Grants in the AOL Security Model
Hi
Here's is the business scenario:
1. There is an Object 'Notes' defined that stores Notes (Notes are text information captured in say a Service Request submitted by an Employee). These are stored in table 'JTF_NOTES_B'.
2. There are two Object Instance Sets defined for this object - Private Notes and All Notes.
a. Private Notes are Notes that only its creator can view (it is a status on the Note) - the predicate on this is:
&TABLE_ALIAS.NOTE_STATUS = 'PRIVATE'
AND &TABLE_ALIAS.CREATED_BY = FND_GLOBAL.USER_ID
b. Public Notes are Note that can be viewed by anyone.
&TABLE_ALIAS.NOTE_STATUS <> 'PRIVATE'
3. There are two Grants defined:
a. Grant to allow all users to view Private Notes that they have created
b. Grant to allow all users to view all Public Notes (irrespective of the creator)
Question:
How are these two Grants resolved in the Database? Is it via a Union on these two Object Instance Sets like:
select *
from JTF_NOTES_B
where &TABLE_ALIAS.NOTE_STATUS = 'PRIVATE'
AND &TABLE_ALIAS.CREATED_BY = FND_GLOBAL.USER_ID
UNION
select *
from JTF_NOTES_B
where &TABLE_ALIAS.NOTE_STATUS <> 'PRIVATE'
or via an OR clause like?
select *
from JTF_NOTES_B
where ( &TABLE_ALIAS.NOTE_STATUS = 'PRIVATE'
AND &TABLE_ALIAS.CREATED_BY = FND_GLOBAL.USER_ID)
OR &TABLE_ALIAS.NOTE_STATUS <> 'PRIVATE'
OR is there any other way that these two Grants will be resolved?
Thanks.
Edited by: dejoseph on Mar 18, 2013 1:16 PM
Hi, Please go through the SQL query below.
SELECT
EL.InstanceName,
COALESCE(C.Path, 'Unknown') AS ItemPath,
EL.UserName,
EL.ExecutionId,
CASE(EL.RequestType)
WHEN 0 THEN 'Interactive'
WHEN 1 THEN 'Subscription'
WHEN 2 THEN 'Refresh Cache'
ELSE 'Unknown'
END AS RequestType,
EL.Format,
Parameters,
CASE(EL.ReportAction)
WHEN 1 THEN 'Render'
WHEN 2 THEN 'BookmarkNavigation'
WHEN 3 THEN 'DocumentMapNavigation'
WHEN 4 THEN 'DrillThrough'
WHEN 5 THEN 'FindString'
WHEN 6 THEN 'GetDocumentMap'
WHEN 7 THEN 'Toggle'
WHEN 8 THEN 'Sort'
WHEN 9 THEN 'Execute'
ELSE 'Unknown'
END AS ItemAction,
EL.TimeStart,
YEAR(EL.TimeStart) AS Start_Year,
MONTH(EL.TimeStart) AS Start_Month,
DATENAME(MONTH,EL.TimeStart) AS Start_Month_Name,
DATENAME(DW,EL.TimeStart) AS Start_Day_Of_Week,
DATEPART(WEEKDAY,EL.TimeStart) AS Start_Day_Number_of_Week,
EL.TimeEnd,
EL.TimeDataRetrieval,
EL.TimeProcessing,
EL.TimeRendering,
CASE(EL.Source)
WHEN 1 THEN 'Live'
WHEN 2 THEN 'Cache'
WHEN 3 THEN 'Snapshot'
WHEN 4 THEN 'History'
WHEN 5 THEN 'AdHoc'
WHEN 6 THEN 'Session'
WHEN 7 THEN 'Rdce'
ELSE 'Unknown'
END AS Source,
EL.Status,
EL.ByteCount,
EL.[RowCount],
EL.AdditionalInfo,
C.Name,
C.CreatedByID,
C.ModifiedByID,
C.Description,
C.CreationDate,
C.ModifiedDate,
CASE
WHEN C.TYPE=1 THEN 'Folder'
WHEN C.TYPE=2 THEN 'Report'
WHEN C.TYPE=3 THEN 'XML'
WHEN C.TYPE=4 THEN 'Linked Report'
WHEN C.TYPE=5 THEN 'Data Source'
WHEN C.TYPE=6 THEN 'Model'
WHEN C.TYPE=8 THEN 'Shared Dataset'
WHEN C.TYPE=9 THEN 'Report Part'
END AS Type_Description
FROM
ExecutionLogStorage AS EL
LEFT OUTER JOIN Catalog AS C ON EL.ReportID = C.ItemID
Anything in the Format column is not 'RPL' is all exported in some manner or the other.
