Custom Security Manager or Security Event Interception from WebLogic Console
Hello,
I have built my own Security Manager and implemented custom preference/property mechanism for every Principal, so when I use my Swing client to create new User and new Group, as well as addMember to a Group, I know what to do with those properies/preferences.
Now, I want to use WebLogic Console to manage users and groups. I want to intercept events in my Security Manager about new User or Group creation or changing their memberships as Principals in order to handle their Preference/properties stuff myself...
I wonder what should I "listen" in order to understand that someone has changed membership of Users or Groups or about creation of new User or Group?
I use Weblogic Server 6.0 sp2
serge
Hi Daniel,
> a custom security manager for the standard CM Repository
And this dictates you indeed to use the old API, as the CMRepositoryManager itself is using the old API.
The standard AclSecurityManager is implemented by com.sapportals.wcm.repository.manager.generic.security.AclSecurityManager. If you check out Configuration - Content Management - Repository Managers - Security Manager, you will see "ACL Security Manager" (the one from above) and "ACL Security Manager (for new Manager-API)". This is implementing / using the new API, but needs also a RM using the new API.
> java.lang.NoSuchMethodException: MySecurityManager.<init>
This exception only complains about a missing constructor!? Have you implemented a default constructor?!
> If this is the case, where can I find the API for IUMPrincipal? It is not included in any provided API because of deprecation.
The methods of the old EP5 user management are more or less similar to the new UME, so using the old deprecated API should be more or less straight forward.
There are also transformer methods for example to transform a "new" user object to an old EP5 one, see https://forums.sdn.sap.com/thread.jspa?threadID=235656&tstart=0
Hope it helps
Detlev
Similar Messages
-
MANAGED SERVER NOT COMMING UP FROM ADMIN CONSOLE,
Hi All,
I can't start managed server from admin console.
The status is showing FAILED_NOT_RESTARTABLE.
below is the error it is showing in the node manager.
But i can start managed server from the back-end successfully. If i start the nodemanager then managed server is not comming up.
<May 24, 2011 4:12:22 AM> <WARNING> <Exception while starting server 'my_managed
_server'>
java.io.IOException: Server failed to start up. See server output log for more d
etails.
at weblogic.nodemanager.server.AbstractServerManager.start(AbstractServe
rManager.java:200)
at weblogic.nodemanager.server.ServerManager.start(ServerManager.java:23
at weblogic.nodemanager.server.Handler.handleStart(Handler.java:604)
at weblogic.nodemanager.server.Handler.handleCommand(Handler.java:121)
at weblogic.nodemanager.server.Handler.run(Handler.java:71)
at java.lang.Thread.run(Thread.java:662)
May 24, 2011 4:12:22 AM weblogic.nodemanager.server.Handler handleStart
WARNING: Exception while starting server 'my_managed_server'
java.io.IOException: Server failed to start up. See server output log for more d
etails.
at weblogic.nodemanager.server.AbstractServerManager.start(AbstractServe
rManager.java:200)
at weblogic.nodemanager.server.ServerManager.start(ServerManager.java:23
at weblogic.nodemanager.server.Handler.handleStart(Handler.java:604)
at weblogic.nodemanager.server.Handler.handleCommand(Handler.java:121)
at weblogic.nodemanager.server.Handler.run(Handler.java:71)
at java.lang.Thread.run(Thread.java:662)
Please help.
Regards,
nag.<May 24, 2011 4:12:18 AM> <INFO> <weblogic_domain> <my_managed_server> <Working directory is 'C:\Oracle\Middleware\user_projects\domains\weblogic_domain'>
<May 24, 2011 4:12:18 AM> <INFO> <weblogic_domain> <my_managed_server> <Rotated server output log to "C:\Oracle\Middleware\user_projects\domains\weblogic_domain\servers\my_managed_server\logs\my_managed_server.out00039">
<May 24, 2011 4:12:18 AM> <INFO> <weblogic_domain> <my_managed_server> <Server error log also redirected to server log>
<May 24, 2011 4:12:18 AM> <INFO> <weblogic_domain> <my_managed_server> <Server output log file is 'C:\Oracle\Middleware\user_projects\domains\weblogic_domain\servers\my_managed_server\logs\my_managed_server.out'>
<May 24, 2011 4:12:22 AM> <INFO> <weblogic_domain> <my_managed_server> <Server failed during startup so will not be restarted>
<May 24, 2011 4:12:22 AM> <WARNING> <Exception while starting server 'my_managed_server'>
java.io.IOException: Server failed to start up. See server output log for more details.
