An access control proxy in front of my JSP pages
Hi All,
I want to protect the access to my jsp pages. If for example the user types in his browser www.abc.com/page1.jsp, I want to capture that request and pass it to an access control engine. If the user is authorized then he should get that page if not he should be directed to another page.
any answers will be appreciated ... I'm using tomcat 5.5.
For example the user types in his browser www.abc.com/page1.jsp, I want to capture that request and pass it to an access control engine. If the user is authorized then he should get that page if not he should be directed to another page.
Focus a bit on your design: Ask yourself how will the whole world accessing the page can be identified?
It is via machine to machine authentication and handshake or user authentication and authorisation?
Machine to machine will happen on a VPN infrastracture where specified connections are directed to a host port else the other, or user authentication and authorisation where user login to determine which bit of yourr page he has access to, then using MVC framework you can say hang-on! base on your credential you're authorised to use this page instead.
Note if no one is identifying him/herself on your system before having access to the required resource then your design aim sounds excuse me to say abit difficult to achieve. Again from the look at things you're trying to achieve this using acccess router, please if that is the case then think otherwise because it is not possible,
Edited by: bidox on Mar 29, 2008 9:25 AM
Similar Messages
-
How can I access xml document from javascript whithin a JSP page
how can I access xml document from javascript whithin a JSP page?
I have a JSP that receives an XML document from a JavaBean, so I can access it within the entire JSP, but I need to access it from the javascript inside the JSP... and I have no idea how i can do this.
Thanks in advance!The solution would only work on MS IE browsers, as other browsers do not support an XML DOM.
It can be done, but you would be stuck with using the Microsoft broswer. If that is acceptable, I have some example code, and a book recommendation. -
Accessing a java class method from the jsp page.
Hi im a beginner with jsp and im trying to find a way to access a method of my java class file in jsp page. After searching through the forums i tried to use the usebean tag. Im using apache to host the jsp file.Below is an excerpt of my code and the error message i got. What am i doing wrong? anyone know?
<%@ page language="java" %>
<jsp:useBean id="movies" class="movie.Movie" />
<jsp:setProperty name="movies" property="*"/>
<%
movies.getStart("file:///C:/Video/Applications2/sun.mpg");
response.setContentType("text/xml");
%>
exception
org.apache.jasper.JasperException: Exception in JSP: /View.jsp:7
4: <jsp:setProperty name="movies" property="*"/>
5: <%
6:
7: movies.getStart("file:///C:/Video/Applications2/sun.mpg");
8: response.setContentType("text/xml");
9: %>
Stacktrace:
org.apache.jasper.servlet.JspServletWrapper.handleJspException(JspServletWrapper.java:504)
org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:375)
org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:314)
org.apache.jasper.servlet.JspServlet.service(JspServlet.java:264)
javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
root cause
javax.servlet.ServletException: javax/media/ControllerListenerHi thanks for responding. Ok i did look through and it was opening some gui. I still need the program to do server side processes so cant use an applet.but i dont need the gui so i revised it and removed the gui. also im using a servlet to call the class now yet i still have the same error. Any ideas?
Below is the vid2jpg code minus the gui.
import java.io.*;
import java.awt.*;
import javax.media.*;
import javax.media.control.*;
import javax.media.format.*;
import javax.media.protocol.*;
import java.awt.image.*;
import javax.imageio.*;
public class vid2jpg implements ControllerListener
Processor p;
Object waitObj = new Object();
boolean stateOK = true;
DataSourceHandler handler;
int imgWidth;int imgHeight;
Image outputImage;
String sep = System.getProperty("file.separator");
int[] outvid;
int startFr = 1;int endFr = 1000;int countFr = 0;
boolean sunjava=true;
* Static main method
public static void main(String[] args)
if(args.length == 0)
System.out.println("No media address.");
new vid2jpg("file:///C:/Video/applications2/sun.mpg"); // or alternative "vfw://0" if webcam
else
String path = args[0].trim();
System.out.println(path);
new vid2jpg(path);
* Constructor
public vid2jpg(String path)
MediaLocator ml;String args = path;
if((ml = new MediaLocator(args)) == null)
System.out.println("Cannot build media locator from: " + args);
if(!open(ml))
System.out.println("Failed to open media source");
* Given a MediaLocator, create a processor and start
private boolean open(MediaLocator ml)
System.out.println("Create processor for: " + ml);
try
p = Manager.createProcessor(ml);
catch (Exception e)
System.out.println("Failed to create a processor from the given media source: " + e);
return false;
p.addControllerListener(this);
// Put the Processor into configured state.
p.configure();
if(!waitForState(p.Configured))
System.out.println("Failed to configure the processor.");
return false;
// Get the raw output from the Processor.
p.setContentDescriptor(new ContentDescriptor(ContentDescriptor.RAW));
TrackControl tc[] = p.getTrackControls();
if(tc == null)
System.out.println("Failed to obtain track controls from the processor.");
return false;
TrackControl videoTrack = null;
for(int i = 0; i < tc.length; i++)
if(tc.getFormat() instanceof VideoFormat)
tc[i].setFormat(new RGBFormat(null, -1, Format.byteArray, -1.0F, 24, 3, 2, 1));
videoTrack = tc[i];
else
tc[i].setEnabled(false);
if(videoTrack == null)
System.out.println("The input media does not contain a video track.");
return false;
System.out.println("Video format: " + videoTrack.getFormat());
p.realize();
if(!waitForState(p.Realized))
System.out.println("Failed to realize the processor.");
return false;
// Get the output DataSource from the processor and set it to the DataSourceHandler.
DataSource ods = p.getDataOutput();
handler = new DataSourceHandler();
try
handler.setSource(ods); // also determines image size
catch(IncompatibleSourceException e)
System.out.println("Cannot handle the output DataSource from the processor: " + ods);
return false;
// setLayout(new FlowLayout(FlowLayout.LEFT));
// currPanel = new imgPanel(new Dimension(imgWidth,imgHeight));
// add(currPanel);
// pack();
//setLocation(100,100);
// setVisible(true);
handler.start();
// Prefetch the processor.
p.prefetch();
if(!waitForState(p.Prefetched))
System.out.println("Failed to prefetch the processor.");
return false;
// Start the processor
//p.setStopTime(new Time(20.00));
p.start();
return true;
* Sets image size
private void imageProfile(VideoFormat vidFormat)
System.out.println("Push Format "+vidFormat);
Dimension d = (vidFormat).getSize();
System.out.println("Video frame size: "+ d.width+"x"+d.height);
imgWidth=d.width;
imgHeight=d.height;
* Called on each new frame buffer
int nextframetime = 0;
private void useFrameData(Buffer inBuffer)
try
if(inBuffer.getData()!=null) // vfw://0 can deliver nulls
if(sunjava) // and with import javax.imageio.*;
int frametimesecs = (int)(inBuffer.getTimeStamp()/1000000000);
if(frametimesecs%10 == 0 && frametimesecs==nextframetime)
nextframetime+=10;
BufferedImage bi = new BufferedImage(outputImage.getWidth(null), outputImage.getHeight(null), BufferedImage.TYPE_INT_RGB);
Graphics g = bi.getGraphics();
ImageIO.write(bi, "png", new File("images"+sep+"image_"+(inBuffer.getTimeStamp()/1000000000)+".png"));
catch(Exception e){}
* Tidy on finish
public void tidyClose()
handler.close();
p.close();
* Block until the processor has transitioned to the given state
private boolean waitForState(int state)
synchronized(waitObj)
try
while(p.getState() < state && stateOK)
waitObj.wait();
catch (Exception e)
return stateOK;
* Controller Listener.
