BookmarkSubscribeRSS Feed
vanisas
Calcite | Level 5

Hi

 

Using SAS 9.4 and JDK1.7.1 for java application.

Got NonTrustedUser Exception when using GetCredentials method of ISecurity_1_1 object.

Connected to metadataServer using makeISecurityConnection method of MdOMRConnection object from Java application.

I tried by adding loginid in "trustUsers.txt" file on the metadata server, but throwing the same exception.

Is it sufficient to make an user into an trusted user ?

 

Code:

 

public void isInRole() throws Exception
{
try
{
// Define a two-dimensional string array for options
final String[][] options ={{"",""}};
System.out.println("");
System.out.println("<<<< Begin isInRole() >>>>" );

// Define a holder for the credential handle
StringHolder credHandle = new StringHolder();
System.out.println("After StringHolder");

// Define a holder for the method output
BooleanHolder inRole = new BooleanHolder();
System.out.println("After booleanHolder");
String UGAdminRole = "N_Admin";

// Get a credential handle
iSecurity.GetCredentials("LOGINID:SAS.ADMIN", credHandle); //  <----------Throwing exception here.
System.out.println("credHandle = " + credHandle);

// Execute the method
iSecurity.IsInRole(credHandle.value,"ROLE_OBJNAME:" + UGAdminRole,options,inRole);

// Print information about the method call and results
System.out.println();
System.out.println("<<<<<< isInRole() call parameters with results >>>>>>");
System.out.print("credHandle=" + credHandle.value + ", ");
System.out.print("roleSpecification=" + "ROLE_OBJNAME:" + UGAdminRole + ", ");
System.out.print("isInRole=" + inRole.value);
System.out.println();

// Free the credentials
iSecurity.FreeCredentials(credHandle.value);
System.out.println("");
System.out.println("<<<< End isInRole() >>>>" );
}
catch (Exception e)
{
System.out.println("IsInRole: GetInfo: Exceptions");
e.printStackTrace();
throw e;
}
}

 

// method for establishing connection

public boolean connectToServer()
{
String serverName = "111.219.61.95";
String serverPort = "8561";
String serverUser = "SAS.ADMIN";
String serverPass = "enter";
try
{
MdOMRConnection connection = _factory.getConnection();
// This statement makes the connection to the server.
//connection.makeOMRConnection(serverName, serverPort, serverUser, serverPass);
iSecurity = connection.makeISecurityConnection(serverName, serverPort, serverUser, serverPass);
System.out.println("iSecurity = " + iSecurity);
// The following statements define error handling and error
// reporting messages.
}
catch (MdException e)
{
Throwable t = e.getCause();
if (t != null)
{
String ErrorType = e.getSASMessageSeverity();
String ErrorMsg = e.getSASMessage();
if (ErrorType == null)
{
// If there is no SAS server message, write a Java/CORBA message.
}
else
{
// If there is a message from the server:
System.out.println(ErrorType + ": " + ErrorMsg);
}
if (t instanceof org.omg.CORBA.COMM_FAILURE)
{
// If there is an invalid port number or host name:
System.out.println(e.getLocalizedMessage());
}
else if (t instanceof org.omg.CORBA.NO_PERMISSION)
{
// If there is an invalid user ID or password:
System.out.println(e.getLocalizedMessage());
}
}
else
{
// If we cannot find a nested exception, get message and print.
System.out.println(e.getLocalizedMessage());
}
// If there is an error, print the entire stack trace.
e.printStackTrace();
return false;
}
catch (RemoteException e)
{
// Unknown exception.
e.printStackTrace();
return false;
}
// If no errors occur, then a connection is made.
return true;
}

 

 

1 REPLY 1
sunfly818
SAS Employee

Hi!  Just curious are you trying to have the user act on behalf of others?  Is this a service account?  This might help with trying to solve who you are trying to define in the metadata.  See the description of what a trusted user is in SAS.  It also has other user types as well.

 

SAS Trusted User
The user account that can impersonate other users on connections to the metadata server. Some SAS processes use this account to communicate with the metadata server on a client's behalf. Defining User types in SAS
 
You can define the user in the metadata without putting it in trustUsers.txt as well. If it is a service account, you might want to think about what capabilities it would be.

suga badge.PNGThe SAS Users Group for Administrators (SUGA) is open to all SAS administrators and architects who install, update, manage or maintain a SAS deployment. 

Join SUGA 

CLI in SAS Viya

Learn how to install the SAS Viya CLI and a few commands you may find useful in this video by SAS’ Darrell Barton.

Find more tutorials on the SAS Users YouTube channel.

Discussion stats
  • 1 reply
  • 1007 views
  • 0 likes
  • 2 in conversation