Oracle Security Implementation in JDev 10.1.2.0.0

Similar Messages

• Unable to deploy from Jdev - access denied (oracle.security.jps.JpsPermissi

  Hi.
  My Jdev is Build JDEVADF_11.1.2.3.0_GENERIC_120914.0223.6276.1
  I am trying to deploy to standalone web logic 10.3.6.0
  But I get the following message
  <May 28, 2013 10:45:40 AM EDT> <Warning> <Deployer> <BEA-149004> <Failures were
  detected while initiating deploy task for application 'DrhCustomers'.>
  <May 28, 2013 10:45:40 AM EDT> <Warning> <Deployer> <BEA-149078> <Stack trace fo
  r message 149004
  java.security.AccessControlException: access denied (oracle.security.jps.JpsPerm
  ission AppSecurityContext.setApplicationID.null)
  at java.security.AccessControlContext.checkPermission(AccessControlConte
  xt.java:374)
  at java.security.AccessController.checkPermission(AccessController.java:
  546)
  at oracle.security.jps.util.JpsAuth$AuthorizationMechanism$3.checkPermis
  sion(JpsAuth.java:458)
  at oracle.security.jps.util.JpsAuth.checkPermission(JpsAuth.java:518)
  at oracle.security.jps.util.JpsAuth.checkPermission(JpsAuth.java:544)
  Truncated. see log file for complete stacktrace
  Caused By: java.security.AccessControlException: access denied (oracle.security.
  jps.JpsPermission AppSecurityContext.setApplicationID.null)
  at java.security.AccessControlContext.checkPermission(AccessControlConte
  xt.java:374)
  at java.security.AccessController.checkPermission(AccessController.java:
  546)
  at oracle.security.jps.util.JpsAuth$AuthorizationMechanism$3.checkPermis
  sion(JpsAuth.java:458)
  at oracle.security.jps.util.JpsAuth.checkPermission(JpsAuth.java:518)
  at oracle.security.jps.util.JpsAuth.checkPermission(JpsAuth.java:544)
  Truncated. see log file for complete stacktrace
  >
  I don't have any security settings in my application
  Please advice

  Thanks for the response James.
  Though the classpath/path looks like it has references to JDK 1.5, it is actually referring to jrocket JDK 1.6. I can confirm this because when I type "C:\ORACLE\MIDDLE~1\JROCKI~1.5-3\lib" in windows explorer it takes me to "C:\ORACLE\Middleware\jrockit_160_14_R27.6.5-32\lib"
  Moreover, C:\ORACLE\Middleware is the place where I installed weblogic 11gR1.
  I looked at the startWeblogic.cmd, setDomainEnv.cmd and commEnv.cmd to trace how the JDK path is getting manipulated and I found that in setDomainEnv.cmd there is a line "for %%i in ("%JAVA_HOME%") do set JAVA_HOME=%%~fsi " which is converting the full JDK path to short path. Below are the references in the .cmd files :
  setDomainEnv.cmd
  set BEA_JAVA_HOME=C:\Oracle\Middleware\jrockit_160_14_R27.6.5-32 <---------------------Setting the correct JDK version
  if "%JAVA_VENDOR%"=="Oracle" (
       set JAVA_HOME=%BEA_JAVA_HOME%
  ) else (
       if "%JAVA_VENDOR%"=="Sun" (
            set JAVA_HOME=%SUN_JAVA_HOME%
       ) else (
            set JAVA_VENDOR=Oracle
            set JAVA_HOME=C:\Oracle\Middleware\jrockit_160_14_R27.6.5-32
  set JAVA_HOME=%JAVA_HOME%
  for %%i in ("%JAVA_HOME%") do set JAVA_HOME=%%~fsi <------------------------Converting to short form
  .....And other commands
  if NOT "%WEBLOGIC_CLASSPATH%"=="" (
       if NOT "%CLASSPATH%"=="" (
            set CLASSPATH=%WEBLOGIC_CLASSPATH%;%CLASSPATH%
       ) else (
            set CLASSPATH=%WEBLOGIC_CLASSPATH%
  commEnv.cmd
  set WEBLOGIC_CLASSPATH=%JAVA_HOME%\lib\tools.jar;%BEA_HOME%\utils\config\10.3\config-launch.jar;%WL_HOME%\server\lib\weblogic_sp.jar;%WL_HOME%\server\lib\weblogic.jar;%FEATURES_DIR%\weblogic.server.modules_10.3.2.0.jar;%WL_HOME%\server\lib\webservices.jar;%ANT_HOME%/lib/ant-all.jar;%ANT_CONTRIB%/lib/ant-contrib.jar <-----------WEBLOGIC_CLASSPATH is set here
  Thanks,
  -Raghu

• Oracle Security : what do you think about the following policy violation ?

  If you install OEM10, you will be able to see if you violate some security guidelines :
  Interresting is revoking UTL_FILE from public, which is critical. Also revoke UTL_TCP and UTL_SMTP. This is going to upset an expert I know...
  Take care about the failed login attempts. If you set it to 10 to the default profile, and if your DBSNMP password is NOT the default password, then Oracle will lock your account after node discovery!
  In Solaris, you can disable execution of the user stack with the system parameters set noexec_user_stack=1
  set noexec_user_stack_log=1. I did not find how to do it on AIX. However, those settings may have side effects.
  About the ports, it complains about open ports, even if this is the port oracle listener is using! Simply ignore most of the violations there.
  About JAccelerator (NCOMP), it is located on the "companion" CD.
  Ok, Waiting for your feedback
  Regards
  Laurent
  [High]      Critical Patch Advisories for Oracle Homes     Configuration     Host     Checks Oracle Homes for missing critical patches          
  [High]      Insufficient Number of Control Files     Configuration     Database     Checks for use of a single control file          
  [High]      Open ports     Security     Host     Check for open ports          
  [High]      Remote OS role     Security     Database     Check for insecure authentication of remote users (remote OS role)          
  [High]      EXECUTE UTL_FILE privileges to PUBLIC     Security     Database     Test for PUBLIC having EXECUTE privilege on the UTIL_FILE package          
  [High]      Listener direct administration     Security     Listener     Ensure that listeners cannot be administered directly          
  [High]      Remote OS authentication     Security     Database     Check for insecure authentication of remote users (remote OS authentication)          
  [High]      Listener password     Security     Listener     Test for password-protected listeners          
  [High]      HTTP Server Access Logging     Security     HTTP Server     Check that HTTP Server access logging is enabled          
  [High]      Web Cache Access Logging     Security     Web Cache     Check that Web Cache access logging is enabled          
  [High]      Web Cache Dummy wallet     Security     Web Cache     Check that dummy wallet is not used for production SSL load.          
  [High]      HTTP Server Dummy wallet     Security     HTTP Server     Check that dummy wallet is not used for production SSL load.          
  [High]      Web Cache owner and setuid bit'     Security     Web Cache     Check that webcached binary is not owned by root and setuid is not set          
  [High]      HTTP Server Owner and setuid bit     Security     HTTP Server     Check the httpd binary is not owned by root and setuid bit is not set.          
  [High]      HTTP Server Directory Indexing     Security     HTTP Server     Check that Directory Indexing is disabled on this HTTP Server          
  [High]      Insufficient Redo Log Size     Storage     Database     Checks for redo log files less than 1 Mb          
  [Medium]      Insufficient Number of Redo Logs     Configuration     Database     Checks for use of less than three redo logs          
  [Medium]      Invalid Objects     Objects     Database     Checks for invalid objects          
  [Medium]      Insecure services     Security     Host     Check for insecure services          
  [Medium]      DBSNMP privileges     Security     Database     Check that DBSNMP account has sufficient privileges to conduct all security tests          
  [Medium]      Remote password file     Security     Database     Check for insecure authentication of remote users (remote password file)          
  [Medium]      Default passwords     Security     Database     Test for known accounts having default passwords          
  [Medium]      Unlimited login attempts     Security     Database     Check for limits on the number of failed logging attempts          
  [Medium]      Web Cache Writable files     Security     Web Cache     Check that there are no group or world writable files in the Document Root directory.          
  [Medium]      HTTP Server Writable files     Security     HTTP Server     Check that there are no group or world writable files in the Document Root directory          
  [Medium]      Excessive PUBLIC EXECUTE privileges     Security     Database     Check for PUBLIC having EXECUTE privileges on powerful packages          
  [Medium]      SYSTEM privileges to PUBLIC     Security     Database     Check for SYSTEM privileges granted to PUBLIC          
  [Medium]      Well-known accounts     Security     Database     Test for accessibility of well-known accounts          
  [Medium]      Execute Stack     Security     Host     Check for OS config parameter which enables execution of code on the user stack          
  [Medium]      Use of Unlimited Autoextension     Storage     Database     Checks for tablespaces with at least one datafile whose size is unlimited          
  [Informational]      Force Logging Disabled     Configuration     Database     When Data Guard Broker is being used, checks primary database for disabled force logging          
  [Informational]      Not Using Spfile     Configuration     Database     Checks for spfile not being used          
  [Informational]      Use of Non-Standard Initialization Parameters     Configuration     Database     Checks for use of non-standard initialization parameters          
  [Informational]      Flash Recovery Area Location Not Set     Configuration     Database     Checks for flash recovery area not set          
  [Informational]      Installation of JAccelerator (NCOMP)     Installation     Database     Checks for installation of JAccelerator (NCOMP) that improves Java Virtual Machine performance by running natively compiled (NCOMP) classes          
  [Informational]      Listener logging status     Security     Listener     Test for logging status of listener instances          
  [Informational]      Non-uniform Default Extent Size     Storage     Database     Checks for tablespaces with non-uniform default extent size          
  [Informational]      Not Using Undo Space Management     Storage     Database     Checks for undo space management not being used          
  [Informational]      Users with Permanent Tablespace as Temporary Tablespace     Storage     Database     Checks for users using a permanent tablespace as the temporary tablespace          
  [Informational]      Rollback in SYSTEM Tablespace     Storage     Database     Checks for rollback segments in SYSTEM tablespace          
  [Informational]      Non-System Data Segments in System Tablespaces     Storage     Database     Checks for data segments owned by non-system users located in tablespaces SYSTEM and SYSAUX          
  [Informational]      Users with System Tablespace as Default Tablespace     Storage     Database     Checks for non-system users using SYSTEM or SYSAUX as the default tablespace          
  [Informational]      Dictionary Managed Tablespaces     Storage     Database     Checks for dictionary managed tablespaces (other than SYSTEM and SYSAUX)          
  [Informational]      Tablespaces Containing Rollback and Data Segments     Storage     Database     Checks for tablespaces containing both rollback (other than SYSTEM) and data segments          
  [Informational]      Segments with Extent Growth Policy Violation     Storage     Database     Checks for segments in dictionary managed tablespaces (other than SYSTEM and SYSAUX) having irregular extent sizes and/or non-zero Percent Increase settings

