30 Jan 2015

feedPlanet Identity

Ludovic Poitou - ForgeRock: OpenDJ on Windows…

OpenDJ, the LDAP directory services in Java, is supported on multiple platforms and has been for many years. We're testing on Linux, Windows, Solaris, Mac OS X, but also different JVMs: Oracle JRE, OpenJDK, Azul Zulu, IBM JVM… With OpenDJ 2.6, we've made it easier for people to install it on Linux machines by providing […]

30 Jan 2015 1:41pm GMT

Kuppinger Cole: Executive View: SAP Cloud Identity Service - 71180

In KuppingerCole

SAP Cloud User and Access Management solution for simple onboarding of external users in B2B and B2C scenarios and for managing access of all types of users to cloud services, run on the SAP HANA platform.


more

30 Jan 2015 7:37am GMT

29 Jan 2015

feedPlanet Identity

Matthew Gertner - AllPeers: Living Off the Grid with Wind Energy

Increasingly common is the choice to begin living off the grid. There are many ways to generate energy to make this a relatively painless transition regardless of the reasons for doing so. One of those ways is to use wind energy. Using wind to live off the grid is such an appealing choice because of […]

29 Jan 2015 6:39pm GMT

Kuppinger Cole: Amazon WorkMail – a new player on the Enterprise Email and Calendaring market

In Alexei Balaganski

Amazon Web Services has again made headlines today by announcing Amazon WorkMail - their managed email and calendaring service targeted at corporate customers. This is obviously a direct take on their biggest competitors, namely, Google and Microsoft, and the biggest differentiators Amazon is focusing on are ease of use and security.

Amazon WorkMail is described as a completely managed replacement for an organization's own legacy email infrastructure. Since the service is compatible with Microsoft Exchange and is capable of integrating with an existing on-premise Active Directory, the process of migration should be quick and seamless. Since AWS will take over most administrative processes, such as patching or backups, this can dramatically decrease administration efforts and costs.

Although WorkMail has its own web interface, AWS is more focused on supporting existing mail and calendaring tools. Any ActiveSync-capable program, including Microsoft Outlook for Windows and OS X, as well as native iOS and Android email clients, can be supported without installing any plug-ins. Migration from an on-premise Exchange server can be completely transparent and does not require any changes on end user devices. A migration wizard is provided as a part of the package.

With the new service, AWS is also placing big emphasis on security. Since email has long been an integral part of our daily business processes, a lot of sensitive corporate information passes through it and ends up getting stored on the mail server. By integrating with AWS Key Management Service, WorkMail will automatically encrypt all email data at rest, while giving customers complete control over the encryption keys. It is also possible to restrict where this information is stored to a specific geographical region to ensure compliance with local privacy regulations.

Last year, AWS announced their Zocalo service for secure storage and sharing of enterprise data, a direct competitor to other cloud storage services like Dropbox or Google Drive. Needless to say, WorkMail is tightly integrated with Zocalo, allowing the secure exchange of documents instead of sending them as unprotected attachments. In fact, AWS offers a bundle of WorkMail with Zocalo for an attractive price.

There is one potential misunderstanding, however, which I feel obligated to mention. Even with all security features integrated into WorkMail, it still cannot be considered a true end-to-end encryption solution and is thus potentially vulnerable to various security problems. This is another example of a tradeoff between security and convenience, and Amazon simply had to make it to ensure compatibility with existing email programs and protocols.

Still, with an impressive integrated offering and traditionally aggressive pricing model, Amazon WorkMail is definitely another step in AWS's steady push towards global market leadership.

29 Jan 2015 5:11pm GMT

Kuppinger Cole: Advisory Note: Enterprise Big Data IAM – Challenges and Opportunities - 71207

In KuppingerCole

The problem of enterprises grappling with large multiple data and information systems is nothing new. What has changed are the internal and external market expectations, the new technology choices and the constraints and opportunities provided by emerging regulations. Take a deep breath and really get to grips with what is needed and what is achievable.


more

29 Jan 2015 8:10am GMT

28 Jan 2015

feedPlanet Identity

Mythics: GoldenGate 12c Setup with Oracle 12c Pluggable Multi-Tenant DB and OEM GoldenGate Plugins

I recently built out a new installation of GoldenGate using the latest versions and features, namely the Integrated Capture and Replication capabilities for…

28 Jan 2015 4:02pm GMT

27 Jan 2015

feedPlanet Identity

Katasoft: Build a Java Web App with Instant User Management

Java SDK w/ Servlet Support

We just released a major upgrade of our Java SDK, which now includes Java Webapp (Servlet 3.0+) support with a ton of user automation. Just drop our Servlet plugin into your Java web application and boom - instant user management with little to no coding required.

