How to implement a security sub-system?

Similar Messages

• How to implement the security notes in Java System.

  Hi All,
  For the ABAP systems we use RSECNOTE to implement the security notes, but how do we do that in Java systems?
  Any reference or guidance will be of great help.
  Thanks,
  Akash.

  RSECNOTE is for ABAP only, and I dont think there is any equivalent for Java.
  For Java , security note will guide you on how to implement.
  It could be manual changes or via SDM or JSPM.
  Regards,
  Pinkle

• How to implement a simple paragraph system in CQ

  Hi,
  I have some problems in implementing a paragraph system in CQ.
  I have to implement it in CQ 4.2.
  Does any one explain it to me in simple words?
  Thanks a lot in advance, Seboeh

  I found the solution.
  I could implement a paragraph system now.
  I shortly describe the most important things.
  1. the spooler script should not have any carriage return
  2. for a component the spooling works only with following link.
  <img src='<% cc.getPage().getHandle() + ".spool." + cc.getQualident() + ".jsp" %>' width=200px>
  Further on, in the "Component Definitions" for this script only "spool" should be written as globbing. Not "*spool" or "spool*".
  This is also the reason, why we have cc.getQualident() after spool in the img-tag.
  3. Further on it is important for a paragraph system to include the following initialization.
  <%
  Style actstyle = null;
  %>
  <cfc:initComponent cellId="body" componentId="/libs/Components/body">
  <% actstyle = componentContext.getStyle(); %>
  </cfc:initComponent>
  <cfc:includeComponent cellId="body" componentId="/libs/Components/body" />
  <cfc:includeComponent cellId="parsys"
                          componentId="/apps/emb/Components/parsys" />
  4. in side the spooler script, you get the atom by:
                          String[] selectors = cqReq.getSelectors();
                          String qualident = selectors[1] + "." + selectors[2];
                          Container local = (Container) actpage.getElement(qualident);
                        Atom atom = local.getAtom("myImageSrc");
  where "myImageSrc" is the atom.xml content definition.
  The selcorts[2] is either "Single" or somthing like "parsys.0001".
  5. In simple components, you need also this kind of code to initialize a edit bar.
  <%
  ComponentContext cc = (ComponentContext) request.getAttribute("componentContext");
  ComponentInfo ci = cc.getComponentInfo();
  %>
  <cfc:editbar
                          parName="<%= cc.getContainerList() %>"
                          parNum="<%= cc.getContainerLabel() %>"
                          storagePre="<%= cc.getStoragePre() %>"
                          dialogAny="<%= ci.getContentDialog() %>"
  />
  I hope this could help you creating the paragraph system.
  Kind regards, [email protected]

• How to implement a kerberos server system

  Hi
  I want to develop a simple kerberos system which has just one client and one service server. I couldnt find any tutorials about kerberos. Could you please help me

  You may also want to look at JAAS. http://java.sun.com/developer/technicalArticles/Security/jaasv2/
  It's probably a tad overkill for some JSP applications, but it would give you an additional layer of protection for documents, i.e., you can control access to actual files based on roles. I say it's a bit of overkill because Tomcat incorporates most of the ideas into their realms.

• How to implement the security in web service with Weblogic 9.2

  I've generated web service by Web Logic 9.2 using existing WSDL (as per client requirement) and want to add security policy for authentications.
  I have used following annotation in service class.
  @Policies({
  @Policy(uri="policy:Auth.xml" , direction=Policy.Direction.inbound)
  But it gives compilation time error with following message.
  The Policy and Policies annotations are not allowed on jws file when compiledWsdl option is specified
  I've also tried to modify the WSDL to accommodate policy configuration and again generate the web service but problem is being as it is.
  If anybody has solution of this issue then please let me know ASAP.

  Did you get an answer to your question? I have the same problem with WebLogic 10.0.

• How to give JASS Security to ADF BC Swing Application.

