Crossdomain.xml for cooliris and iweb

Similar Messages

• Orion-ejb-jar.xml for oc4j and xdoclet

  Does anybody try to use xdoclet to generate orion-ejb-jar.xml with ejb relation?
  Could somebody show me any example of definition relation for xdoclet and orion-ejb-jar.xml? (@orion:persistence...)
  thanks for any advice... :-)
  Zajo

  Hello,
  The warning message looks to be unrelated to the java.lang.IllegalArgumentException error. The warning states that optimistic locking cannot be migrated to the toplink-ejb-jar.xml file; this is stated in chapter 7 of the TopLink developer's guide at
  http://download-west.oracle.com/otn_hosted_doc/toplink/1013/MAIN/_pdf/b13593_v1_01.pdf
  The exception though seems to indicate that your orion-ejb-jar.xml contains EJBs mapped to the same table that are not related through EJB inheritance. I do it all the time with POJOs so this will work in TopLink, but you will need a support case to help get your project migrated if this is the case.
  Best Regards,
  Chris Delahunt

• Hard limit to xml size for add_event and process rules?

  Hi,
  Is there is hard limit of 4000chars to the input xml for add_event and process_rules fumction in 10g R2?
  Regards,
  Nishanth

  Nishanth,
  The bug 8332063 is specific to attributes created for Text predicates and that does not impose size restrictions on XMLtype attributes.
  Regards,
  -Aravind.

• Httpservice to localhost doesn't work in Flex4... Even with crossdomain.xml

  So, this was working before I recompiled with Flex4, (In Flex 3.5) and now I can't get the following to work....
  Story:
  I'm using httpservice in flex like:
  <mx:HTTPService id="getConfig" url="http://localhost/parser.php" method="POST" showBusyCursor="true" resultFormat="e4x" result="xmlresultHandler(event)" fault="faultHandler(event)" />
  Everything is in my root directory on my web server. When run in debug or directly from flashbuilder, the call works fine. If I run a release build, and FTP the release to /var/www (my root), and try to browse to the server, the website pulls up, and the swf file runs, but I always get a
  Fault:Channel.Security.Error
  FaultString:'Security error accessing url'
  faultDetail:'Destination:DefaultHTTP'
  when it trys to read the httpservice.
  I do have a crossdomain.xml file in my /var/www (webroot) folder with what I see as super permissive settings.... Below:
  <?xml version="1.0"?>
  <!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
  <cross-domain-policy>
  <allow-access-from domain="*" to-ports="*" />
  <site-control permitted-cross-domain-policies="all" />
  <allow-http-request-headers-from domain="*" headers="*" />
  </cross-domain-policy>
  Any help would be GREATLY appreciated.

  Thanks for the info Flex harUI,
  So I tried bringing up the 3 files (crossdomain.xml, main.swf, and parser.php) from a browser and they call exist and are reachable.
  So I get the localhost vs. absolute address this. That makes sense. So I recoded the httpservice call to url="http://10.101.50.60/parser.php". Which is the actual fully qualified address in this case (There is no DNS server), and what I'm pulling up in the browser is "http://10.101.50.60/index.html". So after making this change, I can still access and have everything working in Flash builder, but again, when I standalone compile and upload the main.swf to the var/www directory and pull it up in the browser via http://10.101.50.60/main.swf. I get "Security error accessing URL". So basiclly, same thing.
  Spent two days on it now.....

• Multiple plugtmp-1 plugtmp-2 etc. in local\temp folder stay , crossdomain.xml and other files containing visited websitenames created while private browsing