at weblogic.nodemanager.server.AbstractServerManager.start(AbstractServerManager.java:200)
at weblogic.nodemanager.server.ServerManager.start(ServerManager.java:23)
at weblogic.nodemanager.server.Handler.handleStart(Handler.java:604)
at weblogic.nodemanager.server.Handler.handleCommand(Handler.java:121)
at weblogic.nodemanager.server.Handler.run(Handler.java:71)
at java.lang.Thread.run(Thread.java:662)
This is what i found in nodemanager log file
Regards,
Nag. -
Custom Work Manager not shown in WL Server Admin Console
An application scoped custom work manager is to be configured, for which the files weblogic-application.xml, weblogic-ejb-jar.xml, weblogic.xml have been defined. After it is deployed on the server, custom work manager is not being shown in the list on console -> deployments -> application -> monitoring -> workload.
What could be the reason? Is there something which is missed out?Hi Justin,
According to the error message and the issue can be caused by the edition of your SSRS is not support for the custom data provider. For example the express edition have limitation support on this:
Features Supported by the Editions of SQL Server 2012 .
If your edition is the supportted edition and the issue can be caused by the custom data provider do not necessarily support all the functionality supplied by Reporting Services data processing extensions. In addition, some OLE DB data providers and ODBC
drivers can be used to author and preview reports, but are not designed to support reports published on a report server. For example, the Microsoft OLE DB Provider for Jet is not supported on the report server. For more information, see
Data Processing Extensions and .NET Framework Data Providers (SSRS).
If you are running on a 32-bit platform, the data provider must be compiled for a 32-bit platform. If you are running on a 64-bit platform, the data provider must be compiled for the 64-bit platform. You cannot use a 32-bit data provider wrapped with 64-bit
interfaces on a 64 bit platform.
More details information:Data Sources Supported by Reporting Services (SSRS)
Similar thread for your reference:
ERROR: An attempt has been made to use a data extension 'SQL' that is not registered for
this report server.
Error when viewing SSRS report with SQL Azure as data source
If you still have any problem, please feel free to ask.
Regards
Vicky Liu
Vicky Liu
TechNet Community Support -
Can't start manager server on other machine from admin console
hi, m fredzh
i have weblogic 10.3.2 where i created a cluster named cluster1 on production mode
the machines and servers list as follow:
cluster1 192.168.1.100
--machine1
--server1 192.168.1.100
--machine2
-server2 192.168.1.101
i create nodemanager on machine2, and set the type as ssl, the listener address 192.168.1.101,
then login on 192.168.1.101, and run wlst.sh , nmEnroll and then start startNodemanaged.sh ..
start server2 on the admin console(on 192.168.1.100), failed and the log as follow:
can anbody help me, thank you..
==============================================================================
<Critical> <WebLogicServer> <localhost.localdomain> <managerServer2> <main> <<WLS Kernel>> <> <> <1286788326928> <BEA-000386> <Server subsystem failed. Reason: java.lang.AssertionError: java.lang.reflect.InvocationTargetException
java.lang.AssertionError: java.lang.reflect.InvocationTargetException
at weblogic.descriptor.DescriptorManager$SecurityServiceImpl$SecurityProxy._invokeServiceMethod(DescriptorManager.java:175)
at weblogic.descriptor.DescriptorManager$SecurityServiceImpl$SecurityProxy.decrypt(DescriptorManager.java:192)
at weblogic.descriptor.DescriptorManager$SecurityServiceImpl.decrypt(DescriptorManager.java:114)
at weblogic.descriptor.internal.AbstractDescriptorBean._decrypt(AbstractDescriptorBean.java:991)
at weblogic.management.configuration.SecurityConfigurationMBeanImpl.getCredential(SecurityConfigurationMBeanImpl.java:709)
at weblogic.security.internal.ServerPrincipalValidatorImpl.getSecret(ServerPrincipalValidatorImpl.java:88)
at weblogic.security.internal.ServerPrincipalValidatorImpl.sign(ServerPrincipalValidatorImpl.java:67)
at weblogic.security.service.PrivilegedActions$SignPrincipalAction.run(PrivilegedActions.java:62)
at java.security.AccessController.doPrivileged(Native Method)
at weblogic.security.service.SecurityServiceManager.createServerID(SecurityServiceManager.java:1098)
