Promotion Management Security

Similar Messages

• Promotion Management instances limitations.

  Hi All,
  I am migrating some reprots from BO 3.1 to BI 4.1SP3. I have migrated a folder from 3.1 prod to 4.1 UAT using UMT, which is having around 80 reports + 7000 instances.
  Now i want to move these reports and instances to production using Promotion management tool ,will promotion management job supports for large no of instances?. is there any limitation on no of instances using Promotion management..
  Thanks in advance,
  Divi.

  Promotion management is not an option for this scenario.
  It has timeout issues and when promoting large content it goes through many complexities.(Dependency calculations and security calculations)
  Best available option for you is LCM CLI.
  Go through these links:
  http://scn.sap.com/community/bi-platform/blog/2013/12/03/41-sp2-has-lots-of-performance-improvements
  1873184 - How to promote all content under a given folder using LCM command line interface.
  Best Practice for Promoting content using promotion Management Tool
  1969259 - LCM CLI Master Note - How to promote thousands of objects across BI4 environments ?

• EJB 3.0 Security with ACEGI and not with Container Managed Security

  Hi,
       Currently we are using EJB 2.0 in our project, We want to use EJB 3.0
       But for security we want to use Spring ACEGI Security and we don�t want to use container managed security (No Portability, Difficult, �)
       ACEGI supports Servlet/JSP security very well (I am able to call isUserInRole(), getUserPrincipal() because ACEGI implements by ServletRequestWrapper in a filter)
       But for EJB, it lacks this feature. (There is no standard EJB interceptor API as there is with servlets (using filters), so there's no generic way of modify in the EJB context for the invocation)
       Without using container managed security, Is there any way to propogate my security context from Servlet Layer to EJB Layer, So that I can use EJB Declartive security and getCallerPrincipal(), isCallerInRole() API.
       For more info please see this thread http://forum.springframework.org/showthread.php?t=26514
       Why don�t you provide standard EJB interceptor API as there is with servlets (using filters), so there I am able add security identity to EJB context.
       I am eagerly waiting for the reply

  Reason: javax.naming.NameNotFoundException: jdbc not bound
  Although i am quite new to this as well i would say that there is a problem with your connection with the database.
  It seems it cannot connect to Mysql.
  have you download the mysql package library and imported it ?
  Also in your deploy folder in you Jboss
  have you altered the jdbc to connect to you database in your dataset ? ( i am not sure about mysql, but postgre reguired this)
  Most probably it would be the same in mysql.
  <connection-url>jdbc:postgresql://127.0.0.1:5432/Dissertation</connection-url>
  Not sure if this is what you reguire, i am new at this my self

• The OMS is not set up for Enterprise Manager Security

  Hi, I'm trying to add an agent to grid control and its not connecting with the management server because i cant secure it...
  bash-2.05$ ../../bin/emctl secure agent <password>
  Oracle Enterprise Manager 10g Release 3 Grid Control 10.2.0.3.0.
  Copyright (c) 1996, 2007 Oracle Corporation. All rights reserved.
  Agent is already stopped... Done.
  Securing agent... Started.
  Requesting an HTTPS Upload URL from the OMS... Failed.
  The OMS is not set up for Enterprise Manager Security.
  i have tried this on two seperate servers, both do the exact same thing. However, on my repository server where the OMS is housed, i can secure the agent no problem. Does anyone know what the problem could be? My OMS is on a Linux (SuSE 10.2) 32-bit machine.
  heres the emdctl.trc on the agent machine:
  2007-07-11 11:00:20 Thread-1 ERROR main: nmectla_agentctl: Error connecting to http://cbldb3:3872/emd/main/. Returning status code 1
  2007-07-11 11:00:21 Thread-1 WARN http: snmehl_connect: connect failed to (cbldb3:3872): Connection refused (error = 239)
  2007-07-11 11:00:21 Thread-1 ERROR main: nmectla_agentctl: Error connecting to http://cbldb3:3872/emd/main/. Returning status code 1
  2007-07-11 11:00:21 Thread-1 WARN http: snmehl_connect: connect failed to (cbldb3:3872): Connection refused (error = 239)
  2007-07-11 11:00:21 Thread-1 ERROR main: nmectla_agentctl: Error connecting to http://cbldb3:3872/emd/main/. Returning status code 1
  2007-07-11 11:00:22 Thread-1 WARN http: snmehl_connect: connect failed to (cbldb3:3872): Connection refused (error = 239)
  2007-07-11 11:00:22 Thread-1 ERROR main: nmectla_agentctl: Error connecting to http://cbldb3:3872/emd/main/. Returning status code 1
  2007-07-11 11:05:10 Thread-1 WARN http: snmehl_connect: connect failed to (cbldb3:3872): Connection refused (error = 239)
  2007-07-11 11:05:10 Thread-1 ERROR main: nmectla_agentctl: Error connecting to http://cbldb3:3872/emd/main/. Returning status code 1
  2007-07-11 11:10:08 Thread-1 WARN http: snmehl_connect: connect failed to (cbldb3:3872): Connection refused (error = 239)
  2007-07-11 11:10:08 Thread-1 ERROR main: nmectla_agentctl: Error connecting to http://cbldb3:3872/emd/main/. Returning status code 1
  bash-2.05$ lsof | grep 3872
  bash-2.05$
  seems to be failing the connect but nothing is running on the port so i'm not sure why
  Thanks in advance
  Message was edited by:
  user581869

