Is that possible to publish a security policy in registry???

Similar Messages

• Change security policy on passthrough proxy-service?

  I've an business-service which is secured by a OWSM policy. The business-service is exposed as a proxy-passthrough (a long with the OWSM policy).
  Is it possible to change the security policy for the proxy-service (which is exposing the OWSM policy secured business service) to some other policy or 'just' basic authentication??
  Cheers
  Søren
  Edited by: user4177402 on 2013-02-21 23:03

  Try using quotation marks:
  gpedit.msc /gpcomputer:"target"
  MCTS - Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
  http://mariusene.wordpress.com/

• How do I resolve this error in Safari Your page is blocked due to a security policy that prohibits access to Category Remote Proxies"?

  I'm trying to access several pages and keep geting "Your page is blocked due to a security policy that prohibits access to Category Remote Proxies" After going over all my security stuff I just can't find where I would correct the error.
  Is there anyone who could help me?
  Thanks
  Fr. Gary

  very strange,
  1. check time and date on your computer
  2. reset network configuration, make sure there are no proxy servers and you get DNS from your router not manual
  3. Reset certificates database
  Go to Terminal (Applications>Utilities)
  sudo rm /var/db/crls/*cache.db
  (you will be prompted for your password)
  and reboot the computer
  post back

• Soasuite security policy that is equivalent of client-cert in web.xml

  Can somebody suggect soasuite security policy that is equivalent of "client-cert in web.xml.?
  We have authentication providers in weblogic to authenticate when "client-cert" is specified in web.xml. I am trying to find out is there a security policy in soasuite (11.1.1.6) that mimics/equivalent of "client-cert".
  Please help.

  Can somebody suggect soasuite security policy that is equivalent of "client-cert in web.xml.?
  We have authentication providers in weblogic to authenticate when "client-cert" is specified in web.xml. I am trying to find out is there a security policy in soasuite (11.1.1.6) that mimics/equivalent of "client-cert".
  Please help.

• Could someone please explain to me how to set-up my Apple ID so that both my password AND security questions have to be answered before access is granted? Is this possible? I am not very computer smart, so could you explain step-by-step!Very Appreciated!

  Could someone please explain to me how to set-up my Apple ID so that both my password AND security questions have to be answered before access is granted? Is this possible? I am not very computer smart, so could you explain step-by-step!Very Appreciated!

  The security questions will only be asked on the first purchase on a computer or device (though people have occasionally posted that they've asked for them when it isn't the first time) - I'm not aware of any way to change that. You can force the password to be required on your iPad via Settings > General > Restrictions > Require Password set to 'Immediately' (the default is a 15 minute period during which it doesn't need re-entering)

• HT4623 Do I need to update my iphone4 because of the security issue that has been published lately?

  Do I need to update my iphone4 because of the security issue that has been published lately?

  Your profile shows you have a 4S with 7.0.6. That is the most current update. Do you also have a 4 that you haven't updated? If so, you should update it too.

• Invoke a business service base in a WSDL with customer WS-Security Policy

  Customer write a Web service (Refer to the attachment file “HTTPS_PartyServicePortType.WSDL”)which declare a WS-Security Policy and apply this it to WS binding ,How can I generate a business service base in this WSDL and invoke it successfully?
  When create a business service in OSB, we get a error with below messages
  [[OSB Kernel:398133]The service is based on WSDL with Web Services Security Policies that are not natively supported by Oracle Service Bus. Please select OWSM Policies - From OWSM Policy Store option and attach equivalent OWSM security policy. For the Business Service, either you can add the necessary client policies manually by clicking Add button or you can let Oracle Service Bus automatically pick and add compatible client policies by clicking Add Compatible button.
  After enhanced the OSB domain with OWSM extension, we found the OOTB OWSM defined cannot support the HttpsToken and OSB cannot support below WS-Policy defined in OWSM, refer to http://docs.oracle.com/cd/E21764_01/doc.1111/e15866/owsm.htm#OSBDV1681
  51.2.8.1 Unsupported Assertion
  •     binding-permission-authorization
  •     http-security
  •     OptimizedMimeSerialization (MTOM)
  •     RMAssertion (Reliable Messaging)
  •     sca-component-authorization
  •     sca-component-permission-authorization
  •     UsingAddressing
  •     wss-saml-token-bearer-over-ssl (Authentication)
  it means that we cannot generate a web service with customer WS-security Policy
  The WS-Security Policy is shown as below:
  <wsp:Policy wsu:Id="WSHttpBinding_IPartyServicePortType_policy">
  <wsp:ExactlyOne>
  <wsp:All>
  <sp:TransportBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
  <wsp:Policy>
  <sp:TransportToken>
  <wsp:Policy>
  <sp:HttpsToken RequireClientCertificate="false"/>
  </wsp:Policy>
  </sp:TransportToken>
  <sp:AlgorithmSuite>
  <wsp:Policy><sp:Basic256/></wsp:Policy>
  </sp:AlgorithmSuite>
  <sp:Layout><wsp:Policy><sp:Strict/></wsp:Policy></sp:Layout>
  </wsp:Policy>
  </sp:TransportBinding>
  <wsaw:UsingAddressing/>
  </wsp:All>
  </wsp:ExactlyOne>
  </wsp:Policy>
  BestRegards!
  Simon

