OS Authentication uses ProcessUser instead of ThreadUser!?

Similar Messages

• OS Authentication uses ProcessUser instead of Thread?!

  We are having a problem with OS authentication on Oracle - the connection request is going out using the identity of the process instead of the thread. I think the problem lies with Net8 client software, because all ODBC/OLEDB providers behave the same and I tested 3 different ones. Also they would not probably mess with connection string anyway. User name goes to Oracle in clear text.
  Here's the likely scenario of what happens:
  ADO passes "/" as the user name, this goes through all the layers to the Net8 dll, which does OpenProcessToken() to get the identity of the user. If it did OpenThreadToken() instead, everything would work, because the thread is impersonating the remote user.
  Can somebody please confirm that this is true and what can be done here? This is a separate track from configuring Kerberos on the Oracle side.
  thanks a lot
  dmitry.

  Have you tried contacting Oracle support on this? I suspect they're more likely to have this sort of information than is anyone in this group.
  Justin

• Web Authentication on HTTP Instead of HTTPS in WLC 5700 and WS-C3650-48PD (IOS XE)

  Hello,
  I have configured a Guest SSID with web authentication (captive portal).
  wlan XXXXXXX 2 Guest
   aaa-override
   client vlan YYYYYYYYY
   no exclusionlist
   ip access-group ACL-Usuarios-WIFI
   ip flow monitor wireless-avc-basic input
   ip flow monitor wireless-avc-basic output
   mobility anchor 10.181.8.219
   no security wpa
   no security wpa akm dot1x
   no security wpa wpa2
   no security wpa wpa2 ciphers aes
   security web-auth
   security web-auth parameter-map global
   session-timeout 65535
   no shutdown
  The configuration of webauth parameter map  is :
  service-template webauth-global-inactive
   inactivity-timer 3600 
  service-template DEFAULT_CRITICAL_VOICE_TEMPLATE
   voice vlan
  parameter-map type webauth global
   type webauth
   virtual-ip ipv4 1.1.1.1
   redirect on-success http://www.google.es
  I need to  login on web authentication on HTTP instead of HTTPS.
  If I  login on HTTP, I will not receive certificate alerts that prevent the users connections.
  I saw how to configure it with 7.x relesae but I have IOS XE Version 03.03.05SE and I don´t know how to configure it.
  Web Authentication on HTTP Instead of HTTPS
  You can login on web authentication on HTTP instead of HTTPS. If you login on HTTP, you do not receive certificate alerts.
  For earlier than WLC Release 7.2 code, you must disable HTTPS management of the WLC and leave HTTP management. However, this only allows the web management of the WLC over HTTP.
  For WLC Release 7.2 code, use the config network web-auth secureweb disable command to disable. This only disables HTTPS for the web authentication and not the management. Note that this requires a reboot of the controller !
  On WLC Release 7.3 and later code, you can enable/disable HTTPS for WebAuth only via GUI and CLI.
  Can anyone tell me how to configure web authentication on HTTP instead of HTTPS with IOS XE?
  Thanks in advance.
  Regards.

  The documentation doesn't provide very clear direction, does it?
  To download the WLC's default webauth page, browse to the controller's Security > Web Login Page. Make sure the web authentication type is Internal (Default). Hit the Preview button. Then use your browser's File > Save As... menu item to save the HTML into a file. Edit this to your liking and bundle it and any graphics images up into a TAR archive, then upload via the controller's COMMAND page.

• ISE 1.2, Patch 7: "NAK requesting to use PEAP instead"

