Redeploy changes security provider

Similar Messages

• Unable to save changes in console for a custom security provider

  I built a custom security provider and dropped it in the mbeantypes folder. This gets picked up by weblogic. I then try to modify the control flags and make it SUFFICIENT. I reboot the server but when i log back in the control flag is reset to OPTIONAL. It not saving the data to the xml file. We are running it on a UNIX box.

  Hi,
  I solved the problem by myself.
  The log area was at 100%, that's why the configtool wasn't able to save my changes.
  Now I changed the backup properties for the log files to AutoLog (in the Backup Wizard) and it works fine.
  Best regards,
  Christian

• Need api for changing security role in web.xml !!

  My requirement is to change the value of the deployment descriptor "security-role" (in web.xml) through an api and inturn to persist the new value in web.xml. Also I need to know if this change is automatically redeployed or an explicit redeployment is needed ? In that case how do I redeploy using an api call ?
  I found a lot of apis related to roles like createRole, removeRole etc.. But there are no apis to change the name of the role and inturn persist in web.xml.
  Do I need to provide any more information ? Let me know
  Thanks,
  Karthick

  why and when do you change security-role? try to use ant task (perhaph you need xpath also). it´s the better when you perform task about life´s cycle of application.
  please, describe your problem.
  of course in you change web.xml you must restart the application.

• Security Provider for a web dynpro with tool Visual Administrator

  Hello all,
  after deploying successfully my web dynpro on the J2EE 7.0 WAS, I'm trying to set up authentication to it but I cannot find my applicaiton in the list of policy configurations of the Security Provider entry. When I try to add the path to my local web dynpro, the engine doesn't find it.
  I have noticed that all other policy configurations reference a servlet_jsp application. Should I transform my web dynpro into a servlet_jsp? How do I do that?
  Thanks for your input,
  Tanguy Mezzano

  Hello Marcel,
  in fact, I don't succeed to redeploy with another provider name... I have undeployed my webdynpro with SDM on the Java stack, but from NWDS, when I change the application-j2ee-engine.xml and application.xml files, and that I rebuild the webdynpro, when I run and deploy, it always redeploys under the former provider: local.
  When I create the application, I tell to use the existing component, should I select create a new one, but that means that I have to rebuild the whole application.
  Will then the webdynpro be in the Security Provider list, so that I can configure it with http header?
  Thx for your help,
  Tanguy

• [Solved] Setting Security Provider to LDAP during Deployment

  Hi,
  One of our developers has created an ant script that deploys our application to an Oracle Application Server. Our application requires users to be authenticated via OID, and so we modify the security provider accordingly amd restart the application.
  However, everytime we redeploy the application, the security provider is always "reset" to File Based Authentication. Is there a way in ant or in some other else to set the security provider to LDAP so we don't have to keep changing the security provider and bouncing application whenever we redeploy?
  We've tried creating an orion-application.xml file already with jazn entry set to LDAP. What happens is that this file gets included in the ear file, but when it is deployed, it is placed in the OC4J_HOME/applications/myapp/META-INF directory instead of the OC4J_HOME/application-deployments/myapp directory, which is where the proprietary application deployment descriptor should go.
  Is there something we're missing?
  Cheers,
  Rey

  Hi Thanassis,
  I figured out how to deploy using ant with LDAP as security provider! It's a bit of work though.
  1. Create application.xml because application needs to be deployed as an ear file.
  2. Create orion-application.xml because this will contain the entry of using LDAP instead of xml.
  3. Create a Deployment Plan. This is done in JDeveloper by creating a WAR Deployment Profile, then right clicking it and deploying to an Oracle Application Server. Before actual deployment, JDeveloper will show a dialog for the Deployment Plan. Save the file, and cancel the deployment. You can view the contents of the file in JDeveloper. Make sure the line <jazn provider="LDAP"> exists; otherwise, there was something wrong with the orion-application.xml file.
  4. I edited the Deployment Plan and removed the line for data-sources.xml because I don't want to include one. You can create one alterantively if you don't want to remove this line.
  5. Finally, in the ANT script, add some lines to generate the ear file. Then in the oracle:deploy tag, make sure you use the deploymentplan attribute, and set it to the deployment plan you saved in step 3.
  That's it! Works beautifully!
  Cheers,
  Rey