  Hi
  According to
  http://e-docs.bea.com/wls/docs90/webserv/annotations.html#1050414
  If you are going to publish the policy file in the Web Service archive, the policy XML file must be located in either the META-INF/policies or WEB-INF/policies directory of the EJB JAR file (for EJB implemented Web Services) or WAR file (for Java class implemented Web Services), respectively.
  Can you make sure the policy file is in there?
  Also there is a sample from the developer at http://dev2dev.bea.com/blog/jlee/archive/2005/09/how_to_use_anno.html
  Vimala-

• Cisco NAC web agent Network Security Policy

  I have a computer with an installed McAfee Antivirus that us up to date. However, each time try to access one of my client's server via VPN, I successfully connect to VPN using Cisco Anyconnnect but whenever I try to download the web agent and the device security check is being run, I get the feedback "Host is not compliant with network security policy". It also tells me a Remediation description of "please update your antivirus". (see attached screenshot)
  Please note that I already have my McAfee antivirus updated and I have done everything to keep my computer in good shape in terms of security.
  What is the possible cause for this?

  That means the CAM hasn't received an SNMP trap for that MAC address.  Double-check that the WLC is set up to send traps to the CAM: http://www.cisco.com/en/US/docs/security/nac/appliance/configuration_guide/47/cam/m_woob.html#wp1290626
  You can see if the CAM's received a trap for a specific MAC by looking under OOB Management > Devices > Discovered Clients.

• NAC appliance(security policy/update-files)

  Does anyone know something concerning to the following issues?
  Please teach me what I can refer to on the WEB,if possible.
  1. Is there any way to apply the policy(checking OS/AV) to the kind of client devices which CAA hadn't been installed such like guest user?
  2. Is it possible that NAC appliance does clients only "port-scanning" (not checking OS/AV)?
  3. If user-company already has their own "Anti-Virus Server" or "Windows-update Server", can CAM refer to their servers(not Cisco's policy-update-server) to get current update files?
  4. How long does it take the update-files become available via Cisco's policy-update-server after each OS/AV-vender had released them?
  Regards

  No, we should install Cisco Trust agent S/W in order to collect the information about the OS versions, AV versions etc to the Policy server. And based on the security policy of the organisation, we can communicate with the AV vendors like symmntac, Mcafee servers directly for the latest patches and updates.

• How to attach a security policy to separate webservice?

  If i have a WebService with a lot of operations. Is it possible to attach any security not to whole Webservice, but to separate operations only?
  EM shows Policies->Attach to -> Webservice. So, is it means - that security may be attached only to all webservice operations in the moment?

  Hi and Welcome to the Community!
  Since you have balance, and the issue is in your Work domain, you need to work with your server admins, as it's possible they are forbidding (via IT Policy) the ability to do as you desire.
  Good luck!
  Occam's Razor nearly always applies when troubleshooting technology issues!
  If anyone has been helpful to you, please show your appreciation by clicking the button inside of their post. Please click here and read, along with the threads to which it links, for helpful information to guide you as you proceed. I always recommend that you treat your BlackBerry like any other computing device, including using a regular backup schedule...click here for an article with instructions.
  Join our BBM Channels
  BSCF General Channel
  PIN: C0001B7B4   Display/Scan Bar Code
  Knowledge Base Updates
  PIN: C0005A9AA   Display/Scan Bar Code

• Difficulties loading custom security Policy object.....

