Authorization and Authentication using filters in jsf aplication

Similar Messages

• OAM (authorization and authentication)

  Does OAM offer any cape Web Services for the authorization and authentication?
  Thanks in Advance, Awaiting sooner response.
  Edited by: Odemail on 05-abr-2012 8:31

  For this you can check with Oracle Support
  Thanks
  kumar

• Credit CARD Authorization and authentication

  we are taking following input from user
  credit card number
  cvvno
  card expiry date(Month and Year)
  Card Holder Name (As appear on card)
  how can we do Master card Authorization and authentication

  Credit Card Authorisation means - When you swipe your card at any merchant outlets, it depends upon the merchant aggrement with the Acquirer Bank the transaction will taken plance either online or offline.
  Below the merchant floor limit , merchant will authorise the transaction and the same will be send as settlement at the end of the Day by merchant to Acquirer Bank.
  Online means, the transaction will be acquired at merchant outlet and the transaction message send to acuirer bank- if the transactions belongs to acquirer bank then, Acquirer will approve the transactions and the response will be send back to the merchant to approve the transactions.
  If the transactions not belongs to acquirer bank ( off_us transactions ) then the transactions will be sent to service provider ( VISA / MASTER CARD / DINNERR CLUB etc ).. then Payment Gateway will route the transactions to the Issuer and Issuer will approve / decline the request and send back the response , in the same way the acquirer bank will receive the resoponse and forward the same to the Merchant to approve or decline the transactions.
  The question which you had asked is simple - but it is too big, because, I can give you the answer in one line as well as in depth more techincal in 1000 lines too..
  In case if you are more intersted to know about the credit card / debit card transactions and the pin authentication part.
  Please feel free to contact me on the below given e-mail ID
  Mention in the mail - SUN Forum Friend --
  [email protected]
  Thanks & Regards
  Ravi Kumar G

• How can i know the Authorization and Authentication in BusinessOne?

  Hi all,
      I want to know about the User Autherization and Authentication of a particular User. In which table or file this information is stored?
               In CPRF Table i am getting only UI Related Authorization information. That is not clear too. 
          But i need particular users Authentication and Autherization information for each Object(SalesOrder, SalesInvoice,....).
  Thanks in advance,
  RAMU.

  I think this 2 posts will be helpfull:
  Regards,
  Ibai Peña
  PS: mixed the first link... I though it was a link to a thread where said same as Sebastien. Sorry.
  Message was edited by: Ibai Peña

• Authorization and Authentication

  When you define authentication in the deployment descriptor using the following:
  <login-config>
  <auth-method>BASIC | DIGIST | FORM etc... </auth-method>
  </login-config>... how do you 'log out' the user once they have been authenticated so that another user can login and authenticate?
  The reason I ask is because once I've authenticated one user I don't know how to terminate the users session so that another user can login.

  try invoking the HttpSession.invalidate() method.
  Thats session.invalidate() if you are within a jsp.
  --Gregory                                                                                                                                                                                                                                   

• Trying to display rows with sums and percents using filters

  Hello, I am working on a data sheet containing levels for students of 0, 1, 2, or 3 in different categories. I am trying to show totals and percents of these levels, while being able to filter out certain students based on gender, ethnicity, etc. Problem
  is when I filter, the rows showing my totals and percents disappear.
  For total number of level 3's in a column my formula looks like this: =SUMPRODUCT(SUBTOTAL(103,OFFSET(F6:F26,ROW(F6:F26)-ROW(F6),0,1)),--(F6:F26=3))
  For percent of level 3's I have: SUMPRODUCT(SUBTOTAL(103,OFFSET(F6:F26,ROW(F6:F26)-ROW(F6),0,1)),--(F6:F26=3))/SUM(F28:F31) 
  Percents and totals calculate fine. When I filter in the columns demonstrating demographics, which is columns B,C, D or E, the rows in which I calculate my totals and percents disappear. I also tried the number 3 instead of 103 after the SUBTOTAL function
  but same result. What am I doing wrong?

  Since you didn’t upload your excel file, I’m not quite sure what’s your source data looks like.
  I don’t think this issue is caused by your formula, but I guess you really need use number 3 instead of 103 in your SUBTOTAL formula.
  Anyway, please try below possible solutions for this issue.
  1. Set up your formula firstly, then filter data. Rather than the other way around.
  2. Select the filter range before filter. Or use advanced filter(except  the row which including your  formula)
  3. Copy the formula to the next row, then delete the pervious formula row.
  If it didn’t bring any joy. It’ll be better if you can share your workbook with us.

