Problem with passing exception with declarative security

Similar Messages

• Facing Problem with Declarative Security

  There is a J2EE Security related issue on the web and enterprise layer of my project. This project uses Struts framework for web tier and ejb's for enterprise layer.
  Declarative Security is used through web.xml and ejb-jar.xml. We have created roles and groups and mapped users to them. We are referring this information from the property file (IAP).
  User Principal object is retrieved properly for the first time, when invoked from the ActionHandler (LoginAction.java). For all subsequent calls, this information is returned as null.
  We want to know how the web and ejb container picks up the user credentials using declarative security management for subsequent calls after authentication ? If this information is picked from session, then what is the variable used to store user credentials in session ?

  the repos may have even been down at that time.
  just try again later.
  it should work fine.

• There is a problem with the security certificate of the proxy server. Error code 18 and 38.

  Hi All,
  After several hours and a short night of sleep I'm out of ideas and hopefully someone here can help me trying to solve this one. First of all the situation:
  Exchange 2013 on a remote location with a CA-certificate.
  Outlook 2010 and 2013 on different locations, locally installed and on RDS.
  When I open Outlook on my laptop all is fine, no errors, good sync, no problem. But when I open Outlook on our Remote Desktop Servers with Outlook 2013 I'm getting errors like "There is a problem with the security certificate of the proxy server. The
  name on the security certificate is invalid or does not match the name of the site. Outlook is unable to connect to this server. (Error code 18)". Opening Outlook 2010 the message is the same, but the error code now is 38.
  After this Outlook opens and is working, there's one more error though. After a while an security warning pops up with the message: "Information you exchange with this site cannot be viewed or changed by others. However, there is a problem with the
  site's security certificate. * The security certificate was issued by a company you have not chosen to trust. View the certificate to determine whether you want to trust the certifying authority. * The security certificate is valid. * The name on the security
  certificate is invalid or does not match the name of the site."
  Strangest thing is, it is the certificate of my RDS! It isn't my valid en officially bought certificate from my mailserver. What's going on? I'm out of options, what I've tried so far (in random order):
  - restarting mailserver and AD;
  - restarting switches;
  - restarting routers;
  - restarting RDS, AD and all other servers;
  - bypassed proxyserver for RDS;
  - created a new profile;
  - checked recently installed updates;
  - checked certificate on mailserver;
  - checked RDS on a different location, working fine.
  Nothing helped, what can I do next? Please advice.
  Regards.

  Found a thread that solves half my problem (https://social.technet.microsoft.com/Forums/office/en-US/70d18244-889a-4d95-ac3f-e234672a82b2/there-is-a-problem-with-the-proxy-servers-security-certificate-error-when-starting-outlook?forum=exchangesvrclients).
  The first message can be suppressed by adding this to the Exchange config:
  set-outlookprovider -Identity EXCH -CertprincipalName msstd:webmail.domain.tld
  set-outlookprovider -Identity EXPR -CertprincipalName msstd:webmail.domain.tld
  Giving the command get-outlookprovider, gives me empty information regarding the certprinipalname. Filled
  this and after recreating the profile or deleting the ost-file I still have the second alert with the local certificate of my RDS.
  Not completely where I want to be, any help regarding the second alert is greatly appreciated!

• There is a problem with this connection's security certificate The remote computer cannot be authenticated due to problems with its security certificate. Security certificate problems might indicate an attempt to fool you or intercept any data you send

  Hi,
  I have this Windows 2008 R2 on which I installed remoteapp some years ago.
  Now the certificate expired and I get the message
  "There is a problem with this connection's security certificate
  The remote computer cannot be authenticated due to problems with its security certificate.
  Security certificate problems might indicate an attempt to fool you or intercept any data you send to the remote computer."
  How should I renew the certificate? I already went to certification store and tried to renew certificate with same key but then it says "the request contains nor certificate template information".
  Please advise.
  J.
  J.
  Jan Hoedt

  Does the computer account have Enroll permission to the certificate template?
  From the Server running your CA, run mmc, click File then Add/Remove Snap-in...
  Add Certificate Templates and click OK.
  Find the certificate template, then right click and select properties.  On my CA its call ed RemoteDesktopComputers but might be called something different depending on what what template your certificate is based on.
  On the security tab, click Oblect types, check Computers then OK. Enter the Computername and click OK.  Then give your computer account Enroll permisssion.
  HTH,
  JB

• Hi all, I'm still having problems with my security questions as they were not the ones I answered. Now I'm confused

  Still having problems with my security questions as they were not the ones I answered and now I'm confused.

