GRC AC Security/Backend Access

My collegue and I are not Security or Basis and need to know what we will be accessing/touching on the SAP backend so that we can get the appropriate security access within our organization.  Can anyone please respond by indicating what known transactions or access you would grant/have to a "new to GRC AC" employee?

Well that depends upon the functional area of the employee. I think for this you need to discuss with Risk management team, business process owners or functional heads of your organization to decide standard roles to be assigned to a new joinee.
I can only suggest, Let me know what roles and responsibilities you both have? is the for basis, security or both.
Best Regards,
Amol Bharti

Similar Messages

  • How to implement Oracle user/role security with Access front end?

    Hi,
    We have successfully migrated our Access database tables to Oracle 10g using SQL developer. We've recreated all the users and roles(i.e., access groups) in Oracle and granted rights to tables.
    In the Access front end database, in the Database window we have saved linked Oracle tables which replaced the Access tables. The forms, reports, queries run fine with the linked Oracle tables. All the linked table use one ODBC DSN to the Oracle database with the same Oracle user id.
    We need to be able to authenticate users into the Oracle database and RE-link the tables based on their own unique user id. By during so we can allow users to use the Oracle standard user id/role and system privileges to control select, update, ect. rights to the database.
    I've been able to use the VB code within Access to logon into the database with a unique id, but I have not been able to find out how to RE-link the tables to the unique user id using VB. There should be some way to relink tables dynamically, based on users login into the Access front end.
    I don't know a great deal about Access projects, but I do know with SQL server allows login into your Access project and link tables dynamically.
    Can someone give me some assistance or point me in the right direction?
    Thanks in advance,
    Larry

    We had one of our programmers here come up with a VB code solution for re-linking table within Access. However the relinking takes 3-4 minutes for 100+ tables.
    In an effort to help you understand the situation better, I will attempt to elaborate on the problem:
    We have an Access 2003 application which currently has a front end using Access(forms, reports, queries, & VB code) and a MS Access 2003 backend.
    We have migrated the backend tables to Oracle. However, we still have a need to maintain the front end in Access, since we have over 60 forms, 40 reports, 200+ queries in Access. Its easy to understand, we have a significant investment in the front end(Obviously, the plan is to migrate the front end also at some future date).
    In order to utilized the existing front end, we have to validate and modify the current front end connections to the new Oracle backend. One of the features of Access is that you can "link" tables and save the link for runtime. Each Access table can have its own link which is a separate ODBC/JET connection. As such, each separate link has its own userid/database information.
    The other issue with using the Access front-end is that Access utilizes a workgroup file to implement user and group security. The workgroup file contains all the users and which groups the users belong to in Access. Then within Access, you allow users access to object(tables, queries, ect) by their userid and or group. When users open an Access database with Access security enabled, they are required to log into Access. The login is authenticated by the workgroup file. Once, logged into Access, users have rights to Access objects based on their rights granted to their userid and groups they belong. The problem here is that when you remove the linked Access tables and replace them with linked Oracle tables, Access has knowledge about Oracle table rights granted to users; nor would you expect it to.
    The dilema is the disconnect between Access and the fact Oracle utilizes a similar but much more sophisticated security model. It creates users and roles(which are similar to Access groups), and again this is independent of Access security.
    Our solution was to still use the Access workgroup file security along with the Oracle security model. By using the Access userid and then creating a similar Oracle userid with similar table rights granted in Access, you could apply security within Access and also with the Oracle database.
    For example, a user BOB logs into Access via the workgroup file, using VB code, Access then establishes a Oracle connection logining into Oracle using the same unique userid BOB into Oracle.
    After connecting and validating user BOB into Oracle, then the Access tables are relinked to Oracle using the user BOB userid and table rights.
    This Oracle userid has been granted table rights specific for this userid.This allows the user BOB to use the Access application and still be authenticated into the Oracle database.
    The problem with this solution is that the relinking of the saved Access tables takes 3-7 minutes for about 100+ tables. This is not acceptable for users each time they log into the application.
    Our current alternative is to use one Oracle userid to login each user, and use Access form restrictions/security to allow/prevent users from updating/viewing data. Obviously, this is not the optimal solution in respect to security, but it at least allows us to control access to the data(via the forms) by using one logon required for each user, and quick startup time for the application.
    I understand SQL server does a better job in integration, but we use Oracle which is what I am trying to work with.
    Larry

  • Flex encounters "Security error accessing url.Unable to load WSDL"

    i have created a flex application which connects to SAP via web service.
    when i try to run my flex application i encounter the following error.
    "Security error accessing url.Unable to load WSDL"
    i went through various posts relating a BSP application and crossdomain.xml
    i have created the crossdomain.xml file in the application and
    i tried those options and still not able to figure out the problem.
    the security error is because of the absence of the crossdomain.xml file, and in which path should i be saving the file?
    Kindly help me solve the problem.
    Thanks in advance.

