Logging with XML Security in Websphere
I am using WSS4j To sign/encrypt a message in a servlet. WHen I test my code locally with my JDK(5) it shows the logging for XML Security(Apache Santuario). When I deploy to websphere applicaiton server(6) I cannot see those logs even when I have a root logger configured properly. Does WAS use a different XML-security jar in the classpath or something? Why cant I see the loggin?
Hi Wolfgang,
Cross-posting is discouraged and against the forum rules, because it is misused and makes a mess of the search due to distributed discussions and answers.
I will move it to the PI forum and add a watch on it as it is security forum related.
Unfortunately, the forum software does not have the option to "mirror" threads.
Cheers,
Julius
Edited by: Julius Bussche on Sep 14, 2009 9:50 PM
Similar Messages
-
Revision: 1433
Author: [email protected]
Date: 2008-04-28 13:13:12 -0700 (Mon, 28 Apr 2008)
Log Message:
adding 'console' security constraint to MBeanServerGateway remote object for MBean tests and ds-console, used when running on Websphere with administrative security enabled. Should call setCredentials("bob","bob1") to use this RO.
Modified Paths:
blazeds/branches/3.0.x/qa/apps/qa-regress/WEB-INF/flex/remoting-config.mods.xml
blazeds/branches/3.0.x/qa/apps/qa-regress/WEB-INF/flex/services-config.mods.xmlHi,
It seems that you were using Hyper-V Remote Management Configuration Utility from the link
http://code.msdn.microsoft.com/HVRemote, if so, you can refer to the following link.
Configure Hyper-V Remote Management in seconds
http://blogs.technet.com/jhoward/archive/2008/11/14/configure-hyper-v-remote-management-in-seconds.aspx
By the way, if you want to perform the further research about Hyper-V Remote Management Configuration Utility, it is recommend that you to get further
support in the corresponding community so that you can get the most qualified pool of respondents. Thanks for your understanding.
For your convenience, I have list the related link as followed.
Discussions for Hyper-V Remote Management Configuration Utility
http://code.msdn.microsoft.com/HVRemote/Thread/List.aspx
Best Regards,
Vincent Hu -
Use XML Digital Signature(Apache XML security) with Applet
I have problem when I use xml-security-1_2_1 library from Apache with applet and access denied errors occur.
6 May 2005 10:06:45 org.apache.xml.security.Init init
SEVERE: Bad:
java.security.AccessControlException: access denied (java.util.PropertyPermission org.apache.xml.security.resource.config read)
bla bla....
How should I do ? Please! T_T and thank you ..An applet cannot read the local file system, connect to any other computer than the one
it came from or read properties it's not supposed to read. And I think it cannot write to any
property.
If you sign the applet or set up a policy for it the applet can do the same as an application
allthough the jre will still check the stack trace if the entire stack has the same privileges
as you signed applet.
http://forum.java.sun.com/thread.jsp?forum=63&thread=524815
second post and last post for the java class file -
Revision: 977
Author: [email protected]
Date: 2008-03-27 17:04:59 -0700 (Thu, 27 Mar 2008)
Log Message:
Bug: BLZ-93 - When a producer sends a message to a secure destination with no credentials it causes a security exception to get logged with a log level of error.
QA: Yes
Doc: No
Details:
Updates to catch-all exception logging hinge points on the server to use a new method on MessageException that protects against repeat logging of the same exception as we unwind the call stack on the server, as well as allowing exception subclasses to control the log level, intro text and inclusion of a full stack trace in the logged output. This allows things like SecurityExceptions, which represent common errors like incorrect user credentials, to avoid polluting the log with error-level logging and stack traces. It also consolidates our catch-all handling for MessageExceptions and their subclasses in a single point, avoiding problems with needing to make updates or tweaks to our logging output in multiple places.
Ticket Links:
http://bugs.adobe.com/jira/browse/BLZ-93
Modified Paths:
blazeds/branches/3.0.x/modules/common/src/java/flex/messaging/log/Log.java
blazeds/branches/3.0.x/modules/common/src/java/flex/messaging/util/ExceptionUtil.java
blazeds/branches/3.0.x/modules/core/src/java/flex/messaging/MessageBroker.java
blazeds/branches/3.0.x/modules/core/src/java/flex/messaging/MessageException.java
blazeds/branches/3.0.x/modules/core/src/java/flex/messaging/endpoints/amf/MessageBrokerFi lter.java
blazeds/branches/3.0.x/modules/core/src/java/flex/messaging/endpoints/amf/SuspendableMess ageBrokerFilter.java
blazeds/branches/3.0.x/modules/core/src/java/flex/messaging/security/SecurityException.ja va
blazeds/branches/3.0.x/modules/core/src/java/flex/messaging/services/ServiceException.jav aOne thing I forgot to add, which may be causing you
problems: the "mount volume" command is not part of
the Finder dictionary. It stands alone.
bill
Mac OS X
(10.4.10) 1 GHz Powerbook G4
I tried the mount command. After executing it in Script Editor, I was prompted with login and password, but it was my Keychain!
I don't know if you have your keychain unlocked or what else..
Maybe the original poster (Rick Anderson) has his keychain locked and the prompt is from it.
Just a guess...
Ciao,
Ermanno
Dual 2 GHz PowerPC G5 Mac OS X (10.4.9) 4.5 GBy SDRAM, 5 external FW disks, 2 Internal SATA disks -
MTOM combined with WS-Security (XML signature)
I'm testing the support of MTOM together with WS-Security (XML-DSIG) on OEG. When verifying the XML signature I noticed I had to add the "Insert MTOM attachments"-filter first. Is this the right way? Shouldn't the signature verification do this transparently?