  some further information and hopefully someone can help me...
  I went to the OMS binary folder (fmc45712:$OMS_HOME/bin) and executed the following commands...
  $OMS_HOME/opmn/bin/opmnctl stopall
  $OMS_HOME/bin/emctl stop oms
  $OMS_HOME/bin/emctl secure oms
  $OMS_HOME/bin/emctl start oms
  $OMS_HOME/opmn/bin/opmnctl startall
  then i go to $AGENT_HOME on the OMS machine (fmc45712:$AGENT_HOME/bin) and execute..
  $AGENT_HOME/bin/emctl status agent -secure
  Oracle Enterprise Manager 10g Release 3 Grid Control 10.2.0.3.0.
  Copyright (c) 1996, 2007 Oracle Corporation. All rights reserved.
  Checking the security status of the Agent at location set in /opt/oracle/OracleHomes/agent10g/sysman/config/emd.properties... Done.
  Agent is secure at HTTPS Port 3872.
  Checking the security status of the OMS at http://fmc45712:4889/em/upload/... Done.
  OMS is secure on HTTPS Port 1159
  I then to go the server i deployed the agent on that i want to get communicating wtih my OMS...
  $AGENT_HOME/bin/emctl status agent -secure
  Oracle Enterprise Manager 10g Release 3 Grid Control 10.2.0.3.0.
  Copyright (c) 1996, 2007 Oracle Corporation. All rights reserved.
  Checking the security status of the Agent at location set in /u101/em/agent10g/sysman/config/emd.properties... Done.
  Agent is unsecure at HTTP Port 3872.
  Checking the security status of the OMS at http://fmc45712:4889/em/upload/... Done.
  OMS is running but has not been secured. No HTTPS Port available.
  same command, different computer, but on the same network, and it just doesn't work. The OMS is on Linux x86 and the agent on the alternate computer is on HP-UX. If anyone has any help it'd be much appreciated.

• BADI for Claims search in trade promotion management

  Hi Experts,
  I am enhancing the Claims search in trade promotion management with a custom field. I added a custom field in the search screen of claims.
  I want to filter the records based on that custom field. The component is BT311S_CSR and the search query is BTQCSR.
  Is there any BADI for claims so that I can filter the records.
  I tried to put a breakpoint in the badi CRM_BADI_RF_Q1O_SEARCH and searched but it is not stopping.
  Does this badi works for claims? Or first do i have to create a implementation with the filter object as BTQCSR then try to check whether it will stop in the badi while searching the claims.
  Please suggest me.
  Regards,
  Dinesh.

  Hi Dinesh,
  Now this becomes tricky. Since your requirement is very specific there is no way that standard sap can help. You may end up in enhancing n number of classes.
  I can propose a solution though Please put of in front of your business/ functional team and then go ahead..
  Now we will change our approach...Please follow below steps:
  1. Add a altogether new field to your claim transaction using AET for sales office (description as 'Sales Office').
  2. Make this field search and result relevant.
  3. Whenever a sold to party is selected for claim transaction, based on the sold to party you would set value of this field.
  4. Since your field is search relevant it will automatically appear in your search query (control this in view configuration.)
  5. You may or may not display this field to end user in claim detail screen, You can control this by configuration.
  6. Depending on your requirement you can show/hide standard sales office field in search query.
  If you follow this approach then it will serve the purpose.
  Trust this solves your issue. Give points if it helps.
  Regards,
  Bhushan

