Access Control - Class of Service
Sorry if this has been asked before, I have tried to search the forum.
What order are the acces control class of services implemented (top down or randomly)
As an example, I am trying to stop everyone except for 20 users from sending to xxxxx.xxx.
I have entered in the default class of service an entry in smtp outbound that restricts users from sending to xxxxx.xxx
I have then created a new class of service allowing the 20 users to send to all domains.
This does not work:-(
We have approx 5000 users in 15 different domains.
Any ideas?
Originally Posted by mrosen
Hi.
On 21.12.2012 12:06, pvo wrote:
>
> Sorry if this has been asked before, I have tried to search the forum.
>
> What order are the acces control class of services implemented (top
> down or randomly)
> As an example, I am trying to stop everyone except for 20 users from
> sending to xxxxx.xxx.
> I have entered in the default class of service an entry in smtp
> outbound that restricts users from sending to xxxxx.xxx
> I have then created a new class of service allowing the 20 users to
> send to all domains.
>
> This does not work:-(
Correct. You can't *open* higher up restrictions. As such, what you
forbid in the default COS, is forbidden for everyone. You need to work
your way down from open to restricted.
CU,
Massimo Rosen
Novell Knowledge Partner
No emails please!
Untitled Document
Massimo,
Thanks for the information - I was affraid it is as you describe.
That means in theory I have to open for all in the default class of service and then create a new one where 4880 users are added - OK if i am lucky I can add by domain.
Once again thanks.
Similar Messages
-
Oracle EPM 11.1.1.3 - Assign Access Control in Shared Services for filters
We are using 11.1.3 version of EPM.
We have configured Essbase with Shared Services.
When I try to click Assign Access Control , it gives "loading.." thats it. Nothing else.
I have registered the application from EAS with Shared Services
Could you pelase suggest what I can do assign filters to users.
cheers,Hi,
Provision the user with which you are logging into shared services as an Esssbase User and try.May this will solve your issue
Thanks.
Edited by: user9976039 on Oct 23, 2009 12:57 PM -
"Assign Access Control" returns error for essbase apps in shared services
Hello,
I installed and configured Oracle EPM 11.1.2 (Foundation, Essbase, Planning, Reporting&Analysis):
OS: Windows Server 2008 Sp2 (32bit)
Default Installation with default ports,
Installation of all components on the same server,
no clustering
EPM System Diagnostic says that everything is OK.
Now I want to assign filter access for an essbase database in the Shared Services.
Starting the menu item "Assign Access Control" in Shared Services returns the following error:
Error 404--Not Found
From RFC 2068 Hypertext Transfer Protocol -- HTTP/1.1:
+10.4.5 404 Not Found+
The server has not found anything matching the Request-URI. No indication is given of whether the condition is temporary or permanent.
+....+
Can anybody help ???
best regards,
NicoleHello,
here's what I found out so far:
I get the error if I start the shared services console via the URL "http://servername:port/interop/index.jsp" and then select the "assign access control" for an essbase database.
If I start the shared services console via the workspace everything works fine.
Does anybody know what to do so that it also works if I start the shared services console via URL?
best regards,
Nicole -
Shared Services Assign Access Control for Essbase
Hi we have a used who has his provisioning in form of filters in essbase group. I tried assigning his filter to thim through Assign Access Control in shared services. I'm able to see the user and also the the filter I created for the user but when I try to assign it to him and save it is really not getting assigned. It still stays the user doesnot have any filters assigned to his account. Am I missing anything.
Thank you.Have you given maxl a try:
grant filter appname.dbname.filtername to user;
Cheers
John
http://john-goodwin.blogspot.com/ -
I have problems with the Assign Access Control in HFM
I have problems when I want assign Access Control by Shared Services in application HFM. I login with user admin and send me this message
Processing Error:
Description: Invalid argument.
Code: -2147220951
Trace: Number:-2147220951
Description:
Source:General Security Error
Page:
Actor: General Security Error
Anyone can't help meI've seen this error when the application isn't registered properly. Try re-registering via Workspace.