  Interresting is revoking UTL_FILE from public, which is critical. Also revoke UTL_TCP and UTL_SMTP. This is going to upset an expert I know...Okay, as this is (I think) aimed at me, I'll fall for it ;)
  What is the point of revoking UTL_FILE from PUBLIC? Yes I know what you think the point is, but without rights on an Oracle DIRECTORY being able to execute UTL_FILE is useless. Unless of course you're still using the init.ora parameter
  UTL_FILE_DIR=*which I sincerely hope you're not.
  As for UTL_SMTP and UTL_TCP, I think whether a program is allowed to send e-mail to a given SMTP server is really in the remit of the e-mail adminstrator rather than the DBA.
  Look, DBAs are kings of their realm and can set their own rules. The rest of us have to live with them. A couple of years ago I worked a project where I was not allowed access to the USER_DUMP_DEST directory. So every time I generated a TRC file I had to phone up the DBA and a couple of hours later I got an e-mail with an attachment. Secure yes, but not very productive when I was trying to debug a Row Level Security implementation.
  I have worked on both sides of the DBA/Developer fence and I understand both sides of the argument. I think it is important for developers to document all the privileges necessary to make their app run. Maybe you don't have a better way of doing that than revoking privileges from PUBLIC. Or maybe you just want to generate additional communication with developers. That's fine. I know sometimes even DBAs get lonely.
  Cheers, APC

• Oracle Secure Backup 10.3.0.3.0 in Windows 2003 with IBM Tape Not Working

  Hi,
  I am currently implementing Oracle Secure Backup. My environment is this:
  OS: Windows Server 2003 (32Bit) for all servers
  Database: Oracle Database 11.2.0.1.0
  Tape Library: IBM-ULT 3580-TD4
  I will have to configure 2 machines to work with OSB: server01 and server02.
  Server01:
  This serves as the client, admin, mediaserver
  Server02:
  This will serve as the client, admin
  When I log in to Server01, in the device manager, I can see the Tape Drives (no warnings, no questions marks) so I think it's good.
  When I log in to Server02, in the device manager, there are no Tape Drives seen. Is is ok or shall i configure the IBM Tape drives to be also accessible since this is just the client, admin host?
  Also I have noticed that when I installed the OSB in Server02 (client,admin), when I am on the SCSI Devices, i dont see any tape device (since its not in the device manager). Because of this i cannot start OSB Services and cannot add this host to the mediaserver.
  Also, I am having issues Configuring the Library and the devices. I have read the official documentation completely but i think its very general and it does not present the detailed step-by-step process in installing and configuring OSB.
  When I issued: lsdev -lvg in the mediaserver , I can read an error: Warning: bus info unknown or drive not installed.
  Help is very much appreciated. Thanks a lot guys!

  I have resolved the issue. Ill close this thread. :))

