Region based on URL and https

I have a region based on a URL, but it does not work with https! It looks like a limitation of SYS.UTL_HTTP or am I missing something.
I can get around it by using an iframe, so what is the benefit of SYS.UTL_HTTP?
Cheers Simon

Thanks John, I am just reading the documentation on Oracle Wallet Manager now. I'll get our DBA to set one up for me.
Is UTL_HTTP a better solution for embedding a web page than iframes?
Simon

Similar Messages

Urgent requirement : security error accessing url and http error: standalone flex

Hi,
I have a requirement to create record from standalone flex. I am using Flex builder 3.
I used Flex-force toolkit to login to salesforce. The swf file generated when used internal to salesforce it works great.
But my requirement is to run it from public sites page / standalone pages. How will I configure it? I am getting error 'security error accessing url', default HTTP
The requirement is on priority, please help me to resolve this issue.
The login code is also furnished below. please help.
Full error details:
(com.salesforce.events::ApexFaultEvent)#0
bubbles = false
cancelable = true
context = (null)
currentTarget = (null)
eventPhase = 2
fault = (mx.rpc::Fault)#1
 content = (null)
 errorID = 0
 faultCode = "Channel.Security.Error"
 faultDetail = "Destination: DefaultHTTP"
 faultString = "Security error accessing url"
 message = "faultCode:Channel.Security.Error faultString:'Security error accessing url' faultDetail:'Destination: DefaultHTTP'"
 name = "Error"
 rootCause = (flash.events::SecurityErrorEvent)#2
 bubbles = false
 cancelable = false
 currentTarget = (flash.net::URLLoader)#3
 bytesLoaded = 0
 bytesTotal = 0
 data = (null)
 dataFormat = "text"
 eventPhase = 2
 target = (flash.net::URLLoader)#3
 text = "Error #2170: Security sandbox violation: file:///C|/Users/R/DOCUME%7E1/FLEXBU%7E1/TESTLO%7E1/BIN%2DRE%7E1/TESTLO%7E1.SWF cannot send HTTP headers to https://login.salesforce.com/services/Soap/u/14.0?1000.1153011256829."
 type = "securityError"
headers = (null)
message = (mx.messaging.messages::ErrorMessage)#4
 body = (null)
 clientId = "DirectHTTPChannel0"
 correlationId = "B8A1B02E-CE17-DCBA-4894-F2E4CBEB7C04"
 destination = ""
 extendedData = (null)
 faultCode = "Channel.Security.Error"
 faultDetail = "Destination: DefaultHTTP"
 faultString = "Security error accessing url"
 headers = (Object)#5
 DSStatusCode = 0
 messageId = "41F6A90D-ECAE-EA2D-7C84-F2E4DABD72F3"
 rootCause = (flash.events::SecurityErrorEvent)#2
 timestamp = 0
 timeToLive = 0
messageId = "41F6A90D-ECAE-EA2D-7C84-F2E4DABD72F3"
statusCode = 0
target = (null)
token = (mx.rpc::AsyncToken)#6
 message = (mx.messaging.messages::HTTPRequestMessage)#7
 body = "<se:Envelope xmlns:se="http://schemas.xmlsoap.org/soap/envelope/"><se:Header xmlns:sfns="urn:partner.soap.sforce.com"/><se:Body><login xmlns="urn:partner.soap.sforce.com" xmlns:ns1="sobject.partner.soap.sforce.com"><username>uname</username><password>pwdandsec token</password></login></se:Body></se:Envelope>"
 clientId = (null)
 contentType = "text/xml; charset=UTF-8"
 destination = "DefaultHTTP"
 headers = (Object)#8
 DSEndpoint = "direct_http_channel"
 httpHeaders = (Object)#9
 Accept = "text/xml"
 SOAPAction = """"
 X-Salesforce-No-500-SC = "true"
 messageId = "B8A1B02E-CE17-DCBA-4894-F2E4CBEB7C04"
 method = "POST"
 recordHeaders = false
 timestamp = 0
 timeToLive = 0
 url = "https://login.salesforce.com/services/Soap/u/14.0?1000.1153011256829"
 responders = (Array)#10
 [0] (::SalesForceResponder)#11
 result = (null)
type = "fault"
Login code:
[Bindable] public var sfdc:Connection = new Connection();
private function login():void {
Security.loadPolicyFile("http://salesforce.com/services/crossdomain.xml");
var lr:LoginRequest = new LoginRequest();
lr.username = "uname";
lr.password = "pwdtoken";
sfdc.protocol = "https";
sfdc.serverUrl = "https://login.salesforce.com/services/Soap/u/14.0";
lr.callback = new AsyncResponder(loginSuccess, loginFault);
sfdc.login(lr);

This is resolved.
I have copied the crossdomain.xml file to tomcat Root folder
and the issue is resolved.