  OS = Windows 7
  When I visit a site like youtube whith private browsing enabled and with the add-on named "shockwave flash" in firefox add-on list installed and activate the flashplayer by going to a video the following files are created in the folder C:\Users\MyUserName\AppData\Local\Temp\plugtmp-1
  plugin-crossdomain.xml
  plugin-strings-nl_NL-vflLqJ7vu.xlb
  The contents of plugin-crossdomain contain both the "youtube.com" adress as "s.ytimg.com" and is as follows:
  <?xml version="1.0"?>
  <!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
  -<cross-domain-policy> <allow-access-from domain="s.ytimg.com"/> <allow-access-from domain="*.youtube.com"/> </cross-domain-policy>
  The contents of the other file I will spare you cause I think those are less common when I visit other sites but I certainly don't trust the file. The crossdomain.xml I see when I visit most other flashpayer sites as well.
  I've also noticed multiple plugin-crossdomain-1.xml and onwards in numbers, I just clicked a youtube video to test, got 6 of them in my temp plus a file named "plugin-read2" (no more NL file cause I changed my country, don't know how youtube knows where I'm from, but that's another subject, don't like that either). I just noticed one with a different code:
  <?xml version="1.0"?>
  -<cross-domain-policy> <allow-access-from domain="*"/> </cross-domain-policy>
  So I guess this one comprimises my browsing history a bit less since it doesn't contain a webadress. If these files are even meant to be deposited in my local\temp folder. The bigger problem occurs when they stay there even after using private browsing, after clearing history, after clearing internet temporary files, cache, whatever you can think of. Which they do in my case, got more than 50 plugtmp-# folders in the previous mentioned local\temp folder containing all website names I visited in the last months. There are a variety of files in them, mostly ASP and XML, some just say file. I have yet to witness such a duplicate folder creation since I started checking my temp (perhaps when firefox crashes? I'd say I've had about 50 crashes in recent months).
  I started checking my temp because of the following Microsoft Security Essential warnings I received on 23-4-12:
  Exploit:Java/CVE-2010-0840.HE
  containerfile:C:\Users\Username\AppData\Local\Temp\jar_cache2196625541034777730.tmp
  file:C:\Users\Username\AppData\Local\Temp\jar_cache2196625541034777730.tmp->pong/reversi.class
  and...
  Exploit:Java/CVE-2008-5353.ZT
  containerfile:C:\Users\Noname\AppData\Local\Temp\jar_cache1028270176376464057.tmp
  file:C:\Users\Noname\AppData\Local\Temp\jar_cache1028270176376464057.tmp->Testability.class
  Microsoft Security Essentials informed me that these files were quarantained and deleted but when going to my temp file they were still there, I deleted them manually and began the great quest of finding out what the multiple gigabytes of other files and folders were doing in that temp folder and not being deleted with the usual clearing options within firefox (and IE).
  Note that I have set my adobe flasplayer settings to the most private intense I could think of while doing these tests (don't allow data storage for all websites, disable peer-to peer stuff, don't remember exactly anymore, etc.). I found it highly suspicious that i needed to change these settings online on an adobe website, is that correct? When right-clicking a video only limited privacy options are available which is why I tried the website thing.
  After the inital discovery of the java exploit (which was discovered by MSE shortly after I installed and started my first scan with Malwarebytes, which in turn made me suspicious whether I had even downloaded the right malwarebytes, but no indication in the filename if I google it). Malwarebytes found nothing, MSE found nothing after it said it removed the files, yet it didn't remove them, manually scanning these jar_cache files with both malwarevytes and MSE resulted in nothing. Just to be sure, I deleted them anyways like I said earlier. No new jar_cache files have been created, no exploits detected since then. CCleaner has cleaned most of my temp folder, I did the rest, am blocking all cookies (except for now shortly), noscript add-on has been running a while on my firefox (V 3.6.26) to block most javascripts except from sites like youtube. I've had almost the same problem using similar manual solutions a couple of months ago, and a couple of months before that (clearing all the multiple tmp folders, removing or renaming jar_cache manually, running various antmalware software, full scan not finding a thing afterwards, installing extra add-ons to increase my security, this time it's BetterPrivacy which I found through a mozilla firefox https connection, I hope, which showed me nicely how adobe flash was still storing LSO's even after setting all storage settings to 0 kb and such on the adobe website, enabling private browsing in firefox crushed those little trolls, but still plugtmp trolls are being created, help me crush them please, they confuse me when I'm looking for a real threat but I still want to use flash, IE doesn't need those folders and files, or does it store them somewhere else?).
  I'm sorry for the long story and many questions, hope it doesn't scare you away from helping me fight this. I suspect it's people wanting to belong to the hackergroup Anonymous who are doing this to my system and repeating their tricks (or the virus is still there, but I've done many antivirus scans with different programs so no need to suggest that option to me, they don't find it or I run into it after a while again, so far, have not seen jar_cache show up). Obviously, you may focus on the questions pertaining firefox and plugtmp folders, but if you can help me with any information regarding those exploits I would be extremely grateful, I've read alot but there isn't much specific information for checking where it comes from when all the anti-virus scanners don't detect anything anymore and don't block it incoming. I also have downloaded and installed process monitor but it crashes when I try to run it. The first time I tried to run it it lasted the longest, now it crashes after a few seconds, I just saw the number of events run up to almost a million and lots of cpu usage. When it crashed everything returned back to normal, or at least that's what I'm supposed to think I guess. I'll follow up on that one on their forum, but you can tell me if the program is ligit or not (it has a microsoft digital signature, or the name micosoft is used in that signature).