• NoClassDefFoundError: oracle/security/jps/JpsException

  I have a web service developed in JDeveloper 12c (12.1.2) using the Generate Web Service from WSDL option. Inside the service implementation class I create a root application module like so:
  ApplicationModule am = Configuration.createRootApplicationModule("xxx.model.XXX_AppModule", "XXX_AppModuleLocal");
  When I test it in the integrated WebLogic server through JDeveloper, the web service works fine. However when I deploy the application (including the web service) to a production WebLogic server, I get the following error in the logs when testing it:
  ####<22-Jul-2014 14:51:09 o'clock BST> <Notice> <StdErr> <XXXXXXXXXXXX> <Engineering> <[ACTIVE] ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1406037069434> <BEA-000000> <Jul 22, 2014 2:51:09 PM oracle.adf.share.ADFContext getCurrent
  WARNING: Automatically initializing a DefaultContext for getCurrent.
  Caller should ensure that a DefaultContext is proper for this use.
  Memory leaks and/or unexpected behaviour may occur if the automatic initialization is performed improperly.
  This message may be avoided by performing initADFContext before using getCurrent().
  For more information please enable logging for oracle.adf.share.ADFContext at FINEST level.>
  ####<22-Jul-2014 14:51:10 o'clock BST> <Error> <com.sun.xml.ws.server.sei.TieHandler> <XXXXXXXXXXXX> <Engineering> <[ACTIVE] ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <> <1406037070692> <BEA-000000> <oracle/security/jps/JpsException
  java.lang.NoClassDefFoundError: oracle/security/jps/JpsException
    at java.lang.Class.forName0(Native Method)
    at java.lang.Class.forName(Class.java:270)
    at oracle.adf.share.common.ClassUtils.forName(ClassUtils.java:53)
    at oracle.adf.share.security.credentialstore.CredentialStoreContext.getCredentialStorage(CredentialStoreContext.java:186)
    at oracle.adf.share.security.credentialstore.CredentialStoreContext.getCredentialProvisioner(CredentialStoreContext.java:109)
    at oracle.adf.share.security.credentialstore.CredentialProvisioner.<init>(CredentialProvisioner.java:44)
    at oracle.adf.share.jndi.CredentialStoreHelper.<init>(CredentialStoreHelper.java:54)
    at oracle.adf.share.jndi.CredentialStoreHelper.<init>(CredentialStoreHelper.java:48)
    at oracle.adf.share.jndi.ReferenceStoreHelper.loadCredentials(ReferenceStoreHelper.java:1082)
    at oracle.adf.share.jndi.ReferenceStoreHelper.createReference(ReferenceStoreHelper.java:726)
    at oracle.adf.share.jndi.ReferenceStoreHelper.getReferencesMapEx(ReferenceStoreHelper.java:331)
    at oracle.adf.share.jndi.ContextImpl.load(ContextImpl.java:850)
    at oracle.adf.share.jndi.ContextImpl.init(ContextImpl.java:480)
    at oracle.adf.share.jndi.ContextImpl.<init>(ContextImpl.java:78)
    at oracle.adf.share.jndi.InitialContextFactoryImpl.getInitialContext(InitialContextFactoryImpl.java:17)
    at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684)
    at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:307)
    at javax.naming.InitialContext.init(InitialContext.java:242)
    at javax.naming.InitialContext.<init>(InitialContext.java:216)
    at oracle.adf.share.jndi.AdfInitialContext.<init>(AdfInitialContext.java:93)
    at oracle.adf.share.jndi.AdfInitialContext.newAdfInitialContext(AdfInitialContext.java:74)
    at oracle.adf.share.jndi.AdfJndiConfig.getDefaultConnectionsContext(AdfJndiConfig.java:79)
    at oracle.adf.share.config.FallbackConfigImpl.getDefaultConnectionsContext(FallbackConfigImpl.java:306)
    at oracle.adf.share.config.ADFConfigImpl.getConnectionsContext(ADFConfigImpl.java:755)
    at oracle.jbo.client.CADatabaseConnectionProvider.getDatabaseProvider(CADatabaseConnectionProvider.java:177)
    at oracle.jbo.client.CADatabaseConnectionProvider.loadConnectionProperties(CADatabaseConnectionProvider.java:151)
    at oracle.jbo.client.Configuration.initializeFromConnectionName(Configuration.java:1109)
    at oracle.jbo.client.config.ConfigurationProviderManager.resolveConfiguration(ConfigurationProviderManager.java:113)
    at oracle.jbo.client.config.ConfigurationProviderManager.getConfiguration(ConfigurationProviderManager.java:54)
    at oracle.jbo.common.ampool.PoolMgr.findPool(PoolMgr.java:534)
    at oracle.jbo.client.Configuration.createRootApplicationModule(Configuration.java:1393)
    at xxx.service.util.ServiceUtils.getApplicationModule(ServiceUtils.java:28)
    at com.baesystems.wdms.ELKITInterfaceImpl.getLoomDetail(ELKITInterfaceImpl.java:85)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:606)
    at weblogic.wsee.jaxws.WLSInstanceResolver$WLSInvoker.invoke(WLSInstanceResolver.java:117)
    at weblogic.wsee.jaxws.WLSInstanceResolver$WLSInvoker.invoke(WLSInstanceResolver.java:91)
    at com.sun.xml.ws.server.InvokerTube$2.invoke(InvokerTube.java:149)
    at com.sun.xml.ws.server.sei.SEIInvokerTube.processRequest(SEIInvokerTube.java:88)
    at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:1136)
    at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:1050)
    at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:1019)
    at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:877)
    at com.sun.xml.ws.server.WSEndpointImpl$2.process(WSEndpointImpl.java:420)
    at com.sun.xml.ws.transport.http.HttpAdapter$HttpToolkit.handle(HttpAdapter.java:687)
    at com.sun.xml.ws.transport.http.HttpAdapter.handle(HttpAdapter.java:266)
    at com.sun.xml.ws.transport.http.servlet.ServletAdapter.handle(ServletAdapter.java:169)
    at weblogic.wsee.jaxws.WLSServletAdapter.handle(WLSServletAdapter.java:205)
    at weblogic.wsee.jaxws.HttpServletAdapter$AuthorizedInvoke.run(HttpServletAdapter.java:634)
    at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
    at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:146)
    at weblogic.wsee.util.ServerSecurityHelper.authenticatedInvoke(ServerSecurityHelper.java:108)
    at weblogic.wsee.jaxws.HttpServletAdapter$3.run(HttpServletAdapter.java:278)
    at weblogic.wsee.jaxws.HttpServletAdapter.post(HttpServletAdapter.java:287)
    at weblogic.wsee.jaxws.JAXWSServlet.doRequest(JAXWSServlet.java:134)
    at weblogic.servlet.http.AbstractAsyncServlet.service(AbstractAsyncServlet.java:99)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:844)
    at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:280)
    at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:254)
    at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:136)
    at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:341)
    at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:238)
    at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun(WebAppServletContext.java:3363)
    at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3333)
    at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
    at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
    at weblogic.servlet.provider.WlsSubjectHandle.run(WlsSubjectHandle.java:57)
    at weblogic.servlet.internal.WebAppServletContext.doSecuredExecute(WebAppServletContext.java:2220)
    at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2146)
    at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2124)
    at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1564)
    at weblogic.servlet.provider.ContainerSupportProviderImpl$WlsRequestExecutor.run(ContainerSupportProviderImpl.java:254)
    at weblogic.work.ExecuteThread.execute(ExecuteThread.java:295)
    at weblogic.work.ExecuteThread.run(ExecuteThread.java:254)
  Caused By: java.lang.ClassNotFoundException: oracle.security.jps.JpsException
    at java.net.URLClassLoader$1.run(URLClassLoader.java:366)
    at java.net.URLClassLoader$1.run(URLClassLoader.java:355)
    at java.security.AccessController.doPrivileged(Native Method)
    at java.net.URLClassLoader.findClass(URLClassLoader.java:354)
    at java.lang.ClassLoader.loadClass(ClassLoader.java:425)
    at java.lang.ClassLoader.loadClass(ClassLoader.java:358)
    at java.lang.Class.forName0(Native Method)
    at java.lang.Class.forName(Class.java:270)
    at oracle.adf.share.common.ClassUtils.forName(ClassUtils.java:53)
    at oracle.adf.share.security.credentialstore.CredentialStoreContext.getCredentialStorage(CredentialStoreContext.java:186)
    at oracle.adf.share.security.credentialstore.CredentialStoreContext.getCredentialProvisioner(CredentialStoreContext.java:109)
    at oracle.adf.share.security.credentialstore.CredentialProvisioner.<init>(CredentialProvisioner.java:44)
    at oracle.adf.share.jndi.CredentialStoreHelper.<init>(CredentialStoreHelper.java:54)
    at oracle.adf.share.jndi.CredentialStoreHelper.<init>(CredentialStoreHelper.java:48)
    at oracle.adf.share.jndi.ReferenceStoreHelper.loadCredentials(ReferenceStoreHelper.java:1082)
    at oracle.adf.share.jndi.ReferenceStoreHelper.createReference(ReferenceStoreHelper.java:726)
    at oracle.adf.share.jndi.ReferenceStoreHelper.getReferencesMapEx(ReferenceStoreHelper.java:331)
    at oracle.adf.share.jndi.ContextImpl.load(ContextImpl.java:850)
    at oracle.adf.share.jndi.ContextImpl.init(ContextImpl.java:480)
    at oracle.adf.share.jndi.ContextImpl.<init>(ContextImpl.java:78)
    at oracle.adf.share.jndi.InitialContextFactoryImpl.getInitialContext(InitialContextFactoryImpl.java:17)
    at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684)
    at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:307)
    at javax.naming.InitialContext.init(InitialContext.java:242)
    at javax.naming.InitialContext.<init>(InitialContext.java:216)
    at oracle.adf.share.jndi.AdfInitialContext.<init>(AdfInitialContext.java:93)
    at oracle.adf.share.jndi.AdfInitialContext.newAdfInitialContext(AdfInitialContext.java:74)
    at oracle.adf.share.jndi.AdfJndiConfig.getDefaultConnectionsContext(AdfJndiConfig.java:79)
    at oracle.adf.share.config.FallbackConfigImpl.getDefaultConnectionsContext(FallbackConfigImpl.java:306)
    at oracle.adf.share.config.ADFConfigImpl.getConnectionsContext(ADFConfigImpl.java:755)
    at oracle.jbo.client.CADatabaseConnectionProvider.getDatabaseProvider(CADatabaseConnectionProvider.java:177)
    at oracle.jbo.client.CADatabaseConnectionProvider.loadConnectionProperties(CADatabaseConnectionProvider.java:151)
    at oracle.jbo.client.Configuration.initializeFromConnectionName(Configuration.java:1109)
    at oracle.jbo.client.config.ConfigurationProviderManager.resolveConfiguration(ConfigurationProviderManager.java:113)
    at oracle.jbo.client.config.ConfigurationProviderManager.getConfiguration(ConfigurationProviderManager.java:54)
    at oracle.jbo.common.ampool.PoolMgr.findPool(PoolMgr.java:534)
    at oracle.jbo.client.Configuration.createRootApplicationModule(Configuration.java:1393)
    at xxx.service.util.ServiceUtils.getApplicationModule(ServiceUtils.java:28)
    at com.baesystems.wdms.ELKITInterfaceImpl.getLoomDetail(ELKITInterfaceImpl.java:85)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:606)
    at weblogic.wsee.jaxws.WLSInstanceResolver$WLSInvoker.invoke(WLSInstanceResolver.java:117)
    at weblogic.wsee.jaxws.WLSInstanceResolver$WLSInvoker.invoke(WLSInstanceResolver.java:91)
    at com.sun.xml.ws.server.InvokerTube$2.invoke(InvokerTube.java:149)
    at com.sun.xml.ws.server.sei.SEIInvokerTube.processRequest(SEIInvokerTube.java:88)
    at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:1136)
    at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:1050)
    at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:1019)
    at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:877)
    at com.sun.xml.ws.server.WSEndpointImpl$2.process(WSEndpointImpl.java:420)
    at com.sun.xml.ws.transport.http.HttpAdapter$HttpToolkit.handle(HttpAdapter.java:687)
    at com.sun.xml.ws.transport.http.HttpAdapter.handle(HttpAdapter.java:266)
    at com.sun.xml.ws.transport.http.servlet.ServletAdapter.handle(ServletAdapter.java:169)
    at weblogic.wsee.jaxws.WLSServletAdapter.handle(WLSServletAdapter.java:205)
    at weblogic.wsee.jaxws.HttpServletAdapter$AuthorizedInvoke.run(HttpServletAdapter.java:634)
    at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
    at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:146)
    at weblogic.wsee.util.ServerSecurityHelper.authenticatedInvoke(ServerSecurityHelper.java:108)
    at weblogic.wsee.jaxws.HttpServletAdapter$3.run(HttpServletAdapter.java:278)
    at weblogic.wsee.jaxws.HttpServletAdapter.post(HttpServletAdapter.java:287)
    at weblogic.wsee.jaxws.JAXWSServlet.doRequest(JAXWSServlet.java:134)
    at weblogic.servlet.http.AbstractAsyncServlet.service(AbstractAsyncServlet.java:99)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:844)
    at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:280)
    at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:254)
    at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:136)
    at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:341)
    at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:238)
    at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun(WebAppServletContext.java:3363)
    at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3333)
    at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
    at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
    at weblogic.servlet.provider.WlsSubjectHandle.run(WlsSubjectHandle.java:57)
    at weblogic.servlet.internal.WebAppServletContext.doSecuredExecute(WebAppServletContext.java:2220)
    at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2146)
    at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2124)
    at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1564)
    at weblogic.servlet.provider.ContainerSupportProviderImpl$WlsRequestExecutor.run(ContainerSupportProviderImpl.java:254)
    at weblogic.work.ExecuteThread.execute(ExecuteThread.java:295)
    at weblogic.work.ExecuteThread.run(ExecuteThread.java:254)
  I thought that maybe I needed to include the jsp-api.jar in the WEB-INF/lib directory in the web service WAR file, but that didn't make any difference.
  Any ideas?
  For reference, this is the structure of the EAR file that I deployed to the server:
  Application.ear
  /adf
    /META-INF
      /adf-config.xml
      /connections.xml
      /wsm-policy.xml
  /lib
    /adf-loc.jar
  /META-INF
    /application.xml
    /cwallet.sso
    /weblogic-application.xml
  /View.war (contains Trinidad pages and ADF BC classes)
  /WebService.war (contains web service and ADF BC classes)
    /WEB-INF
      /classes
      /lib
        /jps-api.jar
      /wsdl
        /XXXService.wsdl
        /xxx.xsd
      /web.xml
      /weblogic.xml

