APEX and ORA-24247: network access denied by access control list (ACL)
Hi,
I try to send email with APEX.
I have enter the parameters of my mail server and activate the email on my application.
I have follow the APEX installation guide and apply the script given in the "Granting Connect Privileges" section.
When I try to send email or make a subscription, I don't receive any email and can see this error in the table "WWV_FLOW_MAIL_LOG"
+"MAIL_TO","MAIL_FROM","MAIL_REPLYTO","MAIL_SUBJ","MAIL_CC","MAIL_BCC","MAIL_SEND_ERROR","LAST_UPDATED_BY","LAST_UPDATED_ON","SECURITY_GROUP_ID"+
+"[email protected]","[email protected]","[email protected]","Suivi de Besoins","","","ORA-24247: network access denied by access control list (ACL)","SYS",05/03/12,3210210578052219+
+"[email protected]","[email protected]","[email protected]","Suivi de Besoins","","","ORA-24247: network access denied by access control list (ACL)","SYS",05/03/12,3210210578052219+
+"[email protected]","[email protected]","[email protected]","Suivi de Besoins","","","ORA-24247: network access denied by access control list (ACL)","SYS",05/03/12,3210210578052219+
+"[email protected]","[email protected]","[email protected]","Suivi de Besoins","","","ORA-24247: network access denied by access control list (ACL)","SYS",05/03/12,3210210578052219+
+"[email protected]","[email protected]","[email protected]","Suivi de Besoins","","","ORA-24247: network access denied by access control list (ACL)","SYS",24/02/12,3210210578052219+
+"[email protected]","[email protected]","[email protected]","Suivi de Besoins","","","ORA-24247: network access denied by access control list (ACL)","SYS",05/03/12,3210210578052219+
Do you see what is wrong in my configuration ?
I use APEX 4.1, Oracle 11g.
The script that I have apply is :
DECLARE
ACL_PATH VARCHAR2(4000);
ACL_ID RAW(16);
BEGIN
-- Look for the ACL currently assigned to '*' and give APEX_040100
-- the "connect" privilege if APEX_040100 does not have the privilege yet.
SELECT ACL INTO ACL_PATH FROM DBA_NETWORK_ACLS
WHERE HOST = '*' AND LOWER_PORT IS NULL AND UPPER_PORT IS NULL;
-- Before checking the privilege, make sure that the ACL is valid
-- (for example, does not contain stale references to dropped users).
-- If it does, the following exception will be raised:
--+
-- ORA-44416: Invalid ACL: Unresolved principal 'APEX_040100'
-- ORA-06512: at "XDB.DBMS_XDBZ", line ...
--+
SELECT SYS_OP_R2O(extractValue(P.RES, '/Resource/XMLRef')) INTO ACL_ID
FROM XDB.XDB$ACL A, PATH_VIEW P
WHERE extractValue(P.RES, '/Resource/XMLRef') = REF(A) AND
EQUALS_PATH(P.RES, ACL_PATH) = 1;
DBMS_XDBZ.ValidateACL(ACL_ID);
IF DBMS_NETWORK_ACL_ADMIN.CHECK_PRIVILEGE(ACL_PATH, 'APEX_040100',
+'connect') IS NULL THEN+
DBMS_NETWORK_ACL_ADMIN.ADD_PRIVILEGE(ACL_PATH,
+'APEX_040100', TRUE, 'connect');+
END IF;
EXCEPTION
-- When no ACL has been assigned to '*'.
WHEN NO_DATA_FOUND THEN
DBMS_NETWORK_ACL_ADMIN.CREATE_ACL('power_users.xml',
+'ACL that lets power users to connect to everywhere',+
+'APEX_040100', TRUE, 'connect');+
DBMS_NETWORK_ACL_ADMIN.ASSIGN_ACL('power_users.xml','*');
END;
+/+
COMMIT;
Thanks for your help,
Hi,
You need to grant privilege to the user.
i.e add principal
You can use script :
DECLARE
ACL_ID RAW(16);
CNT NUMBER;
BEGIN
-- Look for the object ID of the ACL currently assigned to ''*
SELECT ACLID INTO ACL_ID FROM DBA_NETWORK_ACLS
WHERE HOST = '' AND LOWER_PORT IS NULL AND UPPER_PORT IS NULL;*
-- If just some users referenced in the ACL are invalid, remove just those
-- users in the ACL. Otherwise, drop the ACL completely.
