[JApplet][security] accese problem

Similar Messages

• Web Center app with ADF Security - login problem

  I have a custome Oracle Web Center app.
  I have a page.html with an embedded login form posting to j_security_check. I've configured the ADF security policies to redirect to a JSPX on successful login.
  When I try the correct username/password, I get redirected not to the page I defined in ADF, but to the root page http://127.0.0.1:7101/MyApp-ViewController-context-root/
  and i get
  Error 403--Forbidden
  I've checked the weblogic.xml as per http://andrejusb.blogspot.com/2009/12/solving-error-403-forbidden-in-adf.html, all the required entries are there.
  This works fine if i use a Login link with
  destination="#{'/adfAuthentication?login=true&end_url=/faces/postLogin.jspx'} "
  which redirects to the default login.html and then to the right page. I've copied the form from the default login.html into my master HTML page.
  Hope my question is clear. Any suggestions why it is going to the wrong URL after login.
  Is there anything specific I should see in the jazn-data.xml or web.xml regarding the post-login URL since i cant see that in either.
  P.S. Have been advised to try here when I originally asked this in the WebCenter forum. Web Center app ADF Security - login problem
  Edited by: new_to_webcenter on 18-Jan-2011 05:25

  Thanks for your response Frank.
  The web.xml has
  <security-constraint>
  <web-resource-collection>
  <web-resource-name>adfAuthentication</web-resource-name>
  <url-pattern>/adfAuthentication</url-pattern>
  </web-resource-collection>
  <auth-constraint>
  <role-name>valid-users</role-name>
  </auth-constraint>
  </security-constraint>
  <login-config>
  <auth-method>FORM</auth-method>
  <form-login-config>
  <form-login-page>/login.html</form-login-page>
  <form-error-page>/error.html</form-error-page>
  </form-login-config>
  </login-config>
  When configuring ADF Security via JDev , I chose "Redirect upon successful authentication" to the Welcome Page
  "/faces/postLogin.jspx"
  this then adds into web.xml
  <servlet>
  <servlet-name>adfAuthentication</servlet-name>
  <servlet-class>oracle.adf.share.security.authentication.AuthenticationServlet</servlet-class>
  <init-param>
  <param-name>success_url</param-name>
  <param-value>/faces/postLogin.jspx</param-value>
  </init-param>
  <load-on-startup>1</load-on-startup>
  </servlet>
  So the sequence which works is:
  Login via the '/adfAuthentication?login=true&end_url=/faces/postLogin.jspx' and this redirects to login.html (OOTB form which posts to j_security_check) and then to the postLogin.jspx
  I'm trying to do away with a Login link, and trying the simple login form embedded in my page alongwith other content.
  So should the form be posting to j_security_check directly or to the adfAuthentication ?

• There is a problem with this connection's security certificate The remote computer cannot be authenticated due to problems with its security certificate. Security certificate problems might indicate an attempt to fool you or intercept any data you send

  Hi,
  I have this Windows 2008 R2 on which I installed remoteapp some years ago.
  Now the certificate expired and I get the message
  "There is a problem with this connection's security certificate
  The remote computer cannot be authenticated due to problems with its security certificate.
  Security certificate problems might indicate an attempt to fool you or intercept any data you send to the remote computer."
  How should I renew the certificate? I already went to certification store and tried to renew certificate with same key but then it says "the request contains nor certificate template information".
  Please advise.
  J.
  J.
  Jan Hoedt

  Does the computer account have Enroll permission to the certificate template?
  From the Server running your CA, run mmc, click File then Add/Remove Snap-in...
  Add Certificate Templates and click OK.
  Find the certificate template, then right click and select properties.  On my CA its call ed RemoteDesktopComputers but might be called something different depending on what what template your certificate is based on.
  On the security tab, click Oblect types, check Computers then OK. Enter the Computername and click OK.  Then give your computer account Enroll permisssion.
  HTH,
  JB

• On Vista Firefox 6 incorrectly deals with security certificate problems

  After I installed Firefox 6, I tried to go to one of my web sites. I know that there is an https security certificate problem with this site when I go to https://staging.photoquestadventures.com rather than https://www.photoquestadventures.com. On XP, FF6 opens the site. on Win7, FF6 warns about a security certificate problem then allows me to create an exception and open the site. On Vista, it says that it can't find the server at www.staging.photoquestadventures.com and I cannot get past this point - only on VISTA!