  update:
  I haven't upgraded my firefox yet because of a "TVU Web Player" plugin that isn't supported in the new firefox and I'm using it occasionally, couldn't find an upgrade for it. Most of my other plugins are upgraded in the green (according to mozilla websitechecker):
  Java(TM) Platform SE 6 U31 (green)
  Shockwave for Director (green - from Adobe I think)
  Shockwave Flash (green - why do I even need 2 of these adobe add-ons? can I remove one? I removed everything else i could find except the reader i think, I found AdobeARM and Adobe Acrobat several versions, very confusing with names constantly switching around)
  Java Deployment Toolkit 6.0.310.5 (green, grrr, again a second java, why do they do this stuff, to annoy people who are plagued with java and flash exploits? make it more complicating?)
  Adobe Acrobat (green, great, it's still there, well I guess this is the reader then)
  TVU Web Player for FireFox (grey - mentioned it already)
  Silverlight Plug-In (yellow - hardly use it, I think, unless it's automatic without my knowing, perhaps I watched one stream with it once, I'd like to remove it, but just in case I need it, don't remember why I didn't update, perhaps a conflict, perhaps because I don't use it, or it didn't report a threat like java and doesn't create unwantend and history compromising temp files)
  Google Update (grey - can I remove? what will i lose? don't remember installing it, and if I didn't, why didn't firefox block it?)
  Veetle TV Core (grey)
  Veetle TV Player (grey - using this for watching streams on veetle.com, probably needs the Core, deleted the broadcaster that was there earlier, never chose to install that, can't firefox regulate that when installing different components? or did i just miss that option and assumed I needed when I was installing veetle add-on?)
  Well, that's the list i get when checking on your site, when i use my own browseroptions to check add-ons I get a slightly different and longer list including a few I have already turned off (which also doesn't seem very secure to me, what's the point in using your site then for anything other than updates?), here are the differences in MY list:
  I can see 2 versions of Java(TM) Platform SE 6 U31, (thanks firefox for not being able to copy-paste this)
  one "Classic Java plug-in for Netscape and Mozilla"
  the other is "next generation plug-in for Mozilla browsers".
  I think I'll just turn off the Netscape and Mozilla one, don't trust it, why would I need 2? There I did it, no crashes, screw java :P
  There's also a Mozilla Default plugin listed there, why does firefox list it there without any further information whether I need it or not or whether it really originates from Mozilla firefox? It doesn't even show up when I use your website plugin checker, so is there no easy way by watching this list for me to determin I can skip worrying about it?
  There's also some old ones that I recently deactivated still listed like windows live photo gallery, never remember adding that one either or needing it for anything and as usual, right-clicking and "visit homepage" is greyed out, just as it is for the many java crap add-ons I encountered so far.
  Doing a quick check, the only homepage I can visit is the veetle one. The rest are greyed out. I also have several "Java Console" in my extentions tab, I deactivated all but the one with the highest number. Still no Java Console visible though, even after going to start/search "java", clicking java file and changing the settings there to "show" console instead of "hide" (can't remember exact details).
  There's some other extentions from noscript, TVU webplayer again, ADblock Plus and now also BetterPrivacy (sidenote, a default.LSO remains after cleanup correct? How do I know that one isn't doing anything nasty if it's code has been changed or is being changed? To prevent other LSO's I need to use both private browsing and change all kinds of restrictions online for adobe flashplayer, can anyone say absurd!!! if you think you're infected and want to improve your security? Sorry that rant was against Adobe, but it's really against Anonymous, no offense).

