Access Control for SunOne Web Server 6.0.5 vs. 6.0.4

Similar Messages

• Issue while enabling Access Control for a Coherence server node

  Hi
  Im trying to enable access control for a Coherence server node, using the default Keystore login method shipped with Coherence. When i start the server i get the error "java.security.AccessControlException: Unsufficient rights to perform the operation". Please see below for the sequence of steps I've followed to enable access control. I just need to be enable Authentication (not authorization) at this stage
  1. I have added the following entry in the Coherence Operational override file
  <security-config>
            <enabled system-property="tangosol.coherence.security">true</enabled>
            <login-module-name>Coherence</login-module-name>
            <access-controller>
                 <class-name>com.tangosol.net.security.DefaultController</class-name>
                 <init-params>
                      <init-param id="1">
                           <param-type>java.io.File</param-type>
                           <param-value>keystore.jks</param-value>
                      </init-param>
                      <init-param id="2">
                           <param-type>java.io.File</param-type>
                           <param-value>permissions.xml</param-value>
                      </init-param>
                 </init-params>
            </access-controller>
            <callback-handler>
                 <class-name>com.sun.security.auth.callback.TextCallbackHandler</class-name>
            </callback-handler>
       </security-config>
  2. The following is the entry in the Permissions.xml
  <?xml version='1.0'?>
  <permissions>
  <grant>
  <principal>
  <class>javax.security.auth.x500.X500Principal</class>
  <name>CN=admin,OU=Coherence,O=Oracle,C=US</name>
  </principal>
  <permission>
  <target>*</target>
  <action>all</action>
  </permission>
  </grant>
  </permissions>
  3. The following is the content of the Login configuration file "Coherence_Login.conf"
  Coherence {
  com.tangosol.security.KeystoreLogin required
  keyStorePath="keystore.jks";
  4. The following is the command line tag for starting the server
  java -server -showversion -Djava.security.auth.login.config=Coherence_Login.conf -Xms%memory% -Xmx%memory% -Dtangosol.coherence.cacheconfig=PROXY-cache-config.xml -Dtangosol.coherence.override=FOL-coherence-override.xml -Dcom.sun.management.jmxremote.port=6789 -Dcom.sun.management.jmxremote.authenticate=false -Dtangosol.coherence.security=true -cp "%coherence_home%\lib\coherence.jar" com.tangosol.net.DefaultCacheServer %1
  Following is the output on the Console when running the command. It asks for a username and password for the JKS store (If i provide the wrong password, it gives a different error, which shows that it is able to authenticate aganst the Keystore). After i put in the password, it throws the error as shown below "java.security.AccessControlException: Unsufficient rights to perform the operation"
  D:\Coherence\FOL_CacheServer>fol-cache-server
  java version "1.6.0_20"
  Java(TM) SE Runtime Environment (build 1.6.0_20-b02)
  Java HotSpot(TM) 64-Bit Server VM (build 16.3-b01, mixed mode)
  Username:admin
  Password:
  Exception in thread "main" java.security.AccessControlException: Unsufficient ri
  ghts to perform the operation
  at com.tangosol.net.security.DefaultController.checkPermission(DefaultCo
  ntroller.java:153)
  at com.tangosol.coherence.component.net.security.Standard.checkPermissio
  n(Standard.CDB:32)
  at com.tangosol.coherence.component.net.Security.checkPermission(Securit
  y.CDB:11)
  at com.tangosol.coherence.component.util.SafeCluster.ensureService(SafeC
  luster.CDB:6)
  at com.tangosol.coherence.component.net.management.Connector.startServic
  e(Connector.CDB:20)
  at com.tangosol.coherence.component.net.management.gateway.Remote.regist
  erLocalModel(Remote.CDB:10)
  at com.tangosol.coherence.component.net.management.gateway.Local.registe
  rLocalModel(Local.CDB:10)
  at com.tangosol.coherence.component.net.management.Gateway.register(Gate
  way.CDB:6)
  at com.tangosol.coherence.component.util.SafeCluster.ensureRunningCluste
  r(SafeCluster.CDB:46)
  at com.tangosol.coherence.component.util.SafeCluster.start(SafeCluster.C
  DB:2)
  at com.tangosol.net.CacheFactory.ensureCluster(CacheFactory.java:998)
  at com.tangosol.net.DefaultConfigurableCacheFactory.ensureServiceInterna
  l(DefaultConfigurableCacheFactory.java:923)
  at com.tangosol.net.DefaultConfigurableCacheFactory.ensureService(Defaul
  tConfigurableCacheFactory.java:892)
  at com.tangosol.net.DefaultCacheServer.startServices(DefaultCacheServer.
  java:81)
  at com.tangosol.net.DefaultCacheServer.intialStartServices(DefaultCacheS
  erver.java:250)
  at com.tangosol.net.DefaultCacheServer.startAndMonitor(DefaultCacheServe
  r.java:55)
  at com.tangosol.net.DefaultCacheServer.main(DefaultCacheServer.java:197)

