Need api for changing security role in web.xml !!

Similar Messages

• API for adding external roles/parties to an organization in oracle projects

  Hi,
  I need a help on the API for creating external roles/parties to an organization in oracle projects. There are two APIs in oracle for roles - pa_project_pub.load_org_roles and pa_project_pub.load_key_members. load_key_members api is used to load team members which are employees to a project and load_org_roles is used to add an organization role to a project. But how to use these API to load a party/external role to the organization role (or) is there any other api to do this functionality. Please suggest me on this.
  Thanks,
  Ramky

  Hi all,
  The order of blogs is:
  /people/valery.silaev/blog/2005/09/14/a-bit-of-impractical-scripting-for-web-dynpro
  and then
  /people/bala.krishnan2/blog/2006/09/25/bid-adieu-to-bots--using-captchas
  Help me soon...

• API for CRM Html Roles

  Hello,
  *(1)*
  how to deallocate/revoke CRM html roles using API?
  I found following API for assigning CRM roles:
  jtf_auth_bulkload_pkg.assign_role(username, role)
  Now I am unable to find API for deleting role assigned to particular user.
  Please suggest the way to find any API related good reference and also API for revoking role.
  *(2)*
  what is functionality of jtf_auth_principals_pkg's delete_role function?
  from where it is called?
  Thank You.
  Swati Thakkar
  Edited by: Swati on Dec 30, 2011 3:49 AM

  From the user guide:
  http://download.oracle.com/docs/cd/A99488_01/acrobat/jta115ug.pdf
  Roles are groupings of permissions, which are page level or function level granular
  privileges used to maintain application security. A single user can be granted
  several roles, each of which separately determines access rights to the user interface
  details, the ability to perform certain transactions and the ability to access certain
  data sets. During the registration process, users are granted the appropriate set of
  roles that map to their job function. Although Oracle User Management contains the
  following predefined roles, users with the appropriate access privileges can also
  create and customize their own roles.
  49.7.3.1 JTA_UM_DELEGATION_ACCESS
  The JTA_UM_DELEGATION_ACCESS role is assigned the
  JTA_UM_DELEGATION_ACCESS permission and provides users with all of the
  access privileges associated with this permission.
  49.7.3.2 JTA_UM_SETUP_ADMIN
  The JTA_UM_SETUP_ADMIN role is assigned the JTA_UM_SETUP permission and
  provides users with all of the access privileges associated with this permission.
  49.7.3.3 JTF_APPROVER
  The JTF_APPROVER role is assigned the JTF_APPROVER permission and provides
  users with all access privileges associated with this permission.
  49.7.3.4 JTF_PRIMARY_USER
  The JTF_PRIMARY_USER role is assigned the JTF_PRIMARY_USER_SUMMARY
  permission and provides users with all access privileges associated with this
  permission.
  49.7.3.5 JTF_SYSTEM_ADMIN_ROLE
  The JTF_SYSTEM_ADMIN role is the global system administration role and
  contains all permissions required to access and operate the System Administration
  Console including JTF_SECURITY_ASSIGN_ROLE and JTA_UM_SETUP.

• Need to build the security roles (actual technical roles) with HRCON object

  I need to build the security roles (actual technical roles) with HRCON objectfor date driven security.
  Please help me that how could i learn and what should be the approach.
  i.e. What is the requirement for learing to build the security roles (actual technical roles) with HRCON object for date driven security.

  Hi marco,
  It is related to Context solution and I need to implement HR Security in terms of context solution.
  So Could you please describe Following points:
  1. What is context solution
  2. How can i implement this context solution and HR Basic security as well
  3 What is the prerequiest to learn about HR security
  4. I am new for HR Security, SO what would be the approach to implement HR Security.
  Thanks

• I have 100 groups in planning for those 100 groups i want to build roles like interactive,view user,planner etc.for those how to change in export -import folder .xml file  in that edit  how  to change user roles in that xml it will generate automatic id.h

  I have 100 groups in planning for those 100 groups i want to build roles like interactive,view user,planner etc.for those how to change in export -import folder .xml file  in that edit  how  to change user roles in that xml it will generate automatic id.how to do that in xml file ?

