LocalHome caching in ServiceLocator - security credentials lost at runtime

I got a nasty exception when trying to use cached localhomes, which had been looked up after constructing an InitialContext with Context.SECURITY_PRINCIPAL and Context.SECURITY_CREDENTIALS:
javax.ejb.AccessLocalException: [EJB:010160]Security Violation: User: '<anonymous>' has insufficient permission to access EJB: ...
I finally had to disable localhome caching in my ServiceLocator, if security credentials were needed.
AppServer: WebLogic Server 8.1 SP3

I have the very same error using Weblogic Server 8.1 SP4. For now, caching in the ServiceLocator had to be removed. Debugging the server-code showed that the beans setContext-method is not called before entering the method requested by the client. The call fails when the first bean executes a remote-call to a second bean.

Similar Messages

Setting security credentials dynamically in Oracle BPEL

Hi,
I am tring to pass security credentials dynamically to partner link in oracle BEPL using following code(.bpel). But when i try to complie i am getting below error
Error:
[Error ORABPEL-10902]: compilation failed
[Description]: in "bpel.xml", XML parsing failed because "undefined part element.
In WSDL at "file:/D:/BEPL/OWSM/CustomHeader/bpel/CustomHeader.wsdl", message part element "{http://xmlns.oracle.com/CustomHeader}CustomHeaderProcessResponse" is not defined in any of the schemas.
Please make sure the spelling of the element QName is correct and the WSDL import is complete.
[Potential fix]: n/a.
please help me to sort out above problem. I want to pass the credentials dynamically to partner link in oracle BEPL is it the raight way to do. Kndly respond if any other way.
<?xml version = "1.0" encoding = "UTF-8" ?>

<process name="BPELSycProcess"
targetNamespace="http://xmlns.oracle.com/BPELSycProcess"
xmlns="http://schemas.xmlsoap.org/ws/2003/03/business-process/"
xmlns:xp20="http://www.oracle.com/XSL/Transform/java/oracle.tip.pc.services.functions.Xpath20"
xmlns:bpws="http://schemas.xmlsoap.org/ws/2003/03/business-process/"
xmlns:ns4="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
xmlns:ns1="http://datespackage/"
xmlns:ldap="http://schemas.oracle.com/xpath/extension/ldap"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:client="http://xmlns.oracle.com/BPELSycProcess"
xmlns:bpelx="http://schemas.oracle.com/bpel/extension"
xmlns:ora="http://schemas.oracle.com/xpath/extension"
xmlns:orcl="http://www.oracle.com/XSL/Transform/java/oracle.tip.pc.services.functions.ExtFunc">

<partnerLinks>

<partnerLink name="client" partnerLinkType="client:BPELSycProcess"
myRole="BPELSycProcessProvider"/>
<partnerLink myRole="GetDatesWS_Role" name="GetDatesWS"
partnerRole="GetDatesWS_Role"
partnerLinkType="ns1:GetDatesWS_PL"/>
</partnerLinks>

<variables>

<variable name="inputVariable"
messageType="client:BPELSycProcessRequestMessage"/>

<variable name="outputVariable"
messageType="client:BPELSycProcessResponseMessage"/>
<variable name="Invoke_GetDate_getDate_InputVariable"
messageType="ns1:GetDatesWS_getDate"/>
<variable name="Invoke_GetDate_getDate_OutputVariable"
messageType="ns1:GetDatesWS_getDateResponse"/>
<variable name="wscheaders" element="ns4:Security"/>
</variables>

<sequence name="main">

<receive name="receiveInput" partnerLink="client"
portType="client:BPELSycProcess" operation="process"
variable="inputVariable" createInstance="yes"/>