• AS2 Crossdomain.xml and sendAndLoad

  I have a flash form with input text fields. I am sending the data to a 3rd party server. I can send the information via getURL but I want to send the data without opening a browser window so I am utilizing sendAndLoad. It works great locally but not through a browser (tested in IE and Firefox). I have verified that all the variables and urls are in the correct case, I have tried both Post and Get, I have tried network and local... Ugh! I am losing my hair on this one please help asap!!!
  Here is the file - click on the second image...
  http://www.axonmediagroup.com/adimag...directbuy.html
  Here is the code...
  on (release) {
  if (first_name.text.length == 0) {
  error.text = "** First Name Required **";
  } else if (last_name.text.length == 0) {
  error.text = "** Last Name Required **";
  } else if (address1.text.length == 0) {
  error.text = "** Address Required **";
  } else if (city.text.length == 0) {
  error.text = "** City Required **";
  } else if (state1.value == "") {
  error.text = "** State Required **";
  } else if (postal_code.text.length == 0) {
  error.text = "** Zip Required **";
  } else if (phone_home.text.length == 0) {
  error.text = "** Phone Required **";
  } else if (email.text.length == 0) {
  error.text = "** Email Required **";
  } else {
  System.security.loadPolicyFile('https://app.leadconduit.com/crossdomain.xml');
  var myloadVars:LoadVars = new LoadVars();
  myloadVars.RName = 'AxonMedia';
  myloadVars.AdReferenceID = '944E5433-F8B5-44FF-8085-E4A1D0D844E9';
  myloadVars.ReferenceID = '040E5D57-3A1A-412D-A1F4-B45BD48AE791';
  myloadVars.SUBID = 1;
  myloadVars.xxNodeId = '050l0tjhd';
  myloadVars.xxTest = 'true';
  myloadVars.Country = 'USA';
  myloadVars.first_name = first_name.text;
  myloadVars.last_name = last_name.text;
  myloadVars.SpouseName = SpouseName.text;
  myloadVars.address1 = address1.text;
  myloadVars.city = city.text;
  myloadVars.state1 = state1.selectedItem.label;
  myloadVars.postal_code = postal_code.text;
  myloadVars.phone_home = phone_home.text;
  myloadVars.email = email.text;
  trace(myloadVars);
  myloadVars.sendAndLoad("https://app.leadconduit.com/v2/PostLeadAction?",myloadVars,"POST");
  myloadVars.onLoad = function(success:Boolean) {
  if (success) {
  error.text = "Thank you for contacting us!";
  } else {
  error.text = "Error connecting to server.";
  Here is the code that works via browser...
  on (release) {
  if (first_name.text.length == 0) {
  error.text = "** First Name Required **";
  } else if (last_name.text.length == 0) {
  error.text = "** Last Name Required **";
  } else if (address1.text.length == 0) {
  error.text = "** Address Required **";
  } else if (city.text.length == 0) {
  error.text = "** City Required **";
  } else if (state1.value == "") {
  error.text = "** State Required **";
  } else if (postal_code.text.length == 0) {
  error.text = "** Zip Required **";
  } else if (phone_home.text.length == 0) {
  error.text = "** Phone Required **";
  } else if (email.text.length == 0) {
  error.text = "** Email Required **";
  } else {
  System.security.loadPolicyFile('crossdomain.xml');
  var RName = 'AxonMedia';
  var AdReferenceID = '944E5433-F8B5-44FF-8085-E4A1D0D844E9';
  var ReferenceID = '040E5D57-3A1A-412D-A1F4-B45BD48AE791';
  var TimeFrame = 0;
  var SUBID = 1;
  var xxNodeId = '050l0tjha';
  var xxTest = 'true';
  var Country = 'USA';
  var first_name = first_name.text;
  var last_name = last_name.text;
  var SpouseName = SpouseName.text;
  var address1 = address1.text;
  var city = city.text;
  var state1 = state1.selectedItem.label;
  var postal_code = postal_code.text;
  var phone_home = phone_home.text;
  var email = email.text;
  getURL("https://app.leadconduit.com/v2/PostLeadAction?", "_blank", "GET");
  error.text = "Thank you for your response!";
  }

  Sounds like the update for Flash 8 may help.