public void controllerUpdate(ControllerEvent evt)
if(evt instanceof ConfigureCompleteEvent || evt instanceof RealizeCompleteEvent || evt instanceof PrefetchCompleteEvent)
synchronized(waitObj)
stateOK = true;
waitObj.notifyAll();
else
if(evt instanceof ResourceUnavailableEvent)
synchronized(waitObj)
stateOK = false;
waitObj.notifyAll();
else
if(evt instanceof EndOfMediaEvent || evt instanceof StopAtTimeEvent)
tidyClose();
* Inner classes
* A DataSourceHandler class to read from a DataSource and displays
* information of each frame of data received.
class DataSourceHandler implements BufferTransferHandler
DataSource source;
PullBufferStream pullStrms[] = null;
PushBufferStream pushStrms[] = null;
Buffer readBuffer;
* Sets the media source this MediaHandler should use to obtain content.
private void setSource(DataSource source) throws IncompatibleSourceException
// Different types of DataSources need to handled differently.
if(source instanceof PushBufferDataSource)
pushStrms = ((PushBufferDataSource) source).getStreams();
// Set the transfer handler to receive pushed data from the push DataSource.
pushStrms[0].setTransferHandler(this);
// Set image size
imageProfile((VideoFormat)pushStrms[0].getFormat());
else
if(source instanceof PullBufferDataSource)
System.out.println("PullBufferDataSource!");
// This handler only handles push buffer datasource.
throw new IncompatibleSourceException();
this.source = source;
readBuffer = new Buffer();
* This will get called when there's data pushed from the PushBufferDataSource.
public void transferData(PushBufferStream stream)
try
stream.read(readBuffer);
catch(Exception e)
System.out.println(e);
return;
// Just in case contents of data object changed by some other thread
Buffer inBuffer = (Buffer)(readBuffer.clone());
// Check for end of stream
if(readBuffer.isEOM())
System.out.println("End of stream");
return;
// Do useful stuff or wait
useFrameData(inBuffer);
public void start()
try{source.start();}catch(Exception e){System.out.println(e);}
public void stop()
try{source.stop();}catch(Exception e){System.out.println(e);}
public void close(){stop();}
public Object[] getControls()
return new Object[0];
public Object getControl(String name)
return null;
below is the servlet code.
import javax.servlet.*;
import javax.servlet.http.*;
import java.io.*;
public class ShowMovie extends HttpServlet {
String rootURL="http://127.0.0.1:8080/Video/";
public void processRequest(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
//String movie=request.getParameter("movie");
String movie ="son";
getStart(movie);
response.sendRedirect(rootURL+"View.jsp");
protected void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
processRequest(request, response);
protected void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
processRequest(request, response);
public void getStart(String url){
new vid2jpg(url);
this is the error from the server. Im using tomkat 5
exception
javax.servlet.ServletException: Servlet execution threw an exception
root cause
java.lang.NoClassDefFoundError: javax/media/ControllerListener
java.lang.ClassLoader.defineClass1(Native Method)
java.lang.ClassLoader.defineClass(Unknown Source)
java.security.SecureClassLoader.defineClass(Unknown Source)
org.apache.catalina.loader.WebappClassLoader.findClassInternal(WebappClassLoader.java:1812)
org.apache.catalina.loader.WebappClassLoader.findClass(WebappClassLoader.java:866)
org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1319)
org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1198)
java.lang.ClassLoader.loadClassInternal(Unknown Source)
ShowMovie.getStart(ShowMovie.java:31)
ShowMovie.processRequest(ShowMovie.java:14)
ShowMovie.doGet(ShowMovie.java:22)
javax.servlet.http.HttpServlet.service(HttpServlet.java:689)
javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
note The full stack trace of the root cause is available in the Apache Tomcat/5.5.17 logs. -
Anything dragged from data control palette squeezes text out of jsp page
Hi,
I am using JDeveloper 10.1.3.4. When I drag-and-drop anything from the data control palette onto a jsp page, then any template text on the page will be gone in the Design tab of the page, only the component from the data control palette is visible. The template data is still there though, as can be seen in the Source tab. This makes the Design tab unusable if I want to edit the text on the page. If want to drag-and-drop another component from the palette, I am not able to drop it in desired place since the page text is not visible.
If these are relevant: the page is a jsp page and the tab libraries used in the page before the drag-and-drop are:
<%@ taglib uri="http://java.sun.com/jsf/html" prefix="h"%>
<%@ taglib uri="http://java.sun.com/jsf/core" prefix="f"%>Besides the text on the page, I also had a JSF HTML command button added to the page:
<h:commandButton value="Quit"/>After the drag-and-drop the ADF tag libraries were added by JDeveloper, and the directives became:
<%@ taglib uri="http://java.sun.com/jsf/html" prefix="h"%>
<%@ taglib uri="http://java.sun.com/jsf/core" prefix="f"%>
<%@ taglib uri="http://xmlns.oracle.com/adf/faces" prefix="af"%>
<%@ taglib uri="http://xmlns.oracle.com/adf/faces/html" prefix="afh"%>Is there any incompatibility between the elements from the different tag librarries? How to fix this problem? Or anybody had the same problem before and solved it?
Thanks!
NewmanShay,
Thank you for the advice. I was using jsp pages. But I also tried jspx and had the same problem. I wonder if it is a problem with the tag library or with the JDeveloper software. When I create a new jsp page, at the step where the available tag libraries can be shuttled from left to the right, sometimes on the right side there is only JSF HTML but hot JSF Core, but JSF core is not on the left side either. Yet if you click finish and check the source tab you would see both directives for the two libraries are in the page.
When building the pages, all the tags are created by JDeveloper. I do not have the freedom to edit the code because I do not know the tags. If I knew how to directly edit the tags, I can forget about the Design tab. But at least for now I am dependent on the Design tab.
There are many questions on my mind such as the difference between <form> and <h:form>? Is it OK to mix all these tags from the different tag libraries in one page? What is the difference between the JSF HTML CommandButton and the ADF FACES Core CommandButton, and which one should I used in what context? And many many other questions. Are there any Oracle documents that cover these topics and systematically explain and teach the use of these tags? I just found documents for 11g, one of which, by its title at least, looks like a book for such purpose. But it is for 11g.
Many thanks for your guidance!
Newman -
How to access a variable from a dynamically included JSP page
I have a jsp (say main.jsp) using the following in its code :
<jsp:include page="menu.jsp" flush="true" />
I have a variable in menu.jsp which I would like to use in my main.jsp.
How do I get the value of the variable defined in menu.jsp ?
I called this variable in menu.jsp, Public, but this didnot help me use the value of that variable in main.jsp
Any help is highly appreciated.. thnks a lotI do notice the variable var1 has the value populated - in menu.jsp - (from View -->
Source in the browser) but for some reason not able to use it in main.jspI'm not quite sure of the way your jsps are structured from your code snippet but I think there is something to be aware of here that may be part of your problem, namely the difference between the include directive and the include action.