-
Hello,
I'm attempting to get a SharePoint 2013 Provider Hosted Application working in a brand new SharePoint environment. I've created snapshots of both my dev and the sharepoint environments along the way and have meticulously documented every step of the
way. I've followed these instructions (among many other resources found along this journey) :
http://msdn.microsoft.com/en-us/library/fp179923(office.15).aspx
http://technet.microsoft.com/en-us/library/fp161236(office.15).aspx
http://msdn.microsoft.com/library/office/fp179901%28v=office.15%29
Upon package and publish of my application to SharePoint, I get a 401 Unauthorized error. I use Fiddler to obtain the SPErrorCorrelationID to ultimately obtain the following ULS Viewer Output. Please explain how to fix if you're able.
Please Note: I was under the impression that a Provider Hosted Application does not use the Azure Access Control service, so I'm confused as to why my system is attempting to make this connection?
Also Note: I've used a self signed and godday obtained certificate to successfully f5 debug my basic web.title (out of the visual studio 2012 box) sharepoint provider hosted application... so I know my certs are good.
Here's my ULS output:
03/24/2014 08:54:47.83 w3wp.exe (0x1448) 0x22D8 SharePoint Foundation Logging Correlation Data xmnv Medium Name=Request (GET:http://portal.cltenet.com/_layouts/15/appredirect.aspx?instance_id=22d5252f%2D392c%2D4f68%2Db820%2Da3053b9d4f24)
306c809c-66a1-d0d5-d8e2-89d3631ce1bf
03/24/2014 08:54:47.83 w3wp.exe (0x1448) 0x22D8 SharePoint Foundation Authentication Authorization agb9s Medium Non-OAuth request.
IsAuthenticated=True, UserIdentityName=0#.w|cltenet\sp.apps, ClaimsCount=25 306c809c-66a1-d0d5-d8e2-89d3631ce1bf
03/24/2014 08:54:47.83 w3wp.exe (0x1448) 0x22D8 SharePoint Foundation Logging Correlation Data xmnv Medium Site=/ 306c809c-66a1-d0d5-d8e2-89d3631ce1bf
03/24/2014 08:54:47.84 w3wp.exe (0x1448) 0x22D8 SharePoint Foundation App Deployment acjjg Medium The current user has System.Threading.Thread.CurrentPrincipal.Identity.Name
= 0#.w|cltenet\sp.apps, System.Security.Principal.WindowsIdentity.GetCurrent().Name = NT AUTHORITY\IUSR, System.Web.HttpContext.Current.User.Identity.Name = 0#.w|cltenet\sp.apps. 306c809c-66a1-d0d5-d8e2-89d3631ce1bf
03/24/2014 08:54:47.84 w3wp.exe (0x1448) 0x22D8 SharePoint Foundation App Auth ajsrv Medium redirectLaunUrl after getting it from query
string, web or app instance: https://hightrust31.cltenetapps.com/Pages/Default.aspx?{StandardTokens} 306c809c-66a1-d0d5-d8e2-89d3631ce1bf
03/24/2014 08:54:47.85 w3wp.exe (0x1448) 0x22D8 SharePoint Foundation General aib0n High trying to get app tokens for site: 888b71f7-51ee-40f5-8344-8de4869d37d0
Unable to load app tokens from appInstanceId: 22d5252f-392c-4f68-b820-a3053b9d4f24 306c809c-66a1-d0d5-d8e2-89d3631ce1bf
03/24/2014 08:54:47.85 w3wp.exe (0x1448) 0x22D8 SharePoint Foundation App Auth ajsrw Medium redirectLaunUrl after getting token replacement:
https://hightrust31.cltenetapps.com/Pages/Default.aspx?SPHostUrl=http%3A%2F%2Fportal%2Ecltenet%2Ecom&SPLanguage=en%2DUS&SPClientTag=0&SPProductNumber=15%2E0%2E4420%2E1017 306c809c-66a1-d0d5-d8e2-89d3631ce1bf
03/24/2014 08:54:47.85 w3wp.exe (0x1448) 0x22D8 SharePoint Foundation App Auth ajsry Medium m_oauthAppId after NormalizeAppIdentifier()
i:0i.t|ms.sp.ext|[email protected]8df36d5d. Now getting app principal info. 306c809c-66a1-d0d5-d8e2-89d3631ce1bf
