Oracle Security Implementation in JDev 10.1.2.0.0
Dear J Dev Fellows I am New to J dev. Having version mentioned in title.
I want to implement oracle security for multiple users. Please guide me to achieve this.
Aamer
Hi,
in JDeveloper 10.1.2 you have container managed security with JAZN. Have a look at the OC4J Security Guide that you can access from the Oracle Application Server documentation on otn.oracle.com --> Documentation
or you have a look at
http://www.oracle.com/technology/products/jdev/collateral/papers/10g/adfstrutsj2eesec.pdf
Frank
Similar Messages
-
Hi.
My Jdev is Build JDEVADF_11.1.2.3.0_GENERIC_120914.0223.6276.1
I am trying to deploy to standalone web logic 10.3.6.0
But I get the following message
<May 28, 2013 10:45:40 AM EDT> <Warning> <Deployer> <BEA-149004> <Failures were
detected while initiating deploy task for application 'DrhCustomers'.>
<May 28, 2013 10:45:40 AM EDT> <Warning> <Deployer> <BEA-149078> <Stack trace fo
r message 149004
java.security.AccessControlException: access denied (oracle.security.jps.JpsPerm
ission AppSecurityContext.setApplicationID.null)
at java.security.AccessControlContext.checkPermission(AccessControlConte
xt.java:374)
at java.security.AccessController.checkPermission(AccessController.java:
546)
at oracle.security.jps.util.JpsAuth$AuthorizationMechanism$3.checkPermis
sion(JpsAuth.java:458)
at oracle.security.jps.util.JpsAuth.checkPermission(JpsAuth.java:518)
at oracle.security.jps.util.JpsAuth.checkPermission(JpsAuth.java:544)
Truncated. see log file for complete stacktrace
Caused By: java.security.AccessControlException: access denied (oracle.security.
jps.JpsPermission AppSecurityContext.setApplicationID.null)
at java.security.AccessControlContext.checkPermission(AccessControlConte
xt.java:374)
at java.security.AccessController.checkPermission(AccessController.java:
546)
at oracle.security.jps.util.JpsAuth$AuthorizationMechanism$3.checkPermis
sion(JpsAuth.java:458)
at oracle.security.jps.util.JpsAuth.checkPermission(JpsAuth.java:518)
at oracle.security.jps.util.JpsAuth.checkPermission(JpsAuth.java:544)
Truncated. see log file for complete stacktrace
>
I don't have any security settings in my application
Please adviceThanks for the response James.
Though the classpath/path looks like it has references to JDK 1.5, it is actually referring to jrocket JDK 1.6. I can confirm this because when I type "C:\ORACLE\MIDDLE~1\JROCKI~1.5-3\lib" in windows explorer it takes me to "C:\ORACLE\Middleware\jrockit_160_14_R27.6.5-32\lib"
Moreover, C:\ORACLE\Middleware is the place where I installed weblogic 11gR1.
I looked at the startWeblogic.cmd, setDomainEnv.cmd and commEnv.cmd to trace how the JDK path is getting manipulated and I found that in setDomainEnv.cmd there is a line "for %%i in ("%JAVA_HOME%") do set JAVA_HOME=%%~fsi " which is converting the full JDK path to short path. Below are the references in the .cmd files :
setDomainEnv.cmd
set BEA_JAVA_HOME=C:\Oracle\Middleware\jrockit_160_14_R27.6.5-32 <---------------------Setting the correct JDK version
if "%JAVA_VENDOR%"=="Oracle" (
set JAVA_HOME=%BEA_JAVA_HOME%
) else (
if "%JAVA_VENDOR%"=="Sun" (
set JAVA_HOME=%SUN_JAVA_HOME%
) else (
set JAVA_VENDOR=Oracle
set JAVA_HOME=C:\Oracle\Middleware\jrockit_160_14_R27.6.5-32
set JAVA_HOME=%JAVA_HOME%
for %%i in ("%JAVA_HOME%") do set JAVA_HOME=%%~fsi <------------------------Converting to short form
.....And other commands
if NOT "%WEBLOGIC_CLASSPATH%"=="" (
if NOT "%CLASSPATH%"=="" (
set CLASSPATH=%WEBLOGIC_CLASSPATH%;%CLASSPATH%
) else (
set CLASSPATH=%WEBLOGIC_CLASSPATH%
commEnv.cmd
set WEBLOGIC_CLASSPATH=%JAVA_HOME%\lib\tools.jar;%BEA_HOME%\utils\config\10.3\config-launch.jar;%WL_HOME%\server\lib\weblogic_sp.jar;%WL_HOME%\server\lib\weblogic.jar;%FEATURES_DIR%\weblogic.server.modules_10.3.2.0.jar;%WL_HOME%\server\lib\webservices.jar;%ANT_HOME%/lib/ant-all.jar;%ANT_CONTRIB%/lib/ant-contrib.jar <-----------WEBLOGIC_CLASSPATH is set here
Thanks,
-Raghu -
Oracle Security : what do you think about the following policy violation ?
If you install OEM10, you will be able to see if you violate some security guidelines :
Interresting is revoking UTL_FILE from public, which is critical. Also revoke UTL_TCP and UTL_SMTP. This is going to upset an expert I know...
Take care about the failed login attempts. If you set it to 10 to the default profile, and if your DBSNMP password is NOT the default password, then Oracle will lock your account after node discovery!
In Solaris, you can disable execution of the user stack with the system parameters set noexec_user_stack=1
set noexec_user_stack_log=1. I did not find how to do it on AIX. However, those settings may have side effects.
About the ports, it complains about open ports, even if this is the port oracle listener is using! Simply ignore most of the violations there.
About JAccelerator (NCOMP), it is located on the "companion" CD.
Ok, Waiting for your feedback
Regards
Laurent
[High] Critical Patch Advisories for Oracle Homes Configuration Host Checks Oracle Homes for missing critical patches
[High] Insufficient Number of Control Files Configuration Database Checks for use of a single control file
[High] Open ports Security Host Check for open ports
[High] Remote OS role Security Database Check for insecure authentication of remote users (remote OS role)
[High] EXECUTE UTL_FILE privileges to PUBLIC Security Database Test for PUBLIC having EXECUTE privilege on the UTIL_FILE package
[High] Listener direct administration Security Listener Ensure that listeners cannot be administered directly
[High] Remote OS authentication Security Database Check for insecure authentication of remote users (remote OS authentication)
[High] Listener password Security Listener Test for password-protected listeners
[High] HTTP Server Access Logging Security HTTP Server Check that HTTP Server access logging is enabled
[High] Web Cache Access Logging Security Web Cache Check that Web Cache access logging is enabled
[High] Web Cache Dummy wallet Security Web Cache Check that dummy wallet is not used for production SSL load.
[High] HTTP Server Dummy wallet Security HTTP Server Check that dummy wallet is not used for production SSL load.
[High] Web Cache owner and setuid bit' Security Web Cache Check that webcached binary is not owned by root and setuid is not set
[High] HTTP Server Owner and setuid bit Security HTTP Server Check the httpd binary is not owned by root and setuid bit is not set.
[High] HTTP Server Directory Indexing Security HTTP Server Check that Directory Indexing is disabled on this HTTP Server
[High] Insufficient Redo Log Size Storage Database Checks for redo log files less than 1 Mb
[Medium] Insufficient Number of Redo Logs Configuration Database Checks for use of less than three redo logs
[Medium] Invalid Objects Objects Database Checks for invalid objects
[Medium] Insecure services Security Host Check for insecure services
[Medium] DBSNMP privileges Security Database Check that DBSNMP account has sufficient privileges to conduct all security tests
[Medium] Remote password file Security Database Check for insecure authentication of remote users (remote password file)
[Medium] Default passwords Security Database Test for known accounts having default passwords
[Medium] Unlimited login attempts Security Database Check for limits on the number of failed logging attempts
[Medium] Web Cache Writable files Security Web Cache Check that there are no group or world writable files in the Document Root directory.