at weblogic.security.service.SecurityServiceManager.getServerID(SecurityServiceManager.java:1111)
at weblogic.security.service.SecurityServiceManager.sendASToWire(SecurityServiceManager.java:602)
at weblogic.server.channels.ChannelService.resetQOS(ChannelService.java:284)
at weblogic.server.channels.ChannelService.start(ChannelService.java:250)
at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
Caused By: java.lang.reflect.InvocationTargetException
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at weblogic.descriptor.DescriptorManager$SecurityServiceImpl$SecurityProxy._invokeServiceMethod(DescriptorManager.java:173)
at weblogic.descriptor.DescriptorManager$SecurityServiceImpl$SecurityProxy.decrypt(DescriptorManager.java:192)
at weblogic.descriptor.DescriptorManager$SecurityServiceImpl.decrypt(DescriptorManager.java:114)
at weblogic.descriptor.internal.AbstractDescriptorBean._decrypt(AbstractDescriptorBean.java:991)
at weblogic.management.configuration.SecurityConfigurationMBeanImpl.getCredential(SecurityConfigurationMBeanImpl.java:709)
at weblogic.security.internal.ServerPrincipalValidatorImpl.getSecret(ServerPrincipalValidatorImpl.java:88)
at weblogic.security.internal.ServerPrincipalValidatorImpl.sign(ServerPrincipalValidatorImpl.java:67)
at weblogic.security.service.PrivilegedActions$SignPrincipalAction.run(PrivilegedActions.java:62)
at java.security.AccessController.doPrivileged(Native Method)
at weblogic.security.service.SecurityServiceManager.createServerID(SecurityServiceManager.java:1098)
at weblogic.security.service.SecurityServiceManager.getServerID(SecurityServiceManager.java:1111)
at weblogic.security.service.SecurityServiceManager.sendASToWire(SecurityServiceManager.java:602)
at weblogic.server.channels.ChannelService.resetQOS(ChannelService.java:284)
at weblogic.server.channels.ChannelService.start(ChannelService.java:250)
at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
Caused By: weblogic.security.internal.encryption.EncryptionServiceException: com.rsa.jsafe.JSAFE_PaddingException: Could not perform unpadding: invalid pad byte.
at weblogic.security.internal.encryption.JSafeEncryptionServiceImpl.decryptBytes(JSafeEncryptionServiceImpl.java:125)
at weblogic.security.internal.encryption.JSafeEncryptionServiceImpl.decryptString(JSafeEncryptionServiceImpl.java:173)
at weblogic.security.internal.encryption.ClearOrEncryptedService.decrypt(ClearOrEncryptedService.java:96)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at weblogic.descriptor.DescriptorManager$SecurityServiceImpl$SecurityProxy._invokeServiceMethod(DescriptorManager.java:173)
at weblogic.descriptor.DescriptorManager$SecurityServiceImpl$SecurityProxy.decrypt(DescriptorManager.java:192)
at weblogic.descriptor.DescriptorManager$SecurityServiceImpl.decrypt(DescriptorManager.java:114)
at weblogic.descriptor.internal.AbstractDescriptorBean._decrypt(AbstractDescriptorBean.java:991)
at weblogic.management.configuration.SecurityConfigurationMBeanImpl.getCredential(SecurityConfigurationMBeanImpl.java:709)
at weblogic.security.internal.ServerPrincipalValidatorImpl.getSecret(ServerPrincipalValidatorImpl.java:88)
at weblogic.security.internal.ServerPrincipalValidatorImpl.sign(ServerPrincipalValidatorImpl.java:67)
at weblogic.security.service.PrivilegedActions$SignPrincipalAction.run(PrivilegedActions.java:62)
at java.security.AccessController.doPrivileged(Native Method)
at weblogic.security.service.SecurityServiceManager.createServerID(SecurityServiceManager.java:1098)
at weblogic.security.service.SecurityServiceManager.getServerID(SecurityServiceManager.java:1111)
at weblogic.security.service.SecurityServiceManager.sendASToWire(SecurityServiceManager.java:602)
at weblogic.server.channels.ChannelService.resetQOS(ChannelService.java:284)
at weblogic.server.channels.ChannelService.start(ChannelService.java:250)
at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
Edited by: fredzh on 2010-10-12 下午6:54hi,Jay
i followed the steps as follow:
1、change prod mode to dev
2、modified the config.xml entrys on the all two servers:
<node-manager-password-encrypted>test</node-manager-password-encrypted>
<credential-encrypted>test</credential-encrypted>
<embedded-ldap>
<name>cluster_domain</name>
<credential-encrypted>test</credential-encrypted>
</embedded-ldap>
3、enrolled the node, then started the two adminservers, started server2's nodemanager..server2 can be started from the cluster admin console.
