Custom Eviction Policy

Similar Messages

• Eviction policy or quartz job

  I have a cache containing cars and bycycles. All items are stored into the same cache.
  We only need to store 100 cars of each color. So 100 red cars, 100 green cars etc...
  For the bycicles, we need to keep 1000, regardless the color.
  What would be the best way to achieve this:
  1. Create a custom eviction policy. Is this really feasible becasue you have 2 different kinds of policies? Also, I'm not sure if it's possible to define a policy that evicts cars based on the number of cars that are in the local cache with the same color. Perhaps with a custom unit calculator?
  2. Create a quartz job that runs periodically and filters out the items that need to be removed.
  Best regards
  Jan

  Hi Jan,
  a periodic job might be better for the task, but it will not be able to remove the exactly correct amount of entries if there are frequent changes to the cache.
  The eviction policy on the other hand is able to act upon the content of the backing map, which in the case of a distributed cache is not corresponding to the number of items in the entire cache, because it contains only those entries for which the primary copy resides in that JVM. Therefore the eviction policy is not able to evict entries based on the data in the entire cache in a distributed cache.
  Best regards,
  Robert

• Osb 10gR3 - Active Intermediary proxy with custom WS-Policy files

  I'm setting up an Active Intermediary proxy, and the Security option on the proxy to "Process WS-Security header" is only usable when Custom Policy Bindings are assigned to the proxy. But I don't want to use the default Oracle policies.
  The "Select WS-Policy" popup within OSB only shows entries under the Predefined Policy tab. Yet I have custom WS-Policy files which have been imported into OSB.
  So what's the trick?

  Hi,
  Below are the steps followed
  - OSB Proxy service has 'oracle/wss_username_token_service_policy' attached to it.
  - Iam invoking this from BPEL. BPEL process has 'oracle/wss_username_token_client_policy' attached.
  - I can invoke the osb proxy from bpel by passing credentials - No Issues.
  Now I need to put some authorization restriction to the proxy service, so only specific users can access that.
  -I used Role=Admin as a policy condition restriction under security in Proxy service.
  -Then I went to proxy test console and I added the 'oracle/wss_username_token_client_policy' credentials and weblogic/xxxxx at Transport section and I was able to invoke the process. Here weblogic has a Admin Role.
  -I cannot invoke the same proxy service from BPEL in Jdeveloper now.
  All Iam trying to do is to protect my proxy by authrorization policy.
  Thanks
  Jagan.

• Custom WS-Policy Files in Console Service Endpoint Polices List

  hi
  Not sure which WLS newsgroup for this so here goes.
  I want to assign custom WS-Policy files to a web service via the console (i.e. post-deployment).
  By default, the Service Endpoint Policies list only shows a small subset of default policy files within weblogic.jar and none of the Wssp1.2-* policy files. (i.e. only the proprietary WLS 9.0 WS-Policy files)
  Is this correct behaviour? I want to experiment with policies based on the current WS Security Policy Standard without hard-coding the names of files into the service.
  Is there a way to make these other supplied WSSecurityPolicy 1.2 policies appear in the list?
  Thanks
  Jim Nicolson

  Hi,
  Below are the steps followed
  - OSB Proxy service has 'oracle/wss_username_token_service_policy' attached to it.
  - Iam invoking this from BPEL. BPEL process has 'oracle/wss_username_token_client_policy' attached.
  - I can invoke the osb proxy from bpel by passing credentials - No Issues.
  Now I need to put some authorization restriction to the proxy service, so only specific users can access that.
  -I used Role=Admin as a policy condition restriction under security in Proxy service.
  -Then I went to proxy test console and I added the 'oracle/wss_username_token_client_policy' credentials and weblogic/xxxxx at Transport section and I was able to invoke the process. Here weblogic has a Admin Role.
  -I cannot invoke the same proxy service from BPEL in Jdeveloper now.
  All Iam trying to do is to protect my proxy by authrorization policy.
  Thanks
  Jagan.