SELECT COUNT(PRINCIPAL) INTO CNT FROM XDS_ACE
WHERE ACLID = ACL_ID AND
EXISTS (SELECT NULL FROM ALL_USERS WHERE USERNAME = PRINCIPAL);
IF (CNT > 0) THEN
FOR R IN (SELECT PRINCIPAL FROM XDS_ACE
WHERE ACLID = ACL_ID AND
NOT EXISTS (SELECT NULL FROM ALL_USERS
WHERE USERNAME = PRINCIPAL)) LOOP
UPDATE XDB.XDB$ACL
SET OBJECT_VALUE =
DELETEXML(OBJECT_VALUE,
*'/ACL/ACE[PRINCIPAL="'||R.PRINCIPAL||'"]')*
WHERE OBJECT_ID = ACL_ID;
END LOOP;
ELSE
DELETE FROM XDB.XDB$ACL WHERE OBJECT_ID = ACL_ID;
END IF;
END;
REM commit the changes.
COMMIT;
Or you need to add privilege to specific user/schema using following script:
BEGIN
DBMS_NETWORK_ACL_ADMIN.ADD_PRIVILEGE (
acl => 'aclfilename.xml',
principal => 'databaseuser',
is_grant => TRUE,
privilege => 'connect',
position => null);
COMMIT;
END;
Please execute this code after connect as sysdba user.
Thanks & Regards,
Jaydipsinh Raulji
Web: [www.oracleapexconsultant.com|www.oracleapexconsultant.com]
Similar Messages
-
ORA-24247: network access denied by access control list (ACL)
Hi All,
I am sending a mail thru OWB 11g ( and using database 11g) after successful or failure of process. My process is completing successfully but am not able to send mail. At the time of sending mail it is giving me error as below
ORA-24247: network access denied by access control list (ACL)
ORA-06512: at "SYS.UTL_TCP", line 17
ORA-06512: at "SYS.UTL_TCP", line 246
ORA-06512: at "SYS.UTL_SMTP", line 115
ORA-06512: at "SYS.UTL_SMTP", line 138
ORA-06512: at line 8
I have created ACL using the following code
BEGIN
dbms_network_acl_admin.create_acl(acl => 'oramail.xml',
description => 'Network permissions for mail.oracle.com',
principal => 'OWF_MGR', is_grant => TRUE, privilege => 'connect');
DBMS_NETWORK_ACL_ADMIN.ADD_PRIVILEGE(acl => 'oramail.xml',
principal => 'OWF_MGR',
is_grant => true,
privilege => 'resolve');
DBMS_NETWORK_ACL_ADMIN.ASSIGN_ACL(acl => 'oramail.xml',
host => '141.146.46.30');
END;
commit;
where 141.146.46.30 is my mail server IP. I am still not able to send mail by OWB. Please let me know if I have missed any steps in this.
Thanks.For Oracle Warehouse Builder 11g running in 11g dB you need to set the ACL for the OWBSYS user. For example:
EXECUTE DBMS_NETWORK_ACL_ADMIN.CREATE_ACL('acl_for_owb_cc.xml', 'ACL for Control Center', 'OWBSYS', TRUE, 'connect');
For Oracle Warehouse Builder 10.2.0.4 running in 11g dB you need to set the ACL for the OWB repository owner. For example:
EXECUTE DBMS_NETWORK_ACL_ADMIN.CREATE_ACL('acl_for_owb.xml', 'ACL for OWB', 'MY_OWB_REPO_OWNER', TRUE, 'connect');" -
Another ORA-24247: network access denied by access control list (ACL)
Hi
We have just upgraded from 10g to 11g (DB version is 11.2.0.1.0), and i've have nothing but problems with ACL.
