Data Access control in J2EE technologies/apps

Similar Messages

• HRMS Data access control

  Hi,
  Can fine grained access control (VPD) be used to implement access control security policy for HRMS sensitive data. The business requirement is that the HRMS data should not be visible to any querying tool other than Oracle applications core HRMS forms.
  What kind of a security policy be enforced to achive this and are there any compatibility issues/limitations of this.
  Thanks in advance,
  Regards,
  Mahesh
  null

  you are right, access control is very application dependent, and is therefore not a good target to turn into a generic framework.
  In my opinion the king of security frameworks is Spring Security, so you could take a look at that.
  [http://static.springsource.org/spring-security/site/|http://static.springsource.org/spring-security/site/]
  Other than that, I have used a simple setup using Javaserver Faces. I had a user bean with a set of boolean flags indicating the user's capabilities (directly mapped to a database table) and in the components I would have rendered="#{user.userRole}" attributes where necessary, to conditionally switch off elements when the user wasn't allowed to see it, in some cases rendering a readonly view in stead.
  Its a chore to test, but quite easy to maintain and to read IMO.

• ADF Authorization for ADF Mobile:Configuring Access Control URL for ADF App

  Can someone explain, how to expose weblogic user roles as a Rest Json Api? Basically I want to set up Access Control URL to authorize users on adf mobile.

  Hi Frank,
  This is what I did. Could you please let me know if I am doing it right.
  1. Created an adf application with a simple page and applied security basic http authentication.
  2. Added a rest service implementation in the same application, changed the adf application web.xml as below
  <servlet-mapping> 
     <servlet-name>jersey</servlet-name> 
     <url-pattern>/jersey/*</url-pattern> 
    </servlet-mapping>
  3. When I test the rest service in browser, it asks to log in and returns the user roles. Below is my rest implementation
  @POST
  @Produces(MediaType.APPLICATION_JSON)
  public User getMessag3() throws Exception {
  return new User();}
  the rest service returns the logged in user roles in below json format.
  {"userid":"susant","roles":["SSBAccessGroup","authenticated-role","SSBAccessApp","anonymous-role"],"priviledges":[]}
  Do I need to implement anything on the ADF mobile side or I can just add the rest service url to the authorization tab. Will adf mobile automatically handle sending the http request.
  Actually I just added the rest service url to adfm-applications connections authorization tab and I am getting ACS failed error after log in.
  Thanks

• SharePoint Provider Hosted App (401) Unauthorized Microsoft.SharePoint.SPException: The Azure Access Control service is unavailable

