EIC Access controll of Activities - Security Issues
Hi Experts
1. If the person affected is also a SSC agent, if we want to ristrict him to see the activity created for him (such as disciplinary proceedings) can we ristrict the effected employee (SSC agent) to view the Activity. How can we do this, in EHP3.
2. Is it possible to restrict SSC agents of one owner org unit to restrict from viewing activities created by other owner org unit, in search activity option if we give the activity number it will be accessible for all agents from different owner org units right, as per the standard functionality? If we want to restrict like one owner org unit agents should not be able to see activities of other org unit, how is it possible in EHP3?
In EHP4 a new auth obj for security is available but advise me considering we are in EHP3.
Thanks in Advance.
Karthik
I would recommend that you review the material on www.eicexperts.com as well as send them the question as I know they have a lot of expertise with the employee interaction center.
Similar Messages
-
Access to Word ODBC security issue maybe
Hi I have a vba process in an access application that creates a word document and then saves it, automatically to a specific folder and name. This works as expected in windows xp and windows 7. However in windows 8/8.1 the process is halted and a saveas
dialog is opened to the users library folder with the default name of document1.
I am wondering whether this is because of some security setting? I have unsuccessfully tried setting UAC to the lowest setting.
Could this be a security issue? If yes any suggestions?
Many thanks,
JonathanHi,
As I known, the using of Document.save() is no different in Windows 7 and Windows 8.
Based on your description, this issue can be caused by configuration environment, please post back your Office version, VBA code and the information about environment here, so that we can determine which cause this issue.
Kate Li
TechNet Community Support -
OSB - ALSB / WLST / Security / add entry with WLST in Access Control
Hello,
I try to reproduce with WLST script the input from the consol to declare user on Access Control proxy (security).
sbconsol->$Proxy Service->Security->General Confiruration->Access Control->Transport Access Control->Add Conditions
* First implementation without success with the com.bea.wli.sb.security.management.configuration.ServiceSecurityConfigurationMBean : accessControlSecurity1()
* Second try with the service definition of the proxy service but cannot parse with Xpath accessControl Security2()
any idee ???
test case :
prerequisit
create an ALSB domain 10.3 (admin one with username='weblogic' password='weblogic' url='t3://localhost:7001') and create a proxy service on the default project
conf/setEnv.cmd
@CLS
@echo ON
@set BEA_HOME=D:\PRODUCT\MIDDLEWARE\SOA\OSB_10.3
@set WL_HOME=%BEA_HOME%\wlserver_10.3
@set OSB_HOME=%BEA_HOME%\osb_10.3
@set SCRIPTING_HOME=E:\PROJETS\RECURANT\EDF\linky\WLST\WORKING\Security
@set OSB_LIB=%OSB_HOME%/lib/sb-kernel-api.jar;%BEA_HOME%/modules/com.bea.alsb.statistics_1.0.1.0.jar;%OSB_HOME%/lib/sb-kernel-resources.jar;%OSB_HOME%/lib/sb-kernel-common.jar;%OSB_HOME%/lib/sb-kernel-impl.jar;%OSB_HOME%\lib\sb-security.jar;%OSB_HOME%/modules/com.bea.common.configfwk_1.3.0.0.jar;%BEA_HOME%/modules/com.bea.common.configfwk_1.2.0.0.jar;%BEA_HOME%/modules/com.bea.common.configfwk_1.2.1.0.jar;%OSB_HOME%/lib/modules/com.bea.alsb.resources.archive.jar;
@set TOOL_LIB=%SCRIPTING_HOME%\lib\log4j-1.2.15.jar;%SCRIPTING_HOME%\lib\jsch-0.1.43.jar;%SCRIPTING_HOME%\lib\db2jcc.jar
@set CLASSPATH=%OSB_LIB%;%TOOL_LIB%;%CLASSPATH%
@set CLASSPATH=%SCRIPTING_HOME%\lib\db2jcc.jar;%TOOL_LIB%;%CLASSPATH%
@set MODULE_LIB=%SCRIPTING_HOME%\lib
@call %WL_HOME%\server\bin\setWLSEnv.cmd > nul 2<&1
launch.cmd
@CLS
@echo OFF
@SETLOCAL
@call "conf\setEnv.cmd" > nul 2<&1
set PWD=%~dp0
%JAVA_HOME%\bin\java -Dmodule.lib=%MODULE_LIB% weblogic.WLST -skipWLSModuleScanning lib/security.py
lib/security.py
from com.bea.wli.monitoring import StatisticType
from java.util import HashMap
from java.util import HashSet
from java.util import ArrayList
from java.util import Collections
from java.io import FileInputStream
from java.io import FileOutputStream
from java.lang import String
from java.lang import Boolean
from com.bea.wli.sb.util import EnvValueTypes
from com.bea.wli.config.env import EnvValueQuery;
from com.bea.wli.config import Ref
from com.bea.wli.config.customization import Customization
from com.bea.wli.config.customization import EnvValueCustomization
from com.bea.wli.config.customization import FindAndReplaceCustomization
from com.bea.wli.sb.management.configuration import SessionManagementMBean
from com.bea.wli.sb.management.configuration import ALSBConfigurationMBean
from com.bea.wli.sb.management.query import BusinessServiceQuery
from com.bea.wli.sb.management.query import ProxyServiceQuery
from com.bea.wli.sb.management.configuration import ServiceConfigurationMBean
import os
# before, create an ALSB domain 10.3 with a proxy service in the default project and add an Acces Control Policy in the consol
# sbconsol->Project Explorer->default->${proxy service}->Security->Access Control->Create Session->Add Conditions->User->USR_1->Add
# when we try to modify the Acces Control Policy of the proxy service with the ServiceSecurityConfigurationMBean
def accessControlSecurity1( domain_name ):
# connection
print "\n\n\n***********************************************************************************************"
connect( 'weblogic', 'weblogic', 't3://localhost:7001')
domainRuntime()
# create a session
sessionName = String("SessionScript"+Long(System.currentTimeMillis()).toString())
SessionMBean = findService( SessionManagementMBean.NAME ,SessionManagementMBean.TYPE)
SessionMBean.createSession(sessionName)
# get the ServiceSecurityConfigurationMBean
serviceSecurityConfigurationMBean = findService(String("ServiceSecurityConfiguration.").concat(sessionName), "com.bea.wli.sb.security.management.configuration.ServiceSecurityConfigurationMBean")
# get the XACMLAuthorizer
working_directory=pwd()
serverConfig()
xacmlAuthorizer = cd('/SecurityConfiguration/%s/Realms/myrealm/Authorizers/XACMLAuthorizer' % domain_name )
cd(working_directory)
domainRuntime()
# get service ref
ConfigurationMBean = findService(String("ALSBConfiguration.").concat(sessionName), "com.bea.wli.sb.management.configuration.ALSBConfigurationMBean")
bsQuery = ProxyServiceQuery()
bsQuery.setPath("default/*")
refs = ConfigurationMBean.getRefs(bsQuery)