03/24/2014 08:54:47.85 w3wp.exe (0x1448) 0x22D8 SharePoint Foundation App Auth ajsr0 Medium decided that we need to do a POST to the
app. 306c809c-66a1-d0d5-d8e2-89d3631ce1bf
03/24/2014 08:54:47.85 w3wp.exe (0x1448) 0x22D8 SharePoint Foundation App Auth ajsr1 Medium m_redirectMessage: EndpointAuthorityMatches
306c809c-66a1-d0d5-d8e2-89d3631ce1bf
03/24/2014 08:54:47.85 w3wp.exe (0x1448) 0x22D8 SharePoint Foundation App Auth ajsr2 Medium realm matched attempting to get app token
using GetAccessToken() 306c809c-66a1-d0d5-d8e2-89d3631ce1bf
03/24/2014 08:54:47.85 w3wp.exe (0x1448) 0x22D8 SharePoint Foundation App Auth advzm High Error when get token for app i:0i.t|ms.sp.ext|[email protected]8df36d5d,
exception: Microsoft.SharePoint.SPException: The Azure Access Control service is unavailable. at Microsoft.SharePoint.ApplicationServices.SPApplicationContext.GetApplicationSecurityTokenServicesUri(SPServiceContext serviceContext)
at Microsoft.SharePoint.ApplicationServices.SPApplicationContext..ctor(SPServiceContext serviceContext, SPIdentityContext userIdentity, OAuth2EndpointIdentity applicationEndPoint) at Microsoft.SharePoint.SPSecurityContext.SecurityTokenForApplicationContext(SPIdentityContext
userIdentityContext, String applicationId, Uri applicationRealm, SPApplicationContextAccessTokenType applicationTokenType, SPApplicationDelegationConsentType consentValue) at Microsoft.SharePoint.SPServerToAppServerAccessTokenManager.GetAccessTokenPrivate(SPServiceContext
serviceContext, String appId, Uri appEndpointUrl, SPAppPrincipalInfo appPrincipal, SPApplicationContextAccessTokenType tokenType, Boolean useThreadIdentity, SPUserToken userToken) 306c809c-66a1-d0d5-d8e2-89d3631ce1bf
03/24/2014 08:54:47.85 w3wp.exe (0x1448) 0x22D8 SharePoint Foundation App Auth ajsr3 High App token requested from appredirect.aspx
for site: 888b71f7-51ee-40f5-8344-8de4869d37d0 but there was an error in generating it. This may be a case when we do not need a token or when the app principal was not properly set up. LaunchUrl:https://hightrust31.cltenetapps.com/Pages/Default.aspx?SPHostUrl=http://portal.cltenet.com&SPLanguage=en-US&SPClientTag=0&SPProductNumber=15.0.4420.1017
Exception Message:The Azure Access Control service is unavailable. Stacktrace: at Microsoft.SharePoint.ApplicationServices.SPApplicationContext.GetApplicationSecurityTokenServicesUri(SPServiceContext serviceContext)
at Microsoft.SharePoint.ApplicationServices.SPApplicationContext..ctor(SPServiceContext serviceContext, SPIdentityContext userIdentity, OAuth2EndpointIdentity applicationEndPoint) at Microsoft.SharePoint.SPSecurityContext.SecurityTokenForApplicationContext(SPIdentityContext
userIdentityContext, String applicationId, Uri applicationRealm, SPApplicationContextAccessTokenType applicationTokenType, SPApplicationDelegationConsentType consentValue) at Microsoft.SharePoint.SPServerToAppServerAccessTokenManager.GetAccessTokenPrivate(SPServiceContext
serviceContext, String appId, Uri appEndpointUrl, SPAppPrincipalInfo appPrincipal, SPApplicationContextAccessTokenType tokenType, Boolean useThreadIdentity, SPUserToken userToken) at Microsoft.SharePoint.SPServerToAppServerAccessTokenManager.GetAccessTokenFromThreadIdentityOrUserToken(SPServiceContext
serviceContext, String appId, Uri appEndpointUrl, SPApplicationContextAccessTokenType tokenType, SPAppPrincipalInfo appPrincipal, Boolean useThreadIdentity, SPUserToken userToken) at Microsoft.SharePoint.ApplicationPages.AppRedirectPage.ValidateAndProcessRequest().
