Policy  to grant access in RMI? help

Similar Messages

• !!Still unresolved error #2123: BitmapData.draw(), videosampleaccess, No policy files granted access

  Hello,
  I have looked all over the forums, google etc. and not found any reliable and working solution to be able to retrieve the stream bitmapdata from RTMP  or HTTPDynamicStreaming source. Please find the details below.
  I have tried everything:
  NetStream.checkPolicyFile = true
  Security.loadPolicyFile(...);
  /applications/live/main.asc has the code below:
  application.onConnect = function( client )
      client.videoSampleAccess = "/";
      this.acceptConnection(client) ;
  The Application.xml has the tag:
  <Client>
       <access>
            <VideoSampleAccess enabled="true">/</VideoSampleAccess>
       </access>
  </Client>
  But constantly, I receive this error ( both on FMS3.5 and FMS4.0 RTMP & HttpLiveDynamicStreaming):
  securityerror:Error #2123: Security sandbox violation: BitmapData.draw: http://localhost/xxyy.swf cannot access rtmpt://localhost:1935/live. No policy files granted access.
  The problem persists wherever the player.swf is placed.
  Since I'm using OSMF the video display object had to be retrieved in the way like this:
  var mediaDisplayObjectTrait:DisplayObjectTrait;
  mediaDisplayObjectTrait = media.getTrait(MediaTraitType.DISPLAY_OBJECT) as DisplayObjectTrait;
  v = new Video(mediaDisplayObjectTrait.mediaWidth,mediaDisplayObjectTrait.mediaHeight);
  loadable.netStream.checkPolicyFile = true;
  v.attachNetStream(loadable.netStream);
  The new Video part is a must because when using ( the only working http - vod setup ) the BitmapData of the DisplayObject defaults to 320x240 even though the mediaWidth and mediaHeight properties are set fine and the video itself has much higher resolution. I must note at this point its far weird and worths another post.
  Seems like the player simply doesn't know anything about where and how to obtain any kind of policy information from the stream.
  I think this issue must be resolved once and for all, it's simply not acceptable to have this poor documentation floating around an essential feature without any professional help involved.

  You don't need crossdomain policy files, you need to do the following;
  1)      Edit the Application.xml file in the host folder, within install directory/conf/... , edit the client tag, adding the attribute override=”yes”
  <Client override=”yes”>
  In a default install of Flash Media Server, the Client class is set to prevent overriding values in the application folder. This was why the settings we were trying were not holding.
  We do not need to alter anything else of the conf Application.xml
  2)      Add the client/access nodes to the root Application.xml within the content folder  ( we have already done this as far as I am aware ).
  <Application>
    <Client>
     <Access>
      <VideoSampleAccess enabled="true">/</VideoSampleAccess>
      <AudioSampleAccess enabled="true">/</AudioSampleAccess>
     </Access>
    </Client>
  </Application>
  3)      Restart the Media Server by using the administration console. This will enable the client>access values to be overridden to true.

• How to set the granted permission in RMI SERVER site

  Hi everyone,
  I have developin some simple RMi program but the error message is keep on prompting out and I cant really test out what is the result. I understand I got to GRANT the permission for the RMI but I I dun really know where should I start first. I know there are code that can be implement in the sErver site, just hope some one can guide me out.
  Thank lot...
  here is the code for server:
  import java.rmi.*;
  import java.rmi.server.UnicastRemoteObject;
  public class myRMIServer
  public static void main(String[] argv)
  System.setSecurityManager(new RMISecurityManager());
  try
  myRMIImpl implementation = new myRMIImpl("myRMIImplInstance");
  catch (Exception e)
  System.out.println("Exception occurred: " + e);
  Where should i code the getProperties and setProperties code...