My other question is how OEG handles the attachments? Does it page them to disk? What happens if my attachments are very large? With the default setup of OEG I encountered out-of-memory issues with attachments above 200MB
Edited by: wsalembi on Sep 22, 2011 12:45 AMIf you just sign the <xop:Include> element, you are effectively only signing the reference to the attachment, i.e. the value of the href attribute. This will only prevent someone changing the href to point to a different attachment.
If you in-line the base64 encoded contents of the attachment into the XML message and only sign the base64 encoded string, you are only preventing anyone from changing the contents of the attachment.
You are not stopping somebody from changing what the <xop:Include> href attribute points to.
So I think there is value in signing BOTH the contents AND the <xop:Include> element so that:
- The integrity of the contents of the attachment is ensured, and
- The integrity of the reference to the attachment in the <xop:Include> element is ensured.
Interestingly, the XOP spec acknowledges this issue in Section 6.1:
http://www.w3.org/TR/xop10/#package_integrity
6.1 XOP Package Integrity
The integrity of Infosets optimized using XOP may need to be ensured. As XOP packages can be transformed to recover such Infosets (see 3.2 Interpreting XOP Packages), existing XML Digital Signature techniques can be used to protect them. Note, however, that a signature over the Infoset does not necessarily protect against modifications of other aspects of the XOP packaging; for example, an Infoset signature check might not protect against re-ordering of non-root parts.
In the future a transform algorithm for use with XML Signature could provide a more efficient processing model where the raw octets are digested directly.
In OEG, it would be possible to use 2 XML Signature Validation filters with an Insert MTOM Attachment filter to validate both signatures.
The flow in the policy would be as follows:
1. 1st XML Signature Filter :- Validate the Signature over the <xop:Include> element
2. Insert MTOM Attachment Filter :- Inline the base64 encoded contents of the attachment
3. 2nd XML Signature Filter :- Validate the Signature over the element now containing the in-lined base64 encoded data.
This policy would ensure the integrity of the attachment contents AND the reference to this attachment in the <xop:Include> element. -
Problems with binding Object (JNDI/WebSphere)
Hello.
I'm trying to bind my objects on WebSphere Application Server 5.0 from stand-alone java application running on remote machine (IBM JRE).
Java source code on remote JVM:
Properties props = new Properties();
props.put(Context.INITIAL_CONTEXT_FACTORY, "com.ibm.websphere.naming.WsnInitialContextFactory");
props.put(Context.PROVIDER_URL, corbaloc:iiop:tisproject:2811);
final InitialContext ctx = new InitialContext(props);
Object obj = ctx.lookup("");
ctx.bind("MailService", new MailService());class MailService, of course, implements Serializable
I also use property file on client side to connect to remote WAS: sas.client.props with following properties:
com.ibm.CORBA.authenticationTarget=BasicAuth
com.ibm.CORBA.loginSource=properties
com.ibm.CORBA.loginUserid=wpsadmin
com.ibm.CORBA.loginPassword=wpspassword
I consider, that the problem is a kind of security issue, but i can't find the solution. Please, tell me what should I do.
I have the following stacktrace:
12:03:54.967 com.ibm.CORBA.iiop.ClientDelegate@69143a7a invoke:777 P=34108:O=0:CT ORBRas[default] Received SystemException org.omg.CORBA.NO_PERMISSION:
Trace from server: 209891810 at host tisproject.tf.local >>
org.omg.CORBA.NO_PERMISSION: not authorized to perform bind_java_object operation. vmcid: 0x0 minor code: 0 completed: No
at com.ibm.ws.naming.cosbase.WsnOptimizedNamingImplBase.performAuthorizationCheck(WsnOptimizedNamingImplBase.java:2808)
at com.ibm.ws.naming.cosbase.WsnOptimizedNamingImplBase.bind_java_object(WsnOptimizedNamingImplBase.java:844)
at com.ibm.WsnOptimizedNaming._NamingContextImplBase._invoke(Unknown Source)
at com.ibm.CORBA.iiop.ServerDelegate.dispatchInvokeHandler(ServerDelegate.java:608)
at com.ibm.CORBA.iiop.ServerDelegate.dispatch(ServerDelegate.java:461)
at com.ibm.rmi.iiop.ORB.process(ORB.java:432)
at com.ibm.CORBA.iiop.ORB.process(ORB.java:1728)
at com.ibm.rmi.iiop.Connection.doWork(Connection.java:2227)
at com.ibm.rmi.iiop.WorkUnitImpl.doWork(WorkUnitImpl.java:65)
at com.ibm.ejs.oa.pool.PooledThread.run(ThreadPool.java:95)
at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java(Compiled Code))
<< END server: 209891810 at host tisproject.tf.local
vmcid: 0x0 minor code: 0 completed: No
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:80)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:44)
at java.lang.reflect.Constructor.newInstance(Constructor.java:315)
at com.ibm.rmi.iiop.ReplyMessage._getSystemException(ReplyMessage.java:199)
at com.ibm.rmi.iiop.ReplyMessage.getSystemException(ReplyMessage.java:148)
at com.ibm.rmi.iiop.ClientResponseImpl.getSystemException(ClientResponseImpl.java:207)
at com.ibm.rmi.corba.ClientDelegate.invoke(ClientDelegate.java:526)