Difference between URN, URL, and HTTP

hello,
wat is the diference between URN, URL, and HTTP

Hi BIndu,
If u have searched on SDN then u will get many answers.
Just refer the below links:
http://help.sap.com/saphelp_nw04/helpdata/en/4e/83623c9c6b530de10000000a114084/content.htm
XML Namespaces in XI (URL s. URN)
Namespaces: Difference between URN & URI
what is the diference for use either http:// or urn: in the namespace
difference between urn and url
Thnx
Chirag
Reward points for helpful answers.

Local Director http probes with URLs and http redirect mode

I am trying to configure http probes on my Local director 430 running 4.2.3
I am using http redirect mode so the Virtual is bound to URLs not REALs with are linked to DIPs which are bound to REALs. So far the probes seem to not actually do anything. Does anyone know if the probes are compatible with URL redirect loadbalancing. And if so how one would go about configuring it.
Thanks for your help.

keepalive can be used for the probe notification in this case.
Check the following url for details.
http://www.cisco.com/univercd/cc/td/doc/product/webscale/css/bsccfggd/services.htm#xtocid727448

WCF-WebHttp dynamic URL and Dynamic Header/Behavior configuration.

HI,
I have an requirement to integrate with the REST Services in BizTalk Server 2013 R2, And This REST Service URL and HTTP Headers will differs per message. So I had created an Orchestration with the Dynamic Request-Response port and assign the properties in
Message Assignment Shape. However while testing HTTP Headers were not added to service request message.
I had tried with create Custom endpoint behaviour and assigned this behaviour to service request in Orchestration, however this property also not assigned from the Orchestration.
Is this a bug for WCF-WebHttp Adapter? Is any other options to achieve my requirement?
Thanks,
Raj
Praveen

Hi Praveen,
Its a known bug already
reported to Microsoft.
BizTalk 2013 servers that have been upgraded from BizTalk 2010 are missing
some of the new global properties including HttpHeaders properties because
of this even in orchestration we cannot change the HttpHeaders on messages.
As a workaround WCF behavior extension
can be used to solve this problem.
Which can be downloaded from here.
For the detailed explanation, I would adivce you to follow the below link on how to dynamically change
the WCF-HttpHeaders for WCF-WebHTTP adapter.
Dynamic
WCF-HttpHeaders for WCF WebHttp adapter
There is already a discussion going on around this on another post. Ashwin has also recommend to use custom pipeline component as a work around .
Refer: BizTalk WCF-WebHttp Custom Headers per message
Rachit
Please mark as answer or vote as helpful if my reply does

How to do http session stickiness based on URL patterns?

Is there a feature within the WL plugin for Apache that would allow me to emulate the "jvmroute" session stickiness behaviour as provided by Tomcat and its plugin. I would like to have the control to tie requests from http clients to particular WLS servers in a cluster depending on the URL. For example http://foo.com/web01 requests would be forwarded to an appsererver app01 and so on. For all other requests (e.g http://foo.com/web), the WL plugin would do its normal load balancing ignoring the stickiness. From my understanding the WLS inbuilt http session stickiness is based on JSessionIDs which are exchanged using cookies - which is something i cannot use in my case since i want the stickiness based on URL patterns.
I am using WLS 10.0 with Apache 2.2.4 on Linux.
Thanks
Ramdas

Session is not replicated across all the servers in the Cluster.
Apache knows which server to go using the JSession ID.
There is a concept of primary and secondary, secondary is selected based on the replication groups there are configured in the cluster.
you can configure the cluster so that /web01 requests go to different cluster, and /web requests go to different cluster.
but you can get all the funtiionalities from the single cluster.
Do you have any java caching that you are not able to replicate across the cluster ?(I know this can be done too).
let me know what you are actually trying to solve by doing the behavior you explained.