  We're experiencing seemingly random occurrences of users failing authentication because they're trying PEAP vs EAP. Does anyone know if it is possible to force the Windows supplicant to use EAP only?
  For what it's worth, the user can fail authentication for hours and I can either allow open authentication on the port for a bit, or the user can leave for the day and come back tomorrow and authentication will succeed. I'm not sure if it's an ISE problem or a supplicant problem, but I'm leaning towards supplicant.
  Personas:
  Administration
  Role:
  PRIMARY(A)
  System Time:
  Apr 24 2014 08:26:58 AM America/New_York
  FIPS Mode:
  Disabled
  Version:
  1.2.0.899
  Patch Information:
  7,1,3
  11001
  Received RADIUS Access-Request
  11017
  RADIUS created a new session
  15049
  Evaluating Policy Group
  15008
  Evaluating Service Selection Policy
  15048
  Queried PIP
  15048
  Queried PIP
  15004
  Matched rule
  11507
  Extracted EAP-Response/Identity
  12500
  Prepared EAP-Request proposing EAP-TLS with challenge
  12625
  Valid EAP-Key-Name attribute received
  11006
  Returned RADIUS Access-Challenge
  11001
  Received RADIUS Access-Request
  11018
  RADIUS is re-using an existing session
  12301
  Extracted EAP-Response/NAK requesting to use PEAP instead
  12300
  Prepared EAP-Request proposing PEAP with challenge
  12625
  Valid EAP-Key-Name attribute received
  11006
  Returned RADIUS Access-Challenge
  11001
  Received RADIUS Access-Request
  11018
  RADIUS is re-using an existing session
  12302
  Extracted EAP-Response containing PEAP challenge-response and accepting PEAP as negotiated
  12318
  Successfully negotiated PEAP version 0
  12800
  Extracted first TLS record; TLS handshake started
  12805
  Extracted TLS ClientHello message
  12806
  Prepared TLS ServerHello message
  12807
  Prepared TLS Certificate message
  12810
  Prepared TLS ServerDone message
  12305
  Prepared EAP-Request with another PEAP challenge
  11006
  Returned RADIUS Access-Challenge
  11001
  Received RADIUS Access-Request
  11018
  RADIUS is re-using an existing session
  12304
  Extracted EAP-Response containing PEAP challenge-response
  12305
  Prepared EAP-Request with another PEAP challenge
  11006
  Returned RADIUS Access-Challenge
  11001
  Received RADIUS Access-Request
  11018
  RADIUS is re-using an existing session
  12304
  Extracted EAP-Response containing PEAP challenge-response
  12305
  Prepared EAP-Request with another PEAP challenge
  11006
  Returned RADIUS Access-Challenge
  11001
  Received RADIUS Access-Request
  11018
  RADIUS is re-using an existing session
  12304
  Extracted EAP-Response containing PEAP challenge-response
  12305
  Prepared EAP-Request with another PEAP challenge
  11006
  Returned RADIUS Access-Challenge
  11001
  Received RADIUS Access-Request
  11018
  RADIUS is re-using an existing session
  12304
  Extracted EAP-Response containing PEAP challenge-response
  12318
  Successfully negotiated PEAP version 0
  12812
  Extracted TLS ClientKeyExchange message
  12804
  Extracted TLS Finished message
  12801
  Prepared TLS ChangeCipherSpec message
  12802
  Prepared TLS Finished message
  12816
  TLS handshake succeeded
  12310
  PEAP full handshake finished successfully
  12305
  Prepared EAP-Request with another PEAP challenge
  11006
  Returned RADIUS Access-Challenge
  11001
  Received RADIUS Access-Request
  11018
  RADIUS is re-using an existing session
  12304
  Extracted EAP-Response containing PEAP challenge-response
  12313
  PEAP inner method started
  11521
  Prepared EAP-Request/Identity for inner EAP method
  12305
  Prepared EAP-Request with another PEAP challenge
  11006
  Returned RADIUS Access-Challenge
  11001
  Received RADIUS Access-Request
  11018
  RADIUS is re-using an existing session
  12304
  Extracted EAP-Response containing PEAP challenge-response
  11522
  Extracted EAP-Response/Identity for inner EAP method
  11806
  Prepared EAP-Request for inner method proposing EAP-MSCHAP with challenge
  12305
  Prepared EAP-Request with another PEAP challenge
  11006
  Returned RADIUS Access-Challenge
  11001
  Received RADIUS Access-Request
  11018
  RADIUS is re-using an existing session
  12304
  Extracted EAP-Response containing PEAP challenge-response
  11808
  Extracted EAP-Response containing EAP-MSCHAP challenge-response for inner method and accepting EAP-MSCHAP as negotiated
  15041
  Evaluating Identity Policy
  15006
  Matched Default Rule
  15013
  Selected Identity Source - *****
  24431
  Authenticating machine against Active Directory
  24470
  Machine authentication against Active Directory is successful
  22037
  Authentication Passed
  11824
  EAP-MSCHAP authentication attempt passed
  12305
  Prepared EAP-Request with another PEAP challenge
  11006
  Returned RADIUS Access-Challenge
  11001
  Received RADIUS Access-Request
  11018
  RADIUS is re-using an existing session
  12304
  Extracted EAP-Response containing PEAP challenge-response
  11810
  Extracted EAP-Response for inner method containing MSCHAP challenge-response
  11814
  Inner EAP-MSCHAP authentication succeeded
  11519
  Prepared EAP-Success for inner EAP method
  12314
  PEAP inner method finished successfully
  12305
  Prepared EAP-Request with another PEAP challenge
  11006
  Returned RADIUS Access-Challenge
  11001
  Received RADIUS Access-Request
  11018
  RADIUS is re-using an existing session
  12304
  Extracted EAP-Response containing PEAP challenge-response
  15036
  Evaluating Authorization Policy
  24433
  Looking up machine in Active Directory - host/*****
  24435
  Machine Groups retrieval from Active Directory succeeded
  15048
  Queried PIP
  15048
  Queried PIP
  15048
  Queried PIP
  15048
  Queried PIP
  15048
  Queried PIP
  15004
  Matched rule - Default
  15016
  Selected Authorization Profile - DenyAccess
  15039
  Rejected per authorization profile
  12306
  PEAP authentication succeeded
  11503
  Prepared EAP-Success
  11003
  Returned RADIUS Access-Reject 