at com.ibm.CORBA.iiop.ClientDelegate.invoke(ClientDelegate.java:1150)
at com.ibm.rmi.corba.ClientDelegate.invoke(ClientDelegate.java:748)
at com.ibm.CORBA.iiop.ClientDelegate.invoke(ClientDelegate.java:1180)
at org.omg.CORBA.portable.ObjectImpl._invoke(ObjectImpl.java:486)
at com.ibm.WsnOptimizedNaming._NamingContextStub.bind_java_object(Unknown Source)
at com.ibm.ws.naming.jndicos.CNContextImpl.cosBindJavaObject(CNContextImpl.java:3229)
at com.ibm.ws.naming.jndicos.CNContextImpl.doBind(CNContextImpl.java:1929)
at com.ibm.ws.naming.jndicos.CNContextImpl.bind(CNContextImpl.java:577)
at com.ibm.ws.naming.util.WsnInitCtx.bind(WsnInitCtx.java:164)
at javax.naming.InitialContext.bind(InitialContext.java:369)
at ru.teleform.mail.reporterclient.MailReporterClient2.main(MailReporterClient2.java:34)
, p1=<null> Server logs:
[15.08.06 12:03:54:762 MSD] bcf7d89 RoleBasedAuth E SECJ0306E: No received or invocation credential exist on the thread. The Role based authorization check will not have an accessId of the caller to check. The parameters are: access check method bind_java_object on resource NameServer and module /com/ibm/ws/naming/bootstrap/xml/NameServer.xml. The stack trace is java.lang.Exception: dump thread stack for debugging
at com.ibm.ws.security.role.RoleBasedAuthorizerImpl.checkAccess(RoleBasedAuthorizerImpl.java:291)
at com.ibm.ws.naming.cosbase.WsnOptimizedNamingImplBase.performAuthorizationCheck(WsnOptimizedNamingImplBase.java:2791)
at com.ibm.ws.naming.cosbase.WsnOptimizedNamingImplBase.bind_java_object(WsnOptimizedNamingImplBase.java:844)
at com.ibm.WsnOptimizedNaming._NamingContextImplBase._invoke(Unknown Source)
at com.ibm.CORBA.iiop.ServerDelegate.dispatchInvokeHandler(ServerDelegate.java:608)
at com.ibm.CORBA.iiop.ServerDelegate.dispatch(ServerDelegate.java:461)
at com.ibm.rmi.iiop.ORB.process(ORB.java:432)
at com.ibm.CORBA.iiop.ORB.process(ORB.java:1728)
at com.ibm.rmi.iiop.Connection.doWork(Connection.java:2227)
at com.ibm.rmi.iiop.WorkUnitImpl.doWork(WorkUnitImpl.java:65)
at com.ibm.ejs.oa.pool.PooledThread.run(ThreadPool.java:95)
at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java(Compiled Code))
[15.08.06 12:03:54:762 MSD] bcf7d89 RoleBasedAuth A SECJ0305I: Role based authorization check failed for security name <null>, accessId no_cred_no_access_id while invoking method bind_java_object on resource NameServer and module /com/ibm/ws/naming/bootstrap/xml/NameServer.xml.
[15.08.06 12:03:54:778 MSD] bf43d89 RoleBasedAuth E SECJ0306E: No received or invocation credential exist on the thread. The Role based authorization check will not have an accessId of the caller to check. The parameters are: access check method bind_java_object on resource NameServer and module /com/ibm/ws/naming/bootstrap/xml/NameServer.xml. The stack trace is java.lang.Exception: dump thread stack for debugging
at com.ibm.ws.security.role.RoleBasedAuthorizerImpl.checkAccess(RoleBasedAuthorizerImpl.java:291)
at com.ibm.ws.naming.cosbase.WsnOptimizedNamingImplBase.performAuthorizationCheck(WsnOptimizedNamingImplBase.java:2791)
at com.ibm.ws.naming.cosbase.WsnOptimizedNamingImplBase.bind_java_object(WsnOptimizedNamingImplBase.java:844)
at com.ibm.WsnOptimizedNaming._NamingContextImplBase._invoke(Unknown Source)
at com.ibm.CORBA.iiop.ServerDelegate.dispatchInvokeHandler(ServerDelegate.java:608)
at com.ibm.CORBA.iiop.ServerDelegate.dispatch(ServerDelegate.java:461)
at com.ibm.rmi.iiop.ORB.process(ORB.java:432)
at com.ibm.CORBA.iiop.ORB.process(ORB.java:1728)
at com.ibm.rmi.iiop.Connection.doWork(Connection.java:2227)
at com.ibm.rmi.iiop.WorkUnitImpl.doWork(WorkUnitImpl.java:65)
at com.ibm.ejs.oa.pool.PooledThread.run(ThreadPool.java:95)
at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java(Compiled Code))I have no idea, why properties is not passing onto the server.Hi, I was wondering if you ever managed to resolve this issue. I am having a similar problem. I'm wanting to store an object in JDNI so that it can be referenced by all the servers in our distributed environmant. It works ok for me in mt developemt environment (RAD 6), but that is only because I have global security turned off, as soon as it's deployed to a server with global security turned on it doesn't work, I have read soo much over the past few days and have found that it is to do with the permissions that are set up in the admin console under Server>Environment>naming there are two roles here one is All_Users and the other is All_Authenticated, by default All_Users has read access only.
This is as far as I have got at the moment, I am now looking at how to use these roles from my application without expecting the user of the app to log on, I have found some articles about using JAAS to do this, but I haven't found any good explanations about it or any good examples.
Aside from that is you are just wanting to make your MailService globally available you should look at Dynamic caching, this is a Distributed Map API that will allow you to hold an object in the jndi Tree in a Map using a key, I have gone this route, but am still needing to know how to work with JNDI directly for storing objects.