  Hello,
  I'm attempting to get a SharePoint 2013 Provider Hosted Application working in a brand new SharePoint environment.  I've created snapshots of both my dev and the sharepoint environments along the way and have meticulously documented every step of the
  way.  I've followed these instructions (among many other resources found along this journey) :
  http://msdn.microsoft.com/en-us/library/fp179923(office.15).aspx
  http://technet.microsoft.com/en-us/library/fp161236(office.15).aspx
  http://msdn.microsoft.com/library/office/fp179901%28v=office.15%29
  Upon package and publish of my application to SharePoint, I get a 401 Unauthorized error.  I use Fiddler to obtain the SPErrorCorrelationID to ultimately obtain the following ULS Viewer Output.  Please explain how to fix if you're able.
  Please Note:  I was under the impression that a Provider Hosted Application does not use the Azure Access Control service, so I'm confused as to why my system is attempting to make this connection?
  Also Note:  I've used a self signed and godday obtained certificate to successfully f5 debug my basic web.title (out of the visual studio 2012 box) sharepoint provider hosted application... so I know my certs are good.
  Here's my ULS output:
  03/24/2014 08:54:47.83    w3wp.exe (0x1448)    0x22D8    SharePoint Foundation    Logging Correlation Data    xmnv    Medium    Name=Request (GET:http://portal.cltenet.com/_layouts/15/appredirect.aspx?instance_id=22d5252f%2D392c%2D4f68%2Db820%2Da3053b9d4f24)  
   306c809c-66a1-d0d5-d8e2-89d3631ce1bf
  03/24/2014 08:54:47.83    w3wp.exe (0x1448)    0x22D8    SharePoint Foundation    Authentication Authorization    agb9s    Medium    Non-OAuth request.
  IsAuthenticated=True, UserIdentityName=0#.w|cltenet\sp.apps, ClaimsCount=25    306c809c-66a1-d0d5-d8e2-89d3631ce1bf
  03/24/2014 08:54:47.83    w3wp.exe (0x1448)    0x22D8    SharePoint Foundation    Logging Correlation Data    xmnv    Medium    Site=/    306c809c-66a1-d0d5-d8e2-89d3631ce1bf
  03/24/2014 08:54:47.84    w3wp.exe (0x1448)    0x22D8    SharePoint Foundation    App Deployment    acjjg    Medium    The current user has System.Threading.Thread.CurrentPrincipal.Identity.Name
  = 0#.w|cltenet\sp.apps, System.Security.Principal.WindowsIdentity.GetCurrent().Name = NT AUTHORITY\IUSR, System.Web.HttpContext.Current.User.Identity.Name = 0#.w|cltenet\sp.apps.    306c809c-66a1-d0d5-d8e2-89d3631ce1bf
  03/24/2014 08:54:47.84    w3wp.exe (0x1448)    0x22D8    SharePoint Foundation    App Auth    ajsrv    Medium    redirectLaunUrl after getting it from query
  string, web or app instance: https://hightrust31.cltenetapps.com/Pages/Default.aspx?{StandardTokens}    306c809c-66a1-d0d5-d8e2-89d3631ce1bf
  03/24/2014 08:54:47.85    w3wp.exe (0x1448)    0x22D8    SharePoint Foundation    General    aib0n    High    trying to get app tokens for site: 888b71f7-51ee-40f5-8344-8de4869d37d0
  Unable to load app tokens from appInstanceId: 22d5252f-392c-4f68-b820-a3053b9d4f24    306c809c-66a1-d0d5-d8e2-89d3631ce1bf
  03/24/2014 08:54:47.85    w3wp.exe (0x1448)    0x22D8    SharePoint Foundation    App Auth    ajsrw    Medium    redirectLaunUrl after getting token replacement:
  https://hightrust31.cltenetapps.com/Pages/Default.aspx?SPHostUrl=http%3A%2F%2Fportal%2Ecltenet%2Ecom&SPLanguage=en%2DUS&SPClientTag=0&SPProductNumber=15%2E0%2E4420%2E1017    306c809c-66a1-d0d5-d8e2-89d3631ce1bf
  03/24/2014 08:54:47.85    w3wp.exe (0x1448)    0x22D8    SharePoint Foundation    App Auth    ajsry    Medium    m_oauthAppId after NormalizeAppIdentifier()
  i:0i.t|ms.sp.ext|[email protected]8df36d5d.  Now getting app principal info.    306c809c-66a1-d0d5-d8e2-89d3631ce1bf
  03/24/2014 08:54:47.85    w3wp.exe (0x1448)    0x22D8    SharePoint Foundation    App Auth    ajsr0    Medium    decided that we need to do a POST to the
  app.    306c809c-66a1-d0d5-d8e2-89d3631ce1bf
  03/24/2014 08:54:47.85    w3wp.exe (0x1448)    0x22D8    SharePoint Foundation    App Auth    ajsr1    Medium    m_redirectMessage: EndpointAuthorityMatches  
   306c809c-66a1-d0d5-d8e2-89d3631ce1bf
  03/24/2014 08:54:47.85    w3wp.exe (0x1448)    0x22D8    SharePoint Foundation    App Auth    ajsr2    Medium    realm matched attempting to get app token
  using GetAccessToken()    306c809c-66a1-d0d5-d8e2-89d3631ce1bf
  03/24/2014 08:54:47.85    w3wp.exe (0x1448)    0x22D8    SharePoint Foundation    App Auth    advzm    High    Error when get token for app i:0i.t|ms.sp.ext|[email protected]8df36d5d,
  exception: Microsoft.SharePoint.SPException: The Azure Access Control service is unavailable.     at Microsoft.SharePoint.ApplicationServices.SPApplicationContext.GetApplicationSecurityTokenServicesUri(SPServiceContext serviceContext)    
  at Microsoft.SharePoint.ApplicationServices.SPApplicationContext..ctor(SPServiceContext serviceContext, SPIdentityContext userIdentity, OAuth2EndpointIdentity applicationEndPoint)     at Microsoft.SharePoint.SPSecurityContext.SecurityTokenForApplicationContext(SPIdentityContext