    Have you seen this blog
    "Crossdomain.xml" in ABAP Web AS Server cache

  • Security error accessing ur unable to load wsdl

    HI
    I am using a webservice(.net webservice) that is on my
    localhost and using it in flex application that is also on my
    system. Means both the webservice and flex application are on the
    same system.
    But when i gives the reference of the webservice using the
    system ip and run the application by the flex builder it generates
    the error as:
    mx.messaging.messages::ErrorMessage)#0
    body = (Object)#1
    clientId = "DirectHTTPChannel0"
    correlationId = "24CD6542-F141-1A05-BA35-00A108CB30A0"
    destination = ""
    extendedData = (null)
    faultCode = "Channel.Security.Error"
    faultDetail = "Destination: DefaultHTTP"
    faultString = "Security error accessing url"
    headers = (Object)#2
    messageId = "CC123DF0-0E6C-05FF-7894-00A109676283"
    rootCause = (flash.events::SecurityErrorEvent)#3
    bubbles = false
    cancelable = false
    currentTarget = (flash.net::URLLoader)#4
    bytesLoaded = 0
    bytesTotal = 0
    data = (null)
    dataFormat = "text"
    eventPhase = 2
    target = (flash.net::URLLoader)#4
    text = "Error #2170: Security sandbox violation:
    http://localhost:3000/MYCIMS/flex_bin/Design.swf
    cannot send HTTP headers to
    http://myip/MyServer/AdminWS.asmx."
    type = "securityError"
    timestamp = 0
    timeToLive = 0
    I have put crossdomain.xml file in the root of the localhost
    and made every changes possible in the crossdomain.xml file but the
    application is not running.
    Please somebody provide an effective solution, I have spend
    lots of time to resolve the problem but its not being....
    Thanks in advance
    Gopi Saini

    Have you seen this blog
    "Crossdomain.xml" in ABAP Web AS Server cache

  • Security error accessing url (Unable to load WSDL)

    Hi folks.
    I have a Flex project that use a WCF webservice. In my localhost everything is allright, but I want to upload my flex project to a web host (http://www.dorj.ir) and upload my WCF webservice to a server that has a valid IP...
    After going to http://www.dorj.ir, you can see this error
    Security error accessing url
    Unable to load WSDL. If currently online, please verify the URI and/or format of the WSDL (http://ip/service.svc?wsdl)
    I put the crossdomain.xml file in the root of my server:
    <?xml version="1.0"?>
    <!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
    <cross-domain-policy>
         <allow-access-from domain="http://www.dorj.ir" />
         <allow-http-request-headers-from domain="http://www.dorj.ir" headers="SOAPAction"/>
    </cross-domain-policy>
    But I have the same error, yet...!
    what should I do?!

    Have you seen this blog
    "Crossdomain.xml" in ABAP Web AS Server cache

  • Applet Error:java.security.AccessControlException: access denied

    Hi,
    I just successful deploy an business component project to oralce 8.1.6 as an EJB Session bean, and
    the test of application module is successful. In the same workspace, I create an new project with
    an applet(which contains only an grid control)as a client of the business component. Everything works
    fine within the Applet viewer, however, when I trying to load the applet in IE5.5 I got the following
    error message in java console:
    Java(TM) Plug-in
    Using JRE version 1.2.1
    User home directory = D:\Documents and Settings\ERic
    Proxy Configuration: no proxy
    JAR cache enabled.
    Failed to query environment: 'access denied (java.util.PropertyPermission jbo.debugoutput read)'
    Diagnostics: Silencing all diagnostic output (use -Djbo.debugoutput=console to see it)
    Failed to query environment: 'access denied (java.util.PropertyPermission jbo.logging.show.timing read)'
    Failed to query environment: 'access denied (java.util.PropertyPermission jbo.logging.show.function read)'
    Failed to query environment: 'access denied (java.util.PropertyPermission jbo.logging.show.level read)'
    Failed to query environment: 'access denied (java.util.PropertyPermission jbo.logging.show.linecount read)'
    Failed to query environment: 'access denied (java.util.PropertyPermission jbo.logging.trace.threshold read)'
    Failed to query environment: 'access denied (java.util.PropertyPermission jbo.jdbc.driver.verbose read)'
    java.lang.ExceptionInInitializerError: java.security.AccessControlException: access denied (java.util.PropertyPermission org.omg.CORBA.ORBClass read)
    at java.security.AccessControlContext.checkPermission(Compiled Code)
    at oracle.aurora.jndi.orb_dep.Orb.<clinit>(Orb.java:24)
    at oracle.aurora.jndi.sess_iiop.sess_iiopURLContext.<clinit>(sess_iiopURLContext.java:9)
    at javax.naming.spi.NamingManager.getURLObject(NamingManager.java:588)
    at javax.naming.spi.NamingManager.getURLContext(NamingManager.java:537)
    at javax.naming.InitialContext.getURLOrDefaultInitCtx(InitialContext.java:274)
    at javax.naming.InitialContext.lookup(InitialContext.java:349)
    at oracle.jbo.client.remote.ejb.aurora.AuroraEJBAmHomeImpl.connectToService(AuroraEJBAmHomeImpl.java:179)
    at oracle.jbo.client.remote.ejb.aurora.AuroraEJBAmHomeImpl.createSession(AuroraEJBAmHomeImpl.java:152)
    at oracle.jbo.client.remote.ejb.aurora.AuroraEJBAmHomeImpl.initRemoteHome(AuroraEJBAmHomeImpl.java:123)
    at oracle.jbo.client.remote.ejb.aurora.AuroraEJBAmHomeImpl.<init>(AuroraEJBAmHomeImpl.java:59)
    at oracle.jbo.client.remote.ejb.aurora.AuroraEJBInitialContext.createJboHome(AuroraEJBInitialContext.java:47)
    at oracle.jbo.common.JboInitialContext.lookup(JboInitialContext.java:72)
    at javax.naming.InitialContext.lookup(InitialContext.java:349)
    at oracle.dacf.dataset.SessionInfo._createAppModule(SessionInfo.java:2330)
    at oracle.dacf.dataset.SessionInfo.connect(SessionInfo.java:1799)
    at oracle.dacf.dataset.SessionInfo.openProducerObject(SessionInfo.java:1848)
    at oracle.dacf.dataset.ProducerObject.open(ProducerObject.java:94)
    at oracle.dacf.dataset.SessionInfo.publishSession(SessionInfo.java:1305)
    at oracle.dacf.dataset.SessionInfo.publishSession(SessionInfo.java:1287)
    at broadcastapplet.myBroadCastApplet.init(myBroadCastApplet.java:70)
    at sun.applet.AppletPanel.run(Compiled Code)
    at java.lang.Thread.run(Thread.java:479)
    The Oracle 8.1.6 runs on Win2000, I put the JAR & related zip files in the same machine's IIS webserver.
    Is anyone can help?
    ERic

