AppletViewer Socket security policies in Netbeans -

Similar Messages

• Socket Security Error 2048

  Hi,
  I'm trying to make a socket connection using AS3. I am aware
  of the new Security policies. I've read all the articles and set up
  a socket policy file server and a socket server to handle the
  socket.connect().
  Im calling
  Security.loadPolicyFile("xmlsocket://myhost.com:843") but
  continually get this message in the debugger:
  Error: Failed to load policy file from
  xmlsocket://myhost.com:843 // why did it fail?? the file is there
  and port is open
  and then:
  Error: Request for resource at xmlsocket://myhost.com:11500
  by requestor from
  http://myhost.com/myswf.swf
  has failed because the server cannot be reached. // why can't the
  server be reached?? the port is open
  I've made sure I have no firewall blocking the port, no
  SELinux enabled policies, and I've verified port 843 and 11500 are
  actually open using a custom php script.
  Also when I type nmap localhost port 843 shows up as open
  using tcp. It does however say that the service is unknown. I don't
  understand that since I have edited the /etc/services file and
  created the service "flashpolicy" in /etc/xinetd.d and restarted
  inetd using: /etc/rc.d/init.d/xinetd restart.
  Heres the string my socket policy file server is suppose to
  return when it receives <policy-file-request/> :
  <cross-domain-policy><site-control
  permitted-cross-domain-policies="master-only"/><allow-access-from
  domain="myhost.com" to-ports="11500"
  /></cross-domain-policy>\0
  Can anyone give me some clues as to what I'm doing wrong? I
  think I've read every article out there regarding this subject. I
  even see that there are two bugs listed for the flash player:
  http://bugs.adobe.com/jira/browse/FP-67
  and
  https://bugs.adobe.com/jira/browse/FP-269.
  But it seems likes someone out there has achieved socket
  connections with AS3.
  Thank You

  You might try to force Flash to load the policy file first:
  Security.allowDomain(“*”);
  Security.loadPolicyFile(“http://server.com/crossdomain.xml”);

• Local Security policies

  The new Flash Player security policies are driving me nuts
  when trying to work with local files. I'm working on development
  tools that will run in the local machine, I get security issues in
  many cases (from AIR interacting with loaded swf, with local
  xmlsocket). It's clear and easy to implement the security
  restrictions when you work with remote files (you just put the
  crossdomain.xml on the server), but with local files is such a pain
  (see for instance the "use-network=false" compiling option).
  Is there a documentation that helps you to work with local
  files and sort the eventual issues, I couldn't find one.
  Now I would like to communicate with a local java xml socket,
  how could I do to avoid:
  *** Security Sandbox Violation ***
  Connection to localhost:1023 halted - not permitted from
  file:///.../bin/App.swf
  Thanks a lot for any support

  This socket server made my day:
  http://www.blog.lessrain.com/?p=512
  chr

• Web-app scoped security policies not working in WL 8

  Hi,
  I can't get web-app scoped security policies working in WL 8.1
  I have a simple web application. It defines a role(ROLE) and security
  constraint (on *.jsp).
  If I examine the web app in the administration console, I see that it
  has created a role (scoped to /*) called "ROLE" just as you would
  expect. It has also created a scoped policy (to *.jsp) with constraints
  that the user be in the role ROLE. This is as expected, and it works.
  However, if I proceed to create my own scoped policy (on *.html) with
  constraints (on ALL methods) that the user be in role ROLE, then I get
  no security at all. ie. I can go to server:port/foo.html and it will
  work - it is not secured.
  Any ideas?
  On a completely unrelated issue, when I deploy an EAR (exploded) with a
  WAR (exploded) and using the admin console expand the application
  correpsonding to th EAR, right click on the WAR node, and try and define
  a scoped role, then I get an error "There are no appropriate RoleEditor
  providers configured". This sounds like a bug. Trying to define a
  scoped policy works as expected.
  TIA,
  Jon