for ref in refs:
print 'ref=%s'%ref
# use the security Mbean to add : USER_A,USER_B,USER_C to the policy
policyHolder = serviceSecurityConfigurationMBean.newAccessControlPolicyHolderInstance(xacmlAuthorizer)
policyHolder.setPolicyExpression("Usr(USER_A,USER_B,USER_C)")
policyScope = serviceSecurityConfigurationMBean.newDefaultMessagePolicyScope(ref)
serviceSecurityConfigurationMBean.setAccessControlPolicy(policyScope,policyHolder)
# print the service definition
servConfMBean = findService( "%s.%s" % (ServiceConfigurationMBean.NAME, sessionName), ServiceConfigurationMBean.TYPE)
serviceDefinition = servConfMBean.getServiceDefinition(ref)
print serviceDefinition
# we can see the security entry in the service definition has follow
# <xml-fragment xmlns:ser="http://www.bea.com/wli/sb/services" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:tran="http://www.bea.com/wli/sb/transports" xmlns:env="http://www.bea.com/wli/config/env">
# <ser:coreEntry isProxy="true" isEnabled="true" isAutoPublish="false">
# <ser:description/>
# <ser:security>
# <con:access-control-policies xmlns:con="http://www.bea.com/wli/sb/services/security/config">
# <con:message-level-policies>
# <con1:default-policy xsi:type="con:ProviderPolicyContainerType" xmlns:con="http://www.bea.com/wli/sb/security/accesscontrol/config" xmlns:con1="http://www.bea.com/wli/sb/services/security/config">
# <con:policy provider-id="XACMLAuthorizer">
# <con:policy-expression>Usr(USER_A,USER_B,USER_C)</con:policy-expression>
# </con:policy>
# </con1:default-policy>
# </con:message-level-policies>
# </con:access-control-policies>
# </ser:security>
# but when we commit
SessionMBean.activateSession(sessionName, "description for session activation")
# we got the following exception
# Unexpected error: com.bea.wli.config.session.SessionConflictException
# No stack trace available.
# Problem invoking WLST - Traceback (innermost last):
# File "E:\PROJETS\RECURANT\EDF\linky\WLST\WORKING\Security\lib\security.py", line 246, in ?
# File "E:\PROJETS\RECURANT\EDF\linky\WLST\WORKING\Security\lib\security.py", line 105, in accessControlSecurity1
# com.bea.wli.config.session.SessionConflictException: Conflicts for session SessionScript1363339726764
# [Non-Critical] Concurrent Modification Conflicts
# NONE
# [Critical] Resources with validation errors
# 1 - ProxyService test/PS_TEST_bis CannotCommit
# + CannotCommit [OSB Security:386836]Unnecessary proxy wide message access control policy found for service "test/PS_TEST_bis". Hint: The service is neither an active security
# intermediary nor has custom authentication enabled. ServiceDiagnosticLocation[SECURITY_TAB]:DiagnosticLocation:<con:message-level-policies xmlns:ser="http://www.bea.com/wli/sb/services" xml
# ns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:tran="http://www.bea.com/wli/sb/transports" xmlns:env="http://www.bea.com/wli/config/env" xmlns:con="http://www.bea.com/wli/sb/services/security/config">
# <con1:default-policy xsi:type="con:ProviderPolicyContainerType" xmlns:con="http://www.bea.com/wli/sb/security/accesscontrol/config" xmlns:con1="http://www.bea.com/wli/sb/services/security/
# config">
# <con:policy provider-id="XACMLAuthorizer">
# <con:policy-expression>Usr(USER_A,USER_B,USER_C)</con:policy-expression>
# </con:policy>
# </con1:default-policy>
# </con:message-level-policies>
# [Info] Informational messages
# NONE
# at com.bea.wli.config.session.SessionManager.commitSessionUnlocked(SessionManager.java:358)
# at com.bea.wli.config.session.SessionManager.commitSession(SessionManager.java:339)
# at com.bea.wli.config.session.SessionManager.commitSession(SessionManager.java:297)
# at com.bea.wli.config.session.SessionManager.commitSession(SessionManager.java:306)
disconnect()
# when we try to modify the Acces Control Policy of the proxy service whith the service XML definition
def accessControlSecurity2( domain_name ):
# connection
print "\n\n\n***********************************************************************************************"
connect( 'weblogic', 'weblogic', 't3://localhost:7001')
domainRuntime()
# create a session
sessionName = String("SessionScript"+Long(System.currentTimeMillis()).toString())
SessionMBean = findService( SessionManagementMBean.NAME ,SessionManagementMBean.TYPE)
SessionMBean.createSession(sessionName)
# get service ref
ConfigurationMBean = findService(String("ALSBConfiguration.").concat(sessionName), "com.bea.wli.sb.management.configuration.ALSBConfigurationMBean")
bsQuery = ProxyServiceQuery()
bsQuery.setPath("default/*")
refs = ConfigurationMBean.getRefs(bsQuery)
for ref in refs:
print 'ref=%s'%ref
servConfMBean = findService( "%s.%s" % (ServiceConfigurationMBean.NAME, sessionName), ServiceConfigurationMBean.TYPE)
serviceDefinition = servConfMBean.getServiceDefinition(ref)
# parsing the proxy definition
nsSer = "declare namespace ser='http://www.bea.com/wli/sb/services'"
nsXsi = "declare namespace xsi='http://www.w3.org/2001/XMLSchema-instance'"
nsTran = "declare namespace tran='http://www.bea.com/wli/sb/transports'"
nsEnv = "declare namespace env='http://www.bea.com/wli/config/env'"
nsCon = "declare namespace con='http://www.bea.com/wli/sb/services/security/config'"
nsCon1 = "declare namespace con1='http://www.bea.com/wli/sb/services/security/config'"
# when we try to parse the following Xpath Expression, it' working but not sufficent to access the <con:policy-expression> element
confPath = "ser:coreEntry/ser:security/con:access-control-policies/con1:transport-level-policy"
confElem = serviceDefinition.selectPath(nsSer + nsXsi + nsTran + nsEnv + nsCon + nsCon1 + confPath )
print "WORKING{%s}" % confElem
# get the result
# <xml-fragment xsi:type="con:ProviderPolicyContainerType" xmlns:con="http://www.bea.com/wli/sb/security/accesscontrol/config" xmlns:con1="http://www.bea.com/wli/sb/services/security/config" xmlns:ser="http://www.bea.com/wli/sb/services" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:tran="http://www.bea.com/wli/sb/transports" xmlns:env="http://www.bea.com/wli/config/env">
# <con:policy provider-id="XACMLAuthorizer">
# <con:policy-expression>Usr(USER_1,USER_2,USER_3)</con:policy-expression>
# </con:policy>
# </xml-fragment>
# and when we try to acces the <con:policy> element whith the following Xpath expression we got an empty result
confPath = "ser:coreEntry/ser:security/con:access-control-policies/con1:transport-level-policy/con:policy"
confElem = serviceDefinition.selectPath(nsSer + nsXsi + nsTran + nsEnv + nsCon + nsCon1 + confPath )