  salodh,
  Thank you for your response. Below is the authorization policy it should hit. The trouble is the workstation wants to use PEAP for some reason but we don't want PEAP because we're certificate-based. I understand what you're saying, and it's because I didn't word my question correctly. 
  12500
  Prepared EAP-Request proposing EAP-TLS with challenge
  12625
  Valid EAP-Key-Name attribute received
  11006
  Returned RADIUS Access-Challenge
  11001
  Received RADIUS Access-Request
  11018
  RADIUS is re-using an existing session
  12301
  Extracted EAP-Response/NAK requesting to use PEAP instead 
  If the NAK would not request PEAP, it would continue on to the following Authorization Policy (and succeed):
  Name
  Wired-******-PC
   Conditions
  Radius:Service-Type EQUALS Framed
  AND
  Radius:NAS-Port-Type EQUALS Ethernet
  AND
  *******:ExternalGroups EQUALS **********/Users/Domain Computers
  AND
  Network Access:EapAuthentication EQUALS EAP-TLS
  Again, this PEAP request only happens occasionally. This same workstation will work at other days/times. If I could figure out why some workstations randomly request PEAP (or find a way to force EAP only) I think that would take care of it.
  Thanks again, sir.
  Andrew

• Trusted Authentication using QUERY_STRING

  Hi All,
  We are trying to configure the Trusted Authentication using Query_String in XIR3.1
  We have customer portal ,where in login to custom web page and click on the link which routes to Infoview.We are configuring sso to bypass the credentials from webportal to Infoview home page.
  We have created a paramerter to pass the user information.We have made all the required changes for configuring trusted authentication,like:
  1) Enable Trusted Authentication in cmc.Enter shared secret in cmc
  2) Make changes to the web.xml file
  3) Create TrustedPrincipal.conf file
  In web.xml file we gave "trusted.auth.user.retrieval" as "QUERY_STRING" & "trusted.auth.user.param" as the parameter value we are using to pass the user information.
  If the parameter we are using is "MyUser" to pass the user information ,After configuring, we noticed that ,when we launch the url, "http://host:8080/InfoViewApp/logon/logon.do?MyUser=<username>"  we can directly login to Infoview without giving any credentials.We are not sure if we are moving in right direction? Is this how the QUERY_STRING work?
  We also noticed that,instead of giving any username if we give any other value the infoview home page opens up with Guest account?
  Thank you,
  Bill

  You should disable guest when using any method of SSO. Then anything placed in the URL other than a proper user would fail. And yes this is exactly how query string works (the username must be supplied in the URL). If looking for a more dynamic/secure method you will need to combine with a front end authenticator such as IIS, siteminder, etc and use one of our other methods such as remote_user, http_header, etc
  Regards,
  Tim

• Native Supplicant "NAK requesting to use PEAP instead"

  Hello,
  We have a Cisco ISE infrastructure in place and we're experiencing seemingly random occurrences of users failing authentication because they're trying PEAP vs EAP. Does anyone know if it is possible to force the native Windows supplicant to use EAP only?
  "Microsoft: Smart Card or other certificate" is selected under network authentication method, by group policy, and I thought that wouldn't allow PEAP, but our ISE logs show "NAK requesting to use PEAP instead", after which authorization
  fails because we're not using PEAP.
  For what it's worth, the user can fail authentication for hours and I can either allow open authentication on the port for a bit, or the user can leave for the day and come back tomorrow and authentication will succeed. I'm not sure if it's an ISE problem or
  a supplicant problem, but I'm leaning towards supplicant.
  Thanks,
  Andrew

