Help implement security policy...

Similar Messages

• Use of Adobe Policy server to implement security functions

  Hello Folks,
  Has anyone explored the possibilities to implement security features for adobe offline scenario using Adobe Policy Server?
  Is there any other means by which I can implement features like password protected or encryption in offlince scenario?
  SAP documentation has pointers to Adobe Policy server, but no comprehensive documentation found on the same.
  Thanks & Regards,
  Chitrali

  Hi,
  You can add security features like password protection and limits usage, such as no printing, etc. Here is a link to the Java API documentation http://help.sap.com/javadocs/NW04S/current/wd/com/sap/tc/webdynpro/clientserver/adobe/pdfdocument/api/IWDPDFDocumentCreationContext.html#setProtection(java.lang.String,%20java.lang.String,%20com.sap.tc.webdynpro.clientserver.adobe.pdfdocument.api.WDPDFDocumentProtectPermission[])
  I believe you can do the same stuff with the ABAP API.
  You have to check if it works in your version, because sometimes the API is there but doesn't work 100%.
  You can also sign docs (there is some info about that in the above Java API link).
  Hope this helps.

• How to implement secure help in SharePoint 2010?

  Hi,
  We are having a sharepoint site running over HTTPS. When I click on help link given on top right side, I get a security warning saying that only secure content content can be displayed. This is probably due to the non secure content(http) used by microsoft
  help.
  Can anyone please suggest how to implement microsoft help having secure content?
  Please see screenshot below:

  Yes office.microsoft.com URL works when I use https:// instead of http:// .
  Can you please let me know in which file this help function is used?
  Please provide me with an example if possible.

• Help : java.security.UnrecoverableKeyException: excess private key

  Hi,
  I require help for the exception "java.security.UnrecoverableKeyException: excess private key"
  When i am trying to generate digital signature using PKCS7 format using bouncyCastle API, it gives the "java.security.UnrecoverableKeyException: excess private key" exception.
  The full stack trace is as follows
  ------------------------------------------------------------------------java.security.UnrecoverableKeyException: excess private key
       at sun.security.provider.KeyProtector.recover(KeyProtector.java:311)
       at sun.security.provider.JavaKeyStore.engineGetKey(JavaKeyStore.java:120)
       at java.security.KeyStore.getKey(KeyStore.java:289)
       at com.security.Security.generatePKCS7Signature(Security.java:122)
       at com.ibm._jsp._SendSecureDetail._jspService(_SendSecureDetail.java:2282)
       at com.ibm.ws.jsp.runtime.HttpJspBase.service(HttpJspBase.java:93)
  I had tested the program under following scenarios...
  The Java Program for generating the digital signature independently worked successfully(without any change in policy files or java.security file) I have tested this independently on Sun's JDK 1.4, 1.6
  For IBM JDK 1.4 on Windows machine for WAS(Webshere Application Server) 6.0, The Program for generating the digital signature using PKCS7 works fine, but it required IBM Policy files(local_policy.jar, US_export_policy.jar) and updation in java.security file
  But the problem occurs in Solaris 5.10, WAS 6.0 where Sun JDK 1.4.2_6 is used.
  I copied the unlimited strength policy files for JDK 1.4.2 from Sun's site(because the WAS 6.0 is running on Sun's JDK intead of IBM JDK)...
  I changed the java.security file as follows(only changed content)
  security.provider.1=sun.security.provider.Sun
  security.provider.2=com.ibm.security.jgss.IBMJGSSProvider
  security.provider.3=com.ibm.crypto.fips.provider.IBMJCEFIPS
  security.provider.4=com.ibm.crypto.provider.IBMJCE
  security.provider.5=com.ibm.jsse2.IBMJSSEProvider2
  security.provider.6=com.ibm.jsse.IBMJSSEProvider
  security.provider.7=com.ibm.security.cert.IBMCertPath
  security.provider.8=com.ibm.security.cmskeystore.CMSProvider
  I have used PKCS12(PFX) file for digital signature
  which is same for all environment(i have described as above)
  I copied the PFX file from windows to solaris using WinSCP in binary format so the content of certificate won't get currupted.
  I can not change the certificate because it's given by the company and which is working in other enviroments absolutely fine(just i have described above)
  I have gone though the "http://forums.sun.com/thread.jspa?threadID=408066" and other URLs too. but none of them helped...
  So what could be the problem for such exception?????
  I am on this issue since last one month...
  I know very little about security.
  Thanks in advance
  PLEASE HELP ME(URGENT)
  Edited by: user10935179 on Sep 27, 2010 2:47 AM
  Edited by: user10935179 on Sep 27, 2010 2:54 AM