• SHA-1 Encryption is not working in Container managed security

  Hi,
  I have to turn to your help after no luck with other possible resource.
  I implemented container managed security on my apps and it works well without the encrypted password(clear text) in the table column. Now I referred OC4J Security guide to implement the password encryption as follows:
  1. Using the DBTableOraDataSourceLoginModule, set the option pw_encoding_class = oracle.security.jazn.login.module.db.util.DBLoginModuleSHA1Encoder
  2. run the following procedure:
  DECLARE
      l_password VARCHAR2(50) := 'welcome';
      l_password_raw RAW(128) := utl_raw.CAST_TO_RAW(l_password);
      l_encrypted_raw RAW(2048);
      l_encrypted_string VARCHAR2(2048);
      l_encrypted_string2 VARCHAR2(2048);
  BEGIN
      dbms_output.put_line('Password in String: ' || l_password);
      dbms_output.put_line('Password in raw: ' || l_password_raw);
      l_encrypted_raw := dbms_crypto.hash(l_password_raw, dbms_crypto.HASH_SH1);
      dbms_output.put_line('SH1: ' || l_encrypted_raw);
      l_encrypted_string := UTL_ENCODE.BASE64_ENCODE(l_encrypted_raw);
      dbms_output.put_line('Base64Encoding: ' || l_encrypted_string);
  END;
  3. update the clear text password with the SHA-1 encrypted password and encoded in Base64Encoding (in my case, it's the parameter "l_encrypted_string")Now I run the application and login says "password not matching!" If anyone know what's going on, please advise me what's wrong...pls
  thanks very much,

  Hi,
  hard to say without knowing the code the OC4J team uses in their login module. I know they based it on a JAAS LoginModule I wrote some years ago, but they did change some parts of it. In the original version. the password was read from the database and then compared with the provided password string. Using encryption it uses a class to encode and decode the password queried from teh database. My guess is that the returned string - after decoding - doesn't meet the password string you provide when authenticating. Since this piece of code is owned by the OC4J team, I suggest to try the Application Server forum or the Security forum
  Frank

• Error in promotion management tool in BI4.1 Sp1

  Hi
    I am getting the following error when i try to add report folder objects using Promotion Management Tool in BI4.1 SP1.
  We are having Windows clustered environment.
  Can anybody help me to resolve this issue?
  HTTP Status 500 - java.lang.RuntimeException: org.apache.jasper.JasperException: java.util.ConcurrentModificationException
  type Exception report
  message java.lang.RuntimeException: org.apache.jasper.JasperException: java.util.ConcurrentModificationException
  description The server encountered an internal error that prevented it from fulfilling this request.
  exception
  java.lang.RuntimeException: java.lang.RuntimeException: org.apache.jasper.JasperException: java.util.ConcurrentModificationException
    com.businessobjects.http.servlet.internal.BundlePathAwareServiceHandler.serviceHelper(BundlePathAwareServiceHandler.java:254)
    com.businessobjects.http.servlet.internal.BundlePathAwareServiceHandler.service(BundlePathAwareServiceHandler.java:197)
    com.businessobjects.http.servlet.internal.ProxyServlet.service(ProxyServlet.java:248)
    javax.servlet.http.HttpServlet.service(HttpServlet.java:722)
    org.eclipse.equinox.servletbridge.BridgeServlet.service(BridgeServlet.java:220)
    javax.servlet.http.HttpServlet.service(HttpServlet.java:722)
    com.businessobjects.pinger.TimeoutManagerFilter.doFilter(TimeoutManagerFilter.java:168)
  root cause

  HI,
  check the attached link.
  http://scn.sap.com/thread/3550805

• Manage security for a report that lives in multiple folders

  Post Author: EricE
  CA Forum: General
  I am using Crystal Enterprise 10.  (we are about to upgrade to BO XI if
  it matters in the answer)
  As we consider the migration to XI we are thinking about problems with our
  existing system that we have never solved adequately.
  The problem is how to manage
  security of a given report that shows up in multiple places in the tree.
  Example:
  I have a report lives in the Sales folder but also needs to be in a folder at
  the same level called Marketing.
  I want the report to
  exist only once so that if I update it, it gets updated both places.
  To solve that I could put the real report in a folder called u201Call reportsu201D and
  then create short cuts to it in both of the other folders.
  The problem with that method is that
  the users who have rights to the u201CSalesu201D folder donu2019t get rights to the
  shortcut (because the rights don't seem to work on shortcuts).  The rights
  would have to be granted to the real report objectu2026which quickly becomes a mess
  trying to manage rights to each individual report object.
  So I want to manage rights/security
  at the folder level but I also want a given report to live in more than one
  location (but have one real report object) and have its rights administered by the folder it is in.
  Is there any way to do that?

  Post Author: EricE
  CA Forum: General
  yangster:When you set permissions at the folder level all reports within the folder and any subfolder that exist should inherit the parent folders rights.So putting in your report into the sales folder and creating a shortcut to the marketing folder should be fine as long as you have not set any specific right on the actual report itself.Please clarify per my post above this one.  I tried doing exactly what you said to do.  What happened is that the user could SEE the report but could not execute it. User had "view on demand" rights to the folder via a group.  