  Howdy Paul,
  If you are having an issue with your Apple ID security questions, you can reset them using the steps in this article -
  If you forgot the answers to your Apple ID security questions - Apple Support
  Thanks for using Apple Support Communities.
  Best,
  Brett L 

• Hi i have a problem with my security question verify email address

  hi,
  i have a problem with my security question verify email address

  If Manage your Apple ID primary, rescue, alternate, and notification email addresses does not help, you can contact the Apple ID Security site from http://support.apple.com/kb/HT5699 or call the AppleCare support number from http://support.apple.com/kb/HE57 and ask to speak with the Account Security Team.

• I have problem with the security question i forgot it some body tell me they will show down of the question forgot the answering but nothing show help me plz thanks

  I have problem with the security question i forgot it some body tell me they will show down of the question forgot the answering but nothing show help me plz thanks

  The reset link will only show if you have a rescue email address (which is not the same thing as an alternate email address) set up on your account : http://support.apple.com/kb/HT5312
  If you don't have a rescue email address (you won't be able to add one until you can answer 2 of your questions) then you will need to contact iTunes Support / Apple to get the questions reset.
  Contacting Apple about account security : http://support.apple.com/kb/HT5699
  When they've been reset (and if you don't already have a rescue email address) you can then use the steps half-way down this page to add a rescue email address for potential future use : http://support.apple.com/kb/HT5312

• I have problem with the security question which i forgot the answer how can i change it as i already have apple id and password

  I have problem with the security question which i forgot the answer how can i change it as i already have apple id and password

  You may reset the password on your account by opening https://iforgot.apple.com/ in Safari and entering your Apple ID (your email address, which the moderators should have removed earlier).
  You won't be able to set the password to your email address, or a recently-used password (if I remember correctly).
  Once you change your password, you should update your password on your iOS device in Settings > iTunes & App Store, then tapping the "Apple ID: <username>" cell at the top to re-enter your password.  (Your iOS device may prompt you for the new password before getting to Settings as well.)
  Hope that helps.  If you have a different issue, please post a follow-up message.

• I have problem with the security questions and i dont know the answer. How i change the questions ?

  I have problem with the security questions and i dont know the answer. How i change the questions ?

  See Here... ask to speak with the Account Security Team...
  Apple ID: Contacting Apple for help with Apple ID account security
  Or Here  >  Apple  Support  iTunes Store  Contact

• I am having problems with my security questions.  I cannot Get them reset. What do I do?

  I am having problems with my security questions.
  I cannot get them reset.  How can I fix this?

  Hi Tiffanyweir,
  You need to contact iTunes Support to get them reset:
  ACCOUNT SECURITY CONTACT NUMBERS
  Cheers,
  GB

• Problem with socket security

  Hi,
  I'm trying to make socket connection from within air application, but no way. I'm browsing google for almost 2 days, follow all possible solutions, but avidently I dont understund somthing cause I'm not able to do anything.
  Every time sandbox security violation.....  I need make some simple socket data exchange between my air, and OS. I do not have any web server and no any other kind of network ability. I write down stupid socket server, which is waiting for policy request, and for my other requests (it function 100%, tested with Telnet, so no way to have problem on my socket server side).
  The strange thing is that my application do not produce any request for socket policy file, neither at 843 port (for default), neither at my custom location with namual
  Security.loadPolicyFile("xmlsocket://ip:port"); call
  This is my primitive code:
  <?xml version="1.0" encoding="utf-8"?>
  <mx:WindowedApplication xmlns:mx="http://www.adobe.com/2006/mxml"
      layout="vertical">
      <mx:Script>
          <![CDATA[
              private var s:XMLSocket = null;
              private function test():void{
                  Security.loadPolicyFile("xmlsocket://127.0.0.1:25013");
                  if(!s){
                      s = new XMLSocket();
                      s.addEventListener(DataEvent.DATA, onData);
                      s.addEventListener(Event.ACTIVATE, onActivate);
                      s.addEventListener(Event.CONNECT, onConnect);
                      s.addEventListener(Event.DEACTIVATE, onDeactivate);
                      s.addEventListener(IOErrorEvent.IO_ERROR, onError);
                      s.addEventListener(SecurityErrorEvent.SECURITY_ERROR, onSecurity);
                  s.connect("127.0.0.1", 25013);
              private function onActivate(e:Event):void{
                  debug.text += "Activated\r";
              private function onConnect(e:Event):void{
                  debug.text += "Connected\r";
                  var o:XML = <request cmd="10"/>;
                  s.send(o);
              private function onDeactivate(e:Event):void{
                  debug.text += "Deactivated\r";
              private function onError(e:IOErrorEvent):void{
                  debug.text += e.text + "\r";
              private function onSecurity(e:SecurityErrorEvent):void{
                  debug.text += e.text + "\r";
              private function onData(e:DataEvent):void{
                  debug.text += e.data;
                  s.close();
          ]]>
      </mx:Script>
      <mx:Button label="Test" click="test()"/>
      <mx:TextArea id="debug" width="100%" height="100%"/>
  </mx:WindowedApplication>
  Any help will be apresciated.
  Ladislav.