Since this is a nonfatal error, it will be sanitized and posted to the app as part of the app launch. 306c809c-66a1-d0d5-d8e2-89d3631ce1bf
03/24/2014 08:54:47.85 w3wp.exe (0x1448) 0x22D8 SharePoint Foundation General ajlz0 High Getting Error Message for Exception Microsoft.SharePoint.SPException:
The Azure Access Control service is unavailable. at Microsoft.SharePoint.ApplicationServices.SPApplicationContext.GetApplicationSecurityTokenServicesUri(SPServiceContext serviceContext) at Microsoft.SharePoint.ApplicationServices.SPApplicationContext..ctor(SPServiceContext
serviceContext, SPIdentityContext userIdentity, OAuth2EndpointIdentity applicationEndPoint) at Microsoft.SharePoint.SPSecurityContext.SecurityTokenForApplicationContext(SPIdentityContext userIdentityContext, String applicationId, Uri
applicationRealm, SPApplicationContextAccessTokenType applicationTokenType, SPApplicationDelegationConsentType consentValue) at Microsoft.SharePoint.SPServerToAppServerAccessTokenManager.GetAccessTokenPrivate(SPServiceContext serviceContext,
String appId, Uri appEndpointUrl, SPAppPrincipalInfo appPrincipal, SPApplicationContextAccessTokenType tokenType, Boolean useThreadIdentity, SPUserToken userToken) at Microsoft.SharePoint.SPServerToAppServerAccessTokenManager.GetAccessTokenFromThreadIdentityOrUserToken(SPServiceContext
serviceContext, String appId, Uri appEndpointUrl, SPApplicationContextAccessTokenType tokenType, SPAppPrincipalInfo appPrincipal, Boolean useThreadIdentity, SPUserToken userToken) at Microsoft.SharePoint.ApplicationPages.AppRedirectPage.ValidateAndProcessRequest()
306c809c-66a1-d0d5-d8e2-89d3631ce1bf
03/24/2014 08:54:47.85 w3wp.exe (0x1448) 0x22D8 SharePoint Foundation App Auth aib0p Medium Doing appredirect from appredirect.aspx:
in site: 888b71f7-51ee-40f5-8344-8de4869d37d0 with RedirectLaunchUrl: https://hightrust31.cltenetapps.com/Pages/Default.aspx?SPHostUrl=http%3A%2F%2Fportal%2Ecltenet%2Ecom&SPLanguage=en%2DUS&SPClientTag=0&SPProductNumber=15%2E0%2E4420%2E1017
306c809c-66a1-d0d5-d8e2-89d3631ce1bf
03/24/2014 08:54:47.85 w3wp.exe (0x1448) 0x22D8 SharePoint Foundation Monitoring b4ly Medium Leaving Monitored Scope (Request (GET:http://portal.cltenet.com/_layouts/15/appredirect.aspx?instance_id=22d5252f%2D392c%2D4f68%2Db820%2Da3053b9d4f24)).
Execution Time=26.5933938531294 306c809c-66a1-d0d5-d8e2-89d3631ce1bf
Your help is very much appreciated.
With Respect,
LarryYes, actually - I was able to resolve it.
However I don't know how, unfortunately. I suspect it was because I needed to have the names of the certificates, defined during the certificate registration (to sharepoint) process, different.
I have a complete document that shows step by step instructions on the exact process I took to complete the provider hosted application creation, deployment and publishing. It was a daunting task, but I finished it successfully.
If there's a way to send private message on this forum, please do so and I'll respond with a way to obtain my document.
NOTE: I'm not all impressed with the way this forum works. This is supposed to be a Microsoft resource and I'll be damned if I ever get a response to highly technical questions. Completely lame. Boooooo Microsoft. -
Change in Access Control components on the Service Marketplace
Hello GRC community:
We would like to inform you that as of yesterday (5/30) the Access Control components for support messages/SAP Notes have been changed (they have actually been replaced so all messages/notes logged under the old component will be moved/replaced to the new).