<assign name="Assign_1">
<copy>
<from>
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsse:UsernameToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsse:Username>siva </wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">kris</wsse:Password>
</wsse:UsernameToken>
</wsse:Security>
</from>
<to variable="wscheaders"/>
</copy>
</assign>
<assign name="Assign_Before">
<copy>
<from expression="'Before Service Invoke'"/>
<to variable="inputVariable" part="payload"
query="/client:BPELSycProcessProcessRequest/client:input"/>
</copy>
</assign>
<invoke name="Invoke_GetDate" partnerLink="GetDatesWS"
portType="ns1:GetDatesWS" operation="getDate"
inputVariable="Invoke_GetDate_getDate_InputVariable"
outputVariable="Invoke_GetDate_getDate_OutputVariable"
bpelx:inputHeaderVariable="wscheaders"/>
<assign name="Assign_After">
<copy>
<from expression="'After Service Invoke'"/>
<to variable="inputVariable" part="payload"
query="/client:BPELSycProcessProcessRequest/client:input"/>
</copy>
</assign>
<reply name="replyOutput" partnerLink="client"
portType="client:BPELSycProcess" operation="process"
variable="outputVariable"/>
</sequence>
</process>
Thanks & Regards,
Siva

There are so many limitations on what can and cannot be done in Apps related forms so you should ask this question in the relevant Apps forum: OA Framework (I would think)

Connecting to LDAP wtth current security credentials

Hey All
I want to connect to LDAP SERVER(Active Directory in my case)
without specified security credentials in my code.
I want Ldap to use security credentials of my user.
Thanks
Ishay

Had you bothered to look a little further down the first page of the forum, you would have found the answer to your question.
http://forum.java.sun.com/thread.jspa?threadID=732433&tstart=0

Not able to get rid of security-related questions in runtime

Hi,
I am simply using NetBeans 6.0.1 and the emulator QwertyDevice and the emulator platform WTK 2.5.2 for CLDC.
I have chosen Alias as trusted in the signing option in the project configuration page. however still I am getting security confirmation questions in runtime to access the local files for instance.
Would anyone please advise me how to get rid of that?
Also I have deployed the application on SonyEricsson k800i and would like to get rid of the security confirmations on that device as well. What is the guideline?
Thank you

Right clicking on it is not even an option, just hovering over it seems to induce a "nuclear" reset of the whole desktop and graphic card on the iMac.
Have meanwhile found a possible solution by erasing the dock preference file in the user/library/preferences folder to reset the dock to it's default state. Will try this out through a Skype conversation with that Buddy.
Was seen here :
https://discussions.apple.com/message/16447109#16447109
Thank you for stepping in. Good to know that people are still willing to help in this community.
Greetz to the UK from France

How to add security credentials to SOAP header for EBS Web Service call..

All,
I am trying to invoke a webservice that I successfully exposed as a WSDL Web Service using EBS Integrated SOA Gateway. I am using OBIEE 11g Action Framework which uses WebLogic.
Here are the steps I completed:
- I exposed a WSDL web service in EBS R12 via Integrated SOA Gateway
- I granted the access to this service in EBS R12 to user SYSADMIN
- I used OBIEE 11g to make a Action to call the Web service (using Action Framework) by searching for the WSDL
- When I try to execute the action: I get the error:
Action could not be invoked.
ServiceExecutionFailure :
Error invoking web service HR_PHONE_API_Service at endpoint http://ip-10-87-33-3.ec2.internal:8000/webservices/SOAProvider/plsql/hr_phone_api/ Missing <wsse:Security> in SOAP Header
PROBLEM: I am unsure how to add the credentials for SYSADMIN user and password to add the SOAP username/pwd to the outgoing call. Anyone on this forum know how to set up the SOAP to call with the correct credentials? I have been looking at the documentation but it is not clearly explained.