  Thanks john for you are reply.
  I had tried what you sad.I open shared service in that foundation project i had export shared service.after that in import-export file.In that role.csv,user.csv,group.csv.Like this file have.When i open user file added some users after i trying save in excel it shown messgse
  I click yes and save the .csv file and import from share servie. i got error like this
  am i doing right way john.or explain clearly

• Help me for change security questions

  plz apple help me for change security questions

  Contact Apple Support to have your security questions reset:
  ACCOUNT SECURITY CONTACT NUMBERS
  Cheers,
  GB

• Need API for EAM Active Association - Asset number and Asset Group

  Hi
  I am working in R12 and need api for EAM Active Association - Asset number and Asset Group to insert the new records.
  If any one is aware please let me know API with sample script.
  Regards
  Suresh P

  All APIs are listed in Oracle Integration Repository
  http://irep.oracle.com/index.html
  API User Notes - HTML Format [ID 236937.1]
  R12.0.[3-4] : Oracle Install Base Api / Open Interface Setup Test [ID 427566.1]
  Oracle Trading Community Architecture API User Notes, June 2003 [ID 241320.1]
  Technical Uses of Customer Interface and TCA-API [ID 269121.1]
  Pelase also check below:
  Api's in EBS
  Re: Api's in EBS
  http://sairamgoudmalla.blogspot.com/2009/05/script-to-find-oracle-apis-for-any.html
  API
  Fixed Asset API
  List of API
  Re: List of APIs
  Oracle Common Application Components API Reference Guide
  download.oracle.com/docs/cd/B25284_01/current/acrobat/jta115api.pdf
  List of APIs and open interface R12
  Re: List of APIs and open interface R12
  Regard
  Helios

• I need reminders for my security questions

  I need reminders for my security questions

  If your answers aren't being accepted then the page that you posted from tells you how to reset them i.e. if you have a rescue email address (which is not the same thing as an alternate email address) set up on your account then steps 1 to 5 half-way down that page should let you reset them.
  If you don't have a rescue email address (you won't be able to add one until you can answer 2 of your questions) then you will need to contact iTunes Support / Apple to get the questions reset.
  Contacting Apple about account security : http://support.apple.com/kb/HT5699
  When they've been reset (and if you don't already have a rescue email address) you can then use the steps half-way down the HT5312 page that you posted from to add a rescue email address for potential future use

• Wrong security configuration in web.xml

  Hi all
  I am developing an application with JDeveloper 10.1.3.3 using ADF-BC/JSF. I have followed the example of SRDemo and my .jspx files are located in two folders : public_html/app and public_html/pricelist/
  My application will have two user roles. The administrators who access everything and the users that need to access only the pages located in faces/app and get access denied mesages in all pricelist management pages.
  I have used file based security and defined users and roles in jaz-data.xml. I have also verified that the data in that file are correct using the isUserInRole() function.
  What I cannot get to work correctly is the security in the web.xml since the way I have it both users and admins are granted full access to the faces/app/pricelist pages.
  The security constrains on my web.xml look like this :
      <security-constraint>
          <web-resource-collection>
              <web-resource-name>PricelistData</web-resource-name>
              <description> Price list management pages</description>
              <url-pattern>faces/app/pricelist/*</url-pattern>           
          </web-resource-collection>
          <auth-constraint>
              <role-name>admin</role-name>
          </auth-constraint>
      </security-constraint>
      <security-constraint>
          <web-resource-collection>
              <web-resource-name>UserData</web-resource-name>
              <url-pattern>faces/app/*</url-pattern>
          </web-resource-collection>
          <auth-constraint>
              <role-name>user</role-name>
              <role-name>admin</role-name>
          </auth-constraint>
      </security-constraint>
      <login-config>
          <auth-method>BASIC</auth-method>
          <realm-name>jazn.com</realm-name>
      </login-config>
      <security-role>
          <role-name>user</role-name>
      </security-role>
      <security-role>
          <role-name>admin</role-name>
      </security-role>Can anyone tell me what am I doing wrong, or suggest anything else I should check ?
  Thanassis