Hope this helps...........
Ione
Similar Messages
-
Migrate to the Java 2 security model
Hi, I've tried to use signed applets but I always get the following message:
Java (TM) Plug-in: Version 1.3.1_02
Netscape security model is no longer supported.
Please migrate to the Java 2 security model instead.
Netscape security model is no longer supported.
Please migrate to the Java 2 security model instead.
Netscape security model is no longer supported.
Please migrate to the Java 2 security model instead.
Netscape security model is no longer supported.
Please migrate to the Java 2 security model instead.
Netscape security model is no longer supported.
Please migrate to the Java 2 security model instead.
I'm using IExplorer 5.5 with the Java Plug-In 1.3.1_02.
What does it mean 'migrate to the Java 2 security model'?
How can I migrate?
thanks in advance.So you mean your applet is working in Netscape 6.2 after editing prefs.js. In that case, one possible solution is take away the support of netscape.security.* in your applet . Because netscape.* packages 'might' use the Netscape Security model, which is no longer supported(check out). Hence the system asks you to migrate to the current java security model. Even if you remove the netscape.* support, your applet will work, if you have signed it properly. In that case, you don't have to touch prefs.js or java.policy or anything from your client machine.(provided you use standard certificates like verisign).
Since you have only class file of the applet and not the source, decompile the class file and make the alteration and compile it back. A decompiler Jad is available here http://midlet.org/jsp/category.jsp?parentLevel=137.
Let me know if this has helped you.
Rajesh -
Java Security Model: Java Protection Domains
1. Policy Configuration
Until now, security policy was hard-coded in the security manager used by Java applications. This gives us the effective but rigid Java sandbox for applets.A major enhancement to the Java sandbox is the separation of policy from mechanism. Policy is now expressed in a separate, persistent format. The policy is represented in simple ascii, and can be modified and displayed by any tools that support the policy syntax specification. This allows:
o Configurable policies -- no longer is the security policy hard-coded into the application.
o Flexible policies -- Since the policy is configurable, system administrators can enforce global polices for the enterprise. If permitted by the enterprise's global policy, end-users can refine the policy for their desktop.
o Fine-grain policies -- The policy configuration file uses a simple, extensible syntax that allows you to specify access on specific files or to particular network hosts. Access to resources can be granted only to code signed by trusted principals.
o Application policies -- The sandbox is generalized so that applications of any stripe can use the policy mechanism. Previously, to establish a security policy for an application, an developer needed to implement a subclass of the SecurityManager, and hard-code the application's policies in that subclass. Now, the application can make use of the policy file and the extensible Permission object to build an application whose policy is separate from the implementation of the application.
o Extensible policies -- Application developers can choose to define new resource types that require fine-grain access control. They need only define a new Permission object and a method that the system invokes to make access decisions. The policy configuration file and policy tools automatically support application-defined permissions. For example, an application could define a CheckBook object and a CheckBookPermission.
2. X.509v3 Certificate APIs
Public-key cryptography is an effective tool for associating an identity with a piece of code. JavaSoft is introducing API support in the core APIs for X.509v3 certificates. This allows system administrators to use certificates from enterprise Certificate Authorities (CAs), as well as trusted third-party CAs, to cryptographically establish identities.
3. Protection Domains
The central architectural feature of the Java security model is its concept of a Protection Domain. The Java sandbox is an example of a Protection Domain that places tight controls around the execution of downloaded code. This concept is generalized so that each Java class executes within one and only one Protection Domain, with associated permissions.
When code is loaded, its Protection Domain comes into existence. The Protection Domain has two attributes - a signer and a location. The signer could be null if the code is not signed by anyone. The location is the URL where the Java classes reside. The system consults the global policy on behalf of the new Protection Domain. It derives the set of permissions for the Protection Domain based on its signer/location attributes. Those permissions are put into the Protection Domain's bag of permissions.
4. Access Decisions
Access decisions are straightforward. When code tries to access a protected resource, it creates an access request. If the request matches a permission contained in the bag of permissions, then access is granted. Otherwise, access is denied. This simple way of making access decisions extends easily to application-defined resources and access control. For example, the banking application allows access to the CheckBook only when the executing code holds the appropriate CheckBookPermission.
Sandbox model for Security
Java is supported in applications and applets, small programs that spurred Java's early growth and are executable in a browser environment. The applet code is downloaded at runtime and executes in the context of a JVM hosted by the browser. An applet's code can be downloaded from anywhere in the network, so Java's early designers thought such code should not be given unlimited access to the target system. That led to the sandbox model -- the security model introduced with JDK 1.0.