[Medium] HTTP Server Writable files Security HTTP Server Check that there are no group or world writable files in the Document Root directory
[Medium] Excessive PUBLIC EXECUTE privileges Security Database Check for PUBLIC having EXECUTE privileges on powerful packages
[Medium] SYSTEM privileges to PUBLIC Security Database Check for SYSTEM privileges granted to PUBLIC
[Medium] Well-known accounts Security Database Test for accessibility of well-known accounts
[Medium] Execute Stack Security Host Check for OS config parameter which enables execution of code on the user stack
[Medium] Use of Unlimited Autoextension Storage Database Checks for tablespaces with at least one datafile whose size is unlimited
[Informational] Force Logging Disabled Configuration Database When Data Guard Broker is being used, checks primary database for disabled force logging
[Informational] Not Using Spfile Configuration Database Checks for spfile not being used
[Informational] Use of Non-Standard Initialization Parameters Configuration Database Checks for use of non-standard initialization parameters
[Informational] Flash Recovery Area Location Not Set Configuration Database Checks for flash recovery area not set
[Informational] Installation of JAccelerator (NCOMP) Installation Database Checks for installation of JAccelerator (NCOMP) that improves Java Virtual Machine performance by running natively compiled (NCOMP) classes
[Informational] Listener logging status Security Listener Test for logging status of listener instances
[Informational] Non-uniform Default Extent Size Storage Database Checks for tablespaces with non-uniform default extent size
[Informational] Not Using Undo Space Management Storage Database Checks for undo space management not being used
[Informational] Users with Permanent Tablespace as Temporary Tablespace Storage Database Checks for users using a permanent tablespace as the temporary tablespace
[Informational] Rollback in SYSTEM Tablespace Storage Database Checks for rollback segments in SYSTEM tablespace
[Informational] Non-System Data Segments in System Tablespaces Storage Database Checks for data segments owned by non-system users located in tablespaces SYSTEM and SYSAUX
[Informational] Users with System Tablespace as Default Tablespace Storage Database Checks for non-system users using SYSTEM or SYSAUX as the default tablespace
[Informational] Dictionary Managed Tablespaces Storage Database Checks for dictionary managed tablespaces (other than SYSTEM and SYSAUX)
[Informational] Tablespaces Containing Rollback and Data Segments Storage Database Checks for tablespaces containing both rollback (other than SYSTEM) and data segments
[Informational] Segments with Extent Growth Policy Violation Storage Database Checks for segments in dictionary managed tablespaces (other than SYSTEM and SYSAUX) having irregular extent sizes and/or non-zero Percent Increase settingsInterresting is revoking UTL_FILE from public, which is critical. Also revoke UTL_TCP and UTL_SMTP. This is going to upset an expert I know...Okay, as this is (I think) aimed at me, I'll fall for it ;)
What is the point of revoking UTL_FILE from PUBLIC? Yes I know what you think the point is, but without rights on an Oracle DIRECTORY being able to execute UTL_FILE is useless. Unless of course you're still using the init.ora parameter
UTL_FILE_DIR=*which I sincerely hope you're not.
As for UTL_SMTP and UTL_TCP, I think whether a program is allowed to send e-mail to a given SMTP server is really in the remit of the e-mail adminstrator rather than the DBA.
Look, DBAs are kings of their realm and can set their own rules. The rest of us have to live with them. A couple of years ago I worked a project where I was not allowed access to the USER_DUMP_DEST directory. So every time I generated a TRC file I had to phone up the DBA and a couple of hours later I got an e-mail with an attachment. Secure yes, but not very productive when I was trying to debug a Row Level Security implementation.
I have worked on both sides of the DBA/Developer fence and I understand both sides of the argument. I think it is important for developers to document all the privileges necessary to make their app run. Maybe you don't have a better way of doing that than revoking privileges from PUBLIC. Or maybe you just want to generate additional communication with developers. That's fine. I know sometimes even DBAs get lonely.
Cheers, APC -
Hi,
I am currently implementing Oracle Secure Backup. My environment is this:
OS: Windows Server 2003 (32Bit) for all servers
Database: Oracle Database 11.2.0.1.0
Tape Library: IBM-ULT 3580-TD4
I will have to configure 2 machines to work with OSB: server01 and server02.
Server01:
This serves as the client, admin, mediaserver
Server02:
This will serve as the client, admin
When I log in to Server01, in the device manager, I can see the Tape Drives (no warnings, no questions marks) so I think it's good.
When I log in to Server02, in the device manager, there are no Tape Drives seen. Is is ok or shall i configure the IBM Tape drives to be also accessible since this is just the client, admin host?
Also I have noticed that when I installed the OSB in Server02 (client,admin), when I am on the SCSI Devices, i dont see any tape device (since its not in the device manager). Because of this i cannot start OSB Services and cannot add this host to the mediaserver.
Also, I am having issues Configuring the Library and the devices. I have read the official documentation completely but i think its very general and it does not present the detailed step-by-step process in installing and configuring OSB.
When I issued: lsdev -lvg in the mediaserver , I can read an error: Warning: bus info unknown or drive not installed.
Help is very much appreciated. Thanks a lot guys!I have resolved the issue. Ill close this thread. :))
-
NoClassDefFoundError: oracle/security/jps/JpsException
I have a web service developed in JDeveloper 12c (12.1.2) using the Generate Web Service from WSDL option. Inside the service implementation class I create a root application module like so:
ApplicationModule am = Configuration.createRootApplicationModule("xxx.model.XXX_AppModule", "XXX_AppModuleLocal");
When I test it in the integrated WebLogic server through JDeveloper, the web service works fine. However when I deploy the application (including the web service) to a production WebLogic server, I get the following error in the logs when testing it:
####<22-Jul-2014 14:51:09 o'clock BST> <Notice> <StdErr> <XXXXXXXXXXXX> <Engineering> <[ACTIVE] ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1406037069434> <BEA-000000> <Jul 22, 2014 2:51:09 PM oracle.adf.share.ADFContext getCurrent
WARNING: Automatically initializing a DefaultContext for getCurrent.
Caller should ensure that a DefaultContext is proper for this use.
Memory leaks and/or unexpected behaviour may occur if the automatic initialization is performed improperly.
This message may be avoided by performing initADFContext before using getCurrent().