Differentiating HTTP Request through a URL and a value change listener

Version Details:
Oracle JDeveloper 11g Release 1 11.1.1.4.0
Studio Edition Version 11.1.1.4.0
Build JDEVADF_11.1.1.4.0_GENERIC_101227.1736.5923
IDE Version: 11.1.1.4.37.59.23
Product ID: oracle.jdeveloper
Product Version: 11.1.1.4.37.59.23
ADF Business Components 11.1.1.59.23
Java(TM) Platform 1.6.0_21
Oracle IDE 11.1.1.4.37.59.23
Versioning Support 11.1.1.4.37.59.23
Base Details:
The Product, that a different team is working on (which I cannot access, code, touch,...), creates reports and essentially generates a URL with a bunch of parameters:
http://<host>:<port>/myApplication/main.jspx?parameter1=value1&parameter2=value2...When the user clicks on an "Edit" button, a modal popup window is displayed (using jQuery) with an embedded iFrame with its source pointing to the above URL.
The "myApplication" is an ADF application which brings up an ADF form based on the parameters. Once the user enters the data, validations occur and the data is written into a total of 3 different Tables in the Database. Once the operation is finished, the user closes the popup by clicking on the "X" button of the popup window, which essentially does "popup.*hide()*".
Limitations:
<li>Since there are varied combination of parameter values and associated ADF forms, taskflows is not* an option.
<li>Since the logic of generating the ADF form is not straightforward, ADF BC is not* an option.
<li>Since validations are based on the value change listeners, the managed bean has to be a session scope_ bean.
Problem:
When, for the first time, the user clicks on the Edit button with a particular set of parameter values, the corresponding ADF form is displayed and things work normal. Since the managed bean is under session scope, the form generated for the first popup window stays the same for any subsequent popup windows, even when the URL and its parameters are completely different. As I can not listen to the popup close event, I cannot invalidate my session either.
I tried using filters in the web.xml to grab the request and apply the business logic. Due to the presence of multiple value change listeners (too many <tt>autosubmit=true</tt>), every value change listener triggers a request and so the business logic gets applied with every value change.
After some tests, I deduced that the difference between the call from iFrame and the call from value change is the HTTP Request Method - GET for iFrame and POST for value change listener. So in my filter I apply the business logic when there is a GET request and not apply when its a POST request.
Turns out, that is not a valid enough differentiation between the two requests being made. Sometimes, even the value change listeners are issuing a GET request.
Question:
*1*. Is there a way to force the value change listeners to always trigger a POST request?
*2*. Is there a way to differentiate the requests originating from the other team's Product and those generated by my own value change listeners?
*3*. Is there a different approach, incorporating the above-mentioned limitations, to clear out the session scope each time when a request is made through iFrame? That is, whenever a request is made through the other team's Product?
Edited by: user737922 on Apr 13, 2011 10:58 AM

_(Temporary) Solution_:
Summary:
I am using the request parameter <tt>_adf.ctrl-state</tt> to differentiate between the HTTP requests that my application receives.
Details:
When I receive the request from the other team's Product, I receive a <tt>GET</tt> and a <tt>adf.ctrl-state</tt> value which I store into a local variable in my session-scoped managed bean. The <tt>adf.ctrl-state</tt> value stays the same for all requests (<tt>GET</tt> or <tt>POST</tt>) made from within my own application. It changes only when there is a new request from the other team's Product.
Also, as my application is accessed through an iFrame, there is no possibility of the generated URL being modified by the end-user.
For now it seems that the solution is appropriate but I am not fully confident if relying on the <tt>_adf.ctrl-state</tt> value is the best approach.

WCF service fronted with SSL enabled NGINX load balancer shows HTTP based WSDL url instead of HTTPS

Hi,
I have WCF service hosted using IIS 8.5 on application server. And application servers are fronted with NGINX load balancer with SSL enabled. Backend communication protocol between NGINX to application server is http.
When customer visits public domain url (https://xxx.com/service.svc), they can see the WSDL url with http://xxx.com/service.svc?wsdl.
What change should I make so that WSDL url will have https instead of http ?
This is service side configuration.
<system.serviceModel>
<services>
<service name="Service.IService">
<endpoint address="" binding="basicHttpBinding" bindingNamespace="http://xyz.com/Service" name="Service_Endpoint" contract="Service.IService" />
</service>
</services>
<bindings>
<basicHttpBinding />
</bindings>
<client />
<behaviors>
<serviceBehaviors>
<behavior>
<serviceThrottling maxConcurrentCalls="5000" maxConcurrentInstances="2147483647" maxConcurrentSessions="5000" />
<serviceMetadata httpGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="true" />
</behavior>
</serviceBehaviors>
</behaviors>
<serviceHostingEnvironment multipleSiteBindingsEnabled="true" />
</system.serviceModel>
Thanks in advance !!