  Hi,
  It pass some time but if i remember well, my problem was that i did
  not terminate stream output form my server vs air application, and it
  returns this security error.
  When I send  '\0' at the end of my message it work correctly. Yes the
  server was my own written socket server (c++ using boost libraries).
  Laco.
  Sorry late response I'm on hollydays
  Staney G ha scritto:
  So, how did you walk around the problem?  Did you have a control on how server responds?
  My test case failed similarly.  However, the target server is a public web service.
  Will appreciate your answers!
  >

• I have problem with Ultra Secure Memory Key Login Software (as non admin) hdlSrv.exe

  I have problem with a memory key lenovo 1g. Here is a Company and the Users can't be Admin. So We have a big problem. I download "KeySafe II and MyKey in Non-Admin Mode" but its not run. I found in Lenovo pag, i installed as said in the instructions but i repeat I return to be normal user and  couldn't use it in mode User! I trying and i saw that the service hdlsrv be on and run! but i can't. So  ¿are there  an archive that i can use and can use it this pendrive in Non-Admin mode?
  We have SO Wxp
  KeyLock : Ultra Secure Memory Key Login Software 1.0.3.6
  Fru 45j5923
  Lenovo 1g
  Please!!! help Mee!!
  thank u!

  Jan 2, 2008 11:49:35 AM org.apache.coyote.http11.Http11Protocol init
  INFO: Initializing Coyote HTTP/1.1 on http-8080
  Jan 2, 2008 11:49:35 AM org.apache.catalina.startup.Catalina load
  INFO: Initialization processed in 734 ms
  Jan 2, 2008 11:49:35 AM org.apache.catalina.core.StandardService start
  INFO: Starting service Catalina
  Jan 2, 2008 11:49:35 AM org.apache.catalina.core.StandardEngine start
  INFO: Starting Servlet Engine: Apache Tomcat/5.5.9
  Jan 2, 2008 11:49:35 AM org.apache.catalina.realm.JDBCRealm start
  SEVERE: Exception opening database connection
  java.sql.SQLException: oracle.jdbc.driver.OracleDriver
       at org.apache.catalina.realm.JDBCRealm.open(JDBCRealm.java:684)
       at org.apache.catalina.realm.JDBCRealm.start(JDBCRealm.java:758)
       at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1004)
       at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:442)
       at org.apache.catalina.core.StandardService.start(StandardService.java:450)
       at org.apache.catalina.core.StandardServer.start(StandardServer.java:683)
       at org.apache.catalina.startup.Catalina.start(Catalina.java:537)
       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
       at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
       at java.lang.reflect.Method.invoke(Method.java:585)
       at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:271)
       at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:409)
  Jan 2, 2008 11:49:35 AM org.apache.catalina.core.StandardHost start
  INFO: XML validation disabled
  Jan 2, 2008 11:49:36 AM org.apache.catalina.core.StandardContext resourcesStart

