Application security for J2ee application

Similar Messages

• Unit test for J2EE application

  I am writting a Unit test for One J2EE application. The Application is built in such a way that makes unit testing extremely difficult.
  There are 2 things that contribute to the mess.
  1. Sping integration means all the config files are specified in web.xml independently, even though their beans rely on each other across files. End result is in a unit, I cannot try to load a bean because some of its dependencies are missing (ie. they are in a config file that the first file does not include). For this I tried to use AbstractDependencyInjectionSpringContextTests class to set the Spring Application Context when you are not in the flow but didn't success ed.If any one has use this please post the example.
  2. The application is using Errors interface of package org.springframework.validation. To write a test for any validator class you have to pass the object of Error in the validate method with the command object. Now my question is how you can set this Error object when you are not in the flow. For this I tried to use Mock object e.g Errors error;
  Mockery context = new Mockery();
  final Errors errorMock =context.mock(Errors.class);
  //call the validate object with mock object
  classObject.doValidate(cmdObject, errorMock)
  This thing doesn't work. It gives me below error message.
  unexpected invocation: errors.pushNestedPath("")
  no expectations specified: did you...
  - forget to start an expectation with a cardinality clause?
  - call a mocked method to specify the parameter of an expectation?
  Is there any way to get around these hiccups programmatically in unit tests?
  thanks...

  If you are doing unit testing, try to use straight JUnit4 without involving the Spring framework. Given that you do unit testing, you might not need Spring configuration in your unit test at all. You can programmatically instantiate the instance of the class under testing and either programmatically instantiate collaborating objects, or create mock objects for that purpose. If you are doing functional testing, you might need a Spring context after all. Understand that your tests are running in the different context than the complete application, so you would have to create separate application context for your test(s). You might have to go through the existing Spring configuration modules that you created for your application and re-jiggle them a bit so that they can be included both in your application context and your unit test context.
  Hope this helps.

• Best Practices of security for develop applications

  I need information about a model to use for develop application using Forms and Reports. I read many documents about best security practices for database, but I don´t find information about how can I join the database security with my software, and how can I establish an standard for my programmers.
  Thanks you for your help.

  There are a number of levels of implementation pain here-- best practices in a Fortune 500 company, for example, are likely to require a lot more infrastructure than best practices in a 5000 person organization. A Fortune 500 is also much more likely to have requirements based on the needs of a security team separate from the DBA group, requirements about auditing, etc.
  At the high end, everyone in your organization might be an enterprise user authenticated against a LDAP repository (such as Active Directory) with a variety of functional roles granted to those users and potentially something like fine-grained access control in the database. Depending on how applications are deployed, you might also be using proxy authentication to authenticate these individual users.
  Deploying this sort of infrastructure, though, will be somewhat time intensive and will create a degree of administrative overhead that you may not need. It will also potentially require a decent investment in development costs. Your needs may be far simpler (or more complex), so your security model ought to reflect that.
  Justin
  Distributed Database Consulting, Inc.
  http://www.ddbcinc.com/askDDBC

• Hardware Requirements for J2EE application

  Hi,
  I need to know the best way to estimate the required hardware resources for a J2EE web application.
  For example if i have 200 users running the system, how much CPUs/RAMs .. etc resources do i need?
  Thank you

  You need a lot more specs than that. Like exactly what is this application doing, what kind of database access, what kind of pooling are you using, are these continuous users, how intensive they using the application, and even then, if it is a well written application, the hardware needed might be considerably less than that of a poorly written application.

• Unable to connect to the OracleForms application through a J2EE application

  Hi there,
  I have deployed a custom J2EE application in Middleware instance of my Oracle 10g AS 10.1.2
  The application is sso enabled . Once a user logs in the application he is able to see a jsp in which i display hyperlinks for him to access.
  One of these hyperlinks is pointing to the forms application.
  the url is http://psc-pc0592:7778/forms/frmservlet?config=abs_deploy[b]
  Once i click on the URL the forms applet begins to load but as the applet opens up i get the database logon screen.This should not happen
  I am already logged and have been verified by sso.
  Also the forms configuration is associated with a datasource.
  I am not able to get as to why i get that screen when it shoud directly connect to the forms application.
  Any help on this is appreciated.
  Thanks & Regards,
  Madhur Pant

  when you go through your carrier provider, there is an additional step in the SSL tunnel. Not sure how this transcribes, but it is possible that your carrier does not use the same port as the one you want it to use.
  The search box on top-right of this page is your true friend, and the public Knowledge Base too:

• CC applications asking for Adobe Application Manager, but I have the CC program

  My creative cloud applications are asking for adobe application manager, but I have the Creative Cloud desktop program.
  I get this when I launch photoshop or Lightroom:

  Moving this discussion to the Creative Cloud Download & Install forum.
  Aarroonn789 the Adobe Application Manager is a main component of the Creative Cloud Desktop application.  I would recommend removing and reinstalling the Creative Cloud Desktop application.  You can find more details at Error "Failed to Install" Creative Cloud Desktop application - http://helpx.adobe.com/creative-cloud/kb/failed-install-creative-cloud-desktop.html.