• Where are the Manage Security Policy Settings Stored

  I want to upgrade from Acrobat Pro 9 to X....and I'm prompted to uninstall 9 first.  I have a ton of passwords saved under Manage Security Policies in Acrobat 9 and I don't want to lose these.  I know they are stored in some file, but I don't know the file.  Can anyone advise the file name?  I assume I can just save this file elsewhere on my computer, uninstall Pro 9...and then when I install X I can just copy this file to the folder for X, right?
  Steve

  C:\Documents and Settings\<username>\Application Data\Sun\Java\Deployment\deployment.properties
  the folder applicationData may be hidden. Hidden files and folders have to be displayed.
  Regards
  Michael

• Container Managed Security on Tomcat - configuring different auth-methods

  I am trying to configure the container managed security on tomcat4. Or rather I am trying to add a further dimension to the configuration that already exists.
  At the moment the entire application uses LDAP authentication and I would like to separate an area that requires further authentication. That is to say I would like everyone using the web application to authenticate using the existing Form-Based LDAP authentication but I would like only certain users to be able to use the data upload facility (whose code is stored in it's own directory).
  This is the authentication bit of my web.xml:
    <security-constraint>
      <web-resource-collection>
        <web-resource-name>qmrae</web-resource-name>
        <url-pattern>*.do</url-pattern>
        <url-pattern>*.jsp</url-pattern>
      </web-resource-collection>
      <auth-constraint>
        <role-name>*</role-name>
      </auth-constraint>
    </security-constraint>
    <login-config>
      <auth-method>FORM</auth-method>
      <realm-name>Form-Based Authentication Area</realm-name>
      <form-login-config>
        <form-login-page>/login.jsp</form-login-page>
        <form-error-page>/loginError.jsp</form-error-page>
      </form-login-config>
    </login-config>My first hurdle is in understanding exactly how the application knows where to go for its authentication.
  I had guessed that the realm-name would map "areas" of my application to realm configuration defined in my application's context area in Tomcat's web.xml but this doesnt seem to be the case. In fact I have read conflicting explanations as to what the realm-name is for. One source has said that this is only used for BASIC authentication as a way of naming the resulting pop up window - many others say it maps the login-config to the web-resource-name. However the latter doesnt make sense because the authentication works in my application at the moment even though those values are completely different (and indeed are different in most of the examples i've read on the web). Furthermore I can find any other mention of the defined realm-name in any other file (which of course be because i'm looking in the wrong place).
  I was prepared to accept that the realm-name might not actually do anything and so I've been looking for examples of defining a different auth-method for different url-patterns but i've had no luck.
  I know a user can have one or more roles but I dont have access to the LDAP server to set these up and haven't found anything about defining different auth-methods other than one thread in this forum suggesting that is wasnt possible on AIS.
  This thread suggests that you can have more than one security-constraint but again i'm not sure about the auth methods and how you map an auth method to a security-constraint
  http://forum.java.sun.com/thread.jspa?forumID=33&threadID=320918
  To summarise my questions:
  1) What are the functions of the realm-name and web-resource-name? Are they related?
  2) Is it possible to configure different areas of an application to use different authentication methods? and if so, could you point me in the direction of relevant documentation
  3) If (2) is not possible and I have to assign a new role to the privileged LDAP users, is it enough to define a new security-constraint? Could you describe the behaviour I could expect for users that have authenticated once and try to access this super-security area, will they be shown another login form or will it just let them in because the container is already aware of their permissions.
  Many thanks for your attention,
  Rachel

  If you create your own Realm classes - look at JAAS - you can sort out your last login time, just wrap them around the DataSourceRealm.
  As far as 'remind' him is concerned - I'm guessing you mean provider a reminder for the password based on the user name. If you use form based authentication you can put what ever you like on the page.