I've tried:
Creation code (as dba-user):
begin
DBMS_NETWORK_ACL_ADMIN.CREATE_ACL(’netacl.xml’,
‘Allow usage to the UTL network packages’, ‘ACLTEST’, TRUE, ‘connect’);
DBMS_NETWORK_ACL_ADMIN.ADD_PRIVILEGE(’netacl.xml’ ,’ACLTEST’, TRUE, ‘resolve’);
DBMS_NETWORK_ACL_ADMIN.ASSIGN_ACL(’netacl.xml’,'*’);
commit;
end;
Execution code (as ACLTEST):
declare
l_conn UTL_TCP.connection;
v_file ftp.TStringTable;
l_list ftp.t_string_table;
begin
l_conn := ftp.Logind('DOMAIN', 21, 'USERNAME', 'PASSWORD');
ftp.logout(l_conn);
end;
Error stack
ORA-24247: network access denied by access control list (ACL)
ORA-06512: at “SYS.UTL_TCP”, line 17
ORA-06512: at “SYS.UTL_TCP”, line 246
ORA-06512: at “COMMON.FTP”, line 784
ORA-06512: at line 7
i've tried to add the domain in the acl with full port range with no luck:
begin
DBMS_NETWORK_ACL_ADMIN.ASSIGN_ACL(’netacl.xml’,'DOMAIN’,1,65000);
commit;
end;Hi;
First what below query return
SELECT acl,
principal,
privilege,
is_grant,
to_char(start_date) ,
to_char(end_date)
FROM dba_network_acl_privileges;
Regard
Helios -
ORA-24247: network access denied by access control list (ACL) using FTP
What used to work on our 10g server now doesn't work on 11g. We recently migrated to a new server and this FTP download process is the only thing that is giving me problems.
I have tried using the IP Address and Domain name, opened up the ports 10 to 80 (just in case) and even tried FTPing to a local FTP site and cannot seem to get past the ORA-24247 error. At this point I am not sure what else to try. The FTP process worked great in 10g...
begin
dbms_network_acl_admin.create_acl (
acl => 'cwtoto_acl_file.xml',
description => 'FTP Access',
principal => 'CWT_OPERATOR',
is_grant => TRUE,
privilege => 'connect',
start_date => null,
end_date => null
dbms_network_acl_admin.add_privilege (
acl => 'cwtoto_acl_file.xml',
principal => 'CWT_OPERATOR',
is_grant => TRUE,
privilege => 'resolve',
start_date => null,
end_date => null
dbms_network_acl_admin.assign_acl (
acl => 'cwtoto_acl_file.xml',
host => '69.30.63.173',
lower_port => 10,
upper_port => 80
dbms_network_acl_admin.assign_acl (
acl => 'cwtoto_acl_file.xml',
host => 'ftp.rmpc.org',
lower_port => 10,
upper_port => 80
dbms_network_acl_admin.assign_acl (
acl => 'cwtoto_acl_file.xml',
host => 'ftp.taglab.org',
lower_port => 10,
upper_port => 80
dbms_network_acl_admin.assign_acl (
acl => 'cwtoto_acl_file.xml',
host => '146.63.252.61',
lower_port => 10,
upper_port => 80
commit;
end;
Edited by: tfrawley on Jan 20, 2011 10:23 AMSo, I have contacted support to fix my inability to login to Oracle Support. In the meantime I'll just run through this problem one more time:
I executed the following:
begin
dbms_network_acl_admin.create_acl (
acl => 'cwtoto_acl_file.xml',
description => 'FTP Access',
principal => 'CWT_OPERATOR',
is_grant => TRUE,
privilege => 'connect',
start_date => null,
end_date => null
dbms_network_acl_admin.assign_acl (
acl => 'cwtoto_acl_file.xml',
host => 'ftp.rmpc.org',
lower_port => 1,
upper_port => 1000
commit;
end;
This should give me an ACL xml file and permission for CWT_OPERATOR to connect to ftp.rmpc.org on ports 1 through 1000.
I can look and see if the creation was successful: SELECT host, lower_port, upper_port, acl FROM dba_network_acls t ;
HOST LOWER_PORT UPPER_PORT ACL
1 ftp.rmpc.org 1 1000 /sys/acls/cwtoto_acl_file.xml
Looks good right?