• Apache proxypass and crossdomain.xml not working

  Hi everyone,
  I have the following problem. I have set up jboss on a Linux server connecting to local port 8080 (localhost:8080).
  I have opened the application on port 80 with Apache ( www.myDomain.com) and set up a virtual host that proxies
  this connection to localhost:8080 where jboss is listening.
  <VirtualHost *:80>
      DocumentRoot /var/www/nyDomain
      ServerName myDomain.com
      Alias /crossdomain.xml /var/www/html/crossdomain.xml
      # proxy pass to the jboss server
      <IfModule mod_proxy.c>
      ProxyRequests Off
      <Proxy *>
          Order deny,allow
          Deny from all
          Allow from all
      </Proxy>
      ProxyPass /Stylect http://127.0.0.1:8081/Stylect
      ProxyPassReverse /Stylect http://127.0.0.1:8081/Stylect
      # ProxyPreserveHost on
      </IfModule>
  </VirtualHost>
  The crossdomain.xml file is at the root of the server and can be accessed with www.mydomain.com/crossdomain.xml
  <cross-domain-policy>
  <site-control permitted-cross-domain-policies="master-only"/>
  <allow-access-from domain="*" to-ports="*" secure="false"/>
  <allow-http-request-headers-from domain="*" headers="*"/>
  </cross-domain-policy>
  I can see in firebug that it's being downloaded when I first request the page - this is the response:
  <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"
     "http://www.w3.org/TR/html4/strict.dtd">
  <html>
  <head>
    <title>Software as a Service Development. </title>
    <META name="description" content="Description here"><META name="keywords" content="Saas, fashion design, plm, production, nutrition, food, orders">
  </head>
  <frameset rows="100%,*" border="0">
    <frame src="http://xxx.xxx.xxx.xx/crossdomain.xml" frameborder="0" />
    <frame frameborder="0" noresize />
  </frameset>
  <!-- pageok -->
  <!-- 04 -->
  <!-- -->
  </html>
  Yet I still get a 2048 sandbox violation error.
  The crossdomain is needed because the proxied request
  appears to be coming from the public ip while jboss
  is bound to the local host.
  If I expose Jboss directly to the web all works well but there
  are too many security issues in that setup. Apache as a front is
  much better.
  The question is: is this the correct response I should be getting
  (or should it be directly the xml file) and why is it not working?
  How can I fix this?
  Any help much appreciated. I'm stuck.
  Dahn 

  Try adding security="false" inside the next line:
  <allow-access-from domain="*"/>
  so it would look something like
  <allow-access-from domain="*" security="false" />
  It fixed the problem for me.

• Crossdomain.xml and Reporting Services

  Hi,
  I'm trying to get my Flex application to call a webservice on a remote Reporting Services instance, but am running up against insummountable problems with the Flash Player's cross-site scripting security.
  Due to the way that Reporting Services works, there is no root folder (i.e. http://theserver/ doesn't actually exist anywhere in the filesystem) - so we cannot have a master policy file at that location.
  However, we have been able - through extensive fiddling of the SSRS web.config - to get an XML and/or ASPX file into the http://myserver/ReportServer/ subfolder and have the "X-Permitted-Cross-Domain-Policies: all" HTTP header returned along with the content.
  We are then calling Security.loadPolicyFile("http://theserver/ReportServer/crossdomain.xml") before we try and start calling the WebService.
  We are then able to load the WebService description (GET /ReportServer/ReportService2005.asmx?wsdl). However, when we then try to make the actual call to the webservice - which is a HTTP POST of XML data to the same URL - /ReportServer/ReportService2005.asmx - we get the following errors in the Flex debugger (and the Flash Player log file):
  Warning: Failed to load policy file from http://theserver/crossdomain.xml
  Error: Request for resource at http://theserver/ReportServer/ReportService2005.asmx by requestor from http://localhost/modules/ReportsModule.swf is denied due to lack of policy file permissions.
  *** Security Sandbox Violation ***
  Are GET and POST requests handled differently, or is there something more sinister going on here? Can anyone think of a way to proceed in this investigation, apart from just giving up on Flash's ability to do anything cross-site, and writing our own Server-Side proxy for everything!
  regards
  Richard

  Sounds like the update for Flash 8 may help.

• Is crossdomain.xml Needed for SOAP Web Services?

  A Flash developer who is attempting to use Flash to access a
  SOAP web service provided on one of our servers says we need to add
  a crossdomain.xml file to our server listing their domain as an
  acceptable source. The SOAP service simply accepts some data and
  returns a status. It doesn't make sense to me that we would need to
  provide a crossdomain.xml file. If we did, all web services all
  over the Internet would have to do the same to allow Flash to call
  them.
  If I am correct and the file is not necessary, then what else
  in FlashPlayer might be blocking their attempts to access our
  server? I don't know much about Flash, but I do know some sort of
  security configuration files are necessary to allow SWF files to
  access the Internet. Could this be what they are missing?

  low_right wrote:
  > A Flash developer who is attempting to use Flash to
  access a SOAP web service
  > provided on one of our servers says we need to add a
  crossdomain.xml file to
  > our server listing their domain as an acceptable source.
  The SOAP service
  > simply accepts some data and returns a status. It
  doesn't make sense to me
  > that we would need to provide a crossdomain.xml file. If
  we did, all web
  > services all over the Internet would have to do the same
  to allow Flash to call
  > them.
  >
  > If I am correct and the file is not necessary, then what
  else in FlashPlayer
  > might be blocking their attempts to access our server? I
  don't know much about
  > Flash, but I do know some sort of security configuration
  files are necessary to
  > allow SWF files to access the Internet. Could this be
  what they are missing?
  >
  >
  Yes, you need a crossdomain.xml file in place. When I do SOAP
  calls to
  a service not under my control I just write a proxy for it,
  then I don't
  need to have anyone add the crossdomain policy file.