The sandbox model deems all code downloaded from the network untrustworthy, and confines the code to a limited area of the browser -- the sandbox. For instance, code downloaded from the network could not update the local file system. It's probably more accurate to call this a "fenced-in" model, since a sandbox does not connote strict confinement.
While this may seem a very secure approach, there are inherent problems. First, it dictates a rigid policy that is closely tied to the implementation. Second, it's seldom a good idea to put all one's eggs in one basket -- that is, it's unwise to rely entirely on one approach to provide overall system security.
Security needs to be layered for depth of defense and flexible enough to accommodate different policies -- the sandbox model is neither.
java.security.ProtectionDomain
This class represents a unit of protection within the Java application environment, and is typically associated with a concept of "principal," where a principal is an entity in the computer system to which permissions (and as a result, accountability) are granted.
A domain conceptually encloses a set of classes whose instances are granted the same set of permissions. Currently, a domain is uniquely identified by a CodeSource, which encapsulates two characteristics of the code running inside the domain: the codebase (java.net.URL), and a set of certificates (of type java.security.cert.Certificate) for public keys that correspond to the private keys that signed all code in this domain. Thus, classes signed by the same keys and from the same URL are placed in the same domain.
A domain also encompasses the permissions granted to code in the domain, as determined by the security policy currently in effect.
Classes that have the same permissions but are from different code sources belong to different domains.
A class belongs to one and only one ProtectionDomain.
Note that currently in Java 2 SDK, v 1.2, protection domains are created "on demand" as a result of class loading. The getProtectionDomain method in java.lang.Class can be used to look up the protection domain that is associated with a given class. Note that one must have the appropriate permission (the RuntimePermission "getProtectionDomain") to successfully invoke this method.
Today all code shipped as part of the Java 2 SDK is considered system code and run inside the unique system domain. Each applet or application runs in its appropriate domain, determined by its code source.
It is possible to ensure that objects in any non-system domain cannot automatically discover objects in another non-system domain. This partition can be achieved by careful class resolution and loading, for example, using different classloaders for different domains. However, SecureClassLoader (or its subclasses) can, at its choice, load classes from different domains, thus allowing these classes to co-exist within the same name space (as partitioned by a classloader).
jarsigner and keytool
example : cd D:\EicherProject\EicherWEB\Web Content jarsigner -keystore eicher.store source.jar eichercert
The javakey tool from JDK 1.1 has been replaced by two tools in Java 2.
One tool manages keys and certificates in a database. The other is responsible for signing and verifying JAR files. Both tools require access to a keystore that contains certificate and key information to operate. The keystore replaces the identitydb.obj from JDK 1.1. New to Java 2 is the notion of policy, which controls what resources applets are granted access to outside of the sandbox (see Chapter 3).
The javakey replacement tools are both command-line driven, and neither requires the use of the awkward directive files required in JDK 1.1.x. Management of keystores, and the generation of keys and certificates, is carried out by keytool. jarsigner uses certificates to sign JAR files and to verify the signatures found on signed JAR files.
Here we list simple steps of doing the signing. We assume that JDK 1.3 is installed and the tools jarsigner and keytool that are part of JDK are in the execution PATH. Following are Unix commands, however with proper changes, these could be used in Windows as well.
1. First generate a key pair for our Certificate:
keytool -genkey -keyalg rsa -alias AppletCert
2. Generate a certification-signing request.
keytool -certreq -alias AppletCert > CertReq.pem
3. Send this CertReq.pem to VeriSign/Thawte webform. Let the signed reply from them be SignedCert.pem.
4. Import the chain into keystore:
keytool -import -alias AppletCert -file SignedCert.pem
5. Sign the CyberVote archive �TeleVote.jar�:
jarsigner TeleVote.jar AppletCert
This signed applet TeleVote.jar can now be made available to the web server. For testing purpose we can have our own test root CA. Following are the steps to generate a root CA by using openssl.