For more information please enable logging for oracle.adf.share.ADFContext at FINEST level.>
####<22-Jul-2014 14:51:10 o'clock BST> <Error> <com.sun.xml.ws.server.sei.TieHandler> <XXXXXXXXXXXX> <Engineering> <[ACTIVE] ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <> <1406037070692> <BEA-000000> <oracle/security/jps/JpsException
java.lang.NoClassDefFoundError: oracle/security/jps/JpsException
at java.lang.Class.forName0(Native Method)
at java.lang.Class.forName(Class.java:270)
at oracle.adf.share.common.ClassUtils.forName(ClassUtils.java:53)
at oracle.adf.share.security.credentialstore.CredentialStoreContext.getCredentialStorage(CredentialStoreContext.java:186)
at oracle.adf.share.security.credentialstore.CredentialStoreContext.getCredentialProvisioner(CredentialStoreContext.java:109)
at oracle.adf.share.security.credentialstore.CredentialProvisioner.<init>(CredentialProvisioner.java:44)
at oracle.adf.share.jndi.CredentialStoreHelper.<init>(CredentialStoreHelper.java:54)
at oracle.adf.share.jndi.CredentialStoreHelper.<init>(CredentialStoreHelper.java:48)
at oracle.adf.share.jndi.ReferenceStoreHelper.loadCredentials(ReferenceStoreHelper.java:1082)
at oracle.adf.share.jndi.ReferenceStoreHelper.createReference(ReferenceStoreHelper.java:726)
at oracle.adf.share.jndi.ReferenceStoreHelper.getReferencesMapEx(ReferenceStoreHelper.java:331)
at oracle.adf.share.jndi.ContextImpl.load(ContextImpl.java:850)
at oracle.adf.share.jndi.ContextImpl.init(ContextImpl.java:480)
at oracle.adf.share.jndi.ContextImpl.<init>(ContextImpl.java:78)
at oracle.adf.share.jndi.InitialContextFactoryImpl.getInitialContext(InitialContextFactoryImpl.java:17)
at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684)
at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:307)
at javax.naming.InitialContext.init(InitialContext.java:242)
at javax.naming.InitialContext.<init>(InitialContext.java:216)
at oracle.adf.share.jndi.AdfInitialContext.<init>(AdfInitialContext.java:93)
at oracle.adf.share.jndi.AdfInitialContext.newAdfInitialContext(AdfInitialContext.java:74)
at oracle.adf.share.jndi.AdfJndiConfig.getDefaultConnectionsContext(AdfJndiConfig.java:79)
at oracle.adf.share.config.FallbackConfigImpl.getDefaultConnectionsContext(FallbackConfigImpl.java:306)
at oracle.adf.share.config.ADFConfigImpl.getConnectionsContext(ADFConfigImpl.java:755)
at oracle.jbo.client.CADatabaseConnectionProvider.getDatabaseProvider(CADatabaseConnectionProvider.java:177)
at oracle.jbo.client.CADatabaseConnectionProvider.loadConnectionProperties(CADatabaseConnectionProvider.java:151)
at oracle.jbo.client.Configuration.initializeFromConnectionName(Configuration.java:1109)
at oracle.jbo.client.config.ConfigurationProviderManager.resolveConfiguration(ConfigurationProviderManager.java:113)
at oracle.jbo.client.config.ConfigurationProviderManager.getConfiguration(ConfigurationProviderManager.java:54)
at oracle.jbo.common.ampool.PoolMgr.findPool(PoolMgr.java:534)
at oracle.jbo.client.Configuration.createRootApplicationModule(Configuration.java:1393)
at xxx.service.util.ServiceUtils.getApplicationModule(ServiceUtils.java:28)
at com.baesystems.wdms.ELKITInterfaceImpl.getLoomDetail(ELKITInterfaceImpl.java:85)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at weblogic.wsee.jaxws.WLSInstanceResolver$WLSInvoker.invoke(WLSInstanceResolver.java:117)
at weblogic.wsee.jaxws.WLSInstanceResolver$WLSInvoker.invoke(WLSInstanceResolver.java:91)
at com.sun.xml.ws.server.InvokerTube$2.invoke(InvokerTube.java:149)
at com.sun.xml.ws.server.sei.SEIInvokerTube.processRequest(SEIInvokerTube.java:88)
at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:1136)
at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:1050)
at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:1019)
at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:877)
at com.sun.xml.ws.server.WSEndpointImpl$2.process(WSEndpointImpl.java:420)
at com.sun.xml.ws.transport.http.HttpAdapter$HttpToolkit.handle(HttpAdapter.java:687)
at com.sun.xml.ws.transport.http.HttpAdapter.handle(HttpAdapter.java:266)
at com.sun.xml.ws.transport.http.servlet.ServletAdapter.handle(ServletAdapter.java:169)
at weblogic.wsee.jaxws.WLSServletAdapter.handle(WLSServletAdapter.java:205)
at weblogic.wsee.jaxws.HttpServletAdapter$AuthorizedInvoke.run(HttpServletAdapter.java:634)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:146)
at weblogic.wsee.util.ServerSecurityHelper.authenticatedInvoke(ServerSecurityHelper.java:108)
at weblogic.wsee.jaxws.HttpServletAdapter$3.run(HttpServletAdapter.java:278)
at weblogic.wsee.jaxws.HttpServletAdapter.post(HttpServletAdapter.java:287)
at weblogic.wsee.jaxws.JAXWSServlet.doRequest(JAXWSServlet.java:134)
at weblogic.servlet.http.AbstractAsyncServlet.service(AbstractAsyncServlet.java:99)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:844)
at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:280)
at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:254)
at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:136)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:341)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:238)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun(WebAppServletContext.java:3363)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3333)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
at weblogic.servlet.provider.WlsSubjectHandle.run(WlsSubjectHandle.java:57)
at weblogic.servlet.internal.WebAppServletContext.doSecuredExecute(WebAppServletContext.java:2220)
at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2146)
at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2124)
at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1564)
at weblogic.servlet.provider.ContainerSupportProviderImpl$WlsRequestExecutor.run(ContainerSupportProviderImpl.java:254)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:295)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:254)
Caused By: java.lang.ClassNotFoundException: oracle.security.jps.JpsException
at java.net.URLClassLoader$1.run(URLClassLoader.java:366)
at java.net.URLClassLoader$1.run(URLClassLoader.java:355)
at java.security.AccessController.doPrivileged(Native Method)
at java.net.URLClassLoader.findClass(URLClassLoader.java:354)
at java.lang.ClassLoader.loadClass(ClassLoader.java:425)
at java.lang.ClassLoader.loadClass(ClassLoader.java:358)
at java.lang.Class.forName0(Native Method)
at java.lang.Class.forName(Class.java:270)
at oracle.adf.share.common.ClassUtils.forName(ClassUtils.java:53)
at oracle.adf.share.security.credentialstore.CredentialStoreContext.getCredentialStorage(CredentialStoreContext.java:186)
at oracle.adf.share.security.credentialstore.CredentialStoreContext.getCredentialProvisioner(CredentialStoreContext.java:109)
at oracle.adf.share.security.credentialstore.CredentialProvisioner.<init>(CredentialProvisioner.java:44)
at oracle.adf.share.jndi.CredentialStoreHelper.<init>(CredentialStoreHelper.java:54)
at oracle.adf.share.jndi.CredentialStoreHelper.<init>(CredentialStoreHelper.java:48)
at oracle.adf.share.jndi.ReferenceStoreHelper.loadCredentials(ReferenceStoreHelper.java:1082)
at oracle.adf.share.jndi.ReferenceStoreHelper.createReference(ReferenceStoreHelper.java:726)
at oracle.adf.share.jndi.ReferenceStoreHelper.getReferencesMapEx(ReferenceStoreHelper.java:331)
at oracle.adf.share.jndi.ContextImpl.load(ContextImpl.java:850)
at oracle.adf.share.jndi.ContextImpl.init(ContextImpl.java:480)
at oracle.adf.share.jndi.ContextImpl.<init>(ContextImpl.java:78)
at oracle.adf.share.jndi.InitialContextFactoryImpl.getInitialContext(InitialContextFactoryImpl.java:17)
at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684)
at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:307)
at javax.naming.InitialContext.init(InitialContext.java:242)
at javax.naming.InitialContext.<init>(InitialContext.java:216)
at oracle.adf.share.jndi.AdfInitialContext.<init>(AdfInitialContext.java:93)
at oracle.adf.share.jndi.AdfInitialContext.newAdfInitialContext(AdfInitialContext.java:74)
at oracle.adf.share.jndi.AdfJndiConfig.getDefaultConnectionsContext(AdfJndiConfig.java:79)
at oracle.adf.share.config.FallbackConfigImpl.getDefaultConnectionsContext(FallbackConfigImpl.java:306)
at oracle.adf.share.config.ADFConfigImpl.getConnectionsContext(ADFConfigImpl.java:755)