  Well you're orion-application.xml file looks okay to me, and addition if the isUserInRole is returning proper values, it's hooked up correctly.
  (By the way, a useful bean/free piece of code to do just what you're doing is the JSF-Security scope as written by Duncan Mills on Sourceforge)
  As such I'd be looking at the security constraints URLs. You haven't by chance changed the url-pattern for the Faces Servlet? The default is this:
  <servlet-mapping>
      <servlet-name>Faces Servlet</servlet-name>
      <url-pattern>/faces/*</url-pattern>
  </servlet-mapping>...and your url-patterns assumes it starts with faces. Note it is correct in your url-patten to not include a forward slash before faces in the security constraint.
  Another thing that springs to mind, when you navigate to the protected page through your menu structure, what URL do you see in the browser? Is it the URL of the page you came from, or the URL of the page you navigated to ... and in addition ..... another thing to try is in your browser, rather than navigating through your menu structure, go straight to the URL of the page. Does the login page then show?
  The reason I mention this is if you're using the default navigation style in JSF for JDev 10.1.3 (if memory serves me well, it's direct), the Servlet may not actually inforce your protected page navigation as the navigated-to page is never actually served by the Faces servlet to the JEE engine to enforce security. I think I had a b1tch about this issue in the following OTN Re: ER: JSF direct navigation ignores JAZN container based security. Could this be what you're hitting?
  As such try changing the navigation type to redirect.
  CM.

• Advice needed: what does your company log for SAP security role changes?

  My client has a situation where for many years, they never logged changes to SAP security roles.  By that I mean, they never logged even basic details, like who requested a change, tested it, approved it, and what changed!!  Sadly their ticketing system is terrible, completely free-form text and not even searchable. 
  Does anyone here use Word docs, Excel sheets, or some other way to capture security role change details?   What details do you capture?  What about Projects, that involve dozens of changes and testing over several months?
  I plan to recommend, at least, they need to use a unique# (a ticket#, or whatever) for every change and update the same in PFCG role desc tab, plus in CTS description of transports... but what about other details, since they have a bad ticketing system?  I spoke with internal audit and change Mgmnt "manager" about it, and they are clueless and will not make recommendations.  It's really weird but they will get into big trouble eventually without any logs for security changes!

  Does anyone here use Word docs, Excel sheets, or some other way to capture security role change details? What details do you capture? What about Projects, that involve dozens of changes and testing over several months?
  I have questions:
  a) Do you want to make things straight
  b) Do you want to implement a versioning mechanism
  c) You cannot implement anything technical, but you`re asking about best "paper" practise?
  The mentioned scenarios can be well maintained if you use SAP GRC Solutions 10 (Business Role Management)
  Task Based, Approvals, Risk Analysis, SOD and role generation and maintenance in a structured way (Business Role Management). Workflow based, staged process with approvals.
  PFCG transaction usage will be curtailed to minimum if implemented fully.
  Do we really want to do things "outside" PFCG?
  @all:
  a) do you guys use custom approval workflows for roles?
  b) how tight your processes are? how much paperwork, workflow, tickets, requests and incidents you have to go through to change a role?
  c) who is a friend of GRC here, raise your hand
  Cheers Otto
  p.s.: very interesting discussion, I would like to learn something here about how it works out there in the wild

• Weblogic API for modifying users/roles

  I need to write an application which will enable adding users to weblogic
  domain and configuring roles.
  Does Weblogic provide such API?
  If so, what are the relevant packages?
  P.S.
  I wasn't sure which exact newsgroup my question belongs to.
  If anyone has a better suggestions please provide it.