  I downgraded to Firefox V4 (I didn't have a copy of V5 stored and couldn't find it on the net) and it asked the correct question: to allow connection even though there was a security certificate problem. Then I upgraded to V6, and it continued to connect just fine. So something in the V5 to V6 upgrade created the problem for me.
  I wonder if there is insufficient testing of Firefox on Vista, as I have had several problems with new versions while I have not had the problems on XP or Win7.

• Network security/browser problems

  Don't laugh, I'm on an old iMac running 9.2.2, using explorer 5.1. Recently while on the internet I keep getting the message that I can't get a secure connection. (Nothing has been changed on my computer recently.) I was told by my internet help desk to install a new browser i.e. safari. In my attempts to find it, I've come to the conclusion that it doesn't work for my system. Is a new browser the answer to my security problem or what do you suggest? I'm not very computer savy, so please respond in detailed english, not techy. Thanks
  iMac   Mac OS 9.2.x  

  Security certificates have a time limit on how long
  they will be good for, and for old browsers, the time
  limit may have expired. You need to use a newer web
  browser to continue accessing secure web sites; the
  only Mac OS 9 browser currently being developed is iCab.
  (15702)
  Hello, Neil!
  Thank you for taking the time to suggest the use of the iCab browser. I'm trying it out now as I type this reply on my 1999 iBook. This browser works great... at least so far.
  It's amazing how these old machines can just keep on ticking, so it's nice to find a decent, current browser. Even my original battery lasts for almost an hour!
  Much appreciated,
  Joe

• SendAndLoad fails in mac .app version - possible security setting problem?