  so, what u mean is the problem occur doesnt related to coding part ?? do you think it is because I did not start the rmiRegistry, but somehow when i started the rmiRegistry, the console window is blank an it is nothing in the window. pls pls help me to solve this problem... sound easy initially but end up it is not...
  by the way, here is the code
  Interface
  public interface myRMIInterface extends java.rmi.Remote
  public java.util.Date getDate() throws java.rmi.RemoteException;
  Interface Implementation
  import java.rmi.*;
  import java.rmi.server.UnicastRemoteObject;
  public class myRMIImpl extends UnicastRemoteObject implements myRMIInterface
  public myRMIImpl(String name) throws RemoteException
  super();
  try
  Naming.rebind(name, this);
  catch(Exception e)
  System.out.println("Exception occurred: " + e);
  public java.util.Date getDate()
  return new java.util.Date();
  server
  import java.rmi.*;
  import java.rmi.Naming;
  import java.rmi.RMISecurityManager;
  import java.rmi.server.UnicastRemoteObject;
  import java.rmi.registry.LocateRegistry;
  import java.util.Properties;
  public class myRMIServer
  public static void main(String[] argv)
  //System.setProperty("java.security.policy","C:\\workspace\\MyRMI\\java.policy");           
  //System.getProperty("java.security.policy","C:\\workspace\\MyRMI\\java.policy");
       //myRMIServer m = System.getProperties();
       //m.setProperty("java.security.policy","C:\\workspace\\MyRMI\\java.policy");
       //System.setSecurityManager(new RMISecurityManager());
  //Properties p = System.getProperties();
  //p.setProperty("java.security.policy","C:\\workspace\\MyRMI\\java.policy");
  try
  myRMIImpl implementation = new myRMIImpl("myRMIImplInstance");
  Properties p = System.getProperties();
       System.setProperty("java.security.policy","C:\\workspace\\MyRMI\\java.policy.txt");
       System.setProperty("java.rmi.server.codebase","file:///P:\\Projects\\RMIServer\\bin");
       if (System.getSecurityManager() == null) {
       System.setSecurityManager(new RMISecurityManager());
       System.out.println("Security manager registered");
       //System.out.println("Service registered");
  catch (Exception e)
  System.out.println("Exception occurred: " + e);
  here is the code, to run, I got a client one as well, but is just for displat purpose..
  thank you, guys....really appreciate ur help

• Sql server grants access to specific login to database.

  i have created website for intranet and hosted it on server. for that i needed to create login "IIS APPPOOL\hi" in sql server 2008 for my application
  to access my "reportdb" database. "IIS APPPOOL\hi" has sysadmin and public server roles in sql server 2008. And i have default login"sa" same
  as "IIS APPPOOL\hi". these are working correctly. Now I want these two logins to access"reportdb" for all
  operations in database and remaining all logins should be denied to access"reportdb". My Sql Server 2008 is having mixed mode (windows authentication and Sql authentication). plz help me

  I think what Tauseef is requesting is to keep access for the 2 sysadmins & deny access to everyone else, correct?
  As Uri mentioned, by being part of sysadmin role, “IIS APPPOOL\hi” & “sa” would have access to everything in the server, and nobody else should have access to the DB unless explicitly being granted access.
  If you would really deny anyone else access to the database, you can potentially deny connect to public, and only sysadmins (who override permissions) would be able to connect; although I would strongly recommend against such practice.
  Something else I would like to recommend against is the usage of sysadmin for what may not be a DBA role (IIS appPool). Following the least-privilege principle, I would recommend having a non-administrator user for applications that has enough capabilities
  to perform the tasks needed.
  The main risk is that a SQL injection (SQLi) bug in your application would lead to a complete compromise of your SQL server.
  If there are app tasks that would require elevated permissions, I would recommend encapsulating the logic in a stored procedure and either use impersonation or digital signatures to accomplish a controlled elevation of privileges instead. If you have any
  question on this topic I will be glad to assist.
  I hope this information helps,
  -Raul Garcia
   SQL Server Security
  This posting is provided "AS IS" with no warranties, and confers no rights.

• How do I resolve this error in Safari Your page is blocked due to a security policy that prohibits access to Category Remote Proxies"?

  I'm trying to access several pages and keep geting "Your page is blocked due to a security policy that prohibits access to Category Remote Proxies" After going over all my security stuff I just can't find where I would correct the error.
  Is there anyone who could help me?
  Thanks
  Fr. Gary

  very strange,
  1. check time and date on your computer
  2. reset network configuration, make sure there are no proxy servers and you get DNS from your router not manual
  3. Reset certificates database
  Go to Terminal (Applications>Utilities)
  sudo rm /var/db/crls/*cache.db
  (you will be prompted for your password)
  and reboot the computer
  post back

• Grant access to individual content

  Hello,
  I'm currently implementing a UCM solution and I came upon a customer requirement that I don't even know if it is possible to implement with UCM.
  I will try to explain by giving an example:
  The company has 2 Departments: Department 1 and Department 2 and for each department it was created a Security Group.
  SG_DEP_1 for Department 1 and SG_DEP_2 for Department 2.
  The company also has 2 users, one for each department, with full accesses:
  BOB_1 has RWDA to SG_DEP_1 and EDDIE_2 has RWDA to SG_DEP_2.
  Each user can manage its own Security_group, but what happens if BOB_1 needs to show a document to EDDIE_2 (example: for asking EDDIE_2 for an legal advice on a given document). Could BOB_1 grant read access to EDDIE_2 on that specific document ? (I'm not talking about granting access to SG_DEP_1, just the document).
  Note: in my specific projects, there are at least a dozen Departments, each tightly secured, but with needs to show 'some' content on a daily basis. What the customer really needs it the hability to specify access permissions individually on each content item (groups or specific users).
  How would you implement such a use case? I'm starting to consider the possibility on having to implement a BPM, or something like that to provide this level of control.
  Thanks
  Luís Duarte
  Edited by: user10359998 on Sep 25, 2008 4:19 AM