  Hi,
  About this issue, please contact Cisco Tech Support for help.
  Karen Hu
  TechNet Community Support
  I've already been in contact with them and they've verified our configuration. All that can be done on the Cisco side is to "propose" the client to go through EAP-TLS as the first option, which we are doing. This will not block any clients trying to connect
  using other protocols, and, though this will propose EAP-TLS, there is now way to enforce it at the supplicant level. This will be a client decision always. From Cisco: 
  Please monitor this after the  change we applied,   but if the issue persists,   since we are dealing with windows supplicant,   it would be a good idea to involve the native supplicant support.

• Exception access violation using jlong instead of jint

  Hi,
  I hope you can help me.
  I'm using Java5 under Windows XP and I'm developing under Eclipse.
  I try to use an "old" c-Application accesed via JNI.
  Status Quo is that, I have access to the c-side, over my JNI-conform DLL. My current task is to translate the c-side structs to java-objects. This also works, but only with limitation.
  Calling methods bidirectional is working, manipulation a java-object is like a walk on an warm and sunny Saturday afternoon.
  But I'm not able to use all possible parameters (for now I have tried to use jobject, jstring, jint, jboolean, jlong).
  The first problem I had, were using Strings as parameters, but this now I deal with the loopway over java/lang/object (using java/lang/String results in an access_violation).
  The next problem, and the harder one, is, that I cannot use the type long or jlong.
  int (jint) is no problem, with int all works fine, but if I change the environment, creating and using long, I allways get an the access_violation shown below.
  Is there anything, I need to know?
  working c-side-code:
  jobject someObject;
  jint anIntegerValue;
  anIntegerValue =5;               
  jmethodID mid3 = (*env)->GetMethodID(env, cl, "initReturnSomeObject", "(ILjava/lang/Object;)Ljava/lang/Object;");
                 if(mid3 == (jmethodID)0) printf("\ndooofes MethodName4!\n");
                           else {
                                const char* myParams;
                                myParams = "ooooohwow!!!";
                                someObject = (*env)->CallObjectMethod(env, jobj, mid3,
                                           anIntegerValue, (*env)->NewStringUTF(env, myParams));
                           }wokring java-side-code
  public Object initReturnSomeObject(int i, Object obj) {
            String s = (String)obj;
            System.out.println("String: "+s+"\nInteger: "+i);
            some = new SomeObject(s,i);
            if(some==null) System.out.println("Some is not yet initialized, FEAR!!!!\n");
            else System.out.println("Yoh, I'm soooo many good!! \nSome:\nString: "+some.getS1()+"\nInt: "+some.getI1()+"\n");
            return (Object)some;
  so, und this code, doesn't work. you can see, the changes are dramatically!! ;)
  sorry for my sarcasm. I do not know, why it doesn't work.
  jlong aLongValue;
  aLongValue = 2;
  jmethodID mid3 = (*env)->GetMethodID(env, cl, "initReturnSomeObject", "(JLjava/lang/Object;)Ljava/lang/Object;");
                 if(mid3 == (jmethodID)0) printf("\ndooofes MethodName4!\n");
                           else {
                                const char* myParams;
                                   myParams = "ooooohwow!!!";
                                someObject = (*env)->CallObjectMethod(env, jobj, mid3,
                                          aLongValue, (*env)->NewStringUTF(env, myParams));
       public Object initReturnSomeObject(long i, Object obj) {
            String s = (String)obj;
            System.out.println("String: "+s+"\nInteger: "+i+"\nLong: ");
            some = new SomeObject(s,(int)i);
            if(some==null) System.out.println("Some is not yet initialized, FEAR!!!!\n");
            else System.out.println("Yoh, I'm soooo many good!! \nSome:\nString: "+some.getS1()+"\nInt: "+some.getI1()+"\n");
            return (Object)some;
  # An unexpected error has been detected by Java Runtime Environment:
  #  EXCEPTION_ACCESS_VIOLATION (0xc0000005) at pc=0x6d942975, pid=1784, tid=1648
  # Java VM: Java HotSpot(TM) Client VM (1.6.0_03-b05 mixed mode, sharing)
  # Problematic frame:
  # V  [jvm.dll+0x182975]
  # An error report file with more information is saved as hs_err_pid1784.log
  # If you would like to submit a bug report, please visit:
  #   http://java.sun.com/webapps/bugreport/crash.jsp
  #do you need some other informations or details? something out of the log-file? ok, i have to take the bus, so sorry for uncomplete informations or sentences ;)
  till later.