This is the code I am using:
//lookup name given to the distributed map object
private static final String JNDI_DIST_MAP_LOOKUP = "services/cache/distributedmap";
private void cacheTree(Collection tree) {
logger.debug("TreeNodeManager: cacheTree called");
//TreeNodeManager.tree=tree;
try {
DistributedMap distMap = (DistributedMap) getContext().lookup(
JNDI_DIST_MAP_LOOKUP);
if (logger.isDebugEnabled()) {
logger
.debug("TreeNodeManager: cacheTree: Storing tree in distributedMap '"
+ JNDI_DIST_MAP_LOOKUP
+ "' using Key:'"
+ DIST_MAP_KEY + "'");
distMap.put(DIST_MAP_KEY, tree);
} catch (NamingException e) {
logger.error(e);
} -
How can we handle browser settings while dealing with the security ?
Hi ,
how can we handle browser settings while dealing with the security ?When we configured security in web.xml , during the first request the container is asking for the authentication credentials once they are provided it go's on. but when the user gives a fresh request from the second window within the same browser that time it is not asking for authentication. How can we overcome this.Is there anything to do with server configurations?
How can we make the container no to keep the things or act like session?Ya... I am taking a small example need not happen always but a kind of possibility i am thinking off.
once the user sign out and just left without closing the browser and a friend (suppose not a good friend ... just kidding...) of that user may open the same jsp or file .This time the security is breached. If that feature or property exists....
I know what you might say ... the user will log-out before leaving where a programer might invalidate the session at the time of log out.
Consider the case of a bad Programing or just a programer might forget to invalidate,At that time as a application administrator how can he solve that issue.
Thanks.......
Edited by: user8483670 on Jun 6, 2011 1:08 AM
Edited by: user8483670 on Jun 6, 2011 1:09 AM -
Weblogic 10 jaas and login.jsp and web.xml/weblogic.xml security constaints
Hello,
I struggled through and got the examples.security.jaas.SampleCallbackHandler.java and examples.common.utils.ExampleUtils.java/ExampleConstants.java into eclipse where they compile. A bean I made can call SambleCallbackHandler like such:
mybean.logmein(username,password,url). I can then do a mybean.getStatus() or even a mybean.returnCode(). It does seem to correctly identlify that it is authenticating me (I see in stdout logs that it shows success or failures. The problem I have is I do not know how to apply this weblogic and web.xml/weblogic.xml so that if authentication works it redirects me to the page requiring the authentication. In web.xml I have the following set up:
<security-role>
<role-name>Admins</role-name>
</security-role>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>default</realm-name>
<form-login-config>
<form-login-page>/login.jsp</form-login-page>
<form-error-page>/badlogin.html</form-error-page>
</form-login-config>
</login-config>
<security-constraint>
<web-resource-collection>
<web-resource-name>empower</web-resource-name>
<description>These pages are only accessible by authorized users.</description>
<url-pattern>/admin/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<description>These are the roles who have access</description>
<role-name>Administrators</role-name>
</auth-constraint>
<user-data-constraint>
<description>This is how the user data must be transmitted</description>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
My weblogic.xml has:
<?xml version="1.0" encoding="UTF-8"?>
<wls:weblogic-web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:wls="http://www.bea.com/ns/weblogic/90" xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd http://www.bea.com/ns/weblogic/90 http://www.bea.com/ns/weblogic/90/weblogic-web-app.xsd">
<wls:security-role-assignment>
<wls:role-name>Admins</wls:role-name>
<wls:principal-name>Administrators</wls:principal-name>
<wls:principal-name>dashap</wls:principal-name>
</wls:security-role-assignment>
</wls:weblogic-web-app>
With this set up, if I try to go to a page in /admin folder in my application, it correctly pops up the login page. The jaas in the bean is doing a loginContext.login(), which I thought does authentication too, but it never goes back to the /admin page I was going to that needed the authentication. With jaas, can I not use the web.xml FORM security option? Do I Need to use j_security in the login.jsp's form's action= option and j_username and j_password for the input type names? How do I use j_username/j_password things if I am using jaas? I could just ignore using the web.xml security stuff and put something in the pages that need authentication, but it would be easier if I could use jaas with the security featurs without doing all that. Note that my code above is using a realm called default just because that was what was in the example I got from the web. Does that need to be something else?Hi John,
I would like magic of course. However, in this case I want something special: my authentication provider uses special means and contents of headers, cookies and service from external identity management systems to determine the user's identity.
I do not want the application to present the login dialog! I want to derive the identity and the fact that the user is logged in from whatever the authentication provider returns in terms of Subject.
Ideally, the flow is something like:
- user accesses an unprotected resource - resource is shown, no interaction with authentication provider
- user presses a link or button that takes him/her to a protected resource
- the authentication provider is contacted to work with the identity asserter to establish the identity of the current user and create a subject object for this user
- the application can access the subject and principals
- ADF Security recognizes the identity and the roles (based on the principals) and coordinates access based on this.
the authentication method is client certificate. presumably this prompts WebLogic/OPS to use an identity asserter to work with custom headers and cookies ("... when you configure a web application to use CLIENT-CERT authentication. In this case, WebLogic can perform identity assertion based on values from request headers and cookies. If the header name or cookie name matches the active token type for the provider, the value is passed to the provider."). No login form should be presented to the user, as all information required to perform the authentication is already available.
I am trying to understand what I must do to have the ADF application adopt the subject set by the authentication provider - if anything?!