  Hi!
  In the HowtoComponents, there is a component named "SecurityFilter" :
  "This component demonstrates how to use the 'alterUserCredentials' filter to temporarilly boost a user's security privileges for one request. This filter is useful for dynamicly granting accounts and roles for specific service requests, or for specific users." quoting the readme of the component.
  You can download it there : http://www.oracle.com/technology/products/content-management/ucm/samples/index.html
  Hope it helps!
  romain.

• Grant Access to folder for everyone - URGENT!!!!

  I've created a folder with the "wwsbr_api.add_folder" function, and I want to add privileges to another group or user. The problem arises when a user, different from the one who created the folder, tries to access to the documents contained in that folder. He/she won't be able to access this documents as there is no grant access for them.
  Can I give a grant access in that folder to another group or user with another API function?
  Version Portal 3.0.9.8.0
  It is very urgent so I would appreciate some help from you,
  Thanks in advance
  kind regards,
  Enrique

  Just a suggestion:
  This question has been asked several times on this forum, and there are some good answers out there. Please try to use the search function before posting a question.
  Hint: search on the the word "privilege".

• Grant access to users from different Domains

  Hi,
  Recently my company was merged with another. All users from my company are setup in our Domain (DomainA). Sharepoint is able to see the users in this domain and grant access to the users as well. When the merger happened, we created a Group (Test - Sharepoint)
  in our AD to add groups from other companie's domain:DomainB, totally different Forest. There is a two way trust setup between these domains. The group Test-Sharepoint is "domain local" and it is able to see the groups/users from other domain: DomainB.
  The other users are now able to access our sharepoint environment once access is granted to DomainA\Test-Sharepoint.
  Problem came when we applied Audience targetting around few web parts. The users from DomainB who are added as object in DomainA\Test-Sharepoint (group in DomainA) are not able to see the web parts that have audience targeting for this group. Someone
  suggested that AD groups should be Global or Universal but that is not our case. Most of the groups in our AD are domain local and SP is able to see the users within it.
  Please suggest how we can resolve audience targeting issue?
  Regards, Kapil ***Please mark answer as Helpful or Answered after consideration***

  My apologies, yes that is correct you'll have to use Domain Local in this case. http://technet.microsoft.com/en-us/library/cc755692(v=WS.10).aspx
  Actually what you'll need to do is not use Groups in your domain at all, as the users are Foreign Security Principals. Instead, use a group in the trusted domain, or attributes of the users you intend to target directly.
  Trevor Seward
  Follow or contact me at...
  &nbsp&nbsp
  This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

• Signed applet - NO Grant access dialog

  I've develped a signed applet which works with the java plugin 1.3.1 and a self signed certificate. while developing i followed the description from irene67 in this forum. every thing works perfektly apart from the grant access dialog. after installing my certificate and starting my applet nothing happens appart from an file.io.exceptino (access denied)! i've tried out everything i could find in about 200 articels in several forums. but in the meantime i have no idea what i can do! may be anybody can help me!

  At some point the Plug-in switched from using the Windows Certificate Manager to using the cacerts file. If you're using Plug-in 1.3.1, then it's using the cacerts file to determine whether the jar is signed with a certificate chain that ends with a trusted ca. Use keytool to import your certificate into cacerts. If you've already tried that, then maybe list the commands that you've issued in your attempt so we can have a look.

• Grant access to terminated employee's mailbox

  How can I easily grant access to a terminated employee's mailbox including deleted items? If I have the terminated employee's mailbox on litigation hold the deleted items are in the recovery folder, but can the recovery folder only be viewed through
  e-discovery process?
  Thanks!