  user10935179 wrote:
  The Java Program for generating the digital signature independently worked successfully(without any change in policy files or java.security file) If the program was working fine without changing the java.security policy file, why have you changed it to put the IBM Providers ahead of the SunRsaSign provider?
  While I cannot be sure (because I don't have an IBM provider to test this), the error is more than likely related to the fact that the IBM Provider implementations for handling RSA keys internally are different from the SunRsaSign provider. Since you've now forced the IBM provider ahead of the original Sun provider, you're probably running into interpretation issues of the encoded objects inside the keystore.
  Change your java.security policy back to the default order, and put your IBM Providers at the end of the original list and run your application to see what happens.
  Arshad Noor
  StrongAuth, Inc.

• How to implement password policy for a software in oracle (sql) forms & reports 6i ?

  Hi all , I have to implement password policy for an already existing software which was created 2 to 3 years before.
  What exactly i want to do is I must alert the user every month to change his/her password. I have no idea about it.
  Can anyone help me how to start with it? Or can you provide me the links where i can learn & implement in the software?
  Oracle Forms & Reports Builder 6i.
  Oracle9i Enterprise Edition Release 9.2.0.1.0 - Production.
  Thank You.

  You can try this:
  Establishing Security Policies
  Using database policy, you can force user to change password with Oracle forms 6i.
  Regards

• Security.policy issue when running javarmi server.

  hi guys,
  i am trying to run a sample javarmi applications.
  the code as follows:
  file name : myRMIInterface.java
  //package my_rmi_classes;
  public interface myRMIInterface extends java.rmi.Remote {
  public java.util.Date getDate() throws java.rmi.RemoteException;
  //implementation program
  // package my_rmi_classes;
  import java.rmi.*;
  import java.rmi.server.UnicastRemoteObject;
  public class myRMIImpl extends UnicastRemoteObject implements myRMIInterface
  public myRMIImpl(String name) throws RemoteException
       super();
       try
            Naming.rebind(name,this);
       catch(Exception e)
            System.out.println("Exception occured:"+e);
  public java.util.Date getDate()
       return new java.util.Date();
  application : myRMIServer.java
  //package my_rmi_classes;
  import java.rmi.*;
  import java.rmi.server.UnicastRemoteObject;
  public class myRMIServer {
  * @param args the command line arguments
  public static void main(String[] argv)
  // TODO code application logic here
  System.setSecurityManager(new RMISecurityManager());
  try
       myRMIImpl implementation = new myRMIImpl("myRMIimplInstance");
  catch(Exception e)
       System.out.println("satish exception occured :" +e);
  steps which i follow to run this applicatons:
  step 1: complie all the applications.
  step 2: create myRMIImpl_Stub.class file by running RMIC
  step 3: start rmiregistry
  step 4: i download a policy file from sun website and i place that file in my source code folder.
  i use 3 types of policy files which are as follows,,,
  type 1:
  grant{
  permission java.net.SocketPermission "localhost:1099", "connect, resolve";
  permission java.net.SocketPermission "localhost:1024-", "connect, resolve";
  permission java.net.SocketPermission "localhost:1024-", "accept, resolve";
  type 2:
  grant codeBase "C:/week_project/rmi server files/" {
  permission java.security.AllPermission;
  note: all my java files(source code) files are in the folder (rmi server files). i copy all policy files in the same folder.
  type 3:
  grant {
       // Allow everything for now
       permission java.security.AllPermission;
  step 5:
  a:) C:\week_project\rmi server files\java -Djava.security.policy=(policy name).policy myRMIServer
  b:) C:\week_project\rmi server files\java -Djava.security.policy=C:\........\(policy name).policy myRMIServer
  when i work with type-1 policy file i got error message as follows
  ERROR:
  Exception occured:java.security.AccessControlException: access denied (java.net.SocketPermission 127.0.0.1:1099 connect,resolve)
  type -2 policy file
  ERROR
  java.security.policy: error adding Entry:
  java.net.MalformedURLException.AccessControlException : access denied(java.net.SocketPermission 127.0.0.1:1099 connect,resolve)
  type-3 policy file
  ERROR
  exception occured; java.rmi.connectexception : connection refused to host :127.0.0.1; nested exception is :
  java.net.connectexception : connection refused : connect
  i am trying to solve this from last week but i can't
  so, please help me
  with regards
  satish

