Proper security realm for ecommerce user

Similar Messages

• One custom security realm for many wl servers?

  Is it possible to use one custom security realm for many weblogic servers...ie
  one login for all application on different weblogic server.

  Is it possible to use one custom security realm for many weblogic servers...ie
  one login for all application on different weblogic server.

• How to configure security realm for Active Directory ?

  Hi,
  Can any body suggest how to configure security realm in weblogic 8.1
  I have simple login page where in user can enter his credentials, and i have MS-Active Directory where we maintain all users.
  users who loged into web application has to be authenticated from Active Directory.
  please suggest what are the steps that we need to follow
  thanks in advance

  Hi Sankar,
  You can login to the weblogic server admin console and create a new realm.
  Once you have created the realm you can add the authentication provider.You add the Active Authentication Provider.But you must have the the configuration inforamation of MS AD.You can read my blog http://dev2dev.bea.com/blog/bishnu_kumar/
  where the integration is with iPlanet LDAP.Steps will be similar.
  You must have a login portlet in your portal application and that should have been in accordance with j2ee security standards.For example you may use basic authentication or userlogin control or p13n API
  Regards
  Bishnu

• Sample Security realm for OpenLDAP and WLS7

  Hello,
  I would like to set up WLS 7 so it uses the Oracle implementation of OpenLDAP.
  I am looking for a Custom Security Provider for OpenLDAP for WLS7. I can not use
  the embedded LDAP as it does not allow me to programatically create new users.
  If anyone has a sample implementation, please send it to me. I would really appreciate
  it.
  Thanks
  Gavin

  It is possible to create new users programatically in embedded LDAP. Here
  is an example
  package test.jmx;
  import javax.naming.Context;
  import javax.naming.NamingException;
  import javax.naming.AuthenticationException;
  import javax.naming.CommunicationException;
  import weblogic.jndi.Environment;
  import weblogic.management.*;
  import weblogic.management.security.authentication.*;
  import weblogic.security.providers.authentication.*;
  import javax.management.*;
  import weblogic.management.configuration.*;
  import weblogic.management.runtime.*;
  import java.util.*;
  public class Test {
  public static void main(String[] args) {
  String url = "t3://localhost:7001"; //URL of the Administration server
  String username = "weblogic";
  String password = "weblogic";
  MBeanHome home = null;
  SecurityConfigurationMBean conBean;
  weblogic.management.security.RealmMBean realmBean;
  AuthenticationProviderMBean authBean;
  AuthenticationProviderMBean[] authBeans;
  DefaultAuthenticatorMBean defBean;
  try {
  Environment env = new Environment();
  env.setSecurityPrincipal(username);
  env.setSecurityCredentials(password);
  env.setProviderUrl(url);
  Context ctx = env.getInitialContext();
  home = (MBeanHome) ctx.lookup(MBeanHome.ADMIN_JNDI_NAME);
  System.out.println("Got the MBeanHome: " + home);
  System.out.println("\n\n");
  WebLogicObjectName objName = new
  WebLogicObjectName("mydomain:Name=mydomain,Type=SecurityConfiguration");
  conBean = (SecurityConfigurationMBean) home.getMBean(objName);
  System.out.println("Security configuration MBean: " + conBean);
  System.out.println("\n\n"); realmBean = conBean.findDefaultRealm();
  System.out.println("Got the default realm: " + realmBean);
  System.out.println("\n\n");
  authBeans = realmBean.getAuthenticationProviders(); //is it the
  defaultAuthenticationProviderMBean???
  defBean = (DefaultAuthenticatorMBean)authBeans[0];
  defBean.createUser("test","weblogic","just a test of wls70 security");
  System.out.println("\ncreate successfully!");
  System.out.println("\n\n");
  } catch (Exception e) { e.printStackTrace(); } } }
  "Gavin" <[email protected]> wrote in message
  news:[email protected]...
  >
  Hello,
  I would like to set up WLS 7 so it uses the Oracle implementation ofOpenLDAP.
  I am looking for a Custom Security Provider for OpenLDAP for WLS7. I cannot use
  the embedded LDAP as it does not allow me to programatically create newusers.
  >
  If anyone has a sample implementation, please send it to me. I wouldreally appreciate
  it.
  Thanks
  Gavin