at oracle.jbo.client.CADatabaseConnectionProvider.getDatabaseProvider(CADatabaseConnectionProvider.java:177)
at oracle.jbo.client.CADatabaseConnectionProvider.loadConnectionProperties(CADatabaseConnectionProvider.java:151)
at oracle.jbo.client.Configuration.initializeFromConnectionName(Configuration.java:1109)
at oracle.jbo.client.config.ConfigurationProviderManager.resolveConfiguration(ConfigurationProviderManager.java:113)
at oracle.jbo.client.config.ConfigurationProviderManager.getConfiguration(ConfigurationProviderManager.java:54)
at oracle.jbo.common.ampool.PoolMgr.findPool(PoolMgr.java:534)
at oracle.jbo.client.Configuration.createRootApplicationModule(Configuration.java:1393)
at xxx.service.util.ServiceUtils.getApplicationModule(ServiceUtils.java:28)
at com.baesystems.wdms.ELKITInterfaceImpl.getLoomDetail(ELKITInterfaceImpl.java:85)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at weblogic.wsee.jaxws.WLSInstanceResolver$WLSInvoker.invoke(WLSInstanceResolver.java:117)
at weblogic.wsee.jaxws.WLSInstanceResolver$WLSInvoker.invoke(WLSInstanceResolver.java:91)
at com.sun.xml.ws.server.InvokerTube$2.invoke(InvokerTube.java:149)
at com.sun.xml.ws.server.sei.SEIInvokerTube.processRequest(SEIInvokerTube.java:88)
at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:1136)
at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:1050)
at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:1019)
at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:877)
at com.sun.xml.ws.server.WSEndpointImpl$2.process(WSEndpointImpl.java:420)
at com.sun.xml.ws.transport.http.HttpAdapter$HttpToolkit.handle(HttpAdapter.java:687)
at com.sun.xml.ws.transport.http.HttpAdapter.handle(HttpAdapter.java:266)
at com.sun.xml.ws.transport.http.servlet.ServletAdapter.handle(ServletAdapter.java:169)
at weblogic.wsee.jaxws.WLSServletAdapter.handle(WLSServletAdapter.java:205)
at weblogic.wsee.jaxws.HttpServletAdapter$AuthorizedInvoke.run(HttpServletAdapter.java:634)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:146)
at weblogic.wsee.util.ServerSecurityHelper.authenticatedInvoke(ServerSecurityHelper.java:108)
at weblogic.wsee.jaxws.HttpServletAdapter$3.run(HttpServletAdapter.java:278)
at weblogic.wsee.jaxws.HttpServletAdapter.post(HttpServletAdapter.java:287)
at weblogic.wsee.jaxws.JAXWSServlet.doRequest(JAXWSServlet.java:134)
at weblogic.servlet.http.AbstractAsyncServlet.service(AbstractAsyncServlet.java:99)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:844)
at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:280)
at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:254)
at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:136)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:341)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:238)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun(WebAppServletContext.java:3363)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3333)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
at weblogic.servlet.provider.WlsSubjectHandle.run(WlsSubjectHandle.java:57)
at weblogic.servlet.internal.WebAppServletContext.doSecuredExecute(WebAppServletContext.java:2220)
at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2146)
at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2124)
at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1564)
at weblogic.servlet.provider.ContainerSupportProviderImpl$WlsRequestExecutor.run(ContainerSupportProviderImpl.java:254)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:295)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:254)
I thought that maybe I needed to include the jsp-api.jar in the WEB-INF/lib directory in the web service WAR file, but that didn't make any difference.
Any ideas?
For reference, this is the structure of the EAR file that I deployed to the server:
Application.ear
/adf
/META-INF
/adf-config.xml
/connections.xml
/wsm-policy.xml
/lib
/adf-loc.jar
/META-INF
/application.xml
/cwallet.sso
/weblogic-application.xml
/View.war (contains Trinidad pages and ADF BC classes)
/WebService.war (contains web service and ADF BC classes)
/WEB-INF
/classes
/lib
/jps-api.jar
/wsdl
/XXXService.wsdl
/xxx.xsd
/web.xml
/weblogic.xmlThe error is thrown by the weblogic Classloader as it is unable to load the class/package oracle.security.jps.JpsException
This class is related to OPSS framework. Please add the relevant jar having the above class to the classpath or package it within the application to solve the issue.
Vijaya
===== -
Hi,
I managed to configure Oracle's DBTableOraDataSourceLoginModule together with JavaSSO to access two tables which reside on a 9i database. One is the user's table and the other a roles table. The only problem is that the user's passwords should be encripted in this table.
I followed the instructions in the Oracle Containers for J2EE Security Guide page 9-10 - Implementing DBLoginModuleEncodingInterface for Password Encryption, and specified in the pw_encoding_class parameter
the DBLoginModuleSHA1Encoder class provided in the oracle.security.jazn.login.module.db.util package.
I also wrote a small program to do the encryption in the table, using a getKeyDigestString method found in DBLoginModuleSHA1Encoder class of a sample dblogin module downloaded from a link in Lucas Jellema's article on how to secure an application developed with JDeveloper and deployed in OC4J. I used this class because I could not find the one mentioned in the Oracle documentation.
Now the DBTableOraDataSourceLoginModule rejects the login with an invalid password message. It seems the encoding is calculated differently in the two classes. I tried to use the sample dblogin module in the javasso specification, and got a - no class found - message. I tried to locate the oracle.security.jazn.login.module.db.util package to use in the password encoding program, but I couldn't find it anywhere in either OC4J nor JDeveloper directories.
Can you tell me where to find the oracle.security.jazn.login.module.db.util package ?
Thanks for help.
GustavoHi
As I am also tried the same and found the encryption module working fine for me.
This I could do only on JDeveloper 10g whereas while attempted on the same on JDeveloper 11g, I got lots of problems.
Will you please help out in this regard, if you had already able to acheive the same on JDeveloper 11g TP3, please let me know the steps or any relevant URL which I can refer.
Thanks in advance
Kind Rgds
Krishnamurthy. R -
JAAS, jazn.xml, & oracle.security.jazn.config
I have a swing application using LDAP to authenticate users that will typically be launched via Java Web Start, thus the application is deploy using a jar file.
I can run this application from JDev or from the command-line when the jazn.xml file is located in the root (start-in) directory.
Unfortunately, when the jazn.xml file is only in the jar file (as it would be when launched via JWS) the application cannot find it and throws an exception:
oracle.security.jazn.JAZNInitException: d:\path\.\jazn-data.xml (The system cannot find the file specified).
I found some documentation that indicates that I can specify the path to the jazn.xml file with
System.setProperty("oracle.security.jazn.config", "path/to/jazn/xml/file");
If I set it to a relative path without the filename on the end (ex. "./my/path" or "my/path") I get the above exception.
If I set it to a relative path with the filename (ex. "./my/path/jazn.xml" or "my/path/jazn.xml") it works.
What I can't figure out is how to tell it that it is in a jar file that is in my classpath. It doesn't find it from the path examples above. I've tried things like "client.jar/jazn.xml", "d:/my/path/client.jar/jazn.xml", and a host of other things with the jazn.xml filename on the end.
Oddly enough, when I set it to "d:/my/path/client.jar" I get a different exception:
Caused by: oracle.security.jazn.JAZNInitException: no protocol: "ldap://hostname.com:389">
at oracle.security.jazn.spi.xml.FSXMLStore.<init>(FSXMLStore.java:128)
... 59 more
Caused by: java.net.MalformedURLException: no protocol: "ldap://hostname.com:389">
at java.net.URL.<init>(URL.java:537)
at java.net.URL.<init>(URL.java:434)
at java.net.URL.<init>(URL.java:383)
So it seems like it read the file but parsed it incorrectly. Any ideas?Thanks for the reply Yvonne. Sorry I haven't updated this after my testing. I think you're close to correct.
