Implementing LCDS Security with MDD

Similar Messages

• Problem using Implementing Remote Panel Security with a Login Example Guide

  I'm having issues implementing a Remote Panel protected by username and password using this NI guide:
  Implementing Remote Panel Security with a Login Example
  Remotepanellogin.zip
  After login process using Login.vi, if the user has the right password, his IP will be included in the Webserver allowed access list and the user can open the web site which hosts the Main.vi. Ok.
  But if the user doesn't have the password, his IP will be denied!
  Here is the problem: Will his IP be denied at all including Login.vi? 
  I can't block access to Login.vi because even if the user entered a wrong password, he can still try login again....
  How can I configure a type of Allowed and Denied table using Webserver properties? For example:
  IP: 10.0.0.2 - Login.vi (allowed) - Main.vi (allowed) -> User entered a right password
  IP: 10.0.0.3 - Login.vi (allowed) - Main.vi (denied) -> User entered a wrong password
  Note: Login.vi must be visible and accessible always.
  These are the Implementing Remote Panel Security with a Login Example instructions:
  After you configure the VIs with the Web Publishing Tool, browse to the Remote Panel Login VI and run it. When this VI runs, LabVIEW gives remote panel access to all users, but they can view and control only this VI.
  If a user successfully logs in by supplying the Username of NI and password of labview (both are case sensitive) then LabVIEW gives remote panel access to the IP address specified in the Remote Panel Login VI only. That user can then browse to and run the Main VI.
  Thanks in advance!
  APrado
  Message Edited by APrado on 04-01-2009 08:21 AM

  I'm thinking about using the option Reentrant Execution (VI property > Category > Execution).
  Could anyone help me?
  Thanks.

• Issue with implementing Object Security in RPD (OBIEE 11g)

  Hello All,
  I am following these steps to implement Object Security, but it doesn't work. Please let me know what am I doing wrong here:
  1. I want to block a few presentation tables for the user 'weblogic'.
  2. I open the RPD in online mode and in the Identity Manager, for the application role 'BIAdministrator', I setup permissions 'no access' to these presentation tables. It asks me to 'Check Out' which I do.
  3. I check in the changes, save the RPD and deploy in back in EM.
  4. I login into OBIEE Answers using 'weblogic' user but alas these presentation tables are still available for me to use.
  I have tried looking for a solution on the internet before posting the solution here. Please don't ask me to read through the security setup guide because I have done that. Any specific answers are most welcome.
  Thanks in advance.

  Try this:
  Double click on the presentation table.
  Go to permissions and then revoke the access to BI Administrators.

• How implement security with jazn-data.xml file?

  Hi,
  I cannot implement the security user/role management in a web-app (Weblogic 10.3.6).
  web.xml (war file)
       <!-- Security JAAS -->
      <login-config>
          <auth-method>CLIENT-CERT</auth-method>
      </login-config>
      <security-constraint>
          <web-resource-collection>
              <web-resource-name>myApp</web-resource-name>
              <url-pattern>/pages/index.jsp</url-pattern>
          </web-resource-collection>
          <auth-constraint>
              <role-name>admin</role-name>           
          </auth-constraint>
      </security-constraint>
  jazn-data.xml (ear file)
  <?xml version="1.0" encoding="UTF-8"?>
  <!DOCTYPE jazn-data PUBLIC "JAZN-XML Data" "http://xmlns.oracle.com/ias/dtds/jazn-data.dtd">
  <jazn-data>
  <!-- JAZN Realm Data -->
  <jazn-realm>
      <realm>
          <name>myrealm</name>
          <users>               
              <user>
                  <name>admin</name>
                  <display-name>admin</display-name>
                  <credentials>!pwd</credentials>
              </user>           
          </users>
          <roles>     
              <role>
                  <name>admin</name>
                  <members>                   
                      <member>
                          <type>user</type>
                          <name>admin</name>
                      </member>
                  </members>
              </role>          
          </roles>
      </realm>
  </jazn-realm>
  <!-- Permission Class Data -->
  <jazn-permission-classes>
  </jazn-permission-classes>
  <!-- Principal Class Data -->
  <jazn-principal-classes>
  </jazn-principal-classes>
  <!-- Login Module Data -->
  <jazn-loginconfig>
  </jazn-loginconfig>
  </jazn-data>
  I need to set user/role in Weblogic console? :-S
  Thanks for reply,
  Matteo.

  hi "romanna"
  Part of the answer to "Can somebody point me out how I need to define security ..." can probably be found in the "Oracle ADF Developer's Guide" that has "18 Adding Security to an Application".
  success
  Jan

• What are the different options for implementing web security?