  Hi Viper,
  Thank you for your question.
  We could run the following command to grant full access permission on terminated user:
  Add-MailboxPermission –Identity <terminated user> -User <your name> -AccessRights FullAccess –InheritanceType all
  If I have the terminated employee's mailbox on litigation hold the deleted items are in the recovery folder, but can the recovery folder only be viewed through e-discovery process?
  A: Yes, we could be granted only viewer to the specific user, we could refer to the following link:
  https://technet.microsoft.com/en-us/library/dd298021(v=exchg.150).aspx  
  Authorized users can perform an In-Place eDiscovery search by selecting the mailboxes, and then specifying search
  criteria such as keywords, start and end dates, sender and recipient addresses, and message types. After the search is complete, authorized users can then select one of the following actions:
  Estimate search results   This option returns an estimate
  of the total size and number of items that will be returned by the search based on the criteria you specified.
  Preview search results   This option provides a preview
  of the results. Messages returned from each mailbox searched are displayed.
  Copy search results   This option lets you copy messages
  to a discovery mailbox.
  Export search results   After search results are copied
  to a discovery mailbox, you can export them to a PST file.
  If there are any questions regarding this issue, please be free to let me know. 
  Best Regard,
  Jim
  Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected]
  Jim Xu
  TechNet Community Support

• Grant access based on application type?

  Hi,
  Is there a way to grant access to just some of the application types attached to a DIR? I would like to limit the users to open the CAD files but they should be able to open the PDF files attached. The idea is to create the PDF file automatically out of the CAD file so I canu2019t put them in different DIRs because that would involve manual work.
  Kind regards,
  Kristoffer Pehrson

  Hi Kristoffer,
  from my point of view maybe the authorization trace could help to find a suitable authorization object for creating your checks. More information on this authorization trace could be found under http://wiki.sdn.sap.com/wiki/display/PLM/AuthorizationTraceintransactionST01
  Useful information on each DMS authorization object can be found under http://wiki.sdn.sap.com/wiki/display/PLM/AuthorizationObjectsin+DMS.
  If no standard authorization object could be useful maybe you can use a BADI like DOCUMENT_AUTH01 or DOCUMENT_MAIN01 to implement an individual check for the application type and so restrict some users to view special applications.
  Best regards,
  Christoph

• Which subsystem to grant access to proxy for executing a TSQL step?

  I want to test something while using a credential I setup.  I want to simply run a TSQL statement step in a job, and  do this as a specific proxy user.  Which subsystem do I grant the proxy to have access to?

  it should be 1 for T-SQL
  check the values using below code
  USE msdb
  GO
  EXEC sp_enum_sqlagent_subsystems
  GO
  It will list you values for various subsystems
  You can grant access as follows
  EXEC msdb.dbo.sp_grant_proxy_to_subsystem
  @proxy_name=N'Your proxy name here',
  @subsystem_id = 1
  GO
  EXEC dbo.sp_enum_proxy_for_subsystem
  Please Mark This As Answer if it helps to solve the issue Visakh ---------------------------- http://visakhm.blogspot.com/ https://www.facebook.com/VmBlogs

• GRANT ACCESS with sys user

  hi
  i have an user with objects, tables, views and procedures but it doesn't´t have dba privileges... how can i grant access to all the user to these objects? (with the sys or system user).
  thanks for your help.
  alex

  Hello,
  Every user in database has its objects and DBA privileges are not for everyone.
  how can i grant access to all the user to these objects? (with the sys or system user)<<<<<<Can explain these lines ?? What's your requirment ?? Please state clearly...
  As far as i got your problem, you require that all other users of databse should be able to access the objects of user (lets say A) which you specified in first line.
  For this purpose create public synonyms for all objects of user A and grant. So, everyone can use the objects of "A's" schema.
  Please update..... if you got the point or not...

• App Role Not Granting Access

  Hello,
  We are currently using OBIEE 11.1.1.6.2 BP1, I had to create a new dashboard and created a custom app    with open access (read and execute).  After setting this up I added it to catalog permissions however this app role grants access to everything but the dashboard.  The end user can open the catalog and navigate to folder location where the reports are stored but is unable to see the dashboard.  I have veried the app role is properly created in the Enterprise Manager.  The custom app role granting full control for my power users works as expected.
  Has anyone seen this type of issue?  Any help would be greatly appreciated.

  Yes everything is good in this regard and did not need to change anything.  I am unsure of what was happening but this group all of a sudden started working.  It have never taken that long for permissions to take effect before.

• Progress Reporter. I can't access,not granted access for direct login

  I am trying to Access to Progress Reporter.
  Web Access is running correctly and I got access with "admin" user. But when I am trying to use the admin user for Progress Reporter I got this message:
  Logon denied for[admin]. You are not granted access for direct login,please contact your administrator. Please choose 'OK' to make corrections or 'Cancel' to exit tha application.
  I don't know how to create user for Progress Report if that is the problem. Please help me......I will appreciate your help a lot.
  Thanks

  I have the same problem (p6v7), but the diference with the case mentioned, I have all checkbox marked correctly and all permision to users.
  When I tried to loggin appear the same error
  Have someone any tip???
  Thanks