    Hi Shaji,
    Are you calling a webservice from within an Xacute Query for your applet?  On first glance, it looks like a web service call is being rejected due to security permissions.  If you have a webservice call (or HTTP post/get), can you test it separately with the same credentials as the webpage is using?
    Regards,
    Mike

  • Urgent requirement : security error accessing url and http error: standalone flex

    Hi,
    I have a requirement to create record from standalone flex. I am using Flex builder 3.
    I used Flex-force toolkit to login  to salesforce. The swf file generated when used internal to salesforce it works great.
    But my requirement is to run it from public sites page / standalone pages. How will I configure it? I am getting error 'security error accessing url', default HTTP
    The requirement is on priority, please help me to resolve this issue.
    The login code is also furnished below. please help.
    Full error details:
    (com.salesforce.events::ApexFaultEvent)#0
      bubbles = false
      cancelable = true
      context = (null)
      currentTarget = (null)
      eventPhase = 2
      fault = (mx.rpc::Fault)#1
        content = (null)
        errorID = 0
        faultCode = "Channel.Security.Error"
        faultDetail = "Destination: DefaultHTTP"
        faultString = "Security error accessing url"
        message = "faultCode:Channel.Security.Error faultString:'Security error accessing url' faultDetail:'Destination: DefaultHTTP'"
        name = "Error"
        rootCause = (flash.events::SecurityErrorEvent)#2
          bubbles = false
          cancelable = false
          currentTarget = (flash.net::URLLoader)#3
            bytesLoaded = 0
            bytesTotal = 0
            data = (null)
            dataFormat = "text"
          eventPhase = 2
          target = (flash.net::URLLoader)#3
          text = "Error #2170: Security sandbox violation: file:///C|/Users/R/DOCUME%7E1/FLEXBU%7E1/TESTLO%7E1/BIN%2DRE%7E1/TESTLO%7E1.SWF cannot send HTTP headers to https://login.salesforce.com/services/Soap/u/14.0?1000.1153011256829."
          type = "securityError"
      headers = (null)
      message = (mx.messaging.messages::ErrorMessage)#4
        body = (null)
        clientId = "DirectHTTPChannel0"
        correlationId = "B8A1B02E-CE17-DCBA-4894-F2E4CBEB7C04"
        destination = ""
        extendedData = (null)
        faultCode = "Channel.Security.Error"
        faultDetail = "Destination: DefaultHTTP"
        faultString = "Security error accessing url"
        headers = (Object)#5
          DSStatusCode = 0
        messageId = "41F6A90D-ECAE-EA2D-7C84-F2E4DABD72F3"
        rootCause = (flash.events::SecurityErrorEvent)#2
        timestamp = 0
        timeToLive = 0
      messageId = "41F6A90D-ECAE-EA2D-7C84-F2E4DABD72F3"
      statusCode = 0
      target = (null)
      token = (mx.rpc::AsyncToken)#6
        message = (mx.messaging.messages::HTTPRequestMessage)#7
          body = "<se:Envelope xmlns:se="http://schemas.xmlsoap.org/soap/envelope/"><se:Header xmlns:sfns="urn:partner.soap.sforce.com"/><se:Body><login xmlns="urn:partner.soap.sforce.com" xmlns:ns1="sobject.partner.soap.sforce.com"><username>uname</username><password>pwdandsec token</password></login></se:Body></se:Envelope>"
          clientId = (null)
          contentType = "text/xml; charset=UTF-8"
          destination = "DefaultHTTP"
          headers = (Object)#8
            DSEndpoint = "direct_http_channel"
          httpHeaders = (Object)#9
            Accept = "text/xml"
            SOAPAction = """"
            X-Salesforce-No-500-SC = "true"
          messageId = "B8A1B02E-CE17-DCBA-4894-F2E4CBEB7C04"
          method = "POST"
          recordHeaders = false
          timestamp = 0
          timeToLive = 0
          url = "https://login.salesforce.com/services/Soap/u/14.0?1000.1153011256829"
        responders = (Array)#10
          [0] (::SalesForceResponder)#11
        result = (null)
      type = "fault"
    Login code:
    [Bindable] public var sfdc:Connection = new Connection();
    private function login():void {
    Security.loadPolicyFile("http://salesforce.com/services/crossdomain.xml");
    var lr:LoginRequest = new LoginRequest();
    lr.username = "uname";
    lr.password = "pwdtoken";
    sfdc.protocol = "https";
    sfdc.serverUrl = "https://login.salesforce.com/services/Soap/u/14.0";
    lr.callback = new AsyncResponder(loginSuccess, loginFault);
    sfdc.login(lr);

    This is resolved.
    I have copied the crossdomain.xml file to tomcat Root folder
    and the issue is resolved.

