How to avoid JsessionID passing in URL by using weblogic

Hi,
          In my application,while login into it,the URL appended with JSessionID but it is security flaw which is very helpful for hacker to leglimate the application.So please how to avoid the Jsessionid is visible in URL to user and it should not appended in the url.
          ie:
          www.joy.com/loginAction.do;jsessionid=hQsmHn1BTY1mp12xLyGl0JTncVrpJGRswpMRY82wLbpqB8B5wJJ1!-829701127
          the above seen url appended in my URL.
          which Method is appropriate to control the appending and is there any tag attribute particularly in weblogic.xml which will take care to avoid to pass thru out application.
          Please come up with solution ASAP i need to implement
          Regards
          Karthik

Hi Vikram,
          As you said that,by disabling the particular tag attribute ,it will not present on url and how to rewrite the Present URL which back to original URL
          Regards,
          Karthik

Similar Messages

  • How to avoid Java Studio Creator 2 to use the regional settings?

    How to avoid Java Studio Creator 2 to use the regional settings to select the language that will be used to display the IDE in a certain language?
    My country settings are set to Belgium (French) but I want to have my IDE running in English.
    What should I change in the defautl properties of JSC2 to avoid this behaviour?
    Please, don't tell me to change my regional settings, it is not a valid answer :-)
    Best regards,
    Abdelkrim BOUJRAF

    just modify creator.conf in directory etc/
    add: -J-Duser.language=en
    in the netbeans_default_options line:
    like this:
    netbeans_default_options="-J-Duser.language=en -J-Xms96m -J-Xmx384m -J-XX:PermSize=32m -J-XX:MaxPermSize=128m -J-XX:+CMSClassUnloadingEnabled -J-XX:+CMSPermGenSweepingEnabled -J-Xverify:none -J-Dnetbeans.javacore.background_scanning=true -J-Dsunappsrvint.home=\"C:\Program Files\Sun\Creator2\SunAppServer8\""

  • How to avoid Moire Effects (jiggered still pictures) using iM and iDVD.

    This is a discussion going on forever and forever in this forum. I had the problem of bad looking slideshows myself, and I am hearing the same tips over and over again that just don't work. This is what I found out on how to avoid moire effects in your still images, when you want to edit a slideshow using iMovie - and I personally think, this explanation makes a lot of sense.
    Try it on your own and you will have had the last bad looking still image slidehow on the TV screen ever!! Here we go:
    Like everybody here I am talking about the process of creating a slideshow incuding movie strips in iMovie to get as a final result a DVD with menus and such using iDVD.
    And the common problem with stills and iMovie 5.02 are the so called jiggered pictures iMovie creates. Call it a moire effect, if you'd like.
    Whenever full resolution still images are importet from iPhoto into iMovie, the quality that iMovie will spit out in the end is disgusting. Period. Just disgusting.
    It has nothing to do with that iMovie does not display it properly on the Monitor or we are just in preview mode - the results are bad there and will be bad (maybe even worse) on the TV screen.
    There is no SIGNIFICANT difference between wether the pictures are imported with KB on or off, whether they are imported as still frames or as video clips using iMovie "import" function. iMovie can treat the color fairly bad, overprocesses the pictures and - worst of all, the moiree effects you will see in the endresult are just very very bad. It is worse when the pictures are panning a lot (KB).. This is true for every picture containing a lot of detail (Trees, Forests, horizontol lines (stairs) etc.) - not so bad for closeup face shots, unless that person is really old
    There is no SIGNIFICANT difference on the result by how the iMovie project is fed into iDVD. When the movie is sent to iDVD using the iM command "send to..." the quality is worse (and you let iM render when it asks) than if the movie is dragged into the iDVD window - but again, the difference is not significant. The result will suck. The DVD will also look bad, when the iMovie is exported has high res quicktime first, before imported into iDVD. Again, its slightly better that way, but not significant.
    Whenever a slideshow is created in iPhoto and than exported to iDVD (or via being a quicktime movie through iMovie into iDVD) the result will be however stunning. But that totally defeats the purpose of iMovie and the degree of freedom of designing slidehows in a very appealing manner.....
    The problem I think lies in how iMovie processes still images. And this is not a bug, but more of a mathematical/programmatical problem. iMovie has to REDUCE THE RESOLUTION of your still. A 2000x3000 pixel image @ 300 dpi(roughly the dimensions of a 6 MP image) has to be downsized to a TV image (NTSC or PAL, whichever) which has a resolution of approximately 480x640. HD is accordingly higher. The amount of pixels has to be reduced. iMovie can do that. NOT GOOD. But it can. The problem starts when the picture is panning around (KB). iMovie makes a let us say 5 second movie @ 30 fps out of one still image. Almost every frame will be slightly different from the previous one due to the used KB effect. So, the routine of iMovie does this downsize calculation for each single frame - and it removes each time different pixels from the still image, due to a slightly different source still image. Got it?
    Now, when you look on how moiree effects occur (which is some weired math in it's own) than it makes sense, that we see all this jiggereing in horizontol lines of high res. patterns.
    I found that if I reduce the size of each image in Photoshop (or Photoshop Elements) prior to importing it into iMovie, the quality of the final product that iMovie and subsequently iDVD spits out in the end is AMAZING (reduce the dpi to approx. 72, so the image resolution is roughly 480x640). This is not a difficult process, because both programms (PS and PSE) handle BATCH PROCESSING. Just let the Mac work for a couple of hours or so.... its WORTH IT (and don't forget to make copies of the high res originals beforehand... :D).
    (before you resize, find out about how to properly resize and rescale an image!!!!)
    I am slightly annoyed that I found that out after producing a long long long long and really good slightshow, that is watchable but looks REALLY cheasy and cheap).
    I hope this helps out.
    Waenni
    Mini G4   Mac OS X (10.4.8)  

