PeopleSoft Query Access Services security problems, in other words does QAS

Similar Messages

• Web Services Security Problem

  hi all,
  I am publishling the BC4J Component(Application module) as a webservice. The particular web service method will be as follows. The method is returning the element object.
  public Element getEmp(String searchString,String selectedItem, int pageNoInput)
  return (Element)hits.writeXML(1,Row.XML_OPT_LIMIT_RANGE);
  I am securing the web service by the instructions which are given in the following link
  http://www.oracle.com/technology/products/jdev/howtos/1013/wssecure/10gwssecurity_howto.html
  Then i am creating the proxy client. when i run the proxy client it gives me the following exception
  javax.xml.rpc.soap.SOAPFaultException: SOAP must understand error: {http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security
       at oracle.j2ee.ws.client.StreamingSender._raiseFault(StreamingSender.java:553)
       at oracle.j2ee.ws.client.StreamingSender._sendImpl(StreamingSender.java:390)
       at oracle.j2ee.ws.client.StreamingSender._send(StreamingSender.java:111)
       at aptuitclient.runtime.ReviewProtocolAppModuleServiceSoapHttp_Stub.getEmp(ReviewProtocolAppModuleServiceSoapHttp_Stub.java:91)
       at bc4jaswebservice.server.webservice.ReviewProtocolAppModuleServiceSoapHttpPortClient.getEmp(ReviewProtocolAppModuleServiceSoapHttpPortClient.java:58)
       at bc4jaswebservice.server.webservice.ReviewProtocolAppModuleServiceSoapHttpPortClient.main(ReviewProtocolAppModuleServiceSoapHttpPortClient.java:44)
  When i am removing the security for the web service it is giving the Element object.
  The Problem is when i am securing the web service it is giving the above said exception.
  Please help me regarding this... this is very urgent...
  rgds
  Parameswaran

  Hello,
  When you are using WS-Security you need to secure the client too. So in your case the client is the ADF Data Control.
  The way you should configure your data control is documented here:
  - Web Services Security and ADF Data Control
  Regards
  Tugdual Grall

• WRT55AG - Denial Of Service / security hole, and other issues

  Im using a V2 of the WRT55AG using 1.79 firmware.
  I suffered many perplexing issues when connected directly to my cable modem.
  1 It would lock up and no data transversed it
  2 Its web interface would no longer exist
  3 Some types of data would be blocked
  4 It would stop doing DHCP
  5 Ping times to it from the LAN side would increase in 1 minute intervals for hours or until power cycled
  6 Data rates would slow randomly.
  These problems would occur separately and in combinations. They would occur randomly but some issues would occur daily.
  Left alone the router would 100% lock up in a matter of days. This occurred 100% of the time.
  Rebooting was a daily and sometimes hourly ritual.
  After reading in many forums of the known issues with this router I purchased a BEFSR41 as replacement.
  ALL of my problem were gone. This of course isolated the issues I was having to the WRT55AG.
  I then hooked up the WRT55AG _after_ the BEFSR41.
  The problems with the WRT55AG disappeared. Completely. It suddenly worked for weeks perfectly.
  I then tried setting the BEFSR41's DMZ to the IP of the WRT55AG exposing the WRT55AG to the net directly.
  The issues returned.
  So the WRT55AG is crashing and suffering from various problems because of some hostile internet packets. Effectively it suffers major security issues and a denial of service from something that is present from the internet. I did not isolate what ports+packets were causing the DOS condition.
  Im sure the WRT55AG has some code that is vulnerable to attack because it crashes when exposed to the net. This is a serious issue.
  This is a sad state of affairs. I paid good money for the router. Its too late to get my money back. I would settle for a 802.11A WAP.
  I want a *FIX* for the obvious security hole that could expose anyone on the LAN side of the wrt55AG router to attack if the router/firewall is compromised. I want my WRT55AG to work as intended or at least as well as the BEFSR41 I own.
  I also feel if the source code was still open, then these problems would not exist. At the very least, some other 3rd party version of firmware would be available that would work in the router and any issue would get prompt attention and a quick solution from a open source team. The decision by Linksys to move away from open source firmware will erode the quality of the brand by making products less reliable.
  WHEN will a new version of the firmware be available for the WRT55AG ?
  If not how do I go about returning a well documented defectively engineered product for a product that works ?