  Hi,
  Right now I am working on an internet website. We are using JSP for presentation and running Weblogic Application Server. I want to know different options for implementing website security. One of the options that I am aware of is to use LDAP. But we donot want to go and buy a LDAP Directory Server now. So I would really appreciate if somebody could let me know my choices here.
  Thanks in advance.

  Hi,
  If you are working on a Windows 2000 platform, the most obvious choice would be Active Directory Server as this is shipped free with Server 2000. It is LDAP compliant, although does have a few differences that set it apart from the other X500 standard based solutions which I will mention in a moment. Details on these differences can be found at http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnactdir/html/msdn_activedirvsnds.asp
  Other options are openldap, an open source implementation of an ldap server or iPlanet's Directory Server. If you are initially doing an evaluation, a trial version is available of the iPlanet software and can be downloaded from their site. I found this particularly easy to get to grips with and their is excellent documentation available. There is also an offering from Novell, but I have no experience of this.
  Hope this helps.
  Jon

• Advise on Security with JHeadstart

  Hi,
  I love this product! Our environment is new with Oracle, we're using 10.1.3 with OID and 10.1.2 with Portal 10.1.4. We want to use ADF to generate apps quickly and this product really helps. I need to know about security, however. Here's an example scenario:
  Employee tracks his or her 'Continuing Learning' activities in a db. I have tables as such:
  Employee
  Activity
  Activity_Type
  Cost_Center
  Position_Code
  Delegate
  An employee can 'delegate' the ability to enter/update his or her activities on his or her behalf. Anyone can see anyone else's activities (i.e. Default=Reader).
  My employee table has only the Emp_Id (pk), Cost_Center_Id (fk) and Position_Code_Id (fk) since the rest of the employee info (i.e. name) is in LDAP or OID in this case. My Delegate table is simply a join of one delegate to one or more employees.
  I am not a DBA, by the way.
  I need to know how to enable this scenario, securely, using SSO with OID/LDAP and be able to display using JHeadstart the employee information from LDAP. Can anyone point me in the right direction on this or tell me if it is possible?
  Thanks!
  Ginni at aero.org

  Dear Sandra,
  Thank you for a great article. I had some remarks (btw we're using JDeveloper 10.1.3.3, JHeadstart 10.1.3.2.41):
  1)When I tried implementing JAAS with CLM in JHeadstart with the help of the JHeadstart devguide, I couldn't get it to work. When perusing
  the JHeadstart documentation I found the following remark in the "New Features" document as a footnote:
  "Known Issues
  Following functionality not yet implemented or not yet working correctly
  · JAAS-based security types not yet implemented. "
  I'd recommend placing this in the "Known Issues" section of the Release Notes, rather than in the "New Features" document.
  When is a correct implementation of JAAS with CLM planned in JHeadstart (e.g. which quarter?)?
  2) I ended up setting the Security Type security setting to Custom and using the JHeadstart JHS_ tables for storing credentials/roles.
  (The devguide refers to this field as Authentication Type instead). When I tried invoking the setVPDContext method in the
  prepareSession, I got an error message: it turns out that in this phase, the JhsUser object is not yet known (because we're not using
  JAAS). When invoking setVPDContext in the setUser method, it worked fine. The only caveat is that the setUser method is deprecated.
  Could you please recommend another approach (e.g. overriding the authenticateUser(username,password) instead, and invoking the
  setVPDContext from within this method).
  3) When I first set the Security Type to JAAS with CLM, and generated the application using JAG, a number of elements were added to the
  web.xml. Subsequently, I had to set the Security Type to "Custom", and re-generate the application, these elements were not correctly
  removed/replaced. I had to manually correct this.
  In general, I noticed that in JDeveloper, files are left in an inconsistent state when changing certain settings or options. Needless to
  say, this causes delay (not to mention aggravation) in projects.
  Regards,
  Ibrahim