Hi,
For this scenario, you could just enable SSL in IIS to get HTTPS endpoints. If your service is exposed at https then you configure the same using “httpsGetEnabled”:
<behaviors>
<serviceBehaviors>
<behavior
name="MyServiceTypeBehaviors"
>
<serviceMetadata
httpGetEnabled="true"
/>
</behavior>
</serviceBehaviors>
</behaviors>
For more information, you could refer to:
http://www.codeproject.com/Articles/327260/What-s-new-in-WCF-Automatic-HTTPS-endpoint-for
http://blogs.msdn.com/b/brajens/archive/2007/04/26/accessing-description-metadata-wsdl-of-wcf-web-service.aspx
Regards

UIWebView and https URLs

Hi guys,
I'll make this very short.
If a URL that you want a UIWebView to load is https and would put up an authorization dialog in Safari, what's the best API to use to accomplish this? (I can supply the authentication programmatically).
All I need is a point in the right direction - there is URLLoading, and several other APIs. I just want the most straightforward one for simply supplying the authentication and then getting the URL to load into a WebView.
Much thanks,
Johnny

So on your localhost, this works fine.. its only when you've uploaded it to your production or remote server that you get these problems ?
I'd talk to the host of the box.. is there a firewall issue here. Do a view source on the http and https versions of the same pages and double check that the paths are the same. Are there frames in the application which could foul things up ?
Are you SURE you've uploaded all the images etc that you need ?

How do I get connected to a server on my network via an IP address? When I try to open in a URL and login as a registered user with proper login it errors out saying there was a problem with connecting to the server?

I am new to Mac...How do I get connected to a server on my network via a hyper link IP address path? When I try to open in a URL and login as a registered user with proper login it errors out saying there was a problem with connecting to the server?

Some of the following is going to use some technical terms — this area is inherently somewhat technical.
If you don't understand some part of the following reply, please ask.
Is this your own OS X Server system on your own network, or is this some other server within some larger organization?
You're posting this in the OS X Server forum, which is a software package that allows OS X systems to provide web-based and many other services; to become servers.
If it's your OS X Server on your network, then the network and DNS configurations are suspect, or the server is somehow malfunctioning or misconfigured. This is unfortunately fairly common, as some folks do try to avoid setting up DNS services.
If it's a larger organization and somebody else is managing the server and the network, then you'll probably need to contact the IT folks for assistance; to learn the network setup and DNS requirements, and if there's a problem with the server itself.
The basic web URL "hyper link IP address path" — without using DNS — usually looks something the following, where you'll need to replace 10.20.30.40 with the IP address of your server:
http://10.20.30.40
UptimeJeff has posted a URL that specifies the AFP file system; an OS X file share. That's used if you're connecting to an Apple storage service somewhere on your network. You might alternatively need to specify smb://10.20.30.40 or such, if it's a Windows file server. (There can be additional requirements for connecting to Windows Server systems, too.)
If there's local IT staff available here, please contact them for assistance. If these are your own local systems and your own local OS X Server system, then some information on the server will be needed. (If you're on a NAT'd network, you'll also need to get DNS services configured and working on your local OS X Server system and your network — you'll not be able to skip this step and reference ISP DNS servers here — or things can and usually will get weird.)

WEB_CAT User Notifications different for http and https

Hi,
We're using a AsyncOS7.5 on Ironport S360.
When a user accesses a URL which according to URL Category Filtering is forbidden
(e.g. www.mydrive.ch) then the Error Message when using http is:
This Page Cannot Be Displayed
Based on your organization's policies, access to this web site (http://www.mydrive.ch/ )
has been blocked because the web category .... is not allowed.
Date:
Username:
Source:
URL:
Category:
Reason:
Notification:
If on the other hand the user uses https then the error message looks like this:
The proxy server is refusing connections
Firefox is configured to use a proxy that is refusing connections.
- Check the proxy settings ...
- Contact your network administrator ...
Does anyone know why is that and how can I make it use the former notification for both cases?