  Hi,
  I'm quite sure, the signature is correct. For failure check, yesterday I ran javap to check the signature, but I do also mean, that I changed the signature afterwards for several time. And, it works ;) at least the way, using Integer.
  Trying to use java/lang/String everytime I got the Error, that the method could not be found - this is the part, I was wrong in my description. So the error-Message is a different one.
  Belonging to the question for assumptions I made... it's difficult. I'm quite new to JNI, so, I don't know, what I can assume to do. The Method call seems to be a kind of reflection-mechanism. So I assume that the behaviour is similar. But reflection I'm not very firm, either ^^.
  What I do assume is, that the parameter-value J fits to the java-type jlong. But a work around on this, I will try today. getting the jlong into an char* or using long instead of jlong or using Ljava/lang/Long; or a casted Long as Ljava/lang/Object; ...
  I'm anxious to the ideas, I will have, bypassing this point. if there is no way, I will write a file, send a email or something like this ;)
  Thx for thinking about my problem jschel!! It's great not to be alone.
  John

• I just found my old ipod touch (i think 1st generation) and would like to let my toddler use it instead of my phone.  I am trying to download apps but it say I need to update to 4.3 but it won't let me update.  I have the most recent itunes. any idea why?

  I just found my old ipod touch (i think 1st generation) and would like to let my toddler use it instead of my phone.  I am trying to download apps but it say I need to update to 4.3 but it won't let me update.  I have the most recent itunes. any idea why? I saw a thread saying to purchase the newest software (that was posted a few years ago) I paid 4.95 for the software and it's still saying it can't be updated.  Am I just SOL??

  The 1G iPod can only go as high as 3.1.3. The 1G does not have an internal speaker or volume buttons on the upper left edge.
  Identifying iPod models
  To more easily find compatible apps:
  iOSSearch - search the iTunes store for compatible apps.
  Apple Club - filter apps by iOS version.

• How to modify a lookup field-type to use checkbox instead of radiobutton?

  How to modify a lookup field-type to use checkbox instead of radiobutton?
  I would like to modify the behavior for the lookup field.
  Normally you get a screen where it is possible to search through a lookup. The items resulted from the search are listed as radiobutton items. Therefore you can select only one at the time to be added.
  Is it possible to have the items to be listed as checkbox instead? So that you can check multiple items and therefore be able to add multiple items at the time?
  For example:
  To add the user to 10 different groups on MS-AD.
  It is desired to have the ability to check multiple groups to be added instead only one at the time.
  My client would like to use this feature in many other situations.

  Displaying will not be a big deal but with that you have to customize the action class and its working as well.

• Invalid security certificate for my website host-they say the problem is Apple Safari and use Firefox instead

  For the past few days, I keep getting an invalid security certificate in Safari whenever I select Edit My Site from my website homepage (http://annaporterartist.com), or whenever I select anything requiring a secure log in from my website host main page (FASO.com). I have contacted technical support at my website host (fineartstudioonline.com) and they say that this has been an intermittently recurring problem in Safari for years and they recommend that I use Firefox instead. As proof of this they emailed a link to an Apple Support discussion, but it was for Mac OS X Lion v 10.7.4 and Safari 5.1, even though I told them I am using Mac OS X Mountain Lion v 10.8.2 and Safari 6.0.2. I do not get this error message anywhere else on the web using Safari. I did try Firefox and it seems to work fine, but I prefer Safari and I want to know why Safari is not working as it should be. I am concerned that there is a real security problem with my website host and I need someone to explain why I am getting this error message, what it means, and if it is, in fact, a known problem with Safari or is my website host corrupted? Really tired of technical support playing pass the buck or pretending the problem does not exist.
  The specific error message is:
  Their response to my inquiry and my reply is shown below:

  Back up all data.
  Launch the Keychain Access application in any of the following ways:
  ☞ Enter the first few letters of its name into a Spotlight search. Select it in the results (it should be at the top.)
  ☞ In the Finder, select Go ▹ Utilities from the menu bar, or press the key combination shift-command-U. The application is in the folder that opens.
  ☞ Open LaunchPad. Click Utilities, then Keychain Access in the icon grid.
  From the menu bar, select
  Keychain Access ▹ Preferences ▹ Certificates
  There are three menus in the window. What is selected in each of them?