• Data level Security with Oracle Apps as Source

  Hi all
  I am implementing Data level Security with Apps as Source(OLTP) on Single Sign On.(Oracle has provided the Vanila rpd & we are working on that)
  I need to Filter data based on Business Group, Users are created in Apps and they are registered with some Responsibilities.
  (for eg, OBI User CHINA is a Responsibility; Now he will get only Business Group ID for China)
  I have created Groups in rpd with same name as the responsibility in Apps.
  I have created Initialization Blocks from which I m getting only 1 business group ID for every :USER.(I tried the code in TOAD & I m getting the correct BG ID)
  I have created Group in WEB with the same name as the Group name in rpd.
  If I say show all Users and Groups in WEB, I m getting the APPS Users.
  I hv Reloaded the server metadata files and restarted the BI Server/WEB Server also...
  But in the Report, I m getting all the Business Group Ids,
  Plz advice if I m doing something wrong.
  ThanQ
  Anand

  You need to be creating your "business groups" as a group in the RPD, init blocks to retrieve the user business group at login. Filters in the Logical table sources to restrict data to relevant business groups only.
  Presentation 'Web Cat' groups with the same name as the RPD groups so a user inherits membership automatically.
  I'd suggest sourcing a vanilla OBIA rpd to see how it is implemented out of the box.

• Java Web Services Security with 10.1.2.1

  I have developed a Java Web Service with J Developer 10.1.2.1 which was deployed onto Oracle 10.1.2.1 application server. Now I have to implement Security for this Web Service (similar to ws-security etc.,), how I can achieve Security with 10.1.2.1?
  J Developer 10.1.3.1 seems to have the feature to implement Web Service Security, but a Java Web Service developed using J Developer 10 .1.3.1 with security enabled cannot be deployed onto Oracle 10.1.2.1 application server.
  Please help as how I can implement Java Web Service Security with 10.1.2.1?
  Email: [email protected]
  Thanks for the help in advance.

  You can use Oracle Web Services Manager to virtualize the end point and still implement WS-Security.
  Thanks
  Ram

• Configure security with principals.xml

  Hello!
  I'm trying to configure security in Oracle IAS 9.0.4. I have two applications into an OC4J instance. I've configured an admin user with RMI connection permission in the intance's principals.xml file. I've configured another admin user with RMI connection permission in each of the applications' principals.xml.
  One of the applications is trying to connect via JMS to other's queue, but it can't. If I execute a Junit external test, I get an invalid username/password error, but from the first application I get an NameNotFoundException because it says it can't locate my ConnectionFactory class.
  I've configured the ConnectionFactory class and queue properly in instance's jms.xml file.
  I have two questions. First question is why I get different error messages depending from where I try to connect to? Second question is what's the better way to configure security with principals.xml if I want to share user's configuration across applications inside an OC4J instance?
  I have to mention that with an OC4J standalone deployment I had no problem and all worked fine, so I suspect I've missconfigured something at IAS, but I didn't found any document explaining inheritance clearly neither principals.xml at instance - applications context.
  Thank you in advance.
  Eva.

  We don't use principals.xml any more and have adopted the use of the JAAS, via our implementation which goes under the moniker of JAZN.
  I'd have a peruse through the OC4J Security guide as a good starting point:
  http://download.oracle.com/docs/cd/B32110_01/web.1013/b28957/toc.htm
  The general J2EE doc library is here:
  http://download.oracle.com/docs/cd/B32110_01/web.htm
  -steve-

• How to resolve Issues while implement gateway security by using reginfo,secinfo?

