Customer security concerns with using OWC (Beehive)

Similar Messages

• Unable to use a custom security realm with Netscape Directory Server in WebLogic 7

  I have all users and groups stored in a Netscape LDAP server (version 4.1.6 on
  Solaris 8), so I want to create a custom security realm in WebLogic 7 (also run
  on Solaris 8) which uses my LDAP server as the Authenticator. I tried this by
  using the Admin Console and followed exactly the steps in Chapter 3 of the "Managing
  WebLogic Security" doc. However, when I rebooted WebLogic and logged into the
  Admin Console again and clicked the Users node under my custom realm, I saw this
  message in the right-hand pane: "There are no Authentication providers available
  that support the creation of Users". Also, I don't see my custom realm in the
  dropdown list under mydomain -> Security tab -> General tab -> Default Realm.
  What did I do wrong? Also, where does WebLogic store the custom security realm
  info? It is definitely not in config.xml.
  Thanks,
  Eric Ma

  Thanks for the info.
  I wonder when they will fix it.
  Jakub
  U¿ytkownik "Eric Ma" <[email protected]> napisa³ w wiadomo¶ci
  news:[email protected]..
  >
  According to BEA Tech Support, a known bug prevents the WLS 7 AdminConsole from
  displying users and groups defined in Netscape Directory Server.
  Eric Ma
  "Jakub Wroniszewski" <[email protected]> wrote:
  I have the same problem.
  Any new ideas?
  Rgds,
  Jakub
  U¿ytkownik "Eric Ma" <[email protected]> napisa³ w wiadomo¶ci
  news:[email protected]..
  Now I doubt my custom security realm is actually using the NetscapeDirectory Server
  as the authenticator. Unlike in WebLogic 6.1 Admin Console, whereclicking on
  the Users node displays all users in the LDAP server, in WebLogic 7I keep
  getting
  the message "There are no Authentication providers available that
  support
  the
  creation of Users." Any suggestions?
  "Eric Ma" <[email protected]> wrote:
  Never mind. I tried again by following the steps outlined at
  http://newsgroups.bea.com/cgi-bin/dnewsweb?cmd=article&group=weblogic.deve
  l
  oper.interest.security&item=8463&utag=
  and it seemed to have worked for me.
  "Eric Ma" <[email protected]> wrote:
  I have all users and groups stored in a Netscape LDAP server (version
  4.1.6 on
  Solaris 8), so I want to create a custom security realm in WebLogic7
  (also run
  on Solaris 8) which uses my LDAP server as the Authenticator. I
  tried
  this by
  using the Admin Console and followed exactly the steps in Chapter3
  of
  the "Managing
  WebLogic Security" doc. However, when I rebooted WebLogic and logged
  into the
  Admin Console again and clicked the Users node under my custom realm,
  I saw this
  message in the right-hand pane: "There are no Authentication
  providers
  available
  that support the creation of Users". Also, I don't see my customrealm
  in the
  dropdown list under mydomain -> Security tab -> General tab ->
  Default
  Realm.
  What did I do wrong? Also, where does WebLogic store the customsecurity
  realm
  info? It is definitely not in config.xml.
  Thanks,
  Eric Ma

• Questions from a customer concerning services used within Beehive

  Hi - I have a customer who is concerned about security with concerns to opening ports for Beehive. They have come back with the following questions: 1.      What service is used by each port? TCP, UDP, ICMP? 2.     Is Network Address Translation (NAT) needed?
  Any assistance here would be appreciated.
  Brent

  Brent,
  BeehiveOnline has a number of ports in use mainly for duifferent protocols and the ports and there use is as follows:
  Port 443 - Https traffic - 90% of all access is via thei route
  Port 21 - FTPS traffic with explicit TLS - we use passive FTPS so there will be an incoming data channnel from the mid tier to allow through the remote firewall
  Port 9554 - Proprietary Windows plugin traffic for OBEE and OBEO
  That is all of the outward facing ports and their protocols caaess types.
  NAT - we may have some of this in use at the firewall to redirect to our internal ports on the mid-tiers - not surprisingly they are not straight through connections.
  Phil

• Table security concerns with form on intranet

  We are trying to maintain database security for forms that run
  on the intranet. The first line of security is to require all
  users to logon to the application. The main concern is the
  database user being asscessed without the application. Here are
  the current ideas:
  The easiest solution would be to hide the user/password
  information on the html that launches the form, however (to my
  knowledge) this is not possible.
  I moved the table containing application users passwords to a
  second user (db user) and am using a function to validate logon
  information. This works great, the problem is where to put the
  actual data tables user by the application. If they are in the
  first user which the form logs into by default then a "curious"
  person may access the tables via a sql session using the
  user/password from the html. The best thing I can come up with
  is to put the data tables in the second user containing the
  logon password table, however if the grants exist for the user
  that the form defaults to we have the same problem.
  Dynamic grants would be perfect however you can not create
  grants with the logon function.
  Any input would be greatly appreciated.
  -Doug
  null

  You can mantain this table in a separate user (administrative
  user) and create a function under this user to validate
  user and password. Grant privilege for the users to execute
  this function, but not to select the table. In this way, any
  user can execute this function but cannot query the table.
  The only one allowed to query and update this table is the
  owner. Based on Oracle concepts, if the user has rights to
  execute a function or procedure, he automatically has implicit
  rights to the objects being accessed by this function or
  procedure. But to access these implicit objects directly,
  he must have specific rights. I hope this can help you.
  null