print "DON'T WORKING{%s}" % confElem
# get empty result
# array([], org.apache.xmlbeans.XmlObject)
# want to modify the value like this on the <con:policy-expression> but cannot reach it ...
#confValue="Usr(USER_A,USER_B,USER_C)"
#confElem.setStringValue(confValue)
# commit
SessionMBean.activateSession(sessionName, "description for session activation")
disconnect
# print the service definition
def printServiceDefinition( domain_name ):
# connection
connect( 'weblogic', 'weblogic', 't3://localhost:7001')
domainRuntime()
# create a session
sessionName = String("SessionScript"+Long(System.currentTimeMillis()).toString())
SessionMBean = findService( SessionManagementMBean.NAME ,SessionManagementMBean.TYPE)
SessionMBean.createSession(sessionName)
# get service ref
ConfigurationMBean = findService(String("ALSBConfiguration.").concat(sessionName), "com.bea.wli.sb.management.configuration.ALSBConfigurationMBean")
bsQuery = ProxyServiceQuery()
bsQuery.setPath("default/*")
refs = ConfigurationMBean.getRefs(bsQuery)
for ref in refs:
print 'ref=%s'%ref
servConfMBean = findService( "%s.%s" % (ServiceConfigurationMBean.NAME, sessionName), ServiceConfigurationMBean.TYPE)
serviceDefinition = servConfMBean.getServiceDefinition(ref)
servConfMBean = findService( "%s.%s" % (ServiceConfigurationMBean.NAME, sessionName), ServiceConfigurationMBean.TYPE)
serviceDefinition = servConfMBean.getServiceDefinition(ref)
print serviceDefinition
# commit
SessionMBean.activateSession(sessionName, "description for session activation")
disconnect
#accessControlSecurity1('cluster_domain')
accessControlSecurity2('cluster_domain')Hello,
I try to reproduce with WLST script the input from the consol to declare user on Access Control proxy (security).
sbconsol->$Proxy Service->Security->General Confiruration->Access Control->Transport Access Control->Add Conditions
* First implementation without success with the com.bea.wli.sb.security.management.configuration.ServiceSecurityConfigurationMBean : accessControlSecurity1()
* Second try with the service definition of the proxy service but cannot parse with Xpath accessControl Security2()
any idee ???
test case :
prerequisit
create an ALSB domain 10.3 (admin one with username='weblogic' password='weblogic' url='t3://localhost:7001') and create a proxy service on the default project
conf/setEnv.cmd
@CLS
@echo ON
@set BEA_HOME=D:\PRODUCT\MIDDLEWARE\SOA\OSB_10.3
@set WL_HOME=%BEA_HOME%\wlserver_10.3
@set OSB_HOME=%BEA_HOME%\osb_10.3
@set SCRIPTING_HOME=E:\PROJETS\RECURANT\EDF\linky\WLST\WORKING\Security
@set OSB_LIB=%OSB_HOME%/lib/sb-kernel-api.jar;%BEA_HOME%/modules/com.bea.alsb.statistics_1.0.1.0.jar;%OSB_HOME%/lib/sb-kernel-resources.jar;%OSB_HOME%/lib/sb-kernel-common.jar;%OSB_HOME%/lib/sb-kernel-impl.jar;%OSB_HOME%\lib\sb-security.jar;%OSB_HOME%/modules/com.bea.common.configfwk_1.3.0.0.jar;%BEA_HOME%/modules/com.bea.common.configfwk_1.2.0.0.jar;%BEA_HOME%/modules/com.bea.common.configfwk_1.2.1.0.jar;%OSB_HOME%/lib/modules/com.bea.alsb.resources.archive.jar;
@set TOOL_LIB=%SCRIPTING_HOME%\lib\log4j-1.2.15.jar;%SCRIPTING_HOME%\lib\jsch-0.1.43.jar;%SCRIPTING_HOME%\lib\db2jcc.jar
@set CLASSPATH=%OSB_LIB%;%TOOL_LIB%;%CLASSPATH%
@set CLASSPATH=%SCRIPTING_HOME%\lib\db2jcc.jar;%TOOL_LIB%;%CLASSPATH%
@set MODULE_LIB=%SCRIPTING_HOME%\lib
@call %WL_HOME%\server\bin\setWLSEnv.cmd > nul 2<&1
launch.cmd
@CLS
@echo OFF
@SETLOCAL
@call "conf\setEnv.cmd" > nul 2<&1
set PWD=%~dp0
%JAVA_HOME%\bin\java -Dmodule.lib=%MODULE_LIB% weblogic.WLST -skipWLSModuleScanning lib/security.py
lib/security.py
from com.bea.wli.monitoring import StatisticType
from java.util import HashMap
from java.util import HashSet
from java.util import ArrayList
from java.util import Collections
from java.io import FileInputStream
from java.io import FileOutputStream
from java.lang import String
from java.lang import Boolean
from com.bea.wli.sb.util import EnvValueTypes
