Problem with security role
Hello,
I have Enterpise Portal 7.0 SP13 instance (only Java stack installed). My enviroment is AIX 5.3 and Oracle 10.
This instance has a lot of security alerts in the default trace log, like this:
#1.5^H#C2B30000C03D006400000039000A9084000443246AFD6467#1199723599717#com.sap.engine.services.security.roles.SecurityRoleImpl##com.sap.engine.services.security.roles.SecurityRoleImpl#j2ee_admin#1208####41667d10bd3e11dccc51c2b30000c03d#SAPEngine_Application_Thread[impl:3]_5##0#0#Error#1#/System/Security/Audit/J2EE#Java###:Authorization check for caller assignment to J2EE security role [ : ].#3#ACCESS.ERROR#SAP-J2EE-Engine#guests#
Anyone knows what is it?
Regards
Rodrigo
I found the bug : in LDAP I've got a user also called OIDGroup1 (the same as group's name).
Similar Messages
-
Problem with Security Role mapping and LDAP
Hi,
In Oracle Internet Directory I've created a group called OIDGroup1.OIdGroup1 has 2 users : OIDuser1 and OIDuser2.
OIDGroup1 is mapped to EjbRole1 (is a security role defined in ejb-jar.xml, EjbRole1 can do everything in the application).Now if I login as OIDuser1 or OIDuser2, application said that the user does not
have authorization to execute some method. The mapping in my orion-application.xml is :
<security-role-mapping name="EjbRole1">
<group name="admin/OIDGroup1"/>
</security-role-mapping>
<jazn provider="LDAP" location="ldap://myhost:4032"><jazn-web-app auth-method="SSO"/></jazn>
if I modified orion-application.xml like this :
<security-role-mapping name="EjbRole1">
<group name="admin/OIDGroup1"/>
<user name="admin/OIDuser1"/>
</security-role-mapping>
then login as OIDuser1, it works. But it does not work with OIDuser2.
That's is a problem for me because our customer can not manage the user/group
easily : each time they have a a new user, instead of simply adding this user
in the OIDGroup1 (with graphic interface of OIDAS), they have to modify
orion-application.xml.
Do you have any idea ?
Thanks in advance
regardsI found the bug : in LDAP I've got a user also called OIDGroup1 (the same as group's name).
-
I gotta problem with security question recovery email I'd, mistakenly I entered wrong email I'd so now I want to edit that I'd plz help me
expresslane.apple.com to get a hold of itunes to reset them by email the only way
-
HT5312 Problem with security question
I have Problem with security question
The Best Alternatives for Security Questions and Rescue Mail
1. Send Apple an email request at: Apple - Support - iTunes Store - Contact Us.
2. Call Apple Support in your country: Customer Service: Contact Apple support.
3. Rescue email address and how to reset Apple ID security questions.
An alternative to using the security questions is to use 2-step verification:
Two-step verification FAQ Get answers to frequently asked questions about two-step verification for Apple ID. -
HT5699 Having problem with security question
Cannot get iTunes card to work having problem with security question
Alternatives for Help Resetting Security Questions and Rescue Mail
1. Apple ID- All about Apple ID security questions.
2. Rescue email address and how to reset Apple ID security questions
3. Apple ID- Contacting Apple for help with Apple ID account security.
4. Fill out and submit this form. Select the topic, Account Security.
5. Call Apple Customer Service: Contacting Apple for support in your
country and ask to speak to Account Security.
How to Manage your Apple ID: Manage My Apple ID -
Hello
I have a problem with security questions and i cant reset to my email
The error was
Exceeded Maximum Attempts
We apologize, but we were unable to verify your account information with the answers you provided to our security questions.
You have made too many attempts to answer these questions. So, for security reasons, you will not be able to reset password for the next eight hours.
Click here for assistance.
i waited more than eight hours. and back to my account but it is the same ( no change ) i cant find forgot your answers
http://www.traidnt.net/vb/attachment...134863-333.jpg
can you help me pleaseAlternatives for Help Resetting Security Questions and Rescue Mail
1. Apple ID- All about Apple ID security questions.
2. Rescue email address and how to reset Apple ID security questions
3. Apple ID- Contacting Apple for help with Apple ID account security.
4. Fill out and submit this form. Select the topic, Account Security.
5. Call Apple Customer Service: Contacting Apple for support in your
country and ask to speak to Account Security.
How to Manage your Apple ID: Manage My Apple ID -
TS1702 Having problems with Security questions to be able to download from the iTunes store
Having problems with Security questions to be able to download from the iTunes store
Security questions
Read this note for information on how to reset the security questions http://support.apple.com/kb/HT5312
This user tip may also help you Security Questions -
hello,I have a problem with security questions.i don't remember the answer,please help me. i don't know how to manage this
You need to ask Apple to reset your security questions; ways of contacting them include phoning AppleCare and asking for the Account Security team, clicking here and picking a method for your country, and filling out and submitting this form.