  Hello Friends,
  ->I read lots of threads about JASS Security in ADF about Web Application.
  ->But i am not getting any solution/Document Which explains, How to Implement JASS Security to ADF BC Swing Apllication.
  -> I Will Explain Which type of application we developed.
  We had developed one Whole ERP Product by using ADF BC [Swing] Technology.We have 480 Forms in our Application.Now i need to give security to my Application.
  ->I Will Explain Structure of Application.
  We have seperate Application Module for each form means i have 480 Application Modules in my application.I create seperate session beans for each Application Module and I deploy it on Standalone OC4J Server
  So please friends help me out to give security to my application.
  Thanks in Advance.

  Hello Franks
  First thanks for your reply.
  --> As you suggested two options for me but i would like to go with second option.
  JAZN with ADF BC.
  ---> As you said i need to do jbo.security.enforce property set to "auth".but currently i made it "Test" to trace login user means to set History Columns.
  --->Frank i am waiting for your documents.If you have documents in the format of how-to-do then Please Forward me.
  Thanks Frank

• How to implement Security Domains with Delegated Management

  Hello,
  I have read the GlobalPlatform docs and 'scoured' the Internet for some useful advice on how to implement DM with Java Card.
  The GlobalPlatform docs say that "The interface between a SD and the Card Manager is not defined by Open Platform" and that "It is assumed that a SD cannot be developed in the same manner as a normal app". How then is someone supposed to be able to implement a system that includes Java Card applets and post-issuance uploading of applets using DM?
  I have purchased the Aspects Developer IDE with DM supported Java Card smart cards but am at a loss of how to actually implement the SD applets with DM....I know this technology is not supposed to be easy , but it should be possible to research and find the information that is required to learn it.
  Can anyone point me in the direction of somewhere that will provide me with some direction?
  Thanks in advance,
  Ann

  Hi Kavitha,
  check this link http://andrejusb.blogspot.in/2011/04/housekeeping-for-adf-security-test-all.html
  http://www.orastudy.com/oradoc/selfstu/fusion/web.1111/b31974/adding_security.htm
  Edited by: MaDi on Jun 11, 2012 3:46 PM

• How to implement sharepoint 2010 security implementation at site level ?

  Hi,
  We are going to implement one school automation system as internet application using sharepoint 2010.
  I want to know what type of step's i have to take for best security level implementation in the site level.
  Thanking You, Nagendra.

  Hiya,
  simple as that, SharePoint 2010 has no known vulnerabilities against SQL injections due to the nature of how it works.
  It's hard to protect against unknown vulnerabilities. If your planning to allow only authenticated users, you can perform the authentication on a dedicated application server. TMG/UAG/Web Application Proxy.
  Besides that, SharePoint 2010 and up was build to be exposed to the internet, with all the considerations that incurs.
  I fail to see the validity in the argument about "any web application using Asp.net there is a chance to SQL inject". If you create a custom asp.net application and do not secure yourself, yes you will have a problem. If you do secure yourself, you do not
  have a problem. Proposing it as a general approach is faulty.

• How to resolve Issues while implement gateway security by using reginfo,secinfo?

  Hi,
  I want to implement gateway security using  gw/reg_info,  gw/sec_info,  gw/reg_no_conn_info.
  so far I have created reginfo and secinfo files to allow all internal traffic and I kept gw/reg_no_conn_info=11, gw/acl_mode=1
  reginfo
  ======
  #VERSION=2
  P TP=*,HOST=local
  P TP=*,HOST=internal
  P TP=*,HOST=*.abc.com
  with the above setting I believe all the programs with in sap systems(including app servers), also system from domain abc.com can register programs with out having any issues.
  secinfo:
  ======
  #VERSION=2
  P TP=* USER=* USER-HOST=local HOST=local
  P TP=* USER=* USER-HOST=internal HOST=internal
  similarly  as per secinfo content I believe that all the internal traffic can go with out any issue with in sap system.
  beside that I have activated gateway logging to find the rejecting connections if any.
  I have following questions:
  ===================
  1)As the reginfo,secinfo files maintained can I remove gw/acl_mode=1 parameter ?
  2)if I want to add a specific programs to register from 3rd party system, suppose a program called "zram" from system "172.198.10.1" where I suppose to add it. Do I need to add that IP to secinfo along with reginfo?
  3)when I set parameter gw/reg_no_conn_info=11 when convert to binary it equals to 00001011
  what exactly this means from the following definitions from note 1444282
  1 1298433 Bypassing security in reginfo & secinfo
  2 1434 117 Bypassing sec_info without reg_info
  4 1465129 CANCEL registered programs
  8 1473017 Uppercase/lowercase in the files reg_info and sec_info
  will that means 8+2+1 means satisfying the above 3 lines except condition 4 ?
  4) I enabled  gateway logging, how could I catch rejecting connections from third party systems?
  5)From simulation mode I got to know that It will satisfy reginfo,secinfo restrictions and it will allow all other traffic.so what is the added advantage with this when activate?
  6)is there any sap native tools which help while preparing reginfo, secinfo files?
  Regards,
  Koteswararao.Davuluri(Koti).