Dear Heiko,
did you solve this problem?
We are facing the same problem. Every parameter that requries "cmd" does not work. I guess we don´t use this paramter the right way.
Best, Chris

How to forward security credentials from one web service to another

Here is what I am trying to do... I have a standalone client that invokes a message-level secured web service (WEBSERVICE A) on a Weblogic 9.1 server (SERVER A) with a username and a password, and this web service (WEBSERVICE A) uses the same username and password from the client, and invokes another message-level secured web service (WEBSERVICE B) deployed on a different WebLogic 9.1 server (SERVER B).
Does WebLogic 9.X automatically asserts the same client credentials when the WEBSERVICE A invokes WEBSERVICE B on a different server? If it doesn't, what is the best way to do that? Thanks.

You can save the site (spweb) as a template, and then use the template to create a new site in another web application.
When you save the site, it's saved to the solutions gallery. You can download the saved site from the solutions gallery, and then use it to create the new site collection.
If the site is a publishing site, you'll need to de-activate the publishing features first.
You can save the site as a template via the sites settings page, or via SharePoint designer.
Have a look here: http://office.microsoft.com/en-us/sharepoint-designer-help/save-a-sharepoint-site-as-a-template-HA101782501.aspx
Regards, Matthew
MCPD | MCITP
My Blog
View
Matthew Yarlett's profile
See my webpart on the TechNet Gallery that allows administrative users to upload, crop and format user profile photos. Check it out here:
Upload and Crop User Profile Photos

Nokia C3-00 keyguard security code lost

I've lost my C3 keyguard code,so right now i can't unlock my phone.If anyone knows how to fix this problem,let me just know.Thanks a lot.

Hi asamnew25,
Welcome to the forum!
The Nokia account can't be used to unlock a phone that has a forgotten security code. If the default code (12345) isn't working, or if the code has already been changed, the best option is to have the phone reset at the Nokia Care Point. Check this link for the Nokia global support page: Nokia Wayfinder

NIS+/LDAP-Gateway Nis+ Credentials lost after some time

Hello,
I have configured an NIS+ Server with NIS compatibility under Solaris. Then I have installed an Sun Directoryserver on the same machine and populatet the LDAP-tables with the rpc.nisd gateway. Everything works fine. Even with TLS-Encryption.
The Server works perfect and the LDAP-Clients and NIS+ and NIS-Clients work too.
But after some days you can do an niscat cred.org_dir on the Server and the Nis+-Credentials are ok. 5 seconds later you do the same niscat in the same shell and the cred.org_dir table is only half filled. When you repeat the Command again, all NIS+-Credentials are lost and the server is death.
I have the same problem with the Directory Server 5.1 on Solaris 9 sparc, on Solaris 10 beta x86, on Solaris 10 beta sparc and with directoryserver 5.2 on Solaris 10 final sparc.
I think it is a Problem with the NIS+LDAPmapping file or the rpc.nisd configuration.
Please help me.
With friendly Greetings from Germany
Ralf

There's a book at http://docs.sun.com called "Solaris Administration Guide: Naming and Directory Services (DNS, NIS and LDAP)". This will answer a lot of your questions.
The file you're looking for is /var/ldap/ldap_client_file. Unforntunately, it's a "chicken and egg" design. The ldapclient program creates this file when you use the "init" option. But, the ldap_cachemgr daemon actually updates it from the LDAP specified in the file. The ldapclient program also creates /var/ldap/ldap_client_cred. This contains the credentials that ldap_cachemgr uses to authenticate with the server.
What I do is modify the LDAP and then SIGHUP ldap_cachemgr, avoiding the use of ldapclient. I used ldapclient to build the cred file and get the initial LDAP settings and file format. After that, I've never used it.
HTH,
Roger S.

How do I prevent users from caching their sign in credentials on OWA page

I am using Forms based authentication and want to prevent users from caching their credentials on the OWA page.
Is there an easy way?

Hi,
Forms-based authentication enables a sign-in page for Outlook Web App that uses a cookie to store a user's encrypted sign-in credentials in the Internet browser. So this authentication method will force to cache their credentials in the Internet
browser for some time. The workaround is what Willard Martin suggested.
Refer from
http://technet.microsoft.com/en-us/library/bb430796(v=exchg.141).aspx
Best Regards.