If you more ideas to share - I would love to hear them.
best regards,
Lucas -
Failures with windows security requirements and binaries installed
We are in the process of getting our application certified for Windows Server 2012 for Gold certification and running into the following 2 issues:
1. Failure for "Applications must comply with Windows security requirements".
Looks like the MPR tool is trying to scan some .log files and .xml files when the test is running and these are being used/locked by the application at that time. So these are listed under "Checks that didn't complete". attached is a screenshot
of this.
2. Failure for "Were any binaries installed for this Component"
This is the log message for "No binaries were detected as installed". Ours is a Java app and Java binaries are the only executables.
======================================================================
Log generated by Microsoft Platform Ready Test Tool - Version 4.1.0.0 | Signed: Tuesday, March 26, 2013
======================================================================
Test name: PPSS 3.23 Gold
Test date: 05/01/2013 13:11:54
Tested on: Virtual Machine on Microsoft Windows Server 2012 Hyper-V
Test for: Windows Server 2012
======================================================================
Test case/Verification: 11.1.1 - Check if application installed binaries
======================================================================
To pass this test, binaries must have been installed for this Component by a method tester identified in the ‘Setup Information’ screen.
To validate an actual test was conducted, a waiver must be filed.
The Windows Server Logo Program requires a complete but brief, technically detailed explanation of the application/solution, installation method, and hosted platform (ex: IIS, SharePoint, etc.).
Document any client components, besides Internet Explorer. ISV client components must also be tested with MPR Tool, on either Client or Server OS concurrently.
Waiver link may be found on MPR Tool or on Windows Server Logo Program website.
======================================================================
Result: No binaries were detected as installed.
05/01/2013 13:11:54 ::
======================================================================
05/01/2013 13:11:54 :: Note: The files below were excluded from this test
======================================================================
C:\Windows\Installer\cce9a8.msi
======================================================================
Test case/Verification: 11.1.1 - Check if application installed binaries
05/01/2013 13:11:54 End of Log.
======================================================================
QUESTIONS:
How can we resolve these issues?
Is passing these 2 failures mandatory in order to get certified?
Can we file a waiver for these?
Thanks,
Neeha.Update: We were not giving the right installation directory and corrected that.
After changing the installation directory, we end up with these 2 failures:
Log message for Binaries installed is below. As mentioned in the message above, ours is a Java application that does not have any binaries installed.
Can we submit a waiver for this?
=====================================================================
Log generated by Microsoft Platform Ready Test Tool - Version 4.1.0.0 | Signed: Tuesday, March 26, 2013
======================================================================
Test name: PPSS 3.23 Gold Certification
Test date: 05/06/2013 12:56:03
Tested on: Virtual Machine on Microsoft Windows Server 2012 Hyper-V
Test for: Windows Server 2012
======================================================================
Test case/Verification: 11.1.1 - Check if application installed binaries
======================================================================
To pass this test, binaries must have been installed for this Component by a method tester identified in the ‘Setup Information’ screen.
To validate an actual test was conducted, a waiver must be filed.
The Windows Server Logo Program requires a complete but brief, technically detailed explanation of the application/solution, installation method, and hosted platform (ex: IIS, SharePoint, etc.).
Document any client components, besides Internet Explorer. ISV client components must also be tested with MPR Tool, on either Client or Server OS concurrently.
Waiver link may be found on MPR Tool or on Windows Server Logo Program website.
======================================================================
Result: No binaries were detected as installed.
05/06/2013 12:56:03 ::
======================================================================
05/06/2013 12:56:03 :: Note: The files below were excluded from this test
======================================================================
C:\Windows\Installer\1ab2aa62.msi
======================================================================
Test case/Verification: 11.1.1 - Check if application installed binaries
05/06/2013 12:56:03 End of Log.
======================================================================
Log message for executables installed is below. Is a waiver needed for this? The highlighted part of the log message talks about not needing a waiver for the optional test. Is it talking about 3rd party binaries alone?
======================================================================
Log generated by Microsoft Platform Ready Test Tool - Version 4.1.0.0 | Signed: Tuesday, March 26, 2013
======================================================================
Test name: PPSS 3.23 Gold Certification
Test date: 05/06/2013 12:56:00
Tested on: Virtual Machine on Microsoft Windows Server 2012 Hyper-V
Test for: Windows Server 2012
======================================================================
Test case/Verification: TC2.3 - All binaries and installers must be Authenticode signed
======================================================================
Authenticode sign all setup files and binaries installed by the application.
Binaries not built by product group or company can be considered 3rd party.
3rd party binaries without valid signatures will fail this test case. No waiver is required for this optional test case.
======================================================================
05/06/2013 12:56:00 :: Binary list
No binary found for verification.
05/06/2013 12:56:00 ::
List of installers that failed signature verification:
C:\ppss_323_installer\install_PPSS_3_23_0\setup.exe
======================================================================
Note: The files below were excluded from this test
======================================================================
C:\Windows\Installer\1ab2aa62.msi
======================================================================
No executable files were detected as installed during test.
Microsoft Platform Ready Test Tool requires that your application physically installs executable files on this Computer.
======================================================================
Test case/Verification: TC2.3 - All binaries and installers must be Authenticode signed
05/06/2013 12:56:03 End of Log.
======================================================================
Any help of guidance in addressing these 2 issues will be great.
Thanks,
Neeha. -
Weblogic with XML-RPC RuntimeModelerException
I am having problems invoking a SOAP Web Service from an XML-RPC Web Service. They are both deployed on WebLogic.