You are currently using the include action, this treats the included resource as a dynamic object - i.e. a request is sent to that resource and the resulting response is included in your page. So when you think of what there is no java variable actually included - you'll just get the resulting HTML that is generated by menu.jsp
The include directive, as in <%@include file=�menu.jsp � %>, on the other hand treats the resource as a static object. This means the actual bytes in the included resource are inserted into the including jsp and then the result of that is compiled and processed, effectively you are cutting and pasting the menu.jsp into your calling jsp. In this case the variable would be available to the calling jsp.
However this approach does bring other difficulties that may break your current code, you'll just have to try it and see what happens.
Hope that's relevant to your problem,
Matt -
OSB - ALSB / WLST / Security / add entry with WLST in Access Control
Hello,
I try to reproduce with WLST script the input from the consol to declare user on Access Control proxy (security).
sbconsol->$Proxy Service->Security->General Confiruration->Access Control->Transport Access Control->Add Conditions
* First implementation without success with the com.bea.wli.sb.security.management.configuration.ServiceSecurityConfigurationMBean : accessControlSecurity1()
* Second try with the service definition of the proxy service but cannot parse with Xpath accessControl Security2()
any idee ???
test case :
prerequisit
create an ALSB domain 10.3 (admin one with username='weblogic' password='weblogic' url='t3://localhost:7001') and create a proxy service on the default project
conf/setEnv.cmd
@CLS
@echo ON
@set BEA_HOME=D:\PRODUCT\MIDDLEWARE\SOA\OSB_10.3
@set WL_HOME=%BEA_HOME%\wlserver_10.3
@set OSB_HOME=%BEA_HOME%\osb_10.3
@set SCRIPTING_HOME=E:\PROJETS\RECURANT\EDF\linky\WLST\WORKING\Security
@set OSB_LIB=%OSB_HOME%/lib/sb-kernel-api.jar;%BEA_HOME%/modules/com.bea.alsb.statistics_1.0.1.0.jar;%OSB_HOME%/lib/sb-kernel-resources.jar;%OSB_HOME%/lib/sb-kernel-common.jar;%OSB_HOME%/lib/sb-kernel-impl.jar;%OSB_HOME%\lib\sb-security.jar;%OSB_HOME%/modules/com.bea.common.configfwk_1.3.0.0.jar;%BEA_HOME%/modules/com.bea.common.configfwk_1.2.0.0.jar;%BEA_HOME%/modules/com.bea.common.configfwk_1.2.1.0.jar;%OSB_HOME%/lib/modules/com.bea.alsb.resources.archive.jar;
@set TOOL_LIB=%SCRIPTING_HOME%\lib\log4j-1.2.15.jar;%SCRIPTING_HOME%\lib\jsch-0.1.43.jar;%SCRIPTING_HOME%\lib\db2jcc.jar
@set CLASSPATH=%OSB_LIB%;%TOOL_LIB%;%CLASSPATH%
@set CLASSPATH=%SCRIPTING_HOME%\lib\db2jcc.jar;%TOOL_LIB%;%CLASSPATH%
@set MODULE_LIB=%SCRIPTING_HOME%\lib
@call %WL_HOME%\server\bin\setWLSEnv.cmd > nul 2<&1
launch.cmd
@CLS
@echo OFF
@SETLOCAL
@call "conf\setEnv.cmd" > nul 2<&1
set PWD=%~dp0
%JAVA_HOME%\bin\java -Dmodule.lib=%MODULE_LIB% weblogic.WLST -skipWLSModuleScanning lib/security.py
lib/security.py
from com.bea.wli.monitoring import StatisticType
from java.util import HashMap
from java.util import HashSet
from java.util import ArrayList
from java.util import Collections
from java.io import FileInputStream
from java.io import FileOutputStream
from java.lang import String
from java.lang import Boolean
from com.bea.wli.sb.util import EnvValueTypes
from com.bea.wli.config.env import EnvValueQuery;
from com.bea.wli.config import Ref
from com.bea.wli.config.customization import Customization
from com.bea.wli.config.customization import EnvValueCustomization
from com.bea.wli.config.customization import FindAndReplaceCustomization
from com.bea.wli.sb.management.configuration import SessionManagementMBean
from com.bea.wli.sb.management.configuration import ALSBConfigurationMBean
from com.bea.wli.sb.management.query import BusinessServiceQuery
from com.bea.wli.sb.management.query import ProxyServiceQuery
from com.bea.wli.sb.management.configuration import ServiceConfigurationMBean
import os
# before, create an ALSB domain 10.3 with a proxy service in the default project and add an Acces Control Policy in the consol
# sbconsol->Project Explorer->default->${proxy service}->Security->Access Control->Create Session->Add Conditions->User->USR_1->Add
# when we try to modify the Acces Control Policy of the proxy service with the ServiceSecurityConfigurationMBean
def accessControlSecurity1( domain_name ):
# connection
print "\n\n\n***********************************************************************************************"
connect( 'weblogic', 'weblogic', 't3://localhost:7001')
domainRuntime()
# create a session
sessionName = String("SessionScript"+Long(System.currentTimeMillis()).toString())
SessionMBean = findService( SessionManagementMBean.NAME ,SessionManagementMBean.TYPE)
SessionMBean.createSession(sessionName)
# get the ServiceSecurityConfigurationMBean
serviceSecurityConfigurationMBean = findService(String("ServiceSecurityConfiguration.").concat(sessionName), "com.bea.wli.sb.security.management.configuration.ServiceSecurityConfigurationMBean")
# get the XACMLAuthorizer
working_directory=pwd()
serverConfig()
xacmlAuthorizer = cd('/SecurityConfiguration/%s/Realms/myrealm/Authorizers/XACMLAuthorizer' % domain_name )
cd(working_directory)
domainRuntime()
# get service ref
ConfigurationMBean = findService(String("ALSBConfiguration.").concat(sessionName), "com.bea.wli.sb.management.configuration.ALSBConfigurationMBean")
bsQuery = ProxyServiceQuery()
bsQuery.setPath("default/*")
refs = ConfigurationMBean.getRefs(bsQuery)
for ref in refs:
print 'ref=%s'%ref
# use the security Mbean to add : USER_A,USER_B,USER_C to the policy
policyHolder = serviceSecurityConfigurationMBean.newAccessControlPolicyHolderInstance(xacmlAuthorizer)
policyHolder.setPolicyExpression("Usr(USER_A,USER_B,USER_C)")
policyScope = serviceSecurityConfigurationMBean.newDefaultMessagePolicyScope(ref)
serviceSecurityConfigurationMBean.setAccessControlPolicy(policyScope,policyHolder)
# print the service definition
servConfMBean = findService( "%s.%s" % (ServiceConfigurationMBean.NAME, sessionName), ServiceConfigurationMBean.TYPE)
serviceDefinition = servConfMBean.getServiceDefinition(ref)
print serviceDefinition
# we can see the security entry in the service definition has follow
# <xml-fragment xmlns:ser="http://www.bea.com/wli/sb/services" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:tran="http://www.bea.com/wli/sb/transports" xmlns:env="http://www.bea.com/wli/config/env">
# <ser:coreEntry isProxy="true" isEnabled="true" isAutoPublish="false">
# <ser:description/>
# <ser:security>
# <con:access-control-policies xmlns:con="http://www.bea.com/wli/sb/services/security/config">
# <con:message-level-policies>
# <con1:default-policy xsi:type="con:ProviderPolicyContainerType" xmlns:con="http://www.bea.com/wli/sb/security/accesscontrol/config" xmlns:con1="http://www.bea.com/wli/sb/services/security/config">
# <con:policy provider-id="XACMLAuthorizer">
# <con:policy-expression>Usr(USER_A,USER_B,USER_C)</con:policy-expression>
# </con:policy>
# </con1:default-policy>
# </con:message-level-policies>
# </con:access-control-policies>
# </ser:security>
# but when we commit
SessionMBean.activateSession(sessionName, "description for session activation")