4、change the dev mode to prod mode on admin console, it failed throw error:
"in production mode, it's not allowed to set a clear text value to the property: CredentialEncrypted of SecurityConfigurationMBean"
i checked the config.xml ,the entrys i had changed were not aotomatically encrypted,may i manually encryp the clear text value? ..follow is the config.xml :
<?xml version='1.0' encoding='UTF-8'?>
<domain xmlns="http://xmlns.oracle.com/weblogic/domain" xmlns:sec="http://xmlns.oracle.com/weblogic/security" xmlns:wls="http://xmlns.oracle.com/weblogic/security/wls" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://xmlns.oracle.com/weblogic/security/xacml http://xmlns.oracle.com/weblogic/security/xacml/1.0/xacml.xsd http://xmlns.oracle.com/weblogic/security/providers/passwordvalidator http://xmlns.oracle.com/weblogic/security/providers/passwordvalidator/1.0/passwordvalidator.xsd http://xmlns.oracle.com/weblogic/domain http://xmlns.oracle.com/weblogic/1.0/domain.xsd http://xmlns.oracle.com/weblogic/security http://xmlns.oracle.com/weblogic/1.0/security.xsd http://xmlns.oracle.com/weblogic/security/wls http://xmlns.oracle.com/weblogic/security/wls/1.0/wls.xsd">
<name>cluster_domain</name>
<domain-version>10.3.2.0</domain-version>
<security-configuration>
<name>cluster_domain</name>
<realm>
<sec:authentication-provider xsi:type="wls:default-authenticatorType"></sec:authentication-provider>
<sec:authentication-provider xsi:type="wls:default-identity-asserterType">
<sec:active-type>AuthenticatedUser</sec:active-type>
</sec:authentication-provider>
<sec:role-mapper xmlns:xac="http://xmlns.oracle.com/weblogic/security/xacml" xsi:type="xac:xacml-role-mapperType"></sec:role-mapper>
<sec:authorizer xmlns:xac="http://xmlns.oracle.com/weblogic/security/xacml" xsi:type="xac:xacml-authorizerType"></sec:authorizer>
<sec:adjudicator xsi:type="wls:default-adjudicatorType"></sec:adjudicator>
<sec:credential-mapper xsi:type="wls:default-credential-mapperType"></sec:credential-mapper>
<sec:cert-path-provider xsi:type="wls:web-logic-cert-path-providerType"></sec:cert-path-provider>
<sec:cert-path-builder>WebLogicCertPathProvider</sec:cert-path-builder>
<sec:name>myrealm</sec:name>
<sec:password-validator xmlns:pas="http://xmlns.oracle.com/weblogic/security/providers/passwordvalidator" xsi:type="pas:system-password-validatorType">
<sec:name>SystemPasswordValidator</sec:name>
<pas:min-password-length>8</pas:min-password-length>
<pas:min-numeric-or-special-characters>1</pas:min-numeric-or-special-characters>
</sec:password-validator>
</realm>
<default-realm>myrealm</default-realm>
<anonymous-admin-lookup-enabled>false</anonymous-admin-lookup-enabled>
<credential-encrypted>test</credential-encrypted>
<web-app-files-case-insensitive>false</web-app-files-case-insensitive>
<compatibility-connection-filters-enabled>false</compatibility-connection-filters-enabled>
<node-manager-username>weblogic</node-manager-username>
<node-manager-password-encrypted>test</node-manager-password-encrypted>
<principal-equals-case-insensitive>false</principal-equals-case-insensitive>
<principal-equals-compare-dn-and-guid>false</principal-equals-compare-dn-and-guid>
<downgrade-untrusted-principals>false</downgrade-untrusted-principals>
<enforce-strict-url-pattern>true</enforce-strict-url-pattern>
<cross-domain-security-enabled>false</cross-domain-security-enabled>
</security-configuration>
<jta>
<security-interop-mode>default</security-interop-mode>
</jta>
<server>
<name>AdminServer</name>
<ssl>
<hostname-verifier xsi:nil="true"></hostname-verifier>
<hostname-verification-ignored>true</hostname-verification-ignored>
<export-key-lifespan>500</export-key-lifespan>
<client-certificate-enforced>false</client-certificate-enforced>
<two-way-ssl-enabled>false</two-way-ssl-enabled>
<ssl-rejection-logging-enabled>true</ssl-rejection-logging-enabled>
<inbound-certificate-validation>BuiltinSSLValidationOnly</inbound-certificate-validation>
<outbound-certificate-validation>BuiltinSSLValidationOnly</outbound-certificate-validation>
<allow-unencrypted-null-cipher>false</allow-unencrypted-null-cipher>
<use-server-certs>false</use-server-certs>
</ssl>
<listen-port>7110</listen-port>
<listen-address></listen-address>
</server>
<server>
<name>server2</name>
<machine>machine2</machine>
<listen-port>7110</listen-port>
<listen-address>192.168.1.101</listen-address>
<server-start>
<java-vendor>Sun</java-vendor>
<java-home>/opt/jdk1.6.0_21</java-home>
<bea-home>/root/Oracle/Middleware</bea-home>
<root-directory>/root/Oracle/Middleware/user_projects/domains/cluster_domain</root-directory>
<username>weblogic</username>
<password-encrypted>{AES}xhSI75AxXtXdMrCXRgA2uY5pfcxUGE9X4YXTjfe1XEY=</password-encrypted>
</server-start>
</server>
<embedded-ldap>
<name>cluster_domain</name>
<credential-encrypted>test</credential-encrypted>
</embedded-ldap>
<configuration-version>10.3.2.0</configuration-version>
<machine xsi:type="unix-machineType">
<name>machine2</name>
<node-manager>
<nm-type>SSL</nm-type>
<listen-address>192.168.1.101</listen-address>
<listen-port>5556</listen-port>
<debug-enabled>false</debug-enabled>
</node-manager>
</machine>
<admin-server-name>AdminServer</admin-server-name>
</domain>
Edited by: fredzh on 2010-10-13 下午7:57 -
Managed servers are started/stopped from admin console using NodeManager
Hi,
I have weblogic cluster and it has 4 managed servers on two different machines with each machine having 2 managed servers.