They wouldn't be security questions if they could be bypassed without Apple verifying your identity.
(104775) -
I'm facing problem with security questions,
I'm facing problem with security questions,
please hlep me to solve it.http://support.apple.com/kb/HT5665
-
Problem with security with action commands to Servlet...
Hi.
I have a webapplication that under its context has two diffenent
maps, one is admin and the other one is user.
I use an ActionRouter and has actions like list-clients.do.
The admin map is restricted area described in web.xml.
You have to be in AdminRole to get access.
My problem is that if I log in as user, I can "shoot" actions commands
like list-clients.do from the user area and Servlet maps to the proper
jsp that is in the admin map. When I then try isUserInRole and so on
there is only a quetstionmark. If I run from admin area the isUserInRole
knows who is logged in.
I put in the list-clients.do in the url like: http://myplace.com/users/list-clients.do and servlet reply with jsp from
admin area.
Anybody know why not the restricted area declared in the web.xml file
works during that condition, and how to solve this?
Heres my web.xml
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" "http://java.sun.com/dtd/web-app_2_3.dtd">
<web-app>
<filter>
<filter-name>loginfilter</filter-name>
<filter-class>argus.web.util.LoginFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>loginfilter</filter-name>
<url-pattern>/admin/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>loginfilter</filter-name>
<url-pattern>/user/*</url-pattern>
</filter-mapping>
<servlet>
<servlet-name>action</servlet-name>
<servlet-class>argus.web.servlet.ActionServlet</servlet-class>
</servlet>
<servlet>
<servlet-name>setup</servlet-name>
<servlet-class>argus.web.servlet.SetupServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>action</servlet-name>
<url-pattern>*.do</url-pattern>
</servlet-mapping>
<session-config>
<session-timeout>0</session-timeout>
</session-config>
<security-constraint>
<display-name>ArgusAdmin</display-name>
<web-resource-collection>
<web-resource-name>AdminAdaptor</web-resource-name>
<url-pattern>/admin/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>ArgusAdmin</role-name>
</auth-constraint>
</security-constraint>
<security-constraint>
<display-name>ArgusUser</display-name>
<web-resource-collection>
<web-resource-name>UserAdaptor</web-resource-name>
<url-pattern>/user/*</url-pattern>
<url-pattern>/index.htm</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>ArgusAdmin</role-name>
<role-name>ArgusUser</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/login.htm</form-login-page>
<form-error-page>/loginError.htm</form-error-page>
</form-login-config>
</login-config>
<security-role>
<role-name>ArgusAdmin</role-name>
</security-role>
<security-role>
<role-name>ArgusUser</role-name>
</security-role>
</web-app>
Many Thanks
BenThe code you've shown us looks fine. The problem isn't in the form code you've listed. Is the form being included inside another form on index.jsp? Does index.jsp have any forms of it's own? Perhaps you aren't submitting the form you think you are submitting. Or, are you redirecting in your serlvet somewhere? Or are you forwarding the request somehow?
I agree with the previous post - we need to see the HTML output that index.jsp results in.
Michael -
hi all
i have a problem in my security roles .. two user that have same security role one of them have permission in account
but another user does not have permission..Hi,
Please check the team membership. Users could get additional rights due to following reasons:
1) Team membership. Team could have the role assigned which gives you additional access.
2) Specific record is shared with the user. In that case user will be able to see this record.
3) Specific record is assigned to you. In that case user will be able to see this records.
Hope this helps.
Minal Dahiya
blog : http://minaldahiya.blogspot.com.au/
If this post answers your question, please click "Mark As Answer" on the post and "Vote as Helpful" -
Problem with security in Weblogic 8.1
Hi, my name is Jesús Chávez Reyes and it is my first time in this forum.
My problem is related with security in WL 8.1 because I am new in this matter. My problem is :
I work in change completely the security of an enterprise application that is deployed in WebLogic 8.1 and your security is a based in a RDBMS Custom Realm in Compatibility Security.
This application is composed by 18 EJB and 4 web applications.
The objective of this change is:
1.- Use a external system for authentication (though a web service).
2.- If is possible: unbind security of WL for in a future deploy the application in other Server(Jboss for example).
I'm trying to implement security with Acegi and Spring in a one of the four web applications. I deleted all it has to do with security in deploy descriptors and deleted the realm.
At this point I can login in , using the Web Service of the external application, without difficulty.