  • Java.security.AccessControlException: access denied (java.util.PropertyPerm

    Hi All,
    I try to run an applet from Solaris 8 server on some client machine using IE5 and NetScape 6.2 ( I installed JRE 1.4, I also try other JRE versions) but I get the following errors again and agian,
    I even try to use appletviewer on the Solaris Box itself to open the applet but it makes no difference same errors
    could somebody please help or give me a hint how should I start tracing what the problem might be ?
    this applet comes with Solaris Bandwidth Manager as a gui administration tool ( webbased ) it supposed to change the configurations remotly over the web. I asure there is no solaris permission problem exist.
    I use Tomcat on the server side.Installed JDK 1.3 on Solaris 8 with all the default settings.
    i suppose something should be done with java.policy or java.security files i know nothing about java security please at least give me some URL's to find out more about this matter i searched a lot but couldn't find good documents about java default security restrictions
    java.lang.ExceptionInInitializerError
    at com.sun.ba.common.QConfiguration.loadPredefServices(QConfiguration.java:617)
    at com.sun.ba.common.QConfiguration.getPredefServices(QConfiguration.java:630)
    at com.sun.ba.tool.MainPanel.<init>(MainPanel.java:95)
    at com.sun.ba.tool.QoSFrame.<init>(QoSFrame.java:48)
    at com.sun.ba.tool.baApplet.init(baApplet.java:46)
    at sun.applet.AppletPanel.run(Unknown Source)
    at java.lang.Thread.run(Unknown Source)
    Caused by: java.security.AccessControlException: access denied (java.util.PropertyPermission console read)
    at java.security.AccessControlContext.checkPermission(Unknown Source)
    at java.security.AccessController.checkPermission(Unknown Source)
    at java.lang.SecurityManager.checkPermission(Unknown Source)
    at java.lang.SecurityManager.checkPropertyAccess(Unknown Source)
    at java.lang.System.getProperty(Unknown Source)
    at com.sun.ba.common.QDebug.<clinit>(QDebug.java:39)
    ... 7 more
    any help would be appriciated so much.
    thanks
    mehmad

    I dont know, but It may be that an Applet can only access the local machine. ie. If you run the applet on computer A and you want to edit the config on computer B, I do not believe you can. The applet can only talk to Computer A. You would have to:
    1) Run an application on computer A and the applet would tell the application what to change.
    2)Maybe sign the applet in a JAR File
    You will probably have to do #1.
    US101

  • Java.security.AccessControlException: access denied (java.util.PropertyPer

    Hi All,
    I try to run an applet from Solaris 8 server on some client machine using IE5 and NetScape 6.2 ( I installed JRE 1.4, I also try other JRE versions) but I get the following errors again and agian,
    I even try to use appletviewer on the Solaris Box itself to open the applet but it makes no difference same errors
    could somebody please help or give me a hint how should I start tracing what the problem might be ?
    this applet comes with Solaris Bandwidth Manager as a gui administration tool ( webbased ) it supposed to change the configurations remotly over the web. I asure there is no solaris permission problem exist.
    I use Tomcat on the server side.Installed JDK 1.3 on Solaris 8 with all the default settings.
    i suppose something should be done with java.policy or java.security files i know nothing about java security please at least give me some URL's to find out more about this matter i searched a lot but couldn't find good documents about java default security restrictions
    java.lang.ExceptionInInitializerError
         at com.sun.ba.common.QConfiguration.loadPredefServices(QConfiguration.java:617)
         at com.sun.ba.common.QConfiguration.getPredefServices(QConfiguration.java:630)
         at com.sun.ba.tool.MainPanel.<init>(MainPanel.java:95)
         at com.sun.ba.tool.QoSFrame.<init>(QoSFrame.java:48)
         at com.sun.ba.tool.baApplet.init(baApplet.java:46)
         at sun.applet.AppletPanel.run(Unknown Source)
         at java.lang.Thread.run(Unknown Source)
    Caused by: java.security.AccessControlException: access denied (java.util.PropertyPermission console read)
         at java.security.AccessControlContext.checkPermission(Unknown Source)
         at java.security.AccessController.checkPermission(Unknown Source)
         at java.lang.SecurityManager.checkPermission(Unknown Source)
         at java.lang.SecurityManager.checkPropertyAccess(Unknown Source)
         at java.lang.System.getProperty(Unknown Source)
         at com.sun.ba.common.QDebug.<clinit>(QDebug.java:39)
         ... 7 more
    any help would be appriciated so much.
    thanks
    mehmad

    Hi,
    Please make changes in the java.security files present in the jdk1.3/lib/jre/security/java.security.There you make the changes in the property which gives you the error.See if this helps..
    regards vickyk

  • Socket programming + java.security.AccessControlException: access denied

    the code below is for a particular port and IP ..what is the command for granting permission for all the sites?
    please help, i have been unable to tackle this problem from the past 24 hours.
    iam getting an error too..
    java.security.AccessControlException: access denied (java.net.SocketPermission yahoo.com resolve)
    grant {
      permission java.net.SocketPermission
            "puffin.eng.sun.com:7777",
         "connect, accept";

    ..