This post is a quick tutorial to show you just how quickly you can build a Java web app with a complete set authentication and user management features and user interfaces.

If you've built a Java web application, you know the time and pain involved in building out proper authentication and user management. Even if you use a great framework like Apache Shiro or Spring Security, there's still a lot of boring UI work and high risk backend work.
At a minimum, you have to build UI screens for registration, login, and forgot password in addition to controllers processing each view, logout handlers, etc. And then you have to worry about security issues like password hashing schemes, updating hashing algorithms as computation improves, CSRF protection, XSS attacks, and more.

Stormpath hooks into typical Java web applications and gives developers all that "user stuff" out-of-the-box so you can get on with what you really care about - your application. In fact, you get full user interfaces without writing a single line of code. Awesome.

By the time you're done with this 15 minute tutorial you'll have a fully-working Java web application. We will focus on our Stormpath-Servlet plugin that has a ton of user automation. You just drop a plugin into your web application and boom - instant user management with little to no coding required.

What You'll Build

You'll build a simple Java web application using the standard Servlet 3+ and JSP APIs. When you're done, you'll be able to:

  • Create a new user account with email and password
  • Validate the new user account's registered email address
  • Login to your new account with email and password
  • Display a user account dashboard after login, only accessible to logged-in users.
  • Redirect unauthenticated users who try to access the dashboard to the login page.
  • Allow a logged-in user to logout.
  • Allow a user to reset their password via an email-based workflow.

And here's the best part - for all of the above, you won't have to write a single line of code - just some configuration!

But, just for fun, we will code a simple welcome page and a user account dashboard page that are likely to exist in real applications.

Sound good? Great! Let's get started!

What You'll Need

  • About 15 minutes of time
  • A Stormpath API Key to communicate with Stormpath
  • JDK 1.6 or later
  • Maven 3.0+ or Gradle 2.2+

How to Complete this Guide

You can start from scratch and complete each step or you can skip the basic setup steps you're already familiar with.

Start From Scratch

If you'd like to start from scratch, you'll need to first get a Stormpath API Key.

Then you'll need to Build With Maven or Build With Gradle, depending on your preferences.

Get an API Key

All communication with Stormpath must be authenticated with an API Key.

  1. If you haven't already, sign up for Stormpath for free. You'll be sent a verification email.

  2. Click the link in the verification email.

  3. Log in to the Stormpath Admin Console using the email address and password you used during registration.

  4. Click the Manage API Keys link on the middle-right of the dashboard.

  5. Under Security Credentials, click Create API Key.

    This will generate your API Key and download it to your computer as an apiKey.properties file.

  6. Save the file in your home directory in the following location:

    • ~/.stormpath/apiKey.properties on Unix, Linux and Mac OS
    • C:\Users\YOUR_USERNAME\.stormpath\apiKey.properties on Windows
  7. Change the file permissions to ensure only you can read this file. For example:

     chmod go-rwx ~/.stormpath/apiKey.properties
    
    
  8. To be safe, you might also want to prevent yourself from accidentally writing/modifying the file:

     chmod u-w ~/.stormpath/apiKey.properties
    
    

On Windows, you can set file permissions similarly.

Build With Maven

Choose a directory that you wish to use for your project. Within that directory, create the following maven pom.xml file:

pom.xml

<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
    <modelVersion>4.0.0</modelVersion>

    <groupId>com.stormpath.samples</groupId>
    <artifactId>stormpath-webapp-tutorial</artifactId>
    <version>0.1.0</version>
    <packaging>war</packaging>

    <dependencies>
        <dependency>
            <groupId>com.stormpath.sdk</groupId>
            <artifactId>stormpath-servlet-plugin</artifactId>
            <version>1.0.RC3.1</version>
        </dependency>
        <dependency>
            <groupId>javax.servlet</groupId>
            <artifactId>javax.servlet-api</artifactId>
            <version>3.0.1</version>
            <scope>provided</scope>
        </dependency>
        <dependency>
            <groupId>javax.servlet</groupId>
            <artifactId>jstl</artifactId>
            <version>1.2</version>
        </dependency>
        <dependency>
            <groupId>ch.qos.logback</groupId>
            <artifactId>logback-classic</artifactId>
            <version>1.0.13</version>
            <scope>runtime</scope>
        </dependency>
    </dependencies>