• Airport Extreme security concern with Airport Utility App

  Just bought the new Airport Extreme (802.11ac) last night. BY FAR the easiest wireless setup I have ever done (< 5 minutes).  Hats off to the Apple developers on this one - they crushed it!  One of the things that makes this device so easy to setup though is the iPad/iPhone Airport Utility app.  I used the iPad version.
  My concern - When I startup this app it goes straight to the main config screen.  Just tap on the Airport Extreme image, then tap Edit and I'm into my wireless settings (id's, passwords, etc.).  And that's my concern.  It didn't ask me for any kind of password to get into the utility, or the settings.  What's to stop someone else from using my iPad to get into the wireless settings, or from someone else installing the app on their iPad and getting into my wireless settings.
  It feels like this is a huge security hole.  Am I missing something?
  Thanks in advance - MarkInColo 

  Is there a way to lock down the app on my iPad so that the settings can't be accessed unless I authorize it?
  No
  Only way I can think of is uninstall the app, and install it again only when I need it.  Isn't there a better way?
  If it were me, I would not install or use AirPort Utility for the iPad, iPhone etc.  Use only AirPort Utility on your Mac, and do not enable the option to have KeyChain Access remember the password.
  Then, anyone who wants to access the settings in AirPort Utility on the Mac will have to enter the Base Station password to be able to make any changes in AirPort Utility.

• Data security concern while using JDBC

  My java application connecting to a database to read patient information. Do I have to worry about encrypting the data? I am using oracle jdbc driver. Is there any chance, anyone can read the data on transit?

  In theory it is possible. In practice I don't know that there are any recorded instances outside NSA. I've read that there are no known cases of credit card numbers being harvested from plaintext IP traffic.
  Your question should really be directed to your employer or the customer.
  If you're on an Intranet I would forget about it; if you're using the Internet it may be required to use SSL.

• Custom security JHeadstart 11gTP1 -Use Role-based Authorization is missing

  In JHeadstart 11g TP1 the option Use Role-based Authorization is missing.
  Will this option only be available in de production release of JHeadstart 11g? What is the reason why this is missing? Is it still possible to use CUSTOM authorization in JHeadstart 11g TP1?

  It is not missing.
  If you turn on custom authorization, you can specify your own roles against groups to access them, and use role names in the insert allowed/update allowed and delete allowed expressions.
  Steven Davelaar,
  JHeadstart Team.

• Cannot assign custom security manager to repository

  Hello,
  I've been following the details on how to implement a read-only security manager (https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/e2ddd63d-0b01-0010-46bb-e092790068cb) and I have run into the following problem:
  After following the instructions for option B in the document (creating a security manager only) and  deploying my project, the new security manager appears in the list of managers on the admin screen (Content Management -> Repository Managers -> Security Manager) but it is not available in the drop down list of security managers for my repository. Without that entry I cannot apply the new security manager to my repository.
  According to the document, the new security manager should be part of this list but it is not even after I've restarted the J2EE engine.
  The document is dated May 2006 so perhaps there have been some changes to the system that are not covered in the document. We are running NW 7.0 SP14.
  Any help in determining why my custom security manager is not part of the security manager drop down list would be appreciated.

  Ok, after much decompiling and inspection of the standard KM security manager implementations I found the answer to my question.
  Basically I found that the security manager tutorial only applies if you plan on using your custom security manager with your own custom repository manager. You cannot apply a security manager created using that document to a standard KM repository manager.
  In my case I want to apply a custom security manager to a standard KM File System Repository. By inspecting the SFSRepositoryManager.cc.xml file I found the following entry:
  <attribute name="securitymgr.ref" type="ref" refType="/cm/repository_managers/security_managers/SecurityManager" mandatory="false" hotReload="true" />
  The refType value defines which security managers are displayed in the drop down list of available Security Managers at runtime for the repository manager. In order to get a custom security manager to be available you must define the cc.xml for your custom security manager so that it extends "SecurityManager" not "SecurityManagerMi" as the tutorial describes.
  Changing the extension means your security manager implementation must also change so that it extends com.sapportals.wcm.repository.manager.AbstractRepositorySubManager and implements com.sapportals.wcm.repository.manager.ISecurityManager.
  Now if only I could figure out how to reward points to myself .....

• Safari password auto fill security concern

  Just discovered what I consider to be a big security concern with iCloud Keychain. If you go into Settings, then Safari and your iCloud Keychain is under stored passwords and auto fill, the passwords are stored in plain text with no asterisk or anything. This means that all someone needs is your 4digit unlock code and they are then able to view all your stored passwords in Safari. They should at least require your iCloud Keychain password to view these, or just asterisk them out. If someone saw you enter your four digit unlock code, and then put your phone down, they could get this information without you even knowing it. This is not safe.

  The purpose of that section is so that you can see your passwords, there wouldn't be much point in replacing them with asterisks. They are password protected, just don't give others your password.

• Flash security concerns, 16.0.0.296 is installed - but 16.0.0.287 is actual?

