Recipe Management Security

Is anyone restricting access to specific Recipe Management (RM) objects (specifications and recipes) by a project designation and/or team composition?
We are using role-based security along with authorization object and sub-object settings within RM. Up until this point, a given role would be authorized to display and edit substance specifications for example. Now, we have a limited sub-group of people working on a super secret project and only want these people to be able to display and edit the specific substance specs created for the project.
Any ideas or tips and tricks would be welcome. Thank you for your help.
Beth

Beth,
You may want to create another authorization group. Then assign specific user/s or role/s to this authorization group.
hth,
Mark

Similar Messages

Recipe Management within SAP PLM Core 7.1 EHP5 system

Dear All,
I am working in a EHP5 system - Recipe mgmt. i am looking for documentation regarding configuration, end user training and OKP files for this new Recipe management
Thanks in Advance
yasar

Hi Gurunadh Kumar
It is not easy to read your question, anyway I made it and let me try to summarize it before providing your the solution:
Reproducing steps when configuring the webservices(SAP ME) in CE 7.1 EHP1.
1. Log on to SAP NetWeaver Administrator Console by launching the following URL: http://:/nwa.
2. Choose SOA Management Application and Scenario Communication Single Service Administration .
3. Search for the Web service: Eg. BOMProcessingIn
4. Select port type
5. In the bottom window, select associated ServicePort
6. Choose the Security tab.
7. Choose Edit.
8. Select the Transport protocol.
9. Check the UserID/Password under HTTP Authentication.
10. Save while saving I am getting an error :
A problem in the backend.Please refresh the UI. Log Message: Message:
[EXCEPTION] com.sap.esi.esp.admin.ui.helper.exceptions.TechnicalException:
Problem occured at the backend. Please refresh the UI.
I have checked through the exception stack traces, this should be caused by the patch level inconsistency between the following
components on your CE7.11 system:
   - ESP_FRAMEWORK
   - ENGINEAPI
   - J2EE-FRMW
To resolve this problem, please download the lastest patch for all the above software components as per the current SP level,
and deploy them to your system, then try the same steps again.
Best Regards,
Thunder
Edited by: Thunder Feng on Sep 22, 2010 10:52 AM

Recipe manager 2.0

Hi everyone,
bought a G5 early Januray. New to apple world( great so far).
I have tried to install recipe manager2.0 . When I do so it doens't work and I have a question mark on the dock's icons.
Any ideay. On the web site of recepe manager they mentione something with firevault. What is this. How can I make it work.

FileVault encrypts your home folder and decrypts files on the fly as you use them The default is for this to be off, but yours may be on.
Settings are at System Preferences>Security.
There seem to be several apps called Recipe Manager! Whose are you trying to install?

Recipe Management error while creating Recipe

Hi,
While creating recipe in Recipe Management (Tcode: RMWB), in the process tab, I am unable to create a STAGE no.
When I try to create stage (4 digit numeric) it gives me an error message "Change number 500000000000 does not exist"
Long text of error message
Diagnosis
One of the following situations caused the error message:
1. You want to edit a BOM or routing using change number 500000000000.
2. You entered change number 500000000000 in order to display or change the change master.
Change number 500000000000 which you entered does not exist in the system.
Procedure
Check your entry. Correct the change number if appropriate.
Please help in solving the above issue.
Rgd,
Jag

Hi Jag,
Are there recipes in the system (after an upgrade)?
When you start with the recipe management the system create automatically a dummy change number (with the profil setting RCP01). The change number is stored in the table RCPC_AENNR; to read the change number , please use the function module RCP899_DUMMY_AENNR_READ.
If the change number 500000000 the dummy, please correct the settings of the change managment if the change number is missing.
Best regards,
Roland Freudenberg

EJB 3.0 Security with ACEGI and not with Container Managed Security

Hi,
     Currently we are using EJB 2.0 in our project, We want to use EJB 3.0
     But for security we want to use Spring ACEGI Security and we don�t want to use container managed security (No Portability, Difficult, �)
     ACEGI supports Servlet/JSP security very well (I am able to call isUserInRole(), getUserPrincipal() because ACEGI implements by ServletRequestWrapper in a filter)
     But for EJB, it lacks this feature. (There is no standard EJB interceptor API as there is with servlets (using filters), so there's no generic way of modify in the EJB context for the invocation)
     Without using container managed security, Is there any way to propogate my security context from Servlet Layer to EJB Layer, So that I can use EJB Declartive security and getCallerPrincipal(), isCallerInRole() API.
     For more info please see this thread http://forum.springframework.org/showthread.php?t=26514
     Why don�t you provide standard EJB interceptor API as there is with servlets (using filters), so there I am able add security identity to EJB context.
     I am eagerly waiting for the reply