Here are the details:
We have ported a JBOSS .esb application that implements XML-RPC Web Services to a WebLogic .ear application. The porting was successful. Bellow you can see the the .ear archive structure:
xmlrpc-services-app.ear
+ lib
+ aopalliance-1.0.jar
+ aspects-5.2.0.jar
+ commons-codec-1.3.jar
+ commons-collections-3.2.jar
+ commons-lang-2.4.jar
+ commons-logging-1.1.jar
+ container-common-api-5.2.0.jar
+ jettison-1.2.jar
+ junit-3.8.1.jar
+ log4j-1.2.16.jar
+ mysql-connector-java-5.1.12.jar
+ openads-api-xmlrpc-1.xmlrpc3.cmt_fix.2.jar
+ snmpTrapAppender-1.2.9.jar
+ spring-aop-3.0.1.RELEASE.jar
+ spring-asm-3.0.1.RELEASE.jar
+ spring-beans-3.0.1.RELEASE.jar
+ spring-context-3.0.1.RELEASE.jar
+ spring-context-support-3.0.1.RELEASE.jar
+ spring-core-3.0.1.RELEASE.jar
+ spring-expression-3.0.1.RELEASE.jar
+ spring-jdbc-3.0.1.RELEASE.jar
+ spring-ldap-1.2.1.jar
+ spring-security-core-2.0.5.RELEASE.jar
+ spring-tx-3.0.1.RELEASE.jar
+ spring-web-3.0.1.RELEASE.jar
+ lib-common-tools-1.5.jar
+ lib-security-1.5.jar
+ stax-api-1.0.1.jar
+ ws-commons-util-1.0.2.jar
+ xml-apis-1.0.b2.jar
+ xmlrpc-client-3.1.3.jar
+ xmlrpc-common-3.1.3.jar
+ xmlrpc-server-3.1.3.jar
+ META-INF
+ MANIFEST.MF
+ application.xml
+ weblogic-application.xml
+ xmlrpc-services-app.war
+ META-INF - generated by Maven
+ WEB-INF
+ classes
+ jboss-web.xml
+ lib
+ apache-mime4j-0.6.1.jar
+ commons-codec-1.4.jar
+ commons-logging-1.1.jar
+ httpclient-4.2-beta1.jar
+ httpcore-4.2-beta1.jar
+ httpmime-4.2-beta1.jar
+ servlet-api-2.3.jar
+ offersService-Client-1.0.jar
+ web.xml
+ index.jsp - not really usedThe `offersService-Client-1.0.jar` contains a Web Service definition (not the implementation) and is used to invoke the Offers Web Service. The WS client and the jar were created using JDeveloper. The key files inside this jar are:
GetOfferRequest.class
ObjectFactory.class
Offer.class
OffersPortType.class
OffersSchema.xsd
OffersService.class
OffersService.wsdl
OffersService.xmlWhen invoking this WS from a class in the xmlrpc-services-app.ear, I get the following error:
com.sun.xml.ws.model.RuntimeModelerException: A WebService annotation is not present on class: offers.OffersPortType
at com.sun.xml.ws.model.RuntimeModeler.buildRuntimeModel(RuntimeModeler.java:237)
at com.sun.xml.ws.client.WSServiceDelegate.buildRuntimeModel(WSServiceDelegate.java:762)
at weblogic.wsee.jaxws.spi.WLSProvider$ServiceDelegate.buildRuntimeModel(WLSProvider.java:982)
at com.sun.xml.ws.client.WSServiceDelegate.createSEIPortInfo(WSServiceDelegate.java:746)
at com.sun.xml.ws.client.WSServiceDelegate.addSEI(WSServiceDelegate.java:737)
at com.sun.xml.ws.client.WSServiceDelegate.getPort(WSServiceDelegate.java:361)
at weblogic.wsee.jaxws.spi.WLSProvider$ServiceDelegate.internalGetPort(WLSProvider.java:934)
at weblogic.wsee.jaxws.spi.WLSProvider$ServiceDelegate$PortClientInstanceFactory.createClientInstance(WLSProvider.java:1039)
at weblogic.wsee.jaxws.spi.ClientInstancePool.takeSimpleClientInstance(ClientInstancePool.java:376)
at weblogic.wsee.jaxws.spi.ClientInstancePool.take(ClientInstancePool.java:232)
at weblogic.wsee.jaxws.spi.WLSProvider$ServiceDelegate.getPort(WLSProvider.java:852)
at com.sun.xml.ws.client.WSServiceDelegate.getPort(WSServiceDelegate.java:344)
at weblogic.wsee.jaxws.spi.WLSProvider$ServiceDelegate.getPort(WLSProvider.java:792)
at com.sun.xml.ws.client.WSServiceDelegate.getPort(WSServiceDelegate.java:326)
at javax.xml.ws.Service.getPort(Service.java:92)
at offers.OffersService.getOffersPort(OffersService.java:68)HOWEVER, when I invoke it from a simple Web Service created in JDeveloper and deployed on WebLogic or even from the command line (so outside the WebLogic context), I do not get this error.
Here is how I create the client for the service:
OffersService offersService = new OffersService();
OffersPortType offersPortType = offersService.getOffersPort(); // it crashes hereDo you have any idea of what might be wrong?
If you need any other details, please do not hesitate to ask.carYang wrote:
> Can you use cfinvoke with XML-RPC arguments or is it
just for SOAP methods?
>
> Does anyone have an example of passing XML-RPC?
http://www.fusionteam.co.uk/blog/2008/02/19/xml-rpc-using-coldfusion-and-microsoftxmlhttp- com-object/
But you can also do it with CFHTTP.
Mack -
How to log to a file using the log-configuration.xml?