  userIdentityContext, String applicationId, Uri applicationRealm, SPApplicationContextAccessTokenType applicationTokenType, SPApplicationDelegationConsentType consentValue)     at Microsoft.SharePoint.SPServerToAppServerAccessTokenManager.GetAccessTokenPrivate(SPServiceContext
  serviceContext, String appId, Uri appEndpointUrl, SPAppPrincipalInfo appPrincipal, SPApplicationContextAccessTokenType tokenType, Boolean useThreadIdentity, SPUserToken userToken)    306c809c-66a1-d0d5-d8e2-89d3631ce1bf
  03/24/2014 08:54:47.85    w3wp.exe (0x1448)    0x22D8    SharePoint Foundation    App Auth    ajsr3    High    App token requested from appredirect.aspx
  for site: 888b71f7-51ee-40f5-8344-8de4869d37d0 but there was an error in generating it.  This may be a case when we do not need a token or when the app principal was not properly set up.  LaunchUrl:https://hightrust31.cltenetapps.com/Pages/Default.aspx?SPHostUrl=http://portal.cltenet.com&SPLanguage=en-US&SPClientTag=0&SPProductNumber=15.0.4420.1017
  Exception Message:The Azure Access Control service is unavailable.  Stacktrace:    at Microsoft.SharePoint.ApplicationServices.SPApplicationContext.GetApplicationSecurityTokenServicesUri(SPServiceContext serviceContext)    
  at Microsoft.SharePoint.ApplicationServices.SPApplicationContext..ctor(SPServiceContext serviceContext, SPIdentityContext userIdentity, OAuth2EndpointIdentity applicationEndPoint)     at Microsoft.SharePoint.SPSecurityContext.SecurityTokenForApplicationContext(SPIdentityContext
  userIdentityContext, String applicationId, Uri applicationRealm, SPApplicationContextAccessTokenType applicationTokenType, SPApplicationDelegationConsentType consentValue)     at Microsoft.SharePoint.SPServerToAppServerAccessTokenManager.GetAccessTokenPrivate(SPServiceContext
  serviceContext, String appId, Uri appEndpointUrl, SPAppPrincipalInfo appPrincipal, SPApplicationContextAccessTokenType tokenType, Boolean useThreadIdentity, SPUserToken userToken)     at Microsoft.SharePoint.SPServerToAppServerAccessTokenManager.GetAccessTokenFromThreadIdentityOrUserToken(SPServiceContext
  serviceContext, String appId, Uri appEndpointUrl, SPApplicationContextAccessTokenType tokenType, SPAppPrincipalInfo appPrincipal, Boolean useThreadIdentity, SPUserToken userToken)     at Microsoft.SharePoint.ApplicationPages.AppRedirectPage.ValidateAndProcessRequest(). 
  Since this is a nonfatal error, it will be sanitized and posted to the app as part of the app launch.    306c809c-66a1-d0d5-d8e2-89d3631ce1bf
  03/24/2014 08:54:47.85    w3wp.exe (0x1448)    0x22D8    SharePoint Foundation    General    ajlz0    High    Getting Error Message for Exception Microsoft.SharePoint.SPException:
  The Azure Access Control service is unavailable.     at Microsoft.SharePoint.ApplicationServices.SPApplicationContext.GetApplicationSecurityTokenServicesUri(SPServiceContext serviceContext)     at Microsoft.SharePoint.ApplicationServices.SPApplicationContext..ctor(SPServiceContext
  serviceContext, SPIdentityContext userIdentity, OAuth2EndpointIdentity applicationEndPoint)     at Microsoft.SharePoint.SPSecurityContext.SecurityTokenForApplicationContext(SPIdentityContext userIdentityContext, String applicationId, Uri
  applicationRealm, SPApplicationContextAccessTokenType applicationTokenType, SPApplicationDelegationConsentType consentValue)     at Microsoft.SharePoint.SPServerToAppServerAccessTokenManager.GetAccessTokenPrivate(SPServiceContext serviceContext,
  String appId, Uri appEndpointUrl, SPAppPrincipalInfo appPrincipal, SPApplicationContextAccessTokenType tokenType, Boolean useThreadIdentity, SPUserToken userToken)     at Microsoft.SharePoint.SPServerToAppServerAccessTokenManager.GetAccessTokenFromThreadIdentityOrUserToken(SPServiceContext
  serviceContext, String appId, Uri appEndpointUrl, SPApplicationContextAccessTokenType tokenType, SPAppPrincipalInfo appPrincipal, Boolean useThreadIdentity, SPUserToken userToken)     at Microsoft.SharePoint.ApplicationPages.AppRedirectPage.ValidateAndProcessRequest()  
   306c809c-66a1-d0d5-d8e2-89d3631ce1bf
  03/24/2014 08:54:47.85    w3wp.exe (0x1448)    0x22D8    SharePoint Foundation    App Auth    aib0p    Medium    Doing appredirect from appredirect.aspx:
  in site: 888b71f7-51ee-40f5-8344-8de4869d37d0 with RedirectLaunchUrl: https://hightrust31.cltenetapps.com/Pages/Default.aspx?SPHostUrl=http%3A%2F%2Fportal%2Ecltenet%2Ecom&SPLanguage=en%2DUS&SPClientTag=0&SPProductNumber=15%2E0%2E4420%2E1017  
   306c809c-66a1-d0d5-d8e2-89d3631ce1bf
  03/24/2014 08:54:47.85    w3wp.exe (0x1448)    0x22D8    SharePoint Foundation    Monitoring    b4ly    Medium    Leaving Monitored Scope (Request (GET:http://portal.cltenet.com/_layouts/15/appredirect.aspx?instance_id=22d5252f%2D392c%2D4f68%2Db820%2Da3053b9d4f24)).
  Execution Time=26.5933938531294    306c809c-66a1-d0d5-d8e2-89d3631ce1bf
  Your help is very much appreciated.
  With Respect,
  Larry