1. Generate a key pair for root CA:
openssl genrsa -des3 -out CyberVoteCA.key 1024
2. Generate an x509 certificate using the above keypair:
openssl req -new -x509 -days key CyberVoteCA.key -out CyberVoteCA.crt
3. Import the Certificate to keystore.
keytool -import -alias CyberVoteRoot -file CyberVoteCA.crt
Now, in the step 3 of jar signing above, instead of sending the request certificate to VeriSign/Thawte webform for signing, we 365 - can sign using our newly created root CA using this command:
openssl x509 -req -CA CyberVoteCA.crt -CAkey CyberVoteCA.key -days 365 -in CertReq.pem -out SignedCert.pem �Cacreateserial
However, our test root CA has to be imported to the keystore of voter�s web browser in some way. [This was not investigated. We used some manual importing procedure which is not recommended way]
The Important Classes
The MessageDigest class, which is used in current CyberVote mockup system (see section 2), is an engine class designed to provide the functionality of cryptographically secure message digests such as SHA-1 or MD5. A cryptographically secure message digest takes arbitrary-sized input (a byte array), and generates a fixed-size output, called a digest or hash. A digest has the following properties:
� It should be computationally infeasible to find two messages that hashed to the same value.
� The digest does not reveal anything about the input that was used to generate it.
Message digests are used to produce unique and reliable identifiers of data. They are sometimes called the "digital fingerprints" of data.
The (Digital)Signature class is an engine class designed to provide the functionality of a cryptographic digital signature algorithm such as DSA or RSA with MD5. A cryptographically secure signature algorithm takes arbitrary-sized input and a private key and generates a relatively short (often fixed-size) string of bytes, called the signature, with the following properties:
� Given the public key corresponding to the private key used to generate the signature, it should be possible to verify the authenticity and integrity of the input.
� The signature and the public key do not reveal anything about the private key.
A Signature object can be used to sign data. It can also be used to verify whether or not an alleged signature is in fact the authentic signature of the data associated with it.
----Cheers
---- Dinesh VishwakarmaHi,
these concepts are used and implemented in jGuard(www.jguard.net) which enable easy JAAS integration into j2ee webapps across application servers.
cheers,
Charles(jGuard team). -
Error while confgiuring Siebel Bi Publisher Security Model..
Hi,
Steps Done
1) Imported the BIPSiebelSecurityWS.XML
2) Replaced Existing address with the specific address of the Siebel Server
3) Enabled Local Super user checkbox, entered a Super user name and password
4) Configured the Siebel Security Model by pointing the Siebel Web Service end point with Siebel Username/Pwd
5) Restarted the Bipublisher
6) When I try to login to Bi Publisher with Siebel Credentials I am getting the error
The server cannot be used due to configuration error, please contact admin..
Please let us know the necessary steps ..Login using the credentilas used for super user. Siebel user do not work here, it will only fetch the responsibilities here as a roles for that super user.
Thanks,
Ravi kanth -
Talk21 - moving to security model of Yahoo
Hi there,
I wonder if anyone can advise on this. I have an older Talk21 e-mail account which has been transferred to Yahoo. I've had this for over 10 years.
I notice when new customers sign up to Yahoo, there are now more advanced security options such as special characters in password, customised secret questions, credit card verification for password recovery and Log-in Activity.
I'd be interested to improve the security of my account using these methods.
Is there any way I can get these on my talk21 account, or is there a possibility of moving my talk21 account to the new security model of Yahoo?
Thanksjonmale wrote:
Hi there,
I still haven't had a response on this.
Is there a way to check this?
Thanks,
Jon
Hi Jon.
Not sure if this is applicable to BTinternet/Talk21 email addresses, as opposed to actual Yahoo! ones.
However in case you were unaware, Talk21 email addresses can be accessed as a BTinternet email address as follows.
If you append .t21 (including the dot) after the bit of the Talk21 email address before the @, and then added @btinternet.com at the end, it will be treated as a BTinternet email address.
http://www.andyweb.co.uk/shortcuts
http://www.andyweb.co.uk/pictures -
OWB Security Model Using WBSecurityServiceImpl
Hi,
I'm currently trying to implement the extended security model using the WBSecurityServiceImpl package in OWB v10.2.0.2.
However I'm having a few difficulties in creating user roles using this method as I do not have a complete list of OBJECT_TYPE_ID's and OPERATION_TYPE_ID's - does anyone know where I can get hold of these?
Any help with this would be much appreciated.Hi,
I'm currently trying to implement the extended security model using the WBSecurityServiceImpl package in OWB v10.2.0.2.
However I'm having a few difficulties in creating user roles using this method as I do not have a complete list of OBJECT_TYPE_ID's and OPERATION_TYPE_ID's - does anyone know where I can get hold of these?
Any help with this would be much appreciated. -
Publisher: BI_SERVER security model.
Hello Guys,
I read a couple of time now to change
<property name="SECURITY_MODEL" value="BI_SERVER"/>
to
<property name="SECURITY_MODEL" value="XDO"/>
but this means I dont have all the users I got in my BI_SERVER security model.