  Hi,
  I want to implement gateway security using  gw/reg_info,  gw/sec_info,  gw/reg_no_conn_info.
  so far I have created reginfo and secinfo files to allow all internal traffic and I kept gw/reg_no_conn_info=11, gw/acl_mode=1
  reginfo
  ======
  #VERSION=2
  P TP=*,HOST=local
  P TP=*,HOST=internal
  P TP=*,HOST=*.abc.com
  with the above setting I believe all the programs with in sap systems(including app servers), also system from domain abc.com can register programs with out having any issues.
  secinfo:
  ======
  #VERSION=2
  P TP=* USER=* USER-HOST=local HOST=local
  P TP=* USER=* USER-HOST=internal HOST=internal
  similarly  as per secinfo content I believe that all the internal traffic can go with out any issue with in sap system.
  beside that I have activated gateway logging to find the rejecting connections if any.
  I have following questions:
  ===================
  1)As the reginfo,secinfo files maintained can I remove gw/acl_mode=1 parameter ?
  2)if I want to add a specific programs to register from 3rd party system, suppose a program called "zram" from system "172.198.10.1" where I suppose to add it. Do I need to add that IP to secinfo along with reginfo?
  3)when I set parameter gw/reg_no_conn_info=11 when convert to binary it equals to 00001011
  what exactly this means from the following definitions from note 1444282
  1 1298433 Bypassing security in reginfo & secinfo
  2 1434 117 Bypassing sec_info without reg_info
  4 1465129 CANCEL registered programs
  8 1473017 Uppercase/lowercase in the files reg_info and sec_info
  will that means 8+2+1 means satisfying the above 3 lines except condition 4 ?
  4) I enabled  gateway logging, how could I catch rejecting connections from third party systems?
  5)From simulation mode I got to know that It will satisfy reginfo,secinfo restrictions and it will allow all other traffic.so what is the added advantage with this when activate?
  6)is there any sap native tools which help while preparing reginfo, secinfo files?
  Regards,
  Koteswararao.Davuluri(Koti).

  Hi,
  Here is answers for questions 4 and 5.
  4) I enabled  gateway logging, how could I catch rejecting connections from third party systems?
  SMGW->Goto->Expert functions->logging
  In the above path if you select security->(under that)->Rejected access only
  when you select that it should show you the connections getting rejected.
  5)For simulation mode you have 2 options. you can activate directly from the above path.Other option  if you maintain gw/sim_mode = 1  that will make the permanent simulation mode. But once after all the entries set in reginfo you have to disable simulation mode. with secinfo you will not have much problems.
  After doing steps 4, 5 you can see rejected entries in Gateway log.

• Implementing port security

  i have about a dozen2960 that i wish to implement port security. Some users tend to bring their own router and cause mayhem to the network. I've tried DHCP snooping, dont seem to work and port security testing on a few ports work well.
  What are the recommended steps? All are connected with users and all ports are already in use.
  - Some ports already have a few mac address in the tables thus i cant say do a across the board implement say "switchport port-security maximum 3".
  - It's tedious to go switch by switch, port by port
  - Any mechnism that can convert sticky to static with "switchport port-security mac-address sticky" first then convert them to static since the network is ok now.

  The poster above raised some excellent points about an "IT Acceptable Policy". I wouldn't want people allowed to bring in random network eqiupment just plugging it in all willy nilly.
  With DHCP Snooping, you need to understand, that all ports will be untrusted by default. So you need to make sure the only ports that are trusted are trunk ports, that lead to a DHCP server, and the port connected to the DHCP server. Also, you may or may not have to deal with Option 82, which you have two options. You can either turn if off from being checked at the router, or instruct the switch to not install the option to being with in DHCP Discover packets.
  When you enable DHCP Snooping, this will create teh DHCP Snooping database, which will keep track of the DHCP assigned IP address, and the MAC address assigned to each port.
  If you have users who bring in their own switches, find out who they are, and just watch the MAC addresses associated with the port, and then you can adjust port security appropraitely.
  It sounds like you may have a hard time, since they don't seem to really care about security at this place.
  Personally, if it were me, all ports would have BPDU Guard that should, at a minimum. You can always setup 'errdisable recovery' to deal with the recovering of ports that have been disabled automatically.

• Three part blog about Reducing the Cost to Implement a Security Plan

  Part 3 of a great blog done by in AlienVault Support who has "heard it all" about the problems SMBs have in implementing a security plan with small budgets. Kenneth offers lots of practical and helpful advice for IT and security practitioners.
  https://www.alienvault.com/blogs/security-essentials/third-step-in-reducing-the-cost-to-implement-a-...
  This topic first appeared in the Spiceworks Community

  hi Elistariel -
  With no texting plan, it is 25 cents per picture message. The LG VX5500 (same phone my daughter has) does not use a memory card, so you can try two different programs on your computer (both free) and see if either one will get the pics off and saved on your computer; from there you can upload to your online album without a per picture charge.
  You can try Verizon's VCast media manager - download and install it on your computer, then use the USB cable to link the phone to the computer and transfer the pics with VCast.
  Here's a link
  A third party program called BitPim will also work, but it's more technical and does a lot more than just transfer your media. It can also brick your phone if you don't know what you are doing, so it's "use at your own risk", as Verizon won't cover any losses due to using BitPim. It does work though--I have used it, very cautiously!