I did some more testing and figured out that any time the protocol is included in a path (protocol://d:/my/path/client.jar) that jazn does not understand. When the referenced file (jazn.xml) is in a jar file, it includes the protocol in the path. For example the path to the jazn.xml file (the value that the java.security.auth.policy property needs to be set to) would be jar:file://my/path/client.jar!/my/path/jazn.xml
I think the oracle.security.jazn.spi.PolicyProvider (the value of the java.security.auth.policy.provider property) causes the jazn.xml file to be read. That class is, I think, what fails to find that file because it doesn't understand when the protocol (jar:file:) is included in the path to the file. That's my guess anyway.
I did figure out a work around and it goes like this:
1. create a new jazn.xml file
File tmp = new File ("jazn.xml");
2. and set it to be deleted on exit
tmp.deleteOnExit();
3. get a ByteArrayInputStream for the jazn.xml file and read it out of the jar file.
4. then write the stream to the tmp file
5. then set the system property
System.setProperty("java.security.auth.policy", tmp.toURL().getPath());
It is kind of a pain since I have to check to see if the property I'm setting is "jazn.xml", but it seems to work.
I think the oracle.security.jazn.spi.PolicyProvider problem is a defect, which I'll report on meta-link.
tcoker -
How to do Setup and Security implementation in ODI
HI Friends,
I have few question regarding ODI installations.I am using
Oracle DB version is Oracle Database 11g Enterprise Edition Release 11.2.0.3.0 - 64bit Production
ODI is ODI 11.1.1.5 version.
While installing can we go for
One Master repository for Dev and UAT, mainly because we have one physical server for UAT connecting to UAT DB and Dev DB. And a separate Master repository for Production?
We have 2 groups of users .One is developer and One is tester.
Tester donot have a permission to use or check the development codes.They have only the Run permission in operator.
How to do this security implementation in ODI while installing.
Plz confirm me on this.
Thanks,
LonyThe way I did it is,
Created an Execution Mode work repository for the QA purpose and thus only Scenarios & Load Plans were deployed on this QA repo. This had its own Master Repo as well.
For dev the Dev mode work repo is created where all the interfaces, packages, procedures can be developed or modified as and when required.
Thus, the testers have access only to the QA environment.
Otherwise you can assign roles to the users after the installation in the security tab. Give the operator, connect role to the testers. -
Oracle Secure enterprise Search versus Oracle Text
I'm involeved in a project where we're using Oracle text for its text search capability. Yesterday during a meeting Oracles Secure Enterprise search engine came up. I see similar functionality offered in both products - Oracle text comes with 10g - not sure if SES comes with additional cost. Has anyone done analysis on why one would implement one over the other - I understand that SES gives the customer a federated option and some internet search capabilities but since I'm not concerned with that for this project does it make a difference?
SES is a complete seaerch application with connectors to many different data sources, such as email systems and document management systems.
Oracle Text, on the other hand, is a toolkit for building applications (and is used as such by SES).
Oracle Text comes free with the database. SES is chargable, but comes with a free database (though it's restricted to use by SES only!)
Generally speaking, if your data is in the database and you want fine control over how to search it, Oracle Text is a better option.
If your data is scattered around diverse enterprise sources, and you want a ready-built application to collect, index and search that data, SES is the proper choice.
Here's a slide from my OpenWorld presentation, which I guess says much the same thing:
Oracle Text is the toolkit and platform for building sophisticated Information Retrieval applications and services
- Fine control over indexes, partitioning, etc
Oracle Secure Enterprise Search is a stand-alone application built on the foundation of Oracle Text
- Includes its own database
- No programming needed
- Includes crawlers and an end-user UI -
Hi,
I have the problem with OSB 10.2. I can not get the file system backup and
I get following error.
admin/1.1
Type backup solaris
Level full
Family (null)
Encryption off
Scheduled time 06/19.18:06
Introduction time 2008/06/19.18:06
Earliest exec time 06/19.18:06
Last update time 2008/06/19.18:21
Expire time never
State pending resource availability
Priority 100
Privileged op no
Run on host solaris
Requires host solaris and null family and any device
Deferred because a required device is not available
Attempts 2
Log
2008/06/19.18:06:11 Job created.
2008/06/19.18:06:11 Dispatching job to run on administrative server.
2008/06/19.18:06:34 Drive or volume on which mount attempted is unusable.
- My Tape Device is SONY-SDX 550V and it is not in oracle tape drive support list.
- OSB 10.2.0.2
- Windows 2003 Operatin System
- I went through the ob_drives file under ORACLE BACKUP HOME/device and added SDX 550V entry n this file and
- I restarted Oracle_Secure_Backup service. But it does not work again.
Your comment will be appreciated.Thank you for your help and negotiating to solve this problem.
I am deploying your suggestion with two different type of tape drives
1. Hp DAT 72 7438A existing in Oracle Tape Device Certified List
2. SONY SDX-550V which is not exist in Oracle Tape Device Certified List
Right now I am working on # 2 (SONY SDX-550V)
the only modification in my configuration was using of new volume instead of
old one and try to mount this new volume in write mount in
Webtool --> Manage --> Drives.
ob> lsjob --log admin/2.1
Job ID Sched time Contents State
admin/2.1 06/26.12:54 backup solaris completed with warni
ngs at 2008/06/26.12:56 - one or more warnings or non-critical errors reported
2008/06/26.12:54:35 Job created.
2008/06/26.12:54:35 Dispatching job to run on administrative server.
2008/06/26.12:56:41 Backup completed with status "one or more warnings or no
n-critical errors reported".
2008/06/26.12:56:41 (Diagnostic data: 0x20008F06/114, dev_delay 0, data_
delay -1.)
2008/06/26.12:56:41 Job completed with warnings.
12:55:33 OBTR: record storage set to internal memory
12:55:33 ATAL: reserved drive obt, cookie 0x8D246811
12:55:34 OBTR: obsd=1, is_job=1, is_priv=0, os=7
12:55:34 OBTR: rights established for user admin, class admin
12:55:34 SUUI: user info root/root, enbank.ir/a.rahmani
12:55:34 PBDF: +d:/test
12:55:34 MAIN: using blocking factor 128 from media defaults/policies
12:55:34 STTY: background terminal I/O or is a tty
12:55:34 MAIN: interactive
12:55:34 SET: volume has no expiration time
12:55:34 CNPC: data host reports this butype_info:
12:55:34 CNPC: tar (attr 0x57587D7A: B_FL, B_DIRECT, R_DIRECT, B_INCR, R_INC
R, R_UTF8, B_FH_DIR)
12:55:34 CNPC: DIRECT = y
12:55:34 CNPC: HISTORY = y
12:55:34 CNPC: LEVEL = 0
12:55:34 A_O: from qlm__open: drive not configured in library (OB library m
gr)
12:55:35 RLE: connecting to volume/archive database host
12:55:35 RLE: device obt (raw device "//./obt0")
12:55:35 RLE: mount_info is valid
12:55:35 RLE: qdb__device_spec_se reports vol_oid 0, arch_oid 0
12:55:35 A_O: using max blocking factor 128 from media defaults/policies
12:55:35 A_O: tape device is local
Warning: unknown device type. This device is not supported by Oracle Secure Back
up
Warning: and is therefore not guaranteed to work with Oracle's driver.