• On WebServices, crossdomain.xml and debug-mode

  I'm building a conncetion to a remote webservice, and they
  don't have a crossdomain.xml file on their server (or it is placed
  badly or something).
  While developing my connection has worked fine, but when I go
  outside of the debug mode (actually running the swf/html from any
  other folder then the projects bin-debug) and the connection won't
  work. It returns no error and just seems to keep going ignoring the
  request. So I looked around for a bit and managed to turn on the
  trace() log file which brought the problem to my attention:
  Cannot load crossdomain.xml from server, halting request. (or
  something similar)
  This is fine now that I know of it, I can get the server
  people to add crossdomain for me. The questions I'm asking though
  is:
  Why does it work in the bin-debug filder?
  How can I capture the "Cannot load crossdomain..." trace? (my
  guess is that its generated in the flash player, and not flex
  library)

  Understand the SandboxType of flash player before getinto this issue.
  While inside the  bin-debug, your sandbox type is LocalTrusted. This will allow access to external system,
  When go go for the deployment it wont works, cos you sandbox type will be different (say Network with Local)
  http://livedocs.adobe.com/flex/3/html/help.html?content=05B_Security_04.html
  The above URL will expain the security concept
  Nith

• Use Sign.xml and Encrypt.xml for both request AND response within WSDL?

