Access Control for SunOne Web Server 6.0.5 vs. 6.0.4
This question is about bypassing an appserver by specifying an alias without the appserver vitual host so as to download a class or jar file. With only the default ACL on the 6.0.4 version of the Sunone web server I found that .class and .jar files were not downloadable. However, on version 6.0.5 they are. For example, the URL:
https://myhost/appserv/alias/path/file.jsp
would return the html resulting from that file.jsp file being processed by my application server. But by contrast, the URL:
https://myhost/alias/path/file.jsp
will prompt the user as to where they want to save the file. Specifying the alias immediately after the hostname (omitting appserv) will allow free access to any files under that aliases target directory. This is a problem especially for .class and .jar files which contain server side programs. I have created an ACL as described in the administrators guide and this does solve the problem (thank goodness for that). My question is, why didn't I experience this problem before?
To Disable directory listing : http://www.sun.com/bigadmin/features/hub_techtips/dir_list_web_srvr.jsp
Similar Messages
-
Issue while enabling Access Control for a Coherence server node
Hi
Im trying to enable access control for a Coherence server node, using the default Keystore login method shipped with Coherence. When i start the server i get the error "java.security.AccessControlException: Unsufficient rights to perform the operation". Please see below for the sequence of steps I've followed to enable access control. I just need to be enable Authentication (not authorization) at this stage
1. I have added the following entry in the Coherence Operational override file
<security-config>
<enabled system-property="tangosol.coherence.security">true</enabled>
<login-module-name>Coherence</login-module-name>
<access-controller>
<class-name>com.tangosol.net.security.DefaultController</class-name>
<init-params>
<init-param id="1">
<param-type>java.io.File</param-type>
<param-value>keystore.jks</param-value>
</init-param>
<init-param id="2">
<param-type>java.io.File</param-type>
<param-value>permissions.xml</param-value>
</init-param>
</init-params>
</access-controller>
<callback-handler>
<class-name>com.sun.security.auth.callback.TextCallbackHandler</class-name>
</callback-handler>
</security-config>
2. The following is the entry in the Permissions.xml
<?xml version='1.0'?>
<permissions>
<grant>
<principal>
<class>javax.security.auth.x500.X500Principal</class>
<name>CN=admin,OU=Coherence,O=Oracle,C=US</name>
</principal>
<permission>
<target>*</target>
<action>all</action>
</permission>
</grant>
</permissions>
3. The following is the content of the Login configuration file "Coherence_Login.conf"
Coherence {
com.tangosol.security.KeystoreLogin required
keyStorePath="keystore.jks";
4. The following is the command line tag for starting the server
java -server -showversion -Djava.security.auth.login.config=Coherence_Login.conf -Xms%memory% -Xmx%memory% -Dtangosol.coherence.cacheconfig=PROXY-cache-config.xml -Dtangosol.coherence.override=FOL-coherence-override.xml -Dcom.sun.management.jmxremote.port=6789 -Dcom.sun.management.jmxremote.authenticate=false -Dtangosol.coherence.security=true -cp "%coherence_home%\lib\coherence.jar" com.tangosol.net.DefaultCacheServer %1
Following is the output on the Console when running the command. It asks for a username and password for the JKS store (If i provide the wrong password, it gives a different error, which shows that it is able to authenticate aganst the Keystore). After i put in the password, it throws the error as shown below "java.security.AccessControlException: Unsufficient rights to perform the operation"
D:\Coherence\FOL_CacheServer>fol-cache-server
java version "1.6.0_20"
Java(TM) SE Runtime Environment (build 1.6.0_20-b02)
Java HotSpot(TM) 64-Bit Server VM (build 16.3-b01, mixed mode)
Username:admin
Password:
Exception in thread "main" java.security.AccessControlException: Unsufficient ri
ghts to perform the operation
at com.tangosol.net.security.DefaultController.checkPermission(DefaultCo
ntroller.java:153)
at com.tangosol.coherence.component.net.security.Standard.checkPermissio
n(Standard.CDB:32)
at com.tangosol.coherence.component.net.Security.checkPermission(Securit
y.CDB:11)
at com.tangosol.coherence.component.util.SafeCluster.ensureService(SafeC
luster.CDB:6)
at com.tangosol.coherence.component.net.management.Connector.startServic
e(Connector.CDB:20)
at com.tangosol.coherence.component.net.management.gateway.Remote.regist
erLocalModel(Remote.CDB:10)
at com.tangosol.coherence.component.net.management.gateway.Local.registe
rLocalModel(Local.CDB:10)
at com.tangosol.coherence.component.net.management.Gateway.register(Gate
way.CDB:6)
at com.tangosol.coherence.component.util.SafeCluster.ensureRunningCluste
r(SafeCluster.CDB:46)
at com.tangosol.coherence.component.util.SafeCluster.start(SafeCluster.C
DB:2)
at com.tangosol.net.CacheFactory.ensureCluster(CacheFactory.java:998)
at com.tangosol.net.DefaultConfigurableCacheFactory.ensureServiceInterna
l(DefaultConfigurableCacheFactory.java:923)
at com.tangosol.net.DefaultConfigurableCacheFactory.ensureService(Defaul
tConfigurableCacheFactory.java:892)
at com.tangosol.net.DefaultCacheServer.startServices(DefaultCacheServer.