I cant add those 200 users again in the XDO security model.
The problem is that when I change it to BI_SERVER none of the logins work.
Why is that?Hey,
On the surface it sounds like you have everything setup properly.
You have the appropriate groups setup in Bi Server:
XMLP_ADMIN
XMLP_ANALYZER_EXCEL
XMLP_ANALYZER_ONLINE
XMLP_DEVELOPER
XMLP_SCHEDULER
XMLP_TEMPLATE_DESIGNER
You do NOT need to add any of your BI Server users to these groups.
I think an few updates to your xmlp-server-config file may get you there...
Check your BI_SERVER_SECURITY_DRIVER and BI_SERVER_SECURITY_URL settings.
My settings are below for my xmlp-server-config
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<xmlpConfig xmlns="http://xmlns.oracle.com/oxp/xmlp">
<property name="SAW_SERVER" value="OBIEE_SERVER"/>
<property name="SAW_SESSION_TIMEOUT" value="90"/>
<property name="DEBUG_LEVEL" value="exception"/>
<property name="SAW_PORT" value="80"/>
<property name="SAW_PASSWORD" value="password"/>
<property name="SAW_PROTOCOL" value="http"/>
<property name="SAW_VERSION" value="v4"/>
<property name="SAW_USERNAME" value="username"/>
<property name="SAW_URL_SUFFIX" value="analytics/saw.dll"/>
<property name="SECURITY_MODEL" value="BI_SERVER"/>
<property name="BI_SERVER_SECURITY_DRIVER" value="oracle.bi.jdbc.AnaJdbcDriver"/>
<property name="BI_SERVER_SECURITY_URL" value="jdbc:oraclebi://OBIEE_SERVER:9703/"/>
<property name="BI_SERVER_SECURITY_ADMIN_USERNAME" value="username"/>
<property name="BI_SERVER_SECURITY_ADMIN_PASSWORD" value="password"/>
</xmlpConfig>
Let me know how it goes... -
Check SAP BOBJ 4. 0compatibility with SAP BW SEcurity Model 3.5
I am trying to find out if SAP BO 4.0 is compatible with BW Security Model 3.5 or needs to be upgraded to 7.0. The PAM (Product Availability Matrix) doesn't have any specifics on the BW security model. Can anyone please provide me some insight on this?
Thanks,
KavithaHi,
all the supported platforms are listed in the PAM for service marketplace and the integration with the Authorizations is achieved via SSO.
Ingo -
ActiveX bridge uses applet security model???
Hello,
During execution my ActiveX bean has no permissions to make something, but I need it at least able to access files. ActiveX bridge documentation says that the bean is executed with all permissions. Is something was changed in 1.5 release?
AntonSeems like axbridge doesnt use the applet security model if you have the following folder structure:
<JRE>\axbridge\bin\mybean.dll
<JRE>\axbridge\lib\mybean.jar
But then there are a lot of bugs, and the bug workaround is to rename the lib folder after registering the dll (and updating the path to the jarfile in the registry):
<JRE>\axbridge\bin\mybean.dll
<JRE>\axbridge\bug_workaround_lib\mybean.jar
But then we get another problem: the applet security model is turned on... -
Please Migrate to the java 2 Security Model.
HI, this is my first post BTW, I dont know much about Java its just that when i try to access my work from home(united Airlines). It was working fine until i had to format My hd and since u can no longer download java from the microsoft site i had to come here to download the newer version and havent been able to access it since. Is there a site or anywhere that i can download hte old version perhaps or get this one to work? when i tyr to login i get this Error in the Java Console:
ipsNetletStatus.init()
Netlet Starting (16)
Netscape security model is no longer supported.
Please migrate to the Java 2 security model instead.
Netlet found Netscape
Netscape security model is no longer supported.
Please migrate to the Java 2 security model instead.
Netscape security model is no longer supported.
Please migrate to the Java 2 security model instead.
Netscape security model is no longer supported.
Please migrate to the Java 2 security model instead.
Netlet config: https://gw-r5.airline.compuserve.com:443/http://as-r5.airline.compuserve.com:8080/NetletConfig?func=loadResources
ipsNetletStatus.start()
...ipsNetletStatus.run() is starting
Netscape security model is no longer supported.
Please migrate to the Java 2 security model instead.
Netscape security model is no longer supported.