  Hi,
  ALSB: 2.6
  I was wandering if it's possible to use abstract outof the box WS-Policy file within WSDL file to specify encryption
  (Encrypt.xml) and digital signature(Sign.xml) with X509 for both request and response???
  So far, it only works for either request or response BUT not both. i.e. within WSDL file
  <!-- following WSDL works for encrypting and signing request with X509 in test console -->.....
  <wsdl:binding name="DexService2Soap" type="tns:DexService2Soap">
      <soap:binding transport="http://schemas.xmlsoap.org/soap/http" style="document" />
      <wsdl:operation name="Message">
              <soap:operation soapAction="urn:moe:dex:dexservice:2.0.0/Message" style="document" />
                            <wsdl:input>
                             <!-- WS-Policy file applied here -->
                           <wsp:Policy>
                                          <wsp:PolicyReference URI="policy:Sign.xml"/>
                                          <wsp:PolicyReference URI="policy:Encrypt.xml"/>
                                     </wsp:Policy>
                                   <soap:body use="literal" />
                             </wsdl:input>
                           <wsdl:output>
                                <soap:body use="literal" />
                             </wsdl:output>
      </wsdl:operation>
    </wsdl:binding>
             Or
  <!-- following WSDL works for encrypting and signing response with X509 in test console -->
  <wsdl:binding name="DexService2Soap" type="tns:DexService2Soap">
      <soap:binding transport="http://schemas.xmlsoap.org/soap/http" style="document" />
      <wsdl:operation name="Message">
              <soap:operation soapAction="urn:moe:dex:dexservice:2.0.0/Message" style="document" />
                            <wsdl:input>
                                   <soap:body use="literal" />
                             </wsdl:input>
                           <wsdl:output>
                                     <!-- WS-Policy file applied here -->
                                     <wsp:Policy>
                                          <wsp:PolicyReference URI="policy:Sign.xml"/>
                                          <wsp:PolicyReference URI="policy:Encrypt.xml"/>
                                     </wsp:Policy>
                                <soap:body use="literal" />
                             </wsdl:output>
      </wsdl:operation>
    </wsdl:binding>
  But not both
  <!-- following WSDL doesn't work for encrypting and signing both response and request with X509 in test console -->
  <wsdl:binding name="DexService2Soap" type="tns:DexService2Soap">
      <soap:binding transport="http://schemas.xmlsoap.org/soap/http" style="document" />
      <wsdl:operation name="Message">
              <soap:operation soapAction="urn:moe:dex:dexservice:2.0.0/Message" style="document" />
                            <wsdl:input>
                                      <!-- WS-Policy file applied here -->
                                     <wsp:Policy>
                                          <wsp:PolicyReference URI="policy:Sign.xml"/>
                                          <wsp:PolicyReference URI="policy:Encrypt.xml"/>
                                     </wsp:Policy>
                                   <soap:body use="literal" />
                             </wsdl:input>
                           <wsdl:output>
                                     <!-- WS-Policy file applied here -->
                                     <wsp:Policy>
                                          <wsp:PolicyReference URI="policy:Sign.xml"/>
                                          <wsp:PolicyReference URI="policy:Encrypt.xml"/>
                                     </wsp:Policy>
                                <soap:body use="literal" />
                             </wsdl:output>
      </wsdl:operation>
    </wsdl:binding>
  ...      Instead, I got error message like
  <15/01/2008 10:15:04 AM NZDT> <Error> <ALSB Security> <BEA-387023> <An error ocurred during web service security inbound response processing [error-code: Fault
  , message-id: 3917705281899426819-4368b1eb.117762cff6e.-7fdb, proxy: DexServiceX509-Stub/Proxy Services/DexServiceX509-ProxyService, operation: Message]
  --- Error message:
  <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"><soapenv:Header/><soapenv:Body><soapenv:Fault><faultcode>soapenv:Server</faultcode>
  <faultstring>Failed to get token for tokenType: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3</faultstring></soapenv:Fa
  ult></soapenv:Body></soapenv:Envelope>
  weblogic.xml.crypto.wss.WSSecurityException: Failed to get token for tokenType: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#
  X509v3
  at weblogic.xml.crypto.wss.SecurityBuilderImpl.addEncryption(SecurityBuilderImpl.java:308)
  at weblogic.wsee.security.wss.SecurityPolicyDriver.processConfidentiality(SecurityPolicyDriver.java:280)
  at weblogic.wsee.security.wss.SecurityPolicyDriver.processOutbound(SecurityPolicyDriver.java:75)
  at weblogic.wsee.security.wss.SecurityPolicyDriver.processOutbound(SecurityPolicyDriver.java:64)
  at weblogic.wsee.security.WssServerHandler.processOutbound(WssServerHandler.java:86)
  Truncated. see log file for complete stacktrace
  >
  <15/01/2008 10:15:24 AM NZDT> <Error> <com.bea.weblogic.kernel> <000000> <Failed to build CertPath
  java.security.cert.CertPathBuilderException: [Security:090603]The certificate chain is invalid because it could not be completed. The trusted CAs did not inclu
  de CN=x509,OU=x509,O=x509,L=Wellington,ST=Wellington,C=NZ.
  at weblogic.security.providers.pk.WebLogicCertPathProviderRuntimeImpl$JDKCertPathBuilder.engineBuild(WebLogicCertPathProviderRuntimeImpl.java:669)
  at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:194)
  at com.bea.common.security.internal.legacy.service.CertPathBuilderImpl$CertPathBuilderProviderImpl.build(CertPathBuilderImpl.java:67)
  at com.bea.common.security.internal.service.CertPathBuilderServiceImpl.build(CertPathBuilderServiceImpl.java:86)
  at jrockit.reflect.VirtualNativeMethodInvoker.invoke(Ljava.lang.Object;[Ljava.lang.Object;)Ljava.lang.Object;(Unknown Source)
          Truncated. see log file for complete stacktrace
  >
  <15/01/2008 10:15:24 AM NZDT> <Error> <ALSB Security> <BEA-387022> <An error ocurred during web service security inbound request processing [error-code: Fault,
  message-id: 3917705281899426819-4368b1eb.117762cff6e.-7fd8, proxy: DexServiceX509-Stub/Proxy Services/DexServiceX509-ProxyService, operation: null]
  --- Error message:
  <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"><soapenv:Header/><soapenv:Body><soapenv:Fault xmlns:wsse="http://docs.oasis-open.or
  g/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"><faultcode>wsse:InvalidSecurityToken</faultcode><faultstring>Security token failed to validate. weblo
  gic.xml.crypto.wss.SecurityTokenValidateResult@3c5347b[status: false][msg [
    Version: V1
    Subject: CN=x509, OU=x509, O=x509, L=Wellington, ST=Wellington, C=NZ
    Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
    Key:  Sun RSA public key, 1024 bits
    modulus: 13052787793731294943682394984664645854838424340012907077330623....
    The 'System Error Handler' from 'Invocation Trace' in ALSB test console is something like
  [pre]     
  $fault:
  <con:fault xmlns:con="http://www.bea.com/wli/sb/context">
       <con:errorCode>BEA-386201</con:errorCode>
       <con:reason>
            A web service security fault
            occurred[{http://schemas.xmlsoap.org/soap/envelope/}Server][Failed
            to get token for tokenType:
            http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3]
       </con:reason>
       <con:details>
            <err:WebServiceSecurityFault
                 xmlns:err="http://www.bea.com/wli/sb/errors">
                 <err:faultcode
                      xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
                      soapenv:Server
                 </err:faultcode>
                 <err:faultstring>
                      Failed to get token for tokenType:
                      http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3
                 </err:faultstring>
            </err:WebServiceSecurityFault>
       </con:details>
       <con:location>
            <con:path>response-pipeline</con:path>
       </con:location>
  </con:fault>
  So is this a feature not supported in ALSB 2.6 yet or am I missing something dead simple?
  Thanks in advance
  Sam