• Client Certificate Mapping authentication using Active Directory across trusted forests

  Hi,
  We currently have a setup where the on-premises environment and the cloud environment are based on two separate forests linked by a 1-way trust, i.e., the exist in the on-premises AD and the 1-way trust allows them to use their
  credentials to login to a cloud domain joined server. This works fine with the Windows authentication.
  We are now looking at implementing a 2-Factor authentication using Certificate. The PKI infrastructure exists in the On-Premises Forest. The users are able to successfully login to on-premise servers configured with "AD CLient Certificate
  Mapping".
  However, we are unable to achieve the same functionality on the cloud domain joined servers. I would like to know
  1. Is this possible?
  2. If yes, what do we need to do to make this work.
  Just to clarify, we are able to authenticate using certificates by enabling anonymous authentication. However, we are unable to do the same after turning on "Client Certificate Mapping authentication using Active Directory"

  1. Yes!
  2. Before answering this I need to know if your are trying to perform a smart card logon on a desktop/console or if you just want to use certificate based authentication in an application like using a web application with client certificate requirements
  and mapping?
  /Hasain
  We will eventually need it for smartcard logon on to desktop/console. However, at present, I am trying to use this for certificate based authentication on a web application.
  To simulate the scenario, I setup up two separate forests and established a trust between them.
  I then setup a Windows PKI in one of the forests and issued a client certificate to a user.
  I then setup a web server in both the forests and configured them for anonymous authentication with Client SSL requirement configured.
  I setup a test ASP page to capture the Login Info on both the servers.
  With the client and the server in the same forest, I got the following results
  Login Info
  LOGON_USER: CORP\ASmith
  AUTH_USER: CORP\ASmith
  AUTH_TYPE: SSL/PCT
  With the client in the domain with the PKI and the server in the other Forest, I got the following response
  Login Info
  LOGON_USER:
  AUTH_USER:
  AUTH_TYPE: 
  I tried the configuration with the Anonymous Authentication turned off and the AD CLient Certificate mapping turned on.
  With the client and the server in the same forest, I am able to login to the default page. However, with the server in a trusted forest, I get the following error.
  401 - Unauthorized: Access is denied due to invalid credentials.
  You do not have permission to view this directory or page using the credentials that you supplied

• I would like to read a text file in which the decimal numbers are using dots instead of commas. Is there a way of converting this in labVIEW, or how can I get the program to enterpret the figures in the correct way?

  The program doest enterpret my figures from the text file in the correct way since the numbers contain dots instead of commas. Is there a way to fix this in labVIEW, or do I have to change the files before reading them in the program? Thanks beforehend!

  You must go in the labview option menu, you can select 'use the local
  separator' in the front side submenu (LV6i).
  If you use the "From Exponential/Fract/Eng" vi, you are able to select this
  opton (with a boolean) without changing the labview parameters.
  (sorry for my english)
  Lange Jerome
  FRANCE
  "Nina" a ecrit dans le message news:
  [email protected]..
  > I would like to read a text file in which the decimal numbers are
  > using dots instead of commas. Is there a way of converting this in
  > labVIEW, or how can I get the program to enterpret the figures in the
  > correct way?
  >
  > The program doest enterpret my figures from the text file in the
  > correct way since the numbers contain dots instea
  d of commas. Is there
  > a way to fix this in labVIEW, or do I have to change the files before
  > reading them in the program? Thanks beforehend!