    I agree that iMovie's still image quality is embarassingly bad and has many bugs.
    Even with no Ken Burns, the sharp images tend to flicker on a TV because iMovie doesn't blur them properly.
    And as you very well described, iMovie's Ken Burns produces uneasy zooms/pans because the subpixel rendering is, uh, suboptimal.
    iMovie's immortal rendering bug when exporting non-Ken Burns'ed images to iDVD/tape doesn't make things any better.
    Yes, bicubically downsampling the input images to 640x480 or adding gaussian blur to the megapixel input images takes care of the flicker and uneasy zooms/pans, but as a side-effect the maximal zoom-ins are then TOO blurry.
    The best workaround is to use Photo To Movie's higher quality export setting. It has the best quality rendering engine (I recently compared it to Still Life and FotoMagico). Disclaimer: I'm just a satisfied customer of Photo To Movie.
    See also:
    http://www.sjoki.uta.fi/~shmhav/SVCDon_aMacintosh.html#slideshow

  • How to avoid extended checks for the events used in ALV.

    Hii,
    I hav delvpd an alv report in which i hav used events for which i haven't declared PERFORM for the same. but when i had checkd in the Extended program checks it says that form interface is not called directly.. check for dynamic PERFORMS...
    how to avoid this error in the extended check program.

    Another option can be calling the routine from the program itself with a check that never satisfies.
    like:
    if 1 = 2.
    perform top_of_page.
    endif.
    form top_of_page.
    endform.
    Regards,
    Joy.

  • I need  How to retrive data from sap r/3   using weblogic server

    Hi every body .
    I need how to retrieve r/3 data  using BAPI methods
    and using weblogic server
    very critical

    Hai.
    check the links.
    http://www.bea.com/content/news_events/white_papers/BEA_WLP_SAP_Portlets_81.pdf
    http://www.info-sun.com/docs/wp_sapinter.pdf
    regards.
    sowjanya.b

  • How to setup the cluster environment for BPM using weblogic

    want to setup the cluster environment for BPM using weblogic....
    i have installed the oracle weblogic server 10gr3 and oracle BPM enterprise for weblogic 10gR3
    i have used the Admin tools from the "oracle BPM enterprise for weblogic" to setup the configuration and create the weblogic domain servers.
    i can launch the process administrator and import the project exp file to domain server.
    but what should i do to setup cluster environment using weblogic?
    what i want to do is :
    setup one admin machine..
    setup two product machine..
    enable the cluster so the admin machine can monitor the status of the product machine..
    thanks a lot ...

    The install guide at http://download-llnw.oracle.com/docs/cd/E13154_01/bpm/docs65/config_guide/index.html gives a reasonable amount of info on how to do this.
    Personally I have not used the OBPM option to configure WebLogic instead I've used the information in the above install guide to create the weblogic domain in advance of configuring OBPM.
    Once you've setup WebLogic configure OBPM using the values I mention in the following thread: How to set the JMX Engine parameter in Process Administation?
    Let me know any specific config questions and I'll do my best to answer them for you.
    Thanks,
    Mike

  • How to avoid popup & pass value dynamically in 'F4IF_FIELD_VALUE_REQUEST' ?