  Yes, actually - I was able to resolve it.
  However I don't know how, unfortunately.  I suspect it was because I needed to have the names of the certificates, defined during the certificate registration (to sharepoint) process, different.
  I have a complete document that shows step by step instructions on the exact process I took to complete the provider hosted application creation, deployment and publishing.  It was a daunting task, but I finished it successfully.
  If there's a way to send private message on this forum, please do so and I'll respond with a way to obtain my document.
  NOTE:  I'm not all impressed with the way this forum works.  This is supposed to be a Microsoft resource and I'll be damned if I ever get a response to highly technical questions.  Completely lame.  Boooooo Microsoft.

• Data access disrupters  (DAD's)are not being displayed on control panel

  Hi,
  Data access disrupters are not being displayed on Application server control panel (sid.host.domine > HTTP Server > mod_plsql Services >DAD's ) But users are able to access their applications.
  Not able to see database access details through Application server control panel. Can you please tell me where could be the problem exists..
  Thanks,
  DJ

  I am assuming you mean Discriptors (instead of Disrupters) and I am not sure which release of Application Server you are running. But assuming it is 9i (say 9.0.3 on Windows), if you select the OC4J instance or container the applicatlion was deployed to. You will see a link to Data Sources displayed below Application Defaults.
  The files equivalent will be found in your <ORACLE_APPSHOME>\j2ee\<INSTANCE_NAME>\config\data-sources.xml

• Want Access Data Grid control in SharePoint 2013?

  Hello everyone!
  Recently we noticed something funny in SharePoint 2013. While quite many people were hoping to have the datasheet view like those in SP2007 and 2010, Microsoft has chosen a different interface to display datasheet view.
  Now, if you try to create a sub site under a publishing site, and use the
  Publishing Site template then try to create a datasheet view in the sub site, SharePoint will try to use the Access data grid control to display the view. In some situations the view will display and other situations it will not, and will show this
  error:
  The list is displayed in Standard view. It cannot be displayed in Datasheet view for one or more of the following reasons: A datasheet component compatible with Microsoft SharePoint Foundation is not installed, your browser does not support ActiveX controls,
  a component is not properly configured for 32-bit or 64-bit support, or support for ActiveX controls is disabled.
  If you create a sub site using Publishing Site with Workflow instead, then the datasheet view will be created properly using SP2013 interface.
  Using PowerShell, we can see that both Publishing Portal and
  Publishing Site With Workflow are using the BLANKINTERNET 53 template. The
  Publishing Site on the other hand is using the CMSPUBLISHING 39 template.
  Want to try it out and let me know if that happens to your SharePoint too?