from com.bea.wli.config.env import EnvValueQuery;
from com.bea.wli.config import Ref
from com.bea.wli.config.customization import Customization
from com.bea.wli.config.customization import EnvValueCustomization
from com.bea.wli.config.customization import FindAndReplaceCustomization
from com.bea.wli.sb.management.configuration import SessionManagementMBean
from com.bea.wli.sb.management.configuration import ALSBConfigurationMBean
from com.bea.wli.sb.management.query import BusinessServiceQuery
from com.bea.wli.sb.management.query import ProxyServiceQuery
from com.bea.wli.sb.management.configuration import ServiceConfigurationMBean
import os
# before, create an ALSB domain 10.3 with a proxy service in the default project and add an Acces Control Policy in the consol
# sbconsol->Project Explorer->default->${proxy service}->Security->Access Control->Create Session->Add Conditions->User->USR_1->Add
# when we try to modify the Acces Control Policy of the proxy service with the ServiceSecurityConfigurationMBean
def accessControlSecurity1( domain_name ):
# connection
print "\n\n\n***********************************************************************************************"
connect( 'weblogic', 'weblogic', 't3://localhost:7001')
domainRuntime()
# create a session
sessionName = String("SessionScript"+Long(System.currentTimeMillis()).toString())
SessionMBean = findService( SessionManagementMBean.NAME ,SessionManagementMBean.TYPE)
SessionMBean.createSession(sessionName)
# get the ServiceSecurityConfigurationMBean
serviceSecurityConfigurationMBean = findService(String("ServiceSecurityConfiguration.").concat(sessionName), "com.bea.wli.sb.security.management.configuration.ServiceSecurityConfigurationMBean")
# get the XACMLAuthorizer
working_directory=pwd()
serverConfig()
xacmlAuthorizer = cd('/SecurityConfiguration/%s/Realms/myrealm/Authorizers/XACMLAuthorizer' % domain_name )
cd(working_directory)
domainRuntime()
# get service ref
ConfigurationMBean = findService(String("ALSBConfiguration.").concat(sessionName), "com.bea.wli.sb.management.configuration.ALSBConfigurationMBean")
bsQuery = ProxyServiceQuery()
bsQuery.setPath("default/*")
refs = ConfigurationMBean.getRefs(bsQuery)
for ref in refs:
print 'ref=%s'%ref
# use the security Mbean to add : USER_A,USER_B,USER_C to the policy
policyHolder = serviceSecurityConfigurationMBean.newAccessControlPolicyHolderInstance(xacmlAuthorizer)
policyHolder.setPolicyExpression("Usr(USER_A,USER_B,USER_C)")
policyScope = serviceSecurityConfigurationMBean.newDefaultMessagePolicyScope(ref)
serviceSecurityConfigurationMBean.setAccessControlPolicy(policyScope,policyHolder)
# print the service definition
servConfMBean = findService( "%s.%s" % (ServiceConfigurationMBean.NAME, sessionName), ServiceConfigurationMBean.TYPE)
serviceDefinition = servConfMBean.getServiceDefinition(ref)
print serviceDefinition
# we can see the security entry in the service definition has follow
# <xml-fragment xmlns:ser="http://www.bea.com/wli/sb/services" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:tran="http://www.bea.com/wli/sb/transports" xmlns:env="http://www.bea.com/wli/config/env">
# <ser:coreEntry isProxy="true" isEnabled="true" isAutoPublish="false">
# <ser:description/>
# <ser:security>
# <con:access-control-policies xmlns:con="http://www.bea.com/wli/sb/services/security/config">
# <con:message-level-policies>
# <con1:default-policy xsi:type="con:ProviderPolicyContainerType" xmlns:con="http://www.bea.com/wli/sb/security/accesscontrol/config" xmlns:con1="http://www.bea.com/wli/sb/services/security/config">
# <con:policy provider-id="XACMLAuthorizer">
# <con:policy-expression>Usr(USER_A,USER_B,USER_C)</con:policy-expression>
# </con:policy>
# </con1:default-policy>
# </con:message-level-policies>
# </con:access-control-policies>
# </ser:security>
# but when we commit
SessionMBean.activateSession(sessionName, "description for session activation")