Please migrate to the Java 2 security model instead.
netscape.javascript.JSException: Failure to evaluate netscape.security.PrivilegeManager.enablePrivilege("UniversalPreferencesRead");navigator.preference("network.proxy.ssl");
at sun.plugin.javascript.ocx.JSObject.eval(Unknown Source)
at BrowserProxyInfo.<init>(BrowserProxyInfo.java:58)
at SServer.loadParameters(SServer.java:140)
at SServer.start(SServer.java:111)
at sun.applet.AppletPanel.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)Lokk at this thread http://forum.java.sun.com/thread.jsp?forum=31&thread=297109
and search the Forums using the term "java 2 security model" (include the quote marks) -
Migrate to the Java 2 security model instead...
Since I installed Java 4 ver 1.4 on my computer, I have not been able to access my homebanking. In the Java console I get the following message:
1.4.0 on Windows XP
Netscape security model is no longer supported.
Please migrate to the Java 2 security model instead.
What does it mean, and how do I fix the problem???
Thanks in advance!This is a real pain. I can't roll out Java 1.4 inside our company because we use several applets for which we do not have the source code, and they no longer work because of this limitation. Sun needs to fix this if they want people to upgrade to Java 1.4.
-
The AOL webmail page opens, but my folders don't load.
You're welcome. Please mark this thread as solved.
-
Hello everyone,
I developed a Web Service prototype accessing remote EJB using the EJB
control with special syntax in the jndi-name attribute: @jws:ejb
home-jndi-name="t3://10.10.245.70:7131/AccountDelegatorEJB"
Everything works fine, but I get an error when I restrict access to my web
service with a declarative security model by implementing steps provided in
help doc:
- Define the web resource you wish to protect
- Define which security role is required to access the web resource
- Define which users are granted the required security role
- Configure WebLogic Server security for my web service(Compatibility
Security/Users)
I launch the service by entering the address in a web browser. When prompted
to accept the digital certificate, click Yes, when prompted for network
authentication information, enter username and password, navigate to the
Test Form tab of Test View, invoke the method by clicking the button and I
get the following exception:
<error>
<faultcode>JWSError</faultcode>
<faultstring>Error during JNDI lookup from
jndi:t3://10.10.245.70:7131/AccountDelegatorEJB[Lookup failed for
name:t3://10.10.245.70:7131/AccountDelegatorEJB]</faultstring>
<detail>
<jwErrorDetail> weblogic.jws.control.ControlException: Error during JNDI
lookup from jndi:t3://10.10.245.70:7131/AccountDelegatorEJB[Lookup failed
for name:t3://10.10.245.70:7131/AccountDelegatorEJB] at
weblogic.knex.control.EJBControlImpl.acquireResources(EJBControlImpl.java:27
8) at
weblogic.knex.context.JwsInternalContext.acquireResources(JwsInternalContext
.java:220) at
weblogic.knex.control.ControlHandler.invoke(ControlHandler.java:260) at
ibas.AccountControl.getTransactionHistory(AccountControl.ctrl) at
ibas.GetSecure.retrieveVisaHistoryTxn(GetSecure.jws:64) </jwErrorDetail>
</detail>
</error>
I have a simple Hello method as well in my WebService (which is also
restricted) and it works fine, but remote EJB access doesn't. I tested my
prototype on Weblogic 7.2 and 8.1 platforms - same result.
Is that a bug or I am missing some additional configuration in order to get
that working. Has anyone seen similar behavior? Is there a known resolution?
Or a suggested way to work around the problem?
Thank you.
AndreAndre,
It would be best if this issue is handled as an Eval Support case. Please
BEA Customer Support at http://support.beasys.com along with the required
files, and request that an Eval support case be created for this issue.
Thanks
Raj Alagumalai
WebLogic Workshop Support
"Andre Shergin" <[email protected]> wrote in message
news:[email protected]...
Anurag,
I removed "t3", still get an error but a different one (Unable to create
InitialContext:null):
<error>
<faultcode>JWSError</faultcode>
<faultstring>Error during JNDI lookup from
jndi://secuser1:[email protected]:7131/AccountDelegatorEJB[Unable to
create InitialContext:null]</faultstring>
<detail>
<jwErrorDetail> weblogic.jws.control.ControlException: Error during JNDI
lookup from
jndi://secuser1:[email protected]:7131/AccountDelegatorEJB[Unable to
create InitialContext:null] at
weblogic.knex.control.EJBControlImpl.acquireResources(EJBControlImpl.java:27
8) at
weblogic.knex.context.JwsInternalContext.acquireResources(JwsInternalContext
.java:220) at
weblogic.knex.control.ControlHandler.invoke(ControlHandler.java:260) at
ibas.AccountControl.getTransactionHistory(AccountControl.ctrl) at
ibas.GetVisaHistoryTransactions.getVisaHistoryTxn(GetVisaHistoryTransactions
.jws:67) </jwErrorDetail>
</detail>
</error>
Note: inter-domain communication is configured properly. The Web Service to
remote EJB works fine without a declarative security.