Reason: javax.naming.NameNotFoundException: jdbc not bound
Although i am quite new to this as well i would say that there is a problem with your connection with the database.
It seems it cannot connect to Mysql.
have you download the mysql package library and imported it ?
Also in your deploy folder in you Jboss
have you altered the jdbc to connect to you database in your dataset ? ( i am not sure about mysql, but postgre reguired this)
Most probably it would be the same in mysql.
<connection-url>jdbc:postgresql://127.0.0.1:5432/Dissertation</connection-url>
Not sure if this is what you reguire, i am new at this my self

The OMS is not set up for Enterprise Manager Security

Hi, I'm trying to add an agent to grid control and its not connecting with the management server because i cant secure it...
bash-2.05$ ../../bin/emctl secure agent <password>
Oracle Enterprise Manager 10g Release 3 Grid Control 10.2.0.3.0.
Copyright (c) 1996, 2007 Oracle Corporation. All rights reserved.
Agent is already stopped... Done.
Securing agent... Started.
Requesting an HTTPS Upload URL from the OMS... Failed.
The OMS is not set up for Enterprise Manager Security.
i have tried this on two seperate servers, both do the exact same thing. However, on my repository server where the OMS is housed, i can secure the agent no problem. Does anyone know what the problem could be? My OMS is on a Linux (SuSE 10.2) 32-bit machine.
heres the emdctl.trc on the agent machine:
2007-07-11 11:00:20 Thread-1 ERROR main: nmectla_agentctl: Error connecting to http://cbldb3:3872/emd/main/. Returning status code 1
2007-07-11 11:00:21 Thread-1 WARN http: snmehl_connect: connect failed to (cbldb3:3872): Connection refused (error = 239)
2007-07-11 11:00:21 Thread-1 ERROR main: nmectla_agentctl: Error connecting to http://cbldb3:3872/emd/main/. Returning status code 1
2007-07-11 11:00:21 Thread-1 WARN http: snmehl_connect: connect failed to (cbldb3:3872): Connection refused (error = 239)
2007-07-11 11:00:21 Thread-1 ERROR main: nmectla_agentctl: Error connecting to http://cbldb3:3872/emd/main/. Returning status code 1
2007-07-11 11:00:22 Thread-1 WARN http: snmehl_connect: connect failed to (cbldb3:3872): Connection refused (error = 239)
2007-07-11 11:00:22 Thread-1 ERROR main: nmectla_agentctl: Error connecting to http://cbldb3:3872/emd/main/. Returning status code 1
2007-07-11 11:05:10 Thread-1 WARN http: snmehl_connect: connect failed to (cbldb3:3872): Connection refused (error = 239)
2007-07-11 11:05:10 Thread-1 ERROR main: nmectla_agentctl: Error connecting to http://cbldb3:3872/emd/main/. Returning status code 1
2007-07-11 11:10:08 Thread-1 WARN http: snmehl_connect: connect failed to (cbldb3:3872): Connection refused (error = 239)
2007-07-11 11:10:08 Thread-1 ERROR main: nmectla_agentctl: Error connecting to http://cbldb3:3872/emd/main/. Returning status code 1
bash-2.05$ lsof | grep 3872
bash-2.05$
seems to be failing the connect but nothing is running on the port so i'm not sure why
Thanks in advance
Message was edited by:
user581869

some further information and hopefully someone can help me...
I went to the OMS binary folder (fmc45712:$OMS_HOME/bin) and executed the following commands...
$OMS_HOME/opmn/bin/opmnctl stopall
$OMS_HOME/bin/emctl stop oms
$OMS_HOME/bin/emctl secure oms
$OMS_HOME/bin/emctl start oms
$OMS_HOME/opmn/bin/opmnctl startall
then i go to $AGENT_HOME on the OMS machine (fmc45712:$AGENT_HOME/bin) and execute..
$AGENT_HOME/bin/emctl status agent -secure
Oracle Enterprise Manager 10g Release 3 Grid Control 10.2.0.3.0.
Copyright (c) 1996, 2007 Oracle Corporation. All rights reserved.
Checking the security status of the Agent at location set in /opt/oracle/OracleHomes/agent10g/sysman/config/emd.properties... Done.
Agent is secure at HTTPS Port 3872.
Checking the security status of the OMS at http://fmc45712:4889/em/upload/... Done.
OMS is secure on HTTPS Port 1159
I then to go the server i deployed the agent on that i want to get communicating wtih my OMS...
$AGENT_HOME/bin/emctl status agent -secure
Oracle Enterprise Manager 10g Release 3 Grid Control 10.2.0.3.0.
Copyright (c) 1996, 2007 Oracle Corporation. All rights reserved.
Checking the security status of the Agent at location set in /u101/em/agent10g/sysman/config/emd.properties... Done.
Agent is unsecure at HTTP Port 3872.
Checking the security status of the OMS at http://fmc45712:4889/em/upload/... Done.
OMS is running but has not been secured. No HTTPS Port available.
same command, different computer, but on the same network, and it just doesn't work. The OMS is on Linux x86 and the agent on the alternate computer is on HP-UX. If anyone has any help it'd be much appreciated.