  Hi,
  Here is answers for questions 4 and 5.
  4) I enabled  gateway logging, how could I catch rejecting connections from third party systems?
  SMGW->Goto->Expert functions->logging
  In the above path if you select security->(under that)->Rejected access only
  when you select that it should show you the connections getting rejected.
  5)For simulation mode you have 2 options. you can activate directly from the above path.Other option  if you maintain gw/sim_mode = 1  that will make the permanent simulation mode. But once after all the entries set in reginfo you have to disable simulation mode. with secinfo you will not have much problems.
  After doing steps 4, 5 you can see rejected entries in Gateway log.

• How do I implement XML Security in my XML app?

  I had always thought of myself as a reasonably intelligent person. Now that I'm trying to learn how to implement XMLSignatures into my XML processing framework, I realize how ignorant I am!
  I downloaded the XML security packages from apache and after two days of trial-and-error, I have keystores set up and I can create XMLSignatures and sign XML documents I create with DOM.
  But when I try and validate the signature on the other end (after I've created another XMLSignature object from the XML I recieved) with the certificate I've exported from the client keystore, it fails every time.
  I've exported the server and client certificates and imported them into the other's keystores (i.e. the server trusts the client's certificate and vice versa) and if I call X509Certificate.equals(CertificateFromMyXML) it says "true". But if I try and validate the XMLSignatures, it returns false. How can it not validate the XMLSignatures if it knows that the certificate from the keystore exactly matches the one I just got in my XML.
  I'm hopelessly confused. Can someone point me in the right direction so that I'm not spining my wheels, staring at my screen, wondering what the heck I have to do to understand this stuff!?
  Any documentation or pointers you can direct me to would be extremely helpful.
  Thanks!
  Jon Brisbin
  Webmaster
  NPC International, Inc.