  Instead of specifying policies for input and output separately you could place the policy reference only once in the operation element. Maybe will this solve your problem...
  http://e-docs.bea.com/alsb/docs26/security/ws_policy.html#wp1061166

• How and when to load cross-domain.xml for web services.

  I'm accessing some 3rd party web services and so I need them to have a cross-domain.xml file, which they have done.
  In order to access their web services, am I correct that I need to load the cross-domain.xml file they put on their web server, and if so, is my code to do so below correct, which I put in my creationComplete handler function?
  Note, of course the IP address in my code is not 0.0.0.0.
  Do I need all these lines, and am I doing this correctly?
  Currently I am getting a SecurityErrorEvent.
  Security.allowDomain("0.0.0.0");
  Security.loadPolicyFile("http://0.0.0.0/crossdomain.xml");
  var request:URLRequest = new URLRequest("http://0.0.0.0/crossdomain.xml");
  var loader:URLLoader = new URLLoader();
  loader.addEventListener(Event.COMPLETE, policyLoaded);
  loader.addEventListener(IOErrorEvent.IO_ERROR, policyIOError);
  loader.addEventListener(SecurityErrorEvent.SECURITY_ERROR, policySecurityError);
  loader.load(request);

  Okay, I found that when I put the crossdomain.xml file at the root of my web site file area my hosting company provides, I do not specifically need to load the crossdomain.xml file.
  But if I want finer control over who has access to what, and I put the crossdomain.xml file in the same directory as my Flex app SWF file, what lines of the following code (or additional lines I don't know about) should I put in my app creationComplete handler function to load the crossdomain.xml file?
  Note, of course the IP address in my code is not 0.0.0.0.
  Do I need all these lines, and am I doing this correctly?
  Security.allowDomain("0.0.0.0");
  Security.loadPolicyFile("http://0.0.0.0/myAppFolder/crossdomain.xml");
  var request:URLRequest = new URLRequest("http://0.0.0.0/myAppFolder/crossdomain.xml");
  var loader:URLLoader = new URLLoader();
  loader.addEventListener(Event.COMPLETE, policyLoaded);
  loader.addEventListener(IOErrorEvent.IO_ERROR, policyIOError);
  loader.addEventListener(SecurityErrorEvent.SECURITY_ERROR, policySecurityError);
  loader.load(request);

• ABAP program for BAPI and convert DB into XML

  ABAP program for BAPI and convert DB into XML
  Thank you,
  Regards,
  Jagrut BharatKumar Shukla

  Refer the link -
  give an example of bapi coding?
  how can we transfer huge amount of data from database server to xml format
  Regards,
  Amit
  Reward all helpful replies.

• Is there a video tutorial for using cyberduck and iweb?

  So, is there a video tutorial for using cyberduck and iweb to upload to a website? The written instructions on iweb are not specific enough.

  Might be worth posting that in the iWeb forum.
  http://discussions.apple.com/category.jspa?categoryID=188
  This is the iPhoto 09 forum.
  Also, have you tried searching with google?
  Regards
  TD

• "Device Pin not set in TransConfig.xml.for translator RimBB" message when I try to sync my BBZ10 with Outlook Calendar and Contacts

  Hello, Does anyone know how I can sync my BBZ10 with my computers Outlook Calendar and Contacts? It was working but since my computer returned from being repaired it doesn't sync and gives me the following message
  "Device Pin not set in TransConfig.xml.for translator RimBB"

  I did resolve it, it was so long ago but here's what I suggest:
  -First remove the software on your computer by going to the add/remove programs if you're using a PC. If you're using Mac, I'm not sure where you go. 
  -Then go to BB website and download the correct program for you phone
  -Check both your phone and computer have all their updates
  With the newest updates I have no trouble syncing my calendar/contacts from my PC to my BB and vice versa. It was just initially when the BB was so new they hadn't updated the programs. Over time the fixed the glitch, this is why I recommend you remove the program you have and start over, it will probably fix itself.