• Access denied to a security provider on a signed applet

  Hi,
  I'm having permissions problems to work with a security provider.
  The security provider is already installed at java.security. In fact, at Netbeans when debbuging the app it's working perfectly.
  If I'm working the provider in an signed applet, then there are errors.
  Even, I have created a .jar file and I have saved in the /ext directory, wich by default in the java.policy file has got all security permissions.
  grant codeBase "file:${{java.ext.dirs}}/*" {
  permission java.security.AllPermission;
  Even with these granted permissions, I'm getting problems to work with the security provider that I have installed. Also, with these permissions I should be able to install the security provider.
  log:
  <record>
  <date>2012-03-13T12:13:39</date>
  <millis>1331637219126</millis>
  <sequence>17</sequence>
  <logger>appletpdf.appletPdf</logger>
  <level>SEVERE</level>
  <class>appletpdf.appletPdf</class>
  <method>applTest</method>
  <thread>11</thread>
  <message>excepcion: {0} </message>
  <exception>
  <message>java.security.AccessControlException: access denied (java.security.SecurityPermission authProvider.SunPKCS11-Provider-name)</message>
  <frame>
  <class>java.security.AccessControlContext</class>
  <method>checkPermission</method>
  <line>393</line>
  </frame>
  <frame>
  <class>java.security.AccessController</class>
  <method>checkPermission</method>
  <line>553</line>
  </frame>
  <frame>
  <class>java.lang.SecurityManager</class>
  <method>checkPermission</method>
  <line>549</line>
  </frame>
  <frame>
  <class>net.sourceforge.jnlp.runtime.JNLPSecurityManager</class>
  <method>checkPermission</method>
  <line>250</line>
  </frame>
  <frame>
  <class>sun.security.pkcs11.SunPKCS11</class>
  <method>login</method>
  <line>1036</line>
  </frame>
  <frame>
  <class>sun.security.pkcs11.P11KeyStore</class>
  <method>login</method>
  <line>874</line>
  </frame>
  <frame>
  <class>sun.security.pkcs11.P11KeyStore</class>
  <method>engineLoad</method>
  <line>764</line>
  </frame>
  <frame>
  <class>java.security.KeyStore</class>
  <method>load</method>
  <line>1201</line>
  </frame>
  <frame>
  <class>apppdf.appPdf</class>
  <method>tPKCS11</method>
  <line>174</line>
  </frame>
  <frame>
  <class>appletpdf.appletPdf</class>
  <method>applTest</method>
  <line>137</line>
  </frame>
  <frame>
  <class>appletpdf.appletPdf</class>
  <method>initapplDPdf</method>
  <line>116</line>
  </frame>
  <frame>
  <class>sun.reflect.NativeMethodAccessorImpl</class>
  <method>invoke0</method>
  </frame>
  <frame>
  <class>sun.reflect.NativeMethodAccessorImpl</class>
  <method>invoke</method>
  <line>57</line>
  </frame>
  <frame>
  <class>sun.reflect.DelegatingMethodAccessorImpl</class>
  <method>invoke</method>
  <line>43</line>
  </frame>
  <frame>
  <class>java.lang.reflect.Method</class>
  <method>invoke</method>
  <line>616</line>
  </frame>
  <frame>
  <class>sun.applet.PluginAppletSecurityContext$4</class>
  <method>run</method>
  <line>699</line>
  </frame>
  <frame>
  <class>java.security.AccessController</class>
  <method>doPrivileged</method>
  </frame>
  <frame>
  <class>sun.applet.PluginAppletSecurityContext</class>
  <method>handleMessage</method>
  <line>696</line>
  </frame>
  <frame>
  <class>sun.applet.AppletSecurityContextManager</class>
  <method>handleMessage</method>
  <line>69</line>
  </frame>
  <frame>
  <class>sun.applet.PluginStreamHandler</class>
  <method>handleMessage</method>
  <line>273</line>
  </frame>
  <frame>
  <class>sun.applet.PluginMessageHandlerWorker</class>
  <method>run</method>
  <line>82</line>
  </frame>
  </exception>
  </record>
  Fails in the line where the KeyStore is loading:(Pin is correct)
  KeyStore myKeyStore=null;
  Provider p = Security.getProvider("SunPKCS11-Provider-Name");
  myKeyStore = KeyStore.getInstance("PKCS11",p);
  char[] pinData = pin.toCharArray();
  myKeyStore.load(null, pinData);
  Any help would be apreciated.
  Thank you.
  Bye