The problem arises when the application makes an instance of the EJB's. This is the way how the application makes the instances of the EJB:
InitialContext context = new InitialContext( null );
Object = context.lookup(name); // name=GroupSessionFacade (JNDI Name of EJB)
EJBHome home = (EJBHome) objref;
+...+
GroupSessionFacadeHome home = (GroupSessionFacadeHome) objref;
groupFacade = home.create();
In this point GroupSessionFacadeHome home = (GroupSessionFacadeHome) objref the application throws ClassCastException. This happens with all EJB.
The application work fine before of to use Acegi and remove all it has to do with security. I inspect the Object " objref " before and after and this happen:
BEFORE
Class Name: control.ejb.GroupSessionFacadek1696tHomeImpl
SuperClass : weblogic.ejb20.internal.StatelessEJBHome
Implement : weblogic.ejb20.internal.StatelessEJBHome , control.ejb.GroupSessionFacadeHome
AFTER
Class Name: control.ejb.GroupSessionFacadek1696tHomeImpl
SuperClass : weblogic.ejb20.internal.StatelessEJBHome
Implement : weblogic.ejb20.internal.StatelessEJBHome
Here The object no implements the InterfaceHome "control.ejb.GroupSessionFacadeHome" !!!!!!!!!, this is the cause of ClassCastException.
What is the problem? Is it a security problem? and if so what do I need to remove or add in the application and has no dependence on anything for the security of Web Logic?
The deploy descriptors are:
IN THE WEB APPLICATION
web.xml
+<ejb-ref>+
+<description>Reference to the GroupSessionFacade</description>+
+<ejb-ref-name>ejb/GroupSessionFacade</ejb-ref-name>+
+<ejb-ref-type>Session</ejb-ref-type>+
+<home>control.ejb.GroupSessionFacadeHome</home>+
+<remote>control.ejb.GroupSessionFacade</remote>+
+</ejb-ref>+
IN THE EJB
ejb-jar.xml
+<?xml version="1.0"?>+
+<!DOCTYPE ejb-jar PUBLIC '-//Sun Microsystems, Inc.//DTD Enterprise JavaBeans 2.0//EN' 'http://java.sun.com/dtd/ejb-jar20.dtd'>+
+<ejb-jar>+
+<enterprise-beans>+
+<session>+
+<description>GroupSessionFacade</description>+
+<ejb-name>GroupSessionFacade</ejb-name>+
+<home>control.ejb.GroupSessionFacadeHome</home>+
+<remote>control.ejb.GroupSessionFacade</remote>+
+<ejb-class>control.ejb.GroupSessionFacadeEJB</ejb-class>+
+<session-type>Stateless</session-type>+
+<transaction-type>Container</transaction-type>+
+<ejb-ref>+
+<ejb-ref-name>ejb/UserManager</ejb-ref-name>+
+<ejb-ref-type>Session</ejb-ref-type>+
+<home>control.ejb.UserManagerHome</home>+
+<remote>control.ejb.UserManager</remote>+
+</ejb-ref>+
+<resource-ref>+
+....+
+ </enterprise-beans>+
+<assembly-descriptor>+
+<container-transaction>+
+<method>+
+<ejb-name>GroupSessionFacade</ejb-name>+
+<method-name>*</method-name>+
+</method>+
+<trans-attribute>NotSupported</trans-attribute>+
+</container-transaction>+
+</assembly-descriptor>+
+</ejb-jar>+
weblogic-ejb-jar.xml
+<?xml version="1.0"?>+
+<!DOCTYPE weblogic-ejb-jar PUBLIC+
+"-//BEA Systems, Inc.//DTD WebLogic 8.1.0 EJB//EN"+
+"http://www.bea.com/servers/wls810/dtd/weblogic-ejb-jar.dtd">+
+<weblogic-ejb-jar>+
+<weblogic-enterprise-bean>+
+<ejb-name>GroupSessionFacade</ejb-name>+
+<transaction-descriptor>+
+<trans-timeout-seconds>600</trans-timeout-seconds>+
+</transaction-descriptor>+
+...+
+<enable-call-by-reference>True</enable-call-by-reference>+
+<jndi-name>GroupSessionFacade</jndi-name>+
+</weblogic-enterprise-bean>+
+</weblogic-ejb-jar>+Hi,
This is the forum to discuss questions and feedback for Microsoft Visio, I'll move your question to the SSIS forum
http://social.technet.microsoft.com/Forums/sqlserver/en-US/home?forum=sqlintegrationservices
The reason why we recommend posting appropriately is you will get the most qualified pool of respondents, and other partners who read the forums regularly can either share their knowledge or learn from your interaction with us. Thank you for your understanding.
George Zhao
TechNet Community Support -
On my desktop, I have been using Firefox V27 on Ubuntu 12.04 for some time. It uses secure sites - such as https://mozilla.org - and accepts the Security Certificates quite happily, so I am not even aware there is any issue.