Linking DMS to a Content Repository for Recipe Management

How do I link a document type to a content repository?
This is for Recipe Management. When I look in DC10 I can see that there is a document type of RMS for Recipe Management.
I assume this means Recipe Management is connected toDMS
I have created a content repository ZRM using OAC0.
How do I make the link between the document type RMS in DMS and the content repository ZRM?

Thanks for the reply but it isn't really what I was after.
I am only the basis guy so I am not sure of the application but my expectation is that users will save a document with a document type of RMS. This document should be saved to a Content Repository
What you have described is how to save a type of document such as MS Word to a particular repository. I was hoping that Recipe Management documents (possibly MS Word, possibly not) would go to a Recipe Management Repository.
There still might be the possibility that documents (possibly MS Word) for other projects e.g. packaging could be written to a different repository.
What I am hoping for is a link from the document type RMS in DC10 to the Content Repository defined in OAC0.
I have a suspicion this is via the category defined by OACT.
The link from SAP DMS to Content Repository seems fundamental to me. I am surprised no one has the answer
...or perhaps I have completely missed the point?
Tony

SHA-1 Encryption is not working in Container managed security

Hi,
I have to turn to your help after no luck with other possible resource.
I implemented container managed security on my apps and it works well without the encrypted password(clear text) in the table column. Now I referred OC4J Security guide to implement the password encryption as follows:
1. Using the DBTableOraDataSourceLoginModule, set the option pw_encoding_class = oracle.security.jazn.login.module.db.util.DBLoginModuleSHA1Encoder
2. run the following procedure:
DECLARE
    l_password VARCHAR2(50) := 'welcome';
    l_password_raw RAW(128) := utl_raw.CAST_TO_RAW(l_password);
    l_encrypted_raw RAW(2048);
    l_encrypted_string VARCHAR2(2048);
    l_encrypted_string2 VARCHAR2(2048);
BEGIN
    dbms_output.put_line('Password in String: ' || l_password);
    dbms_output.put_line('Password in raw: ' || l_password_raw);
    l_encrypted_raw := dbms_crypto.hash(l_password_raw, dbms_crypto.HASH_SH1);
    dbms_output.put_line('SH1: ' || l_encrypted_raw);
    l_encrypted_string := UTL_ENCODE.BASE64_ENCODE(l_encrypted_raw);
    dbms_output.put_line('Base64Encoding: ' || l_encrypted_string);
END;
3. update the clear text password with the SHA-1 encrypted password and encoded in Base64Encoding (in my case, it's the parameter "l_encrypted_string")Now I run the application and login says "password not matching!" If anyone know what's going on, please advise me what's wrong...pls
thanks very much,

Hi,
hard to say without knowing the code the OC4J team uses in their login module. I know they based it on a JAAS LoginModule I wrote some years ago, but they did change some parts of it. In the original version. the password was read from the database and then compared with the provided password string. Using encryption it uses a class to encode and decode the password queried from teh database. My guess is that the returned string - after decoding - doesn't meet the password string you provide when authenticating. Since this piece of code is owned by the OC4J team, I suggest to try the Application Server forum or the Security forum
Frank

Manage security for a report that lives in multiple folders

Post Author: EricE
CA Forum: General
I am using Crystal Enterprise 10. (we are about to upgrade to BO XI if
it matters in the answer)
As we consider the migration to XI we are thinking about problems with our
existing system that we have never solved adequately.
The problem is how to manage
security of a given report that shows up in multiple places in the tree.
Example:
I have a report lives in the Sales folder but also needs to be in a folder at
the same level called Marketing.
I want the report to
exist only once so that if I update it, it gets updated both places.
To solve that I could put the real report in a folder called u201Call reportsu201D and
then create short cuts to it in both of the other folders.
The problem with that method is that
the users who have rights to the u201CSalesu201D folder donu2019t get rights to the
shortcut (because the rights don't seem to work on shortcuts). The rights
would have to be granted to the real report objectu2026which quickly becomes a mess
trying to manage rights to each individual report object.
So I want to manage rights/security
at the folder level but I also want a given report to live in more than one
location (but have one real report object) and have its rights administered by the folder it is in.
Is there any way to do that?