  Thank you for your information, Frank, as it clarifies part of my confusion. However, there are a couple more loose ends I'd love to address before I mark your responses as answers.
  Do backup and restore privileges apply at all over a network mount created via "net use"?
  The network mount requires a username and password for the destination machine. Assuming the destination machine is a Windows box with a simple CIFS share, how does this user affect our permissions and access? Do we end up effectively impersonating this
  user, or is the access check still done with our sync process's run-as user?
  We require that both our configured run-as user for our sync process *and* the credentials passed to the network mount be administrator users of the local system and destination system, respectively, meaning they're in of the "BUILTIN\Administrators,
  S-1-5-32-544" group.
  On re-syncs, the destination file will exist and since we don't have the ability to read the ACL in all cases (we're running as one user, the file is owned by another user, and we aren't specified in the ACL in any way), we aren't able to determine if the
  file has changed. Is it possible to determine the owner of this file in this case? Preferably, we'd obtain the entire SDDL.
  My proposed plan is to interpret access denied as a difference requiring re-sync, resulting in us taking ownership of the file, granting ourselves access, determining if there are data differences, and then re-syncing the metadata as appropriate.

• Error in security provider logon stack: no logon to visual administrator

  Probably i made a mistake in configuring SAP-J2EE-Engine security provider login modules.
  Now i cannot logon to Visual Administrator, it tells me
  "Error while connecting
  com.sap.engine.services.security.exceptions.BaseLoginException: Access Denied."
  Is there a way to reset login module stack from configtool or in some config file?
  Many thanks in advance.
  Simone Zaffalon

  Hi
  you can configure your login stack configuration using config tool. Config tool works locally against the server's database, thus no authentication is required.
  1. Be sure that your server is not running! (shutdown SAP J2EE processes)
  2. Launch config tool ("use default db settings").
  3. switch to configuration editor mode (the most-right icon in the icon toolbar)
  4. navigate to security-->configurations
  Here you find your logon stacks and the login modules contained within them. Click on the "pencil" icon for changing your current configuration.
  See the thread below .It will resolve your issue
  Unable to access Visual Admin
  Points are welcome if it is helpful
  Koti Reddy

• Security Provider Service in NWA on 7.3?

  Hi,
  I know it is a basic question but does anyone know where is the configuration path for Security Provider Service which could be configured in Visual Administrator in NWA on 7.3?
  Regards
  Melih

  Dear Colleagues,
  Try the following:
  1. In NWA -> Identity Management -> Search the role '<role>'
  2. In 'Details of Role topsconverter' -> Click 'Modify'
  3. Navigate to tab 'Assigned Actions'
  4. Get: enter '<application>'  -> Add
  5. Save the change by pressing 'Save' button.
  6. Logoff NWA
  Regards,
  Alvaro Raminelli

• How to change security questions after adding a second email address?

  I'm at a loss and really really frustrated with Apple for the first time in my life.
  I've added a second email address and tried over the last 3 days on my iPad and Mac to change my security questions. There is no option present that I can see that allows you to do this without first entering the answers. (to which I don't know anymore)
  I called Apple support (even in english) and every time the call has been dropped.
  In all the years since switching to Apple I've always been impressed with the level of customer service. This is the first time that I've felt this level of sincere frustration.
  I'm not sure why I have to book a time to speak with someone. Updating or changing security questions, should be a process one can do over the internet. I'm confused either way why questions are necessary if the apple password entered was correct. It's not my bank account; why the need for such extreme security just to download an app paid for by an iTunes card!
  Any help or direction would be appreciated!!
  Thank you
  Kate

  Hello there, Kate.
  Apologies for your frustration. For your security the existing questions need to be answered before new ones can be created. The following Knowledge Base article provides some additional steps to try if you are unsure of the answers to the existing ones:
  Apple ID: All about Apple ID security questions
  http://support.apple.com/kb/HT5665
  Specifically:
  What should I do if I don't remember the answers to my Apple ID security questions?
  Try answering them at least once to see if you can get them right, even if you are not sure you remember the answers to your security questions.
  If you are confident you can't remember them, try one of the following:
  If you have three security questions and a rescue email address
  sign in to My Apple ID and select the Password and Security tab to send an email to your rescue email address to reset your security questions and answers. 
  If you have one security question and you know your Apple ID passwordsign in to My Apple ID and select the Password and Security tab to reset your security question.
  If you have one security question, but don't remember your Apple ID password
  contact Apple Support for assistance. Learn more about creating a temporary support PIN to help Apple confirm your identity when you contact Apple Support.
  Note: If you have forgotten your password and answer your security questions incorrectly too many times in a row, you will be unable to try to answer your security questions for a period of time. During that time you will not be able to reset your password and will not have access to your account.
  Thanks for reaching out to Apple Support Communities.
  Cheers,
  Pedro D.