java:81)
at com.tangosol.net.DefaultCacheServer.intialStartServices(DefaultCacheS
erver.java:250)
at com.tangosol.net.DefaultCacheServer.startAndMonitor(DefaultCacheServe
r.java:55)
at com.tangosol.net.DefaultCacheServer.main(DefaultCacheServer.java:197)Did you create the weblogic domain with the Oracle Webcenter Spaces option selected? This should install the relevant libraries into the domain that you will need to deploy your application. My experience is based off WC 11.1.1.0. If you haven't, you can extend your domain by re-running the Domain Config Wizard again (WLS_HOME/common/bin/config.sh)
Cappa -
Problem running WebLogic as plugin for SunOne web server on Solaris
I tried to set up WebLogic (8.1) as plugin for SunONE (iPlanet) web server. I followed instraction from http://e-docs.bea.com/wls/docs81/plugins/nsapi.html#110496. SunONE server start up successfully. But I have problem to connect my web application, and SunONE web server returns following error:
"for host 172.23.54.5 trying to GET /arsys/home, wl-proxy reports: Neither 'WebLogicCluster' nor 'WebLogicHost' specified in parameters"
I tried both SunOne (6.1 sp3) and iPlanet (6.0), I saw same problem.
Can anyone help me on this?
Thanks
CharlieTo configure sunone to work with WLS, you need to make entires in the magnus.conf and the obj.conf.From the error, it seems as if u missed the entries in the obj.conf.
-
Settings for SunOne Web Server 6.1
I need to verify certain settings for an audit and am uncertain where to find the following items:
1. Disabling of Client Side Debugging
2. Disabling of Directory Browsing
3. Are server configured to not reveal internal system error messages
4. Are custom error pages used to handle errors
5. After what period of inactivity are HTTP sessions configured to expire
6. Are content permissions set to the least privilege
7. All unnecessary script processor mappings are disabled.
Any and all help would be greatly apprciated as my web admin is out of town.
Thank youTo Disable directory listing : http://www.sun.com/bigadmin/features/hub_techtips/dir_list_web_srvr.jsp
-
Does URL Policy Agent of SunONE Web Server 6.1 works with Identity Server 6
Hi,
I'm using URL Policy Agent of SunONE Web Server 6.1, and using Identity Server 6.1 to configure policy to access web resource such as http://myweb.org.cn/test/*
After configyration, I try to access the resources http://myweb.org.cn/test/test.html
The redirection is ok, the IS login appear, but after login successfully, it still tell me that I don't have permission to view this web page.
Is this because of URL policy agent don't support IS 6.1?
Many thanks,Can anybody help me with the steps to generate core for this issue.. I followed the steps as said in http://blogs.sun.com/meena/entry/troubleshooting_server_crashes_enabling_core but I don't see any core generated when server crashes..
Setup Info:
- OS is RHEL 4.0
- Sun ONE Web Server 6.1SP7
- Policy Agent 2.2 -
SunOne Web Server (JSP & class)
I have tried to read the documentation but I am just not getting it. I have 2 files myjsp.jsp and mybean.class that I would like SunOne Web Server to display my jsp using the javabean. Where do I put the files? (I have seen all kinds of things on deploying a WAR file etc. I just want to place these two files on the web server and go.)
