FPN design: prevent employee from content when accessing externally
I have a portal architecture question that neither my IBM nor SAP consultant could answer in a satisfactory way:
situation: we're about to setup a federated portal network with multiple producer portals. We think we have to setup 2 consumer portals: one for internal users with full content and one for external access with reduced content (e.g. no MSS or BOBJ when accessing from the outside).
It is our understanding that the external client still directly connects with the producer portal for getting its contents so the reverse proxy has to let the URL request go through.
the problem:
an employee can find out the producer URL and directly access the producer from the outside. Since the user is known at the producer they can sign-in there and access all content.
We have security concerns and want to present sensitive content only to users on our internal network.
the question:
how can we prevent for sure that an employee accessing the portal from the outside can only access non-sensitive content.
... or ... are our requirements unusual and we should change?
Hi,
the best way for ensuring that sensitive information isn't accessible from the outside is to make this kind of information not accessible from the outside. If you cannot seperate internal and external information on seperate servers:
Content published on the portal normally is being accessed by an URL. WebDynpro is integrated as an iFrame and BI reports are executed on the BI portal.
Even if you do integrate this kind of content via FPN, they seem to reside on the consumer, but when accessed the producer URL is called. Try to put a Firewall between your consumer and producer that will only allow internal IP adresses to pass.
User -> DMZ -> Consumer -> Firewall -> Producer
The user clicks on the MSS iView that is basically an ITS or WD that calls the Producer URL. The Firewall checks the IP of the user and blocks it.
If you want to prevent the user even to see the to-be blocked content in the navigation of the consumer, you'll have to code your own navigation / dynamical role assignment that checks if the user is connected in the Intranet or Internet and constructs on-the-fly the correct navigation.
br,
Tobias
Similar Messages
-
Is there a way to prevent music from autostarting when connected to bluetooth
Is there a way to prevent music from autostarting when connected to bluetooth
MikeWhen you connect the device open iTunes and select it from the sidebar. Click on the Summary tab in the main window. Uncheck the option to automatically connect to iTunes. You will find it in the collection of options near the lower part of the window.
-
Missing version field in response from server when accessing resource
HY
I have a problem to use the version option of the webstart. All files are included into a war file (created with jar cvf xx.war *). This file is in the webapps folder of the Tomcat 5. The jar files from the dev. kit (jnlp-servlet.jar, jaxp.jar, parser.jar are in the WEB-INF/lib folder).
Every time I get the same message:
Category: Download Error
Missing version field in response from server when accessing resource: (http://localhost:8080/version/ademo.jar, 1.1)
Do I need a aditional file or must Iwrite a servlet???
Whats wrong
my JNLP file
<?xml version="1.0" encoding="utf-8"?>
<!-- JNLP File fuer HJP3 WebStart Demo-Applikation -->
<jnlp codebase="http://localhost:8080/version/" href="wstest.jnlp">
<information>
<title>HJP3 WebStart Demo Application</title>
<vendor>Guido Krueger</vendor>
<homepage href="http://www.javabuch.de"/>
<description>HJP3 WebStart Demo Application</description>
<icon href="wstest.gif"/>
<offline-allowed/>
</information>
<information locale="de">
<description>HJP3 WebStart Demo-Applikation</description>
<offline-allowed/>
</information>
<security>
<!-- <all-permissions/> //-->
</security>
<resources>
<j2se version="1.4+"/>
<jar href="ademo.jar" version="1.1"/>
</resources>
<application-desc main-class="Listing3813"/>
</jnlp>
my version.xml file
<jnlp-versions>
<resource>
<pattern>
<name>ademo.jar</name>
<version-id>1.1</version-id>
</pattern>
<file>application.jar</file>
</resource>
</jnlp-versions>
my web.xml file
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" "http://java.sun.com/dtd/web-app_2_3.dtd">
<web-app>
<servlet>
<servlet-name>JnlpDownloadServlet</servlet-name>
<servlet-class>com.sun.javaws.servlet.JnlpDownloadServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>JnlpDownloadServlet</servlet-name>
<url-pattern>*.jnlp</url-pattern>
</servlet-mapping>