Hi Jannis,
In HTTP policy or access policy, the returned log from a blocked traffic due to category is BLOCK_WEBCAT and you will also see a TCP_DENIED/403 in the line.
In decryption policy for HTTPS traffic, the returned log from a blocked traffic due to category is DROP_WEBCAT, and you will so see a TCP_DENIED/403 in the response.
With policy trace:
For HTTPS traffic it should reply with information that indicates that the HTTPS request dropped based on URL category.
And for HTTP traffic, it should reply with "Request blocked based on URL category"
Also, you can determine which policy that triggers the blocking, whether it is the access policy (for HTTP) or decryption policy (for HTTPS).
thanks,
Donny

Report URL and configuration

Hi Friends,
I saw a running report server from midtier. after open this server from System Components, I do not
see any engineer is running in there. The former dba set up this application server 10GR2 at window 2003.
Currently, end user request report URL.
we have a form server and URL. I know to confugured it.
form application URL as
http://www.xxsaleinformation.com/forms/frmservlet?config=sale-prodid
Based on above, I changes to as
http://www.xxsaleinformation.com/reports/rwservlet
It is openning page as OracleAS Reports Services - Servlet Command Help
SO where can I find a report URL? how to configure oracle report server.( for example. i configured forsweb.cfg for form application)
Thanks for your help in detail.
Jim

Does any person use report server in here?
I need to know report configured procedures and steps.
I use app. server 10GR2 in window 2003. the Form application works well now.
I am looking for help from experts.
Jim

Ie 11 fails with 'IE Security detected that the URL and the configuration link to not match

HI,
I Have a user that is using IE 11 and is getting the following error:
IE Security detected that the URL and the configuration link to not match. Please use the URL as configured. Is and IP based URL. On IE 10 we get a similar message, but as soon as we add it to our trusted site and switch to compatibility
mode the issue goes away.
For example http://10.10.10.180/xxx/iafwebsite_810/
What would be causing this issue?
Any help would be appreciated.
Thanks,
Trish
Trish Leppa

Hi,
It seems that this URL doesn't meet security level. Thus, as long as you add this URL to Trusted sites zone, this issue is fixed.
Thanks!
Andy Altmann
TechNet Community Support

What is the difference between https: and http: at the beginning of the web address? Does this effect security when looking onto bank accounts?

New to foxfire, and not very computer savvy. When enter search for bank account noticed the the web address came up with a http: rather than an https: as it normally does when I search from safari on MAC, or even at my PC at work. Not sure what the difference is but if it is a security thing than foxfire is no good for my use.

In Firefox 4 and later you no longer have the Status bar that showed the padlock in previous Firefox versions. 
The padlock only shows that there is a secure connection and doesn't guarantee that you are connected to the right server. 
So you might still be connected to the wrong server if you make a typo in the URL and someone has claimed that mistyped URL. 
The functionality of the padlock has been replaced by the [[Site Identity Button]] on the left end of the location bar. 
See also:
* http://www.dria.org/wordpress/archives/2008/05/06/635/
* https://support.mozilla.com/kb/Site+Identity+Button
* http://www.mozilla.com/en-US/firefox/security/identity/
You can use this extension to get a padlock on the location bar.
*Padlock: https://addons.mozilla.org/firefox/addon/padlock-icon/

Login URL and External Applications

Are there any guidelines for finding the login URL's for External Applications? For example, if you want to set up E*Trade as an External Application, you go to https://www.etrade.com and look at the source. You find that form that submits the user id and password is thus:
<form name="myForm" action="/login.fcc" method="post" autocomplete="off" onsubmit="return populateTarget();">
However, setting the login URL to https://www.etrade.com/login.fcc fails.
Any suggestions on how to form this?

I went to https://www.etrade.com and looked at the source. I didn't get the same source that you got -- pI don't know why. I am in the United States, and perhaps you are notm and that makes the difference.
In the source I saw, the login <form> tag was:
<form name="myForm" onSubmit="doMagic()" method="post" autocomplete="off">
Looking at the javascript function "doMagic" I noticed that it sets two cookies before doing the submission. The "login.fcc" page may be failing the login request for lack of these cookies.
I also noticed that the script sets the action HREF with
document.myForm.action = "https://us.etrade.com/login.fcc";
(in the case where the locale is US).
Perhaps you need a specific country host for "login.fcc", not www.etrade.com.
-- Joshua

Region based on URL and https

Similar Messages

Maybe you are looking for