• User Level Vs. Application Level Authorization and Authentication for Container Managed Datasources (Oracle Connection Pools)

  Oracle Database Server 9i supports the usage of LABELS to enforce highly granular
  resource access restrictions at the database level independent of the application
  that is accessing it. In order to use this however, the particular user, and
  not just the application, accessing the database must be known. Oracle Application
  Server (Oracle's J2EE product line) solves this by providing the ability to PROXY
  the identity of the application user and creditials (SSL Certs for instance) down
  to the database server.
  I haven't seen a similar ability for BEA Weblogic Server 8.1 which allow the user
  identity and credientials to be PROXIED to the database server. Is this possible?
  Have I missed an important document?
  Thanks for any input,
  Raymond Tiong

  On 3 Feb 2004 12:51:26 -0800, Raymond Tiong <[email protected]> wrote:
  >
  Oracle Database Server 9i supports the usage of LABELS to enforce highly
  granular
  resource access restrictions at the database level independent of the
  application
  that is accessing it. In order to use this however, the particular
  user, and
  not just the application, accessing the database must be known. Oracle
  Application
  Server (Oracle's J2EE product line) solves this by providing the ability
  to PROXY
  the identity of the application user and creditials (SSL Certs for
  instance) down
  to the database server.
  I haven't seen a similar ability for BEA Weblogic Server 8.1 which allow
  the user
  identity and credientials to be PROXIED to the database server. Is this
  possible?
  Have I missed an important document?
  Thanks for any input,
  Raymond Tiong
  I think there is a section in the JDBC documentation for 8.1 which
  describes what it takes to utilize Oracle 9i extension called "Virtual
  Private Database". With this extension, one might be able to proxy the
  callers
  identity to the DB.
  See: http://e-docs.bea.com/wls/docs81/jdbc/thirdparty.html#1103627

• OWSM, Digest Passwords and Authentication Using Gateway or Agent

  I want to send username, and passwords in digest mode to a web service's agent or gateway and authenticate the user.
  In basic mode(plain text) I use extract credentials, WS-BASIC and use LDAP Authenticate as a further step.
  What should I do in Digest Mode?
  Regards
  Farbod

  Thank you Sitaraman,
  I know that I can send hashed password in the header of the request. But how can I tell the OWSM treat it as hash value?
  In the agent or gateway's policy I have:
  1. Extract Credentials -> WS-Basic (plain-text) ---> what should I put here?
  2. LDAP Authenticate -> How should I tell LDAP that this password is hashed?
  Just setting the TYPE property (PasswordDigest) isn't enough, is it?
  Regards
  Farbod

• Authorize and authenticate user

  Hi,
  I understand the difference between authorization and authentication but most tools use a single or similar class to do both.
  Oracle seems to use BPMAuthorizationService to authorize using "jazn.com" and IWorkflowContext to authenticate an user.
  Please see the queries below and help me understand the rational behind using them.
  What is this ShortHistoryTaskType?
  Thanks,
  BPMAuthorizationService
  BPMAuthorizationService bpmAuthServ = wfSvcClient.getAuthorizationService
  ("jazn.com");
  IWorkflowServiceClient
  IWorkflowContext ctx = // Use default realm
                 querySvc.authenticate("bpeladmin", "welcome1", "jazn.com",null);
  Edited by: me_sun on Jul 8, 2009 10:31 AM

  can you confirm if you are using getActions or getAction API
  Also you may want to enable "Allow Management Operations" in AccessGate configuration in oamconsole
  what is exception you get while invoking api
  hope this helps

• FWSM: AAA authentication using TACACS and local authorization

  Hi All,
  In our setup, we are are having FWSMs running version 3.2.22 and users are authenticating using TACACS (running cisco ACS). We would like to give restricted access ( some show commands ) to couple of users to all devices. We do not want to use TACACS for command authorization.
  We have created users on TACACS and  not allowed "enable" access to them. I have also given those show commands locally on the firewall with privilege level 1. and enabled aaa authorization LOCAL
  Now , those users can successfully login to devices and execute those show commands from priv level 1 except "sh access-list".  I have specifically mentioned this
  "privilege show level 1 mode exec command access-list"  in the config.
  Is there anything i am missing or is there any other way of doing it?
  Thanks.