  what ever it is
  hi guys,
  i am trying to run a sample javarmi applications.
  the code as follows:
  file name : myRMIInterface.java
  //package my_rmi_classes;
  public interface myRMIInterface extends java.rmi.Remote {
  public java.util.Date getDate() throws java.rmi.RemoteException;
  }//implementation program
  // package my_rmi_classes;
  import java.rmi.*;
  import java.rmi.server.UnicastRemoteObject;
  public class myRMIImpl extends UnicastRemoteObject implements myRMIInterface
  public myRMIImpl(String name) throws RemoteException
  super();
  try
  Naming.rebind(name,this);
  catch(Exception e)
  System.out.println("Exception occured:"+e);
  public java.util.Date getDate()
  return new java.util.Date();
  }application : myRMIServer.java
  //package my_rmi_classes;
  import java.rmi.*;
  import java.rmi.server.UnicastRemoteObject;
  public class myRMIServer {
  * @param args the command line arguments
  public static void main(String[] argv)
  // TODO code application logic here
  System.setSecurityManager(new RMISecurityManager());
  try
  myRMIImpl implementation = new myRMIImpl("myRMIimplInstance");
  catch(Exception e)
  System.out.println("satish exception occured :" +e);
  }steps which i follow to run this applicatons:
  step 1: complie all the applications.
  step 2: create myRMIImpl_Stub.class file by running RMIC
  step 3: start rmiregistry
  step 4: i download a policy file from sun website and i place that file in my source code folder.
  i use 3 types of policy files which are as follows,,,
  type 1:
  grant{
  permission java.net.SocketPermission "localhost:1099", "connect, resolve";
  permission java.net.SocketPermission "localhost:1024-", "connect, resolve";
  permission java.net.SocketPermission "localhost:1024-", "accept, resolve";
  type 2:
  grant codeBase "C:/week_project/rmi server files/" {
  permission java.security.AllPermission;
  note: all my java files(source code) files are in the folder (rmi server files). i copy all policy files in the same folder.
  type 3:
  grant {
  // Allow everything for now
  permission java.security.AllPermission;
  step 5:
  a:) C:\week_project\rmi server files\java -Djava.security.policy=(policy name).policy myRMIServer
  b:) C:\week_project\rmi server files\java -Djava.security.policy=C:\........\(policy name).policy myRMIServer
  when i work with type-1 policy file i got error message as follows
  ERROR:
  Exception occured:java.security.AccessControlException: access denied (java.net.SocketPermission 127.0.0.1:1099 connect,resolve)
  type -2 policy file
  ERROR
  java.security.policy: error adding Entry:
  java.net.MalformedURLException.AccessControlException : access denied(java.net.SocketPermission 127.0.0.1:1099 connect,resolve)
  type-3 policy file
  ERROR
  exception occured; java.rmi.connectexception : connection refused to host :127.0.0.1; nested exception is :
  java.net.connectexception : connection refused : connect
  i am trying to solve this from last week but i can't
  so, please help me
  with regards
  satish