  The error is thrown by the weblogic Classloader as it is unable to load the class/package oracle.security.jps.JpsException
  This class is related to OPSS framework. Please add the relevant jar having the above class to the classpath or package it within the application to solve the issue.
  Vijaya
  =====

• OC4J 10.1.3.1 Need to find oracle.security.jazn.login.module.db.util pckg

  Hi,
  I managed to configure Oracle's DBTableOraDataSourceLoginModule together with JavaSSO to access two tables which reside on a 9i database. One is the user's table and the other a roles table. The only problem is that the user's passwords should be encripted in this table.
  I followed the instructions in the Oracle Containers for J2EE Security Guide page 9-10 - Implementing DBLoginModuleEncodingInterface for Password Encryption, and specified in the pw_encoding_class parameter
  the DBLoginModuleSHA1Encoder class provided in the oracle.security.jazn.login.module.db.util package.
  I also wrote a small program to do the encryption in the table, using a getKeyDigestString method found in DBLoginModuleSHA1Encoder class of a sample dblogin module downloaded from a link in Lucas Jellema's article on how to secure an application developed with JDeveloper and deployed in OC4J. I used this class because I could not find the one mentioned in the Oracle documentation.
  Now the DBTableOraDataSourceLoginModule rejects the login with an invalid password message. It seems the encoding is calculated differently in the two classes. I tried to use the sample dblogin module in the javasso specification, and got a - no class found - message. I tried to locate the oracle.security.jazn.login.module.db.util package to use in the password encoding program, but I couldn't find it anywhere in either OC4J nor JDeveloper directories.
  Can you tell me where to find the oracle.security.jazn.login.module.db.util package ?
  Thanks for help.
  Gustavo

  Hi
  As I am also tried the same and found the encryption module working fine for me.
  This I could do only on JDeveloper 10g whereas while attempted on the same on JDeveloper 11g, I got lots of problems.
  Will you please help out in this regard, if you had already able to acheive the same on JDeveloper 11g TP3, please let me know the steps or any relevant URL which I can refer.
  Thanks in advance
  Kind Rgds
  Krishnamurthy. R

• JAAS, jazn.xml, & oracle.security.jazn.config

  I have a swing application using LDAP to authenticate users that will typically be launched via Java Web Start, thus the application is deploy using a jar file.
  I can run this application from JDev or from the command-line when the jazn.xml file is located in the root (start-in) directory.
  Unfortunately, when the jazn.xml file is only in the jar file (as it would be when launched via JWS) the application cannot find it and throws an exception:
  oracle.security.jazn.JAZNInitException: d:\path\.\jazn-data.xml (The system cannot find the file specified).
  I found some documentation that indicates that I can specify the path to the jazn.xml file with
  System.setProperty("oracle.security.jazn.config", "path/to/jazn/xml/file");
  If I set it to a relative path without the filename on the end (ex. "./my/path" or "my/path") I get the above exception.
  If I set it to a relative path with the filename (ex. "./my/path/jazn.xml" or "my/path/jazn.xml") it works.
  What I can't figure out is how to tell it that it is in a jar file that is in my classpath. It doesn't find it from the path examples above. I've tried things like "client.jar/jazn.xml", "d:/my/path/client.jar/jazn.xml", and a host of other things with the jazn.xml filename on the end.
  Oddly enough, when I set it to "d:/my/path/client.jar" I get a different exception:
  Caused by: oracle.security.jazn.JAZNInitException: no protocol: "ldap://hostname.com:389">
       at oracle.security.jazn.spi.xml.FSXMLStore.<init>(FSXMLStore.java:128)
       ... 59 more
  Caused by: java.net.MalformedURLException: no protocol: "ldap://hostname.com:389">
       at java.net.URL.<init>(URL.java:537)
       at java.net.URL.<init>(URL.java:434)
       at java.net.URL.<init>(URL.java:383)
  So it seems like it read the file but parsed it incorrectly. Any ideas?