I have my jsp located at c:\iPlanet\Servers\docs\webdev and my class file located at[b] c:\iPlanet\Servers\docs\webdev\web-inf\classes. What do I need to tell the server how to load the javabean?Hi, elving
This is good information. Thanks very much.
Actually, I am not using SSL, just plain http connection with basic auth. It might be the cache-control header that causes the head ache. 6.0 response does not have the cache-control header, but 6.1 has.
The interesting thing is that adding a servlet mapping on 6.1 solves the problem.
I will take a further look tomorrow.
Cheers,
Harry
I doubt the problem has to do with the Content-Length
header.
I'd guess that you're using SSL. Are you? If so,
you're almost certainly bumping into a known bug (or,
as Microsoft describes it, a "feature") in Internet
Explorer. Microsoft article KB316431 at
http://support.microsoft.com/default.aspx?scid=316431h
as some information on the problem. As the article
points out, the problem occurs when Internet Explorer
needs to invoke an external application to handle a
file that was served over SSL with Cache-Control:
no-cache and/or Pragma: no-cache headers.
A work around would be force Web Server to send
Cache-Control and Pragma headers that don't include
the no-cache directive. For example, the following
lines could be added to the obj.conf configuration
file:<Object ppath="*.jnlp">
Output fn="set-variable" set-srvhdrs="Cache-Control:
private"
Output fn="set-variable" set-srvhdrs="Pragma:
private"
</Object>Fortunately, it sounds like you've already
found another viable work around. -
Memory leak on SunOne Web Server 6.1 on application reload
Hi!
I am pretty sure that i have found a memory management problem in
SunOne Web Server 6.1 .
It started with an OutOfMemory error we got under heavy load . After
some profiling with Jprofiler i didn't find any memory leaks in the
application.Even under heavy load (generated by myself) i can't find
anything ,more, i can't reproduce the error! The memory usage is
about 20Mb and does not go up .
However it is pretty simple to see the following behavior:
[1] Restart the server (to have a clear picture) and wait a little for
memory usage to stabilize.
[2] In the application dir. touch .reload or one of the classes:
The memory usage goes up by another 50Mb (huge amount of mem. taking
into account the fact that it used only 20Mb under any load befor).
Do this another time and another 20Mb gone etc..
The JProfiler marks the memory used by classes . And it can be
clearly seen the GC can't release most of it.
I AM sure this is not the application that takes all the memory.
Another hint : after making the server to reload application i can see
that the number of threads ON EVERY RELOAD is going up by ~10-20
threads .The # of threads goes lower over time but not the mem usage.
My system:
Sparc Solaris 9 ,Java 1.4.2_04-b05, Sun ONE Web Server 6.1SP5
Evgenymy guess is that - because of '.reload' , web container tries to
recompile all the classes that you use within your web application and
hence the memory growth is spiking up.What do you mean by "tries to recompile"?The classes in
Web-inf are already compiled! And i have only ~5 jsp's .
(the most part of the applic. is a complicated business logic)
If you are talking about reloading them ,yes,that's the purpose of .reload,
isn't it? :).But it seems that container uses the memory for it's own
classes: the usage of memory for my classes don't really grow
that much (if at all) after reload (according to profiler)
Also the real problem is that the memory usage grows to much for
too long (neither seen it going down) and thus ends with OutOfMemory.
if you are seeing the memory growth to be flat in stress environment,
then I am not sure that why do you think that there is a memory leak ?There is no memory leak in stress environment.
There is memory leak while reloading the application.
It is a memory hog for sure (~20-30Mb for every reload).
Memory leak?It seems that way because i can't see memory usage go
down and after a lot of reloads OutOfMemory is thrown.
also, what is jvm heap that you use ? did you try jvm tune options like -
XX:+AggressiveHeap ?256Mb.I can set it bigger ,but how do i know that it will not just delay
the problem ?
Thanks for response.
Evgeny -
Specification for the Web server
Hi All,
We have BW3.5.
Presently web server is running in the production box itself.
We are planning for a separate box for the Web server.
Please give me the tips for the hardware config for the Webserver.
Thanks
BillyHi,
1) Currently there is no WSRP or JSR support
but this will be soon "standard" for all portals!
2) Device detection is available. Mobile Access pack will
be available soon. (It is available now for portal 3.0)
Cheers,
Alex :-) -
Dear all,
I would like to install SunOne web server sp6 on Redhat 9.0 for evaluation.
I set some parameters as following.