Hello *,
I created following log-configuration.xml
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE log-configuration SYSTEM "log-configuration.dtd">
<log-configuration>
<log-formatters>
<log-formatter name="DefaultFormatter" pattern="%25d %-60l %s: %m" type="TraceFormatter"/>
</log-formatters>
<log-destinations>
<log-destination count="10" effective-severity="ALL" limit="1000000" name="DefaultDestination" pattern="FDLB_GUI.%g.trc" type="FileLog">
<formatter-ref name="DefaultFormatter"/>
</log-destination>
</log-destinations>
<log-controllers>
<log-controller effective-severity="ALL" maximum-severity="FATAL" minimum-severity="DEBUG" name="DefaultController">
<associated-destinations>
<destination-ref association-type="LOG" name="DefaultDestination"/>
</associated-destinations>
</log-controller>
</log-controllers>
</log-configuration>
From a Web Dynpro view I want to use the log-controller. I'm using the default logger:
Logging location.
private static final com.sap.tc.logging.Location logger =
com.sap.tc.logging.Location.getLocation(EinstiegView.class);
In the wdInit method I want to log a simple message:
public void wdDoInit()
//@@begin wdDoInit()
logger.setEffectiveSeverity(com.sap.tc.logging.Severity.ALL);
logger.fatalT("test logging to new file logger");
//@@end wdDoInit()
I see the message in the defaultTrace.0.log, but my own log file doesn't appear.
How to address the log-controller of my log-configuration.xml?
Thanks in advance,
Jürgen DufnerHi,
I guess the follwing part of your log-configuration is wrong:
<log-controller
effective-severity="ALL"
maximum-severity="FATAL" m
nimum-severity="DEBUG"
name="DefaultController">
Try to change in log-configuration the value for name in <log-controller> to the start sequence of the packages to be logged. E.g., all our packages should start with com.yourcompanyname.projectname
To log all messages from classes in these packages make the name = com.yourcompanyname.projectname.
Hope that helps,
Regards, Astrid
Therefore I list -
Custom action with XML type input and output parameter.
Hi,
I want to develop custom action with xml type input and/or output parameter.
Is there sample code for java side. How is the definition of input and/or output parameter and set/get methods?
does it need special .jar file to develop custom action like this?
Thanks.Cemil - yes, you can use XML data types. Use the class
com.sap.lhcommon.xml.XMLDataType
for your parameter type. Here is a snippet from a custom action we use to log XML (instead of just returning the #text node like the default logger does):
public class XMLLogger extends ActionReflectionBase
private String source;
private String eventType;
private String textMessage;
private XMLDataType xmlMessage;
public XMLLogger()
log = new Logger("UserLog");
source = DEFAULT_SOURCE;
eventType = TYPE_INFO;
textMessage = "";
xmlMessage = new XMLDataType();
public XMLDataType getXmlMessage()
return xmlMessage;
public void setXmlMessage(XMLDataType xmlMessage)
this.xmlMessage = xmlMessage;
public void Invoke(Transaction transaction, ILog ilog)
StringBuffer sb = new StringBuffer();
sb.append('[');
sb.append(source);
sb.append("] ");
sb.append(textMessage);
sb.append(XMLUtils.convertXmlToString(xmlMessage));
XMLUtils is a helper class we wrote - it's just a bunch of standard Java XML boilerplate code. The important part you need to know is XMLDataType.getDocument() will return an org.w3c.dom.Document.
I hope that was enough information to help.
-tim -
Hi,
I'm trying to make socket connection from within air application, but no way. I'm browsing google for almost 2 days, follow all possible solutions, but avidently I dont understund somthing cause I'm not able to do anything.
Every time sandbox security violation..... I need make some simple socket data exchange between my air, and OS. I do not have any web server and no any other kind of network ability. I write down stupid socket server, which is waiting for policy request, and for my other requests (it function 100%, tested with Telnet, so no way to have problem on my socket server side).
The strange thing is that my application do not produce any request for socket policy file, neither at 843 port (for default), neither at my custom location with namual
Security.loadPolicyFile("xmlsocket://ip:port"); call
This is my primitive code:
<?xml version="1.0" encoding="utf-8"?>
<mx:WindowedApplication xmlns:mx="http://www.adobe.com/2006/mxml"
layout="vertical">
<mx:Script>
<![CDATA[
private var s:XMLSocket = null;
private function test():void{
Security.loadPolicyFile("xmlsocket://127.0.0.1:25013");
if(!s){
s = new XMLSocket();
s.addEventListener(DataEvent.DATA, onData);
s.addEventListener(Event.ACTIVATE, onActivate);
s.addEventListener(Event.CONNECT, onConnect);
s.addEventListener(Event.DEACTIVATE, onDeactivate);
s.addEventListener(IOErrorEvent.IO_ERROR, onError);
s.addEventListener(SecurityErrorEvent.SECURITY_ERROR, onSecurity);
s.connect("127.0.0.1", 25013);
private function onActivate(e:Event):void{
debug.text += "Activated\r";
private function onConnect(e:Event):void{
debug.text += "Connected\r";
var o:XML = <request cmd="10"/>;
s.send(o);
private function onDeactivate(e:Event):void{
debug.text += "Deactivated\r";
private function onError(e:IOErrorEvent):void{
debug.text += e.text + "\r";
private function onSecurity(e:SecurityErrorEvent):void{
debug.text += e.text + "\r";
private function onData(e:DataEvent):void{
debug.text += e.data;
s.close();
]]>
</mx:Script>
<mx:Button label="Test" click="test()"/>
<mx:TextArea id="debug" width="100%" height="100%"/>
</mx:WindowedApplication>
Any help will be apresciated.