  Did you create the weblogic domain with the Oracle Webcenter Spaces option selected? This should install the relevant libraries into the domain that you will need to deploy your application. My experience is based off WC 11.1.1.0. If you haven't, you can extend your domain by re-running the Domain Config Wizard again (WLS_HOME/common/bin/config.sh)
  Cappa

• Problem running WebLogic as plugin for SunOne web server on Solaris

  I tried to set up WebLogic (8.1) as plugin for SunONE (iPlanet) web server. I followed instraction from http://e-docs.bea.com/wls/docs81/plugins/nsapi.html#110496. SunONE server start up successfully. But I have problem to connect my web application, and SunONE web server returns following error:
  "for host 172.23.54.5 trying to GET /arsys/home, wl-proxy reports: Neither 'WebLogicCluster' nor 'WebLogicHost' specified in parameters"
  I tried both SunOne (6.1 sp3) and iPlanet (6.0), I saw same problem.
  Can anyone help me on this?
  Thanks
  Charlie

  To configure sunone to work with WLS, you need to make entires in the magnus.conf and the obj.conf.From the error, it seems as if u missed the entries in the obj.conf.

• Settings for SunOne Web Server 6.1

  I need to verify certain settings for an audit and am uncertain where to find the following items:
  1. Disabling of Client Side Debugging
  2. Disabling of Directory Browsing
  3. Are server configured to not reveal internal system error messages
  4. Are custom error pages used to handle errors
  5. After what period of inactivity are HTTP sessions configured to expire
  6. Are content permissions set to the least privilege
  7. All unnecessary script processor mappings are disabled.
  Any and all help would be greatly apprciated as my web admin is out of town.
  Thank you

  To Disable directory listing : http://www.sun.com/bigadmin/features/hub_techtips/dir_list_web_srvr.jsp

• Does URL Policy Agent of SunONE Web Server 6.1 works with Identity Server 6

  Hi,
  I'm using URL Policy Agent of SunONE Web Server 6.1, and using Identity Server 6.1 to configure policy to access web resource such as http://myweb.org.cn/test/*
  After configyration, I try to access the resources http://myweb.org.cn/test/test.html
  The redirection is ok, the IS login appear, but after login successfully, it still tell me that I don't have permission to view this web page.
  Is this because of URL policy agent don't support IS 6.1?
  Many thanks,

  Can anybody help me with the steps to generate core for this issue.. I followed the steps as said in http://blogs.sun.com/meena/entry/troubleshooting_server_crashes_enabling_core but I don't see any core generated when server crashes..
  Setup Info:
  - OS is RHEL 4.0
  - Sun ONE Web Server 6.1SP7
  - Policy Agent 2.2

• SunOne Web Server (JSP & class)

  I have tried to read the documentation but I am just not getting it. I have 2 files myjsp.jsp and mybean.class that I would like SunOne Web Server to display my jsp using the javabean. Where do I put the files? (I have seen all kinds of things on deploying a WAR file etc. I just want to place these two files on the web server and go.)
  I have my jsp located at c:\iPlanet\Servers\docs\webdev and my class file located at[b] c:\iPlanet\Servers\docs\webdev\web-inf\classes. What do I need to tell the server how to load the javabean?