# we got the following exception
# Unexpected error: com.bea.wli.config.session.SessionConflictException
# No stack trace available.
# Problem invoking WLST - Traceback (innermost last):
# File "E:\PROJETS\RECURANT\EDF\linky\WLST\WORKING\Security\lib\security.py", line 246, in ?
# File "E:\PROJETS\RECURANT\EDF\linky\WLST\WORKING\Security\lib\security.py", line 105, in accessControlSecurity1
# com.bea.wli.config.session.SessionConflictException: Conflicts for session SessionScript1363339726764
# [Non-Critical] Concurrent Modification Conflicts
# NONE
# [Critical] Resources with validation errors
# 1 - ProxyService test/PS_TEST_bis CannotCommit
# + CannotCommit [OSB Security:386836]Unnecessary proxy wide message access control policy found for service "test/PS_TEST_bis". Hint: The service is neither an active security
# intermediary nor has custom authentication enabled. ServiceDiagnosticLocation[SECURITY_TAB]:DiagnosticLocation:<con:message-level-policies xmlns:ser="http://www.bea.com/wli/sb/services" xml
# ns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:tran="http://www.bea.com/wli/sb/transports" xmlns:env="http://www.bea.com/wli/config/env" xmlns:con="http://www.bea.com/wli/sb/services/security/config">
# <con1:default-policy xsi:type="con:ProviderPolicyContainerType" xmlns:con="http://www.bea.com/wli/sb/security/accesscontrol/config" xmlns:con1="http://www.bea.com/wli/sb/services/security/
# config">
# <con:policy provider-id="XACMLAuthorizer">
# <con:policy-expression>Usr(USER_A,USER_B,USER_C)</con:policy-expression>
# </con:policy>
# </con1:default-policy>
# </con:message-level-policies>
# [Info] Informational messages
# NONE
# at com.bea.wli.config.session.SessionManager.commitSessionUnlocked(SessionManager.java:358)
# at com.bea.wli.config.session.SessionManager.commitSession(SessionManager.java:339)
# at com.bea.wli.config.session.SessionManager.commitSession(SessionManager.java:297)
# at com.bea.wli.config.session.SessionManager.commitSession(SessionManager.java:306)
disconnect()
# when we try to modify the Acces Control Policy of the proxy service whith the service XML definition
def accessControlSecurity2( domain_name ):
# connection
print "\n\n\n***********************************************************************************************"
connect( 'weblogic', 'weblogic', 't3://localhost:7001')
domainRuntime()
# create a session
sessionName = String("SessionScript"+Long(System.currentTimeMillis()).toString())
SessionMBean = findService( SessionManagementMBean.NAME ,SessionManagementMBean.TYPE)
SessionMBean.createSession(sessionName)
# get service ref
ConfigurationMBean = findService(String("ALSBConfiguration.").concat(sessionName), "com.bea.wli.sb.management.configuration.ALSBConfigurationMBean")
bsQuery = ProxyServiceQuery()
bsQuery.setPath("default/*")
refs = ConfigurationMBean.getRefs(bsQuery)
for ref in refs:
print 'ref=%s'%ref
servConfMBean = findService( "%s.%s" % (ServiceConfigurationMBean.NAME, sessionName), ServiceConfigurationMBean.TYPE)
serviceDefinition = servConfMBean.getServiceDefinition(ref)
# parsing the proxy definition
nsSer = "declare namespace ser='http://www.bea.com/wli/sb/services'"
nsXsi = "declare namespace xsi='http://www.w3.org/2001/XMLSchema-instance'"
nsTran = "declare namespace tran='http://www.bea.com/wli/sb/transports'"
nsEnv = "declare namespace env='http://www.bea.com/wli/config/env'"
nsCon = "declare namespace con='http://www.bea.com/wli/sb/services/security/config'"
nsCon1 = "declare namespace con1='http://www.bea.com/wli/sb/services/security/config'"
# when we try to parse the following Xpath Expression, it' working but not sufficent to access the <con:policy-expression> element
confPath = "ser:coreEntry/ser:security/con:access-control-policies/con1:transport-level-policy"
confElem = serviceDefinition.selectPath(nsSer + nsXsi + nsTran + nsEnv + nsCon + nsCon1 + confPath )
print "WORKING{%s}" % confElem
# get the result
# <xml-fragment xsi:type="con:ProviderPolicyContainerType" xmlns:con="http://www.bea.com/wli/sb/security/accesscontrol/config" xmlns:con1="http://www.bea.com/wli/sb/services/security/config" xmlns:ser="http://www.bea.com/wli/sb/services" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:tran="http://www.bea.com/wli/sb/transports" xmlns:env="http://www.bea.com/wli/config/env">
# <con:policy provider-id="XACMLAuthorizer">
# <con:policy-expression>Usr(USER_1,USER_2,USER_3)</con:policy-expression>
# </con:policy>
# </xml-fragment>
# and when we try to acces the <con:policy> element whith the following Xpath expression we got an empty result
confPath = "ser:coreEntry/ser:security/con:access-control-policies/con1:transport-level-policy/con:policy"
confElem = serviceDefinition.selectPath(nsSer + nsXsi + nsTran + nsEnv + nsCon + nsCon1 + confPath )
print "DON'T WORKING{%s}" % confElem
# get empty result
# array([], org.apache.xmlbeans.XmlObject)
# want to modify the value like this on the <con:policy-expression> but cannot reach it ...
#confValue="Usr(USER_A,USER_B,USER_C)"
#confElem.setStringValue(confValue)
# commit
SessionMBean.activateSession(sessionName, "description for session activation")
disconnect
# print the service definition
def printServiceDefinition( domain_name ):
# connection
connect( 'weblogic', 'weblogic', 't3://localhost:7001')
domainRuntime()
# create a session
sessionName = String("SessionScript"+Long(System.currentTimeMillis()).toString())
SessionMBean = findService( SessionManagementMBean.NAME ,SessionManagementMBean.TYPE)
SessionMBean.createSession(sessionName)
# get service ref
ConfigurationMBean = findService(String("ALSBConfiguration.").concat(sessionName), "com.bea.wli.sb.management.configuration.ALSBConfigurationMBean")
bsQuery = ProxyServiceQuery()
bsQuery.setPath("default/*")
refs = ConfigurationMBean.getRefs(bsQuery)
for ref in refs:
print 'ref=%s'%ref
servConfMBean = findService( "%s.%s" % (ServiceConfigurationMBean.NAME, sessionName), ServiceConfigurationMBean.TYPE)
serviceDefinition = servConfMBean.getServiceDefinition(ref)
servConfMBean = findService( "%s.%s" % (ServiceConfigurationMBean.NAME, sessionName), ServiceConfigurationMBean.TYPE)
serviceDefinition = servConfMBean.getServiceDefinition(ref)
print serviceDefinition
# commit
SessionMBean.activateSession(sessionName, "description for session activation")
disconnect
#accessControlSecurity1('cluster_domain')
accessControlSecurity2('cluster_domain')Hello,
I try to reproduce with WLST script the input from the consol to declare user on Access Control proxy (security).