Any other ideas?
Thank you for your help.
Andre
"Anurag" <[email protected]> wrote in message
news:[email protected]...
Andre,
It seems you are using the URL
jndi:t3://secuser1:[email protected]:7131/AccountDelegatorEJB
whereas you should not be specifying the "t3:" protocol.
The URL should be like
jndi://secuser1:[email protected]:7131/AccountDelegatorEJB
Please do let me know if you see any issues with this.
Note that this will only allow you to access remote EJBs in the same WLS
domain. For accessing EJBs on another domain, you need to configure
inter-domain communication by
following a few simple steps as mentioned at
http://e-docs.bea.com/wls/docs81/ConsoleHelp/jta.html#1106135. This link has
been provided in the EJB Control Workshop documentation.
Regards,
Anurag
"Andre Shergin" <[email protected]> wrote in message
news:[email protected]...
Raj,
I tried that before, it didn't help. I got similar error message:
<error>
<faultcode>JWSError</faultcode>
<faultstring>Error during JNDI lookup from
jndi:t3://secuser1:[email protected]:7131/AccountDelegatorEJB[Lookup
failed for
name:t3://secuser1:[email protected]:7131/AccountDelegatorEJB]</faultstr
ing>
<detail>
<jwErrorDetail> weblogic.jws.control.ControlException: Error during JNDI
lookup from
jndi:t3://secuser1:[email protected]:7131/AccountDelegatorEJB[Lookup
failed for
name:t3://secuser1:[email protected]:7131/AccountDelegatorEJB] at
weblogic.knex.control.EJBControlImpl.acquireResources(EJBControlImpl.java:27
8) at
weblogic.knex.context.JwsInternalContext.acquireResources(JwsInternalContext
.java:220) at
weblogic.knex.control.ControlHandler.invoke(ControlHandler.java:260) at
ibas.AccountControl.getTransactionHistory(AccountControl.ctrl) at
ibas.GetSecure.retrieveVisaHistoryTxn(GetSecure.jws:64) </jwErrorDetail>
</detail>
</error>
Anything else should I try?
P.S. AccountDelegatorEJB, the remote EJB my Web Service calls is NOTaccess
restricted.
I hope there is a solution.
Thanks,
Andre
"Raj Alagumalai" <[email protected]> wrote in message
news:[email protected]...
Andre,
Can you try using the following url with username and password
jndi://username:password@host:7001/my.resource.jndi.object ?
once you add webapp level security, the authenticated is the user who
invokes the EJB.
http://e-docs.bea.com/workshop/docs81/doc/en/workshop/guide/controls/ejb/con
CreatingANewEJBControl.html?skipReload=true
has more info on using remote EJB's.
Hope this helps.
Thanks
Raj Alagumalai
WebLogic Workshop Support
"Alla Resnik" <[email protected]> wrote in message
news:[email protected]...
Hello everyone,
I developed a Web Service prototype accessing remote EJB using the EJB
control with special syntax in the jndi-name attribute: @jws:ejb
home-jndi-name="t3://10.10.245.70:7131/AccountDelegatorEJB"
Everything works fine, but I get an error when I restrict access to my
web
service with a declarative security model by implementing steps
provided
in
help doc:
- Define the web resource you wish to protect
- Define which security role is required to access the web resource
- Define which users are granted the required security role
- Configure WebLogic Server security for my web service(Compatibility
Security/Users)
I launch the service by entering the address in a web browser. Whenprompted
to accept the digital certificate, click Yes, when prompted for
network
authentication information, enter username and password, navigate tothe
Test Form tab of Test View, invoke the method by clicking the buttonand
I
get the following exception:
<error>
<faultcode>JWSError</faultcode>
<faultstring>Error during JNDI lookup from
jndi:t3://10.10.245.70:7131/AccountDelegatorEJB[Lookup failed for
name:t3://10.10.245.70:7131/AccountDelegatorEJB]</faultstring>
<detail>
<jwErrorDetail> weblogic.jws.control.ControlException: Error during
JNDI
lookup from jndi:t3://10.10.245.70:7131/AccountDelegatorEJB[Lookupfailed
for name:t3://10.10.245.70:7131/AccountDelegatorEJB] at
weblogic.knex.control.EJBControlImpl.acquireResources(EJBControlImpl.java:27
8) at
weblogic.knex.context.JwsInternalContext.acquireResources(JwsInternalContext
.java:220) at
weblogic.knex.control.ControlHandler.invoke(ControlHandler.java:260)at
ibas.AccountControl.getTransactionHistory(AccountControl.ctrl) at
ibas.GetSecure.retrieveVisaHistoryTxn(GetSecure.jws:64)</jwErrorDetail>
</detail>
</error>
I have a simple Hello method as well in my WebService (which is also
restricted) and it works fine, but remote EJB access doesn't. I testedmy
prototype on Weblogic 7.2 and 8.1 platforms - same result.