12:55:35 A_O: Devname: SONY,SDX-550V,0100
12:55:35 Info version: 11
12:55:35 WS version: 10.2
12:55:35 Driver version: 10.2
12:55:35 Max DMA: 2097152
12:55:35 Blocksize in use: 65536
12:55:35 Query frequency: 1048576
12:55:35 Rewind on close: false
12:55:35 Can compress: true
12:55:35 Compression enabled: false
12:55:35 8200 media: false
12:55:35 Error threshold: 8%
12:55:35 Remaining tape: 0
12:55:35 A_GB: ar_block at 0x15F2000, size=2097152
12:55:35 A_GB: ar_block_enc at 0x1802000, size=2097152
12:55:35 GLMT: returning "", code = 0x0
12:55:35 VLBR: from chk_lm_tag: "", code = 0x0
12:55:43 VLBR: tag on label just read: ""
12:55:43 VLBR: master tag now ""
12:55:43 RLE: noticed volume VOL000003, file 1, section 1, vltime 121447119
7, vowner SYSTEM, voltag
12:55:43 RLE: qdb__noticed_se reports vol_oid 102, arch_oid 102
(alv) backup image label is valid, file 1, section 1
(ial) invalidate backup image label (was valid)
12:55:43 ULVI: set mh db volume id "VOL000003" (retid ""), volume oid 102, c
ode 0
12:55:43 ULTG: set mh db tag "" (retid ""), volume oid 102, code 0
12:55:43 CALE: created backup section oid list entry for oid 102
12:55:43 ARVI: resetting volume id from nil to VOL000003
Warning: unable to set compression on: bad parameter (OB scsi device driver)
12:55:47 ACFD: positioning (SCSI LOCATE) is available for this device
12:55:47 ARVI: resetting volume id from VOL000003 to VOL000004
Warning: unable to set compression on: bad parameter (OB scsi device driver)
12:55:47 ACFD: positioning (SCSI LOCATE) is available for this device
12:55:47 RCVW: volume "VOL000003" / vuuid b3d66f47-720f-4de5-87cc-f569100617
3b reserved for writing
12:55:47 CREA: tape position after open_archive() is 000000000000
12:55:47 GLMT: returning "", code = 0x0
12:55:47 IDXC: local index file is D:/OSB/admin/history/host/solaris/08.06.2
6.$raw.0
12:55:47 CREA: history has null volume tag because none found on volume or l
abel
Backup started on Thu Jun 26 2008 at 12:55:33
12:55:47 RLE: overwrite volume VOL000003, file 1, section 1, vltime 1214471
197, vowner SYSTEM, voltag
12:55:47 RLE: qdb__overwrite_se reports vol_oid 0, arch_oid 0
12:55:47 VLBW: on entry, l->tag = "", master tag = "", bot = 1
12:55:47 VLBW: setting voltag from "" to ""
12:55:47 VLBW: volume is not content-managed
12:55:47 RLE: write volume VOL000004, file 1, section 1, vltime 1214472333,
vowner SYSTEM, voltag
12:55:47 RLE: qdb__write_se reports vol_oid 103, arch_oid 0
12:55:47 VSLW: reading volume record for oid 103
12:55:47 VSLW: set last write time for volume oid 103
(alv) backup image label is not valid
(ial) invalidate backup image label (was valid)
12:55:47 ULVI: set mh db volume id "VOL000004" (retid ""), volume oid 103, c
ode 0
12:55:47 ULTG: set mh db tag "" (retid ""), volume oid 103, code 0
12:55:47 RLE: set vol size to 0
12:55:47 RLE: qdb__set_vol_size_se reports vol_oid 0, arch_oid 0
12:55:47 RLE: set kb remaining to "invalid or unknown"
12:55:47 RLE: qdb__set_kb_rem_se reports vol_oid 0, arch_oid 0
Volume label:
Intro time: Thu Jun 26 12:02:39 2008
Volume UUID: d1c16c42-cd5c-414f-9a9a-03d419ad5944
Volume ID: VOL000004
Volume sequence: 1
Volume set owner: SYSTEM
Volume set created: Thu Jun 26 12:55:33 2008
Original UUID: d1c16c42-cd5c-414f-9a9a-03d419ad5944
Archive label:
File number: 1
File section: 1
Owner: SYSTEM
Client host: solaris
Backup level: 0
S/w compression: no
Archive created: Thu Jun 26 12:55:33 2008
Archive owner UUID: 7d4ca79e-914f-493d-b6f3-83978ed4ca5b
Owner class UUID: e96f2753-3165-4069-a531-30f88c69862d
Encryption: off
12:55:47 RCVW: volume "VOL000004" / vuuid d1c16c42-cd5c-414f-9a9a-03d419ad59
44 reserved for writing
12:55:47 SNP: using NDMP protocol version 4
12:55:47 FLDB: flush drive-buffered data to medium
12:56:06 FLDB: flush complete
12:56:06 BNPC: volume position "00000001" added to s_vol_start_pos
12:56:06 BNPC: initial volume label "VOL000004" added to s_vids, s_last_sect
ion 1
12:56:06 BNPC: initial volume tag "" added to s_vtags, s_last_section 1
12:56:06 BNPC: data service doesn't implement restartable backup for d:/test
12:56:06 BNPC: environment variable BEGINTREE = 1
12:56:06 BNPC: environment variable NAME = d:/test
12:56:06 BNPC: environment variable BLEVEL = 0
12:56:06 BNPC: environment variable STARTED = 1
12:56:06 BNPC: environment variable IS_LAST = 1
12:56:06 BNPC: environment variable EX2KTYPE =
12:56:06 BNPC: environment variable VOLI = VOL000004
12:56:06 BNPC: environment variable VOLI =
12:56:06 BNPC: environment variable DATA_BLOCK_SIZE = 64
12:56:06 MGS: ms.record_size 65536, ms.record_num 0x0, ms.bytes_moved 0x0
12:56:06 SMWB: setting mover window to infinity for backup
12:56:11 MLIS: mover listen ok for local connection
12:56:11 APNI: a preferred network interface does not apply to this connecti
on
12:56:11 BNPC: directing data service to connect to mover
12:56:11 PPVL: obtar option OB_RB = 10.2
12:56:11 PPVL: obtar option OB_STAT = 1
12:56:11 PPVL: obtar option OB_BDF = 1
12:56:11 PPVL: obtar option OB_DEBUG = 1
12:56:11 PPVL: obtar option OB_DEBUG = 1
12:56:11 PPVL: obtar option OB_DEBUG = 1
12:56:11 PPVL: obtar option OB_DEBUG = 1
12:56:11 PPVL: obtar option OB_VERBOSE = 1
12:56:11 PPVL: obtar option OB_CLIENT = solaris
12:56:11 PPVL: obtar option OB_LEVEL = 0
12:56:11 PPVL: obtar option OB_BE_ROOT = 1
12:56:11 PPVL: obtar option OB_STAT = 1
12:56:11 PPVL: obtar option OB_INDEX = 1
12:56:11 PPVL: obtar option OB_WRITE_HISTORY_FILE = 1
12:56:11 PPVL: obtar option OB_VOLUME_LABEL = 1
12:56:11 PPVL: obtar option OB_SKIP_CDFS = 1
12:56:11 PPVL: obtar option OB_DEVICE = obt
12:56:11 PPVL: obtar option OB_BLOCKING_FACTOR = 128
12:56:11 PPVL: obtar option OB_VERIFY_ARCHIVE = no
12:56:11 PPVL: obtar option OB_PQT = 1048576
12:56:11 DSIN: 2GB+ files are supported, 2GB+ directories are supported
12:56:11 SETC: successfully changed identity to enbank.ir/a.rahmani
12:56:11 BNPC: issuing NDMP_DATA_START_BACKUP
12:56:11 NTEV: Caching event log pathnames.
12:56:11 BNPC: started OSB NDMP backup of solaris to obt
12:56:11 NTEV: Application event log at C:\WINDOWS\system32\config\AppEvent.