  I just finished reading the white paper entitled �When java.policy Just Isn�t Good Enough� and I found a lot of good information for creating my own extension of java.security.Policy. I�m having a difficult time figuring out how to (best) load the policy, and I�ll explain why, but first I�d like to make sure that I�m extending the Policy class correctly. Don�t worry, I�ll be as brief as possible. My class looks something like this with a few more permissions than what i've included here (for brevity):
  public class MyPolicy extends Policy {
              private static MyPolicy INSTANCE = new MyPolicy();
              private PermissionCollection perms = new Permissions();
              private MyPolicy() {
                          constructPerms();
              public static MyPolicy getInstance() {
                          return INSTANCE;
              public PermissionCollection getPermissions(CodeSource arg0) {
                          return perms;
              public void refresh() {
                          // permissions won't change, so nothing necessary here!
              public void constructPerms() {
                          // I�m adding other permissions, but here are a few basic ones just for the idea:
                          perms.add(new PropertyPermission("java.version", "read"));
                          perms.add(new PropertyPermission("java.vendor", "read"));
                          perms.add(new PropertyPermission("java.vendor.url", "read"));
  }I have this class in a package that will reside inside of a jar on the target machine. The jar will be wrapped in an executable, and we�ll be distributing a JRE directory that will reside in the same (installation) directory as the executable. I�m not sure how to specify this as my Policy implementation on startup of the JVM. For security reasons, I want to rely as little as possible on security stuff outside of my exe-wrapped-jarfile. I can pass whatever parameters I want to the JVM, including �Xbootclasspath, but I�m not sure what I need to get things working this way.
  I tried another approach. I don�t really like it, but I just wanted to try it this way to test my Policy implementation. I edited my java.policy file to look like this:
  grant {
              // Custom permissions to allow app to load
              // and then set MyPolicy as Policy object:
              permission java.security.SecurityPermission "getPolicy";
              permission java.security.SecurityPermission "setPolicy";
              permission java.util.PropertyPermission "stuff.*", "read,write";
  };And then in my main() method, I loaded it like this:
  Policy myPolicy = MyPolicy.getInstance();
  Policy.setPolicy(myPolicy);But that doesn�t seem to work because I�m getting an AccessControlException: access denied (java.awt.AWTPermission replaceKeyboardFocusManager)
  Even though I have this permission in my implementation:
  perms.add(new AWTPermission("replaceKeyboardFocusManager"));Do you have any ideas what I�m doing wrong, or how I could fix them? Any information would be greatly appreciated. Thanks in advance!
  Steve

  Hey
  I have just finished such a policy implemention - boy could I have done with your help!
  I've never seen the java.security.debug property before - not to say it doesn't exist, but don't confuse system properties and security properties. Try setting it programmatically via Security.setProperty() or the Java Admin console [if you can], or even in the JRE WebStart uses via the java.security file.
  When you run it locally with security switched on, do you observe the 3-to-1 behaviour also? I'm not sure if this is important - depends on your answer. As for the checks being performed from the same stack frame, the AC iterates over the protection domains as it checks them; the 3-to-1 behaviour is the result of there being 3 extra frames to check, possibly due to the fact your executing from JWS [although I'd expect JWS to be considered system code]. If the execution in AC gets to return null; then Debug.isOn("failure") must evaluate to true [...I'd slump in my chair at this point] but there's no way to figure out accurately what the semantics of this is AS THERE'S NO FRICKIN SRC AVAILABLE [...this really annoys me]. The only thing I can suggest for that is to not try and switch debugging on.
  I suspect you are using JAAS [hence the dynamic policy need]? I have an idea if you are.
  I totally know what you mean about the sleepless nights mate - I'm glad I done it all now, learnt all about security within Java which I knew nothing about 6 months ago.
  Warm regads,
  D

• Zenwork 11rc3 beta = on how to publish the endpoint policy

  To all the PRO,
  As now i am testing the beta version of the ZENWORK 11 rc3 , but the after trying to read most area of the documentation , i still unable to publish the policy to the client system . Where by the client also had install the agent program , yet there is no sign of that the client policy was updated .
  Even the server side was able to view the Client System , but then i was unable to push the endpoint security policy into the client side .
  is there was something when wrong ? or is there anything else i was left out ?
  kindly advise .