The main 4 components are now:
New: GRC-SAC-ARA Access Risk Management
Old: GRC-SAC-SCC Risk Analysis & Remediation (formerly Compliance Calibrator)
New: GRC-SAC-ARQ Access Request
Old: GRC-SAC-SAE Compliant User Provisoning (formerly Virsa Access Enforcer)
New: GRC-SAC-EAM Emergency Access Management
Old: GRC-SAC-SFF Superuser Privilege Management (formerly Virsa Firefighter)
New: GRC-SAC-BRM Business Role Management
Old: GRC-SAC-SRE Enterprise Role Management (formerly Virsa Role Expert)
There are also NEW components specific to areas of functionality. If you are not sure of what component to log your message under, please use the main components above.
GRC-SAC-ADS Directory Services
GRC-SAC-BI Access Control BW
GRC-SAC-CONF Configuration
GRC-SAC-DAS Dashboard
GRC-SAC-REP Repository
GRC-SAC-RPT Reporting
GRC-SAC-UAR User Access Review
GRC-SAC-UPG Installation & Upgrade
GRC-SAC-WF Workflow
Ramelyn Paredes
AGS Primary SupportHello COmmunity,
To Summarise in Short: New features introduced to V10.0 : GRC 10.0 is ABAP based, so extraction of data from users is fast & analysis as well.
As usual, the names for the Access control tool has been changed
A. Access Risk Analysis (RAR)
1. USOBT & object information will be automatically updated with GRC rather than manual upload (earlier version)
2. Mass Users can be imported from .CSV file for risk analysis, Role analysis etc.,
3. Variant creation / reuse for any report analysis
4. Option of having multiple rule sets & simulating users across multiple rule sets at same time
5. Risk analysis for CUA, Composite roles
6. Mitigation by system, risk id, mass mitigation for users, audit trail etc.,
7. Risk analysis for HR objects
B. Emergency Access Management (SPM)
1. Mass reporting for all FF users, Ids, Executions
2. Centrally maintained for all systems rather than individual ERPs.
C. User Access Management (CUP)
1. Customizable Access request forms
2. HR based role assignment for position, org unit
3. IDM integration using GRC Web services
D. Business Role Management (ERM)
1. Concept of Business role mapping for Technical roles.
2. Audit Trails & PFCG Change history.
Finally, the look, reporting format has been changed to provide additional information for analysis.
More important - GRC V5.3 support is till 2015 & SAP has planned to push the customers to upgrade to 10.0. Eventually SAP is also planning to release GRC 11.0 by mid next year. So we have to wait & watch the show -
"Assign access control" not appearing under Essbase in shared services
Hi Everyone,
Can anyone point out the reason behind this? This is leading to all sorts of problems. Configuration is as follows:
App Server: Foundation, EAS, Planning, Reporting, Web Analysis, Workspace on Tomcat
DB Server: Essbase and SQL Server
Essbase is on Shared Services mode.
This is actually very urgent. Would be grateful for any help.
Thanks,
SayantanThis has been posted in the essbase forum > "Assign access control" not appearing under Essbase in shared services
Cheers
John
http://john-goodwin.blogspot.com/ -
Unable to use the Assign Access Control feature in shared services
Hi,
When I try to right click on the essbase applicaiton in Shared Services to assign access control( to assign a new filter) I keep getting the following error
" Internet cannot display the webpage" message with the following
This problem can be caused by a variety of issues, including:
Internet connectivity has been lost.
The website is temporarily unavailable.
The Domain Name Server (DNS) is not reachable.
The Domain Name Server (DNS) does not have a listing for the website's domain.
There might be a typing error in the address.
If this is an HTTPS (secure) address, click Tools, click Internet Options, click Advanced, and check to be sure the SSL and TLS protocols are enabled under the security section
All the services are running file and I can create new users/ groups and also perform appication migration.
I'm using Hyperion 11.1.3.24 on windows 2003 r2.
Any help is appreciated. Thanks.
Regardsvs wrote:
John,
I tried the refresh button and nothing appears. I have created a group and gave it filter access. Now I'm trying to attach that filter to the group.
Appreciate your help.Can we replace backup .sec file for shared services?