  Windows 7 -> Adobe - Flash Player: 16.0.0.296 is the installed version, but the list below (Platform, Browser, Player version) shows 16.0.0.287 as actual .... Should we "downgrade" ?
  Due the latest security concerns with flash, I had to rethink the whole story - maybe better just uninstall flash?
  rgds,
  Chris

  Hi Chris,
  Version 16.0.0.296 is the latest release available.  However, it's only being pushed out through our silent auto update and enterprise distribution channels.  We're hard at work making sure this is also available on https://get.adobe.com/flashplayer but that's going to take another day or two to complete.  Once it's out everywhere, we'll update our release notes and associated pages with the proper version number.
  Thanks,
  Chris

• Help - using custom login module with embedded jdev oc4j to access ejb 3

  Hi All (Frank ??),
  I'm just wondering if anyone has successfully been able to leverage a custom login module in combination
  with a client that connects to a local EJB 3 stateless session bean through Jdeveloper 10.1.3.2's embedded oc4j.
  I have spent 2+ days trying to get this to work - and i think I resound now to the fact im going to
  have to deploy to oc4j standalone instead.
  I got close.. but finally was trumped with the following error from the client trying to access the ejb:-
  javax.naming.NoPermissionException: Not allowed to look up XXXXXX, check the namespace-access tag
  setting in orion-application.xml for details.
  Using the various guides available, I had no problem getting the custom login module working
  with a local servlet running from JDev's embedded oc4j.. however with ejb - no such luck.
  I have a roles table (possible values Member, Admin) - that maps to sr_Member and sr_Admin
  respectively in various config files.
  I'm using EJB 3 annotations for protecting methods .. for example
  @RolesAllowed("sr_Member")
  Steps that I had to do so far :-
  In <jdevhome>\jdev\system\oracle.jwee.10.1.3.40.66\embedded-oc4j\config\system-jazn-data.xml1) Add custom login module
      <application>
        <name>current-workspace-app</name>
        <login-modules>
          <login-module>
            <class>kr.security.KnowRushLoginModule</class>
            <control-flag>required</control-flag>
            <options>
              <option>
                <name>dataSource</name>
                <value>jdbc/DB_XE_KNOWRUSHDS</value>
              </option>
              <option>
                <name>user.table</name>
                <value>users</value>
              </option>
              <option>
                <name>user.pk.column</name>
                <value>id</value>
              </option>
              <option>
                <name>user.name.column</name>
                <value>email_address</value>
              </option>
              <option>
                <name>user.password.column</name>
                <value>password</value>
              </option>
              <option>
                <name>role.table</name>
                <value>roles</value>
              </option>
              <option>
                <name>role.to.user.fk.column</name>
                <value>user_id</value>
              </option>
              <option>
                <name>role.name.column</name>
                <value>name</value>
              </option>
            </options>
          </login-module>
        </login-modules>
      </application>2) Grant login rmi permission to roles associated with custom login module (also in system-jazn-data.xml)
    <grant>
      <grantee>
        <principals>
          <principal>
            <realm-name>jazn.com</realm-name>
            <type>role</type>
            <class>kr.security.principals.KRRolePrincipal</class>
            <name>Admin</name>
          </principal>
        </principals>
      </grantee>
      <permissions>
        <permission>
          <class>com.evermind.server.rmi.RMIPermission</class>
          <name>login</name>
        </permission>
      </permissions>
    </grant>
    <grant>
      <grantee>
        <principals>
          <principal>
            <realm-name>jazn.com</realm-name>
            <type>role</type>
            <class>kr.security.principals.KRRolePrincipal</class>
            <name>Member</name>
          </principal>
        </principals>
      </grantee>
      <permissions>
        <permission>
          <class>com.evermind.server.rmi.RMIPermission</class>
          <name>login</name>
        </permission>
      </permissions>
    </grant>3) I've tried creating various oracle and j2ee deployment descriptors (even though ejb-jar.xml and orion-ejb-jar.xml get created automatically when running the session bean in jdev).
  My ejb-jar.xml contains :-
  <?xml version="1.0" encoding="utf-8"?>
  <ejb-jar xmlns ....
    <assembly-descriptor>
      <security-role>
        <role-name>sr_Admin</role-name>
      </security-role>
      <security-role>
        <role-name>sr_Member</role-name>
      </security-role>
    </assembly-descriptor>
  </ejb-jar>Note- i'm not specifying the enterprise-beans stuff, as JDev seems to populate this automatically.
  My orion-ejb-jar.xml contains ...
  <?xml version="1.0" encoding="utf-8"?>
  <orion-ejb-jar ...
    <assembly-descriptor>
      <security-role-mapping name="sr_Admin">
        <group name="Admin"></group>
      </security-role-mapping>
      <security-role-mapping name="sr_Member">
        <group name="Member"></group>
      </security-role-mapping>
      <default-method-access>
        <security-role-mapping name="sr_Member" impliesAll="true">
        </security-role-mapping>
      </default-method-access>
    </assembly-descriptor>My orion-application.xml contains ...
  <?xml version="1.0" encoding="utf-8"?>
  <orion-application xmlns ...
    <security-role-mapping name="sr_Admin">
      <group name="Admin"></group>
    </security-role-mapping>
    <security-role-mapping name="sr_Member">
      <group name="Member"></group>
    </security-role-mapping>
    <jazn provider="XML">
      <property name="role.mapping.dynamic" value="true"></property>
      <property name="custom.loginmodule.provider" value="true"></property>
    </jazn>
    <namespace-access>
      <read-access>
        <namespace-resource root="">
          <security-role-mapping name="sr_Admin">
            <group name="Admin"/>
            <group name="Member"/>
          </security-role-mapping>
        </namespace-resource>
      </read-access>
      <write-access>
        <namespace-resource root="">
          <security-role-mapping name="sr_Admin">
            <group name="Admin"/>
            <group name="Member"/>
          </security-role-mapping>
        </namespace-resource>
      </write-access>
    </namespace-access>
  </orion-application>My essentially auto-generated EJB 3 client does the following :-
        Hashtable env = new Hashtable();
        env.put(Context.SECURITY_PRINCIPAL, "matt.shannon");
        env.put(Context.SECURITY_CREDENTIALS, "welcome1");
        final Context context = new InitialContext(env);
        KRFacade kRFacade = (KRFacade)context.lookup("KRFacade");
  ...And throws the error
  20/04/2007 00:55:37 oracle.j2ee.rmi.RMIMessages
  EXCEPTION_ORIGINATES_FROM_THE_REMOTE_SERVER
  WARNING: Exception returned by remote server: {0}
  javax.naming.NoPermissionException: Not allowed to look
  up KRFacade, check the namespace-access tag setting in
  orion-application.xml for details
       at
  com.evermind.server.rmi.RMIClientConnection.handleLookupRe
  sponse(RMIClientConnection.java:819)
       at
  com.evermind.server.rmi.RMIClientConnection.handleOrmiComm
  andResponse(RMIClientConnection.java:283)
  ....I can see from the console that the user was successfully authenticated :-
  20/04/2007 00:55:37 kr.security.KnowRushLoginModule validate
  WARNING: [KnowRushLoginModule] User matt.shannon authenticated
  And that user is granted both the Admin, and Member roles.
  The test servlet using basic authentication correctly detects the user and roles perfectly...
    public void doGet(HttpServletRequest request,
                      HttpServletResponse response)
      throws ServletException, IOException
      LOGGER.log(Level.INFO,LOGPREFIX +"doGet called");
      response.setContentType(CONTENT_TYPE);
      PrintWriter out = response.getWriter();
      out.println("<html>");
      out.println("<head><title>ExampleServlet</title></head>");
      out.println("<body>");
      out.println("<p>The servlet has received a GET. This is the reply.</p>");
      out.println("<br> getRemoteUser = " + request.getRemoteUser());
      out.println("<br> getUserPrincipal = " + request.getUserPrincipal());
      out.println("<br> isUserInRole('sr_Admin') = "+request.isUserInRole("sr_Admin"));
      out.println("<br> isUserInRole('sr_Memeber') = "+request.isUserInRole("sr_Member"));Anyone got any ideas what could be going wrong?
  cheers
  Matt.
  Message was edited by:
  mshannon