    <build>
        <plugins>
            <plugin>
                <groupId>org.apache.tomcat.maven</groupId>
                <artifactId>tomcat7-maven-plugin</artifactId>
                <version>2.2</version>
                <configuration>
                    <path>/</path>
                </configuration>
            </plugin>
        </plugins>
    </build>

</project>

Build With Gradle

Choose a directory that you wish to use for your project. Within that directory, create the following build.gradle file:

build.gradle

buildscript {
    repositories {
        jcenter()
    }

    dependencies {
        classpath 'com.bmuschko:gradle-tomcat-plugin:2.0'
    }
}

apply plugin: 'java'
apply plugin: 'war'
apply plugin: 'com.bmuschko.tomcat'

sourceCompatibility = 1.6
version = '0.1.0'
war.baseName = 'stormpath-webapp-tutorial'

repositories {
    mavenLocal()
    mavenCentral()
}

dependencies {
    compile group: 'com.stormpath.sdk', name: 'stormpath-servlet-plugin', version: '1.0.RC3.1'
    compile group: 'javax.servlet', name: 'jstl', version: '1.2'
    providedCompile group: 'javax.servlet', name: 'javax.servlet-api', version: '3.0.1'
    runtime group: 'ch.qos.logback', name: 'logback-classic', version: '1.0.13'

    def tomcatVersion = '7.0.57'
    tomcat "org.apache.tomcat.embed:tomcat-embed-core:${tomcatVersion}",
            "org.apache.tomcat.embed:tomcat-embed-logging-juli:${tomcatVersion}"
    tomcat("org.apache.tomcat.embed:tomcat-embed-jasper:${tomcatVersion}") {
        exclude group: 'org.eclipse.jdt.core.compiler', module: 'ecj'
    }
}

tomcatRun.contextPath = '/'
tomcatRunWar.contextPath = '/'

task wrapper(type: Wrapper) {
    gradleVersion = '2.2.1'
}

Skip The Basics

Add the dependency to your web app (.war) project:

Maven:

<dependency>
    <groupId>com.stormpath.sdk</groupId>
    <artifactId>stormpath-servlet-plugin</artifactId>
    <version>1.0.RC3.1</version>
</dependency>

Gradle:

dependencies {
  compile 'com.stormpath.sdk:stormpath-servlet-plugin:1.0.RC3.1'
}

Build the App

We'll need to create some files in various directories. Ensure the following directory structure exists under your project directory:

-- src/
 |-- main/
   |-- java/
   |   |-- tutorial/
   |-- webapp
     |-- WEB-INF/
       |-- jsp/
       |-- tags/

For example, on *nix operating systems:

mkdir -p src/main/java/tutorial
mkdir -p src/main/webapp/WEB-INF/jsp
mkdir -p src/main/webapp/WEB-INF/tags

Page Template

We'll likely want our web app's pages to have the same look and feel. We can do this easily using a page template. And because JSP 2.0 supports page templates automatically via JSP Tags, there is no need to pull in additional template libraries. Let's create a new template tag file with the following contents:

src/main/webapp/WEB-INF/tags/page.tag

<%@tag description="Default Page template" pageEncoding="UTF-8"%>
<%@taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c"%>
<%@taglib prefix="fn" uri="http://java.sun.com/jsp/jstl/functions" %>
<%@attribute name="title" required="false" %>

<!DOCTYPE html>
<html>
<head>
    <meta charset="utf-8">
    <meta http-equiv="X-UA-Compatible" content="IE=edge">
    <meta name="viewport" content="width=device-width, initial-scale=1">
    <title>Stormpath Webapp Sample | <c:out value="${!empty title ? title : ''}"/></title>
    <link href="https://stormpath.com//maxcdn.bootstrapcdn.com/bootstrap/3.3.2/css/bootstrap.min.css" rel="stylesheet">
    <%-- <link href="${pageContext.request.contextPath}/assets/css/style.css" rel="stylesheet" --%>
    <!-- HTML5 shim and Respond.js for IE8 support of HTML5 elements and media queries -->
    <!-- WARNING: Respond.js doesn't work if you view the page via file:// -->
    <!--[if lt IE 9]>
    <script src="https://oss.maxcdn.com/html5shiv/3.7.2/html5shiv.min.js"></script>
    <script src="https://oss.maxcdn.com/respond/1.4.2/respond.min.js"></script>
    <![endif]-->
    <!-- jQuery (necessary for Bootstrap's JavaScript plugins) -->
    <script src="https://ajax.googleapis.com/ajax/libs/jquery/1.11.2/jquery.min.js"></script>
    <script src="https://stormpath.com//maxcdn.bootstrapcdn.com/bootstrap/3.3.2/js/bootstrap.min.js"></script>
</head>
<body>
    <div class="container">