• Problem with Oracle Security Developer Tools creating signed SAML Assertion

  Hi,
  I'm trying to use OSDT to create a signed SAML assertion.
  Basically, what I've done is to use the ST_Test.java sample and the SignXMLEnveloped.java sample together.
  This is just a proof-of-concept, so what I did was use the code from ST_Test.java to create the unsigned assertion, take the byte array that results, and use it in a ByteArrayInputStream feeding into slightly modified SignXMLEnveloped.java code.
  I was actually able to created a signed assertion, but the signature on the signed assertion does not validate.
  I think that the reason it doesn't validate is because the original code in SignXMLEnveloped.java sets the URI in the reference to "", whereas the reference should be to something like "XXXXXX", which is the "AssertionID" attribute on the Assertion element.
  However, if I modify the SignedXMLEnveloped code to do a setUri to "#XXXXXX", I get the following error:
  Exception in thread "main" oracle.security.xmlsec.dsig.SigningException: Cannot find node with @Id="theassertion"
       at oracle.security.xmlsec.dsig.XSSignature.sign(Unknown Source)
       at SignXMLEnveloped.main(SignXMLEnveloped.java:116)
  Caused by: oracle.security.xmlsec.dsig.ReferenceException: Cannot find node with @Id="theassertion"
       at oracle.security.xmlsec.dsig.ObjectReference.dereference(Unknown Source)
       at oracle.security.xmlsec.dsig.XSReference.getTBDData(Unknown Source)
       at oracle.security.xmlsec.dsig.XSReference.computeDigest(Unknown Source)About to sign the Assertion...
       at oracle.security.xmlsec.dsig.XSReference.computeDigest(Unknown Source)
       at oracle.security.xmlsec.dsig.ReferenceList.computeRefDigests(Unknown Source)
       ... 2 more
  I think I know what the problem may be, but I'm not sure how to workaround it. I have written some apps to do digital signature verification before, and I know that there is a problem with SAML 1.1 called the "idness" problem, where the "AssertionID" attribute is not an "id" type attribute in the schema. I have a feeling that I'm running into the same problem here, with OSDT.
  Has anyone been successful at doing something like this with OSDT? If so, how?
  Thanks,
  Jim

  Hi,
  I was able to past my original problem, and can now sign the assertion which has the AssertionID attribute. I had to set the SAML version to 1.1 using initialize().
  Unfortunately, when I run the resulting signed assertion through a signature validation, it is failing to verify.
  I'm not sure why, but it is failing when it tries to verify the hash/digest on the reference.
  I am using a separate application that I wrote that uses Java6 and the security API that Java6 has, and with debugging enabled, I can see the dereferenced data that is being fed into the digester, and that looks correct, but the calculated digest doesn't match what my OSDT-based application generated.
  Anyone have any idea about what the problem might be?
  Thanks,
  Jim

• Heap Problem with weblogic.security.auth.login.PasswordCredential

  Hello,
  I am calling EJB's from a Tomcat 6.0.20. The EJB's are contained on a Weblogic 10 mp2. For getting EJBHome, I'm using the following InitialContext-Call:
  EJBHome home = null;
  try
  Properties initialContextProperties = new Properties();
  initialContextProps.put(InitialContext.INITIAL_CONTEXT_FACTORY, initialContextFactory);
  initialContextProps.put(InitialContext.SECURITY_PRINCIPAL, username);
  initialContextProps.put(InitialContext.SECURITY_CREDENTIALS, password);
  initialContextProps.put(InitialContext.PROVIDER_URL, url);
  initialContext = new InitialContext(initialContextProps);
  Object objref = this.initialContext.lookup(jndiHomeName);
  home = (EJBHome) PortableRemoteObject.narrow(objref, narrowClass);
  finally
  if ( initialContext != null )
  try
  initialContext.close();
  catch(Throwable t)
  return home;
  The Problem is, that after a bulk test on the tomcat (Xmx=256MB), 200MB are filled with 1.500.000 instances of the following class:
  weblogic.security.auth.login.PasswordCredential
  Has somebody an idea how to remove these classes from tomcat heap, because now the result is an OutOfMemory?
  Best regards,
  sebbay

  Hi,
  The authenticate method would take the user and the password details from the environment
  (env) that is passed and after successful authentication would populate the subject with
  the principals (i.e user, group the user belongs to ..)
  It should work with any user that is defined in the WLS not just weblogic/weblogic.
  Do you have any other users defined and which group do they belong to?
  Vimala
  Khalid Rizvi wrote:
  I am playing (learning) with weblogic.security.auth.login.UsernamePasswordLoginModule
  as a LoginModule using JAAS based authentication. Surprisingly, the only userid
  and password combination acceptable is uid=weblogic, pw=weblogic combination.
  I went through and looked at the example code under
  http://e-docs.bea.com/wls/docs70/security/cli_apps.html#1042212. I found that
  the UsernamePasswordLoginModule.login calls into
  if (url != null) {
  Environment env = new Environment();
  env.setProviderUrl(url);
  env.setSecurityPrincipal(username);
  env.setSecurityCredentials(password);
  try {
  Authenticate.authenticate(env, subject);
  Seems like UsernamePasswordLoginModule only is a router, as it instantiates an
  instance of Environemt using the userid and password and passes this Environemtn
  instance (env) to Authenticate.authenticate along with the empty Subject instance.
  I read about that the Subject instance will be filled in with Principals by the
  WL Server.
  My question is that firstly,
  1. As Authenticate.authenticate is not passed in the uid and pw, will it pick
  those from the env?
  2. Secondly, why does it only accept uid=weblogic & pw=weblogic.
  I will appreciate if some one can put me in the right direction.
  Khalid R. Rizvi
  508-641-1192
  [email protected]