So I test it using the following:
DECLARE
l_conn UTL_TCP.connection;
BEGIN
l_conn := ftp.login('ftp.rmpc.org','21','[email protected]','anonymous');
ftp.logout( l_conn);
END;
And get the following errors:
ORA-24247: network access denied by access control list (ACL)
ORA-06512: at "SYS.UTL_TCP", line 17
ORA-06512: at "SYS.UTL_TCP", line 246
ORA-06512: at "SYSTEM.FTP", line 49
ORA-06512: at line 4
Has anyone else tried to use UTL_TCP and experienced a simliar issue? -
ORA-24247: network access denied by access control list (ACL)error-UTL_HTTP
I am getting following ACL error while executing following procedure:
create or replace procedure sat_proc as
http_req utl_http.req;
http_resp utl_http.resp;
BEGIN
http_req := utl_http.begin_request('www.yahoo.com');
http_resp := utl_http.get_response(http_req);
utl_http.end_response(http_resp);
END;
exec sat_proc;
ORA-29273: HTTP request failed
ORA-06512: at "SYS.UTL_HTTP", line 1130
ORA-24247: network access denied by access control list (ACL)
ORA-06512: at "TRANSDBA.SAT_PROC", line 5
ORA-06512: at line 1
I am able to execute successfully while executing above code as PL/SQL block:
DECLARE
http_req utl_http.req;
http_resp utl_http.resp;
BEGIN
http_req := utl_http.begin_request('www.yahoo.com');
http_resp := utl_http.get_response(http_req);
utl_http.end_response(http_resp);
END;
PL/SQL procedure successfully completed.
Could help me find why I am getting error while executing same code in a procedure? Is there any privilege missing?GRANT EXECUTE ON SYS.UTL_HTTP TO <your_user>;
SQL> set time on
17:21:01 SQL> set role none;
Role set.
17:21:23 SQL> @utl_http.sql
17:21:34 SQL> DECLARE
17:21:34 2 http_req utl_http.req;
17:21:34 3 http_resp utl_http.resp;
17:21:34 4 BEGIN
17:21:34 5 http_req := utl_http.begin_request('www.yahoo.com');
17:21:34 6 http_resp := utl_http.get_response(http_req);
17:21:34 7 utl_http.end_response(http_resp);
17:21:34 8 END;
17:21:34 9 /
PL/SQL procedure successfully completed.
17:21:35 SQL> connect / as sysdba
Connected.
17:22:47 SQL> connect dbadmin/admindb
Connected.
17:23:06 SQL> @utl_http.sql
17:23:22 SQL> DECLARE
17:23:22 2 http_req utl_http.req;
17:23:22 3 http_resp utl_http.resp;
17:23:22 4 BEGIN
17:23:22 5 http_req := utl_http.begin_request('www.yahoo.com');
17:23:22 6 http_resp := utl_http.get_response(http_req);
17:23:22 7 utl_http.end_response(http_resp);
17:23:22 8 END;
17:23:22 9 /
PL/SQL procedure successfully completed.
17:23:23 SQL> set role none;
Role set.
17:23:29 SQL> @utl_http.sql
17:23:31 SQL> DECLARE
17:23:31 2 http_req utl_http.req;
17:23:31 3 http_resp utl_http.resp;
17:23:31 4 BEGIN
17:23:31 5 http_req := utl_http.begin_request('www.yahoo.com');
17:23:31 6 http_resp := utl_http.get_response(http_req);
17:23:31 7 utl_http.end_response(http_resp);
17:23:31 8 END;
17:23:31 9 /
DECLARE
ERROR at line 1:
ORA-29273: HTTP request failed
ORA-06512: at "SYS.UTL_HTTP", line 1130
ORA-24247: network access denied by access control list (ACL)
ORA-06512: at line 5
17:23:31 SQL> above is from test user
Below is from SYSDBA account
SQL> set time on
17:20:53 SQL> revoke execute on sys.utl_http to dbadmin;
revoke execute on sys.utl_http to dbadmin
ERROR at line 1:
ORA-00905: missing keyword
17:22:03 SQL> revoke execute on sys.utl_http from dbadmin;
revoke execute on sys.utl_http from dbadmin
ERROR at line 1:
ORA-04020: deadlock detected while trying to lock object
ACLiLZU+w09hR7gQAB/AQAjcw==
17:22:32 SQL> /
Revoke succeeded.