• Question on OID Security Provider?

  1. I find two offical documents on config OID security provider, which one is correct?
  http://download.oracle.com/docs/cd/E15523_01/webcenter.1111/e12405/wcadm_security.htm#BGBBHAGJ
  http://download.oracle.com/docs/cd/E12839_01/apirefs.1111/e13952/taskhelp/security/ConfigureOracleInternetDirectoryATNProvider.html
  The main differences are:
  a. whether to change cn to uid at Groups related fields?
  for example:All Groups Filter to (&(uid=*)(|(objectclass=groupofUniqueNames)(objectclass=orcldynamicgroup)))
  b. whether to modify jps-config.xml file?
  2. I config provider successful based on http://download.oracle.com/docs/cd/E15523_01/webcenter.1111/e12405/wcadm_security.htm#BGBBHAGJ, I can find all user and group of OID at weblogic console. My question is why can't I delete or change group of user which at OID. When I add new user via weblogic console wizard I can't find OID provider at Authentication Provider list. What matter with it? a bug or somthing wrong with my configuration, even it is build-in design?

  a. whether to change cn to uid at Groups related fields?
  If the group name attribute for the static group object in the LDAP directory structure is a type other than cn, change that type in the settings for the All Groups Filter and Group Name From Filter attributes.
  For OID, Static group attribute is CN if i am not wrong. So I believe we dont need to change the All Groups Filter.
  b. whether to modify jps-config.xml file?
  I believe NO.
  why can't I delete or change group of user which at OID. When I add new user via weblogic console wizard I can't find OID provider at Authentication Provider list.
  The Weblogic OID Provider is read only, we cant modify anything on OID. Its not the bug, you get the same behaviour with the other providers as well.
  Hope it answers.

• Security Provided Config

  Greetings
  I have an oc4j container server 10.1.3. I have an app that uses a custom login module. Whenever I deploy my app the server resets the security provider back to File Based Security, I then have to go in to the server admin, and change to custom login module, and put my auth module in as required. After this my app works and the login works correctly with the custom module. My question is, is there something I can do in jdeveloper or somewhere that will tell the server to use my module for this app? or do I have to go in every time and manually update it?
  thanks
  troy

  Troy,
  Bascially you need to package whatever xml file you are using (your jazn config files) inside the ear file. This way OC4J will not create a new file every time you deploy, since these files will be present in the ear by default.
  Hope this helps.
  Deepak

• Error using 10.1.3 Security Provider:3rd party LDAP or Custom Login Module

  Hello all,
  After deploying my JSF/ADF application using Jdeveloper 10.1.3 to Oracle Application Server 10.1.3, I used the Application Server control to change the 'Security Provider' configuration:
  1. Using 3rd Party LDAP Provider (Novell eDirectory)
  I get the following error when restarting the application with the new config.
  06/06/21 16:42:32 Error while configuring security provider MBean for application AccessList
  06/06/21 16:42:32 java.lang.ClassNotFoundException: oracle/security/jazn/jmx/CustomLDAPSecurityProvider
  2. Using Custom Login Module (again programmatically talks to eDirectory and it works in UIX/10.1.2 application)
  I get the following error when restarting the application with the new config.
  06/06/21 14:31:19 Error while configuring security provider MBean for application AccessList
  06/06/21 14:31:19 java.lang.ClassNotFoundException: oracle/security/jazn/jmx/LoginModuleSecurityProviderAlso, I get this error with both the settings..
  06/06/21 14:31:19 WARNING: Application.setConfig Application: AccessList is in failed state as initialization failedjava.lang.
  InstantiationException
  Jun 21, 2006 2:31:19 PM com.evermind.server.Application setConfig
  WARNING: Application: AccessList is in failed state as initialization failedjava.lang.InstantiationException
  06/06/21 14:31:19 java.lang.InstantiationException
  06/06/21 14:31:19       at com.evermind.server.ApplicationStateRunning.initDataSources(ApplicationStateRunning.java:1424)
  06/06/21 14:31:19       at com.evermind.server.ApplicationStateRunning.initializeApplication(ApplicationStateRunning.java:195)
  java.lang.ClassNotFoundException error leads me to believe, I am just missing to include some libraries..
  I have included "bc4j.security" in my web project and I am not sure if that is what is needed!
  Will appreciate your help..
  Thanks,
  Karthik

  The problem i had with my Custom login module was that JDeveloper includes the datasources listed in the connection tab.
  When JDeveloper does that it writes the username and password in the jazn-data.xml. But with the Custom Login module the reference in de data-source declaration cannot find the password. that's why i got the InstantiationException at the initDataSources point.
  In tools>preferences>deployment you can uncheck the option:
  Bundle Default data-sources.xml During Deployment.
  The problem with this is when i specify a datasource in the data-sources.xml i included myself, jdeveloper will also put de datasources under the Connections tab in the data-sources.xml.
  Does anyone knows how to stop jdeveloper putting the datasources automatic in the file, or how to prevent jdeveloper storing the password in jazn-data.xml?