Security wipe - lost all(contacts, messages....) in my blackberry curve 8520

Hello,
I tried to syncronize my phone with my computer and i was forces to introduce a security password . I tried 10 times to introduce it and then i received a message : Security wipe and i lost all the information from my phone.
CAN ANYONE HELP ME TO RECOVER THE LOST DATA ?
THANK YOU
CRISTIAN

Hey Tosin29188,
Welcome to the BlackBerry Support Community Forums.
Thanks for the question.
Are you able to locate this folder when accessing the media card from a PC or Mac? Also are the pictures files renamed to a different extension? (For example: Picture.rem)
Are you able to open the media files up on a computer?
I look forward to your reply.
Cheers.
-ViciousFerret
Come follow your BlackBerry Technical Team on Twitter! @BlackBerryHelp
Be sure to click Like! for those who have helped you.
Click Accept as Solution for posts that have solved your issue(s)!

Password Security gets lost in portfolio/Low definition printing

Using Acrobat Pro Extended 9.0.0, I created a portfolio and added two PDF files to it (these files were not themselves password protected).
I then used File / Portfolio Properties / Security to apply password security, Encrypt except metadata, open password, permissions password allowing High Resolution printing and no changes finally allowing copying of text.
After completion, I then saved the file and closed acrobat.
Then clicked on secured file to open acrobat and was correctly asked for the opening password.
I then changed to list view, clicked on a file, Saved file from portfolio and saved it.
Clicked on PDF document (within portfolio) and looked at Portfolio properties and the security settings were still displayed.
Clicked on OPEN button (top right) and the document was opened. Document Properties still show security set.
Closed acrobat completely.
Clicked on saved document from portfolio and was surprised to find no security settings at all. No opening password, no password for changing document, completely open.
This is a major security hole from what I can see.
Another similar problem. If I secure a PDF document with password security as above, yet with low resolution printing. I can then reopen the secured document and print to an Adobe printer driver creating a new unsecured PDF from my secured document.
I cannot believe Adobe could leave two such wide security holes in Acrobat 9 so surely I am missing something here.
Can someone please tell me how to put together a portfolio without these massive security problems.
Regards
John

Assigning security to a portfolio will not assign security to the individual documents.

Security credentials in J2EE

I am currently working on a project using jsp (apche struts) and EJB's implemented on Websphere v4.0. What we want to do is authenticate a user against our back end databases and then depending on the result restrict access to the other EJB's in our system. What we don't want to do is use form based authentication with user/password as we require several pieces of info from the customer to authenticate them.
What we have done so far is:
define roles and mapped these to EJB's. For simplicity all ejb's are mapped to one role but the log on ejb is mapped to a different role.
These roles are then mapped to users at deploy time. This should mean that all users can call the logon ejb but only authenticated users can call the others.
The problem is that I cannot invoke the restricted EJB's. All users can invoke the logon EJB as expected but when invoking the restricted EJB's I get an exception saying that "Authorization failed for /UNAUTHENTICATED ". This is even though I am passing the credentials and principle in as properties to the constructor of InitialContext e.g.
props.put(Context.SECURITY_PRINCIPLE,"user1");
props.put(Context.SECURITY_CREDENTIALS,"userpassword");
InitialContext myCtx = new InitialContext(props);
I have also tried to authenticate using the ServerSideAuthenticator class which ships with websphere. I can authenticate as user1 in an EJB and call another EJB and the credentials are propgated in the call as I would expect however if I use the serverside authenticator in the webtier in the action servlet and then invoke an EJB the credentials are not propogated and I get the same error.
Does anyone have any ideas on how to do this ? Ideally we would like to be as J2EE as possible but are not sure if this can be done with our app server. If this is not possible does anyone know how to do it in a websphere kind of way !!!