17:22:52 SQL> Edited by: sb92075 on Jun 10, 2010 5:24 PM -
HR User, REST example - network access denied by access control list (ACL)
Hi,
I am new to APEX and am running the 'Oracle Developer Days' vm. I'm logged into APEX as the default HR/oracle account and I've been following the 'Creating and Using a RESTful Web Service in Application Express 4.2' training video, however when I try to retrieve information by entering a dept no. and clicking submit I get:
ORA-29273: HTTP request failed ORA-06512: at "SYS.UTL_HTTP", line 1130 ORA-24247: network access denied by access control list (ACL)
I've seen the following thread:
ORA-24247: network access denied by access control list (ACL)error-UTL_HTTP
and I've tried running the command:
GRANT EXECUTE ON SYS.UTL_HTTP TO HR;
but I'm not getting anywhere, presumably the HR user does not have permissions to access 'http://localhost:8888/apex/hr/employee_test'
Any help much appreciated, also if this is the wrong forum for this question please let me know.
Many ThanksHi,
Thank you for the link; I executed the first block of code to 'grant connect privileges to any host for the APEX_040200 database user' that did not work so I changed the user to HR within the code and re-executed and that seems to have done the trick. I guess the HR user is now in the power_users list/group?
Thanks again! -
ORA-24247: Netzwerkzugriff von Access Control-Liste (ACL) abgelehnt
Hi,
I am trying to send email in APEX but all the emails are in APEX mail queue with error status,
ORA-24247: Netzwerkzugriff von Access Control-Liste (ACL) abgelehnt
I already configured smtp server in manage instance. Please suggest me why the error is happening.
Thanks & Regards,
SagarikaProbably you need to add the SMTP server address to the ACL list. There are numerous resources showing how to do that. Google on "how to create acl in oracle" and you will get many links showing up. This one is explaining a how to quite good:
http://www.oracleflash.com/36/Oracle-11g-Access-Control-List-for-External-Network-Services.html
Denes Kubicek
http://deneskubicek.blogspot.com/
http://www.apress.com/9781430235125
http://apex.oracle.com/pls/apex/f?p=31517:1
http://www.amazon.de/Oracle-APEX-XE-Praxis/dp/3826655494
------------------------------------------------------------------- -
Access control list (ACL)
hi,
I have upgraded from 8i to 11g. I am using a procedure to send email from forms10g.
After the upgrade, I am getting error.
ERROR at line 1:
ORA-24247: network access denied by access control list (ACL)
ORA-06512: at "SYS.UTL_TCP", line 17
ORA-06512: at "SYS.UTL_TCP", line 246
ORA-06512: at "SYS.UTL_SMTP", line 115
ORA-06512: at "SYS.UTL_SMTP", line 138
ORA-06512: at "HYBRID.SEND_MAIL", line 12
ORA-06512: at line 1
I created the ACL, see below .
begin
dbms_network_acl_admin.create_acl (
acl => 'utl_smtp.xml',
description => 'Allow mail to be send',
principal => 'username',
is_grant => TRUE,
privilege => 'connect'
commit;
end;
begin
dbms_network_acl_admin.add_privilege (
acl => 'utl_smtp.xml',
principal => 'username',
is_grant => TRUE,
privilege => 'resolve'
commit;
end;
begin
dbms_network_acl_admin.assign_acl(
acl => 'utl_smtp.xml',
host => 'smtp.abc.com'
commit;
end;
When i execute send_mail procedure i get the above error.
Exec send_mail('[email protected]','[email protected]','item Return','TEST MAIL') ;
Please helpPl see if MOS Doc 557070.1 (ORA-24247 Trying To Send Email Using UTL_SMTP from 11gR1 (11.1.0.6) or higher) can help
HTH
Srini -
Access denied error on updating list through custom webpart
hi
I have created one webpart having multiple view option.
On selection of items from one view user is clicking on next button to get 2nd view (THis is causing postback) and on selection of 2nd view items user is clicking on next buton for 3rd view.