  Hi, elving
  This is good information. Thanks very much.
  Actually, I am not using SSL, just plain http connection with basic auth. It might be the cache-control header that causes the head ache. 6.0 response does not have the cache-control header, but 6.1 has.
  The interesting thing is that adding a servlet mapping on 6.1 solves the problem.
  I will take a further look tomorrow.
  Cheers,
  Harry
  I doubt the problem has to do with the Content-Length
  header.
  I'd guess that you're using SSL. Are you? If so,
  you're almost certainly bumping into a known bug (or,
  as Microsoft describes it, a "feature") in Internet
  Explorer. Microsoft article KB316431 at
  http://support.microsoft.com/default.aspx?scid=316431h
  as some information on the problem. As the article
  points out, the problem occurs when Internet Explorer
  needs to invoke an external application to handle a
  file that was served over SSL with Cache-Control:
  no-cache and/or Pragma: no-cache headers.
  A work around would be force Web Server to send
  Cache-Control and Pragma headers that don't include
  the no-cache directive. For example, the following
  lines could be added to the obj.conf configuration
  file:<Object ppath="*.jnlp">
  Output fn="set-variable" set-srvhdrs="Cache-Control:
  private"
  Output fn="set-variable" set-srvhdrs="Pragma:
  private"
  </Object>Fortunately, it sounds like you've already
  found another viable work around.

• Memory leak on SunOne Web Server 6.1 on application reload

  Hi!
  I am pretty sure that i have found a memory management problem in
  SunOne Web Server 6.1 .
  It started with an OutOfMemory error we got under heavy load . After
  some profiling with Jprofiler i didn't find any memory leaks in the
  application.Even under heavy load (generated by myself) i can't find
  anything ,more, i can't reproduce the error! The memory usage is
  about 20Mb and does not go up .
  However it is pretty simple to see the following behavior:
  [1] Restart the server (to have a clear picture) and wait a little for
  memory usage to stabilize.
  [2] In the application dir. touch .reload or one of the classes:
  The memory usage goes up by another 50Mb (huge amount of mem. taking
  into account the fact that it used only 20Mb under any load befor).
  Do this another time and another 20Mb gone etc..
  The JProfiler marks the memory used by classes . And it can be
  clearly seen the GC can't release most of it.
  I AM sure this is not the application that takes all the memory.
  Another hint : after making the server to reload application i can see
  that the number of threads ON EVERY RELOAD is going up by ~10-20
  threads .The # of threads goes lower over time but not the mem usage.
  My system:
  Sparc Solaris 9 ,Java 1.4.2_04-b05, Sun ONE Web Server 6.1SP5
  Evgeny

  my guess is that - because of '.reload' , web container tries to
  recompile all the classes that you use within your web application and
  hence the memory growth is spiking up.What do you mean by "tries to recompile"?The classes in
  Web-inf are already compiled! And i have only ~5 jsp's .
  (the most part of the applic. is a complicated business logic)
  If you are talking about reloading them ,yes,that's the purpose of .reload,
  isn't it? :).But it seems that container uses the memory for it's own
  classes: the usage of memory for my classes don't really grow
  that much (if at all) after reload (according to profiler)
  Also the real problem is that the memory usage grows to much for
  too long (neither seen it going down) and thus ends with OutOfMemory.
  if you are seeing the memory growth to be flat in stress environment,
  then I am not sure that why do you think that there is a memory leak ?There is no memory leak in stress environment.
  There is memory leak while reloading the application.
  It is a memory hog for sure (~20-30Mb for every reload).
  Memory leak?It seems that way because i can't see memory usage go
  down and after a lot of reloads OutOfMemory is thrown.
  also, what is jvm heap that you use ? did you try jvm tune options like -
  XX:+AggressiveHeap ?256Mb.I can set it bigger ,but how do i know that it will not just delay
  the problem ?
  Thanks for response.
  Evgeny

• Specification for the Web server

  Hi All,
  We have BW3.5.
  Presently web server is running in the production box itself.
  We are planning for a separate box for the Web server.
  Please give me the tips for the hardware config for the Webserver.
  Thanks
  Billy