• How to set proxy authentication using java properties at run time

  Hi All,
  How to set proxy authentication using java properties on the command line, or in Netbeans (Project => Properties
  => Run => Arguments). Below is a simple URL data extract program which works in absence of firewall:
  import java.io.*;
  import java.net.*;
  public class DnldURLWithoutUsingProxy {
     public static void main (String[] args) {
        URL u;
        InputStream is = null;
        DataInputStream dis;
        String s;
        try {
            u = new URL("http://www.yahoo.com.au/index.html");
           is = u.openStream();         // throws an IOException
           dis = new DataInputStream(new BufferedInputStream(is));
           BufferedReader br = new BufferedReader(new InputStreamReader(dis));
        String strLine;
        //Read File Line By Line
        while ((strLine = br.readLine()) != null)      {
        // Print the content on the console
            System.out.println (strLine);
        //Close the input stream
        dis.close();
        } catch (MalformedURLException mue) {
           System.out.println("Ouch - a MalformedURLException happened.");
           mue.printStackTrace();
           System.exit(1);
        } catch (IOException ioe) {
           System.out.println("Oops- an IOException happened.");
           ioe.printStackTrace();
           System.exit(1);
        } finally {
           try {
              is.close();
           } catch (IOException ioe) {
  }However, it generated the following message when run behind the firewall:
  cd C:\Documents and Settings\abc\DnldURL\build\classes
  java -cp . DnldURLWithoutUsingProxy
  Oops- an IOException happened.
  java.net.ConnectException: Connection refused
  at java.net.PlainSocketImpl.socketConnect(Native Method)
  at java.net.PlainSocketImpl.doConnect(PlainSocketImpl.java:305)
  at java.net.PlainSocketImpl.connectToAddress(PlainSocketImpl.java:171)
  at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:158)
  at java.net.Socket.connect(Socket.java:452)
  at java.net.Socket.connect(Socket.java:402)
  at sun.net.NetworkClient.doConnect(NetworkClient.java:139)
  at sun.net.www.http.HttpClient.openServer(HttpClient.java:402)
  at sun.net.www.http.HttpClient.openServer(HttpClient.java:618)
  at sun.net.www.http.HttpClient.<init>(HttpClient.java:306)
  at sun.net.www.http.HttpClient.<init>(HttpClient.java:267)
  at sun.net.www.http.HttpClient.New(HttpClient.java:339)
  at sun.net.www.http.HttpClient.New(HttpClient.java:320)
  at sun.net.www.http.HttpClient.New(HttpClient.java:315)
  at sun.net.www.protocol.http.HttpURLConnection.plainConnect(HttpURLConnection.java:510)
  at sun.net.www.protocol.http.HttpURLConnection.connect(HttpURLConnection.java:487)
  at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:615) at java.net.URL.openStream(URL.java:913) at DnldURLWithoutUsingProxy.main(DnldURLWithoutUsingProxy.java:17)
  I have also tried the command without much luck either:
  java -cp . -Dhttp.proxyHost=wwwproxy -Dhttp.proxyPort=80 DnldURLWithoutUsingProxy
  Oops- an IOException happened.
  java.io.IOException: Server returned HTTP response code: 407 for URL: http://www.yahoo.com.au/index.html
  at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1245) at java.net.URL.openStream(URL.java:1009) at DnldURLWithoutUsingProxy.main(DnldURLWithoutUsingProxy.java:17)
  All outgoing traffic needs to use the proxy wwwproxy (alias to http://proxypac/proxy.pac) on port 80, where it will prompt for valid authentication before allowing to get through.
  There is no problem pinging www.yahoo.com from this system.
  I am running jdk1.6.0_03, Netbeans 6.0 on Windows XP platform.
  I have tried Greg Sporar's Blog on setting the JVM option in Sun Java System Application Server (GlassFish) and
  Java Control Panel - Use browser settings without success.
  Thanks,
  George