  I can't get web-app scoped security policies working in WL 8.1Well, I can answer this one myself.
  WebLogic 8 has a new optimisation (this wasn't present in 7 AFAIK),
  available on the Security / Realm / myreal / General tab, which
  determines whether or not weblogic considers authorisation of resources
  protected by descriptors or not. (ie. it can force only
  descriptor-protected authorisation, ignoring admin console policies).
  It defaults to ignoring admin console policies, hence my problem.
  Jon

• How to use ADF Security policies in OID Ldap

  Hello
  My application uses ADF security policies created by Jdeveloper ADF Security Wizard and page definition Edit Authorization menu. The application runs as expected using file based system-jazn-data.xml. I used the JAZNMigrationTool in order to migrate XML based policies to LDAP based policies. LDIF file was generated by the tool and then using the LDAPModify command the file was uploaded to the OID. No errors were generated during this process.
  I used Oracle Directory Manager in order to examine the migration result, and compare the output to that described by
  Introduction to ADF Security in JDeveloper 10.1.3.2
  An Oracle JDeveloper Article
  Written by Frank Nimphius, Oracle Corporation
  February, 2007
  I was expecting to find Read, Update privileges in the orcljaznpermissionaction and the attribute name in the orcljaznpermissiontarget as shown in Fig 15 ADF security entry in OID.
  to narrow down the source of the issue, we examine the LDIF file, and there was no reference to these entries. Below is one example entry from the LDIF file
  dn: orclguid=EF37EAA603C611DDBFAE635A1BB60EE0,cn=Permissions,cn=Policy,cn=JAZNContext,cn=Products,cn=OracleContext,dc=realsoft,dc=com
  changetype: add
  objectclass: orcljaznpermission
  objectclass: groupofuniquenames
  objectclass: top
  cn: EF37EAA603C611DDBFAE635A1BB60EE0
  orclGuid: EF37EAA603C611DDBFAE635A1BB60EE0
  orcljaznjavaclass: java.security.UnresolvedPermission
  orcljaznpermissiontarget: oracle.adf.share.security.authorization.AttributePermission
  orcljaznpermissionactions:
  uniquemember: orclguid=EF37EAA203C611DDBFAE635A1BB60EE0,cn=Grantees,cn=Policy,cn=JAZNContext,cn=Products,cn=OracleContext,dc=realsoft,dc=com
  Note that the orcljazpermissionactions is empty and orcljaznpermissiontarget does not really specify the actual attribute name.
  The system-jazn-data.xml includes all entries correctly.
  rgds

  Eurika
  finally solved,
  runing the JAZNMigrationTool requires setting the correct classpath,
  Setting the classpath to the following
  C:\>Set CLASSPATH=d:\jdevstudio10132\j2ee\home\jazn.jar
  allows you to run the Jaznmigrationtool successfully, however you will find that the generated LDIF file does not include the premission actions (Read, Update ...)
  if however, you add the adfshare.jar to the classpath
  C:\>Set CLASSPATH=d:\jdevstudio10132\j2ee\home\jazn.jar;d:\jdevstudio10132\BC4J\lib\adfshare.jar
  now the tool will migrate the permission policies , the following shows an extract from the LDIF file
  dn: orclguid=A5E662E204D411DDBF8807BC4864C5C2,cn=Permissions,cn=Policy,cn=JAZNContext,cn=Products,cn=OracleContext,dc=realsoft,dc=com
  changetype: add
  objectclass: orcljaznpermission
  objectclass: groupofuniquenames
  objectclass: top
  cn: A5E662E204D411DDBF8807BC4864C5C2
  orclGuid: A5E662E204D411DDBF8807BC4864C5C2
  orcljaznjavaclass: oracle.adf.share.security.authorization.AttributePermission
  orcljaznpermissiontarget: AppModuleDataControl.VRoleAuthorrizationsView1.RanDateTo
  orcljaznpermissionactions: read,update
  uniquemember: orclguid=A5E662E104D411DDBF8807BC4864C5C2,cn=Grantees,cn=Policy,cn=JAZNContext,cn=Products,cn=OracleContext,dc=realsoft,dc=com
  Ammar Sajdi
  www.e-ammar.com/Oracle.html