  Hi,
  1) Currently there is no WSRP or JSR support
  but this will be soon "standard" for all portals!
  2) Device detection is available. Mobile Access pack will
  be available soon. (It is available now for portal 3.0)
  Cheers,
  Alex :-)

• SunOne web server sp6 on RH9

  Dear all,
  I would like to install SunOne web server sp6 on Redhat 9.0 for evaluation.
  I set some parameters as following.
  * make libncurses.so.4 link file
  * set LD_ASSUME_KERNEL=2.4.1
  * change name from netscape to mozilla in startconsole.
  * set firewall to pass port 80, etc
  When I touch ./startconsole, admin server is displayed and I touch ID and password.
  But browser display "The administration server was unable to fulfill your request."
  If I install Sunone web server 6.1, I don't see this message and I can turn web service on.
  If there is more set information on RH9.0, please give me advices.
  Regards,
  Masaaki Kato

  WS6.0 and 6.1 are not certified to run on RH9. They may behave in unexpected ways if you run them in that environment.
  If you must run on RH9, I recommend that you only test/use WS6.1.

• Selective Cache-control in the web server

  I am using weblogic 8.1 as the app server and Sun one 6.1 as the web server
  In my obj.conf of the web server we have this
  PathCheck fn="set-cache-control" control="private"
  This caches all the pages.
  But I don't want some pages to be cached in our site.
  For this, I tried setting "no-cache" for the "Cache-control " of the response hedear, in corresponding jsps. But the webserver configuration is overriding this.
  This configuration set in the webserver should be applicable for all the modules except for some urls .
  can anybody tell me how to make this selective cache-control configuration in the obj.conf of sun one web server.
  or if there is any way to prevent the set up in jsp from being overridden this webserver ?
  Also it would be great if anybody can explain, what are the services handled by the web server and the the app-server and how they interact with each other....

  It's unfortunate that JSPs running in WebLogic can't override the default Cache-Control directives in Web Server. That's probably a bug in the WebLogic plugin. (It is possible for JSPs running directly on Web Server to override the default Cache-Control directives.)
  As with any obj.conf directive, you can configure Cache-Control directives on a path-by-path basis. For example, the following would set Cache-Control: no-cache for /foo/*.jsp and Cache-Control: private for all other URIs:<Object ppath="/foo/*.jsp">
  PathCheck fn="set-cache-control" control="no-cache"
  </Object>
  <Object name="default">
  PathCheck fn="set-cache-control" control="private"
  </Object>Information on obj.conf syntax, including how to configure separate objects for separate paths, can be found in the Syntax and use of obj.conf chapter of the NSAPI Programmer's Guide at http://docs.sun.com/source/817-6252/npgobjcn.html.
  I'm not sure what you mean by "what are the services handled by the web server and the the app-server and how they interact with each other". However, it's worth noting that Sun ONE Web Server 6.1 is fully capable of running JSPs by itself; there's no need for a separate WebLogic server.

• Financial Reporting - PDF has not been configured for this web server.

  When I try a Print Preview of my report, I received this error "PDF has not been configured for this web server".
  As far as I know, this error is confusing because when I look on my log files I found this:
  --- FRLogging.log ---
  [APP: FINANCIALREPORTING#11.1.2.0] The system cannot access the Print Server at this time. Try again later or confirm the print server name.
  [APP: FINANCIALREPORTING#11.1.2.0] Cannot connect to server on xxxHFRCE04.cf.gouv.qc.ca
  [APP: FINANCIALREPORTING#11.1.2.0] Attempt to get an undefined configuration property
  --- FRPrintLogging.log ---
  HyperionReportException: Could not connect to the server.Please make sure that the server is running as specified in the logon dialog (including port number if not default).
  I read a lot of document but it seem to be au communication issues!!!
  Can someone help me with that.

  I believe the supported version for ghost script is 7.0.6; I had the same problem and after installing the lower version it worked like a charm.
  If you cant find the older version let me know, I'll email it to you or place it in my website.