        <div class="header">

            <ul class="nav nav-pills pull-right">
                <c:set var="uri" value="${requestScope['javax.servlet.forward.request_uri']}"/>
                <li<c:if test="${fn:endsWith(uri,'/')}"> class="active"</c:if>><a href="${pageContext.request.contextPath}/">Home</a></li>

                <%-- Change upper right context menu depending on if the user is logged in or not: --%>
                <c:choose>
                    <c:when test="${!empty account}">
                        <li<c:if test="${fn:endsWith(uri,'dashboard')}"> class="active"</c:if>><a href="${pageContext.request.contextPath}/dashboard">Dashboard</a></li>
                        <li><a href="${pageContext.request.contextPath}/logout">Logout</a></li>
                    </c:when>
                    <c:otherwise>
                        <li<c:if test="${fn:endsWith(uri,'login')}"> class="active"</c:if>><a href="${pageContext.request.contextPath}/login">Login</a></li>
                    </c:otherwise>
                </c:choose>
            </ul>

            <h3 class="text-muted">Stormpath Webapp Sample</h3>

        </div>

        <jsp:doBody/>

    </div>
</body>
</html>

This is just a standard JSP file with a .tag extension instead of a .jsp extension. The <jsp:doBody/> element will be replaced with the page content for any page that uses this template.

Home Page

For security reasons, we like to ensure that JSP files themselves are never directly accessible during a request. Instead, we want a Controller to process the request and then render the JSP to the request. To do this, we'll create a simple 'Home' controller that renders the internal home.jsp page:

src/main/java/tutorial/HomeController.java:

package tutorial;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;

public class HomeController extends HttpServlet {

    public static final String VIEW_TEMPLATE_PATH = "/WEB-INF/jsp/home.jsp";

    @Override
    protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
        req.getRequestDispatcher(VIEW_TEMPLATE_PATH).forward(req, resp);
    }
}

src/main/webapp/WEB-INF/jsp/home.jsp:

<%@ page session="false"%>
<%@ page contentType="text/html;charset=UTF-8" pageEncoding="UTF-8" %>
<%@ taglib prefix="t" tagdir="/WEB-INF/tags" %>
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>

<t:page>
    <jsp:attribute name="title">Welcome!</jsp:attribute>
    <jsp:body>
        <div class="jumbotron" id="welcome">

            <h1>Welcome to the Stormpath Webapp Sample Application!</h1>

            <p class="lead">
                <br/>
                <br/>
                Welcome to this <i>gloriously simple</i>
                <a href="https://docs.stormpath.com/java/servlet-plugin/">Stormpath Java Webapp</a> sample application!
                <ul>
                    <li>First, take a look through this very basic site.</li>
                    <li>Then, check out this project's source code
                        <a href="https://github.com/stormpath/stormpath-sdk-java/examples/servlet">on GitHub</a>.</li>
                    <li>Lastly, integrate Stormpath into your own sites!</li>
                </ul>
            </p>

            <br/>
            <br/>

            <h2>What This Sample App Demonstrates</h2>

            <br/>
            <br/>

            <p>This simple application demonstrates how easy it is to register, login, and securely authenticate
                users on your website using the Stormpath Servlet Plugin.</p>

            <p>Not a Stormpath user yet? <a href="https://stormpath.com">Go signup now!</a></p>

            <br/>
            <br/>

            <p class="bigbutton"><a class="bigbutton btn btn-lg btn-danger"
                                    href="${pageContext.request.contextPath}/register" role="button">Register</a></p>
        </div>
    </jsp:body>
</t:page>

Finally, we'll need to add a web.xml file to tell the servlet container to invoke our Home Controller when the web app's default path is accessed:

src/main/webapp/WEB-INF/web.xml

<?xml version="1.0" encoding="UTF-8"?>
<web-app version="3.1"
         xmlns="http://xmlns.jcp.org/xml/ns/javaee"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd">

    <servlet>
        <servlet-name>HomeController</servlet-name>
        <servlet-class>tutorial.HomeController</servlet-class>
    </servlet>
    <servlet-mapping>
        <servlet-name>HomeController</servlet-name>
        <url-pattern>/</url-pattern>
    </servlet-mapping>

    <servlet-mapping>
        <servlet-name>default</servlet-name>
        <url-pattern>/assets/*</url-pattern>
    </servlet-mapping>

</web-app>

Try it!