# we got the following exception
# Unexpected error: com.bea.wli.config.session.SessionConflictException
# No stack trace available.
# Problem invoking WLST - Traceback (innermost last):
# File "E:\PROJETS\RECURANT\EDF\linky\WLST\WORKING\Security\lib\security.py", line 246, in ?
# File "E:\PROJETS\RECURANT\EDF\linky\WLST\WORKING\Security\lib\security.py", line 105, in accessControlSecurity1
# com.bea.wli.config.session.SessionConflictException: Conflicts for session SessionScript1363339726764
# [Non-Critical] Concurrent Modification Conflicts
# NONE
# [Critical] Resources with validation errors
# 1 - ProxyService test/PS_TEST_bis CannotCommit
# + CannotCommit [OSB Security:386836]Unnecessary proxy wide message access control policy found for service "test/PS_TEST_bis". Hint: The service is neither an active security
# intermediary nor has custom authentication enabled. ServiceDiagnosticLocation[SECURITY_TAB]:DiagnosticLocation:<con:message-level-policies xmlns:ser="http://www.bea.com/wli/sb/services" xml
# ns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:tran="http://www.bea.com/wli/sb/transports" xmlns:env="http://www.bea.com/wli/config/env" xmlns:con="http://www.bea.com/wli/sb/services/security/config">
# <con1:default-policy xsi:type="con:ProviderPolicyContainerType" xmlns:con="http://www.bea.com/wli/sb/security/accesscontrol/config" xmlns:con1="http://www.bea.com/wli/sb/services/security/
# config">
# <con:policy provider-id="XACMLAuthorizer">
# <con:policy-expression>Usr(USER_A,USER_B,USER_C)</con:policy-expression>
# </con:policy>
# </con1:default-policy>
# </con:message-level-policies>
# [Info] Informational messages
# NONE
# at com.bea.wli.config.session.SessionManager.commitSessionUnlocked(SessionManager.java:358)
# at com.bea.wli.config.session.SessionManager.commitSession(SessionManager.java:339)
# at com.bea.wli.config.session.SessionManager.commitSession(SessionManager.java:297)
# at com.bea.wli.config.session.SessionManager.commitSession(SessionManager.java:306)
disconnect()
# when we try to modify the Acces Control Policy of the proxy service whith the service XML definition
def accessControlSecurity2( domain_name ):
# connection
print "\n\n\n***********************************************************************************************"
connect( 'weblogic', 'weblogic', 't3://localhost:7001')
domainRuntime()
# create a session
sessionName = String("SessionScript"+Long(System.currentTimeMillis()).toString())
SessionMBean = findService( SessionManagementMBean.NAME ,SessionManagementMBean.TYPE)
SessionMBean.createSession(sessionName)
# get service ref
ConfigurationMBean = findService(String("ALSBConfiguration.").concat(sessionName), "com.bea.wli.sb.management.configuration.ALSBConfigurationMBean")
bsQuery = ProxyServiceQuery()
bsQuery.setPath("default/*")
refs = ConfigurationMBean.getRefs(bsQuery)
for ref in refs:
print 'ref=%s'%ref
servConfMBean = findService( "%s.%s" % (ServiceConfigurationMBean.NAME, sessionName), ServiceConfigurationMBean.TYPE)
serviceDefinition = servConfMBean.getServiceDefinition(ref)
# parsing the proxy definition
nsSer = "declare namespace ser='http://www.bea.com/wli/sb/services'"
nsXsi = "declare namespace xsi='http://www.w3.org/2001/XMLSchema-instance'"
nsTran = "declare namespace tran='http://www.bea.com/wli/sb/transports'"
nsEnv = "declare namespace env='http://www.bea.com/wli/config/env'"
nsCon = "declare namespace con='http://www.bea.com/wli/sb/services/security/config'"
nsCon1 = "declare namespace con1='http://www.bea.com/wli/sb/services/security/config'"
# when we try to parse the following Xpath Expression, it' working but not sufficent to access the <con:policy-expression> element
confPath = "ser:coreEntry/ser:security/con:access-control-policies/con1:transport-level-policy"
confElem = serviceDefinition.selectPath(nsSer + nsXsi + nsTran + nsEnv + nsCon + nsCon1 + confPath )
print "WORKING{%s}" % confElem
# get the result
# <xml-fragment xsi:type="con:ProviderPolicyContainerType" xmlns:con="http://www.bea.com/wli/sb/security/accesscontrol/config" xmlns:con1="http://www.bea.com/wli/sb/services/security/config" xmlns:ser="http://www.bea.com/wli/sb/services" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:tran="http://www.bea.com/wli/sb/transports" xmlns:env="http://www.bea.com/wli/config/env">
# <con:policy provider-id="XACMLAuthorizer">
# <con:policy-expression>Usr(USER_1,USER_2,USER_3)</con:policy-expression>
# </con:policy>
# </xml-fragment>
# and when we try to acces the <con:policy> element whith the following Xpath expression we got an empty result
confPath = "ser:coreEntry/ser:security/con:access-control-policies/con1:transport-level-policy/con:policy"
confElem = serviceDefinition.selectPath(nsSer + nsXsi + nsTran + nsEnv + nsCon + nsCon1 + confPath )
print "DON'T WORKING{%s}" % confElem
# get empty result
# array([], org.apache.xmlbeans.XmlObject)
# want to modify the value like this on the <con:policy-expression> but cannot reach it ...
#confValue="Usr(USER_A,USER_B,USER_C)"
#confElem.setStringValue(confValue)
# commit
SessionMBean.activateSession(sessionName, "description for session activation")
disconnect
# print the service definition
def printServiceDefinition( domain_name ):
# connection
connect( 'weblogic', 'weblogic', 't3://localhost:7001')
domainRuntime()
# create a session
sessionName = String("SessionScript"+Long(System.currentTimeMillis()).toString())
SessionMBean = findService( SessionManagementMBean.NAME ,SessionManagementMBean.TYPE)
SessionMBean.createSession(sessionName)
# get service ref
ConfigurationMBean = findService(String("ALSBConfiguration.").concat(sessionName), "com.bea.wli.sb.management.configuration.ALSBConfigurationMBean")
bsQuery = ProxyServiceQuery()
bsQuery.setPath("default/*")
refs = ConfigurationMBean.getRefs(bsQuery)
for ref in refs:
print 'ref=%s'%ref
servConfMBean = findService( "%s.%s" % (ServiceConfigurationMBean.NAME, sessionName), ServiceConfigurationMBean.TYPE)
serviceDefinition = servConfMBean.getServiceDefinition(ref)
servConfMBean = findService( "%s.%s" % (ServiceConfigurationMBean.NAME, sessionName), ServiceConfigurationMBean.TYPE)
serviceDefinition = servConfMBean.getServiceDefinition(ref)
print serviceDefinition
# commit
SessionMBean.activateSession(sessionName, "description for session activation")
disconnect
#accessControlSecurity1('cluster_domain')
accessControlSecurity2('cluster_domain') -
Accessing Control in Excel Worksheet
My company has a Winforms App written in VB.Net that populates textboxes in a Excel 2010 Worksheet. This application has been working flawlessly since the days of Office 2003. Last week, several updates for Office and Excel were pushed out by Microsoft and
my user community installed them. Since then, when our Winforms App attempts to populate the textboxes, the following kind of error occurs:
"Public member 'txtVENDOR_NOTE' on type 'Worksheet' not found."
I have verified that the text boxes exist in the worksheets and I have recreated the worksheets in Excel 2010, but the problems continues to persist. I have uninstalled all the Excel updates as well as several of the Office updates, but the issue still continues.
Has anyone else experienced this issue recently and, if so, how did you resolve it? Since this issue began after the last batch of Office and Excel updates were pushed out by Microsoft, which we installed on December 12th, does anyone know what update might
have caused the above problem?
Thanks in advance for your help.Dear All,
The following updates blocked our Winforms VB.Net App from accessing controls in Excel:
Security Update for Microsoft Office 2010
KB2553154
KB2553284
KB2687423
KB2850016
Uninstalling these updates resolved our problems and allowed us to continue with our business and interactions with our customers and vendors.