On third view he can see the submit button. On click on submit button the selected items are updateing in one list and also updating data in other lists.
The list in which we are updating data have limited access to all users. But previously user were able to upate the list.
But after implimenting this multiple view with next button which postbacks on click user are getting access denied error while updating the list. If i provide contribute access to that list then they able to submit the changes properly. But even after
that they got the error at first time.
Any body got this type of issue?
Is the post back on custom webpart cause access denied error?
i have written my code like this to updat list,
protected void btnUpdate_Click(object sender, EventArgs e)
try
SPSite site = new SPSite(SPContext.Current.Site.ID);
SPWeb myWeb = site.OpenWeb(SPContext.Current.Web.ID);
SPSecurity.RunWithElevatedPrivileges(delegate()
using (SPSite ElevatedSite = new SPSite(site.ID))
using (SPWeb ElevatedWeb = ElevatedSite.OpenWeb(myWeb.ID))
ElevatedSite.AllowUnsafeUpdates = true;
ElevatedWeb.AllowUnsafeUpdates = true;
//code to update multiple lists
catch (Exception ex)
Please suggest any solution for this.Yes I checked with ULS log viewer.
Its very helpfull as reading that text log file is very difficuelt.
I found that if user spend more time on that webpart then session veriables on that webpart gets expired and at the time of redirection of user to newly created list using below code currentNewList becomes empty and its redirection to wrong list(_abc) which
is dummy list and user dont have any access.
currentNewList = NewListName+ "_abc"
SPUtility.Redirect(currentNewList.DefaultViewUrl, SPRedirectFlags.Default, HttpContext.Current);
So I modified the code to reload the session data when user clisk on submit button. -
Access Denied when access to File System Repository
Hi,
Our SAP Portal install in Windows 2003, and access to a unix's file system that created from File System Repository of Portal. When I access it in KM content, SAP Portal return the following message:
System Error
An exception occurred during the program execution. Below you will find technical information pertaining to this exception that you might want to forward to your system administrator.
Exception Class: class com.sapportals.wcm.repository...
Exception Message: Access denied
If I double-click any file,
IE return 403: The requested operation is forbidden for this resource.
Please help me to fix this problem?
PS: The unix's file system mode is 777.
The permission of folder in Portal File System Repository is everyone full control.
Message was edited by: Jeff Lien
Message was edited by: Jeff LienHi,
to my knowledege, this combination is not supported. You can integrated Windows-File-Shares in a Unix-Portal: http://help.sap.com/saphelp_nw04/helpdata/en/ed/b334ea02a2704388d1d2fc3e4298ad/frameset.htm but not the other way round
Kind reagrds
karin -
Access Denied when accessing ipc$ but not admin$ of a Windows 2008 R2 Standard server
From a Windows 2008 R2 Server,
c:\> net use * \\<winserver2008>\ipc$
System error 66 has occurred.
The network resource type is not correct.
c:\> net use * \\<winserver2008>\admin$
Drive Z: is now connected to \\<winserver2008\admin$.
However, running the above commands from a Windows 2003 Server, I have no problem at all.
Does anyone has any idea?Hello nww,
The problem is caused by UAC and the elevated privileges required to access the administrative shares. This
Microsoft KB article (951016) describes the issue in Windows Vista
To better protect those users who are members of the local Administrators group, we implement UAC restrictions on the network. This mechanism helps prevent against "loopback" attacks. This mechanism also helps prevent local malicious software
from running remotely with administrative rights.
and the steps to resolve it, open a new PowerShell window as administrator:
New-ItemProperty HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -name "LocalAccountTokenFilterPolicy" -value "1" -propertyType dword
A word of caution: this is opening up a security hole and it should only be done with careful consideration of the risks. The need to use PSExec to remotely run a process was an important part of the deployment, however the same result
could be achieved using PowerShell remoting. Until it’s tested and we’re ready to deploy that, I’ll be using this method.
source -
Hi All,
The thread that i posted under the topic 'Access Denied' yesterday is missing in the database forum. This is the link of my thread that i posted yesterday
http://forums.oracle.com/forums/thread.jspa?threadID=2227549&tstart=0
since as i have received replies from the three users for that thread yesterday.. But now it is missing.