Can you believe that after adding a single home page, you'd have a functional web application with full user management capability?

Don't believe me? Let's try it!

Using your build tool of choice, let's start up the web application. For example:

Maven:

maven tomcat7:run

Gradle:

gradle tomcatRun

Open up a browser and visit http://localhost:8080. You'll see the home page we just created above:

Stormpath Java Webapp Sample Home Page Screenshot

Pretty cool! Now, to be honest, this isn't wildly exciting. That is what is supposed to happen after all. But the awesome features - the part you have been waiting for - is all the automatic stuff. For example, the login page!

Login Page

Click the Login button at the top right of the page, or manually visit http://localhost:8080/login, and you'll see this:

Stormpath Java Webapp Plugin Login Page Screenshot

That's right! A login page with best practice CSRF-protection built right in, and you didn't have to write a single line of it. Now that is awesome! You can customize which fields are displayed in which order, as well as the entire look and feel if you wanted, with full internationalization (i18n) capabilities. That's out of scope for this article, but you can read about customizing views later if you wanted.

It doesn't stop there of course - you get all sorts of goodies, like user account registration, email verification and forgot password automation, token authentication and much more!

New User Registration Page

Now you can't login until you create a user account, so go ahead and click the 'Create Account' link or manually visit the http://localhost:8080/register page and you'll see this:

Stormpath Java Webapp Plugin Register Page Screenshot

Go ahead and fill out and submit the form - you'll be given a new user account that you can use to log in right away.

Email Verification

Now, what about email verification? Many web applications want to ensure that newly registered users must verify their email address before they can login to the application. This helps ensure that:

  • Email addresses cannot be abused by people that do not own them
  • The application has a way of communicating with the user if necessary
  • The registration process was completed by a human being (and not a 'bot' performing automatic registration, which could be used for malicious purposes).

This is covered too! You just have to enable email verification as described in the documentation. Since this is a shorter tutorial, we'll move on, but feel free to turn that on if you like and try it out.

Logout

If you are still logged in, click the logout button on the upper right. This will visit /logout, which will automatically log you out and then redirect you back to the web app's context root page (/) by default (you can customize this next URI later).

We'll also make one more change to the web app, so go ahead and shut down the application by pressing CTRL-C.

Forgot Password, Change Password, etc.

The plugin supports other views out of the box as well, which you can read about in the documentation. But we want to show you one more thing before we wrap up this tutorial: access control.

Access Control

The Stormpath Java Webapp Plugin also has the ability to enforce access control based on URI path. For example, you can ensure that only authenticated users may visit the /account URI within your application. Or that maybe only accounts within the admin group can visit the /admin URI.

To demonstrate this, we'll create a /dashboard view that only authenticated users should be able to see. This represents a common 'landing page' that a user might be shown immediately after login.

Let's create a 'Dashboard' controller:

src/main/java/tutorial/DashboardController.java

package tutorial;

import com.stormpath.sdk.account.Account;
import com.stormpath.sdk.directory.CustomData;
import com.stormpath.sdk.lang.Strings;
import com.stormpath.sdk.servlet.account.AccountResolver;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;

public class DashboardController extends HttpServlet {

    private static final String VIEW_TEMPLATE_PATH = "/WEB-INF/jsp/dashboard.jsp";

    @Override
    protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {

        String birthday = "";
        String color = "";

        Account account = AccountResolver.INSTANCE.getAccount(req);
        if (account != null) {
            CustomData data = account.getCustomData();
            birthday = (String)data.get("birthday");
            color = (String)data.get("color");
        }

        req.setAttribute("birthday", birthday);
        req.setAttribute("color", color);
        req.getRequestDispatcher(VIEW_TEMPLATE_PATH).forward(req, resp);
    }

    @Override
    protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {

        String birthday = req.getParameter("birthday");
        String color = req.getParameter("color");

        //get the currently-logged-in account:
        Account account = AccountResolver.INSTANCE.getAccount(req);
        if (account != null) {

            CustomData data = account.getCustomData();

            if (Strings.hasText(birthday)) {
                data.put("birthday", birthday);
            } else {
                data.remove("birthday");
            }

            if (Strings.hasText(color)) {
                data.put("color", color);
            } else {
                data.remove("color");
            }

            data.save();
        }

        req.setAttribute("birthday", birthday);
        req.setAttribute("color", color);
        req.getRequestDispatcher(VIEW_TEMPLATE_PATH).forward(req, resp);
    }
}

The DashboardController demonstrates a really nice Stormpath feature: the ability to 'attach' your own custom data directly to Stormpath REST resources, such as a user account's birthday or favorite color.