The purpose of these security updates follows:
"A security vulnerability exists in Microsoft office 2012 64-Bit Edition that could allow arbitrary code to run when a maliciously modified file is opened. This update resolves that vulnerability."
These updates need to be installed with caution.
Regards! -
Setting Access Control in Airport Utility
Hello everyone,
I'm hoping that someone can confirm that setting access control to Local in the Airport Utility, and specifying computer addresses, is an optional layer of security over and above a network and base station password. In other words, if I leave access control set to Not Enabled, will I still have password protection for my wireless network?
Regards,
GregoryThanks for reply, but I'm afraid I don't understand, and I apologize for my inexperience. What do you mean when you say that I should be more concerned that both access control and other security +should not+ be done? And by "... check on its either one or the other," did you mean check whether it's one or the other?
In any case, page 58 of the Designing Apple Networks manual doesn't say anything about local access control that the one-line description under the Access Control tab in the Airport Utility doesn't already say, namely, that access can be restricted to particular computers. Well, that's clearly a good thing as long as you don't have visitors or collaborators frequently dropping by who need access to your network. I think it's reasonable to assume that network and base station password protection operate independently of access control based on Apple IDs. -
Issue while enabling Access Control for a Coherence server node
Hi
Im trying to enable access control for a Coherence server node, using the default Keystore login method shipped with Coherence. When i start the server i get the error "java.security.AccessControlException: Unsufficient rights to perform the operation". Please see below for the sequence of steps I've followed to enable access control. I just need to be enable Authentication (not authorization) at this stage
1. I have added the following entry in the Coherence Operational override file
<security-config>
<enabled system-property="tangosol.coherence.security">true</enabled>
<login-module-name>Coherence</login-module-name>
<access-controller>
<class-name>com.tangosol.net.security.DefaultController</class-name>
<init-params>
<init-param id="1">
<param-type>java.io.File</param-type>
<param-value>keystore.jks</param-value>
</init-param>
<init-param id="2">
<param-type>java.io.File</param-type>
<param-value>permissions.xml</param-value>
</init-param>
</init-params>
</access-controller>
<callback-handler>
<class-name>com.sun.security.auth.callback.TextCallbackHandler</class-name>
</callback-handler>
</security-config>
2. The following is the entry in the Permissions.xml
<?xml version='1.0'?>
<permissions>
<grant>
<principal>
<class>javax.security.auth.x500.X500Principal</class>
<name>CN=admin,OU=Coherence,O=Oracle,C=US</name>
</principal>
<permission>
<target>*</target>
<action>all</action>
</permission>
</grant>
</permissions>
3. The following is the content of the Login configuration file "Coherence_Login.conf"
Coherence {
com.tangosol.security.KeystoreLogin required
keyStorePath="keystore.jks";
4. The following is the command line tag for starting the server
java -server -showversion -Djava.security.auth.login.config=Coherence_Login.conf -Xms%memory% -Xmx%memory% -Dtangosol.coherence.cacheconfig=PROXY-cache-config.xml -Dtangosol.coherence.override=FOL-coherence-override.xml -Dcom.sun.management.jmxremote.port=6789 -Dcom.sun.management.jmxremote.authenticate=false -Dtangosol.coherence.security=true -cp "%coherence_home%\lib\coherence.jar" com.tangosol.net.DefaultCacheServer %1
Following is the output on the Console when running the command. It asks for a username and password for the JKS store (If i provide the wrong password, it gives a different error, which shows that it is able to authenticate aganst the Keystore). After i put in the password, it throws the error as shown below "java.security.AccessControlException: Unsufficient rights to perform the operation"
D:\Coherence\FOL_CacheServer>fol-cache-server
java version "1.6.0_20"
Java(TM) SE Runtime Environment (build 1.6.0_20-b02)
Java HotSpot(TM) 64-Bit Server VM (build 16.3-b01, mixed mode)
Username:admin
Password:
Exception in thread "main" java.security.AccessControlException: Unsufficient ri
ghts to perform the operation
at com.tangosol.net.security.DefaultController.checkPermission(DefaultCo
ntroller.java:153)
at com.tangosol.coherence.component.net.security.Standard.checkPermissio
n(Standard.CDB:32)
at com.tangosol.coherence.component.net.Security.checkPermission(Securit
y.CDB:11)
at com.tangosol.coherence.component.util.SafeCluster.ensureService(SafeC
luster.CDB:6)
at com.tangosol.coherence.component.net.management.Connector.startServic
e(Connector.CDB:20)
at com.tangosol.coherence.component.net.management.gateway.Remote.regist
erLocalModel(Remote.CDB:10)
at com.tangosol.coherence.component.net.management.gateway.Local.registe
rLocalModel(Local.CDB:10)
at com.tangosol.coherence.component.net.management.Gateway.register(Gate
way.CDB:6)
at com.tangosol.coherence.component.util.SafeCluster.ensureRunningCluste
r(SafeCluster.CDB:46)
at com.tangosol.coherence.component.util.SafeCluster.start(SafeCluster.C
DB:2)
at com.tangosol.net.CacheFactory.ensureCluster(CacheFactory.java:998)
at com.tangosol.net.DefaultConfigurableCacheFactory.ensureServiceInterna
l(DefaultConfigurableCacheFactory.java:923)
at com.tangosol.net.DefaultConfigurableCacheFactory.ensureService(Defaul
tConfigurableCacheFactory.java:892)
at com.tangosol.net.DefaultCacheServer.startServices(DefaultCacheServer.
java:81)
at com.tangosol.net.DefaultCacheServer.intialStartServices(DefaultCacheS
erver.java:250)
at com.tangosol.net.DefaultCacheServer.startAndMonitor(DefaultCacheServe
r.java:55)
at com.tangosol.net.DefaultCacheServer.main(DefaultCacheServer.java:197)Did you create the weblogic domain with the Oracle Webcenter Spaces option selected? This should install the relevant libraries into the domain that you will need to deploy your application. My experience is based off WC 11.1.1.0. If you haven't, you can extend your domain by re-running the Domain Config Wizard again (WLS_HOME/common/bin/config.sh)
Cappa -
Teachers in our district are supposed to use www.thinkcentral.com with FireFox.