• Socket and Security Policy

  I've tried to set experiment with Socket communication in Flex, but I keep hitting problems. Approach 1: in a Flex web app, I load a crossdomain security policy from a server. I then open a socket and write a few bytes to the server. In my server, I do not get the expected output on the stream--in fact, I get nothing at all--until I close the Flex application, at which point I get a seemingly inifinite stream of the bytes '0xEFBFBF'. Here's a hexdump view of a fragment of the data Flash Player sends to the server after I close the Flex app:
  00000130  ef bf bf ef bf bf ef bf  bf ef bf bf ef bf bf ef  |................|
  00000140  bf bf ef bf bf ef bf bf  ef bf bf ef bf bf ef bf  |................|
  00000150  bf ef bf bf ef bf bf ef  bf bf ef bf bf ef bf bf  |................|
  Approach 2: I then tried it in air, but although the connection seems to initiate properly and I can go through the above trivial client-server interaction, after a few seconds, I get a SecurityErrorEvent. From what I've been able to follow of the docs, Air applications are trusted in this respect, and should not need to load security policy, right? I tried to add a call to Security.loadPolicy(), but it seems to be ignored. This is the message flow:
  Received [class Event] connect
  Received [class ProgressEvent] socketData
  Received [class Event] close
  Received [class SecurityErrorEvent] securityError
  Security error: Error #2048: Security sandbox violation: app:/main.swf cannot load data from localhost:5432.
  The Air version of my client code is below:
  <?xml version="1.0" encoding="utf-8"?>
  <mx:WindowedApplication xmlns:mx="http://www.adobe.com/2006/mxml" layout="absolute">
  <mx:Script>
      <![CDATA[
          var str:Socket;
          private function handleClick(e:Event):void {
              Security.loadPolicyFile("xmlsocket://localhost:2525");           
              str = new Socket('localhost', 5555);
              var message:String = 'hello';
              for (var i:int = 0; i < message.length; i++) {
                  str.writeByte(message.charCodeAt(i));               
              str.writeByte(0);
              str.flush();
              str.addEventListener(Event.ACTIVATE, handleEvent);
              str.addEventListener(Event.CLOSE, handleEvent);
              str.addEventListener(Event.CONNECT, handleEvent);
              str.addEventListener(Event.DEACTIVATE, handleEvent);
              str.addEventListener(IOErrorEvent.IO_ERROR, handleEvent);
              str.addEventListener(ProgressEvent.SOCKET_DATA, handleEvent);
              str.addEventListener(SecurityErrorEvent.SECURITY_ERROR, handleEvent);           
          private function handleEvent(e:Event):void {
               trace("Received", Object(e).constructor, e.type);
               if (e is ProgressEvent) {
                   var strBytes:Array = [];
                   while(str.bytesAvailable > 0) {
                       var byte:int = str.readByte();
                       strBytes.push(byte);
                   trace(String.fromCharCode.apply(null, strBytes));
               } else if (e is SecurityErrorEvent) {
                   trace("Security error:", SecurityErrorEvent(e).text);
      ]]>
  </mx:Script>
  <mx:Button label="test" click="handleClick(event)"/>   
  </mx:WindowedApplication>
  The server is in Java and is as follows:
  import java.net.*;
  import java.io.*;
  public class DeadSimpleServer implements Runnable {
      public static void main(String[] args) throws Exception {
          if (args.length != 2) {
              throw new Exception("Usage: DeadSimpleServer policy-port service-port");
          int policyPort = Integer.parseInt(args[0]);
          int servicePort = Integer.parseInt(args[1]);
          new Thread(new DeadSimpleServer(policyPort,
                                          "<?xml version=\"1.0\"?>\n" +
                                          "<cross-domain-policy>\n" +
                                          "<allow-access-from domain=\"*\" to-ports=\"" + servicePort + "\"/>\n" +
                                          "</cross-domain-policy>\n"
                     ).start();
          new Thread(new DeadSimpleServer(servicePort, "world")).start();
          while (true) Thread.sleep(1000);
      private int port;
      private String response;
      public DeadSimpleServer(int port, String response) {
          this.port = port;
          this.response = response;
      public String getName() {
          return DeadSimpleServer.class.getName() + ":" + port;
      public void run() {
          try {
              ServerSocket ss = new ServerSocket(port);
              while (true) {
                  Socket s = ss.accept();
                  System.out.println(getName() + " accepting connection to " + s.toString());
                  OutputStream outStr = s.getOutputStream();
                  InputStream inStr = s.getInputStream();
                  int character;
                  System.out.print(getName() + " received request: ");
                  while ((character = inStr.read()) != 0) {
                      System.out.print((char) character);
                  System.out.println();
                  Writer out = new OutputStreamWriter(outStr);
                  out.write(response);
                  System.out.println(getName() + " sent response: ");
                  System.out.println(response);
                  System.out.println(getName() + " closing connection");
                  out.flush();
                  out.close();
                  s.close();
          } catch (Exception e) {
              System.out.println(e);
  Am I missing something? From what I understand, either of these approaches should work, but I'm stuck with both. I have Flash Player 10,0,15,3 and am working with Flex / Air 3.0.0 under Linux.

  So... apparently, with the Air approach, this is what I was missing: http://www.ultrashock.com/forums/770036-post10.html
  It'd be nice if FlashPlayer gave us a nicer error here.
  I'm still trying to figure out what the heck is going on in the web app (i.e., non-Air Flex) example. If anyone has any suggestions, that would be very helpful.

• Difficulties loading custom security Policy object.....

