Auth security in application

Hi All,
I want to implement a security check in my apex application. i want to match the NT login id with user id from a security table.IF a entry exist in a table for that NT login id then only user will be able to access the application. Could anyone of you please help me to implement this security check.
Thanks
Jiya

Hello Jiya,
Did you already have a look at http://jastraub.blogspot.com/2008/03/ntlm-http-authentication-and.html
It gives you a guide how to do this.
Regards,
Dimitri
-- http://dgielis.blogspot.com/
-- http://www.apex-evangelists.com/
-- http://www.apexblogs.info/

Similar Messages

Anchor WLC web-auth secure web issue

Hi all,
I am running into an issue with disabling the web-auth secure web on an 5508 anchor WLC running 7.2.110. After the WLC rebooted, the guest authentication portal didn't show up...I could see the IE tab showed Web Auth Redirect though...Changed again the web-auth secure web to enable and rebooted the WLC fixed the issue...Has anyone ran into this before and any idea how to fix it?
Thanks in advanced for your input!
Robin

The custome page might be from Cisco web auth page sample by the look of the webpage. I don't know how to verify whether or not it was hard coded for HTTPS...
Do I also need to diable the web-auth secure web on the main controller?
This anchor is running in production and has to reboot after hour, will do the test and let you know how it goes.
Thanks!
Robin

How to provide security to application

Hai to ALL
Can any one suggest me for Securites in BPC Application
How to provide security to application in user, Admin levels,
what are the privelliages to user, admin
Cheers
SRM

Hi,
When you talk about application level security, it is nothing but member access profile. This profile determines, whether you will have the authorization to post a value / read a value from a particular member of the dimension or not.
Hope this helps.

Impact of generating a new key for Secure Store Application

I inherited my development environment from a predecessor, who did not document the secure store pass phrase anywhere. There are a couple of projects doing development on the system that cannot be impacted, but I need to get Project Server running on the
system, and I cannot get the secure store to accept the credentials I set for the target application. I have recreated the target application several times, but nothing works.
MossHostSsoHost.GetSecureStoreCredentials: Failed to get credentials from Secure Store. SecureStoreProvider threw a SecureStoreException. Exception: Microsoft.Office.SecureStoreService.Server.SecureStoreServiceException: Access is denied to the Secure Store
Service. at Microsoft.Office.SecureStoreService.Server.SecureStoreServiceApplicationProxy.Execute[T](String operationName, Boolean validateCanary, ExecuteDelegate`1 operation) at Microsoft.Office.SecureStoreService.Server.SecureStoreServiceApplicationProxy.GetCredentials(Guid
rawPartitionId, String applicationId) at Microsoft.Office.SecureStoreService.Server.SecureStoreProvider.GetCredentials(String appId) at Microsoft.Office.Excel.Server.MossHost.MossHostSsoHost.GetSecureStoreCredentials(String
secureStoreApplicationId)
So, I am wondering if I need to generate a new key for the secure store application, and what impact that would have on the existing target applications. Can someone please tell me if I generate a new key, will this break the existing applications? Thanks.

Hi Susan,
Once you decide to generate a new encryption key, you could follow the steps in Generate an encryption Key part in the link below:
http://technet.microsoft.com/en-us/library/ee806866(v=office.15).aspx
You should back up the database of the Secure Store Service application before generating a new key. Then refresh the encryption key to propagate the key to all the application servers in the farm.
Regards,
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
[email protected] .
Rebecca Tu
TechNet Community Support

Secure the Application Server application

Hello All,
OS: AIX 5.2
DB:10.1.0.4.0
I have secure my application as below:
To secure the DB Control application, I have follow these steps:
cd $OARCLE_HOME/bin
1. Stop the DB Control
$ emctl stop dbconsole
2.Secure the DB Control application
$ emctl secure dbconsole
3. Start DB Control again
$ emctl start dbconsole
after that http become https as below:
http:hostname.dominname:5501/em/console/logon/logon
https://http:hostname.dominname:5501/em/console/logon/logon
Now I need to do this on Application Server.
OS is SuSE Linux Enterprise Server 9.
Infrastructure & middle tier installed on the same box.
Any suggestion will be appriciated.
cheers,
DN

Can't you do the same ? (dbconsole becomes iasconsole)
http://download-west.oracle.com/docs/cd/B14099_19/core.1012/b13995/em_app.htm#i690069