Some have no problem accessing the lesson plans.
Most when they login click on a lesson plan and an icon shows up that says loading but never does.
If you reboot the computer and login you can open a page once but not a second time and no other lessons will open.
Think Central support says this is a security issue with Firefox.
I have updated FireFox, all the Adobe, Reader, Flash, Air and Shockwave. As well as Java.
I have allowed the pop ups to the think Central web site.
Any help would be appreciatedAre there any notification icons on the left end of the address bar? If so, please click them to see whether they related to security issues (such as blocked content - shield icon: [[How does content that isn't secure affect my safety?]]) or a plugin requiring permission (Lego-like icon).
Does Think Central have any help pages about this issue? Without an account, it is difficult to explore the issue first-hand. -
What is better for security? WPA2 or Access control
I have a Airport express and 2 computers; a Mac and a PC.
When it come to securing your wi-fi connection so you don't get unauthorized clients on your network.
What is better
A- Just using encryption like WPA2 or some other password based system or
B- Just entering the "Airport ID" (MAC) of the computers I want to authorize in my network on the Access control panel.
Seems to me like the later is easier on the clients since they don't need a password or anything, It's completely transparent for the client. And I believe encryption slows down the connection a bit and create overhead for the computer. But maybe I don't have the full picture of the situation.
Is there anybody who can illuminated this subject for me?
thanks
PowerBookG4 Mac OS X (10.3.9)WPA2 is virtually uncrackable only really vulnerable if you use a real word as a password.
When using access control, MAC addresses are sent unecrypted can be read and spoofed and therefore do not add any security.
Unfortunately "Closed" networks, MAC access control lists, and reduction in transmission power are all more "feel good" security rather than real security. All these various approaches are dated and mistakenly lead to overconfidence.
WPA is your friend if you value wireless security. -
Link does not work for
End-of-Sale and End-of-Life Announcement for the Cisco Secure Access Control System 5.4
How do we get Cisco to fix?
see attachmentGive it a couple of days - it looks like they just sent out the notification before the notice was published on the public page.
Once the ACS 5.4 EoS/EoL notice is published you should see it linked from this page. -
Cisco Secure Access Control Server Solution Engine OR Cisco Secure Access Server ?
Which product is really affected, the Cisco Secure Access Control Server Solution Engine which is a hardware applliance with software from 3.2 to 4.2 or the Cisco Secure Access Control Server Software appliance available for installing as a virtual machine into VMware ESX/ESXi 5.0 with 5.X software ?
Thank you for clarifying
Best regards
MarcoHi Thomas,
You can download ACS for windows 4.1 or 4.2 from the below listed link:
http://www.cisco.com/cgi-bin/tablebuild.pl/acs-win-eval
For ACS 5.x, please visit cisco.com
Download software > Security > Cisco Secure Access Control System 5.x > Secure Access Control System Software
HTH
Regards,
Jatin
Plz rate helpful posts- -
Cisco Secure Access Control Server for Windows 3.0
I have to rebuild a server using Cisco Secure Access Control Server for Windows 3.0 ... I cannot locate this software under "download software" in cisco.com ..
where can I download a copy for Cisco Secure Access Control Server for Windows 3.0 ?Hi,
You can not download the ACS windows Solution engines softwares from the cisco.com > download pages as these s/w are not available there. You can only download patches and remote agent software.
In order to get any ACS software/ upgrade assistance you need to open up a TAC case.
Also, ACS 3.0 is not supported by Cisco anymore..getting support for this version or any 3.x is not possible.
HTH
Regards,
JK -
Company email access denied to iphone users due to security issues, help!
I am interested in purchasing an iphone but my company said they won't allow access to our company email with the iphone due to security issues. Any one else heard of that? Is there some way for me to forward my company email to the account I would set up under the itunes? It seems there are a lot of unhappy people out there with these phones, are there any happy users out there? It seems like such a cool device and I want one but don't want to get stuck with something I can't use or that I am going to have problems with.
Of course there are happy users.
These discussions are like a hospital for Mac products with nothing but problems reported here. If you based a decision on purchasing an Apple product, any product on these discussions, you would never purchase any. Coming to the conclusion here that there are no happy users and the iPhone is nothing but problems would be like visiting a local hospital in your area full of patients (all are) and coming to the conclusion that everyone in your community must be sick and/or dying.
What type of email account - POP, IMAP or Exchange through an Exchange Server?
Accessing an email account on an iPhone is no different than accessing the account with a computer. Funny that your company claims the iPhone has security issues and prevents access but certainly allows PCs running Windows to access company email accounts? Sorry but this is my biggest laugh of the day - not at you but at your company. Your company has loads of security issues and concerns with any version of Windows accessing their network than they would ever come close to with an iPhone accessing the incoming mail server to download messages.
If your company allows for email account forwarding, you can do so. -
How to control security issues in a cluster?
hi all:
In our project we will take control of the security in front controller and we
will cache the user profile . so even my app run in a cluster i want there 's just
one palce to control security . but how?
regards
danielOk, I understand. The faster way of doing this is to define all the inputs such that the cleared value is also the default. You can then use an invoke node to call the "Reinitialize All To Default" method.
Note that like property nodes, if you don't provide a vi reference to an invoke node it assumes you mean the vi it's installed in.
To create an invoke node to do this: right-click on free-space somewhere in the diagram and select an invoke node from the function menu (look under "Application Control").
After placing the invoke node on the diagram, right-click on the yellow part of it and select "Select VI Server Class>>VI". Finally, right click on the white part of the invoke node and select "Methods>>Reinitialize All To Default".
Mike...
Certified Professional Instructor
Certified LabVIEW Architect
LabVIEW Champion
"... after all, He's not a tame lion..."
Be thinking ahead and mark your dance card for NI Week 2015 now: TS 6139 - Object Oriented First Steps -
Hello, 1st post so please go easy. I have setup access control so I can limit the internet to my kids, after trying a few things I thought this was the easiest way, I already have the "trusted" devices that I still want access to added to the "Trusted Wireless Stations" so when it is sleep time/tidy up time etc it is just a case of turning the access control feature on. I have done this a number of times and it has worked perfectly (to the screams of "whats happened to the internet" etc...) however on 2 occasions now my Sky router has locked up and has required me to reset it by holding the reset button and connecting the power. Any ideas why this is happening please? Router details below. Thanks. Systems Details SR101ManufacturerModel SkyFirmware Version 1.15m.3734.R
Sounds more to do with the router. I no longer use the Sky router as it broke down, but ALWAYS use/d access control as some former mates have my password. If the router is locking up it may be a problem with the router. According to this forum the router you have isn't very good. You may want to buy a new router and obtain the usename and password through some googling.Hope this helps.