  I just finished reading the white paper entitled �When java.policy Just Isn�t Good Enough� and I found a lot of good information for creating my own extension of java.security.Policy. I�m having a difficult time figuring out how to (best) load the policy, and I�ll explain why, but first I�d like to make sure that I�m extending the Policy class correctly. Don�t worry, I�ll be as brief as possible. My class looks something like this with a few more permissions than what i've included here (for brevity):
  public class MyPolicy extends Policy {
              private static MyPolicy INSTANCE = new MyPolicy();
              private PermissionCollection perms = new Permissions();
              private MyPolicy() {
                          constructPerms();
              public static MyPolicy getInstance() {
                          return INSTANCE;
              public PermissionCollection getPermissions(CodeSource arg0) {
                          return perms;
              public void refresh() {
                          // permissions won't change, so nothing necessary here!
              public void constructPerms() {
                          // I�m adding other permissions, but here are a few basic ones just for the idea:
                          perms.add(new PropertyPermission("java.version", "read"));
                          perms.add(new PropertyPermission("java.vendor", "read"));
                          perms.add(new PropertyPermission("java.vendor.url", "read"));
  }I have this class in a package that will reside inside of a jar on the target machine. The jar will be wrapped in an executable, and we�ll be distributing a JRE directory that will reside in the same (installation) directory as the executable. I�m not sure how to specify this as my Policy implementation on startup of the JVM. For security reasons, I want to rely as little as possible on security stuff outside of my exe-wrapped-jarfile. I can pass whatever parameters I want to the JVM, including �Xbootclasspath, but I�m not sure what I need to get things working this way.
  I tried another approach. I don�t really like it, but I just wanted to try it this way to test my Policy implementation. I edited my java.policy file to look like this:
  grant {
              // Custom permissions to allow app to load
              // and then set MyPolicy as Policy object:
              permission java.security.SecurityPermission "getPolicy";
              permission java.security.SecurityPermission "setPolicy";
              permission java.util.PropertyPermission "stuff.*", "read,write";
  };And then in my main() method, I loaded it like this:
  Policy myPolicy = MyPolicy.getInstance();
  Policy.setPolicy(myPolicy);But that doesn�t seem to work because I�m getting an AccessControlException: access denied (java.awt.AWTPermission replaceKeyboardFocusManager)
  Even though I have this permission in my implementation:
  perms.add(new AWTPermission("replaceKeyboardFocusManager"));Do you have any ideas what I�m doing wrong, or how I could fix them? Any information would be greatly appreciated. Thanks in advance!
  Steve

  Hey
  I have just finished such a policy implemention - boy could I have done with your help!
  I've never seen the java.security.debug property before - not to say it doesn't exist, but don't confuse system properties and security properties. Try setting it programmatically via Security.setProperty() or the Java Admin console [if you can], or even in the JRE WebStart uses via the java.security file.
  When you run it locally with security switched on, do you observe the 3-to-1 behaviour also? I'm not sure if this is important - depends on your answer. As for the checks being performed from the same stack frame, the AC iterates over the protection domains as it checks them; the 3-to-1 behaviour is the result of there being 3 extra frames to check, possibly due to the fact your executing from JWS [although I'd expect JWS to be considered system code]. If the execution in AC gets to return null; then Debug.isOn("failure") must evaluate to true [...I'd slump in my chair at this point] but there's no way to figure out accurately what the semantics of this is AS THERE'S NO FRICKIN SRC AVAILABLE [...this really annoys me]. The only thing I can suggest for that is to not try and switch debugging on.
  I suspect you are using JAAS [hence the dynamic policy need]? I have an idea if you are.
  I totally know what you mean about the sleepless nights mate - I'm glad I done it all now, learnt all about security within Java which I knew nothing about 6 months ago.
  Warm regads,
  D