</web-app>The log file (jnlpdownloadservlet.log) would show the calls for the jar files if the servlet is called for the jar files (did you correct the url mapping ?). Here are a few lines from a log file
JnlpDownloadServlet(4): Initializing
JnlpDownloadServlet(3): Request: /maportal/wfe/wfeguiv.jnlp
JnlpDownloadServlet(3): User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.6) Gecko/20040206 Firefox/0.8
JnlpDownloadServlet(4): DownloadRequest[path=/wfe/wfeguiv.jnlp isPlatformRequest=false]
JnlpDownloadServlet(4): Basic Protocol lookup
JnlpDownloadServlet(4): JnlpResource: JnlpResource[WAR Path: /wfe/wfeguiv.jnlp lastModified=Tue Mar 23 17:06:56 CET 2004]]
JnlpDownloadServlet(3): Resource returned: /wfe/wfeguiv.jnlp
JnlpDownloadServlet(4): lastModified: 1080058016000 Tue Mar 23 17:06:56 CET 2004
JnlpDownloadServlet(3): Request: /maportal/wfe/wfegui.gif
JnlpDownloadServlet(3): User-Agent: JNLP/1.0.1 javaws/1.4.2_03 (b02) J2SE/1.4.2_03
JnlpDownloadServlet(4): DownloadRequest[path=/wfe/wfegui.gif isPlatformRequest=false]
JnlpDownloadServlet(3): Request: /maportal/wfe/wfegui.jar
JnlpDownloadServlet(3): User-Agent: JNLP/1.0.1 javaws/1.4.2_03 (b02) J2SE/1.4.2_03
JnlpDownloadServlet(4): DownloadRequest[path=/wfe/wfegui.jar isPlatformRequest=false]
JnlpDownloadServlet(4): Basic Protocol lookup
JnlpDownloadServlet(4): JnlpResource: JnlpResource[WAR Path: /wfe/wfegui.jar lastModified=Tue Mar 23 17:06:30 CET 2004]]
JnlpDownloadServlet(3): Resource returned: /wfe/wfegui.jarYou should see all the resources (including jar files) being requested, and whether a specific version was requested or not (in above sample, not).
I put my problems down to my application server (Orion) as other people seem to have this working. The deployment in Orion keeps the original timestamps of the jars, so I explicitly set the timestamps in my build so that the unchanged jars do not have to be downloaded all the time. This is not really a good solution, so maybe someone else can give further advice.
Brendan -
Missing version filed in response from server when accessing resource
Hello all,
I am getting the following error when trying to do jar version download in webstart.
Missing version field in response from server when accessing resource(http://lo alhost:8080/jdc/jnlp/new/SimpleGUI.jar,1.0)
I am using Tomcat 5.5.
My web.xml looks like this,
<web-app>
<display-name>Tomcat Examples</display-name>
<description>
Tomcat Example servlets and JSP pages.
</description>
<servlet>
<servlet-name>
JnlpDownloadServlet
</servlet-name>
<servlet-class>
jnlp.sample.servlet.JnlpDownloadServlet
</servlet-class>
<init-param>
<param-name>
logLevel
</param-name>
<param-value>
DEBUG
</param-value>
</init-param>
<init-param>
<param-name>
logPath
</param-name>
<param-value>
c:\logs\jnlpdownloadservlet.log
</param-value>
</init-param>
</servlet>
<servlet-mapping>
<servlet-name>JnlpDownloadServlet</servlet-name>
<url-pattern>/jdc/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>JnlpDownloadServlet</servlet-name>
<url-pattern>*.jnlp</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>JnlpDownloadServlet</servlet-name>
<url-pattern>*.jar</url-pattern>
</servlet-mapping>
</web-app>
My version.xml file.
<jnlp-versions>
<resource>
<pattern>
<name>SimpleGUI_v1.0.jar</name>
<version-id>1.0</version-id>
<locale>en_US</locale>
<locale>en</locale>
</pattern>
<file>SimpleGUI_v1.0.jar</file>
</resource>
<resource>
<pattern>
<name>SimpleGUI_v2.0.jar</name>
<version-id>2.0</version-id>
<locale>en_US</locale>
<locale>en</locale>
</pattern>
<file>SimpleGUI_v2.0.jar</file>
</resource>
</jnlp-versions>
My jnlp file is as follows,
<?xml version="1.0" encoding="UTF-8"?>
<jnlp spec="1.0+" codebase="http://localhost:8080/jdc/jnlp/new" href="SimpleGUI.jnlp">
<information>
<title>SimpleGUI</title>
<vendor>Java Developer Connection</vendor>
<homepage href="/jdc/jnlp/new/index.html" />
<description>Demonstration of JNLP</description>
</information>
<offline-allowed/>
<resources>
<j2se href="http://java.sun.com/products/autodl/j2se" version="1.5+ " />
<jar href="SimpleGUI_v1.0.jar" version="1.0"/>
<jar href="AddLogic_v1.0.jar"/>
<jar href="SimpleGUI_v2.0.jar" version="2.0"/>
<jar href="AddLogic_v2.0.jar"/>
</resources>
<application-desc main-class="com.logic.SimpleGUI" />
</jnlp>
For the codebase if I use $$codebase then it reports an error showing,
The field <jnlp> codebase has an invalid value:$$codebase
I think the JnlpDpwnloadServlet is not getting invoked. I cant figure out my mistake. I am tired searching in forums and there is no proper answer to this problem. Any help is appreciated.