  nxgame,
  It appears that in the past few days you have not received a response to your
  posting. That concerns us, and has triggered this automated reply.
  Has your problem been resolved? If not, you might try one of the following options:
  - Visit http://support.novell.com and search the knowledgebase and/or check all
  the other self support options and support programs available.
  - You could also try posting your message again. Make sure it is posted in the
  correct newsgroup. (http://forums.novell.com)
  Be sure to read the forum FAQ about what to expect in the way of responses:
  http://forums.novell.com/faq.php
  If this is a reply to a duplicate posting, please ignore and accept our apologies
  and rest assured we will issue a stern reprimand to our posting bot.
  Good luck!
  Your Novell Product Support Forums Team
  http://forums.novell.com/

• [SOLVED]UEFI boot gives 'failed to install override security policy'

  Hi, newb here who has hit a dead end quite early in the process of installing Arch.
  When trying to boot Arch into EFI mode, it says
  'failed to install override security policy'
  Of course I did my research and it seems that only three other people on this planet have had the same problem, and their solutions do not work for me.
  http://superuser.com/questions/615142/u … ity-policy
  Overwriting EFI/boot/bootx64.efi with loader.efi enables me to see a menu where I can choose from booting Arch, UEFI shell v1 or UEFI shell v2. Still, selecting Arch results in a blank screen with two grey bars at the top and bottom of the screen, so not really not much help.
  I'm not a UNIX nor an EFI wizard, so please bear with me. I'm a Windows user with some anecdotal Linux knowledge (I have installed Ubuntu countless times, wanted a bit of a challenge this time) who wanted to make the switch to the Linux ecosystem, but this error prevents me from doing so. I also tried to install rEFInd as suggested here: https://bbs.archlinux.org/viewtopic.php?id=174734
  But I seem to be unable to boot into any UEFI shell v2, it's also printing the errors:
  ASSERT_EFI_ERROR (Status = Not Found)
  ASSERT C:\svn_code...and so on )
  My Windows installation is on BIOS/MBR, so I cannot install rEFInd manually using Windows, and I also cannot use the v1 UEFI shell because of the lacking bcfg command. I don't know how to procede from here. My board is an AsRock P67 Extreme4 Rev 09 with a 2.10 EFI. This board doesn't even have Secure Boot if I'm correct, I also searched every possible submenu of the EFI for an option to disable Secure Boot, but haven't found anything.
  Last edited by 0x33 (2015-03-11 17:35:56)

  I presume you are trying to use gummiboot?
  Please post the contents of /boot/loader/loader.conf and also your gummiboot configuration file for your Arch system (if you are not using gummiboot post the config. files for whichever boot loader/manager you are using).
  Load the Arch live ISO, mount all your partitions and `arch-chroot` into your system and then post the output of:
  lsblk -f
  # parted -l
  # efibootmgr -v
  Last edited by Head_on_a_Stick (2015-03-10 21:05:43)