  • Security Manager/Access problem

    (WWC-00000)
    An unexpected error has occurred in portlet instances: wwpob_api_portlet_inst.create_inst (WWC-44846)
    The following error occurred during the call to Web provider: java.lang.NullPointerException
    at oracle.portal.provider.v2.security.URLSecurityManager.hasAccess(Unknown Source)
    at oracle.portal.provider.v2.DefaultPortletDefinition.hasAccess(Unknown Source)
    at oracle.portal.provider.v2.ProviderInstance.getPortletDefinition(Unknown Source)
    at oracle.portal.provider.v2.ProviderInstance.getPortletInstance(Unknown Source)
    at oracle.portal.provider.v2.ProviderInstance.getPortletInstance(Unknown Source)
    at oracle.webdb.provider.v2.adapter.soapV1.ProviderAdapter.registerPortlet(Unknown Source)
    at java.lang.reflect.Method.invoke(Native Method)
    at oracle.webdb.provider.v2.utils.soap.SOAPProcessor.doMethodCall(Unknown Source)
    at oracle.webdb.provider.v2.utils.soap.SOAPProcessor.processInternal(Unknown Source)
    at oracle.webdb.provider.v2.utils.soap.SOAPProcessor.process(Unknown Source)
    at oracle.webdb.provider.v2.adapter.SOAPServlet.doSOAPCall(Unknown Source)
    at oracle.webdb.provider.v2.adapter.SOAPServlet.service(Unknown Source)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:336)
    at com.evermind.server.http.ResourceFilterChain.doFilter(ResourceFilterChain.java:59)
    at oracle.security.jazn.oc4j.JAZNFilter.doFilter(JAZNFilter.java:283)
    at com.evermind.server.http.ServletRequestDispatcher.invoke(ServletRequestDispatcher.java:523)
    at com.evermind.server.http.ServletRequestDispatcher.forwardInternal(ServletRequestDispatcher.java:269)
    at com.evermind.server.http.HttpRequestHandler.processRequest(HttpRequestHandler.java:735)
    at com.evermind.server.http.AJPRequestHandler.run(AJPRequestHandler.java:151)
    at com.evermind.util.ThreadPoolThread.run(ThreadPoolThread.java:64)
    (WWC-43147)
    Removing the provider.xml security manager setting will do away with this problem.
    Versions being used: Portal 9.0.2 and PDK september.

    I have checked with PDK September samples related to Security Manager/Access and they are working fine. Please lets know for which PDK sample gives this error.

  • GF 3.1.1 - java.security.AccessControlException: access denied - server.log

    I am upgrading an old NB4.1 produced JSP system that runs on Netscape iplanet to NB7.0.1 built JSP system running on Glassfish 3.1.1. I have four main files: login.html, login.jsp, ApplicationRmiConnection, and MenuManager.jsp . Three of four are working. The login.html is only a startup means to be sent to the login.jsp. The ApplicationRmiConnection is a servlet called by the login.jsp. It reads a properties file, establishes connection with the RMI and database (currently on the OLD system (Netscape iplanet)) which it does quite well. After the ApplicationRmiConnection is established and working the MenuManager.jsp . The first output from the MenuManager.jsp is a series of application.log calls for verification of data passed in from the successful ApplicationRmiConnection database read.
    How does GF 3.1.1 loose AccessControl permissions to the server.log to which it is writing? All I am using is application.log statements and it coughs, chokes, and quits.
    My output stacktrace is:
    INFO: PWC1412: WebModule[null] ServletContext.log():ApplicationRmiConnect: getRealPath("/") = [C:\Program Files\glassfish\glassfish-3.1\glassfish\domains\domain1\applications\MyApplication\]
    INFO: PWC1412: WebModule[null] ServletContext.log():MenuMgr: sParms - RMI Connect = com.company.rmi.ServerAppClientAdapter@19ca6bc
    INFO: PWC1412: WebModule[null] ServletContext.log():MenuMgr: caught an Exception
    WARNING: StandardWrapperValve[jsp]: PWC1406: Servlet.service() for servlet jsp threw exception
    java.security.AccessControlException: access denied (java.io.FilePermission C:\Program Files\glassfish\glassfish-3.1\glassfish\domains\domain1\logs\server.log read)
    at java.security.AccessControlContext.checkPermission(AccessControlContext.java:323)
    at java.security.AccessController.checkPermission(AccessController.java:546)
    at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
    at java.lang.SecurityManager.checkRead(SecurityManager.java:871)
    at java.io.File.exists(File.java:731)
    at com.sun.enterprise.server.logging.GFFileHandler.publish(GFFileHandler.java:676)
    at java.util.logging.Logger.log(Logger.java:481)
    at com.sun.logging.LogDomains$1.log(LogDomains.java:354)
    at java.util.logging.Logger.doLog(Logger.java:503)
    at java.util.logging.Logger.logp(Logger.java:619)
    at com.sun.enterprise.web.logger.IASLogger.write(IASLogger.java:127)
    at com.sun.enterprise.web.logger.LoggerBase.log(LoggerBase.java:190)
    at com.sun.enterprise.web.logger.IASLogger.log(IASLogger.java:57)
    at org.apache.catalina.core.StandardContext.log(StandardContext.java:6828)
    at org.apache.catalina.core.ApplicationContext.log(ApplicationContext.java:449)
    at org.apache.catalina.core.ApplicationContextFacade.log(ApplicationContextFacade.java:359)
    at org.apache.jsp.MenuMgr_jsp._jspService(MenuMgr_jsp.java from :533)
    at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:111)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:847)
    at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:403)
    at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:492)
    at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:378)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:847)
    at org.apache.catalina.core.StandardWrapper.service(StandardWrapper.java:1539)
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:281)
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
    at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:655)
    at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:595)
    at com.sun.enterprise.web.WebPipeline.invoke(WebPipeline.java:98)
    at com.sun.enterprise.web.PESessionLockingStandardPipeline.invoke(PESessionLockingStandardPipeline.java:91)
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:162)
    at org.apache.catalina.connector.CoyoteAdapter.doService(CoyoteAdapter.java:330)
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:231)
    at com.sun.enterprise.v3.services.impl.ContainerMapper.service(ContainerMapper.java:174)
    at com.sun.grizzly.http.ProcessorTask.invokeAdapter(ProcessorTask.java:828)
    at com.sun.grizzly.http.ProcessorTask.doProcess(ProcessorTask.java:725)
    at com.sun.grizzly.http.ProcessorTask.process(ProcessorTask.java:1019)
    at com.sun.grizzly.http.DefaultProtocolFilter.execute(DefaultProtocolFilter.java:225)
    at com.sun.grizzly.DefaultProtocolChain.executeProtocolFilter(DefaultProtocolChain.java:137)
    at com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:104)
    at com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:90)
    at com.sun.grizzly.http.HttpProtocolChain.execute(HttpProtocolChain.java:79)
    at com.sun.grizzly.ProtocolChainContextTask.doCall(ProtocolChainContextTask.java:54)
    at com.sun.grizzly.SelectionKeyContextTask.call(SelectionKeyContextTask.java:59)
    at com.sun.grizzly.ContextTask.run(ContextTask.java:71)
    at com.sun.grizzly.util.AbstractThreadPool$Worker.doWork(AbstractThreadPool.java:532)
    at com.sun.grizzly.util.AbstractThreadPool$Worker.run(AbstractThreadPool.java:513)
    at java.lang.Thread.run(Thread.java:662)