How to deploy Secure ADF applications w/o Fusion Middleware Control

Just got the team upgraded to the new JDeveloper 11.1.1.1.0 and things have come to a halt because we can't deploy to our test servers.
The previous process from OTN for 11.1.1.0.2 doesn't seem to work anymore.
http://www.oracle.com/technology/products/jdev/tips/muench/credmig111100/index.html
The new on-line docs say the way to deploy Secure ADF Application is either Fusion Middleware Control or WLST command. The instructions for the FMC are there, but not the WLST. (See section 7.2 http://download.oracle.com/docs/cd/E12839_01/core.1111/e10043/addlsecfea.htm#CFHFAIGE)
Is there a new documented set of instructions for deploying a Secure ADF Application using WLST????
rodger....
Edited by: rodger63 on Aug 17, 2009 3:21 PM
Edited by: rodger63 on Aug 17, 2009 3:22 PM

Rodger, I'd be interested in hearing any answers you come up with please. If you could post your findings here it would be appreciated.
Regards,
CM.

10.1.3.4 securing ADF application

We have created 2 simple ADF based jsps. I want to secure them so that users are authenticated against our Ms Active Directory and based on their group membership they get access to 1 or both pages.
I tried the examples under http://www.oracle.com/technology/products/jdev/howtos/1013/adfsecurity/adfsecurity_10132.html, but i can make it work using file based jazn provider. I am not sure how to make it work against external LDAP like AD. any idea what needs to be done for setting up security using this option ?
I also tried another example based on the 3rdPartyLDAP example in metalink. There i am getting a little further, I am getting the login page (I am using FORM based auth) and seems to authenticate against my LDAP, but instead of taking me to the page I am trying to go to, it gives me a 404 and the url is .../faces/j_security_check. If i type in the url again in the browser window, the page is displayed.
any idea how I can achieve this ? the first example seems more relevant since it gives me the facilities to control the access between pages. But its not clear what is required to make it work against external LDAP.

Ok try this link
first
http://technology.amis.nl/blog/1426/implement-jaas-based-authentication-and-authorization-for-adf-faces-applications-on-oc4j-1013
After you do this try this
http://technology.amis.nl/blog/1462/create-a-webapplication-secured-with-custom-jaas-database-loginmodule-deploy-on-jdeveloper-1013-embedded-oc4j-stand-alone-oc4j-and-opmn-managed-oc4j-10g-as
Regards
rohit

Dummy's Guide To Securing Web Applications!

 Hi,
 I need some help with securing my web app. Is there anyone out there who can
 help me with some of the troubles I am having with it. And you're have to keep
 it simple with me today. It's Friday and I'm not in the smartest of moods today!
 Here's what I have - A web app consisting of two parts, each in it's own folder.
 The first part tracks details of various "system change requests" (SCRs). The
 second part is a survey which is filled out by a user when a SCR is completed.
 What I need is for the first part (SCR details), to be password protected so
 that only certain people can access it. The second part (survey), I want anyone
 to have access. One final thing. The SCR info part should be accessable by developers
 and administrators, then there is another folder in the first part which I want
 accesible just by the administrators. So basically the folder structure of my
 web app looks like this :
 Gomez (The web app)
 |
 +-- SCRs (Part one - SCR info. Accessible by
 | | developers and administrators)
 | |
 | +-- Admin (More SCR pages for Administrators only)
 |
 +-- Survey (Should be accessible by everyone)
 So far I have tried to do this using BASIC authentication. I have set up two
 groups on the WebLogic server (dev & admin). With these groups I can restrict
 access to the first part fine. But I keep getting asked for a password on the
 survey bit which I dont want.
 So here's what I need help with :
 1. Changing the web app so that a password is asked for when accessing the SCR
 file, but not when trying to access the survey folder. I'll add a reply with
 my current web.xml.
 2. Also I was wondering if it was possible to log into a page using NT security?
 The WebLogic Server is on an UNIX box. If it's possible could somebody take
 me through it - in simple terms?
 Thanks for any help, anyone can give. If there's anything you don't get - reply
 or email me.
 Thanks again,
 Lee