* make libncurses.so.4 link file
* set LD_ASSUME_KERNEL=2.4.1
* change name from netscape to mozilla in startconsole.
* set firewall to pass port 80, etc
When I touch ./startconsole, admin server is displayed and I touch ID and password.
But browser display "The administration server was unable to fulfill your request."
If I install Sunone web server 6.1, I don't see this message and I can turn web service on.
If there is more set information on RH9.0, please give me advices.
Regards,
Masaaki KatoWS6.0 and 6.1 are not certified to run on RH9. They may behave in unexpected ways if you run them in that environment.
If you must run on RH9, I recommend that you only test/use WS6.1. -
Selective Cache-control in the web server
I am using weblogic 8.1 as the app server and Sun one 6.1 as the web server
In my obj.conf of the web server we have this
PathCheck fn="set-cache-control" control="private"
This caches all the pages.
But I don't want some pages to be cached in our site.
For this, I tried setting "no-cache" for the "Cache-control " of the response hedear, in corresponding jsps. But the webserver configuration is overriding this.
This configuration set in the webserver should be applicable for all the modules except for some urls .
can anybody tell me how to make this selective cache-control configuration in the obj.conf of sun one web server.
or if there is any way to prevent the set up in jsp from being overridden this webserver ?
Also it would be great if anybody can explain, what are the services handled by the web server and the the app-server and how they interact with each other....It's unfortunate that JSPs running in WebLogic can't override the default Cache-Control directives in Web Server. That's probably a bug in the WebLogic plugin. (It is possible for JSPs running directly on Web Server to override the default Cache-Control directives.)
As with any obj.conf directive, you can configure Cache-Control directives on a path-by-path basis. For example, the following would set Cache-Control: no-cache for /foo/*.jsp and Cache-Control: private for all other URIs:<Object ppath="/foo/*.jsp">
PathCheck fn="set-cache-control" control="no-cache"
</Object>
<Object name="default">
PathCheck fn="set-cache-control" control="private"
</Object>Information on obj.conf syntax, including how to configure separate objects for separate paths, can be found in the Syntax and use of obj.conf chapter of the NSAPI Programmer's Guide at http://docs.sun.com/source/817-6252/npgobjcn.html.
I'm not sure what you mean by "what are the services handled by the web server and the the app-server and how they interact with each other". However, it's worth noting that Sun ONE Web Server 6.1 is fully capable of running JSPs by itself; there's no need for a separate WebLogic server. -
Financial Reporting - PDF has not been configured for this web server.
When I try a Print Preview of my report, I received this error "PDF has not been configured for this web server".
As far as I know, this error is confusing because when I look on my log files I found this:
--- FRLogging.log ---
[APP: FINANCIALREPORTING#11.1.2.0] The system cannot access the Print Server at this time. Try again later or confirm the print server name.
[APP: FINANCIALREPORTING#11.1.2.0] Cannot connect to server on xxxHFRCE04.cf.gouv.qc.ca
[APP: FINANCIALREPORTING#11.1.2.0] Attempt to get an undefined configuration property
--- FRPrintLogging.log ---
HyperionReportException: Could not connect to the server.Please make sure that the server is running as specified in the logon dialog (including port number if not default).
I read a lot of document but it seem to be au communication issues!!!
Can someone help me with that.I believe the supported version for ghost script is 7.0.6; I had the same problem and after installing the lower version it worked like a charm.
If you cant find the older version let me know, I'll email it to you or place it in my website. -
Remoted control a Struts web server
Not sure where is the correct forum for this question.
Can URL or URLConnection class remoted control a Struts web server?
If a user input "http://localhost:8080/project/computation.do?para=3" in the browser, then press "Enter" key on the keyboard, the Struts application will perform a series of computation.
Now I am implement an stand-alone application on the client side to give Web Server the instrution to perform the same computation. I donot want to fetch any page from the server.
URL url = new URL("http://localhost:8080/project/computation.do");
URLConnection con = url.openConnection();
con.setDoOutput(true);
OutputStreamWriter wr = new OutputStreamWriter(con.getOutputStream());
String data = URLEncoder.encode("para", "UTF-8") + "=" + URLEncoder.encode("3", "UTF-8");
wr.write(data);
wr.flush();
con.coneect();
The Server didnot do anything after running this piece of code.