• GRC 10.1 custom security policy

  On GRC Java system, I am not able to create custom security policy under UME->Configuration->Security Policy. I am able to create on all other systems except GRC and NWDI system   I it related to support pack level or facility is not available on these releases
  Thanks Shankar

  Shailendra:
  Might be because there is no Java stack.  AC and PC now run on the ABAP stack and I think SAP recommends not using dual stack.  The only Java stack in the GRC 10.0 landscape that I'm aware of is for ADS.
  Thanks.
  Matt

• Custom Password Policy

  Hi xperts,
  I want to create a custom password policy which shoud fulfil the following requirements.
  1Allow additional alpha characters more other than A-Z and a-z. i.e the ones in Start button--->Programs>Accessories>System Tools>Character Map.
  2.Expand the default special characters list
  3 and we dont want email prefix(before @ to be used in the password).
  Any Ideas if we can do this ?

  You can put your validation using Java Script on Create User Form.----this can fulfil my 3rd requirement.
  or
  you can create custom action class which will validate your password. Change the reference of OLD action class and replace it with yours.
  I am a little new to sucg kind of customisations,can u just give me a little idea how exactly I can go about it..i.e which files to modify,which action class etc...
  Also I want this password policy for a group of users and if I modify the action class will there be an effect on the policies associated with other resources?

• OSB 10.3 and custom signing policy

  Good morning.
  I had several problems receiving signed messages from a customer. We have an active intermediary proxy, with a custom policy based on "Sign.xml" to require signing of message body.
  But out customer is signing using a third-party solution, so our proxy can't validate his message. We are trying to create a custom policy without "bea" namespaces, that is:
  <?xml version="1.0"?>
  <wsp:Policy
    xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
  xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702"
  xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
    wsu:Id="firma"
    >
    <sp:SignedParts>
      <sp:Body/>
    </sp:SignedParts>
  </wsp:Policy>This policy seems to be ok, but when we try to attach this as a "Custom policy" in the proxy, it is not in the list of custom policies.
  Can't Oracle process non-propietary policy file?.
  Thanks.

  Please refer section "Creating and Using Custom WS-Policy Statements" at -
  http://download.oracle.com/docs/cd/E13159_01/osb/docs10gr3/security/ws_policy.html
  Regards,
  Anuj

• Cache eviction policy to evict data based on LRU

  I've a requirement where i've to evict the data in the cache based on LRU.
  I've used the following configuration in the cache-config.xml
  <?xml version="1.0"?>
  <cache-config xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://xmlns.oracle.com/coherence/coherence-cache-config" xsi:schemaLocation="http://xmlns.oracle.com/coherence/coherence-cache-config coherence-cache-config.xsd">
    <caching-scheme-mapping>
      <cache-mapping>
        <cache-name>hello-cache</cache-name>
        <scheme-name>distributed</scheme-name>
      </cache-mapping>
    </caching-scheme-mapping>
    <caching-schemes>
      <distributed-scheme>
        <scheme-name>distributed</scheme-name>
        <service-name>DistributedCache</service-name>
        <backing-map-scheme>
          <local-scheme>
            <scheme-ref>LocalSizeLimited</scheme-ref>
          </local-scheme>
        </backing-map-scheme>
        <autostart>true</autostart>
      </distributed-scheme>
      <local-scheme>
        <scheme-name>LocalSizeLimited</scheme-name>
        <eviction-policy>LRU</eviction-policy>
        <high-units>5</high-units>
        <expiry-delay>2m</expiry-delay>
      </local-scheme>
    </caching-schemes>
  </cache-config>      
  Here i've given the eviction policy as LRU and expiry delay as 2mins.
  I've insert some datas in the cache as
  k1=hello
  k2=world
  k3=sample
  Now i'm using the key k2 often so the eviction should be as follows
  first it should evict k1 and then k3 and then k2 after 2mins..
  But the eviction occurs based on the data i insert
  i.e. first k1 and then k2 and then k3...
  So can any of u tell how to configure for evicting the data based on LRU.
  Thanks
  Godwin

  Hi Godwin,
  you might need to add <flush-delay> to you local schema,
  the default flush-delay is  1 minute, maybe cache evicts entries together due to flush interval.
  local-scheme - Coherence 3.4 User Guide - Oracle Coherence Knowledge Base
  Arkadiy

• Hi, How can I attach a custom expiration policy to a content type?