Thanks in advance.
Regards,
robiThanks for including all your code. I've ran into version download problems before also. In the jar reference don't include the actual __V.jar file name, just include all pre __V.jar. <jar href="AddLogic_v1.0.jar"/> would become <jar href="AddLogic.jar"/>. Now I haven't done it with the version.xml before I just did it with making file named *__V.jar.
I just re-read all that you did, if you title your files with the __V.jar notation you don't need a version.xml file.
<jar href="SimpleGUI_v1.0.jar" version="1.0"/>
Should become
<jar href="SimpleGUI.jar" version="1.0"/>
And you would have SimpleGUI_v1.0.jar on your server. Also might need it to be a capital "V" not sure.
Message was edited by:
javaunixsolaris -
How do I prevent Mail from opening when I click an email address in Safari?
My wife and I both use Yahoo! Mail. Neither of us uses the Mail app to manage our email. How do I prevent Mail from opening when we click an email address in Safari? Is it possible to direct Safari to open a separate web browser prompting us to log in to our Yahoo! Mail?
Hmm.. probably not.
You want to open Mail. Then go into Preferences > General and you will see something similar to this:
In the area marked Default Mail reader click on the pull down and at the bottom of the list it will say Other. You can see if you can select Safari here and if that will open up Safari.
Good luck. -
How do I prevent iTunes from opening when I pug in my iPod?
How do i prevent tunes from opening when i plug in my ipod?
This will occur when there are photos and/or videos in the Camera Roll, which should be imported by your computer as with any other digital camera.
Depending on the iPhoto version you are running, this can be done via iPhoto preferences > connected camera opens > select no application. -
ESS Content not showing when accessed Externally
Hello Experts,
I am experiencing an issue with our ESS portal that is not displaying the content when it is accessed externally (from outside our intranet).
Currently we can access all content from inside our own network. From outside our network we are able to log into the portal and access all tabs (content Admin, System Admin, user Admin, etc), however when we try to access the ESS, My Travel, or My Budget Tabs we get a "page cannot be displayed" error. It appears anything using WebDynpro will not load.
Internally we access the portal by going to the URL: <ServerName>.baldor.com:50000/irj/portal
Externally we access the portal by going to the URL: employeselfservice.baldor.com:50000/irj/portal
Is there some kind of mapping that we need to configure? Any Suggestions?
Any Help is greatly appreciated,
Thanks in Advance,
StevenProblem is solved.
We had to use our external web address in the System defination in the portal. -
How can I prevent iPhoto from launching when I insert an SD card
I recently upgraded to a new iMac retina and am having trouble disabling iPhoto from launching when an SD card is inserted.
I have gone to iPhoto setting and disabled iPhoto from launching when a camera is connected.
I have also gone into image capture and selected no application as the hidden option for SD card actions when inserted.
Unfortunately the issue persists... two questions: can I do a terminal level disable to prevent iPhoto from launching or can I remove iPhoto from my computer?Have you tried this?
Open the Image Capture app
Select your SD Card
Click the little widget in the bottom right corner of the window
Select the program to launch, or "No application"
it worked for me -
How can i prevent iphoto from opening when i plug in my iphone to the computer?
Hi There,
I have a question, when I connect my iPhone to the computer the iPhoto automatically opens.
how can i prevent this from happening? it always slows down my computer.
any help will be appreciated.
thanksImage Capture (in your Applications Folder) - In the preferences you can decide to 'Do Nothing' when a camera is connected.
Some versions also have this option in the iPhoto Preferences.
Regards
TD -
Is there a way to prevent Adobe from crashing when ocring multiple documents?
I'm using Adobe Acrobat 9 Standard. I am trying to OCR multiple documents, Adobe crashes when it hits a document that cannot be OCR'd. How can I prevent Adobe from crashing and to skip that document and continue the OCR'ing process with the next document in the list?
Moving this discussion to the Enterprise Deployment for Creative Cloud, Creative Suite forum.
-
Prevent Excel from recalculating when refreshing a query within a workbook
Hello,
I have a BEx workbook with 4 queries and a significant number of Excel formulas retrieving and rearranging query data.
**The issue**:
When Excel>Tool>Options>Calculation is set to "Automatic" (as it should be in normal situations), refreshing anyone query takes about 2 hours.