I have node manager setup on the two machines. I use admin console to start/stop managed servers.
Now there is a requirement to add TIBCO lib and bin path to weblogic managed server path. I have added the entries in LD_LIBARY_PATH but on starting the server using admin console the TIBCO lib/bin paths are not appended to weblogic server path.
I noticed that in nodemanager.properties we have set StartScriptEnabled=false and so it doesn't use startWebLogic.sh,which internally use other configuration files.
I'm wondering as how to add these entries in WebLogic server path. Also, how the nodemanager is able to start the managed server without using startWebLogic.sh script.
In general, what happens when I click the start button in Admin console to start the managed servers which calls NodeManager internally.
Your inputs are highly appreciated.
Thanks in advance.
BR,
AjmalHi Ajmal,
For your issue there are two solution's as shown below:
Solution-1
You can add the TIBCO lib with the complete path where the TIBCO lib file is kept from console in Class Path
Console Path:
Servers > Configuration > Server Start
However this has to be done with all the managed serves.
Solution-2
If you don't want the burden to add the TIBCO lib files on every server from console then you can add the same lib files in the classpath of startWebLogic.sh and in nodemanager.properties we have set StartScriptEnabled=true. This will make sure that all the settings would be taken from the startWebLogic.sh.
This way whenever you start any of you managed servers from console it would pick up that lib files.
In both the solution you can check the managed servers *.out* files that the lib files would be present in there classpath.
Hope this would help you.
Regards,
Ravish Mody -
How to log the user and group setup from weblogic console
If I use the file realm to setup my acls, does it possible to log these
action?
Our customer ask us must to log which user or group you added, deleted.
Thanks and Best Regards,
Tom Hsu
³\®aºa (Tom Hsu)
Project Manager
Banking Solution Dept.
Bull Information Systems Taiwan Ltd.
8F, 2, Min-Sheng E. Road, Sec. 3,
Taipei, Taiwan
E-mail: [email protected]
TEL¡G02-25013090 Ext:205
FAX¡G02-25055439
Mobil: 0939-869-316You might want to Try Re-run the Config utility from the Linux-Essbase server and Re-register the Essbase with HSS.
Start the Essbase in Foreground and check if it is running
Now log on to the EAS/AAS with default admin/password if you havent changed it :); add your Essbase server using the Super user/Owner of essbase i mean the id..if you are succesful; i would always create a Test user as before Externalisation i can create users at EAS/AAS and then using Admin id ; i will push the Users/groups to the HSS by Externalising.. let me know if that helped you. GUd Luck..
Sriram -
One custom security realm for many wl servers?
Is it possible to use one custom security realm for many weblogic servers...ie
one login for all application on different weblogic server.Is it possible to use one custom security realm for many weblogic servers...ie
one login for all application on different weblogic server. -
Session broker and custom conversion manager
I'm having some problem using session broker and a custom conversion manager. I just moved from using single session to using a session broker in the sessions.xml. I'm using a custom conversion manager as shown in this tech. tips URL
http://www.oracle.com/technology/products/ias/toplink/technical/tips/customconversion/index.html
Here's my conversion manager set up code -
public class JpmiConversionManagerSetup extends SessionEventAdapter
* During the pre-login event the new MyConversionManager must be installed
* @see oracle.toplink.sessions.SessionEventAdapter#preLogin
* @param event
public void preLogin(SessionEvent event) {
ConversionManager cm= new JpmiConversionManager();
ConversionManager.setDefaultManager(cm);
event.getSession().getLogin().getPlatform().setConversionManager(cm);
My session broker manages 2 sessions. In sessions.xml for one session I have the <event-listener-class> entry where I need some conversion, another session I don't have any such entry as I don't need any conversion.