  Hi Conway,
  I tested the issue in my environment per your description and it returned the results as below:
  I created a subsite using Publishing site under a team site in SharePoint server 2013, the datasheet view in a list displayed as pic1
  I reproduced the issue in SharePoint server 2010, the datasheet view in a list displayed as pic2
  It turns out by design the datasheet view in the subsite based on Publishing site template displays as your situation. Here is an article which explains this:
  http://www.sharepointblues.com/2010/03/31/data-sheet-view-not-working/
  Regards,
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
  [email protected] .
  Rebecca Tu
  TechNet Community Support

• HT4352 How can I get Home Sharing turned on my Apple TV if I have lost my remote control and my remote apps on my ipad and iphone can not get access to my apple tv, only my itunes.

  How can I get Home Sharing turned on my Apple TV if I have lost my remote control and my remote apps on my ipad and iphone can not get access to my apple tv, only my itunes.

  You can't, you will need to get a new remote.

• I have a production mobile Flex app that uses RemoteObject calls for all data access, and it's working well, except for a new remote call I just added that only fails when running with a release build.  The same call works fine when running on the device

  I have a production mobile Flex app that uses RemoteObject calls for all data access, and it's working well, except for a new remote call I just added that only fails when running with a release build. The same call works fine when running on the device (iPhone) using debug build. When running with a release build, the result handler is never called (nor is the fault handler called). Viewing the BlazeDS logs in debug mode, the call is received and send back with data. I've narrowed it down to what seems to be a data size issue.
  I have targeted one specific data call that returns in the String value a string length of 44kb, which fails in the release build (result or fault handler never called), but the result handler is called as expected in debug build. When I do not populate the String value (in server side Java code) on the object (just set it empty string), the result handler is then called, and the object is returned (release build).
  The custom object being returned in the call is a very a simple object, with getters/setters for simple types boolean, int, String, and one org.23c.dom.Document type. This same object type is used on other other RemoteObject calls (different data) and works fine (release and debug builds). I originally was returning as a Document, but, just to make sure this wasn't the problem, changed the value to be returned to a String, just to rule out XML/Dom issues in serialization.
  I don't understand 1) why the release build vs. debug build behavior is different for a RemoteObject call, 2) why the calls work in debug build when sending over a somewhat large (but, not unreasonable) amount of data in a String object, but not in release build.
  I have't tried to find out exactly where the failure point in size is, but, not sure that's even relevant, since 44kb isn't an unreasonable size to expect.
  By turning on the Debug mode in BlazeDS, I can see the object and it's attributes being serialized and everything looks good there. The calls are received and processed appropriately in BlazeDS for both debug and release build testing.
  Anyone have an idea on other things to try to debug/resolve this?
  Platform testing is BlazeDS 4, Flashbuilder 4.7, Websphere 8 server, iPhone (iOS 7.1.2). Tried using multiple Flex SDK's 4.12 to the latest 4.13, with no change in behavior.
  Thanks!

  After a week's worth of debugging, I found the issue.
  The Java type returned from the call was defined as ArrayList.  Changing it to List resolved the problem.
  I'm not sure why ArrayList isn't a valid return type, I've been looking at the Adobe docs, and still can't see why this isn't valid.  And, why it works in Debug mode and not in Release build is even stranger.  Maybe someone can shed some light on the logic here to me.

• Multi user application control data access

  Dear all,
  i am using Oracle Developer Suite 10g and database 10g, windows xp plate form.
  i want to develop multi user application regarding education.
  i have two questions.
  1. i take a start from creating an HR database which have 30 tables.
  this database has 10 users.
  the users will log on from their own schema.
  how they will access the HR schema?
  should i create a public synonym for each table in the HR Schema?
  or should i create a view for each table in each user schema?
  or should i grant select,insert,update etc to each user on HR schema?
  2. i want to control the data access for each user.
  i.e. every student could access his own academic record. each teacher access his own related record, the manager the owner and so on.
  how to accompolish this task? oracle roles are not sufficient for this purpose.
  Your help is highly appriciated.

  How about you start with the basic stuff, like the 2 days developers guide:
  http://www.oracle.com/pls/db112/to_toc?pathname=appdev.112/e10766/toc.htm
  and make it to the advanced developers guide:
  http://docs.oracle.com/cd/E11882_01/appdev.112/e25518/toc.htm
  and work your way through the concepts manual:
  http://www.oracle.com/pls/db112/to_toc?pathname=server.112/e25789/toc.htm
  and everything else which sounds interesting to you in here:
  http://www.oracle.com/pls/db112/portal.portal_db?selected=5&frame=
  As for your first question this should be covered here:
  http://docs.oracle.com/cd/E11882_01/network.112/e16543/authorization.htm#BABHFJFJ
  i want to control the data access for each user.This is also documented:
  http://docs.oracle.com/cd/E11882_01/network.112/e16543/vpd.htm#CIHBAJGI
  cheers

• I live in an area with poor data reception. Will the Maps app work without internet access?