• WebStart, custom security policy and debugging

  Hi,
  Please forgive the long post, it's an obscure problem.
  A year ago I implemented a custom instance-centric security policy that uses a database for storing permission data. It has served our needs very well on the server side. Now, however, I need to reuse it in a client application deployed to about 50 users via WebStart (there are more similar applications coming which will take the user base to about 200).
  For some reason, the permissions are not being properly evaluated under WebStart. Tracing through my policy code, I can see that calls to imply() return with expected true/false values, however, when the internals of Java's underlying security API aggregate the results, calls to AccessController.checkPermission() don't raise exceptions when and where they are expected to.
  This is really a hard problem to debug/trace. When I run the application locally, I have no problems with security checks even if I run it under a security manager (via -D.java.security.manager). Tracing to standard helps to a point and I can see that there is a difference: during the local runs, calls to MyCustomPolicy.implies(Permission, Domain) are made once per every AccessController.checkPermission() call made from the business layer. Under WebStart, there are three calls to MyCustomPolicy.implies() per every call to AccessController.checkPermission(). All three calls seem to come from the same stack frame. All three return 'false', yet AccessController.checkPermission() doesn't raise an exception.
  Analyzing stack's state at the point MyCustomPolicy.implies() is been called, I think the answer to my problem may lie in the following code snippet of AccessControlContext.checkPermission(Permission):
          for (int i=0; i< context.length; i++) {
              if (context[i] != null &&  !context.implies(perm)) {
  if (debug != null) {
  debug.println("access denied "+perm);
  if (Debug.isOn("failure")) {
  Thread.currentThread().dumpStack();
  final ProtectionDomain pd = context[i];
  final Debug db = debug;
  AccessController.doPrivileged (new PrivilegedAction() {
  public Object run() {
  db.println("domain that failed "+pd);
  return null;
  throw new AccessControlException("access denied "+perm, perm);
  I believe that somehow one of the iterations gets to "return null" line, but at the moment I have no way of verifying this.
  I'm finally getting to my question. In order for me to understand what's going on, I need to enable debugging of AccessControlContext. I can do this by setting java.security.debug system property. Again, I have no problem enabling debugging on a local system, but not under WebStart.
  Here's what the relevant markup in the .jnlp file looks like:
  <resources>
  <j2se version="1.5" max-heap-size="128m" initial-heap-size="32m" java-vm-args="-Djava.security.debug=all">
  </j2se>
  <!-- a bunch of jar declarations -->
  <property name="java.security.auth.login.config" value="jar:swing-app-SNAPSHOT.jar!/jaas_login.properties">
  </property>
  <property name="java.security.debug" value="all">
  </property>
  </resources>
  this seems to have no effect and no debugging output appears. Any ideas why? Is there anything else I can do to enable debugging of AccessControlContext under WebStart?
  I don't expect too many replies to my post (unless 3 sleepless weeks made me miss something really obvious), but if anyone can offer a hit/hit/insightful comment :), that would be great.
  Dmitry

  Hey
  I have just finished such a policy implemention - boy could I have done with your help!
  I've never seen the java.security.debug property before - not to say it doesn't exist, but don't confuse system properties and security properties. Try setting it programmatically via Security.setProperty() or the Java Admin console [if you can], or even in the JRE WebStart uses via the java.security file.
  When you run it locally with security switched on, do you observe the 3-to-1 behaviour also? I'm not sure if this is important - depends on your answer. As for the checks being performed from the same stack frame, the AC iterates over the protection domains as it checks them; the 3-to-1 behaviour is the result of there being 3 extra frames to check, possibly due to the fact your executing from JWS [although I'd expect JWS to be considered system code]. If the execution in AC gets to return null; then Debug.isOn("failure") must evaluate to true [...I'd slump in my chair at this point] but there's no way to figure out accurately what the semantics of this is AS THERE'S NO FRICKIN SRC AVAILABLE [...this really annoys me]. The only thing I can suggest for that is to not try and switch debugging on.
  I suspect you are using JAAS [hence the dynamic policy need]? I have an idea if you are.
  I totally know what you mean about the sleepless nights mate - I'm glad I done it all now, learnt all about security within Java which I knew nothing about 6 months ago.
  Warm regads,
  D

• How do I resolve this error in Safari Your page is blocked due to a security policy that prohibits access to Category Remote Proxies"?