Now when I try to run a named query using session broker the conversion part blows up, throws a ConversionException. Any idea? Do I need to configure the session broker instead of session in the preLogin or anything like that?I think sessions editor is not available in 10.1.3dp4 yet. So I have to write the sessions.xml by hand. But the parser throwing me an error saying that <session-broker> is not allowed in sessions.xml.
SessionLoaderExceptions:
org.xml.sax.SAXParseException: <Line 41, Column 18>: XML-24534: (Error) Element 'session-broker' not expected.
at oracle.xml.parser.v2.XMLError.flushErrorHandler(XMLError.java:415)
at oracle.xml.parser.v2.XMLError.flushErrors1(XMLError.java:284)
at oracle.xml.parser.v2.NonValidatingParser.parseDocument(NonValidatingParser.java:302)
at oracle.xml.parser.v2.XMLParser.parse(XMLParser.java:199)
at oracle.xml.jaxp.JXDocumentBuilder.parse(JXDocumentBuilder.java:155)
at oracle.xml.jaxp.JXDocumentBuilder.parse(JXDocumentBuilder.java:111)
at oracle.toplink.platform.xml.xdk.XDKParser.parse(XDKParser.java:160)
at oracle.toplink.platform.xml.xdk.XDKParser.parse(XDKParser.java:190)
at oracle.toplink.tools.sessionconfiguration.XMLSessionConfigLoader.loadDocument(XMLSessionConfigLoader.java:191)
at oracle.toplink.tools.sessionconfiguration.XMLSessionConfigLoader.loadDocument(XMLSessionConfigLoader.java:151)
at oracle.toplink.tools.sessionconfiguration.XMLSessionConfigLoader.load(XMLSessionConfigLoader.java:88)
at oracle.toplink.tools.sessionmanagement.SessionManager.getSession(SessionManager.java:364)
at oracle.toplink.tools.sessionmanagement.SessionManager.getSession(SessionManager.java:331)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:324)
Any idea how to or where to write sessions broker in sessions.xml for 10.1.3dp4??? -
Adminserver does not start after deleting oim_server1 from the console
Have deleted oim_server1 from weblogic console and. I wanted to reconfig oim but can't extend the domain anymore as OIM is greyed out.
Please help:
Can't start Adminserver anymore too:
WARNING: Error registering the bulk operations MBean.
java.lang.IllegalArgumentException: WorkManagerMBean 'OIMUIWorkManager' refers to a constraint or request class 'MaxThreadsConstraint-0' but they are deployed on targets that have no servers in common. Please deploy the mbeans so that they have at least one server in common.
at weblogic.management.configuration.WorkManagerLegalHelper.validateTargets(WorkManagerLegalHelper.java:66)
at weblogic.management.configuration.WorkManagerMBeanImpl.setMaxThreadsConstraint(WorkManagerMBeanImpl.java:487)
at weblogic.management.configuration.WorkManagerMBeanImpl$9.resolveReference(WorkManagerMBeanImpl.java:468)
at weblogic.descriptor.internal.ReferenceManager$UnresolvedReference.resolve(ReferenceManager.java:404)
at weblogic.descriptor.internal.ReferenceManager.resolveReferences(ReferenceManager.java:296)
at weblogic.descriptor.internal.DescriptorImpl.resolveReferences(DescriptorImpl.java:328)
at weblogic.descriptor.BasicDescriptorManager.createDescriptor(BasicDescriptorManager.java:334)
at weblogic.management.provider.internal.EditAccessImpl.loadBeanTree(Edi
THANKS!Try to boot the computer in Windows Safe mode with network support (press F8 on the boot screen) as a test to see if that helps.