For example: In planning if the .sec file corrupted then we replaced with old .sec file...rite...the same way can we do it in shared services?
I know if we replace the old sec in planning...it will take old securities only...
Edited by: Prabhas on Feb 12, 2013 9:27 PM -
Problem with shared services,, cannot load "assign access control"
i m using 11.1.1.3 version of EPM.
I have configured Essbase with Shared Services.
When I do right click on application on shared services and select "Assign Access Control" , it gives "loading.." .it remains same for hours..
I re configured essbase ,, but problem remained same...
Could you please suggest what I can do assign filters to users.Have you given maxl a try:
grant filter appname.dbname.filtername to user;
Cheers
John
http://john-goodwin.blogspot.com/ -
I've received an email from Windows Azure Team ([email protected]) with the above title. It suggests
I
We are writing to inform you that certificates or keys related to one or more of your Namespaces are about to expire between July 8, 2012-November 8, 2012.
Please find below the list of your Namespaces that need Certificate or Key rollover:
fiftyeggs-cache
These namespaces can be viewed by signing in to your Windows
Azure portal subscription. After you have signed in you are redirected to the Management Portal page. On the lower left-hand side of this page, click Service Bus, Access Control & Caching. To see
the registered namespaces under your subscription, under Services click Access Control/Service Bus/Caching.
However, this is a cache-namespace which appears to be a Managed Namespace
http://msdn.microsoft.com/en-us/library/gg185943.aspx and I don't believe there is any way of managing keys. Can anyone help or point me to the relevant article. I don't want the cache keys to expire (the site will die) but there doesn't appear to
be any actions for me to take.Did you add a X509/Symmetric Key/Password based "Service Identities" (Re Carson Wa above). If not, my year
is up on the 27th so I'll schedule for random failures! That will not keep my clients happy.
Can you keep us informed of the progress of your ticket here please :-)
I got an email from MS yesterday...
We inadvertently sent an email message to you between June 12 and June 18, 2012, that
described updating expiring certificates and keys in the Access Control Service (ACS) namespaces used by your Service Bus or Cache namespaces. The message referred to the following namespaces:
fiftyeggs-cache
The message was sent in error, and we sincerely apologize. No action is required.
Did you get that?
Andrew -
Hi,
I know that you can use the keywords private and protected for methods and variables, but can you also use these keywords at the class level? I understand that the public modifier enables a class to be accessed outside of its package, and that if no modifier is used, then the class can be accessed by any class within the same package. But what would the private and protected keywords mean at the class level?
Thx.I know that you can use the keywords private and
protected for methods and variables, but can you also
use these keywords at the class level? I understand
that the public modifier enables a class to be
accessed outside of its package, and that if no
modifier is used, then the class can be accessed by
any class within the same package. But what would the
private and protected keywords mean at the class
level?They cause a compile-time error.
It's can be explained.
private modifer forbid(? a don't know how to translate :) ) access to class, why you must need class that you can't access?
protected modifer used when you inheritr something/ but tou newer inherite class. You inherit it'as member.
It was simple question :) -
How to control class file access
Hi
I am developing an application in java. I am keeping only one class where the user has to enter valid password. different classes are called later as soon as the user run the application. I guss, any one can access other class even those has not main class by way of writing a new class having main method and calling all other class from that class. Will any one suggest how do I protect it?
Thanks in advancepackage mypackage;
public class myEntryClass { // public as this class is the only one that is to be used by others
private boolean isLoggedIn; // no one can change this value except myEntryClass
public myEntryClass() {
public final void login(String user, String password) { //anyone can attempt to login - the mehod may not be overridden however by subclasses as it is final
if ( /* check if username and password is ok */ ) {
this.isLoggedIn = true;
public void callAMethod() { // anyone logged in may do so
if (this.isLoggedIn) {
AnotherClass.aMethod();
package myPackage;
class AnotherClass { // package/default visibility
static void aMethod() { // package/default visibility
// do something
Hope that helps
rh -
ADF UIX Role Based Access Control Implementation
Hi,
Can anybody suggest a detailed example or tutorials of how to implement a role based access control for my ADF UIX application.