  I'm trying to access several pages and keep geting "Your page is blocked due to a security policy that prohibits access to Category Remote Proxies" After going over all my security stuff I just can't find where I would correct the error.
  Is there anyone who could help me?
  Thanks
  Fr. Gary

  very strange,
  1. check time and date on your computer
  2. reset network configuration, make sure there are no proxy servers and you get DNS from your router not manual
  3. Reset certificates database
  Go to Terminal (Applications>Utilities)
  sudo rm /var/db/crls/*cache.db
  (you will be prompted for your password)
  and reboot the computer
  post back

• Invoke a business service base in a WSDL with customer WS-Security Policy

  Customer write a Web service (Refer to the attachment file “HTTPS_PartyServicePortType.WSDL”)which declare a WS-Security Policy and apply this it to WS binding ,How can I generate a business service base in this WSDL and invoke it successfully?
  When create a business service in OSB, we get a error with below messages
  [[OSB Kernel:398133]The service is based on WSDL with Web Services Security Policies that are not natively supported by Oracle Service Bus. Please select OWSM Policies - From OWSM Policy Store option and attach equivalent OWSM security policy. For the Business Service, either you can add the necessary client policies manually by clicking Add button or you can let Oracle Service Bus automatically pick and add compatible client policies by clicking Add Compatible button.
  After enhanced the OSB domain with OWSM extension, we found the OOTB OWSM defined cannot support the HttpsToken and OSB cannot support below WS-Policy defined in OWSM, refer to http://docs.oracle.com/cd/E21764_01/doc.1111/e15866/owsm.htm#OSBDV1681
  51.2.8.1 Unsupported Assertion
  •     binding-permission-authorization
  •     http-security
  •     OptimizedMimeSerialization (MTOM)
  •     RMAssertion (Reliable Messaging)
  •     sca-component-authorization
  •     sca-component-permission-authorization
  •     UsingAddressing
  •     wss-saml-token-bearer-over-ssl (Authentication)
  it means that we cannot generate a web service with customer WS-security Policy
  The WS-Security Policy is shown as below:
  <wsp:Policy wsu:Id="WSHttpBinding_IPartyServicePortType_policy">
  <wsp:ExactlyOne>
  <wsp:All>
  <sp:TransportBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
  <wsp:Policy>
  <sp:TransportToken>
  <wsp:Policy>
  <sp:HttpsToken RequireClientCertificate="false"/>
  </wsp:Policy>
  </sp:TransportToken>
  <sp:AlgorithmSuite>
  <wsp:Policy><sp:Basic256/></wsp:Policy>
  </sp:AlgorithmSuite>
  <sp:Layout><wsp:Policy><sp:Strict/></wsp:Policy></sp:Layout>
  </wsp:Policy>
  </sp:TransportBinding>
  <wsaw:UsingAddressing/>
  </wsp:All>
  </wsp:ExactlyOne>
  </wsp:Policy>
  BestRegards!
  Simon

  Hi
  According to
  http://e-docs.bea.com/wls/docs90/webserv/annotations.html#1050414
  If you are going to publish the policy file in the Web Service archive, the policy XML file must be located in either the META-INF/policies or WEB-INF/policies directory of the EJB JAR file (for EJB implemented Web Services) or WAR file (for Java class implemented Web Services), respectively.
  Can you make sure the policy file is in there?
  Also there is a sample from the developer at http://dev2dev.bea.com/blog/jlee/archive/2005/09/how_to_use_anno.html
  Vimala-

• How to pass Username from OWSM Security policy in Oracle Apps Adapter .jca file

  My BPEL process uses Oracle Applications Adapter. The following is the .jca file for the Adapter.  The Username is initialized statically to "sysadmin" when I created the Adapter.Is it possible to pass in the username from the OWSM Security policy for the username value below? If so how to do? I appreciate your response.
  <adapter-config name="EBSAdapter" adapter="Apps" wsdlLocation="../WSDLs/EBSAdapter.wsdl" xmlns="http://platform.integration.oracle/blocks/adapter/fw/metadata">
    <connection-factory UIConnectionName="EBS1" location="eis/Apps/EBS1" UIConcurrentPgmName="" UIOracleAppType="DBOBJECT"/>
    <endpoint-interaction portType="EBSAdapter_ptt" operation="EBSAdapter">
      <interaction-spec className="oracle.tip.adapter.apps.AppsStoredProcedureInteractionSpec">
        <property name="SchemaName" value="APPS"/>
        <property name="PackageName" value="INTG"/>
        <property name="ProcedureName" value="GET_USER_PROFILE1"/>
        <property name="IRepInternalName" value="PLSQL:INTG:WEBCENTER_GET_USER_PROFILE1"/>
        <property name="Username" value="sysadmin"/>
        <property name="Responsibility" value="System Administrator"/>
      </interaction-spec>
    </endpoint-interaction>
  </adapter-config>