  You cannot do what you are trying to do. For (default login you need to use the first policy matched.
  you can diversify telnet/ssh with http by  creating different aaa groups.
  But still you will be loging in for telnet users (all of them) using one method.
  I hope it is clear.
  PK

• Public and Authenticated App with Authorization Scheme once per session

  I have a question . . .
  Let's say I have an application and at the application level I have an authorization scheme (auth1). If auth1 is set up to evaluate once per session, does it authenticate for the public user, then pass me back to the page and then check then evaluate the auth1 scheme. Or does it evaluate the auth1 scheme, then log in, then return to the page. Is it the same regardless of authentication scheme (e.g. Oracle SSO).
  It may make a big difference. If the authorization sheme is based upon the user (most will be) then setting it to evaluate once per session can be a real problem. If it evaluates before the user logs in, then it won't really work.
  This is an even bigger question when the application does not have a authorization scheme at the application level and allows public pages. If a page that is not public has an authorization scheme set, and the user goes directly to that page, it seems to authenticate the authorization scheme and then logs you in, but does not re-evaluate authorization scheme after you are logged in. Is this accurate? I realize that I could set it up to evaluate for every page view, but I really only need it once after login.
  Is this clear?

  Anton,
  It seems that all authorization schemes that are set to evaluate once per session are evaluated with the beginning establishment of a session.Sort of correct. Authorization schemes don't get evaluated until the component that uses them is considered for rendering or processing. So if the authorization scheme is attached to a page, it won't fire until the page is requested. If another component uses that scheme first, the evaluation will happen then and will not happen again during the session.
  What if I have another page that is not public. If it is the first page I go to, what happens. Obviously, I get redirected to login, then login. Do the authorization schemes get evaluated at this point?Yes, assuming the authorization scheme is used by the page, the scheme is evaluated during the first rendering or processing of the page in the session, after the authentication step.
  Now, what if I have a page that is public, but also has an auth scheme (odd, but could happen). Now what happens, does the auth scheme get evaluated before or after login?During the rendering or processing of the page after the authentication step. For a public page, the authentication step is performed up to the point where it determines that no authentication is required.
  OK, now let's add in Application level auth scheme. I can have public or private pages. If I go to a private page, when does the app level auth scheme kick in? How about for a public page?When an application uses an authorization scheme, it gets evaluated before the authorization scheme (if any) for the page that is being requested, so the public/private property of the page doesn't matter.
  General advice: when an authorization scheme uses :APP_USER, it doesn't work well to have it fire once per session because it'll get run before authentication to the application occurs, which sets APP_USER. You can have such schemes fire once per page view and for PL/SQL function-type schemes, have them give a "pass" when the current page is the login page, that kind of thing.
  In addition, if the overhead of running a scheme is high, one can set an application-level item to indicate that a once-per-page scheme has already run satisfactorily. The PL/SQL-type schemes can access the value of such an item to skip the expensive part of the evaluation and return true immediately.
  Finally, the htmldb_application.reset_security_check API can be called in order to reset the "fired" status of all authorization schemes in the session, allowing them to be re-evaluated if/when they are encountered again in the session.
  Hope this helps,
  Scott

• Does anyone know how the cutout filter works and is there a way of achieving the same effect without using filters to get more control over final look?

  does anyone know how the cutout filter works and is there a way of achieving the same effect without using filters to get more control over final look?

  Several ways to get similar results.  Image > Adjustments > Posturize with low values similar to what you'd use n Cutout.  This is the most flexible way I can think of as you keep the image in RGB mode with layers intact.  A more radical approach would be to reduce bit depth using Indexed Colour.  You'll need to experiment with settings, try changing Forced to Primaries, and Matte to Foreground Color.  There's no going back from this route, although you can change the mode back to RGB to re-enable layers, adjustment layers etc.
  A nice thing about the Filter gallery filters is that you can change the layer to a Smart object with all the control that gives you.
  Now if only this forum could filter out bizarre content.

• OSB Authentication using username and password (plaintext or digest)

  Hi,
  I want to implement a simple osb authentication using username/password (plain text or digest) , so that client required to provide username password token in soap header (message Level security) to access our webservices. I have read some of articles which shows how to create custom ws policy, but received following error during deployment.
  weblogic.wsee.ws.init.WsDeploymentException: The WebLogic Server 9.x-style policy is not supported in JAX-WS web services
  Please note - I can not install OWSM as part of my requirement
  =======
  <?xml version="1.0"?>
  <!-- WS-SecurityPolicy -->
  <wsp:Policy xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
  xmlns:wssp="http://www.bea.com/wls90/security/policy"
  xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
  xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
  xmlns:wls="http://www.bea.com/wls90/security/policy/wsee#part">
  <!-- Identity Assertion -->
  <wssp:Identity>
  <wssp:SupportedTokens>
  <!-- Use UsernameToken for authentication -->
  <wssp:SecurityToken IncludeInMessage="true"
  TokenType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#UsernameToken">
  <wssp:UsePassword Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest"/>
  </wssp:SecurityToken>
  </wssp:SupportedTokens>
  </wssp:Identity>
  </wsp:Policy>

  You can use the default Auth.xml WS policy in OSB and be able implement the authentication using username and plain text password.
  Just assign the Auth.xml on the Request Policies of the Proxy Service (under Policies).
  Then use any user credentials that has access to the domain for testing.
  If you want to restrict access for each operation then in the Security tab, under Message Access Control, specify a Role.
  Then in the OSB > Security Configuration, create the appropriate role with the specific role conditions like User is User1 or User is User2 etc ...
  Hope this helps.
  Thanks,
  Patrick

• What is JSF and where use it

  hi!
  i dont know what is jsf and where use it
  what different from JSTL
  thanks...