  Thanks for the response. I checked out your blog and tried your suggestions. I'm sure it works well in standalone OC4J, but i was still unable to get it to function correctly from JDeveloper embedded.
  Did you ever get the code working directly from JDeveloper?
  Your custom code essentially seems to be the equivalent of a grant within system-jazn-data.xml.
  For example, the following grant to a custom jaas role (JAAS_ADMIN) that gets added by my custom login module gives them rmi login access :-
       <grant>
            <grantee>
                 <principals>
                      <principal>
                           <realm-name>jazn.com</realm-name>
                           <type>role</type>
                           <class>kr.security.principals.KRRolePrincipal</class>
                           <name>JAAS_Admin</name>
                      </principal>
                 </principals>
            </grantee>
            <permissions>
                 <permission>
                      <class>com.evermind.server.rmi.RMIPermission</class>
                      <name>login</name>
                 </permission>
            </permissions>
       </grant>If I add the following to orion-application.xml
    <!-- Granting login permission to users accessing this EJB. -->
    <namespace-access>
      <read-access>
        <namespace-resource root="">
          <security-role-mapping>
            <group name="JAAS_Admin"></group>
          </security-role-mapping>
        </namespace-resource>
      </read-access>Running a standalone client against the embedded jdev oc4j server gives the namespace-access error.
  I tried out your code by essentially creating a static reference to a singleton class that does the role lookup/provisioning with rmi login grant :-
  From custom login module :-
    private static KRSecurityHelper singleton = new KRSecurityHelper();
    protected Principal[] m_Principals;
      Vector v = new Vector();
        v.add(singleton.getCustomRmiConnectRole());
        // set principals in LoginModule
        m_Principals=(Principal[]) v.toArray(new Principal[v.size()]);
  Singleton class :-
  package kr.security;
  import com.evermind.server.rmi.RMIPermission;
  import java.util.logging.Level;
  import java.util.logging.Logger;
  import oracle.security.jazn.JAZNConfig;
  import oracle.security.jazn.policy.Grantee;
  import oracle.security.jazn.realm.Realm;
  import oracle.security.jazn.realm.RealmManager;
  import oracle.security.jazn.realm.RealmRole;
  import oracle.security.jazn.realm.RoleManager;
  import oracle.security.jazn.policy.JAZNPolicy;
  import oracle.security.jazn.JAZNException;
  public class KRSecurityHelper
    private static final Logger LOGGER = Logger.getLogger("kr.security");
    private static final String LOGPREFIX = "[KRSecurityHelper] ";
    public static String CUSTOM_RMI_CONNECT_ROLE = "remote_connect";
    private RealmRole m_Role = null;
    public KRSecurityHelper()
      LOGGER.log(Level.FINEST,LOGPREFIX +"calling JAZNConfig.getJAZNConfig");
      JAZNConfig jc = JAZNConfig.getJAZNConfig();
      LOGGER.log(Level.FINEST,LOGPREFIX +"calling jc.getRealmManager");
      RealmManager realmMgr = jc.getRealmManager();
      try
        // Get the default realm .. e.g. jazn.com
        LOGGER.log(Level.FINEST,LOGPREFIX +"calling jc.getGetDefaultRealm");
        Realm r = realmMgr.getRealm(jc.getDefaultRealm());
        LOGGER.log(Level.INFO,LOGPREFIX +"default realm: "+r.getName());
        // Access the role manager for the remote connection role
        LOGGER.log(Level.FINEST,
          LOGPREFIX +"calling default_realm.getRoleManager");
        RoleManager roleMgr = r.getRoleManager();
        LOGGER.log(Level.INFO,LOGPREFIX +"looking up custom role '"
          CUSTOM_RMI_CONNECT_ROLE "'");
        RealmRole rmiConnectRole = roleMgr.getRole(CUSTOM_RMI_CONNECT_ROLE);
        if (rmiConnectRole == null)
          LOGGER.log(Level.INFO,LOGPREFIX +"role does not exist, create it...");
          rmiConnectRole = roleMgr.createRole(CUSTOM_RMI_CONNECT_ROLE);
          LOGGER.log(Level.FINEST,LOGPREFIX +"constructing new grantee");
          Grantee gtee = new Grantee(rmiConnectRole);
          LOGGER.log(Level.FINEST,LOGPREFIX +"constructing login rmi permission");
          RMIPermission login = new RMIPermission("login");
          LOGGER.log(Level.FINEST,
            LOGPREFIX +"constructing subject.propagation rmi permission");
          RMIPermission subjectprop = new RMIPermission("subject.propagation");
          // make policy changes
          LOGGER.log(Level.FINEST,LOGPREFIX +"calling jc.getPolicy");
          JAZNPolicy policy = jc.getPolicy();
          if (policy != null)
            LOGGER.log(Level.INFO, LOGPREFIX
              + "add to policy grant for RMI 'login' permission to "
              + CUSTOM_RMI_CONNECT_ROLE);
            policy.grant(gtee, login);
            LOGGER.log(Level.INFO, LOGPREFIX
              + "add to policy grant for RMI 'subject.propagation' permission to "
              + CUSTOM_RMI_CONNECT_ROLE);
            policy.grant(gtee, subjectprop);
            // m_Role = rmiConnectRole;
            m_Role = roleMgr.getRole(CUSTOM_RMI_CONNECT_ROLE);
            LOGGER.log(Level.INFO, LOGPREFIX
              + m_Role.getName() + ":" + m_Role.getFullName() + ":" + m_Role.getFullName());
          else
            LOGGER.log(Level.WARNING,LOGPREFIX +"Cannot find jazn policy!");
        else
          LOGGER.log(Level.INFO,LOGPREFIX +"custom role already exists");
          m_Role = rmiConnectRole;
      catch (JAZNException e)
        LOGGER.log(Level.WARNING,
          LOGPREFIX +"Cannot configure JAZN for remote connections");
    public RealmRole getCustomRmiConnectRole()
      return m_Role;
  }Using the code approach and switching application.xml across so that namespace access is for the group remote_connect, I get the following error from my bean :-
  INFO: Login permission not granted for current-workspace-app (test.user)
  Thus, the login permission that I'm adding through the custom remote_connect role does not seem to work. Even if it did, i'm pretty sure I would still get that namespace error.
  This has been such a frustrating process. All the custom login module samples using embedded JDeveloper show simple j2ee servlet protection based on settings in web.xml.
  There are no samples showing jdeveloper embedded oc4j using ejb with custom login modules.
  Hopefully the oc4j jdev gurus like Frank can write a paper that demonstrates this.
  Matt.