• How to Define Workbook / Business Ares Security Correctly for new Users

  Hi All,
  Please could you help me understand the Security Model for Workbooks and business Areas as I believe I am very close to understanding it, but missing something important.
  Background Information:
  We are using the predefined Oracle Business Areas (Payables, Receivables, Purchasing & General Ledger) to build our reports on. These are the steps I am taking to try and assign a new user & responsibility access to the existing report.
  1. I create the Report in Discoverer Desktop under the ‘General Ledger Responsibility’ logged in as myself – assume report name = ‘Report_1’.
  2. I create a new Responsibility in Oracle Apps called ‘Discoverer Resource Coordinators’.
  3. I create a new User in Oracle Apps called ‘Joe Bloggs’ and assign the responsibility ‘Discoverer Resource Coordinators’ to the Joe.
  4. Logged in as myself in Discoverer Desktop, Responsibility ‘General Ledger’ I Share the Report (Report_1) to the new Responsibility I just created ‘Discoverer Resource Coordinators’.
  5. In Discoverer Administration, Security, I assign the new Responsibility ‘Discoverer Resource Coordinators’ to the predefined Oracle Business Areas (Payables, Receivables, Purchasing & General Ledger).
  6. In Discoverer Administration I set privileges so that the Responsibility ‘Discoverer Resource Coordinators’ can do all tasks, query data, administer. .etc. etc..
  7. I therefore believe everything has been done and attempt to Login and run the report under Joe Bloggs, but am unable to retrieve any data.
  Help… what am I missing!
  Thanks,
  Lance
  Message was edited by:
  Lance

  Dear All,
  This has now been adjusted according to your recommendations but to no avail.
  Myself and Lance have ensured that this new responsibility has unlimited access to all the existing Business areas to eliminate joins within folders not being recognised, we have also ensured that the workbooks that have been created are shared with the correct responsibility.
  I have thoroughly tested this set up by logging in as this new responsibility within Disco. Client to try and retrieve data in a new Workbook, but even for the simplest of queries this fails.
  It seems that there may be a problem with the Responsibility linking to the EUL, could this be due to the new responsibility being created after the Current EUL was set up?
  Does anyone have any information or knowledge where this could happen?
  Regards
  Si

• Proper security structure for Single Sign on Server

  We are all used to how we design security structure for vCenter Server if you have had an existing VMware environment prior to 5.1.  Who should have administrative privileges in vCenter Server, what roles, permissions, and so on should be assigned to what users and groups - these questions have already been addressed in our current configuration.
  Now Single Sign on introduces a significant new point of consideration for determining issues of access and authentication.
  I'd like to get some ideas on how this should be handled.  For example, should previous VMware administrators by definition become Single Sign on Administrators? Should the administrators of the Active Directory domain now start to get involved with the Single Sign on Server?
  For example, Single Sign on now forces VMware administrators to configure things like:
  -Password Complexity Policy for SSO
  -Password Expiration for SSO
  -Lockout Policy
  We already probably have these things tightly controlled in AD and locked down with group policy, but you can't apply group policy directly to an SSO server and make it receive a GPO from Active Directory.  (You can make the Windows OS that SSO is running on have a GPO applied, but it won't configure SSO itself, just the OS).
  VMware admins are looking at a new set of questions relating to authentication and authorization.  Someone has to have written something or will be writing something to help us get the big picture of what is changing with SSO if anything and how we need to look at SSO from a security design and best practices.
  Should we just make existing vCenter Server admins SSO admins or do we need to take a step back and reconsider?

  Hello,
  Actually, yes. SSO is fairly robust in 5.5. It has a few limitations around email of expired passwords, but that is mainly because some people do not use them. I use SSO to provide the usernames and passwords for all my VMware vCenter and related product service accounts. I.e. an account for vdp, Horizon, vCops, Log Insight, etc.  This is more about keeping systems segregated once more with no real need for AD for services. But AD via SSO is used by users.
  Read the documentation, and determine how SSO fits into your current password policy and take a long hard look at your virtualization management environment. Is there a 1 service account per service talking directly to vCenter? If not, SSO can help you implement that. The key is to match its functionality to your security policy.
  Best regards,
  Edward L. Haletky
  VMware Communities User Moderator, VMware vExpert 2009, 2010, 2011,2012,2013,2014
  Author of the books 'VMWare ESX and ESXi in the Enterprise: Planning Deployment Virtualization Servers', Copyright 2011 Pearson Education. 'VMware vSphere and Virtual Infrastructure Security: Securing the Virtual Environment', Copyright 2009 Pearson Education.
  Virtualization and Cloud Security Analyst: The Virtualization Practice, LLC -- vSphere Upgrade Saga -- Virtualization Security Round Table Podcast