  Here's the sample program I'm using:
      public static void main( String[] args ) throws Exception
          KeyStore ks = KeyStore.getInstance( KeyStore.getDefaultType() );
          ks.load( Authenticator.class.getResourceAsStream( "/qnpc.jks" ),
                  "****".toCharArray() );
          X509Certificate cert = (X509Certificate) ks
                  .getCertificate( "webservice" );
          StringWriter sw = new StringWriter();
          OutputFormat of = new OutputFormat();
          of.setIndenting( true );
          of.setIndent( 2 );
          of.setLineWidth( 80 );
          XMLSerializer ser = new XMLSerializer( sw, of );
          Document doc = makeDoc();
          org.w3c.dom.Element el = doc.getDocumentElement();
          XMLSignature xSig = new XMLSignature( doc, NS,
                  XMLSignature.ALGO_ID_SIGNATURE_DSA );
          // Transforms transforms = new Transforms( doc );
          // transforms.addTransform( Transforms.TRANSFORM_ENVELOPED_SIGNATURE );
          // xSig.addDocument( "", transforms, Constants.ALGO_ID_DIGEST_SHA1 );
          xSig.addDocument( "" );
          xSig.addKeyInfo( cert );
          el.appendChild( xSig.getElement() );
          xSig.sign( ks.getKey( "webservice", "****".toCharArray() ) );
          ser.serialize( doc );
          System.out.println( sw.toString() );
          DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
          dbf.setNamespaceAware( true );
          dbf.setAttribute( "http://xml.org/sax/features/namespaces",
                  Boolean.TRUE );
          DocumentBuilder db = dbf.newDocumentBuilder();
          KeyStore ks2 = KeyStore.getInstance( KeyStore.getDefaultType() );
          ks2.load( Authenticator.class.getResourceAsStream( "/xportal.jks" ),
                  "lassie57".toCharArray() );
          Document doc2 = db.parse( new ByteArrayInputStream( sw.toString()
                  .getBytes() ) );
          org.w3c.dom.Element sig = (org.w3c.dom.Element) doc2
                  .getElementsByTagNameNS( Constants.SignatureSpecNS, "Signature" )
                  .item( 0 );
          XMLSignature xSig2 = new XMLSignature( sig, "" );
          X509Certificate cert2 = xSig2.getKeyInfo().getX509Certificate();
          X509Certificate clientCert = (X509Certificate) ks2
                  .getCertificate( "qnpc" );
          sw = new StringWriter();
          ser = new XMLSerializer( sw, of );
          ser.serialize( xSig2.getElement() );
          System.out.println( sw.toString() );
          KeyUtils.prinoutKeyInfo( xSig2.getKeyInfo(), System.out );
          System.out.println( sw.toString() );
          System.out.println( "Signed by QNPC?: " + cert2.equals( clientCert ) );
          System.out.println( "Valid?: " + xSig2.checkSignatureValue( cert2 ) );
      }

• How to implement an audit system to track ADF applications DML activity?