  Hi All,
  How to set proxy authentication using java properties on the command line, or in Netbeans (Project => Properties
  => Run => Arguments). Below is a simple URL data extract program which works in absence of firewall:
  import java.io.*;
  import java.net.*;
  public class DnldURLWithoutUsingProxy {
     public static void main (String[] args) {
        URL u;
        InputStream is = null;
        DataInputStream dis;
        String s;
        try {
            u = new URL("http://www.yahoo.com.au/index.html");
           is = u.openStream();         // throws an IOException
           dis = new DataInputStream(new BufferedInputStream(is));
           BufferedReader br = new BufferedReader(new InputStreamReader(dis));
        String strLine;
        //Read File Line By Line
        while ((strLine = br.readLine()) != null)      {
        // Print the content on the console
            System.out.println (strLine);
        //Close the input stream
        dis.close();
        } catch (MalformedURLException mue) {
           System.out.println("Ouch - a MalformedURLException happened.");
           mue.printStackTrace();
           System.exit(1);
        } catch (IOException ioe) {
           System.out.println("Oops- an IOException happened.");
           ioe.printStackTrace();
           System.exit(1);
        } finally {
           try {
              is.close();
           } catch (IOException ioe) {
  }However, it generated the following message when run behind the firewall:
  cd C:\Documents and Settings\abc\DnldURL\build\classes
  java -cp . DnldURLWithoutUsingProxy
  Oops- an IOException happened.
  java.net.ConnectException: Connection refused
  at java.net.PlainSocketImpl.socketConnect(Native Method)
  at java.net.PlainSocketImpl.doConnect(PlainSocketImpl.java:305)
  at java.net.PlainSocketImpl.connectToAddress(PlainSocketImpl.java:171)
  at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:158)
  at java.net.Socket.connect(Socket.java:452)
  at java.net.Socket.connect(Socket.java:402)
  at sun.net.NetworkClient.doConnect(NetworkClient.java:139)
  at sun.net.www.http.HttpClient.openServer(HttpClient.java:402)
  at sun.net.www.http.HttpClient.openServer(HttpClient.java:618)
  at sun.net.www.http.HttpClient.<init>(HttpClient.java:306)
  at sun.net.www.http.HttpClient.<init>(HttpClient.java:267)
  at sun.net.www.http.HttpClient.New(HttpClient.java:339)
  at sun.net.www.http.HttpClient.New(HttpClient.java:320)
  at sun.net.www.http.HttpClient.New(HttpClient.java:315)
  at sun.net.www.protocol.http.HttpURLConnection.plainConnect(HttpURLConnection.java:510)
  at sun.net.www.protocol.http.HttpURLConnection.connect(HttpURLConnection.java:487)
  at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:615) at java.net.URL.openStream(URL.java:913) at DnldURLWithoutUsingProxy.main(DnldURLWithoutUsingProxy.java:17)
  I have also tried the command without much luck either:
  java -cp . -Dhttp.proxyHost=wwwproxy -Dhttp.proxyPort=80 DnldURLWithoutUsingProxy
  Oops- an IOException happened.
  java.io.IOException: Server returned HTTP response code: 407 for URL: http://www.yahoo.com.au/index.html
  at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1245) at java.net.URL.openStream(URL.java:1009) at DnldURLWithoutUsingProxy.main(DnldURLWithoutUsingProxy.java:17)
  All outgoing traffic needs to use the proxy wwwproxy (alias to http://proxypac/proxy.pac) on port 80, where it will prompt for valid authentication before allowing to get through.
  There is no problem pinging www.yahoo.com from this system.
  I am running jdk1.6.0_03, Netbeans 6.0 on Windows XP platform.
  I have tried Greg Sporar's Blog on setting the JVM option in Sun Java System Application Server (GlassFish) and
  Java Control Panel - Use browser settings without success.
  Thanks,
  George

• Using open instead of file open causes Acrobat X11 to barf and stop working

  I get a Critical Error when I use Open instead of File Open.
  Faulting Application Path: C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrobat.exe
  Problem Event Name: APPCRASH
  Application Name: Acrobat.exe
  Application Version: 11.0.9.29
  Application Timestamp: 5412b52e
  Fault Module Name: StackHash_9cd1
  Fault Module Version: 0.0.0.0
  Fault Module Timestamp: 00000000
  Exception Code: c00001a5
  Exception Offset: PCH_9A_FROM_ntdll+0x0003AAAC
  OS Version: 6.3.9600.2.0.0.256.48
  Locale ID: 1033
  Additional Information 1: 9cd1
  Additional Information 2: 9cd11aece74acb27712497bb36a41cb9
  Additional Information 3: 907e
  Additional Information 4: 907e2580c2bb8a6c100db3c807719959
  Bucket ID: 14715054b1814cb4d80f9c990e44ea23 (73554368215)

  You can use the DocOpen event.

• Firefox can't read any Bookmark that was imported from my PC with file extension .url. Safari reads them fine. Is there a fix, so I can use Firefox instead of Safari? Many thanks if so. I have the latest version of Firefox

  Firefox can't read any Bookmark on my Mac that was imported from my PC with file extension .url. Safari reads them all fine. Is there a fix, so I can use Firefox instead of Safari? Many thanks if so. I have the latest version of Firefox
  == URL of affected sites ==
  http://anysite.url
  == User Agent ==
  Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_8; en-us) AppleWebKit/531.22.7 (KHTML, like Gecko) Version/4.0.5 Safari/531.22.7

  Hello JF.
  I don't think that extension is supported. I believe Firefox can only read .json and .html.
  You may want to read this though:
  [http://support.mozilla.com/en-US/kb/Importing+bookmarks+and other data from Safari Importing bookmarks and other data from Safari]