• Document Restrictions of Security Policies

  Hello,
  I've been hunting around but can't find it. Is there a concise reference for how to use Adobe Acrobat8 Security features with the Adobe Document Center? Is it so new that there's no book (Quick Start, etc.) on it?
  I send PDFs to people. But I only want them to be able to print the PDF, not copy any of its content. I also want the PDF to deny access after a 3 month period. I was going to use Pinion Software's AutoShred product, but then I stumbled upon Adobe8 and the Document Center, which seemed like a perfect fit. So I immediately upgraded to Adobe8 and signed up for the trial at the Document Center.
  I have created security policies and everything seems to work as its supposed to. However, when I look at any security policy, there is nothing allowing me to make the kind of detailed modifications permitted in Acrobat8 - Secure / Show Security Properties / SecurityTab / and the list for Document Restrictions Summary.
  For some reason, when I set up a security policy - most restrictive to only permit printing and eliminate file access after 3 months - the "page extraction: allowed" phrase shows up when I examine Show Security Properties / Security Tab / Document Restrictions Summary, even though for everything else it is "Not allowed" which is what I want.
  I thought maybe its a bug, because when I close the file and then reopen it, the page extraction is grayed out. But I don't know if people I send the file to will be able to extract the pages, thus getting around my objective of not allowing them to copy/paste any of my proprietary content onto some other file format.
  Anybody else have this same problem. Is there a way for me to prevent page extraction and have it show up in the Document Restrictions Summary as "Page Extraction: Not Allowed"?
  Thanks,
  Robert

  Hi Holly,
  Question - is that all you want to do? Or do the documents have value to you such that you want to maintain control over how long they are used, by whom, and for how long?
  1. If the former, you can use password protection to protect the documents, and format them so that they cannot be altered.
  From within Adobe Acrobat 8 with the document visible.
  Select Secure / Password Encrypt / Permissions
  Click on Restrict Editing and Printing
  Key in a protection password (I use the same for all documents)
  Select Printing permissions "High Resolution" from drop down menu
  Select Changes Allowed "None" from Drop Down Menu
  Make sure "Enable copying of text, images.... box is unchecked
  Don't worry about creating Security Envelopes or anything else. Just click cancel if those windows pop up.
  Your security changes will not take effect until you save the document. Once saved, you can go to Secure / Show Security Properties / Show Details to confirm that all settings are as you want.
  2. If you want to do the latter, you can sign up for Adobe Live Cycle Policy Server protection of the document. Adobe just came out with a new service. Right now its free. Later to be subscription based.
  https://dc.adobe.com/adc/login.do?nextURL=https%3A%2F%2Fdc.adobe.com%2Fadc%2Fadc.do
  I use this, since I want to maintain control over the documents. I let people print only. No other changes, no copying, no emailing. And the document "self destructs" on the date I set for its expiration.
  Regards,
  Robert

• How to configure security policies like account locking, account expiry in portal application?

  Hi All,
  Can anybody pls tell me how to configure security policies like account locking,
  account expiry in portal application? By default, it has a 30 minutes lock period
  after 5 retries. But if I want to set other values or want to unlock account of
  a user, then what to do ?
  TIA,
  Sudarson

  I have read the SSO admin guide, and performed the steps for enabling SSL on the SSO, and followed the steps to configure mod_osso with virtual host on port 4443 as mentioned in the admin guide.
  The case now is that when I call my form (which is developed by forms developer suite 10g and deployed on the forms server which is SSO enabled) , it calls the SSO module on port 7777 using http (the default behaviour).
  on a URL that looks like this :
  http://myhostname:7777/pls/orasso/orasso.wwsso_app_admin.ls_login?Site2pstoreToken=.......
  and gives the error :
  ( Forbidden
  You don't have permisission to access /sso/auth on this server at port 7777)
  when I manually change the URL to :
  https://myhostname:4443/pls/orasso/orasso.wwsso_app_admin.ls_login?Site2pstoreToken=.......
  the SSO works correctly.
  The question is :
  How can I change this default behaviour and make it call SSO on port 4443 using https instead ?
  Any ideas ?
  Thanks in advance