sbconsol->$Proxy Service->Security->General Confiruration->Access Control->Transport Access Control->Add Conditions
* First implementation without success with the com.bea.wli.sb.security.management.configuration.ServiceSecurityConfigurationMBean : accessControlSecurity1()
* Second try with the service definition of the proxy service but cannot parse with Xpath accessControl Security2()
any idee ???
test case :
prerequisit
create an ALSB domain 10.3 (admin one with username='weblogic' password='weblogic' url='t3://localhost:7001') and create a proxy service on the default project
conf/setEnv.cmd
@CLS
@echo ON
@set BEA_HOME=D:\PRODUCT\MIDDLEWARE\SOA\OSB_10.3
@set WL_HOME=%BEA_HOME%\wlserver_10.3
@set OSB_HOME=%BEA_HOME%\osb_10.3
@set SCRIPTING_HOME=E:\PROJETS\RECURANT\EDF\linky\WLST\WORKING\Security
@set OSB_LIB=%OSB_HOME%/lib/sb-kernel-api.jar;%BEA_HOME%/modules/com.bea.alsb.statistics_1.0.1.0.jar;%OSB_HOME%/lib/sb-kernel-resources.jar;%OSB_HOME%/lib/sb-kernel-common.jar;%OSB_HOME%/lib/sb-kernel-impl.jar;%OSB_HOME%\lib\sb-security.jar;%OSB_HOME%/modules/com.bea.common.configfwk_1.3.0.0.jar;%BEA_HOME%/modules/com.bea.common.configfwk_1.2.0.0.jar;%BEA_HOME%/modules/com.bea.common.configfwk_1.2.1.0.jar;%OSB_HOME%/lib/modules/com.bea.alsb.resources.archive.jar;
@set TOOL_LIB=%SCRIPTING_HOME%\lib\log4j-1.2.15.jar;%SCRIPTING_HOME%\lib\jsch-0.1.43.jar;%SCRIPTING_HOME%\lib\db2jcc.jar
@set CLASSPATH=%OSB_LIB%;%TOOL_LIB%;%CLASSPATH%
@set CLASSPATH=%SCRIPTING_HOME%\lib\db2jcc.jar;%TOOL_LIB%;%CLASSPATH%
@set MODULE_LIB=%SCRIPTING_HOME%\lib
@call %WL_HOME%\server\bin\setWLSEnv.cmd > nul 2<&1
launch.cmd
@CLS
@echo OFF
@SETLOCAL
@call "conf\setEnv.cmd" > nul 2<&1
set PWD=%~dp0
%JAVA_HOME%\bin\java -Dmodule.lib=%MODULE_LIB% weblogic.WLST -skipWLSModuleScanning lib/security.py
lib/security.py
from com.bea.wli.monitoring import StatisticType
from java.util import HashMap
from java.util import HashSet
from java.util import ArrayList
from java.util import Collections
from java.io import FileInputStream
from java.io import FileOutputStream
from java.lang import String
from java.lang import Boolean
from com.bea.wli.sb.util import EnvValueTypes
from com.bea.wli.config.env import EnvValueQuery;
from com.bea.wli.config import Ref
from com.bea.wli.config.customization import Customization
from com.bea.wli.config.customization import EnvValueCustomization
from com.bea.wli.config.customization import FindAndReplaceCustomization
from com.bea.wli.sb.management.configuration import SessionManagementMBean
from com.bea.wli.sb.management.configuration import ALSBConfigurationMBean
from com.bea.wli.sb.management.query import BusinessServiceQuery
from com.bea.wli.sb.management.query import ProxyServiceQuery
from com.bea.wli.sb.management.configuration import ServiceConfigurationMBean
import os
# before, create an ALSB domain 10.3 with a proxy service in the default project and add an Acces Control Policy in the consol
# sbconsol->Project Explorer->default->${proxy service}->Security->Access Control->Create Session->Add Conditions->User->USR_1->Add
# when we try to modify the Acces Control Policy of the proxy service with the ServiceSecurityConfigurationMBean
def accessControlSecurity1( domain_name ):
# connection
print "\n\n\n***********************************************************************************************"
connect( 'weblogic', 'weblogic', 't3://localhost:7001')
domainRuntime()
# create a session
sessionName = String("SessionScript"+Long(System.currentTimeMillis()).toString())
SessionMBean = findService( SessionManagementMBean.NAME ,SessionManagementMBean.TYPE)
SessionMBean.createSession(sessionName)
# get the ServiceSecurityConfigurationMBean
serviceSecurityConfigurationMBean = findService(String("ServiceSecurityConfiguration.").concat(sessionName), "com.bea.wli.sb.security.management.configuration.ServiceSecurityConfigurationMBean")
# get the XACMLAuthorizer
working_directory=pwd()
serverConfig()
xacmlAuthorizer = cd('/SecurityConfiguration/%s/Realms/myrealm/Authorizers/XACMLAuthorizer' % domain_name )
cd(working_directory)
domainRuntime()
# get service ref
ConfigurationMBean = findService(String("ALSBConfiguration.").concat(sessionName), "com.bea.wli.sb.management.configuration.ALSBConfigurationMBean")
bsQuery = ProxyServiceQuery()
bsQuery.setPath("default/*")
refs = ConfigurationMBean.getRefs(bsQuery)
for ref in refs:
print 'ref=%s'%ref
# use the security Mbean to add : USER_A,USER_B,USER_C to the policy
policyHolder = serviceSecurityConfigurationMBean.newAccessControlPolicyHolderInstance(xacmlAuthorizer)
policyHolder.setPolicyExpression("Usr(USER_A,USER_B,USER_C)")
policyScope = serviceSecurityConfigurationMBean.newDefaultMessagePolicyScope(ref)
serviceSecurityConfigurationMBean.setAccessControlPolicy(policyScope,policyHolder)
# print the service definition
servConfMBean = findService( "%s.%s" % (ServiceConfigurationMBean.NAME, sessionName), ServiceConfigurationMBean.TYPE)
serviceDefinition = servConfMBean.getServiceDefinition(ref)
print serviceDefinition
# we can see the security entry in the service definition has follow
# <xml-fragment xmlns:ser="http://www.bea.com/wli/sb/services" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:tran="http://www.bea.com/wli/sb/transports" xmlns:env="http://www.bea.com/wli/config/env">
# <ser:coreEntry isProxy="true" isEnabled="true" isAutoPublish="false">
# <ser:description/>
# <ser:security>
# <con:access-control-policies xmlns:con="http://www.bea.com/wli/sb/services/security/config">
# <con:message-level-policies>
# <con1:default-policy xsi:type="con:ProviderPolicyContainerType" xmlns:con="http://www.bea.com/wli/sb/security/accesscontrol/config" xmlns:con1="http://www.bea.com/wli/sb/services/security/config">
# <con:policy provider-id="XACMLAuthorizer">
# <con:policy-expression>Usr(USER_A,USER_B,USER_C)</con:policy-expression>
# </con:policy>
# </con1:default-policy>
# </con:message-level-policies>
# </con:access-control-policies>
# </ser:security>
# but when we commit
SessionMBean.activateSession(sessionName, "description for session activation")