-
How to restrict employees from accessing managers data using custom security profile
Hi,
I am using custom security profile for restricting the employees from accessing supervisors details(PG.SEGMENT2=4). I have written the custom code as below :
Responsibility :US Super HRMS Manager
ASSIGNMENT.PERSON_ID
IN
(SELECT PAF.PERSON_ID FROM PER_ALL_PEOPLE_F PAF,
PER_ALL_ASSIGNMENTS_F PF,
PAY_PEOPLE_GROUPS PG,
PER_PERSON_TYPE_USAGES_F PPU,
FND_USER FNU
WHERE PAF.PERSON_ID=PF.PERSON_ID
AND :EFFECTIVE_DATE BETWEEN PAF.EFFECTIVE_START_DATE
AND PAF.EFFECTIVE_END_DATE
AND PF.PEOPLE_GROUP_ID=PG.PEOPLE_GROUP_ID
AND :EFFECTIVE_DATE BETWEEN PF.EFFECTIVE_START_DATE AND PF.EFFECTIVE_END_DATE
AND PPU.PERSON_ID=PAF.PERSON_ID
AND PPU.PERSON_ID=PF.PERSON_ID
AND :EFFECTIVE_DATE BETWEEN PPU.EFFECTIVE_START_daTE AND PPU.EFFECTIVE_END_DATE
AND PAF.PERSON_ID=FNU.EMPLOYEE_ID
AND PAF.PERSON_TYPE_ID =2
AND PPU.PERSON_TYPE_ID
IN(2,62)
and PAF.person_id = FND_PROFILE.value('user_id')
AND PG.SEGMENT2=8)
and using "restrict the people visible to each other using this profile".
I have assigned the security profile to HR user responsibility
But when I query the supervisor name in HR User responsibility , it is not restricting me from viewing supervisor details.
When I query for first time, its restricting me to view others details, but when I close that click on torch button and try searching, its allowing me to access manages details.
Can any one please let me know what setups need to be done for restricting employees from viewing supervisors data.
I have gone through the document "Understanding and Using HRMS Security in Oracle HRMS" but didn't got any idea.
Please suggest.
Thanks & Regards,
Anusha.Hi All ,
i solved the problem by using event 01 of header view and using the table "Extract" .
Regards,
Neha -
Access to IPortalComponentRequest in custom security manager
Hi All,
I am implementing a custom security manager. For my requirements, I need IPortalComponentRequest object in the security manager class. Can anyone give me a clue to get the request object in security manager implementation.
Regards,
YogaHi Romano,
I tried this. Its returning mysapsso2 cookie and authentication_schema cookie. But not retuning any custom cookies added to the response from any other application.
What I have tried to achieve is:
1. When a user login and authentication suceeds, I will add a custom cookie to the response.
2. Get the custom cookie added in the security manager class and do manipulations to check whether the user is authenticated.
Using the method you have suggested, I was not able to get any custom cookies added in other applications.
I tried the code using resource context(resource context obtained form IUser) as suggested in other threads,
HttpServletRequest request = (HttpServletRequest) resourceContext.getObjectValue("http://sapportals.com/xmlns/cm/httpservletrequest");
But this API returns null.
Any way to achieve?
Regards
Yoga -
SSRS Custom Security / Sql Server Data Tools / SQL Management Studio?
We are planning on implementing custom security for SSRS via IAuthenticationExtension and IAuthorizationExtension.
Once we switch SSRS from Windows security to our own custom security (based upon external user table in sql), how will that affect:
1. Publishing reports from SSDT for VS2013
2. Connecting / Managing SSRS from SQL Mgmt Studio
SSRS 2014
scottHi scott_m,
According to your description, you want to know effect when using custom Authentication and Authorization. Right?
In Reporting Services, for deploying a report from SSDT to report server, it requires the current user has permission to create reports. It's has nothing to do with the Authentication and Authorization. For managing SSRS in SSMS, it's directly accessing
the report server database. It will not call the web service, the custom Authentication and Authorization will not effect managing.
For the internal working of Authentication and Authorization in Reporting Services, please refer to links below:
Authorization in Reporting Services
Authentication in Reporting Services
If you have any question, please feel free to ask.
Best Regards,
Simon Hou
"In Reporting Services, for deploying a report from SSDT to report server, it requires the current
user has permission to create reports."
Simon, How does SSDT know who the current user is when custom authentication is enabled in SSRS?
thanks
scott -
How to pass custom cookie from report builder application to SSRS Custom Security Extension?
We want to implement SSRS in SaaS model. We implemented Custom Security extension in order to authenticate users from other application. When user enters username/password, i would like to authenticate the user in other application and it will return some data which can be used for autherization. I am expecting the same set of data will be accessible during all autherization calls.
Currently we are implementing this in Report Builder application. I couldn't able to persist the information in cookie. Report builder removes all the cookies exceprt one cookie which is used by report server.Is there any way to share the information in all reportbuilder autherization calls in same session?if you have your own data extension, you can using
HttpContext.Current.Application.Add("yourkey",
yourdata);
to save your data, but the issue I met it the key, I cannot find a key depended on report builder. If I use username, if the user open 2 report builder, both of them will get the same key and same data, but at this case the data should be different.