• How do I migrate my Acrobat X security policies to Acrobat XI? (I'm on a mac)

  I currently have both Acrobat X and XI installed on my Mac OS 10.7.5. All of my security policies, Actions, and other preferences are on X, and I don't know how to move them over to XI. I have a lot of security policies I can't afford to discard. Is there a way to migrate the policies, and hopefully also the Actions/Scripts I made in X? If so, how would I do that?

  Look in the following location for the file "security-policy.acrodata":
  /Users/[USERNAME]/Library/Application Support/Adobe/Acrobat/10.0/Security/
  Copy it to the location:
  /Users/[USERNAME]/Library/Application Support/Adobe/Acrobat/11.0/Security/

• How do I setup security policies without Adobe LiveCycle Rights Management?

  Hi Guys,
  First of all I  want to excuse for my english language skills . We have about 30 Users which are using Adobe Acrobat XI Standard. Our management board defined security policies for PDF files. We exported the security policies  (Edit -> Preferences -> Security -> Security Settings -> Export). Then we got a file with the extension 'acrobatsecuritysettings'. Next we moved that file to a folder which everybody has read permissions. We ticked at a test computer "load security settings from a server" and type in the path to the file in this way:
  smb://server/share/filename.acrobatsecuritysettings
  I guess the syntax is correct but there are no security policies at 'Tools -> Protection -> Encrypt -> Manage Security Policies'. Any ideas?
  I am very thankful for each reply.

  Interesting. Adobe obviously feel that smb is a URL - sorry, no idea what form their URL would take. You could double check that it is accessible with no username or password (i.e. guest access) since you have put no credentials in the URL.
  For the intranet (htp) server - you could put it anywhere within the files making up the site. For instance you could create a folder private inside the web root, and put the file in there. You can type the URL in a browser to make sure it serves the credential file.

• Socket security layer for 8330 curve

  With no warning my company added socket security layering on our e-mail exchange server.  Now all of us with blackberries cannot receive our mail on our phone.  I have a 8330 curve.  I'm not able to figure out if there is a setting for this.  Please help!

      Hi Mike8330!
  I'm sorry to learn of these error messages! Let's get to the bottom of this, OK? You have "8330" in your screen name, so I'm assuming you have the Curve 8330?  I did a little research on the error code you're receiving, and I recommend a master reset of the device, so the error code goes away. Here are the steps:
  http://vz.to/19ILeEB
  Please let me know how this goes for you, I'd like to make sure you're no longer having this issue.
  Have you checked out the new Blackberry devices we offer? Ready to upgrade? Just dial #UPG send to check your upgrade eligibilty. Check out our line up here: vzw.com/products
  Thank You,
  ChristinaB_VZW
  VZW Support
  Follow us on Twitter @VZWSupport

• Migrating ADF Security Policies to Active Directory

  Hi,
  Curently I'm searching whether it is possible to migrate ADF security policies created during development to a weblogic production environment with Active directory as the identity store.
  Whilst I did find documentation relating to standalone WLS, yet no documentation seem to be available for migrating ADF policies to an Active directory. Does anyone has links to documentation that guide throguh this security policy migration.
  Thanks.

  Hi,
  Curently I'm searching whether it is possible to migrate ADF security policies created during development to a weblogic production environment with Active directory as the identity store.
  Whilst I did find documentation relating to standalone WLS, yet no documentation seem to be available for migrating ADF policies to an Active directory. Does anyone has links to documentation that guide throguh this security policy migration.
  Thanks.