# we got the following exception
# Unexpected error: com.bea.wli.config.session.SessionConflictException
# No stack trace available.
# Problem invoking WLST - Traceback (innermost last):
# File "E:\PROJETS\RECURANT\EDF\linky\WLST\WORKING\Security\lib\security.py", line 246, in ?
# File "E:\PROJETS\RECURANT\EDF\linky\WLST\WORKING\Security\lib\security.py", line 105, in accessControlSecurity1
# com.bea.wli.config.session.SessionConflictException: Conflicts for session SessionScript1363339726764
# [Non-Critical] Concurrent Modification Conflicts
# NONE
# [Critical] Resources with validation errors
# 1 - ProxyService test/PS_TEST_bis CannotCommit
# + CannotCommit [OSB Security:386836]Unnecessary proxy wide message access control policy found for service "test/PS_TEST_bis". Hint: The service is neither an active security
# intermediary nor has custom authentication enabled. ServiceDiagnosticLocation[SECURITY_TAB]:DiagnosticLocation:<con:message-level-policies xmlns:ser="http://www.bea.com/wli/sb/services" xml
# ns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:tran="http://www.bea.com/wli/sb/transports" xmlns:env="http://www.bea.com/wli/config/env" xmlns:con="http://www.bea.com/wli/sb/services/security/config">
# <con1:default-policy xsi:type="con:ProviderPolicyContainerType" xmlns:con="http://www.bea.com/wli/sb/security/accesscontrol/config" xmlns:con1="http://www.bea.com/wli/sb/services/security/
# config">
# <con:policy provider-id="XACMLAuthorizer">
# <con:policy-expression>Usr(USER_A,USER_B,USER_C)</con:policy-expression>
# </con:policy>
# </con1:default-policy>
# </con:message-level-policies>
# [Info] Informational messages
# NONE
# at com.bea.wli.config.session.SessionManager.commitSessionUnlocked(SessionManager.java:358)
# at com.bea.wli.config.session.SessionManager.commitSession(SessionManager.java:339)
# at com.bea.wli.config.session.SessionManager.commitSession(SessionManager.java:297)
# at com.bea.wli.config.session.SessionManager.commitSession(SessionManager.java:306)
disconnect()
# when we try to modify the Acces Control Policy of the proxy service whith the service XML definition
def accessControlSecurity2( domain_name ):
# connection
print "\n\n\n***********************************************************************************************"
connect( 'weblogic', 'weblogic', 't3://localhost:7001')
domainRuntime()
# create a session
sessionName = String("SessionScript"+Long(System.currentTimeMillis()).toString())
SessionMBean = findService( SessionManagementMBean.NAME ,SessionManagementMBean.TYPE)
SessionMBean.createSession(sessionName)
# get service ref
ConfigurationMBean = findService(String("ALSBConfiguration.").concat(sessionName), "com.bea.wli.sb.management.configuration.ALSBConfigurationMBean")
bsQuery = ProxyServiceQuery()
bsQuery.setPath("default/*")
refs = ConfigurationMBean.getRefs(bsQuery)
for ref in refs:
print 'ref=%s'%ref
servConfMBean = findService( "%s.%s" % (ServiceConfigurationMBean.NAME, sessionName), ServiceConfigurationMBean.TYPE)
serviceDefinition = servConfMBean.getServiceDefinition(ref)
# parsing the proxy definition
nsSer = "declare namespace ser='http://www.bea.com/wli/sb/services'"
nsXsi = "declare namespace xsi='http://www.w3.org/2001/XMLSchema-instance'"
nsTran = "declare namespace tran='http://www.bea.com/wli/sb/transports'"
nsEnv = "declare namespace env='http://www.bea.com/wli/config/env'"
nsCon = "declare namespace con='http://www.bea.com/wli/sb/services/security/config'"
nsCon1 = "declare namespace con1='http://www.bea.com/wli/sb/services/security/config'"
# when we try to parse the following Xpath Expression, it' working but not sufficent to access the <con:policy-expression> element
confPath = "ser:coreEntry/ser:security/con:access-control-policies/con1:transport-level-policy"
confElem = serviceDefinition.selectPath(nsSer + nsXsi + nsTran + nsEnv + nsCon + nsCon1 + confPath )
print "WORKING{%s}" % confElem
# get the result
# <xml-fragment xsi:type="con:ProviderPolicyContainerType" xmlns:con="http://www.bea.com/wli/sb/security/accesscontrol/config" xmlns:con1="http://www.bea.com/wli/sb/services/security/config" xmlns:ser="http://www.bea.com/wli/sb/services" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:tran="http://www.bea.com/wli/sb/transports" xmlns:env="http://www.bea.com/wli/config/env">
# <con:policy provider-id="XACMLAuthorizer">
# <con:policy-expression>Usr(USER_1,USER_2,USER_3)</con:policy-expression>
# </con:policy>
# </xml-fragment>
# and when we try to acces the <con:policy> element whith the following Xpath expression we got an empty result
confPath = "ser:coreEntry/ser:security/con:access-control-policies/con1:transport-level-policy/con:policy"
confElem = serviceDefinition.selectPath(nsSer + nsXsi + nsTran + nsEnv + nsCon + nsCon1 + confPath )
print "DON'T WORKING{%s}" % confElem
# get empty result
# array([], org.apache.xmlbeans.XmlObject)
# want to modify the value like this on the <con:policy-expression> but cannot reach it ...
#confValue="Usr(USER_A,USER_B,USER_C)"
#confElem.setStringValue(confValue)
# commit
SessionMBean.activateSession(sessionName, "description for session activation")
disconnect
# print the service definition
def printServiceDefinition( domain_name ):
# connection
connect( 'weblogic', 'weblogic', 't3://localhost:7001')
domainRuntime()
# create a session
sessionName = String("SessionScript"+Long(System.currentTimeMillis()).toString())
SessionMBean = findService( SessionManagementMBean.NAME ,SessionManagementMBean.TYPE)
SessionMBean.createSession(sessionName)
# get service ref
ConfigurationMBean = findService(String("ALSBConfiguration.").concat(sessionName), "com.bea.wli.sb.management.configuration.ALSBConfigurationMBean")
bsQuery = ProxyServiceQuery()
bsQuery.setPath("default/*")
refs = ConfigurationMBean.getRefs(bsQuery)
for ref in refs:
print 'ref=%s'%ref
servConfMBean = findService( "%s.%s" % (ServiceConfigurationMBean.NAME, sessionName), ServiceConfigurationMBean.TYPE)
serviceDefinition = servConfMBean.getServiceDefinition(ref)
servConfMBean = findService( "%s.%s" % (ServiceConfigurationMBean.NAME, sessionName), ServiceConfigurationMBean.TYPE)
serviceDefinition = servConfMBean.getServiceDefinition(ref)
print serviceDefinition
# commit
SessionMBean.activateSession(sessionName, "description for session activation")
disconnect
#accessControlSecurity1('cluster_domain')
accessControlSecurity2('cluster_domain') -
Assign access control,http 404 error
Hi,
when i right click on assign access control,i receive the following error:
The page cannot be found
The page you are looking for might have been removed, had its name changed, or is temporarily unavailable.