• ADF Security to J2EE Container Managed Security Problems

  Hi al!
  I had ADF security enabled in my application. I've added roles and users to embedded OC4J Server Preferences..., configured authorization using pageDefs... (following the Introduction to ADF Security in JDeveloper 10.1.3.2 howto).
  For the sake of friendlier user and roles management I decided to go to 2EE Container Managed Security (I want application manager in production environment to be able to manage users in only one place, not in DB table and extra for web app). I followed Frank Nimphius's Database Authentication and Authorization in J2EE Container Managed Security article.
  Now I have some problems. I removed users and roles from embedded OC4J Server Preferences... (I believe this are used only for ADF security, am I right?). I can log to application with admin user account (app index page doesn't have any binds and even pageDef), but when trying to access admin pages I get 401 Unauthorized page.
  What am I doing wrong, probably I've forgotten something? I'm a bit confused now with users and roles settings and ADF and container managed security.
  Part of my web.xml file:
  <servlet>
  <servlet-name>adfAuthentication</servlet-name>
  <servlet-class>oracle.adf.share.security.authentication.AuthenticationServlet</servlet-class>
  <init-param>
  <param-name>success_url</param-name>
  <param-value>/faces/app/index.jspx</param-value>
  </init-param>
  <load-on-startup>1</load-on-startup>
  </servlet>
  <servlet-mapping>
  <servlet-name>adfAuthentication</servlet-name>
  <url-pattern>/adfAuthentication/*</url-pattern>
  </servlet-mapping>
  <security-role>
  <description>Admins</description>
  <role-name>admin_role</role-name>
  </security-role>
  <security-role>
  <description>Users</description>
  <role-name>user_role</role-name>
  </security-role>
  <security-role>
  <role-name>oc4j-administrators</role-name>
  </security-role>
  <security-constraint>
  <web-resource-collection>
  <web-resource-name>AllAdmins</web-resource-name>
  <url-pattern>faces/admin/*</url-pattern>
  </web-resource-collection>
  <auth-constraint>
  <role-name>admin_role</role-name>
  </auth-constraint>
  </security-constraint>
  <security-constraint>
  <web-resource-collection>
  <web-resource-name>AllUsers</web-resource-name>
  <url-pattern>faces/app/*</url-pattern>
  </web-resource-collection>
  <auth-constraint>
  <role-name>user_role</role-name>
  <role-name>admin_role</role-name>
  </auth-constraint>
  </security-constraint>
  <security-constraint>
  <web-resource-collection>
  <web-resource-name>adfAuthentication</web-resource-name>
  <url-pattern>/adfAuthentication</url-pattern>
  </web-resource-collection>
  <auth-constraint>
  <role-name>oc4j-administrators</role-name>
  <role-name>user_role</role-name>
  <role-name>admin_role</role-name>
  </auth-constraint>
  </security-constraint>
  Do I have to remove this adfAuthentication tags?
  I know I've made things a bit complicated for me now and for anyone to help, but I hope I will get at least some pointers what to do now and maybe some explanation about roles in container managed security? Is it enaugh to have security constraints and roles defined in web.xml file or they have to be defined somewhere else also (beside the database)?
  Thank you in advance!
  Bye
  PS
  Maybe stack trace after login:
  FINE: LoginConfigProvider.ctr: lmm=[LoginModuleManager: jznCfg=[JAZNConfig null], appConfigEntries={oracle.security.jazn.oc4j.CertificateAuthenticator=[javax.security.auth.login.AppConfigurationEntry@3625d0], oracle.security.jazn.tools.Admintool=[javax.security.auth.login.AppConfigurationEntry@eca6e7], oracle.security.jazn.oc4j.WebCoreIDSSOAuthenticator=[javax.security.auth.login.AppConfigurationEntry@c1c7c4], oracle.security.jazn.oc4j.DigestAuthenticator=[javax.security.auth.login.AppConfigurationEntry@221f81], oracle.security.wss.jaas.SAMLAuthManager=[javax.security.auth.login.AppConfigurationEntry@426e05], oracle.security.jazn.oc4j.JAZNUserManager=[javax.security.auth.login.AppConfigurationEntry@145240a], current-workspace-app=[javax.security.auth.login.AppConfigurationEntry@4120aa], oracle.security.wss.jaas.JAASAuthManager=[javax.security.auth.login.AppConfigurationEntry@1c78f98]}]
  24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule initialize