  Thanks for the reply Yvonne. Sorry I haven't updated this after my testing. I think you're close to correct.
  I did some more testing and figured out that any time the protocol is included in a path (protocol://d:/my/path/client.jar) that jazn does not understand. When the referenced file (jazn.xml) is in a jar file, it includes the protocol in the path. For example the path to the jazn.xml file (the value that the java.security.auth.policy property needs to be set to) would be jar:file://my/path/client.jar!/my/path/jazn.xml
  I think the oracle.security.jazn.spi.PolicyProvider (the value of the java.security.auth.policy.provider property) causes the jazn.xml file to be read. That class is, I think, what fails to find that file because it doesn't understand when the protocol (jar:file:) is included in the path to the file. That's my guess anyway.
  I did figure out a work around and it goes like this:
  1. create a new jazn.xml file
  File tmp = new File ("jazn.xml");
  2. and set it to be deleted on exit
  tmp.deleteOnExit();
  3. get a ByteArrayInputStream for the jazn.xml file and read it out of the jar file.
  4. then write the stream to the tmp file
  5. then set the system property
  System.setProperty("java.security.auth.policy", tmp.toURL().getPath());
  It is kind of a pain since I have to check to see if the property I'm setting is "jazn.xml", but it seems to work.
  I think the oracle.security.jazn.spi.PolicyProvider problem is a defect, which I'll report on meta-link.
  tcoker

• How to do Setup and Security implementation in ODI

  HI Friends,
  I have few question regarding ODI installations.I am using
  Oracle DB version is Oracle Database 11g Enterprise Edition Release 11.2.0.3.0 - 64bit Production
  ODI is ODI 11.1.1.5 version.
  While installing can we go for
  One Master repository for Dev and UAT, mainly because we have one physical server for UAT connecting to UAT DB and Dev DB. And a separate Master repository for Production?
  We have 2 groups of users .One is developer and One is tester.
  Tester donot have a permission to use or check the development codes.They have only the Run permission in operator.
  How to do this security implementation in ODI while installing.
  Plz confirm me on this.
  Thanks,
  Lony

  The way I did it is,
  Created an Execution Mode work repository for the QA purpose and thus only Scenarios & Load Plans were deployed on this QA repo. This had its own Master Repo as well.
  For dev the Dev mode work repo is created where all the interfaces, packages, procedures can be developed or modified as and when required.
  Thus, the testers have access only to the QA environment.
  Otherwise you can assign roles to the users after the installation in the security tab. Give the operator, connect role to the testers.

• Oracle Secure enterprise Search versus Oracle Text

  I'm involeved in a project where we're using Oracle text for its text search capability. Yesterday during a meeting Oracles Secure Enterprise search engine came up. I see similar functionality offered in both products - Oracle text comes with 10g - not sure if SES comes with additional cost. Has anyone done analysis on why one would implement one over the other - I understand that SES gives the customer a federated option and some internet search capabilities but since I'm not concerned with that for this project does it make a difference?

  SES is a complete seaerch application with connectors to many different data sources, such as email systems and document management systems.
  Oracle Text, on the other hand, is a toolkit for building applications (and is used as such by SES).
  Oracle Text comes free with the database. SES is chargable, but comes with a free database (though it's restricted to use by SES only!)
  Generally speaking, if your data is in the database and you want fine control over how to search it, Oracle Text is a better option.
  If your data is scattered around diverse enterprise sources, and you want a ready-built application to collect, index and search that data, SES is the proper choice.
  Here's a slide from my OpenWorld presentation, which I guess says much the same thing:
  Oracle Text is the toolkit and platform for building sophisticated Information Retrieval applications and services
  - Fine control over indexes, partitioning, etc
  Oracle Secure Enterprise Search is a stand-alone application built on the foundation of Oracle Text
  - Includes its own database
  - No programming needed
  - Includes crawlers and an end-user UI

• Oracle Secure Backup

  Hi,
  I have the problem with OSB 10.2. I can not get the file system backup and
  I get following error.
  admin/1.1
  Type backup solaris
  Level full
  Family (null)
  Encryption off
  Scheduled time 06/19.18:06
  Introduction time 2008/06/19.18:06
  Earliest exec time 06/19.18:06
  Last update time 2008/06/19.18:21
  Expire time never
  State pending resource availability
  Priority 100
  Privileged op no
  Run on host solaris
  Requires host solaris and null family and any device
  Deferred because a required device is not available
  Attempts 2
  Log
  2008/06/19.18:06:11 Job created.
  2008/06/19.18:06:11 Dispatching job to run on administrative server.
  2008/06/19.18:06:34 Drive or volume on which mount attempted is unusable.
  - My Tape Device is SONY-SDX 550V and it is not in oracle tape drive support list.
  - OSB 10.2.0.2
  - Windows 2003 Operatin System
  - I went through the ob_drives file under ORACLE BACKUP HOME/device and added SDX 550V entry n this file and
  - I restarted Oracle_Secure_Backup service. But it does not work again.
  Your comment will be appreciated.