Let's create the view file that will be rendered by the controller:

src/main/webapp/WEB-INF/jsp/dashboard.jsp

<%@ page session="false"%>
<%@ page contentType="text/html;charset=UTF-8" pageEncoding="UTF-8" %>
<%@ taglib prefix="t" tagdir="/WEB-INF/tags" %>
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>

<t:page>
    <jsp:attribute name="title">Dashboard</jsp:attribute>
    <jsp:body>
        <div class="dashboard">
            <div class="row">
                <div class="col-lg-12">
                    <div class="jumbotron">
                        <h1>Dashboard</h1>

                        <br/>
                        <br/>

                        <p>Welcome to your user dashboard!</p>

                        <p>This page displays some of your account information and also allows you to change custom
                            data.</p>

                        <p>If you click the Logout link in the navbar at the top of this page, you'll be logged out
                            of your account and redirected back to the main page of this site.</p>
                        <br/>
                        <br/>

                        <h2>Your Account Custom Data</h2>
                        <br/>
                        <br/>

                        <p>Your Email: <span class="data">${account.email}</span></p>

                        <c:set var="noBirthday" value="You haven't entered a birthday yet!"/>
                        <p>Your Birthday: <span class="data">${!empty account.customData['birthday'] ? account.customData['birthday'] : noBirthday}</span></p>

                        <c:set var="noColor" value="You haven't entered a color yet!"/>
                        <p>Your Favorite Color: <span class="data">${!empty account.customData['color'] ? account.customData['color'] : noColor}</span></p>

                        <br/>
                        <br/>

                        <p>Stormpath allows you to store up to 10MB of custom user data on
                            each user account. Data can be anything (in JSON format). The above
                            example shows two custom fields (<code>birthday</code> and
                            <code>color</code>), but you can add whatever fields you'd like.</p>

                        <p>You can also store complicated nested JSON documents!</p>
                        <br/>
                        <br/>

                        <h2>Update Custom Data</h2>
                        <br/>
                        <br/>

                        <p>If you enter values below, we'll send and store these
                            values with your user account on Stormpath.</p>

                        <p>Please note, we are not doing any validation in this simple
                            example -- in a real world scenario, you'd want to check user input on the server side!</p>
                        <br/>
                        <br/>

                        <form method="post" class="bs-example form-horizontal" action="${pageContext.request.contextPath}/dashboard">
                            <div class="form-group">
                                <label for="birthday" class="col-lg-2 control-label">Birthday</label>

                                <div class="col-lg-4">
                                    <input type="text" class="form-control" id="birthday" name="birthday" placeholder="mm/dd/yyyy"
                                           value="${!empty account.customData['birthday'] ? account.customData['birthday'] : ''}">
                                </div>
                            </div>
                            <div class="form-group">
                                <label for="color" class="col-lg-2 control-label">Favorite Color</label>
                                <div class="col-lg-4">
                                    <input type="text" class="form-control" id="color" name="color" placeholder="color"
                                           value="${!empty account.customData['color'] ? account.customData['color'] : ''}">
                                </div>
                            </div>
                            <div class="form-group">
                                <div class="col-lg-10 col-lg-offset-2">
                                    <button type="submit" class="btn btn-primary">Update Custom Data</button>
                                </div>
                            </div>
                        </form>
                    </div>
                </div>
            </div>
        </div>
    </jsp:body>
</t:page>

And we'll need to update web.xml to tell the Servlet Container about our new view. web.xml should now look like this:

src/main/webapp/WEB-INF/web.xml

<?xml version="1.0" encoding="UTF-8"?>
<web-app version="3.1"
         xmlns="http://xmlns.jcp.org/xml/ns/javaee"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd">

    <servlet>
        <servlet-name>HomeController</servlet-name>
        <servlet-class>tutorial.HomeController</servlet-class>
    </servlet>
    <servlet-mapping>
        <servlet-name>HomeController</servlet-name>
        <url-pattern>/</url-pattern>
    </servlet-mapping>
    <servlet>
        <servlet-name>DashboardController</servlet-name>
        <servlet-class>tutorial.DashboardController</servlet-class>
    </servlet>
    <servlet-mapping>
        <servlet-name>DashboardController</servlet-name>
        <url-pattern>/dashboard</url-pattern>
    </servlet-mapping>