• Socket security issues

  Hello,
  I am developing an messaging application, similar to MSN or AIM. so only text messages are passed over a socket.
  Does anybody know of any socket security issues there are when opening a socket on a particular port in java?
  If so then does anybody know if there is any documentation out there that i can look at?
  Thanks

  psamatt wrote:
  Hello,
  I am developing an messaging application, similar to MSN or AIM. so only text messages are passed over a socket.
  Does anybody know of any socket security issues there are when opening a socket on a particular port in java?
  If so then does anybody know if there is any documentation out there that i can look at?
  Simple sockets are wide open - there is no security. Secure sockets are implemented as a layer on top of simple sockets using JSSE - http://java.sun.com/j2se/1.4.2/docs/guide/security/jsse/JSSERefGuide.html .

• Where are the EAS security policies stored? "Reset Security Policies"?

  When you connect Mail app to an account using EAS, security policies from the Exchange server are applied to Windows 8.1. I know that these can be reset by going to Control Panel -> User Accounts and then clicking on the "Reset Security Policies"
  option.
  However, I would like to see which policies are being applied by the Exchange server, but I can't find where Windows 8.1 is storing the policy settings.  Are they in the registry?  Can I see them in the GPEDIT local policies?
  For example, our Exchange server sets the "Max inactivity time lock" to 15 minutes.  I would like to be able to see exactly which Windows setting is storing this value and enforcing it.
  I've verified that it's overriding settings already in place that are stored in:
  Computer Config - > Windows Settings -> Local Policies -> Security Options.
  or
  Computer Config - > Admin Templates -> Control Panel -> Personalization
  or
  User Config -> Admin Templates -> Control Panel -> Personalization
  Does anyone have idea where I might be able to view these policies in Windows 8.1?

  Hi,
  Aboved suggestions is description of the EAS policy.
  If you need further assistance, feel free to let me know. I will be more than happy to be of assistance.
  If the reply is helpful, please remember to mark it as answer which can benefit our Community members. Otherwise, please unpropose it and post back with your further concern.
  Kate Li
  TechNet Community Support

• How to attach security policies to SOA composite References using WLST?

  Hi SOA Experts,
  Can any one send me wlst commands to attach security policies to SOA Composite references ?

  Hi,
  The WLST function for attaching an already available policy to a composite 'endpoint' is documented there :
  http://docs.oracle.com/cd/E25178_01/web.1111/e13813/custom_webservices.htm#autoId53
  You can either target the exposed interface or a reference.
  For exemple, when I want to attach a policy to a SOA Composite I use these parameters :
  attachWebServicePolicy('None',<partitionName>+'/'+<compositeName>+'['+<revisionNumber>+']',"soa",<serviceName>,<portName>,<policyName>)
  regards,
  mathieu