Post Author: EricE
CA Forum: General
yangster:When you set permissions at the folder level all reports within the folder and any subfolder that exist should inherit the parent folders rights.So putting in your report into the sales folder and creating a shortcut to the marketing folder should be fine as long as you have not set any specific right on the actual report itself.Please clarify per my post above this one. I tried doing exactly what you said to do. What happened is that the user could SEE the report but could not execute it. User had "view on demand" rights to the folder via a group.

Where are the Manage Security Policy Settings Stored

I want to upgrade from Acrobat Pro 9 to X....and I'm prompted to uninstall 9 first. I have a ton of passwords saved under Manage Security Policies in Acrobat 9 and I don't want to lose these. I know they are stored in some file, but I don't know the file. Can anyone advise the file name? I assume I can just save this file elsewhere on my computer, uninstall Pro 9...and then when I install X I can just copy this file to the folder for X, right?
Steve

C:\Documents and Settings\<username>\Application Data\Sun\Java\Deployment\deployment.properties
the folder applicationData may be hidden. Hidden files and folders have to be displayed.
Regards
Michael

Container Managed Security on Tomcat - configuring different auth-methods

I am trying to configure the container managed security on tomcat4. Or rather I am trying to add a further dimension to the configuration that already exists.
At the moment the entire application uses LDAP authentication and I would like to separate an area that requires further authentication. That is to say I would like everyone using the web application to authenticate using the existing Form-Based LDAP authentication but I would like only certain users to be able to use the data upload facility (whose code is stored in it's own directory).
This is the authentication bit of my web.xml:
<security-constraint>
    <web-resource-collection>
      <web-resource-name>qmrae</web-resource-name>
      <url-pattern>*.do</url-pattern>
      <url-pattern>*.jsp</url-pattern>
    </web-resource-collection>
    <auth-constraint>
      <role-name>*</role-name>
    </auth-constraint>
</security-constraint>
<login-config>
    <auth-method>FORM</auth-method>
    <realm-name>Form-Based Authentication Area</realm-name>
    <form-login-config>
      <form-login-page>/login.jsp</form-login-page>
      <form-error-page>/loginError.jsp</form-error-page>
    </form-login-config>
</login-config>My first hurdle is in understanding exactly how the application knows where to go for its authentication.
I had guessed that the realm-name would map "areas" of my application to realm configuration defined in my application's context area in Tomcat's web.xml but this doesnt seem to be the case. In fact I have read conflicting explanations as to what the realm-name is for. One source has said that this is only used for BASIC authentication as a way of naming the resulting pop up window - many others say it maps the login-config to the web-resource-name. However the latter doesnt make sense because the authentication works in my application at the moment even though those values are completely different (and indeed are different in most of the examples i've read on the web). Furthermore I can find any other mention of the defined realm-name in any other file (which of course be because i'm looking in the wrong place).
I was prepared to accept that the realm-name might not actually do anything and so I've been looking for examples of defining a different auth-method for different url-patterns but i've had no luck.
I know a user can have one or more roles but I dont have access to the LDAP server to set these up and haven't found anything about defining different auth-methods other than one thread in this forum suggesting that is wasnt possible on AIS.
This thread suggests that you can have more than one security-constraint but again i'm not sure about the auth methods and how you map an auth method to a security-constraint
http://forum.java.sun.com/thread.jspa?forumID=33&threadID=320918
To summarise my questions:
1) What are the functions of the realm-name and web-resource-name? Are they related?
2) Is it possible to configure different areas of an application to use different authentication methods? and if so, could you point me in the direction of relevant documentation
3) If (2) is not possible and I have to assign a new role to the privileged LDAP users, is it enough to define a new security-constraint? Could you describe the behaviour I could expect for users that have authenticated once and try to access this super-security area, will they be shown another login form or will it just let them in because the container is already aware of their permissions.
Many thanks for your attention,
Rachel

If you create your own Realm classes - look at JAAS - you can sort out your last login time, just wrap them around the DataSourceRealm.
As far as 'remind' him is concerned - I'm guessing you mean provider a reminder for the password based on the user name. If you use form based authentication you can put what ever you like on the page.