  I live in an area with poor data reception. Will the Maps app work without internet access?

  Google Maps
  Type in 'Ok maps' (no quotes) in the search and press enter
  It will download the map area shown on the screen for offline use

• Access denied for Date Picker Control in sitepage

  We have an issue with Date Picker controls in a web page.
  Two date Picker controls were added to one site page to allow users to enter start date and end date to search. The controls are placed in the ContentPlaceHolder web part. The controls allow user to pick a date at Dev, SIT, and Prod environment but not working
  in UAT.
  At UAT, an Access Denied error message appears when the Date Picker control is clicked.
  Feng Wan

  Hello,
  What permission is user having on page? Have your tried with different account with higher permission?
  You can also look at this blog if this is the case:
  http://sharepointwings.blogspot.sg/2013/08/sharepointdatetimecontrol-access-denied.html
  Hemendra:Yesterday is just a memory,Tomorrow we may never see
  Please remember to mark the replies as answers if they help and unmark them if they provide no help

• "Assign Access Control" returns error for essbase apps in shared services

  Hello,
  I installed and configured Oracle EPM 11.1.2 (Foundation, Essbase, Planning, Reporting&Analysis):
  OS: Windows Server 2008 Sp2 (32bit)
  Default Installation with default ports,
  Installation of all components on the same server,
  no clustering
  EPM System Diagnostic says that everything is OK.
  Now I want to assign filter access for an essbase database in the Shared Services.
  Starting the menu item "Assign Access Control" in Shared Services returns the following error:
  Error 404--Not Found
  From RFC 2068 Hypertext Transfer Protocol -- HTTP/1.1:
  +10.4.5 404 Not Found+
  The server has not found anything matching the Request-URI. No indication is given of whether the condition is temporary or permanent.
  +....+
  Can anybody help ???
  best regards,
  Nicole

  Hello,
  here's what I found out so far:
  I get the error if I start the shared services console via the URL "http://servername:port/interop/index.jsp" and then select the "assign access control" for an essbase database.
  If I start the shared services console via the workspace everything works fine.
  Does anybody know what to do so that it also works if I start the shared services console via URL?
  best regards,
  Nicole

• ADF UIX Role Based Access Control Implementation

  Hi,
  Can anybody suggest a detailed example or tutorials of how to implement a role based access control for my ADF UIX application.
  The application users can be dymanically added to specific roles (admin, Secretary, Guest). Based on the roles, they should be allowed to access only certain links or ADF entity/view operations. Can this be implemented in a centralized way.
  Can this be done using JAZN or JAAS. If so, Please provide me references to simple tutorial on how to do this.
  Thanks a lot.
  Sathya

  Brenden,
  I think you are following a valid approach. The default security in J2EE and JAAS (JAZN) is to configure roles and users in either static files (jazn-data.xml) or the Oracle Internet Directory and then use either jazn admin APIs or the OID APIs to programmatically access users, groups and Permissions (your role_functions are Permissions in a JAAS context).
  If you modelled your security infrastructure in OID than the database, an administrator would be able to use the Delegated Administration Service (DAS), as web based console in Oracle Application Server. To configure security this way, you would have two options:
  1. Use J2EE declarative security and configure all you .do access points in web.xml and constrain it by a role name (which is a user group name in OID). The benefit of this approach is that you can get Struts actions working dirctly with it because Struts actions have a roles attribute.
  The disadvantage is that you can't dynamically create new roles because they have to be mapped in web.xml
  2. Use JAAS and check Permissions on individual URLs. This allows you to perform finer grained and flexible access control, but also requires changes to Struts. Unlike the approach of subclassing the DataActionForward class, I would subclass the Struts RequestProcessor and change the processRoles method to evaluate JAAS permissions.
  The disadvantage of this approach is that it requires coding that should be done carefully not to lock you in to your own implementation of Struts so that you couldn't easily upgrade to newer versions.
  1 - 2 have the benefit of that the policies can be used by all applications in an enterprise that use Oracle Application Server and e.g. SSO.
  Your approach - as said - is valid and I think many customers will look for the database first when looking at implementing security (so would I).
  Two links that you might be interested in to read are:
  http://sourceforge.net/projects/jguard/ --> an open source JAAS based security framework that stores the user, roles and permissions in database tables similar to your approach
  http://www.oracle.com/technology/products/jdev/collateral/papers/10g/adfstrutsj2eesec.pdf --> a whitepaper I've written about J2EE security for Web applications written with Struts and JavaServer pages. You may not be able to use all of it, but its a good source of information.
  Frank