  1. Go to Invoke activity
  2. Click on Properties tab.
  3. click Add
  4. Add this property "jca.apps.Username" and map it with either variable or expression.
  5. Populate variable defined at previous step with some valid username value at runtime.
  hope this helps.
  Regards,
  Karan
  Oracle Fusion Middleware Blog

• Create new Security Policy in UME is not available

  Hello,
  We are on NW CE 7.1 EHP1 and MII 12.1.7 build 47.
  I have MII Super Administrator role, few custom roles and I also have Action "Manage_All" and I am able to perform most of the activities on UME but I don't see any option to create new security policies all I can do is modify the Default Security Policy and save it.
  It never shows me an option to create new security policy and I am not sure what roles or actions I am missing.
  1) Are there any roles or actions that my profile needs to have?
  2) Is it something to do with NW CE version or MII version?
  3) Has something gone wrong or have we missed some configuration while installing NW CE or MII?
  Any suggestions will be of great help
  Thanks,
  Adarsh

  Adarsh,
  I am not a NW UME expert, but I know this issue has nothing to do with MII.  Not sure if you have rights but providing the Administrators Group for the UME database should allow you to do this. 
  I would try posting this thread on the NW UME Forum.  Modifying policies in NW has nothing to do with MII. 
  Just to verify what policies are you trying to change, I am assuming they are in NW UME and not MII, is this correct?  If they are in MII can you be more specific.
  Good luck.

• "Security policy error" while setting up "Microsoft Exchange Hosted Services" Exchange Account (corporate user)

  I'm a corporate user with a very large company that is using Microsoft Hosted Exchange services actually hosted by Microsoft employees at their facilities.  I called Palm support and they were clueless and zero help.  The lady pointed me to some Palm KB article that I had already read and only remotely had anything to do with my problem.  I see nothing on this error message in the forums and google searches. Sprint has even replaced my palm pre due to other reasons and the same error occurs after I configure the exchange account. I'm also seeing the error when I configure my account on my wifes brand new pixi. Both our pre and pixi already have exchange accounts successfully configured on our phones that are hosted by sherweb. The sherweb exchange accounts work without issue. I have tried configuring this microsoft hosted exchange account 5-6 times with the same result. It accepts my configuration information and adds it to the list of available email accounts in the pre. However, it keeps popping up this message stating "Security policy error: "Exchange... Tap for details" (with a yellow exclamation mark). Then it says "Security Policy Error" The account Exchange (first part of my email address) is disabled because security policies cannot be set." "Leave it disabled" or "Remove Account". I know something is working because it enforced a Password or Pin policy on to my phone which is not required unless this account has been added. I can also see it in the "Mobile Devices" section of web outlook when I login. This is the place in web outlook where you can see the last time the device synced, where you can remote wipe the phone etc. If anyone has any idea how to resolve my issue please post. Any ideas? I'm fresh out of ideas on this problem and very frustrated with Palm Developers. Just another example of poor development and testing practices by Palm. I hope they correct this issue on subsequent releases but I am only marginally optimistic that they will ever get this exchange mail support to the level necessary to support large corporations. What I do know is that my Microsoft Hosted Exchange account works fine on a Windows Mobile phone and a iPhone 3GS (confirmed by other coworks who have configured their phones using our exchange services). As a result, I have no choice but to blame Palm for this problem instead of Microsoft. Palm please fully support microsoft exchange mail users!!!!
  Post relates to: Pre p100eww (Sprint)
  This question was solved.
  View Solution.

  From my understanding of EAS and PDA devices, if the server as a policy to enforce and the device cannot provide that policy then the server will not allow the device to connect. The KB I gave you has a listing of what policies the devices supports, if your server supports more than that then it could deny the connection. As for what the iPhone does and does not do we cannot answer that due to we are not iPhone.
  I did find an article that may explain a little better for PDA and exchange: http://www.infoworld.com/d/mobilize/how-avoid-smartphone-exchange-policy-lie-004

• How to create a custom java client Security Policy File?

  I have a stand-alone java client which invokes a .NET WSE 3.0 enabled web service. The web service SOAP header requires username token to be passed from my java client.
  Could some one kindly provide a sample of a client-side Security Policy File?
  Your help is very much appreciated.
  Mike

  This is still a workaround...
  But if you put checks on all your forms to see if the user has accepted the terms (assumes there is an attribute tracking this) then you can redirect the user to the terms/conditions forms. Still not spoof-proof, but it would be bookmark proof. (and a pain if you have too many forms)