 Well that little pic I drew to show my directory structure messed up. Here it
 is again :
 Gomez (The web app) 
 | 
 +-- Gomez (Part one - SCR info. Accessible by 
 | | developers and administrators) 
 | | 
 | +-- Admin (More SCR pages for Administrators only) 
 | 
 +-- Survey (Should be accessible by everyone) 
 And here's the web.xml as well :
 <?xml version="1.0" encoding="UTF-8"?> 
 <!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
 "http://java.sun.com/dtd/web-app_2_3.dtd"> 
 <web-app> 
 <welcome-file-list> 
 <welcome-file>Gomez/scr_all.jsp</welcome-file> 
 </welcome-file-list> 
 <security-constraint> 
 <display-name>GomezPages</display-name> 
 <web-resource-collection> 
 <web-resource-name>GomezPages</web-resource-name> 
 <url-pattern>/Gomez/*</url-pattern> 
 <http-method>GET</http-method> 
 <http-method>POST</http-method> 
 </web-resource-collection> 
 <auth-constraint> 
 <role-name>developer</role-name> 
 <role-name>administrator</role-name> 
 </auth-constraint> 
 <user-data-constraint> 
 <transport-guarantee>NONE</transport-guarantee> 
 </user-data-constraint> 
 </security-constraint> 
 <security-constraint> 
 <display-name>AdminPages</display-name> 
 <web-resource-collection> 
 <web-resource-name>AdminPages</web-resource-name> 
 <url-pattern>/Gomez/admin/*</url-pattern> 
 <http-method>GET</http-method> 
 <http-method>POST</http-method> 
 </web-resource-collection> 
 <auth-constraint> 
 <role-name>administrator</role-name> 
 </auth-constraint> 
 <user-data-constraint> 
 <transport-guarantee>NONE</transport-guarantee> 
 </user-data-constraint> 
 </security-constraint> 
 <login-config> 
 <auth-method>BASIC</auth-method> 
 <realm-name>default</realm-name> 
 </login-config> 
 <security-role> 
 <role-name>administrator</role-name> 
 </security-role> 
 <security-role> 
 <role-name>developer</role-name> 
 </security-role> 
 </web-app>

Error While Login ADF Security Sample Application

Hi All,
Jdevloper Version : 11.1.1.5.0
we are Creating ADF Login Application contains login.jspx and main.jspx pages.
we define ADF Security on this Sample Application.
when we provide valid credentials to login(username and password) it shows Error:
Error 404--Not Found
From RFC 2068 Hypertext Transfer Protocol -- HTTP/1.1:
10.4.5 404 Not Found
The server has not found anything matching the Request-URI. No indication is given of whether the condition is temporary or permanent.
If the server does not wish to make this information available to the client, the status code 403 (Forbidden) can be used instead.
The 410 (Gone) status code SHOULD be used if the server knows, through some internally configurable mechanism,
that an old resource is permanently unavailable and has no forwarding address.
ManagedBean(BackingbeanScope) doLogin():
 public String doLogin() {
 String un = _userName;
 byte[] pw = _password.getBytes();
 FacesContext ctx = FacesContext.getCurrentInstance();
 HttpServletRequest request =(HttpServletRequest)ctx.getExternalContext().getRequest();
 try {
 Subject subject =Authentication.login(new URLCallbackHandler(un, pw));
 weblogic.servlet.security.ServletAuthentication.runAs(subject,request);
 String loginUrl = "/adfAuthentication?success_url=/faces/main.jspx";
 HttpServletResponse response =(HttpServletResponse)ctx.getExternalContext().getResponse();
 RequestDispatcher dispatcher =request.getRequestDispatcher(loginUrl);
 ctx.responseComplete();
 catch (FailedLoginException fle)
 FacesMessage msg =new FacesMessage(FacesMessage.SEVERITY_ERROR, "Incorrect Username or Password", "An incorrect Username or Password was specified");
 ctx.addMessage(null, msg);
 return null;
In ADF Security We Define :
User : admin1
Enterprise Role : ManagerGroup(added user admin1 to this EnterpriseRole)
Application Role : Manager
Resource Grants : Resource Type : Web Page
 login page
 main page - Granted Role(Manager)
jazn-data.xml file
<?xml version = '1.0' encoding = 'UTF-8' standalone = 'yes'?>
<jazn-data xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 xsi:noNamespaceSchemaLocation="http://xmlns.oracle.com/oracleas/schema/jazn-data-11_0.xsd">
<jazn-realm default="jazn.com">
 <realm>
 <name>jazn.com</name>
 <users>
 <user>
 <name>admmin1</name>
 <display-name>admmin1</display-name>
 <credentials>{903}y2I4TDwMavn90VxJJfPfgxtBsRnF0qiaMoxzP93XF74=</credentials>
 </user>
 </users>
 <roles>
 <role>
 <name>ManagerGroup</name>
 <display-name>ManagerGroup</display-name>
 <members>
 <member>
 <type>user</type>
 <name>admmin1</name>
 </member>
 </members>
 </role>
 </roles>
 </realm>
</jazn-realm>
<policy-store>
 <applications>
 <application>
 <name>ADFLogin</name>
 <app-roles>
 <app-role>
 <name>Manager</name>
 <class>oracle.security.jps.service.policystore.ApplicationRole</class>
 <display-name>Manager</display-name>
 <members>
 <member>
 <name>ManagerGroup</name>
 <class>oracle.security.jps.internal.core.principals.JpsXmlEnterpriseRoleImpl</class>
 </member>
 </members>
 </app-role>
 </app-roles>
 <jazn-policy>
 <grant>
 <grantee>
 <principals>
 <principal>
 <name>Manager</name>
 <class>oracle.security.jps.service.policystore.ApplicationRole</class>
 </principal>
 </principals>
 </grantee>
 <permissions>
 <permission>
 <class>oracle.adf.share.security.authorization.RegionPermission</class>
 <name>multiofonds.adf.common.view.pageDefs.mainPageDef</name>
 <actions>view</actions>
 </permission>
 </permissions>
 </grant>
 </jazn-policy>
 </application>
 </applications>
</policy-store>
</jazn-data>
Please help us how to resolve it.
Thanks,
kumar