  We have implemented a complete audit system for one of our databases in order to keep history for every table and every value that has been modified.
  The solution that we currently have can be split into two discrete parts:
  1. Keeping a record of all connections to the db account
  This is achieved via a table ‘user_sessions’ into which we record data for every session in the database with the help of on-logon and on-logoff triggers and some PL/SQL procedures:
  Column name        |  Explanation
  -------------------|-------------------------------------------
  US_ID              | PK, based on a sequence
  SESSION_ID         | sys_context('USERENV' ,'SESSIONID')  
  USER_NAME          | sys_context('USERENV' ,'OS_USER')
  LOGON_TIME         | when the on-logon trigger fires
  LOGOFF_TIME        | when the on-logoff trigger fires
  USER_SCHEMA        | sys_context('USERENV' ,'SESSION_USER')
  IP_ADDRESS         | sys_context('USERENV' ,'IP_ADDRESS')
  us_id |session_id |user_name|user_sschema|ip_address|logon_time               |logoff_time     
  560066|8498062       |BOB      |ABD         |1.1.1.2   |14-SEP-06 03.51.52.000000|14-SEP-06 03.52.30.000000
  560065|8498061       |ALICE    |ABC         |1.1.1.1   |14-SEP-06 02.45.31.000000|14-SEP-06 04.22.43.0000002. Keeping the history of every change of data made by a given user
  For every table in the account there is a corresponding history table with all of the columns of the original table plus columns to denote the type of the operation (Insert, Delete, Update), start and end time of validity for this record (createtime, retiretime) and us_id (which points to the user_sessions table).
  The original table has triggers, which fire if there is an insert, update or delete and they insert the data into the corresponding history table. For every record inserted into a history table the us_id taken from the user_sessions table is recorded as well, allowing us to determine who has modified what data via the combination of these two tables.
  Below is an example of a table TASKS, the history related triggers and the history table TASKS_HIST.
  At the moment we are developing new applications by using ADF. Since there is an Application Module Pool and Database Connection Pool implemented for the ADF, one connection to the database could be used by several users at different moments of time. In that case the history records will point to a database session logged into the user_sessions table, but we will not know who actually modified the data.
  Could you, please, give us a suggestion, how we can know at any moment of time who (which of our users currently making use of an ADF application) is using a given database connection?
  By way of an example of the problem we are facing, here is how we solved the same problem posed by the use of Oracle Forms applications.
  When the user starts to work with a given Forms application, user_sessions table would attempt to record the relevant information about he user, but since the db session was created by the application server, would in actual fact record the username and ip address of the application server itself.
  The problem was easy to solve due to the fact that there is no connection pooling and when a user opens their browser to work with Forms applications, a db connection is opened for the duration of their session (until they close their browser window).
  In that case, the moment when the user is authenticated (they log in), there is a PL/SQL procedure called from the login Form, which updates the record in the user_sessions table with the real login name and ip address of the user.
  Example of a table and its ‘shadow’ history table
  CREATE TABLE TASKS (
       TASKNAME     VARCHAR2(40),
       DESCRIPTION  VARCHAR2(80)
  ALTER TABLE TASKS ADD (
       CONSTRAINT TASKS_PK PRIMARY KEY (TASKNAME));
  CREATE OR REPLACE TRIGGER TASKS_HISTSTMP
  BEFORE INSERT OR UPDATE OR DELETE ON TASKS
     BEGIN
       HISTORY.SET_OPERATION_TIME('TASKS');
     EXCEPTION
       WHEN OTHERS THEN
         ERROR.REPORT_AND_GO;
  END TASKS_HISTSTMP;
  CREATE OR REPLACE TRIGGER TASKS_WHIST
    AFTER INSERT OR UPDATE OR DELETE ON TASKS
    FOR EACH ROW
    BEGIN
  CASE
        WHEN INSERTING THEN
          UPDATE TASKS_HIST
             SET retiretime = HISTORY.GET_OPERATION_TIME
           WHERE createtime = (SELECT MAX(createtime)
                                 FROM TASKS_HIST
                                WHERE retiretime IS NULL AND TASKNAME=:NEW.TASKNAME)
             AND retiretime IS NULL AND TASKNAME=:NEW.TASKNAME;
          INSERT INTO TASKS_HIST (TASKNAME      ,DESCRIPTION      ,optype
                                  ,createtime                    
                                  ,us_id)
                 VALUES          (:NEW.TASKNAME ,:NEW.DESCRIPTION ,'I'
                                  ,HISTORY.GET_OPERATION_TIME    
                                  ,USER_SESSION.GET_USER_SESSIONS_ID);
        WHEN UPDATING THEN
          UPDATE TASKS_HIST
             SET retiretime = HISTORY.GET_OPERATION_TIME
           WHERE createtime = (SELECT MAX(createtime)
                                 FROM TASKS_HIST
                                WHERE TASKNAME=:OLD.TASKNAME) 
             AND TASKNAME=:OLD.TASKNAME;
          INSERT INTO TASKS_HIST (TASKNAME      ,DESCRIPTION      ,optype
                                  ,createtime
                                  ,us_id)
                 VALUES          (:NEW.TASKNAME ,:NEW.DESCRIPTION ,'U'
                                  ,HISTORY.GET_OPERATION_TIME
                                  ,USER_SESSION.GET_USER_SESSIONS_ID);
        ELSE
          UPDATE TASKS_HIST
             SET retiretime = HISTORY.GET_OPERATION_TIME
           WHERE createtime = (SELECT MAX(createtime)
                                 FROM TASKS_HIST
                                WHERE TASKNAME=:OLD.TASKNAME) 
             AND TASKNAME=:OLD.TASKNAME;
          INSERT INTO TASKS_HIST (TASKNAME      ,DESCRIPTION      ,optype
                                  ,createtime
                                  ,us_id)
                 VALUES          (:OLD.TASKNAME ,:OLD.DESCRIPTION ,'D'
                                  ,HISTORY.GET_OPERATION_TIME
                                  ,USER_SESSION.GET_USER_SESSIONS_ID);
      END CASE;
    EXCEPTION
      WHEN OTHERS THEN
        ERROR.REPORT_AND_GO;
  END TASKS_WHIST;
  CREATE TABLE TASKS_HIST (
       TASKNAME       VARCHAR2(40),
       DESCRIPTION    VARCHAR2(80),
       OPTYPE         VARCHAR2(1),
       CREATETIME     TIMESTAMP(6),
       RETIRETIME     TIMESTAMP(6),
       US_ID          NUMBER
  ALTER TABLE TASKS_HIST ADD (
       CONSTRAINT TASKS_HIST_PK PRIMARY KEY (TASKNAME, CREATETIME)
         );