• Remoted control a Struts web server

  Not sure where is the correct forum for this question.
  Can URL or URLConnection class remoted control a Struts web server?
  If a user input "http://localhost:8080/project/computation.do?para=3" in the browser, then press "Enter" key on the keyboard, the Struts application will perform a series of computation.
  Now I am implement an stand-alone application on the client side to give Web Server the instrution to perform the same computation. I donot want to fetch any page from the server.
  URL url = new URL("http://localhost:8080/project/computation.do");
  URLConnection con = url.openConnection();
  con.setDoOutput(true);
  OutputStreamWriter wr = new OutputStreamWriter(con.getOutputStream());
  String data = URLEncoder.encode("para", "UTF-8") + "=" + URLEncoder.encode("3", "UTF-8");
  wr.write(data);
  wr.flush();
  con.coneect();
  The Server didnot do anything after running this piece of code.
  Can anyone help, thanks very much.

  Sorry, please ignore my message,
  the code is correct. There is a spelling error in the server code.

• How do I set up timed access control for a time past midnight

  I would like to set up timed access control for a number of my devices that would stretch past midnight...   An open network from 6AM to 2AM - effectively only blocking access from 2AM tp 6AM in the morning....
  Any notion on how to do this?  the timed factily does not like the setting to enable 6A to 2A, says the times are invalid. 
  Setting up timed access from 6AM to 11:59P, then doing another from 12A to 2A causes a service "hiccup" of 1 Minute.

  Set up each device as follows:
  Everyday........Between.......6:00 AM and 11:59 PM
  Add a second rule for each device that will state....
  Everyday.....Between.......12:00 AM and 2:00 AM
  You might think that there would be a one minute break between 11:59 PM and 12:00 AM, but that will not be the case, at least on every AirPort that I have ever programmed..  Reason.....11:59 is really 11:59:59:59 turning off at 12:00 AM.  But, you have a second rule to allow access at 12:00 AM, so the AirPort will be "on" at the same time the first rule ends, so there will be no break.
  If you really want the second rule to turn the AirPort "off" at 2:00 AM.......then set that time for 1:59 AM. If you set the rule for 2:00 AM, then AirPort will really turn off at 2:01 AM.

• Unable to access Workspace through Apache web server

  Hi,
  I have configured Hyperion 9.3.1. products in windows.
  I am getting the following error message when trying to access Workspace through Apache web server(port 19000). But, able to access through Weblogic Application server(port 45000).
  please assist me in resolving this issue.
  Internal Server Error
  The server encountered an internal error or misconfiguration and was unable to complete your request.
  Please contact the server administrator, [email protected] and inform them of the time the error occurred, and anything you might have done that may have caused the error.
  More information about this error may be available in the server error log.
  Apache/2.0.63 (Win32) mod_jk/1.2.8 Server at nasbydapp04 Port 19000
  Thanks,
  Siva

  I re-configured the BIPlus components and even now, i am unable to access workspace through Apache web server.
  But now, i am getting a different error
  Error:
  HTTP 404 - File not found
  Internet Explorer
  Can anyone help me in resolving this issue.
  I have updated httpd.conf and HYSL-Weblogic.conf file in Apache server.

• REMOTE DESKTOP SERVICES CLIENT ACCESS LICENSES FOR MICROSOFT WINDOWS SERVER 2012 STANDARD AND DATACENTER

  I am using a window 7 professional  service pack 1 and I purchase REMOTE DESKTOP SERVICES CLIENT ACCESS LICENSES FOR MICROSOFT WINDOWS SERVER 2012 STANDARD AND DATACENTER. but  the seller did not send me any installation CD or instruction
  on how to use it.
   Please how can I use it on my window 7 professional  service pack 1.
  Thank you.

  Though Bill is absolutely correct for most CALs, Remote Desktop Services does have its own special licensing server.  I haven't installed one on 2012, yet, but here is a step-by-step guide for 2008. 
  http://technet.microsoft.com/en-us/library/dd983943(v=ws.10).aspx
  Here is a lab guide for 2012 -
  http://technet.microsoft.com/en-us/library/jj134160.aspx
  But, the explanation of your environment begs the question - what are you trying to do?  You say you have a desktop OS and you are talking about Windows Server products.  In that light, your question does not make a lot of sense.
  . : | : . : | : . tim