A best practice in this situation is to check on a running sample e.g. Oracle ADF: Security for Everyone
I guess your resource grants are not set correctly.
Timo

Securing Web Applications by HTTP Basic Authentication

We are working on providing security for web applications in Webdynpro.We downloaded the material from net regarding this.In that it was mentioned to open the webdynpro project's web.xml file in the Netweaver Developer Studio.In the material,we are asked to click the General TAb and check "Login Configuration".But there is no such checkbox in our general tab screen.Also many tabs are missing like Context,Resources,mapping,Environment,EJB's,Web objects.How to enable/display these tabs?Is there any means of setting properties in the server to get these tabs?
regards,
J.Iswaryal
K.Brinda

Hi J.Iswaryal,
I guess two things based on your post.
1. You have created one wer service and you want to make secure this web service using HTTP basic authentication.
2. You have such wweb service and you want to consume this web service lets say in webdynpro application.
For, point one,
After creating web service goto webservice perspective in NWDS. there, choose your web service project.
Now, open Web service configuration file recided in your project.
Here, go under config1-> security and double click on it.
It will display security options for this web service.
Choose transport protocol as HTTP, Authentication mechanism as HTTP authentication and choose Basic radio button.
Now, save this, rebuild this and deploy on server.
For point 2,
Make model for your web service.
before calling your web service, set your username and password in code as shown below.
wdContext.current<web service model node>element().modelobject()._setusername(<username>);
wdContext.current<web service model node>element().modelobject()._setPassword(<password>);
Rehards,
Bhavik

Different levels of security in application

Hi, this is the problem:
We want to create a web application that allows navigation througth "parts" with different security configuration.
Any idea about how to create and configurate each "part"?
Ex.
Sould we create a different web project for each "part"(then configuring web.xml)?
If yes, can we communicate those projects? How?
Thanks.
David.

Topomorto is entirely right that the only effect that will even things out is the use of compression. That's what compression is for--normalising just boosts the entire file to peak at the amount you've preset but does not change the balance between quiet and loud.
However, I have to say that part of your problem is your specification that you don't want to "manually increase or decrease volume". Although applying some compression (and you'll have to teach yourself how to drive it) is a good idea, for professional results you still have to manually adjust/mix your audio. Every TV show, radio show or film you watch has had somebody going through this process because only your ears can decide what's right on every second of the file.
I encourage you to have a play with the volume envelope function of Audition--you'll be amazed at how quick you can get at making the adjustments--and how much better the results will be than relying on any automatic effect.

How to secure Oracle Applications?

i have implemented security mechanisms in the database,but i would like to know how to implement security in an application rather than doing so through the database?
Thank you

Hi Kiranjaly!
Basically there are some things to keep in mind:
When you put security in the application you still need to protect the data - as somebody could choose not to use the application to get access to the data (eg using SQLPlus).
Furthermore it would be a great idea to have a link between authentication and authorisation. My bet is to place the authorisation information in the OID (LDAP) as this is used for the authentication as well (SSO).
And of course you need auditing in the database, the application server and in the application.
cu
Andreas