Is that a bug or I am missing some additional configuration in order
to
get
that working. Has anyone seen similar behavior? Is there a knownresolution?
Or a suggested way to work around the problem?
Thank you.
Andre -
I started an applet once, i selected "Grant always" and afterwards everytime i try to start the applet i get the error message:
Netscape security model is no longer supported.
Please migrate to the Java 2 security model instead
How i should bypass the error?try:
http://java.sun.com/docs/books/tutorial/security1.2/ove
view/index.html
regardsThanks for your replay, but it seems to me too compicate how i may overcome the problem!
Regards, -
Flash security model; completely confused
Really, does anybody understand it? Every article I read that
allows comments, litterelly each comment is one person saying how
the the previous person(s) are wrong in there interpretation of the
security model.
Flash 8 has been out for awhile now, and I've fully read
dozens of articles and every page in the user reference under AS2.0
> Learning AS2.0 > Understanding security, and I am still
utterly confused. Granted, I'm a bit slow with abstract
comprehension, but I'm getting nowehere. I'm trying to send POST
data to a remote server. Not trying to receive anything, just
sending POST. Can't seem to get it to work on a server. What do I
need to do?
What I really need is a detailed and concise XYZ list: if you
want to do X, you have to do ABCD, if you want to do Y, you have to
do AD, if you want to to Z, you have to do CBA, ect. In that way I
could at least figure out what it is I have to do, research how to
do that, and get somewhere. Instead I'm confronted with numerous
ways of handling security(allowScriptAccess,
System.security.allowDomain, ExternalInterface, superdomain
matching rules, creating serverside permission files, creating
local registration files, different behavior in different SWF
versions AND different behavior in different SWF Players! And much,
much more!) And can't figure out what I need to do.
(Sorry, got a bit ranty there... not blaming MM, it's not
their fault they had to incorperate security measure)
All I know is my SWF is not working. I want to be able to
send some POST data to a remote server, compatable with Flash
Player 6,7,and 8; I do not need to load any data. What must I do to
allow this?
Thanks for any guidence, it is much needed!In my case, there was no receiving SWF, only a sending SWF to
a serverside page(.php or .asp or something, I don't remember).
I don't even remember what I did to get it to work(my OP was
5 months ago... clearly someone has been searching for answers on
Flash security, and, like me 5 months ago, have mostly found
unsolved/unhelpful questions :-) )... I think I created a
crossdomain.xml file. In the end, everything was deployed on the
same domain, I believe the same subdomain as well.
That is still a helpful tip, though... I'll try my best to
remember allowDomain() if I ever need cross-domain SWF-to-SWF
interaction.
Maybe you are looking for
-
Hi Friends, Currently, i was working in mapping feature in obiee 11g. For that i have added <li>Necessary <spatial tags> in instanceconfig.xml file. <li>Created a new datasource in the mapviewer and brought it to the online. <li> After that i went in
-
Ipod Nano 3G and Bose Sounddock Problems - Please help if you can?
Hi all, Hope you can help me out, I have just purchased a Nano 3G and its all fine when working with head phones. Tried it in my Bose Sounddock and it has several issues: 1) will not charge at all 2) will not let me change songs when docked 3) when r
-
Mapping util.Date to Oracle timestamp
Tuesday, March 22, 2005 I am currently experiencing difficulty in mapping a java.util.Date field to an Oracle TIMESTAMP column. Here's what I see. By default, Kodo maps the date field to a DATE column. I suppose this makes sense since Oracle's date c
-
hi, Is there a way to have the aperture program itself on one monitor, and a slideshow on the other? Whenever I tried it it would always use both monitors, or just have 1 monitor 'switched off'. cheers
-
Post switch over in oracle dataguard 11g
Dear Guru, Switch over has been completed successfully from primary database to standby database. new primaray database is open and accessible but its showing his satus in v$database as below. database_role = primary switchover_status = not allowed d