• Error deploying application with security polices: ORA-00904

  Hi all,
  I am using Jdeveloper 11.1.1.0 and I am trying to deploy an ADF application with secure polices on WebLogic Server 10.3.1
  I have deployed the application to an EAR file and I have installed it using the weblogic console, after having defined the JDBC connection.
  Have I anything to do for implementing the security polices? Miss anything?
  Because when I launch the application from Jdeveloper I have no errors, while when I try to go to the URL where I have deployed the application, after loggin in, I have this error:
  Caused by: java.sql.SQLSyntaxErrorException: ORA-00904: "myEntityObject"."myField": invalid identifier
  at oracle.jdbc.driver.SQLStateMapping.newSQLException(SQLStateMapping.java:91)
  at oracle.jdbc.driver.DatabaseError.newSQLException(DatabaseError.java:133)
  at oracle.jdbc.driver.DatabaseError.throwSqlException(DatabaseError.java:206)
  at oracle.jdbc.driver.T4CTTIoer.processError(T4CTTIoer.java:455)
  at oracle.jdbc.driver.T4CTTIoer.processError(T4CTTIoer.java:413)
  at oracle.jdbc.driver.T4C8Oall.receive(T4C8Oall.java:1034)
  at oracle.jdbc.driver.T4CPreparedStatement.doOall8(T4CPreparedStatement.java:194)
  at oracle.jdbc.driver.T4CPreparedStatement.executeForDescribe(T4CPreparedStatement.java:791)
  at oracle.jdbc.driver.T4CPreparedStatement.executeMaybeDescribe(T4CPreparedStatement.java:866)
  at oracle.jdbc.driver.OracleStatement.doExecuteWithTimeout(OracleStatement.java:1187)
  at oracle.jdbc.driver.OraclePreparedStatement.executeInternal(OraclePreparedStatement.java:3386)
  at oracle.jdbc.driver.OraclePreparedStatement.executeQuery(OraclePreparedStatement.java:3430)
  at oracle.jdbc.driver.OraclePreparedStatementWrapper.executeQuery(OraclePreparedStatementWrapper.java:1491)
  at weblogic.jdbc.wrapper.PreparedStatement.executeQuery(PreparedStatement.java:128)
  at oracle.jbo.server.ViewObjectImpl.getQueryHitCount(ViewObjectImpl.java:3915)
  ... 91 more
  ## Detail 0 ##
  java.sql.SQLSyntaxErrorException: ORA-00904: "TICKETEO"."ID_CATEGORIA_APERTURA": identificativo non valido
  at oracle.jdbc.driver.SQLStateMapping.newSQLException(SQLStateMapping.java:91)
  at oracle.jdbc.driver.DatabaseError.newSQLException(DatabaseError.java:133)
  at oracle.jdbc.driver.DatabaseError.throwSqlException(DatabaseError.java:206)
  at oracle.jdbc.driver.T4CTTIoer.processError(T4CTTIoer.java:455)
  at oracle.jdbc.driver.T4CTTIoer.processError(T4CTTIoer.java:413)
  at oracle.jdbc.driver.T4C8Oall.receive(T4C8Oall.java:1034)
  at oracle.jdbc.driver.T4CPreparedStatement.doOall8(T4CPreparedStatement.java:194)
  at oracle.jdbc.driver.T4CPreparedStatement.executeForDescribe(T4CPreparedStatement.java:791)
  at oracle.jdbc.driver.T4CPreparedStatement.executeMaybeDescribe(T4CPreparedStatement.java:866)
  at oracle.jdbc.driver.OracleStatement.doExecuteWithTimeout(OracleStatement.java:1187)
  at oracle.jdbc.driver.OraclePreparedStatement.executeInternal(OraclePreparedStatement.java:3386)
  at oracle.jdbc.driver.OraclePreparedStatement.executeQuery(OraclePreparedStatement.java:3430)
  at oracle.jdbc.driver.OraclePreparedStatementWrapper.executeQuery(OraclePreparedStatementWrapper.java:1491)
  at weblogic.jdbc.wrapper.PreparedStatement.executeQuery(PreparedStatement.java:128)
  at oracle.jbo.server.ViewObjectImpl.getQueryHitCount(ViewObjectImpl.java:3915)
  at oracle.jbo.server.ViewObjectImpl.getQueryHitCount(ViewObjectImpl.java:3867)
  at oracle.jbo.server.QueryCollection.getEstimatedRowCount(QueryCollection.java:3517)
  at oracle.jbo.server.ViewRowSetImpl.getEstimatedRowCount(ViewRowSetImpl.java:2318)
  at oracle.jbo.server.ViewObjectImpl.getEstimatedRowCount(ViewObjectImpl.java:8782)
  at oracle.adf.model.bc4j.DCJboDataControl.estimateRowCount(DCJboDataControl.java:1551)
  thanks
  Andry
  Edited by: user10799119 on 4-set-2009 3.50

  Hi,
  sincerly now I don't remember what was the problem, but it seems to me the solution was in one of these four settings:
  1) check Admin Server when I create the JDBC connection.
  2) before deploying the application to an EAR file, you don't forget to uncheck Auto-generate and synchronize weblogic-jdbc.xml Descriptors during deployment in Application properties --> deployment
  3) in your application module --> configuration change the connection type from jdbc URL to JDBC DataSource
  4) at the end of your URL of the deployed application don't insert the ".jspx" after your page name
  Hope this helps
  Regards