Evt
12:56:11 NTEV: Internet Explorer event log at C:\WINDOWS\System32\Config\Int
ernet Explorer.evt
12:56:11 NTEV: ODiag event log at C:\WINDOWS\system32\config\ODiag.evt
12:56:11 NTEV: OSession event log at C:\WINDOWS\system32\config\OSession.evt
12:56:11 NTEV: Security event log at C:\WINDOWS\System32\config\SecEvent.Evt
12:56:11 NTEV: System event log at C:\WINDOWS\system32\config\SysEvent.Evt
12:56:11 NTRG: Caching registry hive data.
12:56:11 SIFI: don't change index filtering state (it's off)
Dumping all files in D:/TEST
D:/TEST/
D:/TEST/burtscript-1.6.tar.gz
D:/TEST/config.batch
D:/TEST/config.batch.org
D:/TEST/ft
D:/TEST/ft.org
D:/TEST/glibc-32bit-2.4-31.1.x86_64.rpm
D:/TEST/osb-10.2.0.2_linux32_cdrom.zip
D:/TEST/osb.10.1.0.3_Express.linux32.zip
D:/TEST/sonytape_linux_v2.6.tar.tar
12:56:19 TRWK: as a result of this backup, exit value changed from -1 to 0
12:56:19 MNPO: data service halted with reason=successful
12:56:19 SNPD: Data Service reported bytes processed 0x4C60000
12:56:19 SNPD: stopping NDMP data service (to transition to idle state)
12:56:19 MNPO: mover halted with reason=connection closed
12:56:19 MGS: ms.record_size 65536, ms.record_num 0x4C6, ms.bytes_moved 0x4
C60000
12:56:19 MNPO: operation successful
12:56:19 BNPC: finished OSB NDMP backup with status 0
12:56:19 BNPC: end of backup; bytes written 0x4C60000
12:56:19 CREA: as a result of this backup, exit value changed from -1 to 0
12:56:21 A_T: suppressing filemark output due to NDMP having written one
12:56:21 A_T: writing marker label; here it is:
Volume label:
Intro time: Thu Jun 26 12:02:39 2008
Volume UUID: d1c16c42-cd5c-414f-9a9a-03d419ad5944
Volume ID: VOL000004
Volume sequence: 1
Volume set owner: SYSTEM
Volume set created: Thu Jun 26 12:55:33 2008
Original UUID: d1c16c42-cd5c-414f-9a9a-03d419ad5944
Archive label:
File number: 2
File section: 1
Owner: SYSTEM
Client host: solaris
Backup level: 0
S/w compression: no
Archive created: Thu Jun 26 12:55:33 2008
Encryption: off
Marker: End of data
12:56:21 VLBW: on entry, l->tag = "", master tag = "", bot = 0
12:56:22 VLBW: setting voltag from "" to ""
12:56:22 VLBW: volume is not content-managed
12:56:22 RLE: set kb remaining to 0
12:56:22 RLE: qdb__set_kb_rem_se reports vol_oid 0, arch_oid 0
12:56:22 RLE: commit write, no next volume id specified
12:56:22 RLE: qdb__commit_write_se reports vol_oid 103, arch_oid 103
12:56:22 VLBW: first backup section OID set to 103
12:56:22 CALE: created backup section oid list entry for oid 103
12:56:22 RLE: set kb remaining to 0
12:56:22 RLE: qdb__set_kb_rem_se reports vol_oid 0, arch_oid 0
12:56:22 A_T: writing two more FMs
(alv) backup image label is not valid
12:56:40 CREA: setting last section flag for oid 103
Backup complete on Thu Jun 26 2008 at 12:56:21
12:56:40 QREX: exit status upon entry is 0
12:56:40 QREX: released reservation on tape drive obt
12:56:40 QREX: reading section record for oid 103
12:56:40 QREX: set last section flag for oid 103
12:56:40 RDB: reading volume record for oid 103
12:56:40 RDB: reading section record for oid 103
12:56:40 RDB: adding record for oid 103 (file 1, section 1) to section list
12:56:40 RDB: file 1 has all 1 required sections; clearing incomplete backu
p flags
12:56:41 RDB: reading section record for oid 103
12:56:41 RDB: cleared incomplete backup flag for oid 103
12:56:41 RDB: 1 volumes in volume list
12:56:41 RDB: volume oid 103 reports first:last files of 1:1
12:56:41 RDB: marking volume oid 103 as authoritative
12:56:41 VMA: reading volume record for oid 103
12:56:41 VMA: set authoritative flag for oid 103
12:56:41 QREX: released writable volume reservation on b3d66f47-720f-4de5-87
cc-f5691006173b
12:56:41 QREX: released writable volume reservation on d1c16c42-cd5c-414f-9a
9a-03d419ad5944
12:56:41 QREX: [1836] connecting to solaris to import and/or delete ascii in
dex file for client solaris
Backup statistics:
status 0
devices obt
devices 1
volumes VOL000004
voltags (null)
file 1
host solaris
encryption off
start_time Thu Jun 26 2008 at 12:55:33 (1214472333)
end_time Thu Jun 26 2008 at 12:56:21 (1214472381)
backup_time Thu Jun 26 2008 at 12:55:33 (1214472333)
entries_scanned 10
kbytes_scanned 0
entries_excluded 0
entries_skipped 0
mount_points_skipped 0
files 19
directories 1
hardlinks 0
symlinks 0
sparse_files 0
filesys_errors 0
unknown_type 0
file_kbytes 0
dev_kbytes 78217
dev_iosecs 48
dev_iorate 1.7 MB/S
wrt_iosecs 34
wrt_iorate 2.4 MB/S
physical_blks_written 78208
write_errors 0
physical_blks_read 0
read_errors 0
error_rate 0%
path d:/test completed, status 0
12:56:41 RLYX: exit status 0; checking allocs...
12:56:41 RLYX: from mm__check_all: 1
12:56:41 RLYX: exit status changed to 114
ob> -
Oracle Secure Backup with partitioned SL3000
A Client has a partitioned SL3000 tape library with two Access Expansion Modules, T10000D drives, LTO6 drives and dual robotics.
Three Partitions - one for SAMFS including one AEM - this partition works fine.
Two partitions created for OSB - one for LTO6 and media and the other for T10000D and media due to mixed media not supported in OSB.
OSB 12.1 has been implemented, device configuration has been completed and verified. Library inventory completes successfully, when a test backup is started no media mounts to the tape drives. MTX utility for Linux has been implemented for test purposes - successful mounts using MTX was performed - a library inventory was then done using OSB and completed successfully identifying the media mounted in the drive that was initiated by MTX, a successful unload was then done using OSB.
We are unable to mount media using OSB.
Here is a output of devdump from OSB:
ob> dumpdev prd-mgmt2_tape_4
Oracle Secure Backup hardware error log for "prd-mgmt2_tape_4", version 1
STK T10000D, prom/firmware id 4.07, serial number 579004000975
Tue Mar 31, 2015 at 12:05:31.057 (SAST) devtype: 26
obexec: prd-mgmt2:/dev/sg4, args to wst__exec: handle=0x0
accessed via host prd-mgmt2: Linux 2.6.32-431.3.1.el6.x86_64 #1 SMP Fri Jan 3 09:13:42 PST 2014
op=0 (nop), buf=0x00, count=1 (0x1), parm=0x00
cdb: 00 00 00 00 00 00 tur
sense data:
70 00 02 00 00 00 00 12 00 00 00 00 00 00 00 00
00 00 00 00 00 00 40 01 00 00
ec=0, sk=not ready, asc=0, ascq=0
error is: unknown check condition
flags: (none)
returned status: code=unknown check condition,
resid=0 (0x0), checks=0x0 []
Tue Mar 31, 2015 at 12:05:38.142 (SAST) devtype: 26
obrobotd: /dev/sg4, args to wst__exec: handle=0x1
accessed via host prd-mgmt2
op=8 (rewind), buf=0x00, count=0 (0x0), parm=0x00
cdb: 01 00 00 00 00 00 rewind
sense data:
70 00 02 00 00 00 00 12 00 00 00 00 00 00 00 00
00 01 00 00 00 00 40 01 00 00
ec=0, sk=not ready, asc=0, ascq=0
error is: unknown check condition
flags: (none)
returned status: code=unknown check condition,
resid=0 (0x0), checks=0x0 []
Tue Mar 31, 2015 at 12:29:31.060 (SAST) devtype: 26
obexec: /dev/sg4, args to wst__exec: handle=0x0
accessed via host prd-mgmt2
op=0 (nop), buf=0x00, count=1 (0x1), parm=0x00
cdb: 00 00 00 00 00 00 tur
sense data:
70 00 02 00 00 00 00 12 00 00 00 00 00 00 00 00
00 00 00 00 00 00 40 01 00 00
ec=0, sk=not ready, asc=0, ascq=0
error is: unknown check condition
flags: (none)
returned status: code=unknown check condition,
resid=0 (0x0), checks=0x0 []I have resolved the issue. Ill close this thread. :))
-
Oracle Secure Backup on Windows: file permission problem?