I hope it will help you. -
Cannot assign custom security manager to repository
Hello,
I've been following the details on how to implement a read-only security manager (https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/e2ddd63d-0b01-0010-46bb-e092790068cb) and I have run into the following problem:
After following the instructions for option B in the document (creating a security manager only) and deploying my project, the new security manager appears in the list of managers on the admin screen (Content Management -> Repository Managers -> Security Manager) but it is not available in the drop down list of security managers for my repository. Without that entry I cannot apply the new security manager to my repository.
According to the document, the new security manager should be part of this list but it is not even after I've restarted the J2EE engine.
The document is dated May 2006 so perhaps there have been some changes to the system that are not covered in the document. We are running NW 7.0 SP14.
Any help in determining why my custom security manager is not part of the security manager drop down list would be appreciated.Ok, after much decompiling and inspection of the standard KM security manager implementations I found the answer to my question.
Basically I found that the security manager tutorial only applies if you plan on using your custom security manager with your own custom repository manager. You cannot apply a security manager created using that document to a standard KM repository manager.
In my case I want to apply a custom security manager to a standard KM File System Repository. By inspecting the SFSRepositoryManager.cc.xml file I found the following entry:
<attribute name="securitymgr.ref" type="ref" refType="/cm/repository_managers/security_managers/SecurityManager" mandatory="false" hotReload="true" />
The refType value defines which security managers are displayed in the drop down list of available Security Managers at runtime for the repository manager. In order to get a custom security manager to be available you must define the cc.xml for your custom security manager so that it extends "SecurityManager" not "SecurityManagerMi" as the tutorial describes.
Changing the extension means your security manager implementation must also change so that it extends com.sapportals.wcm.repository.manager.AbstractRepositorySubManager and implements com.sapportals.wcm.repository.manager.ISecurityManager.
Now if only I could figure out how to reward points to myself ..... -
Last night, some of our systems installed updates released on 11/13/2014.
KB3021674
KB2901983
KB3023266
KB3014029
KB3022777
KB3020388
KB890830
Today, all of the servers running Windows Server 2008 R2 started logging the following error in the Security log over and over:
Log Name: Security
Source: Microsoft-Windows-Eventlog
Date: 1/15/2015 11:12:39 AM
Event ID: 1108
Task Category: Event processing
Level: Error
Keywords: Audit Success
User: N/A
Description:
The event logging service encountered an error while processing an incoming event published from Microsoft-Windows-Security-Auditing.
Servers running Windows Server 2008 that also installed the updates are not experiencing the problem. It looks like one of the updates may have introduced this problem with Server 2008 R2....Did you for sure confirm that:
https://technet.microsoft.com/library/security/MS15-001
is the cause?
I did. I had a VM that was not experiencing the problem. I took a snapshot and tested the patches one by one. Installing only KB3023266 immediately caused the issue to occur (after reboot). A similar process was used to confirm that
installing KB2675611 resolved the problem.
Note that I found the installation of KB2675611 is usually quick, but it took several hours hours to install on some of our systems. We had installed this patch a few months ago on a couple of servers and it was always quick to install. But,
it seems like installing it on a symptomatic system can cause it to take a long time.
Maybe you are looking for
-
How to correct decimal places in script
Hi, I have a packed integer variable. The value stored in that variable is 8,156,265.598. But i want it as 8.59 in the form. How to achieve this? Ezhil.
-
Our system: Oracle 11GR2 on Linux X64 CentOS. I followed instructions like here: http://www.oracle-base.com/articles/11g/NativeOracleXmlDbWebServices_11gR1.php, so far so good, I can display the WSDL on broswer. Now for real world testing, I wrote a
-
Need to create Meeting Request using Powershell with Outlook 2010 / 2013
We will be creating around 100 meeting request based on data from excel, so planning to migrate it to SQL & using powershell we need to speed-up the progress. Script tried : http://social.technet.microsoft.com/Forums/scriptcenter/en-US/e88ca51c-62dd-
-
New computer Bought elements 10 have canon 3ti software what to use to upload & catalog
I'm starting with a new computer and blank slate on it. I bought Photoshop elements 10. I have that loaded. I did not load my Canon software that came with the t1i yet. I want an easy way to upload and organize my photos and not duplicate pictures or
-
Unable to update Lumia 800 to 7.8
Title says it all. I bought my Lumia in December. My Lumia does not find any new updates, even when I have ticked the "notify me when there are new updates available". My current version is: 7.10.8783.12 I once, but only once! I got the phone updati