  I have found a code snippet, but it only attaches one xml. The thing is, I have two XMLs, one to set the expiration date, one for the action upon expiration. I have found this question similar to the question I asked now, however, it doesn't answer my question,
  nor do blogs anywhere. Is there a solution where two xmls can be added to one custom expiration policy? Or is there a way to change the xml itself so that it contains data for both formula and action together?
  Please let me know if you need any additional info.

  I honestly haven't dealt with custom expiration policies as far as Coding one is concerned.
  http://msdn.microsoft.com/en-us/library/cc453774(v=office.12).aspx
  Talks about doing this and if this is the link you've already looked at I apologize.
  I can work on a custom solution and see what I can find if that would be any help.
  Brandon James SharePoint Developer/Administrator

• Custom Password policy for ProxyAgent

  Solaris 10 Server Directory Server LDAP 6.3. Clients are Solaris 10.
  The clients use "proxyagent" user located in ou=profile. When I create a Global Password policy and apply to my top level dc, then this service account can "expire". I can't have my service accounts expiring...
  How do you create a custom filter with NO account lockout, expiration, etc? The DSCC wizard doesn't allow you to as the last step of the wizard must have a bug because even though you don't click the Lockout radio button, the webpage asks you to fill in a number for account lockout of 1 to 32768. Ugggh.
  Question 2: how do you apply a custom password policy to ALL of ou=people? I can do it one by one to dn's under the ou=people, but I want it on the parent so new users get the custom password policy. Everything I try, the Global Password Policy wins. (And can't seem to be done via the DSCC but rather through command line)
  Help.
  Thanks,
  Sean

  How do you create a custom filter with NO account lockout, expiration, etc?
  The DSCC wizard doesn't allow you to as the last step of the wizard must have
  a bug because even though you don't click the Lockout radio button, the
  webpage asks you to fill in a number for account lockout of 1 to 32768. Ugggh.Logged a new bug
  http://sunsolve.sun.com/search/document.do?assetkey=1-1-6787917-1
  The clients use "proxyagent" user located in ou=profile. When I create a Global Password
  policy and apply to my top level dc, then this service account can "expire". I can't have
  my service accounts expiring...Password policies have to be applied to individual accounts (manually or via CoS). So you
  may need to create a new password policy and assign it to the proxyagent user. Since DSCC
  does not seem to allow you to do that, best to munge it via the commandline (after specifying
  the lockout in dscc). Yes, it's ugly but a bug has been logged. Please contact Sun Support if
  you want a fix against 6.3 (quote the above bug number)

• Introducing a custom Password policy to expire passwords. odsee 11g - what are the expected results

  We have left the default Password Policy untouched. As a default password aging is off. Our DS compatibility mode is now DS6 so we can add Password Policies with max age!
  Some users need to have their passwords changed regularly due to political reasons.
  We have introduced a custom Password Policy which has a pwd_Max_age value of 180 days and allows the user to Change Password. Entry is cn=Custom Pwd Policy for ABC,dc=mycorp,dc=com
  Ok. Now we get confused by the behaviour of this ODSEE 11g server. Now, we are ADDING a new custom Password Policy to just a few selected users!
  1. When we add the Policy to the user by setting the passwordpolicysubentry attribute = "cn=Custom Pwd Policy for ABC,dc=mycorp,dc=com"
  - Nothing seems to happen.
  - WHEN IS THE PASSWORD EXPIRED?
  2. After we change a password for a user who has the passwordpolicysubentry attribute, he gains a new attribute pwdChangedTime
  - IS THIS THE ONLY TIME THE EXPIRY CLOCK STARTS TICKING? *AFTER* THE PASSWORD IS CHANGED?
  3. Is it true, that if a user never changes his password, even if he gets the new custom password policy applied, his password never automatically expires????
  I just cannot work out what is supposed to happen. I would have hoped that at the very least, the password begins to expires as soon as he gets a Password Policy with pwd_Max_age set.
  How is ODSEE 11g designed/supposed to function.
  Help!!!!!
  *HH