This is the error which reported for me
ORA-24247: network access denied by access control list (ACL)
ORA-06512: at "SYS.UTL_TCP", line 17
ORA-06512: at "SYS.UTL_TCP", line 246
ORA-06512: at "SYS.UTL_SMTP", line 115
ORA-06512: at "SYS.UTL_SMTP", line 138
ORA-06512: at "BITECH1.SEND_MAIL", line 23
ORA-06512: at line 2For that the users said of enabling the ACL and this is the reply that i got from the three users
Hi Mini,
There are actually a lot of discussions existing on this topic: you can search this forum and use Google as well.
you may want to refer to the following link:
http://www.oracle-base.com/articles/11g/FineGrainedAccessToNetworkServices_11gR1.php
HTH,
Thierry
In 11g the user running utl_smtp et. al. packages needs a grant for network ACLs (access control list), see
http://download.oracle.com/docs/cd/B28359_01/network.111/b28531/authorization.htm#DBSEG40012
Support note 1209644.1 is also one of the hits on the ora-24247 error.
Sounds like you haven't setup the ACL correctly.
Can you post the code that you used?I have also enabled the ACL by following the referred link by the user.
After that i tried to access the URL which is outside the firewall. If i enabled the ACL means then the URL has to be accessible and this is the way that i tried
Firstly i connected to the user that i have enabled ACL, and after that i executed the below command
SQL> SET SERVEROUTPUT ON SIZE 1000000
SQL> DECLARE
2 l_url VARCHAR2(32767) := 'http://mail.yahoo.com';
3 l_conn utl_http.req;
4 BEGIN
5 l_conn := utl_http.begin_request(url => l_url, method => 'POST', http_version=> 'HTTP/1.0');
6 dbms_output.put_line('URL ' || l_url || ' was reached successfully.');
7 END;
8 / But the error that is returned for the above query is
ERROR at line 1:
ORA-29273: HTTP request failed
ORA-06512: at "SYS.UTL_HTTP", line 1029
ORA-12535: TNS:operation timed out
ORA-06512: at line 5what is the error over here?? i couldnt guess. And also where is my missing thread in DB forum
Thanks
Regards,
Mini
Edited by: Mini on May 25, 2011 2:29 AMYou write that the test worked "before development implemented security" and now you are getting a message that says "access denied". You need to present the error details to the developers and ask them what aspect of
security or permissions are now required. The error message quoted is not complete, there is nothing after "errorType" and no closing curly brace, so we cannot really tell what the problem is.
It is possible that a log within the web site has more details of the request and the failure reason. Ask the developers to check the web site logs and tell them the exact date and time of when the error occurred.
Regards
Adrian -
Ora-24247 (ACL Error ) is coming in Oracle SE not in Oracle EE
Hi
I am using the below select statement to get the host ipaddress
select utl_inaddr.GET_HOST_ADDRESS into v_HostIPAddress from dual;
It's Working fine when i am running in the SQL Prompt .it is giving me the correct ip address but when i have included this piece of code in the procedure then it's giving me the error
Sample Code which i am using :
procedure getPatAPI(p_Id IN varchar2,
p_path in out varchar2) is
v_HostIPAddress varchar2(20);
begin
select utl_inaddr.GET_HOST_ADDRESS into v_HostIPAddress from dual;
EXCEPTION
WHEN OTHERS THEN
raise_application_error(-20001,
'getPathAPI:' ||
SQLCODE || ' -ERROR- ' || SQLERRM);
end;
Try to execute by passing the p_Id = 1 then giving the
Error:
ERROR- ORA-24247: network access denied by access control list (ACL)
ORA-06512: at "SYS.UTL_INADDR", line 19
ORA-06512: at "SYS.UTL_INADDR", line 40
ORA-06512: at line 1
I have run these below set of command in Oracle Standard Edition and Oracle Enterprise Edition.
In the SE i am getting the same error ORA-24247 but it's working fine in the EE .