Please try the following:
If you typed the page address in the Address bar, make sure that it is spelled correctly.
Open the server111:19000 home page, and then look for links to the information you want.
Click the Back button to try another link.
Click Search to look for information on the Internet.
HTTP 404 - File not found
Internet Explorer
Can you help me in this regard ?
Thanks,
ColDFireak123 wrote:
Its the same when I try from both port 28080 and 9000.So are you running the embedded http server on port 9000? if not and you are using OHS then try accessing Shared Services through that port e.g. http://<sharedservices>:19000/interop/index.jsp
Actually I am not sure that matters with HFM and you can go direct through 28080 or 19000, worth a try, if not maybe it just needs registering again as Pablo said.
Cheers
John
http://john-goodwin.blogspot.com/ -
Accessing config object in jsp page
I have been trying to access the config (implicit) object in my jsp page. In my web.xml, for my application, I have specified an init-parameter. To get the value of this parameter, I have the following code being executed
<%
String protocol = config.getInitParameter("protocol");
out.println("Protocol = " +protocol);
%>
The output turns out to be Protocol = null.
If I specify the init-parameter in Tomcat's web.xml in conf directory, then I do get the value. But that does not serve my purpose. I am using jakarta-tomcat-4.0-b7.
Any suggestions!!!!!!!Try this link, http://archives2.real-time.com/rte-tomcat/2000/Apr/msg01124.html
-
Message bundles accessed from JSF and JSP pages
Hello, everybody!
I'm developing a localized JSF application. It is working pretty well until now.
These are my message files:
mensagens.properties
mensagens_en_US.propertiesThis is how they're configured in faces-config.xml:
<application>
<resource-bundle>
<base-name>br.urca.www.biblioteca.web.mensagens</base-name>
<var>msg</var>
</resource-bundle>
</application>And this is how I access the messages in a page:
<h:outputText value="#{msg.titulo}" />Nothing new until now. But now there was a need for me to have a raw jsp page in
my web application. This page is displaying ok but I also need to access the
message bundles as I'm able to access in the normal jsp with the JSF components.
As you should know I can't use something like the above code with an +<h:outputText>+
to access the messages because this is a JSF component and I'll not be able to use
JSF components with this raw jsp page.
So, my question is: how do I access my localized messages from a raw jsp page? I
suppose there should be a way to do this, but unfortunately I started programming
to the web world in Java with JSF, not JSP, so I don't know how to do this with
JSP.
Thank you very much.
MarcosBalusC wrote:
Just include [jstl-1.2.jar|https://maven-repository.dev.java.net/repository/jstl/jars/] in your classpath and define the fmt taglib in your JSP. Nothing more is needed.
Hello, BalusC. Thank you for your help. We're almost there. After I have included the jstl-1.2.jar you provided me I can use the fmt tag and access message bundles from my raw jsp page (even though I had to provide other message bundles instead of the ones that I use in the other jsf pages, but it's better than nothing).
Now there just on problem to be fixed. The jsp page is not aware when I change the locale of my application. I change this locale in a jsf page.
I have this component:
<h:selectOneMenu value="#{pesquisaAcervo.idiomaAplicacao}"
valueChangeListener="# {pesquisaAcervo.idiomaAplicacaoMudado}" onchange="submit();">
<f:selectItems value="#{pesquisaAcervo.idiomasAplicacao}" />
</h:selectOneMenu>that calls this event in my backing bean class:
public void idiomaAplicacaoMudado(ValueChangeEvent e)
fIdiomaAplicacao.liberarItens();
Idioma idioma = Idioma.deString(e.getNewValue().toString());
// This line is for JSF
FacesContext.getCurrentInstance().getViewRoot().setLocale(idioma.localidade());
// This line is for Tiles
FacesContext.getCurrentInstance().getExternalContext().getSessionMap().
put(org.apache.tiles.locale.impl.DefaultLocaleResolver.LOCALE_KEY, idioma.localidade());
}So, do I have to include another line in the idiomaAplicacaoMudado event above in order for the jsp page load the correct resource bundle? Or what else do I have to do?
Thank you.
Marcos -
Error while turning on Access control for web proxy
When I try turning on access control setting for the service (using web-based server admin page: sever preferences->restrict access), i got this pop-up error message:
System Error:
The POST variables could not be read from stdin.
Environment:
Windows2000 SP2
Sun ONE WebProxy 3.6 SP1
File-System NTFS
ThxHi,
Please mention on which platform you have installed the iplanet web proxy server. If it is on NT then make sure it must on NTFS partition.
refer the following link for more details
http://docs.iplanet.com/docs/manuals/proxy/36/adminnt/contents.htm -
I've set up the proxy on my osx 10.5 server. All seems to work fine until i want to block facebook, i take it to block hosts url's you have control access to proxy. So whatever domain name i restrict it to it just halts all trafic to the proxy. what is the naming convention to put in the domain tab?
my server is called studio21.xserve.xxxxx.ac.uk
so what should i put in here? also do i have to set up realms? i'm a bit lost and can't find a decent tutorial on it. Any ideas would be greatly appreciatedTo block sites you don't control access to the proxy: You block the sites at the proxy.
You can get a good idea on how proxies work by doing a google search for "squid proxy" and reading some of the documentation. -
Http proxy View access control log
Access control log is broken. I get BMON window...operation cannot be
completed.
Tried TID 10026035 which did not work at all.
Jerry GunnIf that is the only way, I guess it OK. Do you have a procedure to
follow?
Also... why doesn't TID 10026035 work? If its a usless TID who do I
contact to get it removed or fixed?
Thanks for your help.
Jerry Gunn
> If you're ready to throw away the access rules logs, you can start from
> scratch by disabling all the components using btrieve (for instance,
not
> loading BM at the server startup, removing logging for the VPN, as
> well), then disable all the logs in CSAUDIT, delete the contents of the
> CSAUDIT directory and re-enable everything.
>
> --
> Cat
> NSC Volunteer Sysop -
Access Control up grade from 5.2 to 5.3
Hi,
One of my client have
1. Earlier Access control 5.2 was installed but only FF are configured and is in use.
2. After some time Access Control GRC 5.2 server (front end) have some problem so they have
installed 5.3 to front end level
--no back end patch was updated
--no connector are created.
Now the situation is as follows
Front end -access control 5.3 -
Back end -RTA is access control 5.2(they are only using FF)
No connector are created
From this situation how can we take it forward to access control 5.3.
I have following question
1. can we update back end to 5.3 and start configuration --what is the impact?
2. Do we need to take back up of table FF as client is using only FF.
Thanks,
DigambarHi
5.2 RTA will not be compatible with with GRC 5.3 RTA .
So best would ne to upgrade your backend RTA to 5.3 and SP level shoul;d be in Synch with level of SP of front end i.e SA P GRC 5.3 .