  I searched the newsgroup and found that somebody addressed this issue.
  "Andrey" <[email protected]> wrote in message
  news:[email protected]...
  >
  WebLogic 7.0
  I have read a number of questions on how to do these but not many answers,so
  after figuring it all out, I thought I would post a message describing allthese
  tasts (It would be great if BEA would start something like 'HOW-TOs forLinux'
  for WebLogic)
  -1. Imports required :
  import weblogic.jndi.Environment;
  import weblogic.management.MBeanHome;
  import weblogic.management.WebLogicObjectName;
  import weblogic.management.configuration.DomainMBean;
  import weblogic.management.configuration.SecurityConfigurationMBean;
  import weblogic.management.security.RealmMBean;
  importweblogic.management.security.authentication.AuthenticationProviderMBean;
  import weblogic.management.security.authentication.GroupEditorMBean;
  import weblogic.management.security.authentication.UserEditorMBean;
  importweblogic.management.security.authentication.UserPasswordEditorMBean;
  import weblogic.security.providers.authentication.*;
  0. Code to retrieve DefaultAuthenticatorMBean (this code is running insideWebLogic
  server - I have it inside EJB):
  DefaultAuthenticatorMBean authBean;
  Context ctx = new InitialContext();
  MBeanHome mbeanHome = (MBeanHome)ctx.lookup(MBeanHome.ADMIN_JNDI_NAME);
  >
  //Find UserEditorMBean
  DomainMBean dmb = mbeanHome.getActiveDomain();
  SecurityConfigurationMBean scmb =dmb.getSecurityConfiguration();
  RealmMBean rmb = scmb.findDefaultRealm();
  AuthenticationProviderMBean[] providers =rmb.getAuthenticationProviders();
  >
  for (int i = 0; i < providers.length; i++) {
  if (providers[i] instanceof DefaultAuthenticatorMBean) {
  authBean = (DefaultAuthenticatorMBean) providers;
  break;
  1. Create/Drop/Update users
  to perform these tasks, the user must be logged in into weblogic and be in
  Administrators
  group. Then, the code is as follows:
  create user: authBean.createUser(username, password, description);
  remove user: authBean.removeUser(username);
  change user's description: authBean.setUserDescription(username,newDescription);
  >
  remove user from group: authBean.removeMemberFromGroup(groupname,username);
  >
  add user to group: authBean.addMemberToGroup(groupname,username);
  >
  2. Change other users' passwords (MUST BE ADMIN TO DO THIS - by Admin Imean be
  a member of Administrators group)
  authBean.resetUserPassword(username, newPassword);
  3. Change your own password:
  this is a bit trickier, because if you are not an admin, you can't changeyour
  own password!!!! This is a part that I personally don't understand - seemslike
  a screw up on BEA's part. So, to allow users to change their ownpasswords, you
  must change security context in the middle of processing to that of Adminuser
  and run this function as Admin user. Although a bit ackward, it's veryeasy to
  do. Suppose you have two EJBs - EJB A and EJB B. EJB A does normalprocessing
  for the user and always runs in logged in user's security context. Now,suppose
  you want to add a method to EJB A to change current password. The methodmay
  look like:
  public void changePassword(String logon, String oldpwd, String newpwd)
  throws some exceptions
  Now, there is no way to do it in EJB A, because for most users, it willrun in
  a 'non-admin' security context. So, to get around it, you create another
  EJB - EJB B. This EJB has one method:
  public void changePassword(String logon, String oldpwd, String newpwd)
  throws some exceptions
  and one major difference - this EJB always runs in a secrity context ofadmin
  user. To get an EJB B running 'as admin user', all you have to do in EJBA is
  the following
  EJB A:
  public void changePassword(String logon, String oldpwd, String newpwd)
  Hashtable props = new Hashtable();
  props.put(Context.SECURITY_PRINCIPAL, "wlmanager");
  props.put(Context.SECURITY_CREDENTIALS, "password");
  // get context that with different credentials
  Context ctx = new InitialContext(props);
  EJBBHome home = (EJBBHome) ctx.lookup("EJBBHome");
  EJBBLocal adminEJB = home.create();
  adminEJB.changePassword(logon, oldpwd, newpwd);
  adminEJB.remove();
  of course, this poses a problem of hardcoding user id and password foradmin user
  in your application - you can come up with your own ways to secure that.
  THAT's IT!!! You can use the method explained in part 3 to allownon-admin users
  to do pretty much everything, however for the sake of security, I woulddefinetly
  vote against it and use part 3 to ONLY allow users change their ownpasswords
  >
  Enjoy
  Andrey
  "Yonatan Taub" <[email protected]> wrote in message
  news:[email protected]...
  I need to write an application which will enable adding users to weblogic
  domain and configuring roles.
  Does Weblogic provide such API?
  If so, what are the relevant packages?
  P.S.
  I wasn't sure which exact newsgroup my question belongs to.
  If anyone has a better suggestions please provide it.

• I need API for Narrator in Ease of Access

  Hi,
  I need to see if Narrator accessibility is on/off. (Only on WP 8.1)
  How can it be done? Is there any API for this?
  I was googling for a long time and can't see anything.