• How to make Custom Discoverer workbook use Custom Security profile of Apps

  We use Discoverer in Oracle Apps setup. We have added Custom security in our HR People Form of Apps.
  This Custom Security restricts one HR Emplpoyee not view other HR employee record except for himself/herself. Also maintining that they should be able to view all other employee's records.
  The following code was put under the Security Profile Form -- > Custom Security Tab
  exists (select 1
  from per_jobs b
  where ASSIGNMENT.job_id = b.job_id
  and (b.name not like '%HR%')
  and (b.name not like '%Human%')
  and ASSIGNMENT.assignment_number is not null
  union
  select 1
  from fnd_user fu
  where fu.user_name = fnd_global.user_name
  and fu.employee_id = PERSON.person_id
  and ASSIGNMENT.assignment_number is not null)
  Above security profile works fine for HR People Form.
  However, It does not work for our Discoverer Workbooks. I found a note on Metalink 422841.1 which talks about leveraging the Custom Security of Apps in Discoverer Report. I read it, but did not get much clue.
  Can Anyone help.
  Thanks

  Hi,
  If you want to use custom HR security with Discoverer you have to ensure that the correct security filters are applied when the Discoverer reports are run. These filters can use the supplied HR_SECURITY package or you can develop your own conditions using table lookups or functions. To get the filters applied to your reports you have a number of options:
  1. Build the security into custom folders using additional conditions
  2. Use custom database views in Discoverer and build the security into the views
  3. Use mandatory conditions in you Discoverer folders using either a function call or database contexts set at login time
  4. Use VPD (Virtual Private Database)
  I am not sure which of these options you are using to implement your HR security in Discoverer. The last option, VPD, is the most flexible and can give the best performance but maybe it is more complex to set up.
  Rod West