ADF Security to J2EE Container Managed Security Problems

Hi al!
I had ADF security enabled in my application. I've added roles and users to embedded OC4J Server Preferences..., configured authorization using pageDefs... (following the Introduction to ADF Security in JDeveloper 10.1.3.2 howto).
For the sake of friendlier user and roles management I decided to go to 2EE Container Managed Security (I want application manager in production environment to be able to manage users in only one place, not in DB table and extra for web app). I followed Frank Nimphius's Database Authentication and Authorization in J2EE Container Managed Security article.
Now I have some problems. I removed users and roles from embedded OC4J Server Preferences... (I believe this are used only for ADF security, am I right?). I can log to application with admin user account (app index page doesn't have any binds and even pageDef), but when trying to access admin pages I get 401 Unauthorized page.
What am I doing wrong, probably I've forgotten something? I'm a bit confused now with users and roles settings and ADF and container managed security.
Part of my web.xml file:
<servlet>
<servlet-name>adfAuthentication</servlet-name>
<servlet-class>oracle.adf.share.security.authentication.AuthenticationServlet</servlet-class>
<init-param>
<param-name>success_url</param-name>
<param-value>/faces/app/index.jspx</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>adfAuthentication</servlet-name>
<url-pattern>/adfAuthentication/*</url-pattern>
</servlet-mapping>
<security-role>
<description>Admins</description>
<role-name>admin_role</role-name>
</security-role>
<security-role>
<description>Users</description>
<role-name>user_role</role-name>
</security-role>
<security-role>
<role-name>oc4j-administrators</role-name>
</security-role>
<security-constraint>
<web-resource-collection>
<web-resource-name>AllAdmins</web-resource-name>
<url-pattern>faces/admin/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>admin_role</role-name>
</auth-constraint>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>AllUsers</web-resource-name>
<url-pattern>faces/app/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>user_role</role-name>
<role-name>admin_role</role-name>
</auth-constraint>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>adfAuthentication</web-resource-name>
<url-pattern>/adfAuthentication</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>oc4j-administrators</role-name>
<role-name>user_role</role-name>
<role-name>admin_role</role-name>
</auth-constraint>
</security-constraint>
Do I have to remove this adfAuthentication tags?
I know I've made things a bit complicated for me now and for anyone to help, but I hope I will get at least some pointers what to do now and maybe some explanation about roles in container managed security? Is it enaugh to have security constraints and roles defined in web.xml file or they have to be defined somewhere else also (beside the database)?
Thank you in advance!
Bye
PS
Maybe stack trace after login:
FINE: LoginConfigProvider.ctr: lmm=[LoginModuleManager: jznCfg=[JAZNConfig null], appConfigEntries={oracle.security.jazn.oc4j.CertificateAuthenticator=[javax.security.auth.login.AppConfigurationEntry@3625d0], oracle.security.jazn.tools.Admintool=[javax.security.auth.login.AppConfigurationEntry@eca6e7], oracle.security.jazn.oc4j.WebCoreIDSSOAuthenticator=[javax.security.auth.login.AppConfigurationEntry@c1c7c4], oracle.security.jazn.oc4j.DigestAuthenticator=[javax.security.auth.login.AppConfigurationEntry@221f81], oracle.security.wss.jaas.SAMLAuthManager=[javax.security.auth.login.AppConfigurationEntry@426e05], oracle.security.jazn.oc4j.JAZNUserManager=[javax.security.auth.login.AppConfigurationEntry@145240a], current-workspace-app=[javax.security.auth.login.AppConfigurationEntry@4120aa], oracle.security.wss.jaas.JAASAuthManager=[javax.security.auth.login.AppConfigurationEntry@1c78f98]}]
24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule initialize
FINE: [DBTableOraDataSourceLoginModule] option data_source_name = jdbc/TESTDbDS