  At this level a visit to JSF-Tutorials (http://www.jsftutorials.net/) might the best thing to do. Or dig into a book.
  Basically it has a different scope than JSTL.
  JSF is a presentation layer framework. Other names in that area are:
  Struts, Spring MVC, Tapestry, and many more
  JSTL is a collection of JSP-tags and therefor covers only a VERY small part of the presentation layer. And it is very far away from a framework
  hth
  Alexander

• Problem using string to store evt.target.data and apply property filters

  I have about 9 buttons on my stage and I want to write code for the rollover and rollout effects, I only want to write the code once so I am trying to pass the button info into a string via evt.target.data and it pass the info properly into my string variable but when I try to set my filter to that variable, setting my movieclip instance name to that variable, I get 2 errors:
  1119: Access of possibly undefined property filters through a reference with static type String.
  Warning: 1072: Migration issue: String is not a dynamic class.  Instances cannot have members added to them dynamically.
  My code is:
  import fl.transitions.Tween;
  import fl.transitions.easing.*;
  var thumbArray:Array=new Array();
  var movieClipLoader:Loader;
  var movieClipsStage:Array=new Array(mc0,mc1,mc2,mc3,mc4,mc5,mc6,mc7,mc8);
  toolTip_mc.alpha=0;
  var lumRd:Number=.2127;
  var lumGr:Number=.7152;
  var lumBl:Number=.0722;
  //grayscale
  var grayscale:ColorMatrixFilter = new ColorMatrixFilter([lumRd, lumGr, lumBl, 0, 0,
  lumRd, lumGr, lumBl, 0, 0,
  lumRd, lumGr, lumBl, 0, 0,
  0, 0, 0, 1, 0]);
  //drop shadow
  var ds:DropShadowFilter = new DropShadowFilter();
  ds.distance=5;
  ds.blurX=10;
  ds.blurY=10;
  ds.alpha=.7;
  //varialbe to store movieclips based on rollover
  var whichThumb:String;
  var myXMLInfo:XML;
  var thumbList:XMLList;
  var toolNameList:XMLList;
  var myXMLLoader:URLLoader=new URLLoader  ;
  myXMLLoader.load(new URLRequest("stars.xml"));
  myXMLLoader.addEventListener(Event.COMPLETE, loadComplete);
  function loadComplete(evt:Event):void {
  myXMLLoader.removeEventListener(Event.COMPLETE, loadComplete);
  myXMLInfo=XML(evt.target.data);
  thumbList= new XMLList();
  toolNameList=myXMLInfo.star.@toolname;
  thumbList=myXMLInfo.star.@thumbimage;
  for (var n:int=0; n<movieClipsStage.length; n++) {
  movieClipLoader=new Loader();
  movieClipLoader.load(new URLRequest(thumbList[n]));
  movieClipsStage[n].addChild(movieClipLoader);
  mc0.filters=mc1.filters=mc2.filters=mc3.filters=mc4.filters=mc5.filters=mc6.filters=mc7.fi lters=mc8.filters=[ds,grayscale];
  mc0_bu.addEventListener(MouseEvent.ROLL_OVER, thumbRollEffect);
  function thumbRollEffect(evt:MouseEvent):void {
  whichThumb = evt.target.name;
  whichThumb.filters=[ds];
  Thank you for your help!

  kglad, thanks for helping.
  basically, i am a newbie and i'm not clear on your answer . if evt.currentTarget is better, I would like to use the best method, so thanks. i'm trying to get my head around what's going on here in the code. i get that actionscript is storing a "reference" to the object but I don't get why I can't put that reference (which is the name of the movieclip on the stage I wish to apply filters to, i.e. mc0) into a string variable (whichThumb) and then use that string variable to apply the filter (whichThumb.filters=[ds];)
  on one hand, i'm getting error that says "possibly undefined property filters thru a ref with string" which I don't get because the filters are defined outside of the function and are called intially in the load function with no problem. and on the other hand, i am getting another error saying there is a "migraiton issue" with my string not being a dynamic class. do i need to make the var whichThumb another type other than string? if so, what type. maybe that will also solve the "undefined property" issue as well.
  still learning, Thanks for help!