When Excel>Tool>Options>Calculation is set to "Manual", refreshing anyone query takes about 2 minutes.
Therefore I conclude that BEx does not prevent Excel from recalculating during a query refresh and this cause unacceptable delays.
**Question**
Is there any way to prevent to temporarily prevent Excel from recalculating during a query refresh ?
Thank you.
LouisI have a star schema, ie 5 FACT tables and 7 dimension tables, All fact tables share the same dimension tables, some FACT tables share 3 dimesnsions, while other share 5 dimensions.
I did adopt the best practices, and as recommended in the book, I tried to resolve them using Context, as it is the recommended option to Alias in a star schema setting. The contexts are resolved, but I still have loops. I also cleared the Multiple SQL Statement for each context option, but no luck. I need to get this resoved ASAP,
I checked all the context and they look fine, however when I again go to detect context it asks me to add the context which is already present. It give me an option to overwrite? Besides, I also get some Alias options. However I was told and it was mentioned in the book that Alias is not a good option to resolve loops but context is when you have a STAR SCHEMA.
Please suggest idea.
AP -
How to preventing files from downloading when I open them
Hi there,
Is there a setting somewhere on my computer that will allow me to open files (in emails, on webpages, etc.) without first having to download them? Please help....No.
If you are using an email client such as the Mail.app to access an email account, a message attachment must be downloaded with the message in order to open it and the same when accessing the account via webmail access using a browser.
Why is this a problem? -
How to prevent computer from sleeping when downloading Lion from the recovery partition?
Hello,
I just got a new MacBook Pro that came with Lion. I'm reinstalling from the recovery partition and I'm on the downloading additional components stage. It has 3 hours to go and the computer keeps going to sleep. How can I prevent this? I don't want to have to babysit the computer for 3 more hours.
Thanks.Looking for an answer to this question now. Did you find one? I'm about an hour into a 6+ hour reinstall of Mountain Lion from the Recovery partition on my MacBook Pro. So I can't change the sleep corners or caffenate it or do much of anything but wait. I want to go to bed and let it install overnight, but I assume it will go to sleep, and that will kill the download. It there any way to prevent it from sleeping now?
Even trying to think of something I can put on the trackpad to trick it into thinking I'm touching it.
Maybe ill put it under my dog, and her movements will keep it awake? Thinking outside the box here.
Any ideas would be appreciated. -
Prevent iPhoto from opening when iPhone is connected?
Does anyone know if there is a way to keep iPhoto from opening when my iPhone is connect BUT do the opposite when my digital still cam is connected? I like having iPhone auto-launch for my canon cam, but not when I connect the iPhone.
I believe I've come across an article by someone who set up a script to run when a camera is connected, and the script detects what kind of camera and then launches or not launches iPhoto as desired. Yeah, here it goes:
http://www.macosxhints.com/article.php?story=20080301133957211
Seems overkill to me---I find it easy enough to manually launch iPhoto when I connect a camera, but hey, to each their own. -
How can I prevent Applications from being copied to external drive?
Hello,
Just a quick one...
I run a studio in an education evironment. We've got quite a lot of software installed on our machines (Mac OS X 10.7.4) and there's always the chance that students will copy applications from the Applications folder onto an external drive to take home!
Obviously this is becoming increasingly easy with large USB sticks and Applications which are entirely contained in the Applications folder.
Is there any way that students can still run these applications during class but prevent them from copying the whole applications?
With thanks in advance,
LawrenceYou can hide the Applications folder, but it isn't a total solution. Open Terminal and type:
cd /
sudo chflags hidden /Applications
Maybe you are looking for
-
I upgraded software on my ipod touch and lost my movies and music. How do I recover them
I upgraded software on my ipod touch and lost my movies and music. How do I recover them?
-
Missing rights to view EDMProjectWEB
hello, i'm reading the book "Composition environment" but now i have a problem. I see the LogIn-Screen from "<host>:<port>/EDMProjectWEB" but my "administrator" is not authorized to view the page" after ... Did i forget to add a special role? My admi
-
Are there any standard Idocs or Bapis for posting the data into transaction
Hi, Are there any standard Idocs or Bapis for posting the data into transactions ME42N and IK11? Thank You.
-
Join two 8 bit integers and send via Serial Port
I am trying to join two 8 bit integers and send the result via the serial port. I have a constant of hex value A that I need to join with a value from hex 0 - F (this is based on incoming data) When I use the Join VI, and type cast to change from hex
-
I have been trying to install a 350 PCMCIA card on a laptop running XP SP 1. However, I cannot get it to work reliably. I set up the XP networking profile for PEAP and GTC I set up the ACU for Host based EAP and Dynamic WEP. The process is slow to br