    The problem area has been found. We need to know the best method to replace the two lines of code we commented out. Here is what we found.
    Glassfish 3.1.1 Security does not play well with old RMI security (JDK1.2 vintage). Furthermore, once the old RMI security has messed with the mind of GF3.1.1 security the GF security truly believes it has in some cases no permission to read its own server.log file.
    Here is the offending code commented out in the Server Client Adapter (client wrapper):
    Note: this is legacy rmi code. i.e. manually executed rmic on the appropriate classfiles as this was originally created for java 1.2.
    // if(System.getSecurityManager() == null)
    // System.setSecurityManager(new RMISecurityManager());
    remote = (com.davisco.rmi.ServerAppServantAdapter_Stub)Naming.lookup(stringbuffer.toString());
    A thank you goes out to www.velocityreviews.com/forums/t276590-access-denied-java-lang-runtimepermission-createsecuritymanager.html even if it is five years old.
    Again, this is using the original version of RMI. How do we re-implement the RMI Security Manager without offending GF 3.1.1 security?

  • Re: java.security.AccessControlException: access denied (java.util.PropertyPermission weblogic.kernel.allowQueueThrottling read)

    This looks like it might be a bug in 6.1SP5,
              weblogic/kernel/Kernel.java at line 85.
              It's trying to do the right thing to ignore an exception if in
              an applet but it's ignoring the wrong exception
              (SecurityException, when it looks like the stack
              trace is throwing a java.security.AccessControlException).
              If you need a fix, this would need to go through support
              and be filed as a problem with WLS Core.
              "Ram Gopal" <[email protected]> wrote in message
              news:[email protected]...
              >
              > We are in the process of migrating from Weblogic 6.1 SP2 to SP5. We have
              an applet
              > that subscribes to a JMS Topic.
              > The applet is throwing the following exception with SP5:
              >
              > java.lang.ExceptionInInitializerError:
              java.security.AccessControlException: access
              > denied (java.util.PropertyPermission weblogic.kernel.allowQueueThrottling
              read)
              >
              > at java.security.AccessControlContext.checkPermission(Unknown Source)
              >
              > at java.security.AccessController.checkPermission(Unknown Source)
              >
              > at java.lang.SecurityManager.checkPermission(Unknown Source)
              >
              > at java.lang.SecurityManager.checkPropertyAccess(Unknown Source)
              >
              > at java.lang.System.getProperty(Unknown Source)
              >
              > at weblogic.kernel.Kernel.initAllowThrottleProp(Kernel.java:79)
              >
              > at weblogic.kernel.Kernel.<clinit>(Kernel.java:54)
              >
              > at
              weblogic.jndi.WLInitialContextFactoryDelegate.<init>(WLInitialContextFactory
              Delegate.java:166)
              >
              > at java.lang.Class.newInstance0(Native Method)
              >
              > at java.lang.Class.newInstance(Unknown Source)
              >
              > at
              weblogic.jndi.WLInitialContextFactory.getInitialContext(WLInitialContextFact
              ory.java:147)
              >
              > at javax.naming.spi.NamingManager.getInitialContext(Unknown Source)
              >
              > at javax.naming.InitialContext.getDefaultInitCtx(Unknown Source)
              >
              > at javax.naming.InitialContext.init(Unknown Source)
              >
              > at javax.naming.InitialContext.<init>(Unknown Source)
              >
              > at
              com.fedex.efm.frontend.model.JMSMessageProcessor.<init>(JMSMessageProcessor.
              java:266)
              >
              > at
              com.fedex.efm.frontend.view.EFMAbstractApplet.startMessageProcessor(EFMAbstr
              actApplet.java:81)
              >
              > at
              com.fedex.efm.frontend.view.EFMAbstractApplet.start(EFMAbstractApplet.java:1
              87)
              >
              > at com.fedex.efm.frontend.view.EFMApplet.start(EFMApplet.java:430)
              >
              > at sun.applet.AppletPanel.run(Unknown Source)
              >
              > at java.lang.Thread.run(Unknown Source)
              >
              >
              > Any ideas as to what I am missing?
              >
              > Thanks,
              > Ram
              

    I suggest going through customer support, I don't know what
              the resolution was. You might also try the security newsgroup,
              as no JMS code has been called by the application yet at
              the point the exception is thrown.
              Tom
              lee wrote:
              > All:
              > We are upgrading weblogic 6.0 to weblogic 6.1 and encounted exactly the same error. Just wondering if you guys were able to fix the issue with bea.
              >
              > Your response is highly appreciated.
              >
              > Thanks!
              >
              > Li
              

  • Java.lang.ExceptionInInitializerError: java.security.AccessControlException: access denied (java.util.PropertyPermission weblogic.kernel.allowQueueThrottling read)

