgr = new Packages.com.ibm.itim.apps.identity.PersonManager(platform, lc.getSubject());
          people = mgr.getPeople("uid", "ssmith", null);

           

          • lotim
            lotim
            72 Posts
            ACCEPTED ANSWER

            Re: ISIM 6.0 - security domain in WAS for organizational feed

            ‏2013-12-16T23:22:13Z  in response to zbychfish

            Hi!

            I get this to work just fine now but I get another strange error, when I try to authenticate with wrong timid / password I get prompted with a login dialogue. I would like to trap the login-exception and not get the login-dialogue hanging on os-level.

            How do you prevent the login dialog from popping up?

             

            Thanks,

            L-O

            • MandeepG
              MandeepG
              4 Posts
              ACCEPTED ANSWER

              Re: ISIM 6.0 - security domain in WAS for organizational feed

              ‏2014-02-17T15:00:09Z  in response to lotim

              Hi,

              On calling Container.getRoot() .. , I am getting same exception -> org.omg.CORBA.NO_PERMISSION:
                  >> SERVER (id=4773e3aa, host=WIN-I8S94JFSJR5) TRACE START:
                  >>    org.omg.CORBA.NO_PERMISSION: java.rmi.AccessException:  ; nested exception is:
                  com.ibm.websphere.csi.CSIAccessException: SECJ0053E: Authorization failed for ??? while invoking (Home)ITIM#api_ejb.jar#enroleejb.OrganizationManagerHome create::2 null  vmcid: 0x0  minor code: 0  completed: No
                  >>     at com.ibm.ws.security.core.SecurityCollaborator.performAuthorization(SecurityCollaborator.java:685)
                  >>     at com.ibm.ws.security.core.EJSSecurityCollaborator.preInvoke(EJSSecurityCollaborator.java:275)

              As suggested above, I have copied the orb.properties from WAS JRE lib folder and also have used the code above.. Still I am struggling with the above error .. Is there anything else to be done ??

              Please help !