• WebStart, custom security policy and debugging

  Hi,
  Please forgive the long post, it's an obscure problem.
  A year ago I implemented a custom instance-centric security policy that uses a database for storing permission data. It has served our needs very well on the server side. Now, however, I need to reuse it in a client application deployed to about 50 users via WebStart (there are more similar applications coming which will take the user base to about 200).
  For some reason, the permissions are not being properly evaluated under WebStart. Tracing through my policy code, I can see that calls to imply() return with expected true/false values, however, when the internals of Java's underlying security API aggregate the results, calls to AccessController.checkPermission() don't raise exceptions when and where they are expected to.
  This is really a hard problem to debug/trace. When I run the application locally, I have no problems with security checks even if I run it under a security manager (via -D.java.security.manager). Tracing to standard helps to a point and I can see that there is a difference: during the local runs, calls to MyCustomPolicy.implies(Permission, Domain) are made once per every AccessController.checkPermission() call made from the business layer. Under WebStart, there are three calls to MyCustomPolicy.implies() per every call to AccessController.checkPermission(). All three calls seem to come from the same stack frame. All three return 'false', yet AccessController.checkPermission() doesn't raise an exception.
  Analyzing stack's state at the point MyCustomPolicy.implies() is been called, I think the answer to my problem may lie in the following code snippet of AccessControlContext.checkPermission(Permission):
          for (int i=0; i< context.length; i++) {
              if (context[i] != null &&  !context.implies(perm)) {
  if (debug != null) {
  debug.println("access denied "+perm);
  if (Debug.isOn("failure")) {
  Thread.currentThread().dumpStack();
  final ProtectionDomain pd = context[i];
  final Debug db = debug;
  AccessController.doPrivileged (new PrivilegedAction() {
  public Object run() {
  db.println("domain that failed "+pd);
  return null;
  throw new AccessControlException("access denied "+perm, perm);
  I believe that somehow one of the iterations gets to "return null" line, but at the moment I have no way of verifying this.
  I'm finally getting to my question. In order for me to understand what's going on, I need to enable debugging of AccessControlContext. I can do this by setting java.security.debug system property. Again, I have no problem enabling debugging on a local system, but not under WebStart.
  Here's what the relevant markup in the .jnlp file looks like:
  <resources>
  <j2se version="1.5" max-heap-size="128m" initial-heap-size="32m" java-vm-args="-Djava.security.debug=all">
  </j2se>
  <!-- a bunch of jar declarations -->
  <property name="java.security.auth.login.config" value="jar:swing-app-SNAPSHOT.jar!/jaas_login.properties">
  </property>
  <property name="java.security.debug" value="all">
  </property>
  </resources>
  this seems to have no effect and no debugging output appears. Any ideas why? Is there anything else I can do to enable debugging of AccessControlContext under WebStart?
  I don't expect too many replies to my post (unless 3 sleepless weeks made me miss something really obvious), but if anyone can offer a hit/hit/insightful comment :), that would be great.
  Dmitry

  Hey
  I have just finished such a policy implemention - boy could I have done with your help!
  I've never seen the java.security.debug property before - not to say it doesn't exist, but don't confuse system properties and security properties. Try setting it programmatically via Security.setProperty() or the Java Admin console [if you can], or even in the JRE WebStart uses via the java.security file.
  When you run it locally with security switched on, do you observe the 3-to-1 behaviour also? I'm not sure if this is important - depends on your answer. As for the checks being performed from the same stack frame, the AC iterates over the protection domains as it checks them; the 3-to-1 behaviour is the result of there being 3 extra frames to check, possibly due to the fact your executing from JWS [although I'd expect JWS to be considered system code]. If the execution in AC gets to return null; then Debug.isOn("failure") must evaluate to true [...I'd slump in my chair at this point] but there's no way to figure out accurately what the semantics of this is AS THERE'S NO FRICKIN SRC AVAILABLE [...this really annoys me]. The only thing I can suggest for that is to not try and switch debugging on.
  I suspect you are using JAAS [hence the dynamic policy need]? I have an idea if you are.
  I totally know what you mean about the sleepless nights mate - I'm glad I done it all now, learnt all about security within Java which I knew nothing about 6 months ago.
  Warm regads,
  D

• Error from debugger: Error launching remote program: security policy error

  Hi all,
  I bought yesterday the license for Iphone Developer, I'm programming
  an app and would like to start testing it on my iPhone (EDGE, OS 2.1).
  I'm using osx 10.5.5 on a MacBookPro, and latest SDK. Developing
  and testing on simulator is ok, I followed all the procedure for requesting
  certificates, downloading them, the provisioning file and dragged on
  Xcode, I can see the iPhone with my provision name enabled for developing
  in the Organizer view, and I followed instructions to configure Xcode to develop
  on my device changing relevant options in the targets as explained online.
  When I try to develop on device I get all the process, file is transferred
  on device, but when launching I receive the error
  Error from debugger: Error launching remote program: security policy error
  Also when I try to launch the app from the phone it says there was
  an error and it's not possible to lauch the app. Is that an error in my
  steps configuring Xcode or is it something else?
  Thanks,
  Giancarlo

  Never mind, I found it out, if you follow the exact guideline of apple, you will... get this error always
  What you need is to make sure you have filled out the proper fields such as your bundle ID, although apple says it's auto-filled, it's not, in my case. you will need to change it from 'com.yourcompany....' to the one you set up on iphone dev site, such as 'com.toughgamer.testApp' in my case.