• How to suppress a Security Notifcation for all users

  How can we suppress the notification If you open this document, anonymous usage data will be sent securely to this remote server: To learn more about what this means for you, please click on the 'Privacy and Security' button. check box - Allow collection of detailed usage data check box - Do not show again _________________________________________________________________________________________ __________________________________ I'm looking for a way to tick the box 'Do not show again' for all users perhaps through a registry setting that can be set via GPO? Thanks, Brian

  Well as a workaround you can create an email address/folder and provide this in SOCT and then from this mail folder , setup a rule to forward the mail to all receipients.

• Security settings for all users

  I recently developed a document that requires digital signatures and have been testing it. The only downside is that when a user opens the document, Adobe prompts for the installation of new security settings, and it installs it for that user only. I need to add a registry key to the new security settings, but it is only available to be added to the current user hive. Does anyone know how to install the new settings for all users?
  Here is the registry key I need to add.
  [HKEY_CURRENT_USER\Software\Adobe\Adobe Acrobat\9.0\Security\cPubSec]
  "bSelfSignCertGen"=dword:00000000
  Im using Adobe Reader 9.3 and Win XP.
  Any help would be terrific!
  Thanks.

  Hi,
  There are really two separate issues. First, is Adobe pushing updates to the Acrobat Address Book (i.e. adding certificates as trust anchors) and the second issue is how you can push your own update to disable the creation of self-signed digital IDs. Although the two issues share an underlying mechanism, they are separate and you cannot leverage one for the other.
  First issue first. Adobe has entered into partnership with certain Certificate Authorities and has created a mechanism to add their certificates to the Acrobat Address Book (aka Manage Trusted Identities) using http to send a copy of the Security Settings file that contains only digital IDs. There are two ways to trigger the download process. One is to go into the Preferences, select Trust Manager, and click the Update Now button in the Automatic Updates group box. The other method is to load the DigSig plug-in (beginning with Acrobat 9, plug-ins no longer load a launch in order to speed up the launch process). As I'm sure you have deduced, opening a file with a signature field cause the DigSig plug-in to load which in turn triggers the automatic download. The reason we have limited the automatic download to DigSig being loaded is because the vast majority of people viewing PDFs are not using the digital signature functionality (much to my personal chagrin because the more people use digital signatures, the better my job security ) and we didn't want to bother them with an update they would never need. People already complain that there are too many updates, and we are trying to limit the irritability factor. To close the loop on this function, once the download process has been triggered the Acrobat check two more things before it does the update, 1) has it been a month since I checked and, 2) if it has been a month is there a new file to download. This way we are not pestering people with unneeded updates, or if they do need the update, at least not too often. And finally, Address Book management has to be on a per user basis. A certificate that you may elect to trust could be a certificate that the next person want to specifically keep untrusted. The Windows Certificate Store, Mac Keychain and Firefox Certificate Manager all work on a per user basis.
  That brings us to what you would like to do. The good news is you can use the Export Security Settings featrue to create a distributable file that will set the preference. The real question is how will you distribute the file, but before we get to that, here is how to create the file.
  With Acrobat closed, set the registry setting you noted in the message above
  Launch Acrobat
  Select the Advanced > Security > Export Security Settings menu item
  Click the Deselect All button on the Export Security Settings dialog
  Select the Signing Preferences Settings checkbox
  Click the OK button on the Export Security Settings dialog
  Select Signature Creation Settings and note "Allow creation of self-signed Digital IDs" is set to No
  Click the Export button on the toolbar
  Follow the on screen dialogs. You don't have to encrypt the file, but you must sign it with a certifying signature
  At this point you have the file available for distribution. You could e-mail it to your intended recipients with import instructions, or you could post if for download, or you could set the Preference the to automatically push the file from a server. To check this feature out select the Edit > Preferences menu item and then select Security from the Categories list box. You would need to select the Load security settings from a server checkbox and then set up the URL. As an aside, you can also export these settings by selecting the Automatic Update Settings checkbox on the Export Security Settings dialog noted in the bullet points above. You have a chicken and egg problem in that you have to get the users to first manually import the file in order to set up the automatic import. That I can't help you with, you're just going to have to decide what works best for you.
  Good luck,
  Steve

• Security Setting for a User

  Hi,
  Can we invoke and revoke security settings for a particular user at any time?What i mean by this is,
  For a particular document user1 can add/modify the document and user 2 and user3 cannot,but in another moment user2 can see the same document but user3 cannot.And finally when user3 add/modifies it all three of them can view the same document.
  Is there a possible way to do such kind of operation using UCM?