  Frank,
  Thanks for your reply.
  I checked the site that you mentioned.
  I try the sample “demo with bundle. The sample worked.
  But it needed to start separately with the application.
  I do not know how to build a help system with the existed web application developed with Jdeveloper (It has two projects: model and user-view-control. It is deployed on Oracle Application server).
  Could you help me step by step to build the help system?

• How to implement a file system in my app?

  How to implement a file system in my app? So that we can connect to my iPhone via Finder->Go->Connect to Server. And my iPhone will show as a shared disk. Any ideas about it? Thanks.

  Hi Rain--
  From webdav.org:
  DAV-E is a WebDAV client for iPhone, with free and full versions. It provides remote file browsing via WebDAV, and can be used to upload pictures taken with the iPhone.
  http://greenbytes.de/dav-e.html
  http://www.greenbytes.de/tech/webdav/
  Hope this helps.

• How to implement row level security using external tables

  Hi All Gurus/ Masters,
  I want to implement row level security using external tables, as I'm not sure how to implement that. and I'm aware of using it by RPD level authentication.
  I can use a filter condition in my user level so that he can access his data only.
  But when i have 4 tables in external tables
  users
  groups
  usergroups
  webgrups
  Then in which table I need to give the filter conditions..
  Pl let me know this ...

  You pull the Group into a repository variable using a session variable init block, then reference that variable in the data filters either in the LTS directly or in the security management as Filters. You reference it with the syntax VALUEOF("NQ_SESSION.Variable Name")
  Hope this helps

• Webinar: How to implement secure scenarios with SAP NW PI 7.1

  SAP Intelligence Platform & NetWeaver RIG APJ Expert Call
  Dear valued SAP Experts,
  Next SAP Intelligence Platform & NetWeaver RIG Expert Call Session will take place on Tuesday, August 18.
  The SAP Intelligence Platform & NetWeaver RIG Expert Call Sessions are designed to support consultants, partners and customers  during their implementation projects. The sessions cover all different aspects of SAP NetWeaver and are aimed at
  thus provide knowledge which is not available via standard training courses. The session duration is typically 60min and includes questions and answers.
  Tuesday, August 18, 2009:
  How to implement secure scenarios with SAP NetWeaver Process Integration 7.1
  Time: 2.00 - 3.00 p.m. Singapore Time (UTC +8)
  This event will feature Makoto Sugishita with the SAP Intelligence Platform & NetWeaver Regional Implementation Group.
  Makoto provides the following abstract:
  In this session you will learn more about the core security concepts that are provided with the service-oriented architecture (SOA)
  management capabilities in SAP NetWeaver Process Integration (SAP NetWeaver PI). This session will cover main use cases and
  supported scenarios of secure SAP NetWeaver PI deployments. 
  SAP Connect Link: https://sap.emea.pgiconnect.com/I016095
  (no passcode needed)
  Dial in:
  For dial in details please register here http://www.surveymonkey.com/s.aspx?sm=EFeuZl9PxrwKOW5i5W556g_3d_3d
  Kind regards,
  Sarma Sishta
  SAP Intelligence Platform & NetWeaver RIG APJ

  hi,
  I'm making this a sticky thread till August 18 so it will have better visibility
  Regards,
  Michal Krawczyk

• How to implement secure help in SharePoint 2010?

  Hi,
  We are having a sharepoint site running over HTTPS. When I click on help link given on top right side, I get a security warning saying that only secure content content can be displayed. This is probably due to the non secure content(http) used by microsoft
  help.
  Can anyone please suggest how to implement microsoft help having secure content?
  Please see screenshot below:

  Yes office.microsoft.com URL works when I use https:// instead of http:// .
  Can you please let me know in which file this help function is used?
  Please provide me with an example if possible.