  I would like to see a update to fix the various issues with this router. When will this be available ?
  -OR-
  If this product is considered End Of Life, I would like to get confirmation that no future firmware update will occur.
  As this product was defective out of the box and has never been fixed, I would like a replacement product please. My serial number is # MDJ106802225
  Message Edited by Xymox on 08-13-2008 11:28 AM

• Essbase - Shared Services security problem

  In a Shared services enabled Essbase server,
  For a user/group can we define different access levels (say Read on one & Write on the other) to different databases belonging to the same application (BSO)?
  If not, Is there any alternative?
  Appreciate your thoughts.
  Thanks,
  Ethan.

  Of course you can.
  If you're on v11, the steps are as follows:
  1) Create a group (I am going to assume groups and usernames).
  2) Provision the group Essbase server access and Read access to My Very Favorite Essbase Database In The Whole Wide World (MVFEDITWWW) -- Sample.Basic. You could get fancy and create a two level group hierachy with the upper level group provisioned ot Essbase server access and the second group Read access to Sample.Basic if you wanted to.
  3) Expand the application groups and drill into Sample. Right click on Sample and pick Assign Access Control.
  4) An Application tab will open up with a Database drop down. Select Basic and check off the box that relates to your group. It will have the role of Read.
  You have just assigned access to Sample.Basic.
  Follow the same steps for Sample.Intl, etc., etc.
  Regards,
  Cameron Lackpour
  P.S. I believe the above holds true for 9.3.1 but the interface looks a little different. I never did it there -- all of my System 9 work was, alas, Planning only.

• Shared services security  problem

  Hi All,
  My security is in Shred services mode
  When i open Shared services
  In the ApplicationGroup Folders
  In the APS servers I remove my Essbase server now i want to add it again
  please can any one tell me how can i add it
  what should i do to get that
  please help on this
  thanks in Advance

  I think, you need to configure the shared services and Essbase again. Try this and let us know if this helps to resolve your issue.
  -UB

• J2EE Engine service Web Services Security

  Hi,
  My Web Services Security in J2EE Visual Administrator does not show anything in Runtime tab. I want to see Web Services Client as per ADS Config guide documentation. Please help!!!
  QT

  QT,
  Please check this document:
  https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/1b651014-0301-0010-c39a-98d7cd057847
  https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/e08627de-9816-2a10-02b7-cbd60f7e4b2c
  https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/92914af6-0d01-0010-3081-ded3a41be8f2
  Hope it helps.
  Thanks
  Mona

• Error when trying to access a secured web service from Forms 10g 10.1.2.3

  Hello,
  I'm trying to access a secured web service from Forms10g 10.1.2.3 but i'm getting the next error when pressing the button the first time:
  java.rmi.RemoteException: ; nested exception is: HTTP transport error: javax.xml.soap.SOAPException:
  java.security.PrivilegedActionException: javax.xml.soap.SOAPException: Bad response: 401 UnauthorizeWhen i press the button a second time i got this error:
  javax.xml.rpc.soap.SOAPFaultException: The SOAP request is invalid. The required node 'Envelope' is missingThis is the code i have in my button:
  DECLARE
  jo ora_java.jobject;
  pdfObject ora_java.jobject;
  pdf     varchar2(900);
  rv varchar2(100);
  ex ora_java.jobject;
  BEGIN
  JO := SEARCHSOAPCLIENT.new;
  SEARCHSOAPCLIENT.setUsername(JO,'weblogic');
  SEARCHSOAPCLIENT.setPassword(JO,'welcome1');
  pdfObject := SEARCHSOAPCLIENT.quicksearch(JO,'1234',NULL);
  pdf := SEARCHSOAPCLIENT.tostring(pdfObject);
  message(pdf);
  message(' ');
  EXCEPTION
  WHEN ORA_JAVA.JAVA_ERROR then
  message('Unable to call out to Java, ' ||ORA_JAVA.LAST_ERROR);
  WHEN ORA_JAVA.EXCEPTION_THROWN then
  ex := ORA_JAVA.LAST_EXCEPTION;
  :error := Exception_.toString(ex);
  END;When i run it from JDeveloper it works, this is a portion of java code the proxy web service has:
  import oracle.webservices.transport.ClientTransport;
  import oracle.webservices.OracleStub;
  import javax.xml.rpc.ServiceFactory;
  import javax.xml.rpc.Stub;
  public class SearchSoapClient {
      private webservicesproxywebcontent.proxy.SearchSoap _port;
      public SearchSoapClient() throws Exception {
          ServiceFactory factory = ServiceFactory.newInstance();
          _port = ((webservicesproxywebcontent.proxy.Search)factory.loadService(webservicesproxywebcontent.proxy.Search.class)).getSearchSoap();
          this.setUsername("weblogic");
          this.setPassword("welcome1");
          System.out.println("callling from _port "+ _port.quickSearch("1234234", null));
       * @param args
      public static void main(String[] args) {
          try {
              webservicesproxywebcontent.proxy.SearchSoapClient myPort = new webservicesproxywebcontent.proxy.SearchSoapClient();
              System.out.println("calling " + myPort.getEndpoint());
          } catch (Exception ex) {
              ex.printStackTrace();
       * delegate all operations to the underlying implementation class.
      public QuickSearchResult quickSearch(String queryText, IdcPropertyList extraProps) throws java.rmi.RemoteException {
          return _port.quickSearch(queryText, extraProps);
      }Also the secured web service was generated from Webcenter Content 11.1.1.6 that is why it's a secured web service.
  Kind Regards
  Carlos