  Hi all,
  I'm having trouble with sendAndLoad working on the .app version of a flash application I made. So far it's only happening on one computer, so it appears to be some sort of security setting.  Here's what's going on:
  I've built a flash application (Flash 9, AS2) that has three versions: an online version, a standalone  .exe version for PC, and a standalone .app version for mac. The user must log in to use the application. Online, this is handled by the portal hosting the flash. In the standalone versions, the user must login through the flash application. Through sendAndLoad, it accesses the same database of user info as the online version. The user just enters username/password, clicks "Submit," and if it finds the combination in the database, it lets the user in. If not, it gives them a message saying they entered the wrong username/password.
  This has tested fine across macs and pcs, but sadly one macbook can't use the .app version. It launches, they put in valid username/password, hit submit and it freezes. All I can tell is that it gets the httpStatus number 0. As you can see below, I've got it set up to spit out an error message if it fails to load (login_lv.onLoad = function(success)), but it doesn't even do that.
  I've put a crossdomain.xml file at the root level of the domain that's set to allow access from any domain.
  This computer can log in successfully to the online version of the course, but the .app version seems to be hampered by some sort of security setting. The problem computer's settings match the settings of a mac I've tested successfully. It has up-to-date Flash 10 and is running Leopard. Here are security settings:
  System Preferences>Security
       General
            Everything is unchecked
       FileVault
            Turned off
       Firewall
            "Allow all incoming connections" is selected
  I'd appreciate any ideas anyone has. I'm far from wise about the ins-and-outs of mac security, so I may be missing something. I'm happy to clarify anything.
  Code is below. It loads login_lv first, then bookmark_lv. It never gets far enough to load bookmark_lv. The severAppUrl is set to a placeholder for confidentiality's sake. The path is defintely right. It works on other computers.
  Thanks!
  Mike
  // create a LoadVars instance
  var login_lv:LoadVars = new LoadVars();
  // add the login variables to pass to the server
  login_lv.userid = "";
  login_lv.pwd = "";
  login_lv.modname = "a";
  // setup login urls
  var serverAppUrl = "http://myurlhere"; //this is just a placeholder. good ol' confidentiality agreements...
  var loginUrl = serverAppUrl+"login.asp";
  // setup bookmark urls
  var bookmarkUrl = serverAppUrl+"menu.asp";
  var bookmark_lv:LoadVars = new LoadVars();
  // add the bookmark variables to pass to the server
  bookmark_lv.studentid = "";
  bookmark_lv.isAdmin = "";
  bookmark_lv.modname = "A";
  _global.modnameTemp = bookmark_lv.modname;
  // setup login function
  function doLogin() {
  login_lv.userid = login_mc.user_txt.value;
  login_lv.pwd = login_mc.pwd_txt.value;
  login_lv.sendAndLoad(loginUrl,login_lv,"GET");
  // send the login info
  login_mc.continueBtn_mc.onRelease = function() {
  this.enabled = false;
  doLogin();
  // variables will appear in the login_lv object
  login_lv.onLoad = function(success) {
  if (success) {
  if (this.studentid == undefined) {
  login_mc._x = 0;
  trace("not logged in");
  debug_mc.body_txt.text+="\nnot logged in";
  if(this.reas == "Please Complete Overview and first 3 Module(s) with at least 70 score."){
  login_mc.loginBad_mc.gotoAndStop("r2");
  login_mc.loginBad_mc._visible = true;
  } else if(this.reas == "Please Complete Overview Module first."){
  login_mc.loginBad_mc.gotoAndStop("r3");
  login_mc.loginBad_mc._visible = true;
  } else {
  login_mc.loginBad_mc._visible = true;
  } else {
  login_mc._x = 800;
  trace("now logged in");
  debug_mc.body_txt.text+="\nnow logged in";
  trace("studentid: "+this.studentid);
  trace("isAdmin: "+this.isAdmin);
  //track variables for later use
  _global.studentidTemp = this.studentid;
  _global.isAdminTemp = this.isAdmin;
  bookmark_lv.studentid = ""+this.studentid+"";
  bookmark_lv.isAdmin = ""+this.isAdmin+"";
  bookmark_lv.sendAndLoad(bookmarkUrl,bookmark_lv,"GET");
  }else{
  debug_mc.body_txt+="\nlogin load error"
  login_lv.onHTTPStatus = function(httpStatus:Number) {
      this.httpStatus = httpStatus;
      if(httpStatus < 100) {
          this.httpStatusType = "flashError";
      else if(httpStatus < 200) {
          this.httpStatusType = "informational";
      else if(httpStatus < 300) {
          this.httpStatusType = "successful";
      else if(httpStatus < 400) {
          this.httpStatusType = "redirection";
      else if(httpStatus < 500) {
          this.httpStatusType = "clientError";
      else if(httpStatus < 600) {
          this.httpStatusType = "serverError";
  debug_mc.body_txt.text+="\n login_lv HTTPStatus number="+httpStatus+" HTTPStatus type="+this.httpStatusType;
  //prepare bookmarkXML to receive returned info from bookmark_lv function
  var bookmarkXML = new XML();
  bookmarkXML.ignoreWhite = true;
  bookmarkXML.onLoad = bookmark_lv;
  // variables will appear in the bookmark_lv object
  bookmark_lv.onLoad = function(success) {
  if (success) {
  trace("bookmarked");
  debug_mc.body_txt.text+="\nbookmarked";
  trace("bookmarkXML: "+bookmarkXML);
  var bookmarkNode = mx.xpath.XPathAPI.selectNodeList(this.firstChild, "/bookmark");
  trace("bookmarkNode: "+bookmarkNode);
  var bookmarker:String = unescape(eval("bookmark_lv"));
  trace("bookmarker: "+bookmarker);
  bookmarker = bookmarker.split("<xml>").join("");
  bookmarker = bookmarker.split("<bookmark").join("");
  bookmarker = bookmarker.split("/bookmark>").join("");
  bookmarker = bookmarker.split("</xml>").join("");
  var startIndex:Number;
  var endIndex:Number;
  startIndex = bookmarker.indexOf(">");
  trace(startIndex);
  endIndex = bookmarker.indexOf("<");
  trace(endIndex);
  var bookFinally:String;
  bookFinally = bookmarker.substr(startIndex+1, endIndex-2);
  bookFinally = bookFinally.split("<").join("");
  setBookmarkStr = ""+bookFinally+"";
  trace("string: "+setBookmarkStr);
  _global.newBookmark = bookFinally;
  play();
  }else{
  debug_mc.body_txt+="\nbookmark load error"
  bookmark_lv.onHTTPStatus = function(httpStatus:Number) {
      this.httpStatus = httpStatus;
      if(httpStatus < 100) {
          this.httpStatusType = "flashError";
      else if(httpStatus < 200) {
          this.httpStatusType = "informational";
      else if(httpStatus < 300) {
          this.httpStatusType = "successful";
      else if(httpStatus < 400) {
          this.httpStatusType = "redirection";
      else if(httpStatus < 500) {
          this.httpStatusType = "clientError";
      else if(httpStatus < 600) {
          this.httpStatusType = "serverError";
  debug_mc.body_txt.text+="\n bookmark_lv HTTPStatus number="+httpStatus+" HTTPStatus type="+this.httpStatusType;