    Hello Experts,
    I am trying to test usage of f4 help function module.
    We want to dynamically pass values from remote machines into the given input parameters of a Given Search help and receive the output into a table (no dialogs required .. so no pop ups )
    I wrote a test program to just test if we can really do that at runtime ?
    This program pops up the window of search help First I want to surpress that window and Second I have no clue
    ( How to pass the input parameters as value eg. 20 to a given field as we pass manually )
    Can some one suggest something here ?
    REPORT  ZTEST_F4_TEST.
    data lt_return TYPE TABLE OF DDSHRETVAL.
    data ls_return TYPE DDSHRETVAL.
    data lt_return_ddic TYPE TABLE OF zDDSHRETVAL.
    data ls_return_ddic TYPE zDDSHRETVAL.
    PARAMETERS ptable type tabname.
    PARAMETERS pfield type fieldname.
    PARAMETERS pshelp type SHLPNAMe.
    CALL FUNCTION 'F4IF_FIELD_VALUE_REQUEST'
      EXPORTING
        tabname                   = ptable
        fieldname                 = pfield
        SEARCHHELP                = pshelp
    *   SHLPPARAM                 = ' '
    *   DYNPPROG                  = ' '
    *   DYNPNR                    = ' '
    *   DYNPROFIELD               = ' '
    *   STEPL                     = 0
    *    VALUE                     = ' '
        MULTIPLE_CHOICE           = 'X'
        DISPLAY                   = 'F'
        SUPPRESS_RECORDLIST       = 'X'
    *   CALLBACK_PROGRAM          = ' '
    *   CALLBACK_FORM             = ' '
    *   SELECTION_SCREEN          = ' '
    * IMPORTING
    *   USER_RESET                =
    TABLES
       RETURN_TAB                = lt_return
    * EXCEPTIONS
    *   FIELD_NOT_FOUND           = 1
    *   NO_HELP_FOR_FIELD         = 2
    *   INCONSISTENT_HELP         = 3
    *   NO_VALUES_FOUND           = 4
    *   OTHERS                    = 5
    IF sy-subrc <> 0.
    * MESSAGE ID SY-MSGID TYPE SY-MSGTY NUMBER SY-MSGNO
    *         WITH SY-MSGV1 SY-MSGV2 SY-MSGV3 SY-MSGV4.
    ENDIF.
    data lv_count type i.
    delete lt_return where fieldname <> pfield.
    sort lt_return by fieldval.
    delete ADJACENT DUPLICATES FROM lt_return COMPARING fieldval.

    Hello Sim,
    We will be exposing the Input parameters and Output lists of the SAP Search helps (simple search helps only) as input output of a Webservice.
    So I need to understand how can we exploit the SAP Search Helps ?
    What function modules can take these inputs as structures  and can provide the output in form of a table ?
    Regards,
    Ravi

  • JavaServer Faces: How-to avoid users entering application URLs directly

    Hi Frank,
    I have read your article and implement it but have problem in redirecting the user to the login page... the code snippet is:
    if (((HttpServletRequest)request).getMethod().equalsIgnoreCase("GET") &&
    !isAllowedPage(request)){
    HttpServletResponse oResponse =null;
    oResponse.sendRedirect("Login.jsp"); [But it not worked]
    chain.doFilter(request, response);
    Please help me... (what code to write for redirection)