  Without going into any technical discussion about the code, my first question is what JDK version was used to create this which was imported into the form? Understand that Forms 10 runs on JDK 1.4.2, so if you used any newer JDK version, likely there will be problems.

• SL5 client accessing an secured (HTTPS) Odata service

  I have a SL5 client that is hosted on Windows Azure.
  I have some OData WCF services that work perfectly fine. Calling the odata services from the SL5 client works fine both running locally and remotely on Azure. The problem is https. I've uploaded the bought certificate and I can call the odata wcf services
  secure by using https from Fiddler2 and it gets the proper results.
  When I run the SL5 client locally in my VS2012 environment it also works fine calling the https endpoint. After deployment to Windows Azure the client stops working and the calls to the https endpoints don't work anymore :-(
  anybody has a clue?

  hi RiccardoBecker,
  Thanks for posting!
  Base on my experience, when hosted WCF service on windows azure, we could use Service Bus (http://msdn.microsoft.com/en-us/library/windowsazure/ee173579.aspx )to access
  it  on client side in intranet or internet. So if you used in intranet, I suggest you could create service bus to access it. Or if you use internet, I suggest you check your endpoint address setting. You need use your cloud address to access
  wcf service on client side. You could download those code sample (http://code.msdn.microsoft.com/windowsazure/CSAzureWCFServices-20c7d9c5 &
  http://www.codeproject.com/Articles/188464/Host-WCF-Services-in-an-Azure-Worker-Role ) and try it.
  Any question, please let me know.
  Regards,
  Will
  We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
  Click
  HERE to participate the survey.

• Data Access Service is unable to log audit events to the security event log

  Hi,
  Scenario: SCOM 2012 R2 UR4. (Windows 2012 R2)
  Today SCOM have generated 4 alerts Data Access Service is unable to log audit events to the security event log.
  The service account for "System Center Data Access Service" service is "Local System".
  The users at "Generate security audits" are: LOCAL SERVICE and NETWORK SERVICE.
  The question is:
  how to resolve this alert? (Where look for to obtain more information to resolve this problem)
  Thanks in advance!

  Local system account is differet to local service account. Fo detail description of these accounts, pls. refer
  LocalService Account
  http://msdn.microsoft.com/en-us/library/windows/desktop/ms684188(v=vs.85).aspx
  LocalSystem Account
  http://msdn.microsoft.com/en-us/library/windows/desktop/ms684190(v=vs.85).aspx
  Generate security audits which is under Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment of Group policy, determines which accounts can be used by a process to add entries to the security log. This user right
  is defined in the Default Domain Controller Group Policy object (GPO) and in the local security policy of workstations and servers. By default, only the LocalSystem account has the privilege to be used by processes to generate security audits.
  For identified the SDK account
  1) open services.msc
  2) From the system Center Data Access Service, you can see the SDK logon on as account 
  Roger