    <servlet-mapping>
        <servlet-name>default</servlet-name>
        <url-pattern>/assets/*</url-pattern>
    </servlet-mapping>

</web-app>

Stormpath Config

Notice that, until now, we did not need to configure the plugin itself at all: everything 'just works'. But now that we have some application-specific enforcement rules, we'll need to tell the plugin what to do via a simple stormpath.properties configuration file. Let's create this file:

src/main/webapp/WEB-INF/stormpath.properties

stormpath.web.login.nextUri = /dashboard

stormpath.web.uris./dashboard = authc

  • The first line means "After the user successfully logs in, I want the next URI they visit to be /dashboard". The plugin's login controller will automatically redirect the newly authenticated user to this location.

  • The second line means "in order for anyone to visit the /dashboard URI, they must be authenticated ('authc' is short for 'authenticated'). This enforces all requests to be authenticated by a valid user account before being allowed to continue. If they are not, they will be redirected to the login page to login first, and then automatically be redirected back to their originally requested URI.

Try it!

Now that we've added a dashboard view and controller, and a simple stormpath.properties file, let's try it out!

If you haven't already, shut down the application by pressing CTRL-C.

Now start it up:

Maven:

maven tomcat7:run

Gradle:

gradle tomcatRun

Now try to visit http://localhost:8080/dashboard - you will be redirected to login as expected. Log in with a user account you created previously and then it will automatically redirect you back to the dashboard. Nice!

Stormpath Java Webapp Plugin Dashboard Page Screenshot

Summary

Congratulations! You now have a complete web application, with automatic user registration, login, forgot password/reset workflows, logout, custom data editing, and access control enforcement!

But we've just scratched the surface of what you can do. Also supported:

  • Full default view customization with internationalization (i18n) support.
  • Authorization assertions (based on account data, like username, which groups they belong to, etc)
  • Token Authentication for Javascript and mobile clients (we implemented OAuth for you)
  • HTTP Basic Authentication for both username/password and API Keys
  • Event listeners to react to login, logout, registration, etc events.
  • Caching for enhanced performance.
  • Convienent filter chain definitions for custom authentication or authorization rules.
  • Easy Stormpath SDK Client configuration and request access
  • and more!

Please see the complete Stormpath Java Servlet Plugin Documentation for full information.

27 Jan 2015 3:00pm GMT

Kuppinger Cole: Executive View: NetIQ Access Manager - 71054

In KuppingerCole

NetIQ Access Manager is an example of an integrated Access Management and Identity Federation solution. In fact, NetIQ has been the first vendor to combine federation functionality with web access management features, thus providing a completely integrated solution based on a solid consistent architecture. Initially released in 2006, the product includes Single Sign-On for web applications, support for all major federation standards, as well as an SSL VPN server, all managed in a single...
more

27 Jan 2015 10:55am GMT

Ludovic Poitou - ForgeRock: A fresh look for the OpenDJ and OpenIG snapshot documentation…

Thanks to Chris Lee, the most recent technical writer at ForgeRock, there is now a new visual design for the snapshot documentation for our open source projects. Check it out on the OpenDJ Administration Guide, the OpenDJ SDK Developer's Guide, the OpenIDM Integrator's Guide or the Guide to OpenIG…Filed under: General Tagged: community, documentation, ForgeRock, openam, […]

27 Jan 2015 9:08am GMT

Julian Bond: I wish I could be as optimistic as this.

I wish I could be as optimistic as this.
http://blog.longnow.org/02015/01/26/jesse-ausubel-seminar-media/

Why nature is rebounding â€" a summary by Stewart Brand

Over the last 40 years, in nearly every field, human productivity has decoupled from resource use, Ausubel began. Even though our prosperity and population continue to increase, the trends show decreasing use of energy, water, land, material resources, and impact on natural systems (except the ocean). As a result we are seeing the beginnings of a global restoration of nature.

Some of the examples are a little bizarre. eg 10,000 foxes in London is an example of nature returning? And it's repeating some of the old canards about increasing CO2 levels and temperate region temperatures is leading to greater plant growth. Mostly it feels like trying to say that if we can just put a few more sticking plasters on, we'll be able to mend the broken leg.