• Access denied by Application security check on application import

  I am attempting to copy an application from one workspace to another.
  Action performed:
  1) From original workspace, export application exporting to file.
  2) Create new workspace.
  3) Log in to new workspace.
  4) Import the application.
  When I import the export file I get the error 'Access denied by Application security check'.
  The application gets installed to the original workspace.
  I am using APEX version 4.01.00.03

  Hi,
  I have the same problem with apex 3.2.1.00.12. I checked everything what was proposed as solution in this thread. I'm even able to create a new application in the target environment. Suggestions are wellcome!!!
  The problem is probably in the workspace from which export starts:
  -I created a new application with only one blanco page no authentication in originating workspace.
  -Did export from that to file
  -Did import in target workspace. I received the error and application was created in originating workspace...
  -I created a new application with only one blanco page in a newly created workspace without authentication.
  -Did export from that to file
  -Did import in target workspace. I received no error.
  Kind
  Regards
  Edited by: Conrad on 18-Feb-2011 06:51

• SSO for J2EE Applications

  Hello ,
  How can j2ee web Applications (not ADF ) be SSO Enabled using Oracle Access Manager or Oracle SSO (oid)??If so,Which is the best solution??Is it mandatory for applications to be Deployed in Oracle Weblogic Server?Is there any fixed topology provided by oracle for the same???
  Regards,
  Pradeep

  Yes, j2ee webapps can be enabled for SSO using Oracle Access Manager. There is no mandatory requirement to put it in weblogic unless you want to use the 10g weblogic-oam-sspi connector. Basically there are 2 options (or maybe more!)
  Option 1 is to use a standard webserver (apache) as a reverse proxy to the j2ee webapp. Then have a webgate installed on the apache webserver. You will have to write some proxypass rules in the apache to fwd the requests to the webapp. The advantage is that there is 1 central point of implementation and control and the disadvantage is that all traffic should go through the proxy and none can go to the appserver directly. It is a topology requirement.
  Option 2 is to use a connector for the specific container. For oam 10g, we had weblogic and websphere connector outof box. For tomcat, there is no connector out of box, but using tomcat api, a connector can be built (read tomcat valve).
  These are high level information. Evaluate which works best for your topology and explore that option. Hope this helps. Let us know.

• Securely embedding a flex application in a J2ee application

  Hello,
  I was able to embed a Flex application with blazeDS running inside TOmcat with my existing webapplication. Note: I have configured blaze DS to run withing my existing web applicaiton lets call it "MyWebApp" by just mapping the messagebroker servlet in web.xml.
  Now, MyWebApp uses form based authentication. My flex app is just a part of one of the pages in MyWebApp. The user authenticates with MyWebApp.
  Question is: In my Flex application HOW DO I ENSURE THAT THE USER HAS logged in using MyWebApp.???..
  On the same lines, how do I secure the Remoting endpoints on the server?

  Hey Thanks for replying.
  My toomcat web.xml aslready has the auth-method set to 'Form'. So I d onot understand why should I define it again in the services-config.?.. I refered to the live docs but they do not explain how this will work
  Appreciate your help!!
  <security>
      <login-command class="flex.messaging.security.TomcatLoginCommand" server="Tomcat">
          <per-client-authentication>false</per-client-authentication>
      </login-command>
     <security-constraint id="trusted">
          <auth-method>Basic</auth-method>
          <roles>
              <role>employees</role>
              <role>managers</role>
          </roles>
      </security-constraint>
  </security>   

• Can't find virus scanning API JARs for J2EE application

  Hello, dear WebAS experts.
  There is an example usage code [in help.sap.com] for Virus Scan Provider usage but no mention which SAP WebAS JARs should be used to compile this example.
  I have manually found three JARs by trial and error (under j2ee/cluster/server/bin) which I needed to compile the example, however I am kinda reluctant to copy them over into our build environment since I am not sure if these are official API JARs.
  Also, there is nothing on the official WebAS API list.
  If you could please point me to some official SDK I would really appreciate it.
  Thanks!

  The Deploytool for App Server 7 shipped after the App Server as a seperate download.
  it is available here:
  http://wwws.sun.com/software/download/products/3ec10b05.html
  vbk

• APM how to create APM application group for same application but different application paths

  Hi all,
  We have few applications which are of same name but different application path.
  Please check the screenshot. When we create different application groups using APM wizard, we still get errors mentioning the conflict. How to resolve this issue.
  Thanks
  Manish
  Manish

  I cannot see any screenshot here, what do you mean same application name but different path?

