Enforcing SOA message security policy with WebSphere Service Registry and Repository and WebSphere DataPower

This tutorial presents the reader with a concrete method for using a
central repository in this example WebSphere Service Registry and Repository (WSRR) to implement business policies governing SOA
message flows, enforced by the WebSphere DataPower SOA appliances. The
necessary configuraton steps for both the WSRR and the WebSphere DataPower appliance are detailed.

Related:

  • No Related Posts

JNDI Datasource Problem on Tomcat 6, Hibernate

I am using Tomcat 6 as application server, Struts-Hibernate and MyEclipse 6.0.

My application uses JDBC driver but I should modify it to use JNDI Datasource. I followed steps as described in tomcat 6.0 howto tutorial.

I defined my resource in tomcat>conf:

    <Resource name="jdbc/ats" global="jdbc/ats" auth="Container"
          type="javax.sql.DataSource" driverClassName="oracle.jdbc.OracleDriver"
          url="jdbc:oracle:thin:@//localhost:1521/MISDEV"
          username="TEST" password="TEST" maxActive="20" maxIdle="10"
          maxWait="-1" validationQuery="SELECT 1 from dual" 
  removeAbandoned="true" 
          removeAbandonedTimeout="30" 
  logAbandoned="false"/>

I gave reference in my application web.xml:

 <resource-ref>
   <description>Oracle Datasource example</description>
   <res-ref-name>jdbc/ats</res-ref-name>
   <res-type>javax.sql.DataSource</res-type>
   <res-auth>Container</res-auth>
 </resource-ref>

And I defined datasource-dialect in my hibernate-cfg.xml

 <property name="connection.datasource">java:comp/env/jdbc/ats</property>
 <property name="dialect">org.hibernate.dialect.Oracle9Dialect</property>

But when I create hibernate session, it can not open the connection:

09:18:11,322 ERROR JDBCExceptionReporter:72 – Connections could not be acquired from the underlying database!
org.hibernate.exception.GenericJDBCException: Cannot open connection

I also tried to set the properties at runtime:

        Configuration configuration = new Configuration();        
    configuration.setProperty("hibernate.dialect", "org.hibernate.dialect.Oracle9Dialect");        
    //configuration.setProperty("hibernate.connection.datasource",  "java:comp/env/jdbc/ats");
    configuration.setProperty("hibernate.current_session_context_class", "thread");    
    configuration.setProperty("hibernate.connection.provider_class", "org.hibernate.connection.C3P0ConnectionProvider");
    configuration.setProperty("hibernate.show_sql", "true");         


    sessionFactory = configuration.configure().buildSessionFactory();

It does not open connection again.

But, when I use JDBC driver it works:

Configuration configuration = new Configuration();        
    configuration.setProperty("hibernate.dialect", "org.hibernate.dialect.Oracle9Dialect");        
    //configuration.setProperty("hibernate.connection.datasource",  "java:comp/env/jdbc/ats");
    configuration.setProperty("hibernate.connection.url", "jdbc:oracle:thin:@//localhost:1521/MISDEV");        
    configuration.setProperty("hibernate.connection.username", "test");        
    configuration.setProperty("hibernate.connection.password", "test");        
    configuration.setProperty("hibernate.connection.driver_class", "oracle.jdbc.OracleDriver");        
    configuration.setProperty("hibernate.transaction.factory_class", "org.hibernate.transaction.JDBCTransactionFactory");        
    configuration.setProperty("hibernate.current_session_context_class", "thread");    
    configuration.setProperty("hibernate.connection.provider_class", "org.hibernate.connection.C3P0ConnectionProvider");    
    configuration.setProperty("hibernate.show_sql", "true");         


    sessionFactory = configuration.configure().buildSessionFactory(); 

I have been searching for 3 days and no success. What may be de problem?

Related:

Java web services: WS-Security without client certificates

WS-Security symmetric encryption lets you secure message exchanges
between client and server without requiring client certificates, simplifying your web service configuration while also providing performance benefits. You can use it directly or in the bootstrap for WS-SecureConversation exchanges. In this article, you’ll learn how to configure and use symmetric encryption with the three main open source Java web services stacks: Axis2, Metro, and CXF. You’ll also see how plain WS-Security symmetric encryption performance compares to WS-SecureConversation performance.

Related:

  • No Related Posts

Java web services: WS-Trust and WS-SecureConversation

WS-Security adds enterprise-level security features to SOAP message exchanges, but with a substantial performance cost. WS-Trust builds on WS-Security to provide a way of exchanging security tokens, and WS-SecureConversation builds on WS-Security and WS-Trust to improve performance for
ongoing message exchanges. Dennis Sosnoski continues his Java web services column series with an introduction to WS-Trust and WS-SecureConversation.

Related:

  • No Related Posts

Ajax in a network: Security and topology challenges of aggregating content from multiple sites in an Ajax architecture

There can be challenges when introducing Asynchronous JavaScript and XML
(Ajax) programming techniques into a network environment. This article looks
at security and topology scenarios that you might be trying to solve when
creating Ajax style architectures that aggregate content from multiple sites.
This article explores these scenarios using the IBM Tivoli Access Manager
WebSEAL product in conjunction with the IBM WebSphere Application Server
Feature Pack for Web 2.0 for developing Ajax style architectures for WebSphere
Application Server.

Related:

  • No Related Posts

ASP.NET Authentication using LTPA and Tivoli Federated Identity Manager (TFIM)

In this article, we show you how to enable your ASP.NET applications for federated single sign-on utilizing the IBM Tivoli Federated Identity Manager (TFIM) 6.1.1.1 to translate LTPA cookies set by IBM WebSphere Application Server. We show how to create an ASP.NET HTTP module that extracts the LTPA cookie then uses TFIM to translate the token into a username via WS-Trust.Background

Related:

  • No Related Posts