The application users can be dymanically added to specific roles (admin, Secretary, Guest). Based on the roles, they should be allowed to access only certain links or ADF entity/view operations. Can this be implemented in a centralized way.
Can this be done using JAZN or JAAS. If so, Please provide me references to simple tutorial on how to do this.
Thanks a lot.
SathyaBrenden,
I think you are following a valid approach. The default security in J2EE and JAAS (JAZN) is to configure roles and users in either static files (jazn-data.xml) or the Oracle Internet Directory and then use either jazn admin APIs or the OID APIs to programmatically access users, groups and Permissions (your role_functions are Permissions in a JAAS context).
If you modelled your security infrastructure in OID than the database, an administrator would be able to use the Delegated Administration Service (DAS), as web based console in Oracle Application Server. To configure security this way, you would have two options:
1. Use J2EE declarative security and configure all you .do access points in web.xml and constrain it by a role name (which is a user group name in OID). The benefit of this approach is that you can get Struts actions working dirctly with it because Struts actions have a roles attribute.
The disadvantage is that you can't dynamically create new roles because they have to be mapped in web.xml
2. Use JAAS and check Permissions on individual URLs. This allows you to perform finer grained and flexible access control, but also requires changes to Struts. Unlike the approach of subclassing the DataActionForward class, I would subclass the Struts RequestProcessor and change the processRoles method to evaluate JAAS permissions.
The disadvantage of this approach is that it requires coding that should be done carefully not to lock you in to your own implementation of Struts so that you couldn't easily upgrade to newer versions.
1 - 2 have the benefit of that the policies can be used by all applications in an enterprise that use Oracle Application Server and e.g. SSO.
Your approach - as said - is valid and I think many customers will look for the database first when looking at implementing security (so would I).
Two links that you might be interested in to read are:
http://sourceforge.net/projects/jguard/ --> an open source JAAS based security framework that stores the user, roles and permissions in database tables similar to your approach
http://www.oracle.com/technology/products/jdev/collateral/papers/10g/adfstrutsj2eesec.pdf --> a whitepaper I've written about J2EE security for Web applications written with Struts and JavaServer pages. You may not be able to use all of it, but its a good source of information.
Frank -
ISG does not send Access-Request to download service definition
Hi guys,
I got these configs on my ISG and when I see the packets between AAA and ISG router, there's no access-request for downloading the service definition!
policy-map type control PPPoE_MAIN_POLICY
class type control always event session-start
10 authenticate aaa list PPPoE_AUTHE
15 authorize aaa list PPPoE_AUTHO password cisco identifier source-ip-address
20 service local
class type control always event service-start
5 collect identifier source-ip-address
10 service permit
20 service-policy type service identifier service-name
30 log-session-state
class type control always event account-logon
service-policy type control PPPoE_MAIN_POLICY
And here's the picture of Access-Accept with bunch of specified not-cached services
Any idea I appreciate it in advance.Hi,
Could you share your full config? It would be good to check your AAA config since that will influence how service profiles are downloaded.
Also, could you briefly explain the goal of your config? Do you simply want to apply services "SRV_INTERNET_PRIMARY" and "SR_INTERNET_128K_5G" via autosevice?
Regards
Maybe you are looking for
-
Are you using After Effects and are looking for plug-ins?
AV3software.com has all the plug-ing you are looking for, all centralized in one website all available via download at a very attractive price. Check it out www.av3software.com
-
While doing consignment issue..
Dear All, Anyone can tell me when i am doing consignment issue the picking tab is in display mode(Greyed Out). By which so..
-
How to solve environment change
Hi,I have one question that is if I changed my environment from develop environment to test environment and then to product environment, how can I maintain my source code? Example: I have 5 services as BPEL parterlink, all of them in one mechine, one
-
Precalculation Server for Information Broadcasting
Hi Folks, Do we need Precalculation server to use Information Broadcasting in BW7.0? I am especially interested in using the Filling OLAP Cache functionality in Information Broadcasting to fill OLAP cache for one workbook. Need your help on this. Reg
-
Hi, We didn't implement hire act in the system and we are planning to print exempt wages for hire act in W2; Since we didn't implement hire act in system what i'm planning to do is manual entries in PU19 or create new wagetype and run 221 adjustment