Hi all.
I did a new Oracle Secure Backup installation.
I implemented a real simple domain:
a Linux box is the media/administrative server. Then I have some Windows and Linux Client.
On a Windows 2000 server SP4 box I'm experiencing an error.
On certain directories i get the following:
The directory is not a subdirectory of the root directory.
On certain files I get the following instead:
The directory name is invalid.
The OSB service is running under the local system account on the client.
Can you help me trouble this error?
Thanks
GiovanniThanks for your reply.
Disks are mounted using CIFS.
we got the fix for this, need to do the following changes.
# Turns off locking
echo 0 > /proc/fs/cifs/OplockEnabled
# Turns off inode caching
echo 0 > /proc/fs/cifs/LookupCacheEnabled
cheers...
Edited by: TJ_DBA on 14/02/2011 16:43 -
TNS Listener Poison attack : Oracle Security Alert for CVE-2012-1675
Hi,
I'm looking to implement the following oracle document about COST but not sure what we need to do for Standby Environment ,
Can you guys please advise.
Oracle Using Class of Secure Transport (COST) to Restrict Instance Registration [ID 1453883.1]
Oracle Security Alert for CVE-2012-1675
Thanksuser097815 wrote:
with regrads to the below thread which mostly talks about Oracle Security Alert for CVE-2012-1675 "TNS Listener Poison Attack"....i just wanted to find out if this effect DB that are externally or internally....meaning 95% of our DB are in network(internally) behind our firewall....and rest of the 5% are outside our firewall facing the world wide web....so does this apply to both of just one ?The attack is on the Listener itself - so if you want to prevent this attack, you need to secure that Listener, irrespective of its location.
IMO, mandatory if you expose your Listener to an unsecured or public network (e.g. internet).
As for Listeners running on your internal network - if this attack is used, securing your Listeners mean very little IMO. Because your internal network already needs to be compromised in order for the attack to occur. Which means you have far more serious problems then someone attacking your Listeners. -
Modifying Identity for oracle.security.idm.RoleProfile
Hello. In the documentation: http://docs.oracle.com/cd/E12839_01/core.1111/e10043/devuserole.htm#autoId36 it is written that we can modify the Property by using oracle.security.idm.ModProperty: http://docs.oracle.com/cd/E24001_01/apirefs.1111/e14658/oracle/security/idm/ModProperty.html class. From the example shown there we can modify property for oracle.security.idm.UserProfile: http://docs.oracle.com/cd/E16340_01/apirefs.1111/e14658/oracle/security/idm/UserProfile.html. But I am unable to setProperty for oracle.security.idm.RoleProfile: http://docs.oracle.com/cd/E15523_01/apirefs.1111/e14658/oracle/security/idm/RoleProfile.html class, since there is no such method defined.
How can I modify property for role. Can anyone show me an example or point to me into right direction?
Thanks in advance.
Regards.
Tapas.I may be found a solution. The interface oracle.security.idm.RoleProfile extends oracle.security.idm.Role and the oracle.security.idm.spi.AbstractRoleProfile implements oracle.security.idm.RoleProfile, in turns oracle.security.idm.spi.AbstractRoleProfile is an abstract class and this class is extended by following three classes:
1. oracle.security.idm.providers.stdldap.LDRole,
2. oracle.security.idm.providers.libovd.LibOVDRole and
3. oracle.security.idm.util.RoleProfileValueObject
All of them has setProperty(ModProperty modProp) method defined within themselves. Among them the oracle.security.idm.util.RoleProfileValueObject class throws oracle.security.idm.OperationNotSupportedException from setProperty(ModProperty modProp) method and it does not do anything.
In my application I need to find which one is the concrete implementation of oracle.security.idm.RoleProfile, so that I can proceed further. Before Monday I will not be able to do that. I guess it will work.
I need to break the source code. Don't know whether or not is is illegal. But I didn't have any other options. The documentation lacks in many places. Even the javadoc of the interface oracle.security.idm.RoleProfile does not mention the name of implemented classes of it. -
Oracle Security - External Authentication
The requirement is to enable the user to allow access to DB by making the user enter the user name and password only once while accessing the Cognos reports. (Cognos is a BI tool). So the user will enter the username and password at the time he accesses the Cognos application, after this there should not be any logons to access DB.
Cognos stores the user name and password in a LDAP store (in NDS residing on Windows 2000 Advanced Server). So, the question is, can Oracle leverage on the user information stored in the LDAP for Cognos? The external authentication provided by Oracle suggests that if the user info store can be in LDAP provided it is in OID.
Please let me know if this can be achieved and if so, where can I get details about the same.According to the 8.1.7 documentation:
"Enterprise user security provides single sign-on to Oracle8i using interoperable X.509 v3 certificates over Secure Sockets Layer (SSL) v3, and supports the following LDAP-compliant directory services:
Oracle Internet Directory Release 2.0.5 or later
Microsoft Active Directory "
So it sounds like they do not support Novell's LDAP implementation.
Here's a page on managing Enterprise Users http://technet.oracle.com/docs/products/oracle8i/doc_library/817_doc/network.817/a85430/asomeus.htm
Here's a page on managing OS Authentication -http://technet.oracle.com/doc/windows/server.815/a68694/output/ch10.htm
I just finished writing a chapter on OS Authentication in my Oracle security book. I would stay away from OS Authentication unless you have a small number of users. I have not yet researched Enterprise Users, but the concensus seems to be that they provide a much more robust solution.
Maybe you are looking for
-
[CS3][JS]Create menu permenently?
Hi, Is it possible to create menu with menu item permenently? I have placed my script file in the scripts panel folder inside the scripts folder. I have added a menu at the main menu bar. It works until I close the Indesign.When I restart Indesig
-
Creating a PDF with a watermark from InDesign CS3
Hello, I have a question on exporting or printing a PDF file that will have a watermark. What I'm wanting to do is take a InDesign file (and/or Quark file) and export/print a PDF file that will be in low res and have a watermark placed on it. (for a
-
Is there a way to relink to folder and only use a selected part of file name
I would like to be able to choose to use just the first 3 places of the file name to relink my graghics files. ie: 001, 002, 003 and have it ignore the rest of the file name, we can now change the extender, could this feature be expanded to enclude
-
Search help for position field
Hi All, I am working on custom infotype and I have included a field called position, here the problem that I am facing is, the F4 help is getting displayed without any restriction. But in Infotype 0001's position I could able to see the str
-
Since MacOS 10.6.5 update iSight is not working anymore
iSight doesn't work with any software (Photo Booth, iChat, Skype, etc). Photo Booth says there is no camera connected. Skype states that "Camera in use by other application" and "No video camera connected" (both messages are displayed one after anoth