• Implementing a secure servlet

  Hi all,
  I am stuck about implementing this! My web site is implemented using static HTML pages and hosted on Apache server. I have a separate application server that runs my dynamic applications. In my web site, I have a contact us form with action as a simple servlet. Everything works fine and servlet does its purpose. But there is security issue with this. Anybody can access my servlet using the URL. Anybody can view source my page, get the servlet URL and can spam! I need to make this secure.
  Any thoughts on this issue would be great.
  Thanks and Regards,
  Abdel Olakara
  [http://technopaper.blogspot.com|http://technopaper.blogspot.com]

  Olakara wrote:
  Yawmark, your thinking correct with my context. I am more concerned with the user side and not the bots. I am having a look at spring but is there any simple way (with out using any frameworks?).Personally, I think using Spring Security is the simple way, rather than trying to think through and design an effective security model on one's own, only to come up with a poor imitation of an existing framework. :o)
  Security is not a simple subject, and "implementing a secure servlet" is not a simple matter. At least, not to my reckoning.
  ~

• Implementing a Webservice with AXIS, which calls CORBA objects

  Hi @all!
  First my aim is it to invoke a Webservice by a Client. As toolkit for developing this Webservice I use AXIS 1.0. This Webservice in turn should establish a CORBA connection to a third application.
  A direct access to the CORBA objects without the AXIS Webservice works fine. The Webservice without the Corba access is also running errorfree.
  When trying to implement a Webservice with AXIS, which calls CORBA objects following fault was generated:
  "internal Server Error(500)".
  Are there known problems with AXIS in conjunction with CORBA?