I'm getting the same problem..did u find a solution for this?

Security Update 2010-001--- So secure I lost Admin Access!

I am running a Snow Leopard Server on a Mac Mini (I bought into the dual 500GB model) to host some documents and act as a small cross-platform dropbox for any kind of files that need to be shared over a biomedical research-related network. A little overkill but...
Anyway today I followed the software update prompt and installed Security Update 2010-001. After restart, I can no longer login as the administrator (or anyone else for that matter). Curiously, I can access it using +Server Admin+ and using +screen sharing+, all with the same old username and password as before. I just cannot login on the mini itself. Any thoughts on this issue? Potential was to resolve it? I have the 2nd drive configured as a Time Machine backup, so perhaps I can rewind to yesterday? Not sure how that works but I guess I can figure it out somehow.

Per Oxfjell wrote:
How'd you regain access to the Mac Mini? I have currently locked myself out in the same fashion, and the only thing I can think of is to reinstall the server OS.. Funny thing is, I'm the only one with access at the moment, and all I did was a simple reboot.. I haven't tampered with passwords or anything of the kind. Why the admin password is suddenly not working is beyond me..
In the remote server access software, somehow I had inadvertently checked the button that allowed only limited access. The way I fixed it was to go to the Access pane of the Server Admin software, then I selected the button "For the selected services" button on the left and selected "Login Window" and finally clicked the button "allow all users and groups" on the right. This is counter intuitive because you don't want to allow access to everyone, but it will still require local management of the server (eg only those already allowed to login will be allowed after you check the button)
I hope that makes sense. It solved the problem for me and saved me a lot of hassle.

Get or set security credentials for XML web service client authentication

Dear,
I wrote a custom asp.net web service that acts as a wrapper for the taxonomyclientservice.asmx in sharepoint 2010.
ON my local machine, the following code works:
using (Taxonomy.Taxonomywebservice TaxonomyClient = new COSMOS_Taxonomy.Taxonomywebservice())
TaxonomyClient.Credentials = new NetworkCredential("username", "pass", "domain");
TaxonomyClient.PreAuthenticate = true;
etc..
The authentication works when i provide the user credentials.
the problem is when i deploy the webservice to my production env. I dont know the owner of the metadata term store and its out of the question to get the username and password.
when i try to run this code on my local machine:
TaxonomyClient.Credentials = System.Net.CredentialCache.DefaultCredentials;
i get this error:
System.Net.WebException: The request failed with HTTP status 401: Unauthorized.
at System.Web.Services.Protocols.SoapHttpClientProtocol.ReadResponse(SoapClientMessage message, WebResponse response, Stream responseStream, Boolean asyncCall)
at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
at COSMOS_TermSet.COSMOS_Taxonomy.Taxonomywebservice.GetTermSets(String sharedServiceIds, String termSetIds, Int32 lcid, String clientTimeStamps, String clientVersions, String& serverTermSetTimeStampXml)
at COSMOS_TermSet.CustomWebService.GetCountryTermSet()
How can i fix this.
Many thanks in advance

Hi Roni,
Based on your description, the error occurred when using the DefaultCredential in the code.
I recommend to check if the “<identity impersonate="true"></identity>” is included in web.config file.
If not, add it to web.config file to see if the issue still occurs.
Best regards.
Thanks
Victoria Xia
TechNet Community Support

Security Questions Lost, no email sent to reset

I have forgoten my questions which were made in fifth grade. I am sending the reset to my email, but I do not see it. I have 2 emails, but neither of them have it. I just want to be able to buy something on my new iphone

If you aren't receiving the email to your rescue email account (and you've checked the spam folder on it and tried clicking the link again) then you will need to contact iTunes Support / Apple to get the questions reset.
Contacting Apple about account security : http://support.apple.com/kb/HT5699

LocalHome caching in ServiceLocator - security credentials lost at runtime

Similar Messages

Maybe you are looking for