  Thank you for your help and negotiating to solve this problem.
  I am deploying your suggestion with two different type of tape drives
  1. Hp DAT 72 7438A existing in Oracle Tape Device Certified List
  2. SONY SDX-550V which is not exist in Oracle Tape Device Certified List
  Right now I am working on # 2 (SONY SDX-550V)
  the only modification in my configuration was using of new volume instead of
  old one and try to mount this new volume in write mount in
  Webtool --> Manage --> Drives.
  ob> lsjob --log admin/2.1
  Job ID Sched time Contents State
  admin/2.1 06/26.12:54 backup solaris completed with warni
  ngs at 2008/06/26.12:56 - one or more warnings or non-critical errors reported
  2008/06/26.12:54:35 Job created.
  2008/06/26.12:54:35 Dispatching job to run on administrative server.
  2008/06/26.12:56:41 Backup completed with status "one or more warnings or no
  n-critical errors reported".
  2008/06/26.12:56:41 (Diagnostic data: 0x20008F06/114, dev_delay 0, data_
  delay -1.)
  2008/06/26.12:56:41 Job completed with warnings.
  12:55:33 OBTR: record storage set to internal memory
  12:55:33 ATAL: reserved drive obt, cookie 0x8D246811
  12:55:34 OBTR: obsd=1, is_job=1, is_priv=0, os=7
  12:55:34 OBTR: rights established for user admin, class admin
  12:55:34 SUUI: user info root/root, enbank.ir/a.rahmani
  12:55:34 PBDF: +d:/test
  12:55:34 MAIN: using blocking factor 128 from media defaults/policies
  12:55:34 STTY: background terminal I/O or is a tty
  12:55:34 MAIN: interactive
  12:55:34 SET: volume has no expiration time
  12:55:34 CNPC: data host reports this butype_info:
  12:55:34 CNPC: tar (attr 0x57587D7A: B_FL, B_DIRECT, R_DIRECT, B_INCR, R_INC
  R, R_UTF8, B_FH_DIR)
  12:55:34 CNPC: DIRECT = y
  12:55:34 CNPC: HISTORY = y
  12:55:34 CNPC: LEVEL = 0
  12:55:34 A_O: from qlm__open: drive not configured in library (OB library m
  gr)
  12:55:35 RLE: connecting to volume/archive database host
  12:55:35 RLE: device obt (raw device "//./obt0")
  12:55:35 RLE: mount_info is valid
  12:55:35 RLE: qdb__device_spec_se reports vol_oid 0, arch_oid 0
  12:55:35 A_O: using max blocking factor 128 from media defaults/policies
  12:55:35 A_O: tape device is local
  Warning: unknown device type. This device is not supported by Oracle Secure Back
  up
  Warning: and is therefore not guaranteed to work with Oracle's driver.
  12:55:35 A_O: Devname: SONY,SDX-550V,0100
  12:55:35 Info version: 11
  12:55:35 WS version: 10.2
  12:55:35 Driver version: 10.2
  12:55:35 Max DMA: 2097152
  12:55:35 Blocksize in use: 65536
  12:55:35 Query frequency: 1048576
  12:55:35 Rewind on close: false
  12:55:35 Can compress: true
  12:55:35 Compression enabled: false
  12:55:35 8200 media: false
  12:55:35 Error threshold: 8%
  12:55:35 Remaining tape: 0
  12:55:35 A_GB: ar_block at 0x15F2000, size=2097152
  12:55:35 A_GB: ar_block_enc at 0x1802000, size=2097152
  12:55:35 GLMT: returning "", code = 0x0
  12:55:35 VLBR: from chk_lm_tag: "", code = 0x0
  12:55:43 VLBR: tag on label just read: ""
  12:55:43 VLBR: master tag now ""
  12:55:43 RLE: noticed volume VOL000003, file 1, section 1, vltime 121447119
  7, vowner SYSTEM, voltag
  12:55:43 RLE: qdb__noticed_se reports vol_oid 102, arch_oid 102
  (alv) backup image label is valid, file 1, section 1
  (ial) invalidate backup image label (was valid)
  12:55:43 ULVI: set mh db volume id "VOL000003" (retid ""), volume oid 102, c
  ode 0
  12:55:43 ULTG: set mh db tag "" (retid ""), volume oid 102, code 0
  12:55:43 CALE: created backup section oid list entry for oid 102
  12:55:43 ARVI: resetting volume id from nil to VOL000003
  Warning: unable to set compression on: bad parameter (OB scsi device driver)
  12:55:47 ACFD: positioning (SCSI LOCATE) is available for this device
  12:55:47 ARVI: resetting volume id from VOL000003 to VOL000004
  Warning: unable to set compression on: bad parameter (OB scsi device driver)
  12:55:47 ACFD: positioning (SCSI LOCATE) is available for this device
  12:55:47 RCVW: volume "VOL000003" / vuuid b3d66f47-720f-4de5-87cc-f569100617
  3b reserved for writing
  12:55:47 CREA: tape position after open_archive() is 000000000000
  12:55:47 GLMT: returning "", code = 0x0
  12:55:47 IDXC: local index file is D:/OSB/admin/history/host/solaris/08.06.2
  6.$raw.0
  12:55:47 CREA: history has null volume tag because none found on volume or l
  abel
  Backup started on Thu Jun 26 2008 at 12:55:33
  12:55:47 RLE: overwrite volume VOL000003, file 1, section 1, vltime 1214471
  197, vowner SYSTEM, voltag
  12:55:47 RLE: qdb__overwrite_se reports vol_oid 0, arch_oid 0
  12:55:47 VLBW: on entry, l->tag = "", master tag = "", bot = 1
  12:55:47 VLBW: setting voltag from "" to ""
  12:55:47 VLBW: volume is not content-managed
  12:55:47 RLE: write volume VOL000004, file 1, section 1, vltime 1214472333,
  vowner SYSTEM, voltag
  12:55:47 RLE: qdb__write_se reports vol_oid 103, arch_oid 0
  12:55:47 VSLW: reading volume record for oid 103
  12:55:47 VSLW: set last write time for volume oid 103
  (alv) backup image label is not valid
  (ial) invalidate backup image label (was valid)
  12:55:47 ULVI: set mh db volume id "VOL000004" (retid ""), volume oid 103, c
  ode 0
  12:55:47 ULTG: set mh db tag "" (retid ""), volume oid 103, code 0
  12:55:47 RLE: set vol size to 0
  12:55:47 RLE: qdb__set_vol_size_se reports vol_oid 0, arch_oid 0
  12:55:47 RLE: set kb remaining to "invalid or unknown"
  12:55:47 RLE: qdb__set_kb_rem_se reports vol_oid 0, arch_oid 0
  Volume label:
  Intro time: Thu Jun 26 12:02:39 2008
  Volume UUID: d1c16c42-cd5c-414f-9a9a-03d419ad5944
  Volume ID: VOL000004
  Volume sequence: 1
  Volume set owner: SYSTEM
  Volume set created: Thu Jun 26 12:55:33 2008
  Original UUID: d1c16c42-cd5c-414f-9a9a-03d419ad5944
  Archive label:
  File number: 1
  File section: 1
  Owner: SYSTEM
  Client host: solaris
  Backup level: 0
  S/w compression: no
  Archive created: Thu Jun 26 12:55:33 2008
  Archive owner UUID: 7d4ca79e-914f-493d-b6f3-83978ed4ca5b
  Owner class UUID: e96f2753-3165-4069-a531-30f88c69862d
  Encryption: off
  12:55:47 RCVW: volume "VOL000004" / vuuid d1c16c42-cd5c-414f-9a9a-03d419ad59
  44 reserved for writing
  12:55:47 SNP: using NDMP protocol version 4
  12:55:47 FLDB: flush drive-buffered data to medium
  12:56:06 FLDB: flush complete
  12:56:06 BNPC: volume position "00000001" added to s_vol_start_pos
  12:56:06 BNPC: initial volume label "VOL000004" added to s_vids, s_last_sect
  ion 1
  12:56:06 BNPC: initial volume tag "" added to s_vtags, s_last_section 1
  12:56:06 BNPC: data service doesn't implement restartable backup for d:/test
  12:56:06 BNPC: environment variable BEGINTREE = 1
  12:56:06 BNPC: environment variable NAME = d:/test
  12:56:06 BNPC: environment variable BLEVEL = 0
  12:56:06 BNPC: environment variable STARTED = 1