  Okay here's the error log file:
  1000 of lines, which aren't very helpful for me.
  As ORB I use JacORB.
  AxisFault
  faultCode: {http://xml.apache.org/axis/}HTTP
  faultString: (500)Internal Server Error
  faultActor: null
  faultDetail:
       null: return code: 500
  <html><head><title>Apache Tomcat/4.1.18 - Error report</title><STYLE><!--H1{font-family : sans-serif,Arial,Tahoma;color : white;background-color : #0086b2;} H3{font-family : sans-serif,Arial,Tahoma;color : white;background-color : #0086b2;} BODY{font-family : sans-serif,Arial,Tahoma;color : black;background-color : white;} B{color : white;background-color : #0086b2;} HR{color : #0086b2;} --></STYLE> </head><body><h1>HTTP Status 500 - </h1><HR size="1" noshade><p><b>type</b> Exception report</p><p><b>message</b> <u></u></p><p><b>description</b> <u>The server encountered an internal error () that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>javax.servlet.ServletException: Servlet execution threw an exception
       at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:269)
       at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:193)
       at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:260)
       at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643)
       at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)
       at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
       at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
       at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643)
       at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)
       at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
       at org.apache.catalina.core.StandardContext.invoke(StandardContext.java:2415)
       at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:180)
       at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643)
       at org.apache.catalina.valves.ErrorDispatcherValve.invoke(ErrorDispatcherValve.java:170)
       at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
       at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:172)
       at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
       at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)
       at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
       at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:174)
       at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643)
       at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)
       at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
       at org.apache.coyote.tomcat4.CoyoteAdapter.service(CoyoteAdapter.java:223)
       at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:432)
       at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:386)
       at org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:534)
       at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:530)
       at java.lang.Thread.run(Thread.java:484)
  </pre></p><p><b>root cause</b> <pre>java.lang.NoClassDefFoundError: org/omg/PortableServer/POAOperations
       at java.lang.Class.forName0(Native Method)
       at java.lang.Class.forName(Class.java:195)
       at org.apache.axis.utils.ClassUtils$2.run(ClassUtils.java:187)
       at java.security.AccessController.doPrivileged(Native Method)
       at org.apache.axis.utils.ClassUtils.loadClass(ClassUtils.java:171)
       at org.apache.axis.utils.ClassUtils.forName(ClassUtils.java:154)
       at org.apache.axis.utils.cache.ClassCache.lookup(ClassCache.java:122)
       at org.apache.axis.providers.java.JavaProvider.getServiceClass(JavaProvider.java:502)
       at org.apache.axis.providers.java.JavaProvider.initServiceDesc(JavaProvider.java:535)
       at org.apache.axis.handlers.soap.SOAPService.getInitializedServiceDesc(SOAPService.java:322)
       at org.apache.axis.deployment.wsdd.WSDDService.makeNewInstance(WSDDService.java:477)
       at org.apache.axis.deployment.wsdd.WSDDDeployableItem.getNewInstance(WSDDDeployableItem.java:312)
       at org.apache.axis.deployment.wsdd.WSDDDeployableItem.getInstance(WSDDDeployableItem.java:298)
       at org.apache.axis.deployment.wsdd.WSDDDeployment.getServiceByNamespaceURI(WSDDDeployment.java:503)
       at org.apache.axis.configuration.FileProvider.getServiceByNamespaceURI(FileProvider.java:273)
       at org.apache.axis.MessageContext.getPossibleOperationsByQName(MessageContext.java:226)
       at org.apache.axis.message.BodyBuilder.onStartChild(BodyBuilder.java:150)
       at org.apache.axis.encoding.DeserializationContextImpl.startElement(DeserializationContextImpl.java:893)
       at org.apache.xerces.parsers.AbstractSAXParser.startElement(AbstractSAXParser.java:459)
       at org.apache.xerces.parsers.AbstractXMLDocumentParser.emptyElement(AbstractXMLDocumentParser.java:221)
       at org.apache.xerces.impl.XMLNamespaceBinder.handleStartElement(XMLNamespaceBinder.java:874)
       at org.apache.xerces.impl.XMLNamespaceBinder.emptyElement(XMLNamespaceBinder.java:591)
       at org.apache.xerces.impl.XMLDocumentFragmentScannerImpl.scanStartElement(XMLDocumentFragmentScannerImpl.java:747)
       at org.apache.xerces.impl.XMLDocumentFragmentScannerImpl$FragmentContentDispatcher.dispatch(XMLDocumentFragmentScannerImpl.java:1477)
       at org.apache.xerces.impl.XMLDocumentFragmentScannerImpl.scanDocument(XMLDocumentFragmentScannerImpl.java:329)
       at org.apache.xerces.parsers.DTDConfiguration.parse(DTDConfiguration.java:525)
       at org.apache.xerces.parsers.DTDConfiguration.parse(DTDConfiguration.java:581)
       at org.apache.xerces.parsers.XMLParser.parse(XMLParser.java:152)
       at org.apache.xerces.parsers.AbstractSAXParser.parse(AbstractSAXParser.java:1175)
       at javax.xml.parsers.SAXParser.parse(SAXParser.java:394)
       at org.apache.axis.encoding.DeserializationContextImpl.parse(DeserializationContextImpl.java:232)
       at org.apache.axis.SOAPPart.getAsSOAPEnvelope(SOAPPart.java:546)
       at org.apache.axis.Message.getSOAPEnvelope(Message.java:377)
       at org.apache.axis.server.AxisServer.invoke(AxisServer.java:304)
       at org.apache.axis.transport.http.AxisServlet.doPost(AxisServlet.java:701)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:760)
       at org.apache.axis.transport.http.AxisServletBase.service(AxisServletBase.java:335)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
       at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:247)
       at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:193)
       at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:260)
       at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643)
       at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)
       at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
       at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
       at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643)
       at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)
       at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
       at org.apache.catalina.core.StandardContext.invoke(StandardContext.java:2415)
       at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:180)
       at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643)