  FINE: [DBTableOraDataSourceLoginModule] option data_source_name = jdbc/TESTDbDS
  24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule initialize
  FINE: [DBTableOraDataSourceLoginModule] option table = APPLICATION_USER
  24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule initialize
  FINE: [DBTableOraDataSourceLoginModule] option groupMembershipTableName = APPLICATION_ROLE
  24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule initialize
  FINE: [DBTableOraDataSourceLoginModule] option usernameField = USR_EMAIL
  24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule initialize
  FINE: [DBTableOraDataSourceLoginModule] option passwordField = USR_PSW
  24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule initialize
  FINE: [DBTableOraDataSourceLoginModule] option groupMembershipGroupFieldName = ROLE_NAME
  24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule initialize
  FINE: [DBTableOraDataSourceLoginModule] option user_pk_column = USR_EMAIL
  24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule initialize
  FINE: [DBTableOraDataSourceLoginModule] option roles_fk_column = USR_EMAIL
  24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule initialize
  FINE: [DBTableOraDataSourceLoginModule] option pw_encoding_class = null
  24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule initialize
  FINE: [DBTableOraDataSourceLoginModule] option realm_column = null
  24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule initialize
  FINE: [DBTableOraDataSourceLoginModule] option application_realm = null
  24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule initialize
  FINE: [DBTableOraDataSourceLoginModule] option casing = toupper
  24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule login
  FINE: [DBTableOraDataSourceLoginModule]login called on DBTableLoginModule
  24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule login
  FINE: [DBTableOraDataSourceLoginModule]Calling callbackhandler ...
  24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule login
  FINE: [DBTableOraDataSourceLoginModule]Username returned by callback = admin
  24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule login
  FINE: [DBTableOraDataSourceLoginModule]Username changed to case as defined by toupper to ADMIN
  24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule performDbAuthentication
  FINE: [DBTableOraDataSourceLoginModule]User query string: select USR_EMAIL,USR_PSW from APPLICATION_USER where USR_EMAIL= (?)
  24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule performDbAuthentication
  FINE: [DBTableOraDataSourceLoginModule]User primary key value found = ADMIN
  24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule performDbAuthentication
  FINE: [DBTableOraDataSourceLoginModule]Password encoded by: oracle.security.jazn.login.module.db.util.DBLoginModuleClearTextEncoder
  24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule performDbAuthentication
  FINE: [DBTableOraDataSourceLoginModule]User ADMIN authenticated successfully
  24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule performDbAuthentication
  FINE: [DBTableOraDataSourceLoginModule]Roles query string: select ROLE_NAME from APPLICATION_ROLE where USR_EMAIL= (?)
  24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule performDbAuthentication
  FINE: [DBTableOraDataSourceLoginModule]DBUser Principal Name: ADMIN
  24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule performDbAuthentication
  FINE: [DBTableOraDataSourceLoginModule]DBRole Principal Name: admin_role
  24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule login
  FINE: [DBTableOraDataSourceLoginModule]Logon Successful = true
  24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule commit
  FINE: [DBTableOraDataSourceLoginModule]Subject contains 0 Principals before auth
  24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule commit
  FINE: [DBTableOraDataSourceLoginModule]Local LM commit succeeded
  24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule commit
  FINE: [DBTableOraDataSourceLoginModule]Subject contains 2 Principals after auth
  24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule commit
  FINE: [DBTableOraDataSourceLoginModule]Cleaning internal state!