Connected to:
Oracle Database 11g Release 11.2.0.3.0 - 64bit Production
SQL>
SQL> EXECUTE DBMS_NETWORK_ACL_ADMIN.CREATE_ACL('acl_for_oracle.xml','ACL for www.oracle.com', 'GENEVA_ADMIN', TRUE, 'resolve');
PL/SQL procedure successfully completed.
SQL> EXECUTE DBMS_NETWORK_ACL_ADMIN.ADD_PRIVILEGE('acl_for_oracle.xml','GENEVA_ADMIN', TRUE, 'resolve');
PL/SQL procedure successfully completed.
SQL> EXECUTE DBMS_NETWORK_ACL_ADMIN.ASSIGN_ACL('acl_for_oracle.xml','*');
PL/SQL procedure successfully completed.
SQL> commit;
Commit complete.
SQL> exit
Disconnected from Oracle Database 11g Release 11.2.0.3.0 - 64bit Production
So to run the UTL_INADDR in the Oracle Standard Edition is there any other kind of permission is required ???And also on Oracle 10g, its not happening every time. Sometimes it gives error while sometimes it works. This is typically due to
a) environment settings that differ from session to session
b) or more often, data
The actual error means that Oracle expects a number and is unable to obtain a number from the input (data or SQL or bind variables) supplied. I agree with William that it looks a lot like an implicit TO_NUMBER() conversion failing.
Why not add a debug exception handler to the code? When that exception occurs, dump the PL/SQL call stack and values of all variables and parameters to a debug/logging table (using an autonomous transaction). -
Unable to send emails. ORA-24247 error
Hi,
I have an email program that isn't working and I am getting this message:
ORA-24247: network access denied by access control list (ACL)
Any help? Thanks.http://blog.whitehorses.nl/2010/03/17/oracle-11g-access-control-list-and-ora-24247/
-
Hi,
I try to print an Report using Jasper Report, whenever i try this, i am getting this error:
ORA-29273: HTTP request failed ORA-06512: at "SYS.UTL_HTTP", line 1029 ORA-24247: network access denied by access control list (ACL).
I have enabled Network Services but without Success
any Idee?
many thanks in advance
MDK.Hi sivadas,
thanks for reply, i have done it using the code below, but still the same error
begin
begin
dbms_network_acl_admin.drop_acl(
acl => '/sys/acls/utl_http.xml'
exception
when others then null;
end;
dbms_network_acl_admin.create_acl(
acl => '/sys/acls/utl_http.xml',
description => 'TEST',
principal => 'FLOWS_030000',
is_grant => true,
privilege => 'connect'
DBMS_NETWORK_ACL_ADMIN.ADD_PRIVILEGE(
acl => '/sys/acls/utl_http.xml',
principal => 'FLOWS_030000',
is_grant => true,
privilege => 'resolve'
dbms_network_acl_admin.assign_acl(
acl => '/sys/acls/utl_http.xml',
host => 'localhost',
lower_port => 8080,
upper_port => 8080
end;
any Idee?
MDK.
Maybe you are looking for
-
Hi All, First, I'm not a java programmer at all... Okay.. I have this portal with an ExceptionHelper.java file and instead of displaying this page to the user, I'd like to redirect the page to an HTML page, perhaps carrying a variable for the error w
-
IPod classic corrupted and won't restore on Windows
So I have an 80Gb iPod classic. While I was transferring some files something went wrong with the USB connection and iTunes immediately froze and so did my iPod. So I reconnected my iPod and now it won't let me transfer any files because it keeps get
-
After Recovery Display Driver OEM Issue
Performed recovery on Satellite A505-6965 with help of Intel Rapid Storage Technology program suggested by Jerry. However, the display device that came with the laptop would not function it gave a code 39. I uninstalled but could not reload it. Went
-
Import video mpeg cs5.5 error
Hi, I can't import any video format (Adobe premiere.cs.5.5.master.collection fr) I have error message "erreur lors de la decompression audio ou video". Thank you to inform me on what I have to do.
-
Best way to update java w/ zen
Hi all: I have been working on a method of pushing out a java update via zenworks. However I keep running into issues. My method is very simple: either copy the exe down to the server or call it off of a server, then start it with the /s switch. Howe