       at org.apache.catalina.valves.ErrorDispatcherValve.invoke(ErrorDispatcherValve.java:170)
       at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
       at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:172)
       at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
       at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)
       at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
       at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:174)
       at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643)
       at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)
       at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
       at org.apache.coyote.tomcat4.CoyoteAdapter.service(CoyoteAdapter.java:223)
       at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:432)
       at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:386)
       at org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:534)
       at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:530)
       at java.lang.Thread.run(Thread.java:484)
  </pre></p><HR size="1" noshade><h3>Apache Tomcat/4.1.18</h3></body></html>
  (500)Internal Server Error
       at org.apache.axis.transport.http.HTTPSender.readFromSocket(HTTPSender.java:630)
       at org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:131)
       at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:71)
       at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:156)
       at org.apache.axis.SimpleChain.invoke(SimpleChain.java:126)
       at org.apache.axis.client.AxisClient.invoke(AxisClient.java:182)
       at org.apache.axis.client.Call.invokeEngine(Call.java:2113)
       at org.apache.axis.client.Call.invoke(Call.java:2102)
       at org.apache.axis.client.Call.invoke(Call.java:1851)
       at org.apache.axis.client.Call.invoke(Call.java:1777)
       at org.apache.axis.client.Call.invoke(Call.java:1315)
       at CsbClient.main(CsbClient.java:82)
  [INFO] enterprise - -Mapping Exception to AxisFault <(500)Internal Server Error>
  (WSDDDeployableItem.java:312)
       at org.apache.axis.deployment.wsdd.WSDDDeployableItem.getInstance(WSDDDeployableItem.java:298)
       at org.apache.axis.deployment.wsdd.WSDDDeployment.getServiceByNamespaceURI(WSDDDeployment.java:503)
       at org.apache.axis.configuration.FileProvider.getServiceByNamespaceURI(FileProvider.java:273)
       at org.apache.axis.MessageContext.getPossibleOperationsByQName(MessageContext.java:226)
       at org.apache.axis.message.BodyBuilder.onStartChild(BodyBuilder.java:150)
       at org.apache.axis.encoding.DeserializationContextImpl.startElement(DeserializationContextImpl.java:893)
       at org.apache.xerces.parsers.AbstractSAXParser.startElement(AbstractSAXParser.java:459)
       at org.apache.xerces.parsers.AbstractXMLDocumentParser.emptyElement(AbstractXMLDocumentParser.java:221)
       at org.apache.xerces.impl.XMLNamespaceBinder.handleStartElement(XMLNamespaceBinder.java:874)
       at org.apache.xerces.impl.XMLNamespaceBinder.emptyElement(XMLNamespaceBinder.java:591)
       at org.apache.xerces.impl.XMLDocumentFragmentScannerImpl.scanStartElement(XMLDocumentFragmentScannerImpl.java:747)
       at org.apache.xerces.impl.XMLDocumentFragmentScannerImpl$FragmentContentDispatcher.dispatch(XMLDocumentFragmentScannerImpl.java:1477)
       at org.apache.xerces.impl.XMLDocumentFragmentScannerImpl.scanDocument(XMLDocumentFragmentScannerImpl.java:329)
       at org.apache.xerces.parsers.DTDConfiguration.parse(DTDConfiguration.java:525)
       at org.apache.xerces.parsers.DTDConfiguration.parse(DTDConfiguration.java:581)
       at org.apache.xerces.parsers.XMLParser.parse(XMLParser.java:152)
       at org.apache.xerces.parsers.AbstractSAXParser.parse(AbstractSAXParser.java:1175)
       at javax.xml.parsers.SAXParser.parse(SAXParser.java:394)
       at org.apache.axis.encoding.DeserializationContextImpl.parse(DeserializationContextImpl.java:232)
       at org.apache.axis.SOAPPart.getAsSOAPEnvelope(SOAPPart.java:546)
       at org.apache.axis.Message.getSOAPEnvelope(Message.java:377)
       at org.apache.axis.server.AxisServer.invoke(AxisServer.java:304)
       at org.apache.axis.transport.http.AxisServlet.doPost(AxisServlet.java:701)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:760)
       at org.apache.axis.transport.http.AxisServletBase.service(AxisServletBase.java:335)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
       at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:247)
       at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:193)
       at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:260)
       at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643)
       at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)
       at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
       at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
       at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643)
       at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)
       at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
       at org.apache.catalina.core.StandardContext.invoke(StandardContext.java:2415)
       at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:180)
       at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643)
       at org.apache.catalina.valves.ErrorDispatcherValve.invoke(ErrorDispatcherValve.java:170)
       at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
       at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:172)
       at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
       at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)
       at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
       at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:174)
       at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643)
       at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)
       at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
       at org.apache.coyote.tomcat4.CoyoteAdapter.service(CoyoteAdapter.java:223)
       at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:432)
       at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:386)
       at org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:534)
       at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:530)
       at java.lang.Thread.run(Thread.java:484)
  </pre></p><HR size="1" noshade><h3>Apache Tomcat/4.1.18</h3></body></html>
  (500)Internal Server Error
       at org.apache.axis.transport.http.HTTPSender.readFromSocket(HTTPSender.java:630)
       at org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:131)
       at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:71)
       at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:156)
       at org.apache.axis.SimpleChain.invoke(SimpleChain.java:126)
       at org.apache.axis.client.AxisClient.invoke(AxisClient.java:182)
       at org.apache.axis.client.Call.invokeEngine(Call.java:2113)
       at org.apache.axis.client.Call.invoke(Call.java:2102)
       at org.apache.axis.client.Call.invoke(Call.java:1851)
       at org.apache.axis.client.Call.invoke(Call.java:1777)
       at org.apache.axis.client.Call.invoke(Call.java:1315)
       at CsbClient.main(CsbClient.java:82)
  Exception in thread "main"