Is Secure ADF application refer javacache.xml

Hi All,
I am getting one error in ADF deployment and here is the environment details.
1. Installed Weblogic 10.3.4 Server with coherence.
2. Created Standalone Domain.
3. Deployed Secured ADF ear file, which is developed by Development team using JDEV 10.3.4
After few restarts on Weblogic server, we are getting the following error and ADF application was not working.
====================================================================
oracle.mds.exception.MDSRuntimeException:
file=/spl/DomainRoot/splapp/config/fmwconfig/servers/myserver/javacache.xml, java.io.FileNotFoundException: /spl/DomainRoot/splapp/config/fmwconfig/servers/myserver/javacache.xml (No such file or directory) null
/spl/DomainRoot/splapp/config/fmwconfig/servers/myserver/javacache.xml (No such file or directory)at DomainRoot
oracle.mds.internal.cache.JOCCacheProvider.createNamedCacheInternal(JOCCachePr ovider.java:343) at
oracle.mds.internal.cache.JOCCacheProvider.createNamedCache(JOCCacheProvider.java:254) at
oracle.mds.internal.cache.JOCCacheProvider.<init>(JOCCacheProvider.java:87)
at oracle.mds.core.MDSInstance.initCache(MDSInstance.java:1620)
at oracle.mds.core.MDSInstance.<init>(MDSInstance.java:1757)
at oracle.mds.core.MDSInstance.<init>(MDSInstance.java:1709)
at
oracle.mds.core.MDSInstance.findAndStoreMDSInstance(MDSInstance.java:2006)
at
oracle.mds.core.MDSInstance.getOrCreateInstance(MDSInstance.java:516)
at
oracle.mds.core.MDSInstance.getOrCreateInstance(MDSInstance.java:479)
at
oracle.adf.share.config.ADFMDSConfig.getDefaultMDSInstance(ADFMDSConfig.java:436)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at
oracle.adf.share.config.FallbackConfigImpl.getMDSInstance(FallbackConfigImpl.java:65)
at
oracle.adf.share.config.FallbackConfigImpl.getDefaultMDSInstance(FallbackConfigImpl.java:96)
at
oracle.adf.share.config.ADFConfigImpl.getMDSInstance(ADFConfigImpl.java:580)
at
oracle.adf.share.config.ADFConfigImpl.getMDSInstance(ADFConfigImpl.java:560)
at
oracle.adf.share.config.ADFContextMDSConfigHelperImpl.getMDSInstance(ADFContextMDSConfigHelperImpl.java:274)
at
oracle.adf.share.ADFContext.getMDSInstanceAsObject(ADFContext.java:1525)
at
oracle.adf.share.http.ServletADFContext.initialize(ServletADFContext.java:451)
=========================================================================
I have verified my domain folder structure and did not have “fmwconfig” folder structure. Could you please help me on this issue.
Thanks,
Srini.

may be in adf-config.xml... not sure if that will solve your issues.. since you are in a standalone server..

How to secure BSP applications for external users on the internet?

I posted this question under Enterprise Portal forum but got no response. I am hoping some of you experts in this area can help.
We have developed BSP applications and set them up as iViews in Enterprise Portal 6. Our portal implementation will be used by external users.
We have security concerns that the access to the BSPs allows external users direct access to the R/3 system. We were told that we should use ITS application instead of BSP application for external users.
Do any of you have any insight into how we could work around the security problem with BSP applications, or BSP applications in EP6? Your help will be greatly appreciated.

In sense they are correct as to whether it is more secure or not would have to be a call by people who are more of an expert than myself.
But I can see there point the BSP runs directly on the system and uses the system security where as the ITS is basically just an RFC call. However for us we use a 620 server with BSP's and make RFC calls to our R/3 systems thus keeping people of the R/3 directly - however we are not opened to the Internet.
If your message is answered please remember to mark it solved so others searching in the future can find the solved ones quicker - just click on the yellow star.

I want to hide/secure/privatize applications on my iPhone/iPod Touch.

I need to hide/secure applications on my devices. Specifically, I use the Facebook application and I do not want my girlfriend to peruse it if she picks up my device. I do not want to use illegitimate software.
settings --> general --> restrictions only has Apple apps to restrict.
Thanks for any help
BTW, I know I can logout of FB application but that is just not the direction I want to go.
<Edited by Moderator>

"It seems that you need to not give her access to your iphone or stop doing things that you don't want her to know about. "
It seems like the last posters does not have a girlfriend.... hehehehe
The question is very good. Apple acts as anyone can share anything with his friends/girls/families, etc...

Auth security in application

Similar Messages

Maybe you are looking for