    I have used basic authentication but when the login/pwd window appears. I pass the user/pwd and following message appears
    You are not authorized to view this page
    You might not have permission to view this directory or page using the credentials you supplied.
    My Web.xml file look like this.
    <security-constraint>
    <web-resource-collection>
    <web-resource-name>adfAuthentication</web-resource-name>
    <url-pattern>/adfAuthentication</url-pattern>
    </web-resource-collection>
    <auth-constraint>
    <role-name>oc4j-administrators</role-name>
    </auth-constraint>
    </security-constraint>
    <security-constraint>
    <web-resource-collection>
    <web-resource-name>empprofile</web-resource-name>
    <url-pattern>faces/empprofile/*</url-pattern>
    </web-resource-collection>
    <auth-constraint>
    <role-name>admin</role-name>
    </auth-constraint>
    </security-constraint>
    <login-config>
    <auth-method>BASIC</auth-method>
    <realm-name>jazn.com</realm-name>
    </login-config>
    <security-role>
    <role-name>oc4j-administrators</role-name>
    </security-role>
    <security-role>
    <role-name>admin</role-name>
    </security-role>
    <resource-ref>
    <res-ref-name>jdbc/OracleDBConnectionDS</res-ref-name>
    <res-type>javax.sql.DataSource</res-type>
    <res-auth>Container</res-auth>
    </resource-ref>
    My jazn-data.xml file look like this
    <?xml version = '1.0' encoding = 'windows-1252' standalone = 'yes'?>
    <jazn-data xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:noNamespaceSchemaLocation="http://xmlns.oracle.com/oracleas/schema/jazn-data-10_0.xsd"
    filepath="" OC4J_INSTANCE_ID="">
    <jazn-realm>
    <realm>
    <name>jazn.com</name>
    <users>
    <user>
    <name>amir</name>
    <credentials>{903}hy9JMGVS8lau4hu2OhJWv8YgglfpgRR2</credentials>
    </user>
    </users>
    <roles>
    <role>
    <name>admin</name>
    <members>
    <member>
    <type>user</type>
    <name>amir</name>
    </member>
    </members>
    </role>
    </roles>
    </realm>
    </jazn-realm>
    </jazn-data>
    My orion-Application file look like this
    <?xml version = '1.0' encoding = 'windows-1252'?>
    <orion-application xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="http://xmlns.oracle.com/oracleas/schema/orion-application-10_0.xsd">
    <jazn provider="XML" default-realm="jazn.com"/>
    </orion-application>

  • How to avoid the change of url in browser window

    Hi all,
    i have created 2 portal component and created as a anonymous iView and assigned in framework page(duplicated default framework page).And also master rule collection i added my framework page for anonymous, while i type the url /irj/portal/anonymous its rendering correctly.
    my issue is......
    one is acting as a main page another one will be called when the request made.
    In that main component, i have hbj link, when i click that link it fetch the data from db and come back to jsp. but that time the url in the address bar is changed. i like to restrict that.
    or any other way to control it, without java script.
    Note:helpful answers will appreciated
    thanks & regards,
    Kathiresan R

    Hi,
    In my thread itself, i have mentioned that, i am duplicated default framework page. I am using CE, in that end user content folder there is no light framework.
    Can u let u know where the light framwork present in CE.
    Thanks & regards,
    Kathiresan R

  • How to avoid security information pop up when using BSP in SRM

    Hi. I have created a custom BSP and have flagged it as HTTPS in the properties, and the URL does start HTTPS.
    I have then put this BSP in a role in SRM and can access it from the internal ITS after logging into SRM. Obviously the main SRM URL is also HTTPS. The BSP actually does its job fine.
    However, when I click on the BSP I get the security information pop up telling me that the page contains both secure and nonsecure items every time.
    How can I avoid this?
    I have read the article on the wiki, but it does not apply to my BSP as there are no links at all in my BSP, and everything is HTTPS.
    We can not change the IE settings as all our desktops are locked down and configured in the same way from an outsource company.
    Any help would be greatly appreciated.
    Regards,
    Dave.

    Hi. I'd already seen that, and it is not quite the same as mine. That link is about calling a BSP as a catalog in SRM and switching from HTTPS to HTTP.
    I am calling the BSP direct from the SRM main menu and everything of mine is HTTPS, I am not switching.
    Do you have any other ideas?
    Thanks a lot for your help.
    Regards,
    Dave.

  • How to avoid OCM reinstall through OPatch when using EM Harvester?

    Currently running OEM Grid Control 11g (11.1.0.1.1GC PSU) on an infrastructure repository database (11.2.0.1.2). Previously had OCM installed in every ORACLE_HOME in our environment. I removed all existing OCM installations and OCM Instrumentation in each database.
    I then installed OCM (10.3.3.2.2) into the OMS_HOME in order to begin using the EM Harvester for all configuration uploads rather than multiple OCM installs. This went fine, and I began to see targets in MOS indicating GC as the data source rather than OCM. Good so far.
    I then installed PSU 11.2.0.1.3 to the infrastructure repository database. During the patch installation, OPatch re-installed OCM into the database ORACLE_HOME without my knowledge. This caused some targets to appear in MOS with OCM as the data source again. At this point I had two sets of OCM processes running. I've confirmed that the patch caused the OCM reinstall by checking the opatch logs from $ORACLE_HOME/cfgtoollogs, where I can see the fresh OCM install occur.
    I then installed patch 9431704 to the MW_HOME/oracle_common ORACLE_HOME to resolve the 'FMW Welcome Page Application' target showing down in Grid Control issue. The patch went fine, but OPatch again reinstalled OCM, this time to MW_HOME/oracle_common and MW_HOME/utils. So at this point I had four sets of OCM processes running, which caused many duplicate targets to appear in MOS, again with OCM as the data source. Confirmed yet again that the OPatch session led to the new OCM installs by reviewing the logs.
    I would like to exclusively use the EM Harvester to upload configuration details to MOS. Per the whitepaper in note 848962.1, "The only prerequisites for using an EMGC system to collect and upload configuration data to Oracle Support are that the EMGC OMS must be at least version 10.2.0.5, and there must be an OCM instance configured (and running in connected mode) in the Oracle Home of the OMS."
    So this leads to my question. How can I continue to patch OMS, the repository database, and the target databases, while preventing OPatch from reinstalling OCM in every ORACLE_HOME it finds?
    I understand that whitepaper's comment to mean that I only require OCM in the OMS_HOME and it should not run out of any other ORACLE_HOMEs in our environment. Should I simply allow OPatch to install OCM anywhere it wants, then pause them by running '$ORACLE_HOME/ccr/bin/emCCR hold'? Is there a flag I can include when running 'opatch apply' to tell it skip OCM installation?