  try using different loadvars instances for your send loadvars and for your receive loadvars.

• Security setting problems preventing a rerun of a form.

  System Specifications:
  Windows XP Professional with Microsoft Internet Explorer browser.
  Enterprise Manager URL: http://dell9150:1158/em (there is no Domain Name)
  Firewall is set to ON. I have no special software other than Windows XP Pro and
  Internet Explorer handling my security. Oracle10g Database with Forms10g.
  Sequence of Events:
  1. Start OC4J Instance and Oracle Forms Builder
  2. Open a previously debugged form, connect to database and run the form.
  3. A sound like a pop-up blocker occurs and I am at the following address:
  C:\Documents and Settings\Bob\Local Settings\Temp\s31o.htm
  4. When I check the pop-up blocker it is ON. If I turn it OFF
  the next time I come to this window it is set back to ON?
  I can not add this current address to the pop up blocker exceptions;
  however, “dell9150” is listed as an exception.
  5. I also get the message “…Explorer has restricted this file from showing
  active content…Click option here…”. When I select “Allow Blocked Content…”
  I get a security warning “…run active content” to which I reply YES.
  6. Now the form runs, the forms works just fine, and I am at the address: http://dell9150:8889/forms90/f90servlet
  7. Once I close the form, go back to Builder and re-run the form I get the following
  message without ever reaching the internet:
  <html> <head> ORACLE FORMS.</head>
  <body onload="document.pform.submit();" >
  <form name="pform" action="http://dell9150:8889/forms90/f90servlet" method="POST">
  <input type="hidden" name="form" value="C:\guest\forms\exercises\INSTRUCTOR_SECTION_ENROLLMENT.fmx">
  <input type="hidden" name="userid" value="SCOTT/TIGER@orcl">
  <input type="hidden" name="obr" value="yes">
  <input type="hidden" name="array" value="YES">
  </form> </body></html>
  In order to re-run the form I must close out of everything and start from scratch.
  I have tried several combinations of setting in the Internet Properties/Security Settings with no luck. If I RESET (I assume this resets all options to the default) the same thing occurs. Obviously, there has to be a way of setting my Internet Options so that I can run a form without this problem but I am lost and could really use some HELP! I am in no way a Windows expert nor a Oracle DBA but I can follow directions. Thanks.

  Try the following solutions :
  1) Check on in IE -> Tools -> Internet Options -> advanced -> allow active content to run in files on My Co
  mputer
  2) Make sure that you have in the Internet Explorer Tools -> Internet Options -> Advanced tab -> Check the check box
  Enable third party Browser extensions. It will be under browsing.

• Invalid Security Code problem...

  Ok, this is now a real problem. I'm trying to change the credit card in my Itunes account. I'd like to buy a few things, which I haven't done in a while.
  I enter in the new card, and walla, it pops up with "Invalid Security Code". Except I know the code is valid, and having just purchased a song at Amazon to test, I know the card is activated and good.
  So, what's the deal? Argh! So frustrating that I can't get this card to enter!!