  Sylvain ,Many thanks for your reply and suggestions. Always good to have a choice!
  So it seems the only way to get the password aging clock to tick is for the password to be changed after having the password policy applied.
  Option1 is not really an option although it certainly would make the users change the password and set up the password aging...
  The main difficulty with odsee 11g  (Version 11.1.1.7.0) is that pwdChangedTime is a system read-only attribute linked to a modification to userPassword attribute, I cannot use ldapmodify to add/modify the pwdChangedTime attribute.
  I was amazed that I can read/store the userpassword as the base64 string and replace the userpassword attribute with this value using ldapmodify. This is very easy (and works!) but will cause the pwdChangedTime attribute to contain the same time for all users. I can imagine helpdesk loving it when everyone calls them in 6 months time.
  Using the LDIF backup/restore utility looks the best option, if it succeeds. At least we can randomize the actual value of pwdChangedTime with this approach.
  Mercy Buckets.

• How i replace default password policy with my custom password policy

  Hi All,
  can anybody help me to replace idm default password policy with my custom password policy?

  1. Go to Security --> Policies
  2. New --> String Quality Policy --> define rules --> save
  3. New --> Identity System account policy --> define rules and set the policy created in step2 to for password policy --> save
  4. Assign the policy created in step 3 to the user
  a. when create a user, under the 'Security' tab , for the 'Account policy' select the policy created in step
  b. Programattically, create /check out user view, assign the step 3 policy
  <set name='user.waveset.assignedLhPolicy'>
  <s>step 3 policy</s>
  </set>
  and checkin the view

• ClassNotFoundException with Custom OWSM Policy in Oracle Service Bus

  Hi All,
  I have a situation where I have created a custom web service manager policy. When I attach this policy to an Oracle Service Bus Proxy Service and invoke the service I get a ClassNotFoundError
  Caused By: java.lang.ClassNotFoundException: au.com.MyClass
  at java.net.URLClassLoader$1.run(URLClassLoader.java:202)
  at java.security.AccessController.doPrivileged(Native Method)
  at java.net.URLClassLoader.findClass(URLClassLoader.java:190)
  at java.lang.ClassLoader.loadClass(ClassLoader.java:307)
  at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:301)
  at java.lang.ClassLoader.loadClass(ClassLoader.java:248)
  at oracle.wsm.policy.util.Loader.loadClass(Loader.java:369)
  at oracle.wsm.policy.util.Loader.loadClass(Loader.java:389)
  at oracle.wsm.policyengine.impl.runtime.WSPolicyRuntimeExecutor.populateAssertionExecutors(WSPolicyRuntimeExecutor.java:238)
  at oracle.wsm.policyengine.impl.runtime.WSPolicyRuntimeExecutor.populateAssertionExecutors(WSPolicyRuntimeExecutor.java:279)
  at oracle.wsm.policyengine.impl.runtime.WSPolicyRuntimeExecutor.init(WSPolicyRuntimeExecutor.java:162)
  at oracle.wsm.policyengine.impl.PolicyExecutionEngine.getPolicyExecutor(PolicyExecutionEngine.java:137)
  at oracle.wsm.policyengine.impl.PolicyExecutionEngine.execute(PolicyExecutionEngine.java:101)
  at oracle.wsm.agent.WSMAgent.processCommon(WSMAgent.java:937)
  at oracle.wsm.agent.WSMAgent.processRequest(WSMAgent.java:454)
  at oracle.wsm.agent.handler.WSMEngineInvoker.handleRequest(WSMEngineInvoker.java:366)
  at com.bea.wli.sb.security.wss.wsm.WsmInboundHandler.processRequest(WsmInboundHandler.java:150)
  at com.bea.wli.sb.security.wss.WssHandlerImpl.doInboundRequest(WssHandlerImpl.java:223)
  at com.bea.wli.sb.context.BindingLayerImpl.addRequest(BindingLayerImpl.java:289)
  at com.bea.wli.sb.pipeline.MessageProcessor.processRequest(MessageProcessor.java:87)
  at com.bea.wli.sb.pipeline.RouterManager$1.run(RouterManager.java:593)
  at com.bea.wli.sb.pipeline.RouterManager$1.run(RouterManager.java:591)
  The jar file is in the user_projects/domains/mydomain/lib directory.
  Attaching the policy to BPEL services has no issue and the policy is invoked successfully.
  I am unable to determine why the OSB would behave differently in this regard, or what I need to configure differently in order to have it found by the class loaders for the OSB.
  Any help or suggestions appreciated.
  I am using 11.1.1.4.0
  The jar file has the necessary policy_config.xml file and the META-INF/mylabel/mypolicy.xml files in situ. As I said, it is working in the soa_server but not the OSB.