  12:56:06 BNPC: environment variable IS_LAST = 1
  12:56:06 BNPC: environment variable EX2KTYPE =
  12:56:06 BNPC: environment variable VOLI = VOL000004
  12:56:06 BNPC: environment variable VOLI =
  12:56:06 BNPC: environment variable DATA_BLOCK_SIZE = 64
  12:56:06 MGS: ms.record_size 65536, ms.record_num 0x0, ms.bytes_moved 0x0
  12:56:06 SMWB: setting mover window to infinity for backup
  12:56:11 MLIS: mover listen ok for local connection
  12:56:11 APNI: a preferred network interface does not apply to this connecti
  on
  12:56:11 BNPC: directing data service to connect to mover
  12:56:11 PPVL: obtar option OB_RB = 10.2
  12:56:11 PPVL: obtar option OB_STAT = 1
  12:56:11 PPVL: obtar option OB_BDF = 1
  12:56:11 PPVL: obtar option OB_DEBUG = 1
  12:56:11 PPVL: obtar option OB_DEBUG = 1
  12:56:11 PPVL: obtar option OB_DEBUG = 1
  12:56:11 PPVL: obtar option OB_DEBUG = 1
  12:56:11 PPVL: obtar option OB_VERBOSE = 1
  12:56:11 PPVL: obtar option OB_CLIENT = solaris
  12:56:11 PPVL: obtar option OB_LEVEL = 0
  12:56:11 PPVL: obtar option OB_BE_ROOT = 1
  12:56:11 PPVL: obtar option OB_STAT = 1
  12:56:11 PPVL: obtar option OB_INDEX = 1
  12:56:11 PPVL: obtar option OB_WRITE_HISTORY_FILE = 1
  12:56:11 PPVL: obtar option OB_VOLUME_LABEL = 1
  12:56:11 PPVL: obtar option OB_SKIP_CDFS = 1
  12:56:11 PPVL: obtar option OB_DEVICE = obt
  12:56:11 PPVL: obtar option OB_BLOCKING_FACTOR = 128
  12:56:11 PPVL: obtar option OB_VERIFY_ARCHIVE = no
  12:56:11 PPVL: obtar option OB_PQT = 1048576
  12:56:11 DSIN: 2GB+ files are supported, 2GB+ directories are supported
  12:56:11 SETC: successfully changed identity to enbank.ir/a.rahmani
  12:56:11 BNPC: issuing NDMP_DATA_START_BACKUP
  12:56:11 NTEV: Caching event log pathnames.
  12:56:11 BNPC: started OSB NDMP backup of solaris to obt
  12:56:11 NTEV: Application event log at C:\WINDOWS\system32\config\AppEvent.
  Evt
  12:56:11 NTEV: Internet Explorer event log at C:\WINDOWS\System32\Config\Int
  ernet Explorer.evt
  12:56:11 NTEV: ODiag event log at C:\WINDOWS\system32\config\ODiag.evt
  12:56:11 NTEV: OSession event log at C:\WINDOWS\system32\config\OSession.evt
  12:56:11 NTEV: Security event log at C:\WINDOWS\System32\config\SecEvent.Evt
  12:56:11 NTEV: System event log at C:\WINDOWS\system32\config\SysEvent.Evt
  12:56:11 NTRG: Caching registry hive data.
  12:56:11 SIFI: don't change index filtering state (it's off)
  Dumping all files in D:/TEST
  D:/TEST/
  D:/TEST/burtscript-1.6.tar.gz
  D:/TEST/config.batch
  D:/TEST/config.batch.org
  D:/TEST/ft
  D:/TEST/ft.org
  D:/TEST/glibc-32bit-2.4-31.1.x86_64.rpm
  D:/TEST/osb-10.2.0.2_linux32_cdrom.zip
  D:/TEST/osb.10.1.0.3_Express.linux32.zip
  D:/TEST/sonytape_linux_v2.6.tar.tar
  12:56:19 TRWK: as a result of this backup, exit value changed from -1 to 0
  12:56:19 MNPO: data service halted with reason=successful
  12:56:19 SNPD: Data Service reported bytes processed 0x4C60000
  12:56:19 SNPD: stopping NDMP data service (to transition to idle state)
  12:56:19 MNPO: mover halted with reason=connection closed
  12:56:19 MGS: ms.record_size 65536, ms.record_num 0x4C6, ms.bytes_moved 0x4
  C60000
  12:56:19 MNPO: operation successful
  12:56:19 BNPC: finished OSB NDMP backup with status 0
  12:56:19 BNPC: end of backup; bytes written 0x4C60000
  12:56:19 CREA: as a result of this backup, exit value changed from -1 to 0
  12:56:21 A_T: suppressing filemark output due to NDMP having written one
  12:56:21 A_T: writing marker label; here it is:
  Volume label:
  Intro time: Thu Jun 26 12:02:39 2008
  Volume UUID: d1c16c42-cd5c-414f-9a9a-03d419ad5944
  Volume ID: VOL000004
  Volume sequence: 1
  Volume set owner: SYSTEM
  Volume set created: Thu Jun 26 12:55:33 2008
  Original UUID: d1c16c42-cd5c-414f-9a9a-03d419ad5944
  Archive label:
  File number: 2
  File section: 1
  Owner: SYSTEM
  Client host: solaris
  Backup level: 0
  S/w compression: no
  Archive created: Thu Jun 26 12:55:33 2008
  Encryption: off
  Marker: End of data
  12:56:21 VLBW: on entry, l->tag = "", master tag = "", bot = 0
  12:56:22 VLBW: setting voltag from "" to ""
  12:56:22 VLBW: volume is not content-managed
  12:56:22 RLE: set kb remaining to 0
  12:56:22 RLE: qdb__set_kb_rem_se reports vol_oid 0, arch_oid 0
  12:56:22 RLE: commit write, no next volume id specified
  12:56:22 RLE: qdb__commit_write_se reports vol_oid 103, arch_oid 103
  12:56:22 VLBW: first backup section OID set to 103
  12:56:22 CALE: created backup section oid list entry for oid 103
  12:56:22 RLE: set kb remaining to 0
  12:56:22 RLE: qdb__set_kb_rem_se reports vol_oid 0, arch_oid 0
  12:56:22 A_T: writing two more FMs
  (alv) backup image label is not valid
  12:56:40 CREA: setting last section flag for oid 103
  Backup complete on Thu Jun 26 2008 at 12:56:21
  12:56:40 QREX: exit status upon entry is 0
  12:56:40 QREX: released reservation on tape drive obt
  12:56:40 QREX: reading section record for oid 103
  12:56:40 QREX: set last section flag for oid 103
  12:56:40 RDB: reading volume record for oid 103
  12:56:40 RDB: reading section record for oid 103
  12:56:40 RDB: adding record for oid 103 (file 1, section 1) to section list
  12:56:40 RDB: file 1 has all 1 required sections; clearing incomplete backu
  p flags
  12:56:41 RDB: reading section record for oid 103
  12:56:41 RDB: cleared incomplete backup flag for oid 103
  12:56:41 RDB: 1 volumes in volume list
  12:56:41 RDB: volume oid 103 reports first:last files of 1:1
  12:56:41 RDB: marking volume oid 103 as authoritative
  12:56:41 VMA: reading volume record for oid 103
  12:56:41 VMA: set authoritative flag for oid 103
  12:56:41 QREX: released writable volume reservation on b3d66f47-720f-4de5-87
  cc-f5691006173b
  12:56:41 QREX: released writable volume reservation on d1c16c42-cd5c-414f-9a
  9a-03d419ad5944
  12:56:41 QREX: [1836] connecting to solaris to import and/or delete ascii in
  dex file for client solaris
  Backup statistics:
  status 0
  devices obt
  devices 1
  volumes VOL000004
  voltags (null)
  file 1
  host solaris
  encryption off
  start_time Thu Jun 26 2008 at 12:55:33 (1214472333)
  end_time Thu Jun 26 2008 at 12:56:21 (1214472381)
  backup_time Thu Jun 26 2008 at 12:55:33 (1214472333)
  entries_scanned 10
  kbytes_scanned 0
  entries_excluded 0
  entries_skipped 0
  mount_points_skipped 0
  files 19
  directories 1
  hardlinks 0
  symlinks 0
  sparse_files 0
  filesys_errors 0
  unknown_type 0
  file_kbytes 0
  dev_kbytes 78217
  dev_iosecs 48
  dev_iorate 1.7 MB/S
  wrt_iosecs 34
  wrt_iorate 2.4 MB/S
  physical_blks_written 78208
  write_errors 0
  physical_blks_read 0
  read_errors 0
  error_rate 0%
  path d:/test completed, status 0
  12:56:41 RLYX: exit status 0; checking allocs...
  12:56:41 RLYX: from mm__check_all: 1
  12:56:41 RLYX: exit status changed to 114
  ob>