  Hi,
  I think the answer for the most part is yes, though security is not mapped to the document level, rather access is granted to groupings that contain documents.
  So in the scenarios you listed, theoretically the document would be contained in a grouping which user1 has access to and users 2 and 3 do not. In the next "moment" the document could either be moved to a new grouping or user2's access could change allowing them to see the document while still hiding it from user3.
  The third scenario is a little trickier, because user3(who did not have access to the document in scenario 2) modifies it and then everyone can see it. I'm not sure if you were inferring a series of actions on the same document, or three seperate scenarios, but if it was a series of steps, then that one probably wouldn't fly without a customization at least.
  Hope that helps
  David

• Configure security realm for external Access Manager in App server 8.1

  Hi All,
  I would like to protect my j2ee application using access manager running on an external host.
  I would like to configure the security realm in Sun app Server 8.1 for the external Access Manager
  external host & port of AM is:
  http://svrd234d.dnn.com.au:58765
  Please verify if these are the correct settings for the agentRealm configuration on Sun App server 8.1.
  classname="com.sun.amagent.as.realm.AgentRealm"
  property name="jaas-context" value="agentRealm"
  property name="base-dn" value="ou=People,dc=dnn,dc=com,dc=au"
  property name="hostURL " value="http://svrd234d.dnn.com.au:58765"

  Did you download AS8.1 agent under http://www.sun.com/download/products.xml?id=4266924d?
  If you can unjar am_as81_agent_2_1.jar after installing the J2EE agent, you will find AgentRealm.class under com.sun.amagent.as.realm.
  Please also note that page 161 of J2EE agent guide shows how to disable AgentRealm to better fit your agent policy mode. Check it out http://docs-pdf.sun.com/816-6884-10/816-6884-10.pdf
  Jerry

• Install security updates for all users

  I am using the a form with digital signatures fields, and when a user logs onto a pc and opens the form Adobe asks if you would like to install new security settings. I tell my user to click yes, but there are multiple users on multiple PCs that will be using this form. Is there a way to install this same setting for all users? I am using Adobe reader 9.3, and the form was deisgned with Designer. Any help would be very appreciated.
  Thanks!

  It would seem like that article ''should'' solve the problem, but it doesn't seem to have had any effect. I extracted the contents of the .xpi file into the browsers\extensions folder using the extension ID, yet that doesn't seem to have done anything. I ran firefox after copying the uncompressed files with an administrator account with no luck. Any thoughts?

• How to disable the annoying security warning for all users in Windows Server 2008 R2

  Hi,
  The employees from the administration complain all the time about the different types of security warning that they get when trying to run some applications which are used frequently.
  Since the number of the users is too big it is unfeasible to go through all the users and disable the User Access Control at their account settings.
  Is it possible to achieve this through given account policy settings. I want to perform the changes on the server so it applies to *all* (or maybe those of Administration department) users.
  One useful information here can be the following: we use 2 different severs, the application which cause the errors are in the terminal server, and the users are in the main server. Where should I perform the changes?
  Best,
  D

  Hiya,
  It could sound like that one indeed. There are a few options to go for, however it should be fairly easy to find out :)
  Create a test GPO and apply to a limited amount of users. GPUpdate and verify that the GPO has been applied using rsop.msc
  Then open the application to test and see if it has the desired effect. You might need to change more than one setting, depending on the application and desired behavior.