    We are in the process of migrating from Weblogic 6.1 SP2 to SP5. We have an applet
    that
    subscribes to a JMS Topic. The applet is throwing the following exception with
    SP5:
    java.lang.ExceptionInInitializerError: java.security.AccessControlException: access
    denied
    (java.util.PropertyPermission weblogic.kernel.allowQueueThrottling read)
    at java.security.AccessControlContext.checkPermission(Unknown Source)
    at java.security.AccessController.checkPermission(Unknown Source)
    at java.lang.SecurityManager.checkPermission(Unknown Source)
    at java.lang.SecurityManager.checkPropertyAccess(Unknown Source)
    at java.lang.System.getProperty(Unknown Source)
    at weblogic.kernel.Kernel.initAllowThrottleProp(Kernel.java:79)
    at weblogic.kernel.Kernel.<clinit>(Kernel.java:54)
    at weblogic.jndi.WLInitialContextFactoryDelegate.<init>(WLInitialContextFactoryDelegate.java:166)
    at java.lang.Class.newInstance0(Native Method)
    at java.lang.Class.newInstance(Unknown Source)
    at weblogic.jndi.WLInitialContextFactory.getInitialContext(WLInitialContextFactory.java:147)
    at javax.naming.spi.NamingManager.getInitialContext(Unknown Source)
    at javax.naming.InitialContext.getDefaultInitCtx(Unknown Source)
    at javax.naming.InitialContext.init(Unknown Source)
    at javax.naming.InitialContext.<init>(Unknown Source)
    at com.fedex.efm.frontend.model.JMSMessageProcessor.<init>(JMSMessageProcessor.java:266)
    at com.fedex.efm.frontend.view.EFMAbstractApplet.startMessageProcessor(EFMAbstractApplet.java:81)
    at com.fedex.efm.frontend.view.EFMAbstractApplet.start(EFMAbstractApplet.java:187)
    at com.fedex.efm.frontend.view.EFMApplet.start(EFMApplet.java:430)
    at sun.applet.AppletPanel.run(Unknown Source)
    at java.lang.Thread.run(Unknown Source)
    Any ideas as to what I am missing?
    Thanks,
    Ram

    Prasad,
    It's one thing not to have to modify the security policy on the server,
    but on a client and applets have even bigger restrictions this might
    very well be the only way since the default applet restrictions would
    not allow a lot of permissions granted by default for normal Java
    applications.
    Dejan
    Prasad Peddada wrote:
    Deyan D. Bektchiev wrote:
    Ram,
    You are missing a permission grant in your policy file and the
    SecurityManager doesn't allow the code to read that property.
    You have either configured a different security manager or have the
    wrong file in use.
    For applets this file might be in the user's home directory and named
    .java.policy
    you need to have the following line somethere in it:
    grant {
    permission java.util.PropertyPermission "*", "read,write";
    Which will allow any applet to read and write any JVM property.
    Look at Java permissions is you need more info:
    http://java.sun.com/j2se/1.3/docs/guide/security/permissions.html
    --dejan
    Ram Gopal wrote:
    We are in the process of migrating from Weblogic 6.1 SP2 to SP5. We
    have an applet
    that
    subscribes to a JMS Topic. The applet is throwing the following
    exception with
    SP5:
    java.lang.ExceptionInInitializerError:
    java.security.AccessControlException: access
    denied
    (java.util.PropertyPermission weblogic.kernel.allowQueueThrottling
    read) at java.security.AccessControlContext.checkPermission(Unknown
    Source) at java.security.AccessController.checkPermission(Unknown
    Source) at java.lang.SecurityManager.checkPermission(Unknown Source)
    at java.lang.SecurityManager.checkPropertyAccess(Unknown Source) at
    java.lang.System.getProperty(Unknown Source) at
    weblogic.kernel.Kernel.initAllowThrottleProp(Kernel.java:79) at
    weblogic.kernel.Kernel.<clinit>(Kernel.java:54) at
    weblogic.jndi.WLInitialContextFactoryDelegate.<init>(WLInitialContextFactoryDelegate.java:166)
    at java.lang.Class.newInstance0(Native Method) at
    java.lang.Class.newInstance(Unknown Source) at
    weblogic.jndi.WLInitialContextFactory.getInitialContext(WLInitialContextFactory.java:147)
    at javax.naming.spi.NamingManager.getInitialContext(Unknown Source)
    at javax.naming.InitialContext.getDefaultInitCtx(Unknown Source) at
    javax.naming.InitialContext.init(Unknown Source) at
    javax.naming.InitialContext.<init>(Unknown Source) at
    com.fedex.efm.frontend.model.JMSMessageProcessor.<init>(JMSMessageProcessor.java:266)
    at
    com.fedex.efm.frontend.view.EFMAbstractApplet.startMessageProcessor(EFMAbstractApplet.java:81)
    at
    com.fedex.efm.frontend.view.EFMAbstractApplet.start(EFMAbstractApplet.java:187)
    at com.fedex.efm.frontend.view.EFMApplet.start(EFMApplet.java:430)
    at sun.applet.AppletPanel.run(Unknown Source) at
    java.lang.Thread.run(Unknown Source)
    Any ideas as to what I am missing?
    Thanks,
    Ram
    This is a WLS bug. You shouldn't have to modify security policy.
    Please approach support for a fix.
    Cheers,
    -- Prasad

  • Java.security.AccessControlException: access denied (java.util.PropertyPermission weblogic.kernel.allowQueueThrottling read)