• OEPE can't launch server that uses custom Security provider

  I recently migrated a Weblogic 8.1 server that we had a custom security provider for, to 10.3.2. It works fine when started with the startWeblogic.cmd file but when I try to start it using OEPE in eclipse it starts fine and runs fine but OEPE reports that
  "Unable to validate WebLogic domain.Please make sure the running WebLogic instance is an Administration Server"
  When I look at the Error Log it appears that it thinks one of my custom security classes is not found. But the server is running fine, so it is fine, it's on the classpath via the use of the EXT_PREPEND_CLASSPATH environment variable.
  I am running Weblogic 10.3.2 on Windows XP using eclipse Ganymede 3.5.2 and OEPE version 1.5.0.201003170852
  Here's the Error Log:
  eclipse.buildId=
  java.version=1.6.0_03
  java.vendor=Sun Microsystems Inc.
  BootLoader constants: OS=win32, ARCH=x86, WS=win32, NL=en_US
  Framework arguments: -product org.eclipse.epp.package.jee.product
  Command-line arguments: -os win32 -ws win32 -arch x86 -product org.eclipse.epp.package.jee.product
  This is a continuation of log file C:\tools\eclipse-workspaces\galileo\.metadata\.bak_3.log
  Created Time: 2010-05-12 14:04:01.549
  Error
  Thu May 13 14:25:11 EDT 2010
  Server Weblogic 10.3 failed to start.
  eclipse.buildId=
  java.version=1.6.0_03
  java.vendor=Sun Microsystems Inc.
  BootLoader constants: OS=win32, ARCH=x86, WS=win32, NL=en_US
  Framework arguments: -product org.eclipse.epp.package.jee.product
  Command-line arguments: -os win32 -ws win32 -arch x86 -product org.eclipse.epp.package.jee.product
  This is a continuation of log file C:\tools\eclipse-workspaces\galileo\.metadata\.bak_3.log
  Created Time: 2010-05-12 14:04:01.549
  Error
  Thu May 13 14:25:10 EDT 2010
  Another server (or another process) is running on the same TCP/IP port '7001'.
  eclipse.buildId=
  java.version=1.6.0_03
  java.vendor=Sun Microsystems Inc.
  BootLoader constants: OS=win32, ARCH=x86, WS=win32, NL=en_US
  Framework arguments: -product org.eclipse.epp.package.jee.product
  Command-line arguments: -os win32 -ws win32 -arch x86 -product org.eclipse.epp.package.jee.product
  This is a continuation of log file C:\tools\eclipse-workspaces\galileo\.metadata\.bak_3.log
  Created Time: 2010-05-12 14:04:01.549
  Warning
  Thu May 13 14:25:10 EDT 2010
  Unable to validate WebLogic domain.
  Please make sure the running WebLogic instance is an Administration Server
  eclipse.buildId=
  java.version=1.6.0_03
  java.vendor=Sun Microsystems Inc.
  BootLoader constants: OS=win32, ARCH=x86, WS=win32, NL=en_US
  Framework arguments: -product org.eclipse.epp.package.jee.product
  Command-line arguments: -os win32 -ws win32 -arch x86 -product org.eclipse.epp.package.jee.product
  This is a continuation of log file C:\tools\eclipse-workspaces\galileo\.metadata\.bak_3.log
  Created Time: 2010-05-12 14:04:01.549
  Error
  Thu May 13 14:25:10 EDT 2010
  java.io.IOException
       at weblogic.management.remote.common.ClientProviderBase.makeConnection(ClientProviderBase.java:187)
       at weblogic.management.remote.common.ClientProviderBase.newJMXConnector(ClientProviderBase.java:81)
       at javax.management.remote.JMXConnectorFactory.newJMXConnector(Unknown Source)
       at javax.management.remote.JMXConnectorFactory.connect(Unknown Source)
       at oracle.eclipse.tools.weblogic.server.internal.WlsJMXHelper.createConnector(WlsJMXHelper.java:269)
       at oracle.eclipse.tools.weblogic.server.internal.WlsJMXHelper.connectToJMX(WlsJMXHelper.java:76)
       at oracle.eclipse.tools.weblogic.server.internal.WlsJMXHelper.getDomainAttribute(WlsJMXHelper.java:139)
       at oracle.eclipse.tools.weblogic.server.internal.WlsJ2EEDeploymentHelper.validateRemote(WlsJ2EEDeploymentHelper.java:1687)
       at oracle.eclipse.tools.weblogic.server.internal.WeblogicServerBehaviour.validateRemote(WeblogicServerBehaviour.java:2646)
       at oracle.eclipse.tools.weblogic.server.internal.ServerWatcher.runOnce(ServerWatcher.java:574)
       at oracle.eclipse.tools.weblogic.server.internal.ServerWatcher.run(ServerWatcher.java:482)
       at java.lang.Thread.run(Unknown Source)
  Caused by: javax.naming.CommunicationException [Root exception is weblogic.rjvm.PeerGoneException: ; nested exception is:
       weblogic.utils.NestedException: java.lang.AssertionError: Exception creating response stream]
       at weblogic.jndi.internal.ExceptionTranslator.toNamingException(ExceptionTranslator.java:74)
       at weblogic.jndi.internal.WLContextImpl.translateException(WLContextImpl.java:452)
       at weblogic.jndi.internal.WLContextImpl.lookup(WLContextImpl.java:408)
       at weblogic.jndi.internal.WLContextImpl.lookup(WLContextImpl.java:393)
       at javax.naming.InitialContext.lookup(Unknown Source)
       at weblogic.management.remote.common.ClientProviderBase.makeConnection(ClientProviderBase.java:170)
       ... 11 more
  Caused by: weblogic.rjvm.PeerGoneException: ; nested exception is:
       weblogic.utils.NestedException: java.lang.AssertionError: Exception creating response stream
       at weblogic.rjvm.ResponseImpl.unmarshalReturn(ResponseImpl.java:234)
       at weblogic.rmi.cluster.ClusterableRemoteRef.invoke(ClusterableRemoteRef.java:348)
       at weblogic.rmi.cluster.ClusterableRemoteRef.invoke(ClusterableRemoteRef.java:259)
       at weblogic.jndi.internal.ServerNamingNode_1032_WLStub.lookup(Unknown Source)
       at weblogic.jndi.internal.WLContextImpl.lookup(WLContextImpl.java:405)
       ... 14 more
  Caused by: weblogic.utils.NestedException: java.lang.AssertionError: Exception creating response stream
       at weblogic.rjvm.RJVMImpl.gotExceptionReceiving(RJVMImpl.java:957)
       at weblogic.rjvm.ConnectionManager.gotExceptionReceiving(ConnectionManager.java:1030)
       at weblogic.rjvm.MsgAbbrevJVMConnection.gotExceptionReceiving(MsgAbbrevJVMConnection.java:459)
       at weblogic.rjvm.t3.MuxableSocketT3.hasException(MuxableSocketT3.java:327)
       at weblogic.socket.SocketMuxer.deliverExceptionAndCleanup(SocketMuxer.java:784)
       at weblogic.socket.SocketMuxer.deliverHasException(SocketMuxer.java:724)
       at weblogic.socket.JavaSocketMuxer.processSockets(JavaSocketMuxer.java:359)
       at weblogic.socket.SocketReaderRequest.run(SocketReaderRequest.java:29)
       at weblogic.work.ExecuteRequestAdapter.execute(ExecuteRequestAdapter.java:21)
       at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:145)
       at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:117)
  Caused by: java.lang.AssertionError: Exception creating response stream
       at weblogic.rjvm.MsgAbbrevJVMConnection.readMsgAbbrevs(MsgAbbrevJVMConnection.java:238)
       at weblogic.rjvm.MsgAbbrevInputStream.init(MsgAbbrevInputStream.java:173)
       at weblogic.rjvm.MsgAbbrevJVMConnection.dispatch(MsgAbbrevJVMConnection.java:439)
       at weblogic.rjvm.t3.MuxableSocketT3.dispatch(MuxableSocketT3.java:322)
       at weblogic.socket.BaseAbstractMuxableSocket.dispatch(BaseAbstractMuxableSocket.java:298)
       at weblogic.socket.SocketMuxer.readReadySocketOnce(SocketMuxer.java:915)
       at weblogic.socket.SocketMuxer.readReadySocket(SocketMuxer.java:844)
       at weblogic.socket.JavaSocketMuxer.processSockets(JavaSocketMuxer.java:335)
       ... 4 more
  Caused by: java.lang.ClassNotFoundException: com.companyname.security.principal.CompanyNameWebLogicPrincipal
       at java.net.URLClassLoader$1.run(Unknown Source)
       at java.security.AccessController.doPrivileged(Native Method)
       at java.net.URLClassLoader.findClass(Unknown Source)
       at java.lang.ClassLoader.loadClass(Unknown Source)
       at java.lang.ClassLoader.loadClass(Unknown Source)
       at java.lang.ClassLoader.loadClassInternal(Unknown Source)
       at java.lang.Class.forName0(Native Method)
       at java.lang.Class.forName(Unknown Source)
       at java.io.ObjectInputStream.resolveClass(Unknown Source)
       at java.io.ObjectInputStream.readNonProxyDesc(Unknown Source)
       at java.io.ObjectInputStream.readClassDesc(Unknown Source)
       at java.io.ObjectInputStream.readOrdinaryObject(Unknown Source)
       at java.io.ObjectInputStream.readObject0(Unknown Source)
       at java.io.ObjectInputStream.readObject(Unknown Source)
       at java.util.LinkedList.readObject(Unknown Source)
       at sun.reflect.GeneratedMethodAccessor46.invoke(Unknown Source)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
       at java.lang.reflect.Method.invoke(Unknown Source)
       at java.io.ObjectStreamClass.invokeReadObject(Unknown Source)
       at java.io.ObjectInputStream.readSerialData(Unknown Source)
       at java.io.ObjectInputStream.readOrdinaryObject(Unknown Source)
       at java.io.ObjectInputStream.readObject0(Unknown Source)
       at java.io.ObjectInputStream.defaultReadFields(Unknown Source)
       at java.io.ObjectInputStream.readSerialData(Unknown Source)
       at java.io.ObjectInputStream.readOrdinaryObject(Unknown Source)
       at java.io.ObjectInputStream.readObject0(Unknown Source)
       at java.io.ObjectInputStream.defaultReadFields(Unknown Source)
       at java.io.ObjectInputStream.defaultReadObject(Unknown Source)
       at weblogic.security.acl.internal.AuthenticatedSubject.readObject(AuthenticatedSubject.java:406)
       at sun.reflect.GeneratedMethodAccessor57.invoke(Unknown Source)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
       at java.lang.reflect.Method.invoke(Unknown Source)
       at java.io.ObjectStreamClass.invokeReadObject(Unknown Source)
       at java.io.ObjectInputStream.readSerialData(Unknown Source)
       at java.io.ObjectInputStream.readOrdinaryObject(Unknown Source)
       at java.io.ObjectInputStream.readObject0(Unknown Source)
       at java.io.ObjectInputStream.readObject(Unknown Source)
       at weblogic.rjvm.InboundMsgAbbrev.readObject(InboundMsgAbbrev.java:65)
       at weblogic.rjvm.InboundMsgAbbrev.read(InboundMsgAbbrev.java:37)
       at weblogic.rjvm.MsgAbbrevJVMConnection.readMsgAbbrevs(MsgAbbrevJVMConnection.java:227)
       ... 11 more