  Have you restarted servers after putting jar in $Domain_Home/lib directory? Also try after explicitly adding this jar in classpath by editing server startup script (startManagedWeblogic.cmd or .sh) or in domain env setting script (setDonainEnv.cmd or .sh) and restarting the servers.
  Regards,
  Anuj
  Edited by: Anuj Dwivedi on Mar 21, 2011 1:10 PM

• Custom Authorization Policy

  Hello Experts,
  I need to create new custom Authorization Policies, but seems that I can create or copy only Policy from these Entity Type:
  - User Management
  - Role Management
  - Authenticated Self Service User Management
  What about the other entity Type? Why I cannot create an Authorization Policy based (for example) on Entity Type 'Scheduler'??
  Thanks in Advance and Best Regards
  AT

  Open an SR and ask Oracle for the 11gR1 unpublished API.
  We automate the creationing of an authz policy when we create a group. We were able to receive the API for 11gR1 with the understading that it was unsupported, and with a very strong business case for needing it.
  Hope that help.

• Custom WS Policy with Service account in OSB while invoking a https service

  Hi,
  I need your help on one of my issue in invoking an https service from OSB. I read through various posting and tried the below steps in this forum
  -Added the certificate for the https site to soa domain
  -Registered the https webservice as a Business service
  -Registerd a proxy service on top of this Business service
  -In the service call out on Proxy service I did a replace operation on the entire soap header with the below string
  <soapenv:Header xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
  <wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
       <wsse:UsernameToken wsu:Id="UsernameToken-4" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
            <wsse:Username>sysuser@yahoo</wsse:Username>
            <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">ABIHAIKLPLKLPMLERLER</wsse:Password>
       </wsse:UsernameToken>
  </wsse:Security>
  </soapenv:Header>
  -After doing all the above steps my call out worked from the test console, If you see closely the userid(sysuser@yahoo) and password(ABIHAIKLPLKLPMLERLER) is hard coded here.
  I need a way to mask the credentials and have the user pass them when they invoke the proxy service. I read through some posting and it was listed that we can create a custom policy and attach that custom policy to the Business service. But my problem here is the userid has an extra char @, so I wasn't able to create the user account with those credentials in OSB, but I was able to create the userid and password using a service account. Iam not sure how I can use this service account along with the custom policy.
  Can you please provide me a suitable approach, which will solve my issue. I appreciate your time and help
  Thanks
  Jagan.

  Hi,
  Below are the steps followed
  - OSB Proxy service has 'oracle/wss_username_token_service_policy' attached to it.
  - Iam invoking this from BPEL. BPEL process has 'oracle/wss_username_token_client_policy' attached.
  - I can invoke the osb proxy from bpel by passing credentials - No Issues.
  Now I need to put some authorization restriction to the proxy service, so only specific users can access that.
  -I used Role=Admin as a policy condition restriction under security in Proxy service.
  -Then I went to proxy test console and I added the 'oracle/wss_username_token_client_policy' credentials and weblogic/xxxxx at Transport section and I was able to invoke the process. Here weblogic has a Admin Role.
  -I cannot invoke the same proxy service from BPEL in Jdeveloper now.
  All Iam trying to do is to protect my proxy by authrorization policy.
  Thanks
  Jagan.