• ESYU: R12 - Order Management를 위한 Multi Org Access Control(MOAC) setup 방법

  Purpose
  Oracle Order Management - Version: 12.0 to 12.0
  Information in this document applies to any platform.
  R12의 Order Management에 대핸 Multi Org Access Control(MOAC) setup 방법에 대해 알아본다.
  Solution
  일반적인 MOAC Setup:
  1. HRMS에서 Security Profile을 정의:
  a. HRMS Management responsibility 선택
  b. HRMS Manager> Security> Profile로 이동
  c. Security Profile이 정의되어 있는지 확인 (OM responsibility 혹은 Site level로)
  d. 만일 아직 setup 되어져 있지 않다면 Operating Units를 입력
  e. 저장
  Note: 만일 위 d step과 같이 새로운 security profile을 생성하였다면 concurrent program 'Security List Maintenance'를 꼭 실행해야 한다.
  그렇지 않으면 multiple operating units가 OM forms의 LOV에 나타나지 않을 것이다.
  이 program은 multi-org access를 validating 하기 위해 사용하는 table에 data를 생성한다.
  Navigation: HRMS Management> HRMS Manager> Processes & Reports> Submit Process & Report> Security List Maintenance
  2. MO Profile Options setup:
  a. MO: Security Profile - 이 profile setting은 MOAC functionality를 활성화 한다.
  b. MO: Default Operating Unit - 이 Operating Unit는 OM forms과 report에서 default가 될 것이며, 이를 clear 하거나 변경하기 위해 LOV를 사용할 수 있다.
  Keep the MO profiles in sync:
  MO: Security Profile은 site와 responsibility level로 setting 할 수 있다.
  MO: Default Operating Unit은 site, responsibility, user level로 setting 할 수 있다.
  Application이 원하는대로 동작되지 않는것을 발견하면 이 profile options의 setting 값을 확인한다.
  3. OM setup:
  R12 upgrade 시 OM Profile에서 migrate 된 새로운 OM System Parameters를 확인:
  Order Management Super User> Setup> System Parameters> Values
  (See <<NOTE 393646.1>>-R12 Readiness Cheat Sheet: Migrated OM Profile Options)
  4. Form에서 hidden field 'Operatin Unit'를 활성화시키고 default folder로 저장:
  Sales Order and Order Organizer forms
  Quick Sales order and Organizer forms
  Sales Agreement forms
  Pricing and Availability form
  Other forms
  Note: Sales Order form에서 hidden field 'Operating Unit'를 'Show' 하기 전에 fotm안에 이 field를 위한 공간을 만들어 놓아야 한다.
  예를 들면 Customer Number field를 짧게 하거나 Operating Unit field로 이 field를 덮어씌울수 있다.
  Reference
  Note 393634.1

  Hi Larry,
  Have you considered adding the exec apps.mo_global.set_policy_context call to your connection's start-up script?
  Tools -> Preferences -> Database -> Filename for connection startup scriptNot the most flexible approach, so I'm not sure if it is appropriate for your application, but just a thought. You might create distinct connection names with different start-up scripts for each org_id.
  Regards,
  Gary
  SQL Developer Team

• Embedding MS Accessibility controls into pdf document.

  I have a pdf form running fine in a server with Adobe Proffesional 8.0,  We need to update to Adobe Pro 9.0 or Adobe Pro 10.  The app is not performing well in those higer versions of Adobe Pro because we need to capture data from a pop up window to name an output file, but the data can no be scraped from the pop up window.  I heard that the problem can be circumvented by embedding MS Accessibility Controls into the form.  Can sombody please help me understand what is "embedding MS Accessibility Controls into a pdf form"?
  Thanks

  We have the pdf rendered in a JVM in an Intranet.  The pdf is displayed using Adobe Prod 8.0, when all the required data is captured from a phone interview, a button (click) triggers a WebService to execute and send a file to a Lenux Server.