• Problem with ADF security and task flow calls

  Hi.
  I am using JDeveloper 11.1.2.0.0.
  I encountered a problem when tried to apply ADF security to my application.
  The way to reproduce the problem:
  1. Create new Fusion Web Application;
  2. Import Business Components from Tables from any existing schema and add at least one table to the ApplicationModule.
  3. Create "welcome page" (for instance, welcome.jsf). Add a button with fixed action outcome "test".
  4. Create test page, for instance, test.jsf. Drag and drop any view object from Data Controls onto the page and create a form with navigation controls. Add a button with fixed action outcome "return".
  5. Create bounded task flow, name it "test", drag and drop our test page on it - the page will be the default activity. Add a task flow return activity. Add a control flow case from the default view activity to the return activity, set From Outcome property to "return". So our return button should cause the task flow to exit.
  6. Open adfc-config.xml in diagram mode and place our welcome page on it. Then drag and drop the test task flow to create a task flow call activity. Add a control flow case from welcome page to task flow call activity, set the From Outcome property to "test". So our test button should call the test task flow.
  7. Configure application to run the unbounded task flow starting with Welcome view activity.
  At this point all works as expected: when application runs, the welcome page is displayed with test button. Pressing the test button results in displaying the test page, return button leads back to the welcome page.
  Now let's configure ADF Security.
  Run the ADF Security configuration wizard, choose ADF Authentication and Authorization.
  On the second page select Form-Based Authentication, check the Generate Default Pages flag.
  On the third page choose No Automatic Grants.
  On the next page keep the Redirect Upon Successful Authentication unchecked. Press Finish.
  Open jazn-data.xml to configure roles, users and resource grants:
  1. Create application role test-role.
  2. Grant the test-role privileges to view the test task flow.
  3. Create user and grant him the test-role.
  Now we have the public available welcome page and the test page with restricted access.
  When application runs, the welcome page is displayed as expected. Pressing the test button redirect us to auto-generated login page. After successful authorization the test page is displayed. But nothing happens if we click now the return button for the first time. When we click the return button once more, the application crushes with Error-500 and message "Target Unreachable, identifier 'bindings' resolved to null". The exact error trace depends on UI control bindings, but looks like this:
  javax.el.PropertyNotFoundException: //C:/Users/DUDKIN/AppData/Roaming/JDeveloper/system11.1.2.0.38.60.17/o.j2ee/drs/Test1/ViewControllerWebApp.war/test.jsf @10,120 value="#{bindings.Id.inputValue}": Target Unreachable, identifier 'bindings' resolved to null
       at com.sun.faces.facelets.el.TagValueExpression.isReadOnly(TagValueExpression.java:122)
       at oracle.adfinternal.view.faces.renderkit.rich.EditableValueRenderer._getUncachedReadOnly(EditableValueRenderer.java:476)
       at oracle.adfinternal.view.faces.renderkit.rich.EditableValueRenderer.getReadOnly(EditableValueRenderer.java:390)
       at oracle.adfinternal.view.faces.renderkit.rich.EditableValueRenderer.wasSubmitted(EditableValueRenderer.java:345)
       at oracle.adfinternal.view.faces.renderkit.rich.EditableValueRenderer.decodeInternal(EditableValueRenderer.java:116)
       at oracle.adfinternal.view.faces.renderkit.rich.LabeledInputRenderer.decodeInternal(LabeledInputRenderer.java:56)
       at oracle.adf.view.rich.render.RichRenderer.decode(RichRenderer.java:342)
       at org.apache.myfaces.trinidad.render.CoreRenderer.decode(CoreRenderer.java:274)
       at org.apache.myfaces.trinidad.component.UIXComponentBase.__rendererDecode(UIXComponentBase.java:1324)
  (the rest of lines skipped).
  Any suggestions?
  Edited by: user13307311 on Apr 16, 2013 11:39 PM

  @Lovin_JV_941794
  The welcome page is public available since it does not have appropriate PageDef file.
  Login page comes not from the welcome page, it comes after attempt to access the test page. So after the login succeeded the test page appears, because redirect to welcome page after successful login is not configured. I do not need to return the welcome page at this moment, I need to go to the test page.
  It seems the task flow call stack to be destroyed after redirect to login page.
  Edited by: user13307311 on Apr 17, 2013 12:45 AM