24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule initialize
FINE: [DBTableOraDataSourceLoginModule] option table = APPLICATION_USER
24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule initialize
FINE: [DBTableOraDataSourceLoginModule] option groupMembershipTableName = APPLICATION_ROLE
24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule initialize
FINE: [DBTableOraDataSourceLoginModule] option usernameField = USR_EMAIL
24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule initialize
FINE: [DBTableOraDataSourceLoginModule] option passwordField = USR_PSW
24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule initialize
FINE: [DBTableOraDataSourceLoginModule] option groupMembershipGroupFieldName = ROLE_NAME
24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule initialize
FINE: [DBTableOraDataSourceLoginModule] option user_pk_column = USR_EMAIL
24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule initialize
FINE: [DBTableOraDataSourceLoginModule] option roles_fk_column = USR_EMAIL
24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule initialize
FINE: [DBTableOraDataSourceLoginModule] option pw_encoding_class = null
24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule initialize
FINE: [DBTableOraDataSourceLoginModule] option realm_column = null
24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule initialize
FINE: [DBTableOraDataSourceLoginModule] option application_realm = null
24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule initialize
FINE: [DBTableOraDataSourceLoginModule] option casing = toupper
24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule login
FINE: [DBTableOraDataSourceLoginModule]login called on DBTableLoginModule
24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule login
FINE: [DBTableOraDataSourceLoginModule]Calling callbackhandler ...
24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule login
FINE: [DBTableOraDataSourceLoginModule]Username returned by callback = admin
24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule login
FINE: [DBTableOraDataSourceLoginModule]Username changed to case as defined by toupper to ADMIN
24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule performDbAuthentication
FINE: [DBTableOraDataSourceLoginModule]User query string: select USR_EMAIL,USR_PSW from APPLICATION_USER where USR_EMAIL= (?)
24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule performDbAuthentication
FINE: [DBTableOraDataSourceLoginModule]User primary key value found = ADMIN
24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule performDbAuthentication
FINE: [DBTableOraDataSourceLoginModule]Password encoded by: oracle.security.jazn.login.module.db.util.DBLoginModuleClearTextEncoder
24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule performDbAuthentication
FINE: [DBTableOraDataSourceLoginModule]User ADMIN authenticated successfully
24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule performDbAuthentication
FINE: [DBTableOraDataSourceLoginModule]Roles query string: select ROLE_NAME from APPLICATION_ROLE where USR_EMAIL= (?)
24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule performDbAuthentication
FINE: [DBTableOraDataSourceLoginModule]DBUser Principal Name: ADMIN
24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule performDbAuthentication
FINE: [DBTableOraDataSourceLoginModule]DBRole Principal Name: admin_role
24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule login
FINE: [DBTableOraDataSourceLoginModule]Logon Successful = true
24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule commit
FINE: [DBTableOraDataSourceLoginModule]Subject contains 0 Principals before auth
24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule commit
FINE: [DBTableOraDataSourceLoginModule]Local LM commit succeeded
24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule commit
FINE: [DBTableOraDataSourceLoginModule]Subject contains 2 Principals after auth
24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule commit
FINE: [DBTableOraDataSourceLoginModule]Cleaning internal state!