• Oracle Secure Backup with partitioned SL3000

  A Client has a partitioned SL3000 tape library with two Access Expansion Modules, T10000D drives, LTO6 drives and dual robotics.
  Three Partitions - one for SAMFS including one AEM - this partition works fine.
  Two partitions created for OSB - one for LTO6 and media and the other for T10000D and media due to mixed media not supported in OSB.
  OSB 12.1 has been implemented, device configuration has been completed and verified. Library inventory completes successfully, when a test backup is started no media mounts to the tape drives. MTX utility for Linux has been implemented for test purposes - successful mounts using MTX was performed - a library inventory was then done using OSB and completed successfully identifying the media mounted in the drive that was initiated by MTX, a successful unload was then done using OSB.
  We are unable to mount media using OSB.
  Here is a output of devdump from OSB:
  ob> dumpdev prd-mgmt2_tape_4
  Oracle Secure Backup hardware error log for "prd-mgmt2_tape_4", version 1
        STK T10000D, prom/firmware id 4.07, serial number 579004000975
  Tue Mar 31, 2015 at 12:05:31.057 (SAST)  devtype: 26
     obexec: prd-mgmt2:/dev/sg4, args to wst__exec: handle=0x0
        accessed via host prd-mgmt2: Linux 2.6.32-431.3.1.el6.x86_64 #1 SMP Fri Jan 3 09:13:42 PST 2014
        op=0 (nop), buf=0x00, count=1 (0x1), parm=0x00
     cdb: 00 00 00 00 00 00 tur
     sense data:
        70 00 02 00 00 00 00 12 00 00 00 00 00 00 00 00
        00 00 00 00 00 00 40 01 00 00
           ec=0, sk=not ready, asc=0, ascq=0
           error is: unknown check condition
           flags: (none)
     returned status: code=unknown check condition,
        resid=0 (0x0), checks=0x0 []
  Tue Mar 31, 2015 at 12:05:38.142 (SAST)  devtype: 26
     obrobotd: /dev/sg4, args to wst__exec: handle=0x1
        accessed via host prd-mgmt2
        op=8 (rewind), buf=0x00, count=0 (0x0), parm=0x00
     cdb: 01 00 00 00 00 00 rewind
     sense data:
        70 00 02 00 00 00 00 12 00 00 00 00 00 00 00 00
        00 01 00 00 00 00 40 01 00 00
           ec=0, sk=not ready, asc=0, ascq=0
           error is: unknown check condition
           flags: (none)
     returned status: code=unknown check condition,
        resid=0 (0x0), checks=0x0 []
  Tue Mar 31, 2015 at 12:29:31.060 (SAST)  devtype: 26
     obexec: /dev/sg4, args to wst__exec: handle=0x0
        accessed via host prd-mgmt2
        op=0 (nop), buf=0x00, count=1 (0x1), parm=0x00
     cdb: 00 00 00 00 00 00 tur
     sense data:
        70 00 02 00 00 00 00 12 00 00 00 00 00 00 00 00
        00 00 00 00 00 00 40 01 00 00
           ec=0, sk=not ready, asc=0, ascq=0
           error is: unknown check condition
           flags: (none)
     returned status: code=unknown check condition,
          resid=0 (0x0), checks=0x0 []

  I have resolved the issue. Ill close this thread. :))

• Oracle Secure Backup on Windows: file permission problem?

  Hi all.
  I did a new Oracle Secure Backup installation.
  I implemented a real simple domain:
  a Linux box is the media/administrative server. Then I have some Windows and Linux Client.
  On a Windows 2000 server SP4 box I'm experiencing an error.
  On certain directories i get the following:
  The directory is not a subdirectory of the root directory.
  On certain files I get the following instead:
  The directory name is invalid.
  The OSB service is running under the local system account on the client.
  Can you help me trouble this error?
  Thanks
  Giovanni

  Thanks for your reply.
  Disks are mounted using CIFS.
  we got the fix for this, need to do the following changes.
  # Turns off locking
  echo 0 > /proc/fs/cifs/OplockEnabled
  # Turns off inode caching
  echo 0 > /proc/fs/cifs/LookupCacheEnabled
  cheers...
  Edited by: TJ_DBA on 14/02/2011 16:43

• TNS Listener Poison attack : Oracle Security Alert for CVE-2012-1675

  Hi,
  I'm looking to implement the following oracle document about COST but not sure what we need to do for Standby Environment ,
  Can you guys please advise.
  Oracle Using Class of Secure Transport (COST) to Restrict Instance Registration [ID 1453883.1]
  Oracle Security Alert for CVE-2012-1675
  Thanks

  user097815 wrote:
  with regrads to the below thread which mostly talks about Oracle Security Alert for CVE-2012-1675 "TNS Listener Poison Attack"....i just wanted to find out if this effect DB that are externally or internally....meaning 95% of our DB are in network(internally) behind our firewall....and rest of the 5% are outside our firewall facing the world wide web....so does this apply to both of just one ?The attack is on the Listener itself - so if you want to prevent this attack, you need to secure that Listener, irrespective of its location.
  IMO, mandatory if you expose your Listener to an unsecured or public network (e.g. internet).
  As for Listeners running on your internal network - if this attack is used, securing your Listeners mean very little IMO. Because your internal network already needs to be compromised in order for the attack to occur. Which means you have far more serious problems then someone attacking your Listeners.

• Modifying Identity for oracle.security.idm.RoleProfile

  Hello. In the documentation: http://docs.oracle.com/cd/E12839_01/core.1111/e10043/devuserole.htm#autoId36 it is written that we can modify the Property by using oracle.security.idm.ModProperty: http://docs.oracle.com/cd/E24001_01/apirefs.1111/e14658/oracle/security/idm/ModProperty.html class. From the example shown there we can modify property for oracle.security.idm.UserProfile: http://docs.oracle.com/cd/E16340_01/apirefs.1111/e14658/oracle/security/idm/UserProfile.html. But I am unable to setProperty for oracle.security.idm.RoleProfile: http://docs.oracle.com/cd/E15523_01/apirefs.1111/e14658/oracle/security/idm/RoleProfile.html class, since there is no such method defined.
  How can I modify property for role. Can anyone show me an example or point to me into right direction?
  Thanks in advance.
  Regards.
  Tapas.

  I may be found a solution. The interface oracle.security.idm.RoleProfile extends oracle.security.idm.Role and the oracle.security.idm.spi.AbstractRoleProfile implements oracle.security.idm.RoleProfile, in turns oracle.security.idm.spi.AbstractRoleProfile is an abstract class and this class is extended by following three classes:
  1. oracle.security.idm.providers.stdldap.LDRole,
  2. oracle.security.idm.providers.libovd.LibOVDRole and
  3. oracle.security.idm.util.RoleProfileValueObject
  All of them has setProperty(ModProperty modProp) method defined within themselves. Among them the oracle.security.idm.util.RoleProfileValueObject class throws oracle.security.idm.OperationNotSupportedException from setProperty(ModProperty modProp) method and it does not do anything.
  In my application I need to find which one is the concrete implementation of oracle.security.idm.RoleProfile, so that I can proceed further. Before Monday I will not be able to do that. I guess it will work.
  I need to break the source code. Don't know whether or not is is illegal. But I didn't have any other options. The documentation lacks in many places. Even the javadoc of the interface oracle.security.idm.RoleProfile does not mention the name of implemented classes of it.

• Oracle Security - External Authentication

  The requirement is to enable the user to allow access to DB by making the user enter the user name and password only once while accessing the Cognos reports. (Cognos is a BI tool). So the user will enter the username and password at the time he accesses the Cognos application, after this there should not be any logons to access DB.
  Cognos stores the user name and password in a LDAP store (in NDS residing on Windows 2000 Advanced Server). So, the question is, can Oracle leverage on the user information stored in the LDAP for Cognos? The external authentication provided by Oracle suggests that if the user info store can be in LDAP provided it is in OID.
  Please let me know if this can be achieved and if so, where can I get details about the same.

  According to the 8.1.7 documentation:
  "Enterprise user security provides single sign-on to Oracle8i using interoperable X.509 v3 certificates over Secure Sockets Layer (SSL) v3, and supports the following LDAP-compliant directory services:
  Oracle Internet Directory Release 2.0.5 or later
  Microsoft Active Directory "
  So it sounds like they do not support Novell's LDAP implementation.
  Here's a page on managing Enterprise Users http://technet.oracle.com/docs/products/oracle8i/doc_library/817_doc/network.817/a85430/asomeus.htm
  Here's a page on managing OS Authentication -http://technet.oracle.com/doc/windows/server.815/a68694/output/ch10.htm
  I just finished writing a chapter on OS Authentication in my Oracle security book. I would stay away from OS Authentication unless you have a small number of users. I have not yet researched Enterprise Users, but the concensus seems to be that they provide a much more robust solution.