  They will have no choice BUT to lose customers. If people can't pay for anything, how will Apple make any money?
  I'm having the same problem too. I've tried 3 different credit cards, 2 different computers, an iPhone, an iPad, and the exact same thing. From what I've been reading, this is a problem that has been going on for a looong time. I'm surprised they haven't fixed it yet.
  I've sent an email and received no response. I called support and was on hold forever. I gave up waiting and hung up.
  I've changed my information in the Apple Store page. Credit Card verified there with no problem. Changed my info in my .me page. Credit Card verified there, too.
  Same info. Same billing address.
  I guess I'll just have to return my iPad and demand a full refund, because it's completely unusable now.
  Thanks for nothing, Apple!

• Secured wifi problem

  Hi all,
  I have just purchased a playbook. I am having a problem with wifi. I am able to access my home wifi just fine. I can also access "open" wifi from the surrounding areas (eg colleges) with full signal. But I am not able to access my college's secured wifi. The school's IT team spent an hour with it, but could not get it to connecto to the school's connection. They tried adding my playbook's MAC address, manually connect etc... nothing works. The signal that my playbook picks up at the college is rather sporadic, too. Sometimes it's 0 bar, sometimes it's full bar, sometimes it's in between. All can happen in a few seconds while I'm standing at one spot. The playbook can't even pick up the signal when I'm standing under the wifi-hot spot router.
  Anyone knows what's going on? My playbook does have the latest version of the official OS. I would like to keep my playbook, but I will return it for a refund if this issue can't be resolved.
  Thank you very much for your help.

  First make sure you've downloaded the 6067 update, then if you turn on the wifi and have it scan for networks, you'll then select the secured network you want to connect to, then you'll have a choice of access, my network uses a password so I enter the password and that profile is saved, so everytime it finds that secured network it connects. You can also connect using the other choices. As for the signal, is there a way you can test the signal strength using another computer to determine if there's just  weak signal? You need signal to connect. One other thing, since you've been trying a bunch of differenct things I would hit the battery symbol, then click on restart and after the PB reboots start over.

• 6500 classic - security settings problem

  I have Nokia 6500 classic and I have a little problem with it. When I go to the Security settings menu Security module settings is not active. When I push on it it tells me to Insert security module. Can someone explain to me what should I do because there is nothing in the users manual about the security options.
  Thank you in advance!!!

  If you don't have a security module (not many people do) then you will never need to use this option.
  Security modules are expensive and are used by certain agencies that need heavily encrypted lines.

• How to securely workaround problem w/ ThinkVantage Client Security PW MGR & Windows PW Chg

  For those of you who have an authentication problem with ThinkVantage Password Manager after changing your Windows password, I would recommend uninstalling the Client Security - Password Manager application (if you just need the Password Manager and not the entire security suite) and install the Lenovo Password Manager.
  It would help to have an exported list of your passwords so you can re-import them into the new Lenovo Password Manager.  If you don't have an exported list and are locked out of ThinkVantage Password Manager, click on the box "I forgot my password" and answer your three security questions (if you enabled that feature during setup), then you can open the Password Manager and export your list.
  (Soapbox On:  it would have been nice if someone had recommended this as an option instead of shutting down discussion by saying we don't talk about subverting passwords.  I understand that is taboo, however other options should have been offered which are "kosher" as the above.  Soapbox Off.)
  Gary Grathen

  Been away working, now back...
  It was an HP8500 Printer that started all of this.  I find it difficult to believe that a (simple?) printer install could do so much collateral damage...
  BACK TO MY ORIGINAL QUESTION - How do I reset CSS?  Per furnished Lenovo documentation, (found on the hard drive) CSS was never installed on Windows 7 machines (for some Lenovo reason).  I can export PWs to external drive but still have no idea how to launch the CSS files (of which several executable files came pre-loaded on my machine).
  As far as being locked out of files, Finale composition software now says (upon trying to open files) "You don't have permission to open this file. Contact the file owner or administrator to obtain permission.."
  Worst case, I can re-build my Finale composiitons, but I'm still annoyed with the Lenovo log-in screen constantly asking me to enter a password that I don't know!
  I am very dissapointed with purchased LENOVO WARRANTY SUPPORT - the people I've talked to have no idea about what I'm trying to explain to them.