• 3rd party LDAP security provider problem

  I'm having an issue that when I've deployed my j2ee application to Oracle AS 10g rel3 app server, the security-constraint I've configured in my web.xml file isn't being obeyed, or at least it doesn't appear to be.
  As part of the deployment process I've configured a 3rd party LDAP server as the security provider. As for mapping groups to roles, I've set it such that all users and groups should be mapped to the role AuthorisedUser - my intention is that for any protected url's defined in the web.xml, the user should be redirected to a login page as defined in the web.xml file as well (I'm using FORM based authentication in the login-config) - but after they are logged in they will be assigned the role of AuthorisedUser.
  The following is being written to the orion-application.xml file
  <security-role-mapping name="AuthorisedUser" impliesAll="true" />
  What I'm observing is that users aren't being challenged when they hit a secured url-pattern. Is this as a result of the impliesAll="true" attribute ?

  I found that the <security-role-mapping> element is not functioning correctly for 10.1.3.4 OC4J LDAP authentication. I saw in the log.xml that I was getting authenticated but it wasn't finding the role-group map.
  I changed the role-name in the web.xml to be the exact same thing as the group in LDAP and that fixed that problem.
  I know the original poster has gone past this problem, but for people in the future, I hope this helps.
  Now my problem is the j_security_check... once I'm authenticated, the browser ends up at http://hostname:port/OrderManagement/j_security_check instead of the application page. Any ideas?
  Thanks,
  David

• How can i change security questions of Apple id ?

  when i tryed to change security questions it says :The Authentication Information provided does not match our records. Please verify your personal information and try again. how can i change it when i cant remember my ol answers but remember password ?

  This is the final straw for me. I am trying to set up security questions for both myself and my daughters (on 3 separate accounts) and even though THIS IS THE FIRST TIME we are answering the security questions - I get the same response:
  "The Authentication Information provided does not match our records. Please verify your personal information and try again".
  WHAT RECORDS?
  This is all very interesting as how can our information be incorrect when we haven't even set it up? As it is, our purchases cannot happen  and I have just sent emails to 4 companies telling them that I cannot use the App. store.
  Does this make any sense to anyone?
  It's a joke to me and I refuse to have to make a **** support call for something that should be logical.
  Eco

• How to change security password  in ipod 5

  How to. Change security password in ipod 5

  maybe this:
  Forgotten Security Questions/Answers
  You need to contact Apple by:
  1 - Use the Express lane and start here:
  https://expresslane.apple.com
  then click More Products and Services>Apple ID>Other Apple ID Topics>Forgotten Apple ID security questions.
  or
  Apple - Support -form iTunes Store - Contact Us
  2 - Call Apple in your country by getting the number from here:
  http://support.apple.com/kb/HE57
  or           
  Apple ID: Contacting Apple for help with Apple ID account security
  3 - Use your rescue email address if you set one up
  Rescue email address and how to reset Apple ID security questions
  For general  information see:
  Apple ID: All about Apple ID security questions
  or this
  Forgotten Screen-Lock Passcode
  Connect the iOS device to your computer and try to make a backup
  iOS: How to back up
  Then restore via iTunes. The iOS device will be erased. Place the iOS device in Recovery Mode if necessary to allow the restore.
  If recovery mode does not work try DFU mode.
  How to put iPod touch / iPhone into DFU mode « Karthik's scribblings
  For how to restore:
  iTunes: Restoring iOS software
  To restore from backup see:
  iOS: Back up and restore your iOS device with iCloud or iTunes
  If you restore from iCloud backup the apps will be automatically downloaded. If you restore from iTunes backup the apps and music have to be in the iTunes library since synced media like apps and music are not included in the backup of the iOS device that iTunes makes.
  You can redownload most iTunes purchases by:
  Downloading past purchases from the App Store, iBookstore, and iTunes Store   
  If problem what happens or does not happen and when in the instructions? When you successfully get the iPod in recovery mode and connect to computer iTunes should say it found an iPod in recovery mode.