  Hi there!
  I have another question about this. I've modified a bit DBRolePrincipal class to see what's going on. At the beginning of the equals(Object another) method I added this lines:
  log("method equals start",0);
  log("another type = " + another.getClass(), 0);
  if (another instanceof Principal)
  Principal mine = (Principal)another;
  log("Principal mine.getName() = " + mine.getName(), 0);
  The result is this output (after navigating to page that gives 401 forbidden):
  07/10/12 08:38:36 [DBRolePrincipal] method equals start
  07/10/12 08:38:36 [DBRolePrincipal] another type = class oracle.security.jazn.oc4j.JAZNUserAdaptor
  07/10/12 08:38:36 [DBRolePrincipal] Principal mine.getName() = admin_user
  07/10/12 08:38:36 [DBRolePrincipal] method equals start
  07/10/12 08:38:36 [DBRolePrincipal] another type = class oracle.adf.share.security.authentication.ADFRolePrincipal
  07/10/12 08:38:36 [DBRolePrincipal] Principal mine.getName() = anyone
  07/10/12 08:38:36 [DBRolePrincipal] method equals start
  07/10/12 08:38:36 [DBRolePrincipal] another type = class oracle.security.jazn.oc4j.JAZNUserAdaptor
  07/10/12 08:38:36 [DBRolePrincipal] Principal mine.getName() = admin_user
  07/10/12 08:38:36 [DBRolePrincipal] method equals start
  07/10/12 08:38:36 [DBRolePrincipal] another type = class oracle.adf.share.security.authentication.ADFRolePrincipal
  07/10/12 08:38:36 [DBRolePrincipal] Principal mine.getName() = anyone
  07/10/12 08:38:36 [DBRolePrincipal] method equals start
  07/10/12 08:38:36 [DBRolePrincipal] another type = class oracle.security.jazn.oc4j.JAZNUserAdaptor
  07/10/12 08:38:36 [DBRolePrincipal] Principal mine.getName() = admin_user
  07/10/12 08:38:36 [DBRolePrincipal] method equals start
  07/10/12 08:38:36 [DBRolePrincipal] another type = class oracle.adf.share.security.authentication.ADFRolePrincipal
  07/10/12 08:38:36 [DBRolePrincipal] Principal mine.getName() = anyone
  07/10/12 08:38:36 [DBRolePrincipal] method equals start
  07/10/12 08:38:36 [DBRolePrincipal] another type = class oracle.security.jazn.oc4j.JAZNUserAdaptor
  07/10/12 08:38:36 [DBRolePrincipal] Principal mine.getName() = admin_user
  07/10/12 08:38:36 [DBRolePrincipal] method equals start
  07/10/12 08:38:36 [DBRolePrincipal] another type = class oracle.adf.share.security.authentication.ADFRolePrincipal
  07/10/12 08:38:36 [DBRolePrincipal] Principal mine.getName() = anyone
  07/10/12 08:38:36 [DBRolePrincipal] method equals start
  07/10/12 08:38:36 [DBRolePrincipal] another type = class oracle.security.jazn.oc4j.JAZNUserAdaptor
  07/10/12 08:38:36 [DBRolePrincipal] Principal mine.getName() = admin_user
  07/10/12 08:38:36 [DBRolePrincipal] method equals start
  07/10/12 08:38:36 [DBRolePrincipal] another type = class oracle.adf.share.security.authentication.ADFRolePrincipal
  07/10/12 08:38:36 [DBRolePrincipal] Principal mine.getName() = anyone
  07/10/12 08:38:36 [DBRolePrincipal] method equals start
  07/10/12 08:38:36 [DBRolePrincipal] another type = class oracle.security.jazn.oc4j.JAZNUserAdaptor
  07/10/12 08:38:36 [DBRolePrincipal] Principal mine.getName() = admin_user
  07/10/12 08:38:36 [DBRolePrincipal] method equals start
  07/10/12 08:38:36 [DBRolePrincipal] another type = class oracle.adf.share.security.authentication.ADFRolePrincipal
  07/10/12 08:38:36 [DBRolePrincipal] Principal mine.getName() = anyone
  07/10/12 08:38:36 [DBRolePrincipal] method equals start
  07/10/12 08:38:36 [DBRolePrincipal] another type = class oracle.security.jazn.oc4j.JAZNUserAdaptor
  07/10/12 08:38:36 [DBRolePrincipal] Principal mine.getName() = admin_user
  07/10/12 08:38:36 [DBRolePrincipal] method equals start
  07/10/12 08:38:36 [DBRolePrincipal] another type = class oracle.adf.share.security.authentication.ADFRolePrincipal
  07/10/12 08:38:36 [DBRolePrincipal] Principal mine.getName() = anyone
  Why is the name of ADFRolePrincipal always anyone? When I sign in with this user the output says:
  07/10/12 08:46:09 [DBTableOraDatasourceLoginModule] User query string: select USERNAME,PASSWORD from ACTIVE_APP_USER_V where USERNAME= (?)
  07/10/12 08:46:09 [DBTableOraDatasourceLoginModule] User primary key value found = admin_user
  07/10/12 08:46:09 [DBTableOraDatasourceLoginModule] Password encoded by: oracle.sample.dbloginmodule.util.DBLoginModuleCearTextEncoder
  07/10/12 08:46:09 [DBTableOraDatasourceLoginModule] User admin_user authenticated successfully
  07/10/12 08:46:09 [DBTableOraDatasourceLoginModule] Roles query string: select ROLE_NAME from ACTIVE_APP_ROLE_V where USERNAME= (?)
  07/10/12 08:46:09 [DBTableOraDatasourceLoginModule] DBRole Principal Name: admin_role
  07/10/12 08:46:09 [DBTableOraDatasourceLoginModule] DBUser Principal Name: admin_user
  07/10/12 08:46:09 [DBTableOraDatasourceLoginModule] Logon Successful = true
  07/10/12 08:46:09 [DBTableOraDatasourceLoginModule] Subject contains 0 Principals before auth
  07/10/12 08:46:09 [DBUserPrincipal] method equals start
  07/10/12 08:46:09 [DBUserPrincipal] another type = class oracle.sample.dbloginmodule.principals.DBRolePrincipal
  07/10/12 08:46:09 [DBTableOraDatasourceLoginModule] Local LM commit succeeded
  07/10/12 08:46:09 [DBTableOraDatasourceLoginModule] Subject contains 2 Principals after auth
  07/10/12 08:46:09 [DBTableOraDatasourceLoginModule] Cleaning internal state!
  Frank, if you haven't given up on this issue yet could you please try to explain this to me? Why doesn't admin_role principal never get compared in [equals[/i] method?
  Thank you!
  BB