Thanks & Regards
Asheesh -
Issue while enabling Access Control for a Coherence server node
Hi
Im trying to enable access control for a Coherence server node, using the default Keystore login method shipped with Coherence. When i start the server i get the error "java.security.AccessControlException: Unsufficient rights to perform the operation". Please see below for the sequence of steps I've followed to enable access control. I just need to be enable Authentication (not authorization) at this stage
1. I have added the following entry in the Coherence Operational override file
<security-config>
<enabled system-property="tangosol.coherence.security">true</enabled>
<login-module-name>Coherence</login-module-name>
<access-controller>
<class-name>com.tangosol.net.security.DefaultController</class-name>
<init-params>
<init-param id="1">
<param-type>java.io.File</param-type>
<param-value>keystore.jks</param-value>
</init-param>
<init-param id="2">
<param-type>java.io.File</param-type>
<param-value>permissions.xml</param-value>
</init-param>
</init-params>
</access-controller>
<callback-handler>
<class-name>com.sun.security.auth.callback.TextCallbackHandler</class-name>
</callback-handler>
</security-config>
2. The following is the entry in the Permissions.xml
<?xml version='1.0'?>
<permissions>
<grant>
<principal>
<class>javax.security.auth.x500.X500Principal</class>
<name>CN=admin,OU=Coherence,O=Oracle,C=US</name>
</principal>
<permission>
<target>*</target>
<action>all</action>
</permission>
</grant>
</permissions>
3. The following is the content of the Login configuration file "Coherence_Login.conf"
Coherence {
com.tangosol.security.KeystoreLogin required
keyStorePath="keystore.jks";
4. The following is the command line tag for starting the server
java -server -showversion -Djava.security.auth.login.config=Coherence_Login.conf -Xms%memory% -Xmx%memory% -Dtangosol.coherence.cacheconfig=PROXY-cache-config.xml -Dtangosol.coherence.override=FOL-coherence-override.xml -Dcom.sun.management.jmxremote.port=6789 -Dcom.sun.management.jmxremote.authenticate=false -Dtangosol.coherence.security=true -cp "%coherence_home%\lib\coherence.jar" com.tangosol.net.DefaultCacheServer %1
Following is the output on the Console when running the command. It asks for a username and password for the JKS store (If i provide the wrong password, it gives a different error, which shows that it is able to authenticate aganst the Keystore). After i put in the password, it throws the error as shown below "java.security.AccessControlException: Unsufficient rights to perform the operation"
D:\Coherence\FOL_CacheServer>fol-cache-server
java version "1.6.0_20"
Java(TM) SE Runtime Environment (build 1.6.0_20-b02)
Java HotSpot(TM) 64-Bit Server VM (build 16.3-b01, mixed mode)
Username:admin
Password:
Exception in thread "main" java.security.AccessControlException: Unsufficient ri
ghts to perform the operation
at com.tangosol.net.security.DefaultController.checkPermission(DefaultCo
ntroller.java:153)
at com.tangosol.coherence.component.net.security.Standard.checkPermissio
n(Standard.CDB:32)
at com.tangosol.coherence.component.net.Security.checkPermission(Securit
y.CDB:11)
at com.tangosol.coherence.component.util.SafeCluster.ensureService(SafeC
luster.CDB:6)
at com.tangosol.coherence.component.net.management.Connector.startServic
e(Connector.CDB:20)
at com.tangosol.coherence.component.net.management.gateway.Remote.regist
erLocalModel(Remote.CDB:10)
at com.tangosol.coherence.component.net.management.gateway.Local.registe
rLocalModel(Local.CDB:10)
at com.tangosol.coherence.component.net.management.Gateway.register(Gate
way.CDB:6)
at com.tangosol.coherence.component.util.SafeCluster.ensureRunningCluste
r(SafeCluster.CDB:46)
at com.tangosol.coherence.component.util.SafeCluster.start(SafeCluster.C
DB:2)
at com.tangosol.net.CacheFactory.ensureCluster(CacheFactory.java:998)
at com.tangosol.net.DefaultConfigurableCacheFactory.ensureServiceInterna
l(DefaultConfigurableCacheFactory.java:923)
at com.tangosol.net.DefaultConfigurableCacheFactory.ensureService(Defaul
tConfigurableCacheFactory.java:892)
at com.tangosol.net.DefaultCacheServer.startServices(DefaultCacheServer.
java:81)
at com.tangosol.net.DefaultCacheServer.intialStartServices(DefaultCacheS
erver.java:250)
at com.tangosol.net.DefaultCacheServer.startAndMonitor(DefaultCacheServe
r.java:55)
at com.tangosol.net.DefaultCacheServer.main(DefaultCacheServer.java:197)Did you create the weblogic domain with the Oracle Webcenter Spaces option selected? This should install the relevant libraries into the domain that you will need to deploy your application. My experience is based off WC 11.1.1.0. If you haven't, you can extend your domain by re-running the Domain Config Wizard again (WLS_HOME/common/bin/config.sh)
Cappa -
Access controll Logs and DNS entries
Hello there,
We have upgraded from Border Manager 3.5 to Border Manager 3.8 SP4 on
new hardware. Everything runs fine except a little niggle. When we
view the Access Control logs now all we see is IP addresses there are
no host names. In real time monitoring we can click on DNS Host Name
and get some of the names but most come back Unknown. Under the logs
themselves the DNS host Name option is grayed out. Have I messed up
the configuration in some manner?
DanThanks Craig, We are indeed runing the transparent proxy. Is this a
change between 3.5 and 3.8? When we ran the transparent Proxy under
3.5 we were able to see the URL's.
On Tue, 17 Jul 2007 21:36:53 GMT, Craig Johnson
<[email protected]> wrote:
>In article <[email protected]>, Dan Larson
>wrote:
>> When we
>> view the Access Control logs now all we see is IP addresses there are
>> no host names. In real time monitoring we can click on DNS Host Name
>> and get some of the names but most come back Unknown. Under the logs
>> themselves the DNS host Name option is grayed out. Have I messed up
>> the configuration in some manner?
>>
>If you have transparent proxy working, you will get IP addresses of
>hosts instead of URL's.
>
>If you are not using proxy authentication, you will get IP addresses of
>user PC's instead of user names.
>
>Craig Johnson
>Novell Support Connection SysOp
>*** For a current patch list, tips, handy files and books on
>BorderManager, go to http://www.craigjconsulting.com ***
>
Maybe you are looking for
-
Posting of Goods Issue for a Delivery (Different movement types)
Hello SD Experts, We have this process wherein we use Deliveries w/o reference. There's a customization in place for this process, the movement type is determined through the item category of the material. Given this scenario, my question is if it is
-
Performance of BO on top of SAP BI: Please share experiences
Hi, I was wondering what your experiences are with BO on top of BW regarding performance. Kind regards, Daniel
-
My downloaded tv show is not in video
Ive downloaded an entire season of a tv show, once all episodes download it disappears and they are not in video
-
Wifi idle 1min doesnt work after that
hey all, i have this problem ever since i bought this phone. when ever im browsing over wifi and stops browsing for 1min and if i again start browsing it jst doesn't work and shows me that it is trying to load the page. however this thing never happe
-
My ipad air blocked when trying to update the new software
my ipad air blocked when trying to update the new software