Hi there!
I have another question about this. I've modified a bit DBRolePrincipal class to see what's going on. At the beginning of the equals(Object another) method I added this lines:
log("method equals start",0);
log("another type = " + another.getClass(), 0);
if (another instanceof Principal)
Principal mine = (Principal)another;
log("Principal mine.getName() = " + mine.getName(), 0);
The result is this output (after navigating to page that gives 401 forbidden):
07/10/12 08:38:36 [DBRolePrincipal] method equals start
07/10/12 08:38:36 [DBRolePrincipal] another type = class oracle.security.jazn.oc4j.JAZNUserAdaptor
07/10/12 08:38:36 [DBRolePrincipal] Principal mine.getName() = admin_user
07/10/12 08:38:36 [DBRolePrincipal] method equals start
07/10/12 08:38:36 [DBRolePrincipal] another type = class oracle.adf.share.security.authentication.ADFRolePrincipal
07/10/12 08:38:36 [DBRolePrincipal] Principal mine.getName() = anyone
07/10/12 08:38:36 [DBRolePrincipal] method equals start
07/10/12 08:38:36 [DBRolePrincipal] another type = class oracle.security.jazn.oc4j.JAZNUserAdaptor
07/10/12 08:38:36 [DBRolePrincipal] Principal mine.getName() = admin_user
07/10/12 08:38:36 [DBRolePrincipal] method equals start
07/10/12 08:38:36 [DBRolePrincipal] another type = class oracle.adf.share.security.authentication.ADFRolePrincipal
07/10/12 08:38:36 [DBRolePrincipal] Principal mine.getName() = anyone
07/10/12 08:38:36 [DBRolePrincipal] method equals start
07/10/12 08:38:36 [DBRolePrincipal] another type = class oracle.security.jazn.oc4j.JAZNUserAdaptor
07/10/12 08:38:36 [DBRolePrincipal] Principal mine.getName() = admin_user
07/10/12 08:38:36 [DBRolePrincipal] method equals start
07/10/12 08:38:36 [DBRolePrincipal] another type = class oracle.adf.share.security.authentication.ADFRolePrincipal
07/10/12 08:38:36 [DBRolePrincipal] Principal mine.getName() = anyone
07/10/12 08:38:36 [DBRolePrincipal] method equals start
07/10/12 08:38:36 [DBRolePrincipal] another type = class oracle.security.jazn.oc4j.JAZNUserAdaptor
07/10/12 08:38:36 [DBRolePrincipal] Principal mine.getName() = admin_user
07/10/12 08:38:36 [DBRolePrincipal] method equals start
07/10/12 08:38:36 [DBRolePrincipal] another type = class oracle.adf.share.security.authentication.ADFRolePrincipal
07/10/12 08:38:36 [DBRolePrincipal] Principal mine.getName() = anyone
07/10/12 08:38:36 [DBRolePrincipal] method equals start
07/10/12 08:38:36 [DBRolePrincipal] another type = class oracle.security.jazn.oc4j.JAZNUserAdaptor
07/10/12 08:38:36 [DBRolePrincipal] Principal mine.getName() = admin_user
07/10/12 08:38:36 [DBRolePrincipal] method equals start
07/10/12 08:38:36 [DBRolePrincipal] another type = class oracle.adf.share.security.authentication.ADFRolePrincipal
07/10/12 08:38:36 [DBRolePrincipal] Principal mine.getName() = anyone
07/10/12 08:38:36 [DBRolePrincipal] method equals start
07/10/12 08:38:36 [DBRolePrincipal] another type = class oracle.security.jazn.oc4j.JAZNUserAdaptor
07/10/12 08:38:36 [DBRolePrincipal] Principal mine.getName() = admin_user
07/10/12 08:38:36 [DBRolePrincipal] method equals start
07/10/12 08:38:36 [DBRolePrincipal] another type = class oracle.adf.share.security.authentication.ADFRolePrincipal
07/10/12 08:38:36 [DBRolePrincipal] Principal mine.getName() = anyone
07/10/12 08:38:36 [DBRolePrincipal] method equals start
07/10/12 08:38:36 [DBRolePrincipal] another type = class oracle.security.jazn.oc4j.JAZNUserAdaptor
07/10/12 08:38:36 [DBRolePrincipal] Principal mine.getName() = admin_user
07/10/12 08:38:36 [DBRolePrincipal] method equals start
07/10/12 08:38:36 [DBRolePrincipal] another type = class oracle.adf.share.security.authentication.ADFRolePrincipal
07/10/12 08:38:36 [DBRolePrincipal] Principal mine.getName() = anyone
Why is the name of ADFRolePrincipal always anyone? When I sign in with this user the output says:
07/10/12 08:46:09 [DBTableOraDatasourceLoginModule] User query string: select USERNAME,PASSWORD from ACTIVE_APP_USER_V where USERNAME= (?)
07/10/12 08:46:09 [DBTableOraDatasourceLoginModule] User primary key value found = admin_user
07/10/12 08:46:09 [DBTableOraDatasourceLoginModule] Password encoded by: oracle.sample.dbloginmodule.util.DBLoginModuleCearTextEncoder
07/10/12 08:46:09 [DBTableOraDatasourceLoginModule] User admin_user authenticated successfully
07/10/12 08:46:09 [DBTableOraDatasourceLoginModule] Roles query string: select ROLE_NAME from ACTIVE_APP_ROLE_V where USERNAME= (?)
07/10/12 08:46:09 [DBTableOraDatasourceLoginModule] DBRole Principal Name: admin_role
07/10/12 08:46:09 [DBTableOraDatasourceLoginModule] DBUser Principal Name: admin_user
07/10/12 08:46:09 [DBTableOraDatasourceLoginModule] Logon Successful = true
07/10/12 08:46:09 [DBTableOraDatasourceLoginModule] Subject contains 0 Principals before auth
07/10/12 08:46:09 [DBUserPrincipal] method equals start
07/10/12 08:46:09 [DBUserPrincipal] another type = class oracle.sample.dbloginmodule.principals.DBRolePrincipal
07/10/12 08:46:09 [DBTableOraDatasourceLoginModule] Local LM commit succeeded
07/10/12 08:46:09 [DBTableOraDatasourceLoginModule] Subject contains 2 Principals after auth
07/10/12 08:46:09 [DBTableOraDatasourceLoginModule] Cleaning internal state!
Frank, if you haven't given up on this issue yet could you please try to explain this to me? Why doesn't admin_role principal never get compared in [equals[/i] method?
Thank you!
BB