• Using beforeTrigger to implement VPD security model - any suggestions?

  Hi,
  I'm investigating using the beforeTrigger in a data set to implement VPD security. The idea is that a parameter containing the username would be passed to the beforeTrigger pl/sql function to set the user context for that database session. I got this to work in a small prototype, but ran into a couple of what seem to be significant restrictions.
  1) The pl/sql package I name in the dataTemplate defaultPackage must contain a global variable for each report parameter. In my case I'm passing the username to the pl/sql method as an bind variable argument, so I don't need/want any global variables. This is a major problem as we will have lots of reports all with different parameters. I want to bind the parameters using the :PARAM bind variable in the queries themselves.
  Is there a way to avoid having to make each parameter a global variable?
  2) We will need the ability to call various pl/sql packages in different reports. The following ER makes it sound as if this is not possible - but I haven't actually tested it out:
  Bug# 6472921 - ALLOW FUNCTION CALL OUTSIDE OF DEFAULT PACKAGE IN DATA TEMPLATE
  Is it required that all of the pl/sql calls for a data set be within the same pl/sql package?
  I've included my dataTemplate below for reference.
  If anyone has experience establishing VPD security for a data set using this technique or another, I'm interested in hearing what you recommend.
  Thanks,
  Leslie
  <dataTemplate name="TARGET_DATA_TEMPLATE" defaultPackage="MGMT_IP">
  <properties>
  <property name="debug_mode" value="on"/>
  </properties>
  <parameters>
  <parameter name="EMUSER" dataType="character" defaultValue="THREE"/>
  </parameters>
  <dataTrigger name="beforeReport" source="MGMT_IP.IPSETUSERCONTEXT(:EMUSER)"/>
  <dataQuery>
  <sqlStatement name="Q1">select TARGET_TYPE as TARGET_TYPE, TARGET_NAME
  as TARGET_NAME from mgmt$target order by TARGET_TYPE</sqlStatement>
  </dataQuery>
  <dataStructure>
  <group name="G1" source="Q1">
  <element name="TTTYPE" value="TARGET_TYPE"/>
  <element name="TNAME" value="TARGET_NAME"/>
  </group>
  </dataStructure>
  </dataTemplate>

  Hi Leslie,
  Step 1.
  Setup the VPD policy in database,
  Create some proxy users, and create data sources and try querying, by login in with the different users.
  You should be able to get the different results based on user logged in.
  Step 2:
  Package in data template.
  for each report, you need to create separate package.
  And the parameters in the report should be declared as Global variables in the report.
  And once the trigger calls the package, then i guess, package has control to call other packages inside the database.
  You can write all the function in the default package.
  Is it required that all of the pl/sql calls for a data set be within the same pl/sql package?
  I guess, yes as of now. if you need anything outside this default, you can call them in the default package like a wrapper may be.
  This is what i can think right now.
  Will try my luck on this and let you know :) in details.