• T61p 6460 74M - Client Security Solution Problem

  I am having problems with the Client Security Solution running under Vista
  I am able to log in OK using the fingerprint reader or password however after the system boots the CSS widow appears asking for password, I enter the password but it does not recognise this and requeste retry or cancel. If I retry the password entry it advises that "Authentication Failed". I then cancel and the CSS window offers to configure the CSS - hit "Yes", requests verification of identity with password - I enter password - response is "Authentication Failed" and back to square 1.
  Can the CSS be reinstalled and then reinitialised. This problem may have arisen after I upgraded my Norton Internet Security 2007 or 2008 to NIS 2009, or when I reset Internet Explorer 7. I note at this time the Password Manager dissappeared from IE7.
  Does anybody have some advice please since this useful function - Password Manager - has now been either disabled or removed.
  Regards Chris R.

  I had problem with CSS also after installing (maybe) Norton Update. No answer from CSS at all any where, and I could not start it it either.
  I reinstalled it with the application:
  C:\Program Files\Lenovo\Client Security Solution\css_admin_vista_launcher.exe
  An then it works again - installation will delete all store passwords!

• Some reason my apps cannot download in my mac security question problem

  securty questionn of apple id problem i tried my apple id method also but did`t work

  I strongly recommend that you use a password for each login account but primarily for your admin account which will also be required when installing any software that uses an installer and/or for something being installed to the root directory of the hard drive such as a virus would likely require. If you are ever prompted for your admin password out of the blue to install anything without purposely trying to install anything, you should always decline which not having an admin password negates.
  Many single users of a Mac have an admin account (obviously and required) but create a login account without admin privileges for every day use as added security.
  Besides turning on the built-in Firewall, do not enable any services/ports that you don't need or regularly use and select all options via the Advanced button under the Firewall tab.

• Web Center app ADF Security - login problem

  I'm making an Oracle Web Center app.
  I have an app page.html with an embedded login form posting to j_security_check. I've configured the ADF security policies to redirect to a JSPX on successful login.
  When I try the correct username/password, I get redirected not to the page I defined in ADF, but to the http://127.0.0.1:7101/MyApp-ViewController-context-root/
  and i get
  Error 403--Forbidden
  I've checked the weblogic.xml as per http://andrejusb.blogspot.com/2009/12/solving-error-403-forbidden-in-adf.html, all the entries are there.
  This works fine if i use a Login link with
  destination="#{'/adfAuthentication?login=true&amp;end_url=/faces/postLogin.jspx'} "
  which redirects to the default login.html and then to the right page. I've copied the form from the default login.html into my master HTML page.
  Hope my question is clear. Any suggestions why it is going to the wrong URL after login.
  Is there anything specific I should see in the jazn-data.xml or web.xml regarding the post-login URL since i cant see that in either.

  Ah so when you try to access a JSPX page it works but when you try to access an HTML page it does not work?
  I can't see what the problem could be if it works for a JSPX but not for an HTML. Perhaps something with the filters in the web.xml
  Maybe you should ask this at the ADF forum: JDeveloper and ADF
  The guys there have way more understanding about this stuff than here.

• Row-level security(VPD) problem

  Hi,
  ADF BC, Jdeveloper 11.1.1.3.0
  We want to implement Row-level security in ADF by VPD, and do following:
  1, create VPD policy according to the following sample
  http://www.oracle.com/webfolder/technetwork/tutorials/obe/db/10g/r2/prod/security/vpd/vpd_otn.htm
  2, Override prepareSession(), and set user info by dbms_application_info.set_client_info; in policy function get the user info, and implement filter logic.
  The confusing problem is: When first user login, data has been filtered right. But, when the second user or third user login, it gets the first user's data.
  We also use SQL Trace, and find the second user's operation(SQL) are not recorded in SQL trace file, the view object may not query database. We test clearCache(), viewCriteria with 'Query Execution Mode: Database', and etc, but can not solve the problem.
  I appreciate your suggestion.
  thanks

  So how did you tell Weblogic not to cache the SQL statement? I will be using VPD in a new application, and I definitely want to avoid the problem you had.