My new laptop is Windows 8,1, and I have installed Firefox- the latest version.
Whenever Firefox visits a secure site, it ALWAYS says that there is a problem with the security certificate - even at mozilla.org - and warns me away. I have to complete a security exemption.
Why is this, and how can I fix it?
Thanks in anticipation.unfortunately the fiddler2 issuer in certificates might be a sign of unwanted software present on your pc that is intercepting secure network traffic. please go into the system control panel and uninstall programs like BrowserSafeguard, BrowserSafe, SafeGuard or other software that sounds suspicious and didn't get installed by you intentionally.
<br><sub>reference: https://support.mozilla.org/en-US/questions/982532#answer-520145</sub>
afterwards, run a full scan of your system with different security tools like the [http://www.malwarebytes.org/products/malwarebytes_free free version of malwarebytes] & [http://www.bleepingcomputer.com/download/adwcleaner/ adwcleaner].
[[Troubleshoot Firefox issues caused by malware]] -
I am getting redirected to unknown sites whenever I open any site while using mozilla. Initially I thought that there is a problem with my device, but then I realized that this happens only when using mozilla, not with other browsers like chrome, IE, or opera.
These sites are mainly having the message 'Ad by ShopDrop'..
I am pasting below links to few sites to which I get redirected to
http://offers.bycontext<i></i>.com/scjs/tb/ctxjs/index<i></i>.php?kw2=www.espncricinfo<i></i>.com&affid=1151&subaff_id=725_724&intformat=roll&nextpage=http%3A%2F%2Fwww.espncricinfo<i></i>.com%2F&ch=421&sbrand=ShopDrop&folder=v4.19&typrd=ctx&cu=32929&country=IN&original_country=IN
http://add0n<i></i>.com/fastest-gmail.html?v=0.1.6&p=0.1.5&type=upgradehello, you have various malicious addons present. please perform all these steps:
# [[Reset Firefox – easily fix most problems|reset firefox]] (this will keep your bookmarks and passwords)
# afterwards go to the firefox menu ≡ > addons > extensions and in case there are still extensions listed there, disable them.
# finally run a full scan of your system with different security tools like the [http://www.malwarebytes.org/products/malwarebytes_free free version of malwarebytes] and [http://www.bleepingcomputer.com/download/adwcleaner/ adwcleaner] to make sure that adware isn't present in other places of your system as well.
[[Troubleshoot Firefox issues caused by malware]] -
CUA problem with composite role
Hello experts, I have a problem with a composite role in my CUA parent system. If you look at the roles tab you will see one of the child roles has a name of child CUA system in the 'target sys' column. the rest all have 'user system'. Can anyone explain how this 'target sys' column is defined?
Thanks
Dave WoodI do not know if you have solved this issue, but the target system is defined within your single role on you menu tab.
No what happens is that in transaction SM30 table SSM_RFC you define system variable linked to your logical system.
This variable determines that when you import roles from another system by means of transaction PFCG > Read from other system from RFC and you select your variable the system will automatically default in the target system field the system it is suppose to go back to.
So this way when you distibute the roles it will only go back to that particular target system, and you do not need to specify and guess where the role came from.
Try removing that table entry in SM30 SSM_RFC and see if that way you will be able to remove the target system from the role.
However it is not a bad thing to have activated. If you are working with position base authorizations and you have more than 1 system, you define 1 composite role for all the roles, for all the systems and you will be able to see where the composite resides by means of the target value.
Hope this makes sense.
Regards
Sonja
Maybe you are looking for
-
How to insert check box value in table?
Hi all kindly help me how to insert check box value in database. what code i have to use as i am new in programing. thanx in advance
-
What may be the reasons for my iphone switching off all of a sudden and how do i prevent it?
what may be the reasons for my iphone switching off all of a sudden and how do i prevent it?
-
Odd Zen vision m question: double track list
i recently got a zen vision m and love it. i've had this odd issue crop up twice now and i'm not sure how to take care of it. all of the files in my music albums are being listed twice, but there is only one copy of the media on the player. i'm not s
-
Import dvd to itunes for ipod - Apple Cust. Service TOLD me to post it.
An apple rep at 800-275-2273 TOLD ME TO POST THE QUESTION on the forum. If it is NOT ALLOWED, then YOU need to tell them not close my posting. It sounds as if Apple has an internal issue to work out. Please do not CLOSE my posting.
-
Hi All, We have faced a issue that PODREL field in LIPS table is A(Relevant for POD) for 2line item out of 5 line item but delivery is not relevant for POD relevance. We are not able to open this delivery through t.code VLPODA as system is giving err