              We are in the process of migrating from Weblogic 6.1 SP2 to SP5. We have an applet
              that subscribes to a JMS Topic.
              The applet is throwing the following exception with SP5:
              java.lang.ExceptionInInitializerError: java.security.AccessControlException: access
              denied (java.util.PropertyPermission weblogic.kernel.allowQueueThrottling read)
                   at java.security.AccessControlContext.checkPermission(Unknown Source)
                   at java.security.AccessController.checkPermission(Unknown Source)
                   at java.lang.SecurityManager.checkPermission(Unknown Source)
                   at java.lang.SecurityManager.checkPropertyAccess(Unknown Source)
                   at java.lang.System.getProperty(Unknown Source)
                   at weblogic.kernel.Kernel.initAllowThrottleProp(Kernel.java:79)
                   at weblogic.kernel.Kernel.<clinit>(Kernel.java:54)
                   at weblogic.jndi.WLInitialContextFactoryDelegate.<init>(WLInitialContextFactoryDelegate.java:166)
                   at java.lang.Class.newInstance0(Native Method)
                   at java.lang.Class.newInstance(Unknown Source)
                   at weblogic.jndi.WLInitialContextFactory.getInitialContext(WLInitialContextFactory.java:147)
                   at javax.naming.spi.NamingManager.getInitialContext(Unknown Source)
                   at javax.naming.InitialContext.getDefaultInitCtx(Unknown Source)
                   at javax.naming.InitialContext.init(Unknown Source)
                   at javax.naming.InitialContext.<init>(Unknown Source)
                   at com.fedex.efm.frontend.model.JMSMessageProcessor.<init>(JMSMessageProcessor.java:266)
                   at com.fedex.efm.frontend.view.EFMAbstractApplet.startMessageProcessor(EFMAbstractApplet.java:81)
                   at com.fedex.efm.frontend.view.EFMAbstractApplet.start(EFMAbstractApplet.java:187)
                   at com.fedex.efm.frontend.view.EFMApplet.start(EFMApplet.java:430)
                   at sun.applet.AppletPanel.run(Unknown Source)
                   at java.lang.Thread.run(Unknown Source)
              Any ideas as to what I am missing?
              Thanks,
              Ram
              

    I don't know what is happening. JMS hasn't been called yet -
              the applet is still setting up its initial context. You might want
              to try posting to the jndi (and perhaps rmi) newsgroup.
              Tom
              Ram Gopal wrote:
              > We are in the process of migrating from Weblogic 6.1 SP2 to SP5. We have an applet
              > that subscribes to a JMS Topic.
              > The applet is throwing the following exception with SP5:
              >
              > java.lang.ExceptionInInitializerError: java.security.AccessControlException: access
              > denied (java.util.PropertyPermission weblogic.kernel.allowQueueThrottling read)
              >
              >      at java.security.AccessControlContext.checkPermission(Unknown Source)
              >
              >      at java.security.AccessController.checkPermission(Unknown Source)
              >
              >      at java.lang.SecurityManager.checkPermission(Unknown Source)
              >
              >      at java.lang.SecurityManager.checkPropertyAccess(Unknown Source)
              >
              >      at java.lang.System.getProperty(Unknown Source)
              >
              >      at weblogic.kernel.Kernel.initAllowThrottleProp(Kernel.java:79)
              >
              >      at weblogic.kernel.Kernel.<clinit>(Kernel.java:54)
              >
              >      at weblogic.jndi.WLInitialContextFactoryDelegate.<init>(WLInitialContextFactoryDelegate.java:166)
              >
              >      at java.lang.Class.newInstance0(Native Method)
              >
              >      at java.lang.Class.newInstance(Unknown Source)
              >
              >      at weblogic.jndi.WLInitialContextFactory.getInitialContext(WLInitialContextFactory.java:147)
              >
              >      at javax.naming.spi.NamingManager.getInitialContext(Unknown Source)
              >
              >      at javax.naming.InitialContext.getDefaultInitCtx(Unknown Source)
              >
              >      at javax.naming.InitialContext.init(Unknown Source)
              >
              >      at javax.naming.InitialContext.<init>(Unknown Source)
              >
              >      at com.fedex.efm.frontend.model.JMSMessageProcessor.<init>(JMSMessageProcessor.java:266)
              >
              >      at com.fedex.efm.frontend.view.EFMAbstractApplet.startMessageProcessor(EFMAbstractApplet.java:81)
              >
              >      at com.fedex.efm.frontend.view.EFMAbstractApplet.start(EFMAbstractApplet.java:187)
              >
              >      at com.fedex.efm.frontend.view.EFMApplet.start(EFMApplet.java:430)
              >
              >      at sun.applet.AppletPanel.run(Unknown Source)
              >
              >      at java.lang.Thread.run(Unknown Source)
              >
              >
              > Any ideas as to what I am missing?
              >
              > Thanks,
              > Ram
              

Maybe you are looking for

  • Xml data into dynamic texttield

    Hello there I was trying to get xml data into a listBox and textArea. Then when I try to get it into a dyamic textField it gets the first one and not changing as i select different item in the listbox. sure there is a way. also i want to make it clic

  • Pdf's from mac to playbook, reader won't open?

    I saved pdf files from mac to documents folder on playbook , I launch acrobat reader, I see pdf files but when i try to open, an error message appears that says "file path not valid".  Can anyone shed some light on this? Solved! Go to Solution.

  • Java Mapping with a huge file

    Hi to all, I have a strange problem in my integration process. there are two java mappings in order to create bapi input: -the first mapping keeps a file of 5Mb and transforms it in a file of 50MB (and it works!) -the second mapping keeps the file ab

  • Export LR4 Preferences

    Just exported LR4 catalog from desktop computer to new laptop. On desktop, 'Preferences' subfolders were in Lightroom\Lightroom Settings folder so they did not seem to transfer with the LR catalog.  When I investigated, the preference sub folders ARE

  • WinPE and FullOS Issues with Disk Numbers

    So, I seem to have run into an issue where I'm trying to image up an HP Z15 laptop and it has dual HDD's in it.  While imaging it seems to just die after it boots into the full OS and try's to configure the SCCM Client. I've narrowed down the issue t