  While I recognize the potential for abuse, an API for determining whether or not Narrator is running would be very useful for developing accessible apps that work across devices.
  In my limited experience developing the test application for a Cordova accessibility plugin on Windows Phone 8.1, I can provide a couple good reasons for providing a way to detect if Narrator is running.
  Aria live regions simply don’t appear to work on Windows Phone 8.1. If you test any web pages that use live regions, Narrator on Windows Phone fails to announce changes to the live region. 
  Live regions seem to work on the desktop, but are harder to work with for providing text to speech for complex interactions than the Windows.Media.SpeechSynthesis API. For example:
  It’s difficult to stop speaking a live region update. Once, a screen reader starts speaking a string from a live region, removing the text node or replacing it with an empty string will not stop speaking that string.
  I’ve implemented "speak" and "stop" methods to speak or stop speaking a string of text in my Cordova accessibility plugin for Windows, but without knowing whether or not Narrator is on or off, the methods will work all the
  time, even when Narrator is off, which is not desirable.
  Cordova apps are often developed to use gestures for navigation. The pointer event listeners that respond to these gestures may not be accessible when Narrator is active, in which case is important to provide an alternate mode of navigation. Windows
  Phone already provides an example of this; if you scroll to the bottom of the start screen, there is a button that navigates to the application list, which may be there for accessibility, because the two-finger swipe gesture to access the application
  list may not be easily discoverable to someone using Narrator.
  Here are links to the test application and mobile accessibility plugin for reference:
      Test App: https://github.com/majornista/phonegap-mobile-accessibility-test
      Plugin: https://github.com/majornista/phonegap-mobile-accessibility-test

• Error creating acl for (resource). I get this error when entering security info in web.xml.

  We're using iWS 6.0. Is there some security configuration that needs to be done in order to use standard security directives in our web application's web.xml?
  Thanks!

  Hi ,
  I have tried adding the following into web.xml but the security feature just doesnt work and the user can go to any page without any restriction.
  <security-constraint>
  <web-resource-collection>
  <web-resource-name>Declarative Security Test</web-resource-name>
  <url-pattern>/SuperServlet</url-pattern>
  <url-pattern>/*</url-pattern>
  <http-method>post</http-method>
  <http-method>get</http-method>
  </web-resource-collection>
  <user-data-constraint>
       <transport-guarantee>CONFIDENTIAL</transport-guarantee>
       </user-data-constraint>
  <auth-constraint>
  <role-name>guest</role-name>
  <role-name>member</role-name>
  </auth-constraint>
  </security-constraint>
  <login-config>
  <auth-method>BASIC</auth-method>
  </login-config>
  <security-role>
  <role-name>guest</role-name>
  <role-name>member</role-name>
  </security-role>
  The roles mentioned above have been added correctly into tomcat-users.xml..The version of tomcat I am using is tomcat5.0.28.Please help.

• API for sun.security.krb5.KrbApReq

  I am trying to use the following contructor for sun.security.krb5.KrbApReq:
  public KrbApReq(Credentials credentials, boolean flag, boolean flag1, boolean flag2, Checksum checksum)
  I got the Credential object, but not sure how to get the Checksum. Could somebody help? Reply is appreciated.

  The public Java GSS API (orf.ietf.jgss) does provide support for Kerberos.
  The Java Kerberos API is in a Sun internal package. Why do you need to call into the Java Kerberos API directly ?
  Seema

• Need API for Entitlement Conversion

  HI All,
  We are in process of converting Contracts from Legacy to Oracle. In due process we are converting Entitlements too like Coverage times, Reaction times, resolution times, etc. Can anyone help me in finding the right API for doing this.
  Thanks,
  DP

  Hi PCV,
  You need to first create a currency translation types using transaction RRC1.
  Tab1 - Exchange Rate: -
  You need to give a exchange rate based on which currency conversion will take place. Check with your business which exchange rate type to be used. You need to extract these exchange rate types from R/3 on a daily basis.
  Tab2 - Source Currency
  In your case it should be " Source Currency from data record".
  Tab3 - Target Currency
  You can set the target currency fixed as
  USD.  
  Tab4 - Time reference
  You need to check this with business.                 
  You have got two places where you can perform a currency translation.
  1) In the update rules and store the converted amounts in USD in cube.
  2) Store the original transaction records in the cube and do the currency conversion at the query level.
  I would suggest to go for option 2. In the query select the key figure that you want to carry out the currency conversion on. Right click -> properties -> currency translation -> selct the translation key that you have already defined.
  Hope it helps.
  Thx,
  Soumya