Ladislav.Hi,
It pass some time but if i remember well, my problem was that i did
not terminate stream output form my server vs air application, and it
returns this security error.
When I send '\0' at the end of my message it work correctly. Yes the
server was my own written socket server (c++ using boost libraries).
Laco.
Sorry late response I'm on hollydays
Staney G ha scritto:
So, how did you walk around the problem? Did you have a control on how server responds?
My test case failed similarly. However, the target server is a public web service.
Will appreciate your answers!
> -
Hello, I have a sql 2005 server, and I am a developer, with the database on my own machine. It alwayws works for me but after some minutes the other developer cant work in the application
He got this error
Login failed for user ''. The user is not associated with a trusted SQL Server connection. [CLIENT: 192.168.1.140]
and When I see the log event after that error, it comes with another error.
SSPI handshake failed with error code 0x8009030c while establishing a connection with integrated security; the connection has been closed. [CLIENT: 192.168.1.140]
He has IIS5 and me too.
I created a user on the domain called ASPSYS with password, then in the IIS on anonymous authentication I put that user with that password, and it works, on both machines.
and in the connection string I have.
<add key="sqlconn" value="Data Source=ESTACION15;Initial Catalog=GescomDefinitiva;Integrated Security=SSPI; Trusted_Connection=true"/>
I go to the profiler, and I see that when he browses a page, the database is accesed with user ASPSYS, but when I browse a page, the database is accesed with user SE\levalencia.
Thats strange.
The only way that the other developer can work again on the project is to restart the whole machine. He has windows xp profession, I have windows 2000.
If you want me to send logs please tellmeWell here's my problem, maybe you can help. Intermittenly I get a login failed when connecting to a db engine through Server Management Studio using Windows authentication. When this happens the following entries are generated on the server's application event log:
Event Type: Error
Event Source: MSSQLSERVER
Event Category: (4)
Event ID: 17806
Date: 1/14/2009
Time: 10:41:31 AM
User: N/A
Computer: <server name>
Description:
SSPI handshake failed with error code 0x8009030c while establishing a connection with integrated security; the connection has been closed. [CLIENT: <ip address>]
Event Type: Failure Audit
Event Source: MSSQLSERVER
Event Category: (4)
Event ID: 18452
Date: 1/14/2009
Time: 10:41:31 AM
User: N/A
Computer: <server name>
Description:
Login failed for user ''. The user is not associated with a trusted SQL Server connection. [CLIENT: <ip address>]
I've already ensured that the server is set to mixed authentication mode. Oddly enough, the workaround that I've found is that if I remote desktop into the server, log in and then log back out, Management Studio is suddenly able to connect again. No idea why it works.
As I said before, it is intermitten. Some days it errors on login, other days it doesn't and there are no configuration changes between them. Also, both client and server are in the same domain and same site so there is no VPN or anything in between. I'm really quite stumped. Any help would be great, or if you can point me in the right direction of where to look. Thank you in advance! -
Pi 7.1 ehp1 log-configuration.xml, howto create/edit in NWDS?
Hello,
In NWDS 2.0 You have a special mode in NWDS to edit the file. You get tabs with Log Formatter, Log Destination, Log Controller and Source.
How does it work in NWDS 7.1 EHP1?
The log-configuration shipped with the example module is packed inside the sample adapter module jar. This seems not right? It should be in the ear?
In nwds I create an ear, and then use the nwpacktool to repack it as an sda to be able to deploy with jspm. There is a firewall so I can't deploy from nwds.
I'm building an adapter module. It works fine besides that the logcontroller doesn't display in the nwa, and I can't set the log levels.
I've tried placing the log-configuration.xml both in the META-INF of the jar and the META-INF of the ear but it still doesn't work.
Thanks for your help.
Best regards
Otto FrostHello,
The NWDS 7.1 EHP1 doesn't recognize the file in the META-INF.
In 7.11 the log-configuration.xml isn't used anymore according to SAP.
When the module is started the tracing location is displayed in the log-configurator automagically.
My module wasn't started after deployment.
To start it I had to go into the NWA - Operation Management -
Systems - Start&Stop - Java EE applications - myPiModule
It was stopped, but started up when I clicked the "Logs" link.
After this it is visible in the tracing locations in the nwa log configurator.
Best regards
Otto Frost
Maybe you are looking for
-
Backup to my has suddenly fails
Timemachine has been running successfully for a couple weeks. Suddenly it stopped working. Target is a qnap TS-239 pro II with version 4.0.3 of the firmware on it, supposedly working as a timemachine target for mavericks. Well it was, untill now. Fi
-
I chose by mistake ''voice over'' and now I can't unlock my iPod
Yesterday while I was changing some settings I saw that Voice Over, I didn't know what it was so I chose it and then I couldn't choose anything else. After that iPod locked and now I can't unlock it . I can't choose and select anything. Can someone g
-
Hello , i have a barcode in a smartfom . now the issue is i have to reduce the size of the bar code and fit one more in the same space , separated by a line . Any suggestions , Honey
-
Content presenter to show old version of a document.
We are using content presenter to show content from UCM. In one case we want to show old version of document. We want to pass document-name and rev-label to content presenter and would like to show that particular version only. Content presenter take
-
Dehydration Table Used to Store State of BPEL Composite
Hi, Unable to find the dehydration table name where the state of BPEL Composite is stored. I know we had this in SOA 10g, the same table is missing in SOA 11g. Can someone point me the right table name. Thanks, Sham.