• Remote Delta link setup problem with Bean / Access Service

  Hello,
  I am trying to setup Remote Delta Link (RDL) between two portals. (Both portals same version - EP 7.0 EHP1 SP 05 - are in the same domain)
  I already have the Remote Role Assignment working without any issues.
  The following have been done successfully:
  1. Same user repository has been setup for both the portals
  2. Setup trust between producer and consumer (SSO working fine)
  3. Producer added and registered succesfully on consumer
  4. Permissions setup on producer and consumer
  4. pcd_service user with required UME actions setup
  I am able to see all the remote content in the Consumer portal.
  When I try to copy the remote content and paste it as local content, I am getting the following error:
  Could not create remote delta link to object 'page id'. Could not connect to the remote portal. The remote portal may be down, there may be a network problem, or your connection settings to the remote portal may be configured incorrectly.
  After increasing the log severity, I am able to see the following in Default Trace:
  com.sap.portal.fpn.transport.Trying to lookup access service (P4-RMI) for connecting to producer 'ess_int' with information: com.sap.portal.fpn.remote.AccessServiceInformation@31c92207[connectionURL=hostname.mycompany.com:50004, shouldUseSSL=false, RemoteName=AccessService]
  com.sap.portal.fpn.transport.Unable to lookup access service (P4-RMI) with information: com.sap.portal.fpn.remote.AccessServiceInformation@31c92207[connectionURL=hostname.mycompany.com:50004, shouldUseSSL=false, RemoteName=AccessService]
  AbstractAdvancedOperation.handleDirOperationException
  [EXCEPTION]
  com.sap.portal.pcm.admin.exceptions.DirOperationFailedException: Could not retrieve the bean / access service to connect with producer
  Could not retrieve the bean / access service to connect with producer
  Like you can see above, there is some bean / access service which is not retrieved successfully. I am not sure if this is a permission problem on the consumer.
  I have checked that the P4 ports are configured correctly (standard - not changed) and I am able to telnet from producer to consumer (and vice versa) on the P4 port.
  I am stuck at this point and am not able to find any information on this.
  I would really appreciate if some one can point me in the right direction.
  Thank you for reading.
  - Raj

  Hi Raj,
  Please check your config of the P4 port on the producer.  Is it really 50004 (check SystemInfo of the producer)?
  I do think there's a problem with the P4 communication since RDL requires P4 connection.
  Do you have load balanced consumer-producer connection? Please refer to this blog for further details
  Little known ways to create a load balanced Consumer – Producer connection in a FPN scenario
  Regards,
  Dao

• [Fwd: Security problem accessing MBeanServer from a servlet]

  Reposting to Security and Servlet newsgroups.
  -------- Original Message --------
  Subject: Security problem accessing MBeanServer from a servlet
  Date: 10 Feb 2004 13:02:09 -0800
  From: Alain <[email protected]>
  Reply-To: Alain <[email protected]>
  Organization: BEA NEWS SITE
  Newsgroups: weblogic.developer.interest.management
  Hi,
  I am trying to understand how WLS 7.0 secures a call to an MBean. Got
  the following
  scenario:
  - I am in a servlet context
  - I have created and registered an MBean with the WLS MBeanServer. Fine
  so far
  - Within the same call I can retrieve the MBean attributes. Fine so far
  - I keep the MBeanServer reference in an object global to the servlet
  context
  The problem:
  - When I do another request and try to use the cached MBeanServer
  instance to
  access the MBean, I get the following error:
  weblogic.management.NoAccessRuntimeException: Access not allowed for
  subject:
  principals=[], on ResourceType ...
  Any idea?
  Alain

  PaulF <paulf@reply_in_newsgroup.com> wrote:
  On 10 Feb 2004 13:02:09 -0800, Alain <[email protected]> wrote:
  Hi,
  I am trying to understand how WLS 7.0 secures a call to an MBean. Got
  the following
  scenario:
  - I am in a servlet context
  - I have created and registered an MBean with the WLS MBeanServer.Fine
  so far
  - Within the same call I can retrieve the MBean attributes. Fine sofar
  - I keep the MBeanServer reference in an object global to the servlet
  context
  The problem:
  - When I do another request and try to use the cached MBeanServer
  instance to
  access the MBean, I get the following error:
  weblogic.management.NoAccessRuntimeException: Access not allowed for
  subject:
  principals=[], on ResourceType ...
  Any idea?
  AlainWhat ResourceType are you trying to access. From the Exception you're
  trying to access it as an Anonymous user (principals=[]) and evidently
  you're attempting to access something that is protected. I can't tell
  what
  from the snippet you've included.
  Using M2, Opera's revolutionary e-mail client: http://www.opera.com/m2/
  Thanks Paul for your reply.
  You are right. I can access my custom MBeans if I am authenticated for example
  as an Administrator. My problem is that I want any application to access this
  MBean authenticated or not. I am trying to find how I could grant permission to
  this MBean to everyone. Still searching.
  Thanks.