Solution Manager Security

Hello,
I'm responsible to setup Solution Manager to provide Enterprise Support to the customer. I would like my customer to use Solution Manager by using Internet VPN connection. In the middle of preparation, I have some questions for Solution Manager Security. Because our company has very strict security policy, I need to make sure the questions below and make report to the manager.
1. To follow our companyu2019s security policy, I need to select the port. Could you please let me know which port# do we need to open? I think port# 80 and 443 are required to use Internet connection. Are there any required port #?
2. What kind of Standard User Authentication does Solution Manager have? (Basic Authentication, Digest Authentication or other?)
3. I would like to restrict any unauthorized access. What kind of access control does Solution Manager have? (Like Service Market Place, is there any authentication before entering first screen?)
4. Is it possible to access both HTTP and HTTPS? If so, is it possible to restrict to HTTP connection? I think HTTPS is much safer.
I read the Security Guide downloaded from Service Market Place, but still have questions. I really need someoneu2019s help.
Thank you in advance.
Best Regards,
Natsumi

Hi Natsumi,
Your question addresses general topics of SAP NetWeaver Web Application Server.
Please find some answers below and I would recommend to check the standard documentation.
>
Natsumi Kimura wrote:
>1. To follow our companyu2019s security policy, I need to select the port. Could you please let me know which port# do we need to open? I think port# 80 and 443 are required to use Internet connection. Are there any required port #?
>
port #80 is the default port for http, port #443 is the default port for https.
You can define your own port numbers to provide access.
>
Natsumi Kimura wrote:
> 2. What kind of Standard User Authentication does Solution Manager have? (Basic Authentication, Digest Authentication or other?)
>
SAP Solution Manager 7.0 is based on SAP NetWeaver and is using the same authentications options.
>
Natsumi Kimura wrote:
> 3. I would like to restrict any unauthorized access. What kind of access control does Solution Manager have? (Like Service Market Place, is there any authentication before entering first screen?)
>
The first screen is the logon screen. Users needs to have logon data (user, password) to access the Work Center.
The URL for the Key User is accessible in the Internet (and may be further restricted to dedicated IP address by additional network infrastructure).
See section "4.4 Internet Communication Framework" in Security Guide.
See section "4.5 Secure Socket Layer (SSL) for HTTP Connections" in Security Guide.
>
Natsumi Kimura wrote:
> 4. Is it possible to access both HTTP and HTTPS? If so, is it possible to restrict to HTTP connection? I think HTTPS is much safer.
>
Yes, it's possible to offer HTTPS connection, only.
Helpful links:
[Application Help - Additional Information on Network Security|http://help.sap.com/saphelp_nw70ehp1/helpdata/en/0a/0a2e12ef6211d3a6510000e835363f/content.htm]
[Security Guide SAP Solution Manager 7.0 EHP 1 and SP 19 |http://service.sap.com/~form/sapnet?_SHORTKEY=01100035870000718044&_OBJECT=011000358700000310012009E]
[How-To install&configure the SAP Web Dispatcher|http://service.sap.com/~form/sapnet?_SHORTKEY=01100035870000722611&_SCENARIO=01100035870000000202&_OBJECT=011000358700000121752008E]
Best regards,
Ruediger

Mass Change in Recipe management (Transaction RMWB) - change specification

Hello ALL,
I am working on a Requirement - Mass Change in Recipe management (Transaction RMWB)
Requirement - for a given specification number get the list of all recipes where this particular specification is used (this is achieved by standard functionality in RMWB)
When a particular recipe is changed in a recipe - perform a mass change of specification across all the recipes.
Things I have found already:
This has to be done in similar fashion as status change is done using ABAP Class -CL_RCP_MSC_STATUS
I would appreciate your help and suggestion in this.
Regards,
Nikhil

Hi Beth,
Yeah actually we did the same thing per your specs: non-status related although confined to preferred recipes, substituting substance X for Y in dependent formulas of recipes.
The only option right I am aware of currently requires custom ABAP work using the Mass-Change framework supplied.
Regards

Adding Custom Fields to the Recipe Management Workbench

Hi Experts
I'm trying to add fields to the Quatities Tab of the recipe dependent and the stage dependent formulas
in RMWB (Recipe Management Workbench).
I've added other fields to the Input and output tab by appending the frmls_iot_scr structure and then doing the layout setup
in SPRO but where and how do I go about adding fields to the Quantities Tab and is there a BADi that can then be used to fill
those additional fields.
Any help would be much appreciated.
Regards
Vic

Hi Vic,
There are no exits or BAdI for extending the fields for the view quantities. New fields must be added at the structure FRMLS_TOTALS and added into the customizing table FRMLC32 as col_id. Then the processing of the fields is still to be programmed. The function group is FRML600.
You can use also a copy of the group group.
Best regards,
Roland

Recipe Management Security

Similar Messages

Maybe you are looking for