• After deploy in server, integrated Security works for all users but only one user does not work for one user

  hi
     i'd like to ask for help.here is a brief introduction.
        i publish a web project on a server(the name,"server-deploy"),(it connect with sql server datavvase with connection string  of database  "Trusted_Connection=Yes",with web config file <authentication
  mode="Windows" />    <identity impersonate="true"/>
     there are some users whose Impersonae_clients_after_authentication are enabled. and most of them can connect to database via the deployed project .
    but one user,he was told 'NT AUTHORITY\ANONYMOUS LOGON', and according to even viewer("security of "windows log") of "server-deploy",it shows "Audit failure"(the Task category is "credential validation")
  and here is some information
  [ Name]  Microsoft-Windows-Security-Auditing
     EventID 4776
  The computer attempted to validate the credentials for an account.
    PackageName MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
    TargetUserName (user)
    Workstation (Workstation)
    Status 0xc0000064
     while when other user do login ,there is no log whose Task category is "credential validation".
    COULD ANY ONE CAN DO ME A FAVOR TO HELP ME?ANY HELP IS APPRECIAT. THANK U VERY MUCH IN ADVANCE :)
  best regards
  martin

  and i made a small windows form application here
     private bool impersonateValidUser(String userName, String domain, String password)
              WindowsIdentity tempWindowsIdentity;
              IntPtr token = IntPtr.Zero;
              IntPtr tokenDuplicate = IntPtr.Zero;
              if (RevertToSelf())
                  if (LogonUserA(userName, domain, password, LOGON32_LOGON_INTERACTIVE,
                      LOGON32_PROVIDER_DEFAULT, ref token) != 0)
                      if (DuplicateToken(token, 2, ref tokenDuplicate) != 0)
                          tempWindowsIdentity = new WindowsIdentity(tokenDuplicate);
                          impersonationContext = tempWindowsIdentity.Impersonate();
                          if (impersonationContext != null)
                              CloseHandle(token);
                              CloseHandle(tokenDuplicate);
                              return true;
              if (token != IntPtr.Zero)
                  CloseHandle(token);
              if (tokenDuplicate != IntPtr.Zero)
                  CloseHandle(tokenDuplicate);
              return false;
    and here is the code of buttonclick
   if (impersonateValidUser(user,psw,doman))
                  if (!System.IO.Directory.Exists(this.textBox1.Text))
                      MessageBox.Show("not exist with imper");
                  else
                      MessageBox.Show("exist with imper");
                  undoImpersonation();
              else
                  MessageBox.Show("fail login.");
     and i was told "exist with imper"(usually if Impersonae_clients_after_authentication is not enaled would told "not exist with imper" )

• Can I alter security settings for multiple users of fingerprint reader on iphone 5 - i.e. if i allow my daughter to set her fingerprint, can I stop her from accessing itunes store to make purchases???

  My daughter wants to access my iphone 5 by adding her fingerprint. Can I alter the security settings so that she cannot make itunes purchases etc?

  Not if you want to be able to continue to make iTunes purchases too. You can lock out access to iTunes store using Restrictions (which always needs a passcode to change, Touch ID won't work for changing/removing Restrictions) but that means no one can use any of the restricted features.
  iOS has no concept of multiple users with differing access levels like this. Touch ID stores multiple fingerprints, but they're supposed to be all from the same person, the device's owner, not multiple users.
  You're going to have to buy your daughter her own iPhone... ;-)

• Site Studio 11g: Different security access for each user

  Hi,
  I want to limit access for some contributors and grant full access to others.
  I set up different users on the content server, assign a different contributor data file to each region, and assign unique security metadata to those files.
  As result it still display the graphic icon for those data file with only read access. The contributor is not able to edit the data file but still capable to switch or remove the data file.
  +According to the documentation only the files that a particular contributor has permission to edit will display the contribution graphic icon on the web page when in contribution mode.+
  I need that the contributor should not be able to switch the data file or remove it if he doesn't have edit access to those data files.
  I've applied the metadata security to the placeholder definition unsuccessfully.
  I am using Account Security model.
  Thanks
  al
  Edited by: user8859325 on 20-Jun-2011 08:21

  Hi,
  I want to limit access for some contributors and grant full access to others.
  I set up different users on the content server, assign a different contributor data file to each region, and assign unique security metadata to those files.
  As result it still display the graphic icon for those data file with only read access. The contributor is not able to edit the data file but still capable to switch or remove the data file.
  +According to the documentation only the files that a particular contributor has permission to edit will display the contribution graphic icon on the web page when in contribution mode.+
  I need that the contributor should not be able to switch the data file or remove it if he doesn't have edit access to those data files.
  I've applied the metadata security to the placeholder definition unsuccessfully.
  I am using Account Security model.
  Thanks
  al
  Edited by: user8859325 on 20-Jun-2011 08:21