    Thanks EricvdS, I think that will work. I plan to try it with my next PSU patch. It's not exactly what I wanted, since I'd prefer to avoid having OPatch installed at all (and thus have no ORACLE_OCM user and no OCM instrumentation in the database), and I believe the initial OPatch install will submit OCM data to MOS even before pausing it and setting it to disconnected mode, and I'd like to avoid that too.
    I also have the feeling that I may be able to skip the OPatch install by not providing my email address and MOS password or CSI number when applying patches. I'll try that too.

  • How can hide jsession id in url  while using struts

    i'm new to struts and when i use struts there is a jsession parameter in url how can i hide and dont see it

    Turn on cookies.

  • How to avoid postback while filter document library using metadata navigation filters?

    Hi All,
             Please help me with this scenario. I have a document library with metadata columns and normal columns and have enabled metadata navigation settings and key filters.
            It filters fine. But only problem every time i click the whole page will refresh. is there any way we can avoid page refresh while filtering.
    Or
    Any alternative solutions also much appreciated.
    Thanks for your help in advance.

    You're not going to be able to avoid that post back. The pages haven't been designed to allow AJAX behaviour and trying to re-build them would be a monster for MS let alone for you.

  • How to avoid, that a CPD-Customer will used in Sales ORDER?

    Hi,
    i will avoid, that the user inserts an CPD-Customer in sales orders.
    It's only in quotation allowed.
    Therefore i use include MV45AFZB with following code.
    FORM USEREXIT_CHECK_VBAK USING US_DIALOG.
    DATA: WA_KTOKD TYPE KTOKD.
    IF VBAK-VBTYP <> 'B'.
      SELECT SINGLE KTOKD FROM KNA1 INTO WA_KTOKD
             WHERE KUNNR = VBAK-KUNNR.
      IF WA_KTOKD = 'CPD'.
        MESSAGE E010(ZZ) WITH
                'CPD-cutomer is not allowed!'.
        MOVE 'ENT1' to FCODE.
        EXIT.
      ENDIF.
    ENDIF.
    My problem is, that the user cannot chage the customer numer when error appears.
    Is there another way to realize what i need, or is there a way to make the customer-Number
    changeable in this case?
    Hope anyone can help-
    Regards, Dieter

    Dieter
    Have you tried using order block?
    Firstly define an order blocking reason for CPDs and assign it to all relevant order types in config.
    SPRO/IMG/Sales and Distribution/Sales/Sales Documents/Define And Assign Reason For Blocking
    And then block all CPD customers using VD05 ( there will not be many, so it shouldn't take time).
    Alternately
    make it a warning in the code you wrote and copy the same code as an error while saving the order using
    MV45AFZZ - USEREXIT_SAVE_DOCUMENT_PREPARE or USEREXIT_SAVE_DOCUMENT
    Hope this helps.

  • How to avoid eco if we are not using headset?

    Hello, I have a flash in CS$ and AS3 which use the camera and micro to comunicate 2 people.
    All works correctly, but if we don't use a headset, and we are using the speakers of the PC and the webcammicro, this one receive the audio of the speakers and send the voice through the channel, and the person that are apeaking receives his own voice a couple seconds later.
    There si some way to avoid eco for this scenario?
    Thank you very much

    Hello, and thank you for your response, but I have already been using the setUseEchoSupression property to true, and the echo doesn't dissapear.
    There is another option?
    Thank you again

Maybe you are looking for