• Expose PeopleSoft query as web service

  I've created a custom query using the PeopleSoft Query Manager and can pull the results as HTML, Excel, XML, etc. I've also tried using the Process Scheduler Request to automate how often the query is executed. The results destination types listed in the Process Scheduler are “email, feed, file, Integration Broker node, web, window.” I am intending on using the data from this query in an external application, but none of these destinations seem ideal for that.
  Is it possible to expose this query as a web service and call that from an external application? I haven't found any resources that detail how to do that so far. If this is not a feasible solution, which of the results types can be easily integrated into an application? Any help/links would be much appreciated.

  What tools version are you on? As of 8.50 they provide a web service for query. It is documented in the Reporting Web Services PeopleBook in the 8.50+ documentation.
  Here's the link for 8.53:
  http://docs.oracle.com/cd/E38689_01/pt853pbr0/eng/pt/trws/index.html
  Regards,
  Bob

• My computer continually asks me to enter my password for Keychain access. This problem is continuos and I am having trouble with eliminating it. I have changed my password through Security and my Accounts numerous times to no avail.  Is there anythin

  My computer continually asks me to enter my password for Keychain access. This problem is continuos and I am having trouble with eliminating it.
  I have changed my password through Security and my Accounts numerous times to no avail.
  Is there anything I can do other than Resetting the entire computer and re installing all of the software, apps, etc.etc.

  Back up all data before proceeding.
  Launch the Keychain Access application in any of the following ways:
  ☞ Enter the first few letters of its name into a Spotlight search. Select it in the results (it should be at the top.)
  ☞ In the Finder, select Go ▹ Utilities from the menu bar, or press the key combination shift-command-U. The application is in the folder that opens.
  ☞ Open LaunchPad and start typing the name.
  Select the login keychain from the list on the left side of the Keychain Access window. If your default keychain has a different name, select that.
  If the lock icon in the top left corner of the window shows that the keychain is locked, click to unlock it. You'll be prompted for the keychain password, which is the same as your login password, unless you've changed it.
  Right-click or control-click the login entry in the list. From the menu that pops up, select
            Change Settings for Keychain "login"
  In the sheet that opens, uncheck both boxes, if not already unchecked.
  From the menu bar, select
            Keychain Access ▹ Preferences... ▹ First Aid
  There are four checkboxes in the window that opens. Check all of them. if they're not already checked. Close the window.
  Select
            Keychain Access ▹ Keychain First Aid
  from the menu bar and repair the keychain. Quit Keychain Access.
  If you use iCloud Keychain, open the iCloud preference pane and uncheck the Keychain box. You'll be prompted to delete the local iCloud keychain. Confirm. Then re-check the box. Follow one of the procedures described in this support article to set up iCloud Keychain on an additional device.

• Netpoint 5.96 Catalog security problem - Anyone can see other users catalog

  I just had a revelation regarding the security of the catalogs.
  Anyone wise enough to realize that adding ?Category=x on the address can access the catalogs of any other customers !!!!! BIG BIG PROBLEM
  I will soon test if they also get the price list of that other catalog ?
  Is there a way to prevent a user from SEEING other catalogs ?

  Hi Shane,
  thanks for that, it worked nicely.
  For anyone watching this thread, he're my effort at securing the shipment.aspx page.
  It is an ascx control with no visual components, that you should drop in right at the very top of the page:
  <%@ Control Language="C#" ClassName="SBPageSecurity" %>
  <%@ Import Namespace = "netpoint.classes" %>
  <%@ Import Namespace = "netpoint.api.catalog" %>
  <%@ Import Namespace = "netpoint.api" %>
  <%@ Import Namespace = "netpoint.api.commerce" %>
  <script runat="server">
      protected void Page_Load(object sender, EventArgs e)
         string connString =  ConfigurationSettings.AppSettings["connString"].ToString();
         NPSession s = new NPSession(this.Context, connString);
         //verify that the logged-in accountId matches the Shipment object AccountID
         int docnum = (Request["shipmentid"] == null ? 0 : Convert.ToInt32(Request["shipmentid"]));
         if (0 == docnum)
             //no doc num
             Response.End();
         else
             NPShipment shipment = new NPShipment(docnum);
             if (shipment.AccountID != s.AccountID)
                 Response.End();
  </script>
  So basically all it does is verify that the logged in Account "owns" the document they are trying to view.
  I'm sure there is room for improvement, but at least it may be a place to start for some folks.
  Regards,
  Steve

• My iPhone 4 appears with no service every day, i have to restarted and a few hours later again the same problem, Any other solution please???

  my iPhone 4 appears with no service every day, i have to make restart and a few hours later again the same problem, Any other solution please???

  This is almost always a symptom of a phone that was jailbroken or hacked to unlock it.
  Where did you get the phone?