Can anyone help, thanks very much.Sorry, please ignore my message,
the code is correct. There is a spelling error in the server code. -
How do I set up timed access control for a time past midnight
I would like to set up timed access control for a number of my devices that would stretch past midnight... An open network from 6AM to 2AM - effectively only blocking access from 2AM tp 6AM in the morning....
Any notion on how to do this? the timed factily does not like the setting to enable 6A to 2A, says the times are invalid.
Setting up timed access from 6AM to 11:59P, then doing another from 12A to 2A causes a service "hiccup" of 1 Minute.Set up each device as follows:
Everyday........Between.......6:00 AM and 11:59 PM
Add a second rule for each device that will state....
Everyday.....Between.......12:00 AM and 2:00 AM
You might think that there would be a one minute break between 11:59 PM and 12:00 AM, but that will not be the case, at least on every AirPort that I have ever programmed.. Reason.....11:59 is really 11:59:59:59 turning off at 12:00 AM. But, you have a second rule to allow access at 12:00 AM, so the AirPort will be "on" at the same time the first rule ends, so there will be no break.
If you really want the second rule to turn the AirPort "off" at 2:00 AM.......then set that time for 1:59 AM. If you set the rule for 2:00 AM, then AirPort will really turn off at 2:01 AM. -
Unable to access Workspace through Apache web server
Hi,
I have configured Hyperion 9.3.1. products in windows.
I am getting the following error message when trying to access Workspace through Apache web server(port 19000). But, able to access through Weblogic Application server(port 45000).
please assist me in resolving this issue.
Internal Server Error
The server encountered an internal error or misconfiguration and was unable to complete your request.
Please contact the server administrator, [email protected] and inform them of the time the error occurred, and anything you might have done that may have caused the error.
More information about this error may be available in the server error log.
Apache/2.0.63 (Win32) mod_jk/1.2.8 Server at nasbydapp04 Port 19000
Thanks,
SivaI re-configured the BIPlus components and even now, i am unable to access workspace through Apache web server.
But now, i am getting a different error
Error:
HTTP 404 - File not found
Internet Explorer
Can anyone help me in resolving this issue.
I have updated httpd.conf and HYSL-Weblogic.conf file in Apache server. -
I am using a window 7 professional service pack 1 and I purchase REMOTE DESKTOP SERVICES CLIENT ACCESS LICENSES FOR MICROSOFT WINDOWS SERVER 2012 STANDARD AND DATACENTER. but the seller did not send me any installation CD or instruction
on how to use it.
Please how can I use it on my window 7 professional service pack 1.
Thank you.Though Bill is absolutely correct for most CALs, Remote Desktop Services does have its own special licensing server. I haven't installed one on 2012, yet, but here is a step-by-step guide for 2008.
http://technet.microsoft.com/en-us/library/dd983943(v=ws.10).aspx
Here is a lab guide for 2012 -
http://technet.microsoft.com/en-us/library/jj134160.aspx
But, the explanation of your environment begs the question - what are you trying to do? You say you have a desktop OS and you are talking about Windows Server products. In that light, your question does not make a lot of sense.
. : | : . : | : . tim
Maybe you are looking for
-
Creation of Product in MDM version 3.0
Hi All , Its Raja Singh presently working on SAP-MDM version 3.0. We have a client who wants to replace their master data system to SAP-MDM prefebly. In view of this i wanted to show them how a Proudct/Business partner will be created in SAP MDM. AS
-
Dear Experts, Client system is already having some materials.From these 100 materials ,we would block the 99 materials and the rest material(say X) will be managed in batches.To do this I have thought in the following way: 1.Posting stock to the the
-
Which SAP tables does CM read to update data
Hi Please can someone tell me which SAP tables in FI, MM and SD that SAP Cash Management (CM) selctes data from when updating FSCM-CM. In other words, if I delete CM data and then recreate it using programs RFFDDL00 (delete) and RFFDKU00 / RFFUEB00
-
hi all, what is a JCo destination, what is its function exactly? what is Model data and MetaData which are given while creating a Model in WebDynPro i.e importing a function module? any links for understanding adaptive RFC model will be helpful. Rega
-
At least I don't think it is. I can't edit the pdf-viewer, can't use the customize auctex menu, etc. Here's my .emacs file: (custom-set-variables ;; custom-set-variables was added by Custom. ;; If you edit it by hand, you could mess it up, so be care