  I am also facing the same issue.
  i am running my web service program on tomcat. the server is weblogic 9.1. I am trying to invoke the EJBs running on the server from the tomcat.
  i am getting similar exception. anyone got a solution for this ?
  Caused by: weblogic.rjvm.PeerGoneException: ; nested exception is:weblogic.utils.NestedException: java.lang.AssertionError: Exception creating response stream at weblogic.rjvm.ResponseImpl.unmarshalReturn(ResponseImpl.java:234)
  thanks
  Kiranlal.

• I am changing from Word to Pages. I have created my custom template with all my styles etc and that is what comes up when I go for a New Document. Fine. How do I get it to use the same Custom Template when I use Pages to open a Word document?

  I am changing from Word to Pages. I have created my custom template with all my styles etc and that is what comes up when I go for a New Document. Fine. How do I get it to use the same Custom Template when I use Pages to open a Word document?

  The template is a document in itself, it is not applied to an existing document whether it is a Pages document or a Word document converted to a Pages document.
  You would need to either copy and paste content, using existing styles, or apply the styles to the converted Word document.
  You can Import the Styles from an existing document and those imported Styles can be used to override the current document's styles:
  Menu > Format > Import Styles
  The process is simplified if the styles use the same names, otherwise you will need to delete the style you don't want and replace it with the one that you do want when asked, then the substitution is pretty straightforward.
  Peter

• My itunes in pc fails to secure link with itunes store it shows the process bar it automatically quits the process it also does not shows any on the screen. i am using windows xp service pack 3. what shoul i do?

  my itunes in pc fails to secure link with itunes store it shows the process bar it automatically quits the process it also does not shows any on the screen. i am using windows xp service pack 3. what shoul i do?
  Diagnostics test
  Microsoft Windows XP Professional Service Pack 3 (Build 2600)
  ECS G31T-M7
  iTunes 10.5.2.11
  QuickTime 7.6.9
  FairPlay 1.13.37
  Apple Application Support 2.1.6
  iPod Updater Library 10.0d2
  CD Driver 2.2.0.1
  CD Driver DLL 2.1.1.1
  Apple Mobile Device 4.0.0.97
  Apple Mobile Device Driver 1.57.0.0
  Bonjour 3.0.0.10 (333.10)
  Gracenote SDK 1.9.5.502
  Gracenote MusicID 1.9.5.115
  Gracenote Submit 1.9.5.143
  Gracenote DSP 1.9.5.45
  iTunes Serial Number 0012ABAC07F3CCB0
  Current user is an administrator.
  The current local date and time is 2011-12-31 14:06:21.
  iTunes is not running in safe mode.
  WebKit accelerated compositing is enabled.
  HDCP is not supported.
  Core Media is not supported. (16005)
  Video Display Information
  Intel(R) G33/G31 Express Chipset Family
  **** External Plug-ins Information ****
  No external plug-ins installed.
  **** Network Connectivity Tests ****
  Network Adapter Information
  Adapter Name:        {7599FAD1-1BB9-4AC6-80AF-404253DC519E}
  Description:            Atheros L2 Fast Ethernet 10/100 Base-T Controller - Packet Scheduler Miniport
  IP Address:             192.168.1.5
  Subnet Mask:          255.255.255.0
  Default Gateway:    192.168.1.1
  DHCP Enabled:      Yes
  DHCP Server:         192.168.1.1
  Lease Obtained:     Sat Dec 31 13:46:09 2011
  Lease Expires:       Tue Jan 03 13:46:09 2012
  DNS Servers:         192.168.1.1
  Active Connection: LAN Connection
  Connected:             Yes
  Online:                    Yes
  Using Modem:        No
  Using LAN:             Yes
  Using Proxy:           No
  SSL 3.0 Support:     Enabled
  TLS 1.0 Support:     Enabled
  Firewall Information
  Windows Firewall is on.
  iTunes is enabled in Windows Firewall.
  Connection attempt to Apple web site was successful.
  Connection attempt to browsing iTunes Store was successful.
  Connection attempt to purchasing from iTunes Store was successful.
  Connection attempt to iPhone activation server was unsuccessful.
  The network connection timed out.
  Connection attempt to firmware update server was unsuccessful.
  The network connection timed out.
  Connection attempt to Gracenote server was successful.
  Last successful iTunes Store access was 2011-12-31 14:00:02.
  **** Device Connectivity Tests ****
  iPodService 10.5.2.11 is currently running.
  iTunesHelper 10.5.2.11 is currently running.
  Apple Mobile Device service 3.3.0.0 is currently running.
  Universal Serial Bus Controllers:
  Intel(R) 82801G (ICH7 Family) USB Universal Host Controller - 27C8.  Device is working properly.
  Intel(R) 82801G (ICH7 Family) USB Universal Host Controller - 27C9.  Device is working properly.
  Intel(R) 82801G (ICH7 Family) USB Universal Host Controller - 27CA.  Device is working properly.
  Intel(R) 82801G (ICH7 Family) USB Universal Host Controller - 27CB.  Device is working properly.
  Intel(R) 82801G (ICH7 Family) USB2 Enhanced Host Controller - 27CC.  Device is working properly.
  No FireWire (IEEE 1394) Host Controller found.
  Connected Device Information:
  rawkiss’s iPhone, iPhone 3G running firmware version 4.0
  Serial Number:       86931UEAY7H
  **** Device Sync Tests ****
  Sync tests completed successfully.

  I have found a fix after doing additional research through this forum. Tech Note #328730 addresses this problem and it works for Photoshop Album 3.2 even though it was written for release 1.0.
  Here is a link that will take you directly to the Tech Note:
  http://kb.adobe.com/selfservice/viewContent.do?externalId=328730
  When using this fix the Tech Note indicates:
  "Imported image data and tags are lost when you re-create the My Catalog.psa file, so you need to reimport images and reapply any tags"
  however it did retain the captions (at least it did for me).