-
Access control exception only on Linux/Debian not on Windows!?
We have a rmi server application with a webstart rmi swing client that we have been running successfully on Windows. The client is downloaded and running without any problems on Windows platforms (W2003, Win2K, WinXP). The client webstart jar is signed and all permissions is set in the jnlp file.
As soon as we setup a server on linux/debian sarge we get these access control exceptions when the server tries to send events back to the client. It complains on
file permssions not being set on the server jar file and the strange thing is that the path separator is backslash on linux?
I've tried the following:
1) java.policy. Added All permssions to the server jar file and/or bin the folder.
2) Running without any security manager, i.e., System.setSecurityManager(null)
3) Explicitly setting the policy on the server. Policy.setPolicy(...)
4) Explicitly setting a policy on the client. URL policyUrl = Thread.currentThread().getContextClassLoader().getResource("server.policy");
5) Building the server and client on debian
I'm at my wits end... I've searched these forums and it seems that this is might be a common problem but I've not found a solution yet.
Our system works 100% on Windows without any problems, it's only on linux/debian that we get these access control problems.
2005-sep-19 09:39:19 se.xxx.xxx.admin.AdminManager change
ERROR: java.security.AccessControlException: access denied (java.io.FilePermission \\usr\local\XXX\bin\server.jar read)
java.security.AccessControlContext.checkPermission(Unknown Source)
java.security.AccessController.checkPermission(Unknown Source)
java.lang.SecurityManager.checkPermission(Unknown Source)
java.lang.SecurityManager.checkRead(Unknown Source)
java.io.File.exists(Unknown Source)
sun.net.www.protocol.file.Handler.openConnection(Unknown Source)
sun.net.www.protocol.file.Handler.openConnection(Unknown Source)
java.net.URL.openConnection(Unknown Source)
sun.rmi.server.LoaderHandler.addPermissionsForURLs(Unknown Source)
sun.rmi.server.LoaderHandler.access$300(Unknown Source)
sun.rmi.server.LoaderHandler$Loader.<init>(Unknown Source)
sun.rmi.server.LoaderHandler$Loader.<init>(Unknown Source)
sun.rmi.server.LoaderHandler$1.run(Unknown Source)
java.security.AccessController.doPrivileged(Native Method)
sun.rmi.server.LoaderHandler.lookupLoader(Unknown Source)
sun.rmi.server.LoaderHandler.loadClass(Unknown Source)
sun.rmi.server.LoaderHandler.loadClass(Unknown Source)
java.rmi.server.RMIClassLoader$2.loadClass(Unknown Source)
java.rmi.server.RMIClassLoader.loadClass(Unknown Source)
sun.rmi.server.MarshalInputStream.resolveClass(Unknown Source)
java.io.ObjectInputStream.readNonProxyDesc(Unknown Source)
java.io.ObjectInputStream.readClassDesc(Unknown Source)
java.io.ObjectInputStream.readOrdinaryObject(Unknown Source)
java.io.ObjectInputStream.readObject0(Unknown Source)
java.io.ObjectInputStream.readObject(Unknown Source)
sun.rmi.server.UnicastRef.unmarshalValue(Unknown Source)
sun.rmi.server.UnicastServerRef.dispatch(Unknown Source)
sun.rmi.transport.Transport$1.run(Unknown Source)
java.security.AccessController.doPrivileged(Native Method)
sun.rmi.transport.Transport.serviceCall(Unknown Source)
sun.rmi.transport.tcp.TCPTransport.handleMessages(Unknown Source)
sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run(Unknown Source)
java.lang.Thread.run(Unknown Source)
sun.rmi.transport.StreamRemoteCall.exceptionReceivedFromServer(Unknown Source)
sun.rmi.transport.StreamRemoteCall.executeCall(Unknown Source)
sun.rmi.server.UnicastRef.invoke(Unknown Source)
se.xxx.xxx.client.XXXApplication_Stub.notify(Unknown Source)
)I have two suggestions. The first is that you didn't indicate the permissions of the file and the directories above it along with the user you're running the program as. In Unix it is easier to get an access issue as you're probably not running as root. In a traditional Windows environment everything runs with admin permission allowing access to anything. While the error comes from the security manager it has nothing to do with traditional J2SE security - it may be an O/S level thing.
But the second suggestion touches on the other question you have - why is this showing up as backslashes? Is there perhaps an issue with the JNLP file? Is there any code that should be using System.getProperty( "file.separator") and is instead just using the backslash?
Maybe you are looking for
-
Macbook Air July 2013 freezes (Boot camp Win 7 Pro)
Hi all, Just wanted to know if anyone else has had this issue? I am running win 7 pro 64bit sp1 with the latest boot camp drivers (updated via osx boot camp utiliy a few days ago) and all windows updated up to date. Everything works fine and has inst
-
Web Service in Document Template Designer not showing
Hi, I'm trying to create a new document template but the dropdown list is not showing any results even though we have web services that are active and productive. If I enter the name manually I am getting a "Please enter a valid Service definition na
-
Elements 9 saves images as torn paper
Dear Friends, I am helping a student who is running Elements 9 on Windows 7. When she opens an image from the Organizer into the Full Editor and creates an adjustment layer, she then saves this image as a Photoshop document. When she does this,
-
How do I get iCloud to use my existing @me MobileMe account
I already have a MobileMe '@me' e-mail adress, how can I get iCloud to use this e-mail address, when I try to activate ICloud e-mail, it's forcing me to create another @me e-mail account. I want to use the one I have.
-
Installation, Solaris 8, DSL, Hostname Error!
Hi, My domain name registerd in www.dotser.com DOMAIN.com Using my friends BSD and Linux as DNS servers for the above domain. with HOST.DOMAIN.com Using DSL service with statics IPs. I can set up my Linux server, but not Solaris 8. I can't get pass S