• Missing application icons for many applications

  After a failed upgrade to kde 4.3 beta through KDEmod I removed all of the KDEmod stuff and reinstalled arch kde 4.2. But now many applications are missing their icons. Anybody has an idea on how to fix this issue? Thanks
  P.S. I already tried removing all of the configuration files and already removed every last trace of kdemod stuff.

  Hey all, i got the same strange behavior after trying to update to kdemod unstable 4.3 nad move back to kdemod stable.
  After unsuccessfully trying to fix it with the given hints i managed to get "all" icons back.
  What i did:
  Removing the oxgen icon pakage: pacman -Rd kdemod-kdebase-runtime-icons
  After that the oxygen icon dir was still there, so i moved it to get a fresh dir after reinstalling the above removed pakage.
  cd /usr/share/icons/
  mv oxygen oxygen_old
  Removing the hicolor icon theme: pacman -Rd hicolor-icon-theme
  After that you get a funny looking desktop, cause all icons are gone.. the questionmark icon too.
  Then i cleared my pkg cache: pacman -Scc
  After that i reinstalled the above removed pakages.
  pacman -S kdemod-kdebase-runtime-icons
  pacman -S hicolor-icon-theme
  Now all my icons are back without one exception.. the settings icon in the kde menu.. it shows the icon from the monochrome icon theme.. strange but i can live with it.
  Hop this helps some of you
  cheers

• Users for the j2ee application

  hi friends,
  i want to create the users for J2EE applications.
  can i create the users only for j2ee engine ?
  how can i create these users?
  if i want to implement the sap
  is it necessary to buy the licence for j2ee users?
  thanks&regards,
  srinivas.

  Hi
  To create the users in J2EE applications is not an issue, but the licensing is always applicable as it is applicable for ABAP applications.
  There are two ways depends on configurations:
  1. If the UME store is ABAP, then you can create the users at ABAP side using SU01 and at java side using http://<hostname>:5<Systemnumber>00/useradmin
  2. If the UME store is JAVA, then you can only create using http://<hostname>:5<Systemnumber>00/useradmin
  The licensing for JAVA applications depends as ABAP is having, if you use it as production you have to pay the charges. Please contact your local SAP representative for further details

• Porting j2ee application from Weblogic to Oracle 10g AS

  What are the common guidelines/consideration when we port a J2EE application on Oracle Application server 10g. from WebLogic 8.1. If you have some inputs on pin points/guidelines/Architecture decisions that we might need to consider when we port a J2EE application on different J2EE application server
  I got the link for app server migration but it is broken :
  http://www.oracle.com/consulting/technology/appserver_migration_ds.pdf
  Our application uses the following J2EE components
  1. JDBC 2.0
  2. JNDI
  3. DAO
  4. EJB
  5. JMS
  6. JAAS
  7. JAVA Mails.
  8. Servlets, JSP’s
  I can think following point that needs to take care while porting
  1. Its deployment configuration vis-a-vis the apps on top
  2. The APIs it exposes (actually the information it allows the apps to pass in to the framework
  3. The data it encapsulates (in order to be app-server agnostic; does it need to be now exposed to apps?)
  Some J2EE specific areas
  1. JNDI usage and exposure to apps 2. Properties files/XML files
  2. Location specification 3. Resource bundle location specification
  4. EJB deployment descriptors
  5. Class/jar references between wars and ears
  6. Jar sharing model across ears
  7. Class loader differences across app-servers
  8. JMS settings (queues, topics, factories, durability etc)
  9. UI tags 10. Startup services
  11. Managed services (JMX)
  12. Security context passing
  13. Clustered configurations if any and how they port across app-servers
  Thanks
  Santosh Maskar

  This document is very old.
  Take a look at the recent migration guide in the Oracle AS 10.1.3.1 documentation
  http://download-uk.oracle.com/docs/cd/B31017_01/migrate.1013/b31269/toc.htm

• Login to different J2EE applications

  Dear developers:
  How can we design the login process for J2EE applications, so that a user (who has already logged into one application) won't be required to log in again to the second application.
  The reason we are trying to do this, is because we have different application for different scope, such as Sales application and Purchasing application. Some users will be using both applications.
  I think, to achieve this, session information of one application must be carried to the second application. But...... it looks like SUN Servlet 2.1 spec won't allow this to happen.
  How can we design the systems, so the users will be required to login only once????
  Sincerely,
  Josh

  Can you have a single point of entry for both systems and then use controller classes to route the requests appropriately?
  Maybe when the user logs into the system you can bind some kind of user profile object to their session which will keep track of whether they are a sales application user or a purchasing application user or both. Then when the user submits a request, your single point of entry can apply the appropriate filters to ensure the user is accessing a page which they are entitled to view. If they do not have proper permissions then you can forward their request to some error page notifying them of their lack of privileges.
  Let me know if I can clarify this at all.
  Chris L.