So what are we to make of the relentless optimism of the Long Now people? Or the relentless pessimism of the environmental people?
 Jesse Ausubel Seminar Media »
This lecture was presented as part of The Long Now Foundation

[from: Google+ Posts]

27 Jan 2015 8:51am GMT

26 Jan 2015

feedPlanet Identity

Kuppinger Cole: Executive View: i-Sprint AccessMatrix Universal Sign-On - 71064

In KuppingerCole

i-Sprint Innovations is a vendor of Identity, Credentials and Access Management solutions based in Singapore. Established in 2000, i-Sprint is focusing on providing solutions for financial industry and other high security environments. Since 2011, the company is a wholly owned subsidiary of Automated Systems Holdings Ltd. Backed by Chinese investors, i-Sprint has a significant presence, either directly or through authorized partners, in many countries of Asia-Pacific region, including...
more

26 Jan 2015 2:52pm GMT

Mythics: ODA X5-2: Just Plain More Everything!

Every time a major manufacturer announces a new system, we hear the same common messages from marketing. More CPU, more RAM, faster than…

26 Jan 2015 1:54pm GMT

Julian Bond: Ah, Politics. The sentiment below is of course about Scotland and the SNP. But lots of us feel exactly...

26 Jan 2015 12:42pm GMT

Ludovic Poitou - ForgeRock: Happy New Year 2015!

The new year is well engaged, but it's still time for me to give you my best wishes for 2015… May this new year bring you (more) love, happiness, success… And a peaceful journey towards your personal or professional goals ! Filed under: General Tagged: 2015, ForgeRock

26 Jan 2015 9:42am GMT

25 Jan 2015

feedPlanet Identity

IS4U: FIM 2010: SSPR with one-way trust

Intro

This article describes and documents an SSPR setup between two AD forests with a one-way trust. FIM is deployed in the internal domain is4u.be. Users from the domain dmz.be are being imported and managed by FIM. There is a one-way incoming trust on the dmz.be domain. All prerequisites from the password reset deployment guide are already satisfied.

DMZ connector configuration

SSPR requires that the DMZ connector service account has local logon rights on the FIM synchronization server. If the service account is from the DMZ domain, a two-way trust is required to allow this setting. Since this is not a valid option in this scenario, a service account from the IS4U domain needs to be delegated the proper rights on the DMZ domain. This includes at least the following:

  1. Replicating directory access
  2. Reset password

WMI verification

The configuration as is was tested and worked, but after a week, following the same scenario resulted in the following error:

An error has occurred. Please try again, and if the problem persists, contact your help desk or system administrator. (Error 3000)

Following up on the error, the event viewer gave following info:

Password Reset Activity could not find Mv record for user

This is a very clear error message indicating a problem with the WMI permissions. Checking up on this resulted in the conclusion that the permissions were set correctly. Lookups for accounts in the IS4U domain worked, but lookups for accounts in the DMZ domain failed.

Finding the PDC

Going back to the event viewer, we were given another clue:

DsGetDCName failed with 1355

A bit of researching learned us that the SetPassword call of SSPR always calls DsGetDCName because SSPR needs to find and target the PDC (domain controller with the PDC emulator role). This call seems to fail. We tried getting more info by running this specific call via nltest nltest /dsgetdc:dmz /netbios, but failed with following message:

Getting DC name failed: Status = 1355 0x54b ERROR_NO_SUCH_DOMAIN

However, resolving the FQDN using nltest /dsgetdc:dmz.be /netbios succeeded. And, even more strange, retrying to resolve using the netbios name did work! Some googling pointed to caching of certain information, which explained why the netbios lookup works after the FQDN lookup and why the initial configuration worked and then broke a week later.

WINS

NetBIOS recognizes domain controllers by the [1C] service record registration, but we could not find the correct WINS configuration, maybe because of the one-way trust.

Solution

The solution involved changing the advanced IP configuration settings. By adding the is4u.be and be suffixes the DsGetDCName call is enforced to always resolve the FQDN by searching for dmz.be instead of dmz.

References

25 Jan 2015 2:05pm GMT

24 Jan 2015

feedPlanet Identity

Julian Bond: So farewell then, Edgar Froese,

So farewell then, Edgar Froese,
http://reynoldsretro.blogspot.com/2015/01/interview-with-edgar-froese-rip.html

I used to love your analogue synthesiser noodlings with Tangerine Dream and found them strangely hypnotic. But my Mother-in-law complained that the bleepy repetition gave her a headache.

It's Kosmische, Motherf*cker.
interview with Edgar Froese (RIP) »
RIP Edgar Froese, who I interviewed eight years ago for this piece on the analogue synth epic genre. THE FINAL FRONTIER: The Analogue Synth Gods of the 1970s Groove, 2007 by Simon Reynolds Ask people about synthesisers in ...

[from: Google+ Posts]

24 Jan 2015 7:30am GMT