• Solution Manager Security

  Hello,
  I'm responsible to setup Solution Manager to provide Enterprise Support to the customer. I would like my customer to use Solution Manager by using Internet VPN connection. In the middle of preparation, I have some questions for Solution Manager Security. Because our company has very strict security policy, I need to make sure the questions below and make report to the manager.
  1. To follow our companyu2019s security policy, I need to select the port. Could you please let me know which port# do we need to open?  I think port# 80 and 443 are required to use Internet connection. Are there any required port #?
  2. What kind of Standard User Authentication does Solution Manager have? (Basic Authentication, Digest Authentication or other?)
  3. I would like to restrict any unauthorized access. What kind of access control does Solution Manager have? (Like Service Market Place, is there any authentication before entering first screen?)
  4. Is it possible to access both HTTP and HTTPS? If so, is it possible to restrict to HTTP connection? I think HTTPS is much safer.
  I read the Security Guide downloaded from Service Market Place, but still have questions. I really need someoneu2019s help.
  Thank you in advance.
  Best Regards,
  Natsumi

  Hi Natsumi,
  Your question addresses general topics of SAP NetWeaver Web Application Server.
  Please find some answers below and I would recommend to check the standard documentation.
  >
  Natsumi Kimura wrote:
  >1. To follow our companyu2019s security policy, I need to select the port. Could you please let me know which port# do we need to open? I think port# 80 and 443 are required to use Internet connection. Are there any required port #?
  >
  port #80 is the default port for http, port #443 is the default port for https.
  You can define your own port numbers to provide access.
  >
  Natsumi Kimura wrote:
  > 2. What kind of Standard User Authentication does Solution Manager have? (Basic Authentication, Digest Authentication or other?)
  >
  SAP Solution Manager 7.0 is based on SAP NetWeaver and is using the same authentications options.
  >
  Natsumi Kimura wrote:
  > 3. I would like to restrict any unauthorized access. What kind of access control does Solution Manager have? (Like Service Market Place, is there any authentication before entering first screen?)
  >
  The first screen is the logon screen. Users needs to have logon data (user, password) to access the Work Center.
  The URL for the Key User is accessible in the Internet (and may be further restricted to dedicated IP address by additional network infrastructure).
  See section "4.4 Internet Communication Framework" in Security Guide.
  See section "4.5 Secure Socket Layer (SSL) for HTTP Connections" in Security Guide.
  >
  Natsumi Kimura wrote:
  > 4. Is it possible to access both HTTP and HTTPS? If so, is it possible to restrict to HTTP connection? I think HTTPS is much safer.
  >
  Yes, it's possible to offer HTTPS connection, only.
  Helpful links:
  [Application Help - Additional Information on Network Security|http://help.sap.com/saphelp_nw70ehp1/helpdata/en/0a/0a2e12ef6211d3a6510000e835363f/content.htm]
  [Security Guide SAP Solution Manager 7.0 EHP 1 and SP 19 |http://service.sap.com/~form/sapnet?_SHORTKEY=01100035870000718044&_OBJECT=011000358700000310012009E]
  [How-To install&configure the SAP Web Dispatcher|http://service.sap.com/~form/sapnet?_SHORTKEY=01100035870000722611&_SCENARIO=01100035870000000202&_OBJECT=011000358700000121752008E]
  Best regards,
  Ruediger

• Weblogic.management.security with transactions, Please HELP

  I am using weblogic.management.security.authentication API to programmatically insert/delete users and passwords into/from default security provider on Weblogic Server 8.1. I want to add transactional support to this these actions, I tried using UserTransaction API but without any luck. Does weblogi.managment.security.authenication has no transactional support (rollback-commit) or am I doing something wrong? I very much appreciate your help and looking forward to hearing from you!!!!
  It doesn't rollback, Here is the code:
  UserTransaction transaction = (UserTransaction)ctx.lookup("javax.transaction.UserTransaction");
  transaction.begin();
  UserEditorMBean userEditor = (UserEditorMBean)providers;
  userEditor.createUser(userName, password, description);
  transaction.rollback();

  I do not think you can have transactions over MBean calls as they communicate with relevant object over t3 and this objects are possibly in different class loader.
  -TJ

• Help Required in Trade Promotion Management

  Hi ,
  Can anybody suggest or send document related to Trade Promotion Management Configuration since i have requirement for the same...
  Thanks & Regards,
  Prakash S.

  Hi,
  The below blog lists out the configurations for TPM.
  >http://sapcrmtutorial.blogspot.de/2012/07/tpm-trade-promotion-management.html
  Also, go through below link.
  http://help.sap.com/saphelp_crm700_ehp01/helpdata/en/0d/312ec0383f495c8740d9bde7fa81b2/content.htm?frameset=/en/0d/312ec0383f495c8740d9bde7fa81b2/frameset.htm&current_toc=/en/51/6b5203723746dd8f02ba87183c619a/plain.htm&node_id=4
  If you have Sol Man installed in your project, you might find configuration documents over there. Also, there should be implementation guide provided to your client when they purchased TPM There is no ConfigGuide for TPM yet.
  Hope this helps!
  Regards,
  Len.

• CMC - Promotion Management Tool

  Hi,
  I created a user account in CMC for promotion management tasks. Promotion is successful only if the user is a member of Administrator. I have given all rights for the user under CMC--->Application -->Promotion Management tools.
  BI 4.0 Edge. SP06 Patch 1
  Any help is appreciated.
  Thank You
  Veena

  Yes Veena, I think Users may not have to be part of Administrators group in order to promote the content from one environment to another if they are provided with access to the Promotion Management through CMC>Applications area and also if they have access to the content to be promoted.
  Refer to Promotion management section(15.1.3 Application Access Rights) of the below guide for more details on granting access to other users to promotion management.
  http://help.sap.com/businessobject/product_guides/boexir4/en/xi4sp6_bip_admin_en.pdf
  Thanks
  Mallik