[RVS 4000] Setup secure ACL
I want to make an ACL that will allow the minum traffic. For example only; HTTP, DNS, SSH, FTP, TeamSpeak, Torrents.
This doesn't seem to be possible with the ACL on my Cisco Small Business RVS4000, I can only choose from predifined settings.
I can't setup my own source and destination IP's and ports. So that isn't very useful.
I might be wrong, so that's why I posted this threat. Is there a way to allow a mimimum traffic flow with the ACL?
When I only allow HTTP, DNS, etc. and deny the rest I can't use my TeamSpeak, MSN and Torrents anymore.
This is what I have now and which works, but isn't secure... Check the screenshot below. Below that is my iptables configuration, an ACL like that would be my idea of secure
#!/bin/sh
IPTABLES=/sbin/iptables
MODPROBE=/sbin/modprobe
INT_NET=192.168.1.32/28
LO=127.0.0.0/8
### Flush existing rules and set chain policy setting to DROP ###
echo "[+] Flushing existing iptables rules..."
$IPTABLES -F
$IPTABLES -F -t filter
$IPTABLES -X
$IPTABLES -P INPUT DROP
$IPTABLES -P OUTPUT DROP
$IPTABLES -P FORWARD DROP
### KERNEL modifications ###
echo "[+] Setting up KERNEL modifications..."
$MODPROBE ip_conntrack
# Disable IP forwarding
echo 0 > /proc/sys/net/ipv4/ip_forward
# Enable IP spoofing protection
for i in /proc/sys/net/ipv4/conf/*/rp_filter; do echo 1 > $i; done
# Protect against SYN flood attacks
echo 1 > /proc/sys/net/ipv4/tcp_syncookies
### INPUT chain ###
echo "[+] Setting up INPUT chain..."
### State tracking rules
$IPTABLES -A INPUT -m state --state INVALID -j LOG --log-prefix "DROP INVALID " --log-ip-options --log-tcp-options
$IPTABLES -A INPUT -m state --state INVALID -j DROP
$IPTABLES -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
### ACCEPT rules for allowing connections in
### Loopback
$IPTABLES -A INPUT -i lo -s $LO -d $LO -m state --state NEW -j ACCEPT
# SSH
$IPTABLES -A INPUT -p tcp --dport 22 --syn -m state --state NEW -m recent --set --name SSH
$IPTABLES -A INPUT -p tcp --dport 22 --syn -m state --state NEW -m recent --update --seconds 120 --hitcount 4 --rttl --name SSH -j DROP
$IPTABLES -A INPUT -p tcp --dport 22 --syn -m state --state NEW -j ACCEPT
### Anti-spoofing rules
$IPTABLES -A INPUT -d $INT_NET -j LOG --log-prefix "SPOOFED PACKET "
$IPTABLES -A INPUT -d $INT_NET -j DROP
### Default INPUT LOG rule
$IPTABLES -A INPUT ! -i lo -j LOG --log-prefix "DROP " --log-ip-options --log-tcp-options
### OUTPUT chain ###
echo "[+] Setting up OUTPUT chain..."
### State tracking rules
$IPTABLES -A OUTPUT -m state --state INVALID -j LOG --log-prefix "DROP INVALID " --log-ip-options --log-tcp-options
$IPTABLES -A OUTPUT -m state --state INVALID -j DROP
$IPTABLES -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
### ACCEPT rules for allowing connections out
# Loopback
$IPTABLES -A OUTPUT -o lo -s $LO -d $LO -m state --state NEW -j ACCEPT
# SSH
$IPTABLES -A OUTPUT -p tcp --dport 22 --syn -m state --state NEW -j ACCEPT
# Whois
$IPTABLES -A OUTPUT -p tcp --dport 43 --syn -m state --state NEW -j ACCEPT
# DNS
$IPTABLES -A OUTPUT -p udp --dport 53 -m state --state NEW -j ACCEPT
# HTTP
$IPTABLES -A OUTPUT -p tcp --dport 80 --syn -m state --state NEW -j ACCEPT
# NTP
$IPTABLES -A OUTPUT -p udp --dport 123 -m state --state NEW -j ACCEPT
# HTTPS
$IPTABLES -A OUTPUT -p tcp --dport 443 --syn -m state --state NEW -j ACCEPT
# MSN
$IPTABLES -A OUTPUT -p tcp --dport 1863 --syn -m state --state NEW -j ACCEPT
# RWhois
$IPTABLES -A OUTPUT -p tcp --dport 4321 --syn -m state --state NEW -j ACCEPT
# Google Talk
$IPTABLES -A OUTPUT -p tcp --dport 5222 --syn -m state --state NEW -j ACCEPT
# KTorrent
$IPTABLES -A OUTPUT -p tcp --dport 6881 --syn -m state --state NEW -j ACCEPT
$IPTABLES -A OUTPUT -p udp --dport 6881 -m state --state NEW -j ACCEPT
$IPTABLES -A OUTPUT -p tcp --dport 4444 --syn -m state --state NEW -j ACCEPT
$IPTABLES -A OUTPUT -p udp --dport 4444 -m state --state NEW -j ACCEPT
# IRC
#$IPTABLES -A OUTPUT -p tcp --dport 6667 -m state --state NEW -j ACCEPT
# Teamspeak Voice
$IPTABLES -A OUTPUT -p udp --dport 9987 -m state --state NEW -j ACCEPT
# Teamspeak Serverquery
$IPTABLES -A OUTPUT -p tcp --dport 10011 --syn -m state --state NEW -j ACCEPT
# Teamspeak Update Server
#$IPTABLES -A OUTPUT -p udp --dport 17384 -m state --state NEW -j ACCEPT
# Teamspeak Filetransfer
$IPTABLES -A OUTPUT -p tcp --dport 30033 --syn -m state --state NEW -j ACCEPT
# Ping
$IPTABLES -A OUTPUT -s $INT_NET -p icmp --icmp-type echo-request -j ACCEPT
### Default OUTPUT LOG rule
$IPTABLES -A OUTPUT ! -o lo -j LOG --log-prefix "DROP " --log-ip-options --log-tcp-options
### FORWARD chain ###
echo "[+] Setting up FORWARD chain..."
### State tracking rules
$IPTABLES -A FORWARD -m state --state INVALID -j LOG --log-prefix "DROP INVALID " --log-ip-options --log-tcp-options
$IPTABLES -A FORWARD -m state --state INVALID -j DROP
$IPTABLES -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
### Anti-spoofing rules
$IPTABLES -A FORWARD -d $INT_NET -j LOG --log-prefix "SPOOFED PACKET "
$IPTABLES -A FORWARD -d $INT_NET -j DROP
### Default FORWARD LOG rule
$IPTABLES -A FORWARD ! -i lo -j LOG --log-prefix "DROP " --log-ip-options --log-tcp-options
I explored that feature, but it doesn't feel like it's related to the rules I apply. For example I have these 3 rules now, when I go into that manager and I will define a port for SSH for example then that port is also in the manager for 'deny all'. So what's the clue? Do I have to give the ACL and the port definition the same name and then only those two are related to eachother? Because at this point the two menu's don't feel related.
PS: Thanks rshao
Similar Messages
-
All RVS-4000's with firmware versions less than 1.3.2.0
Hi,
For those of you without the time to explore the Cisco site. I thought you guys might want to know about the following vulnerability. Which is fixed in the latest firmware version 1.3.2.0 for the RVS-4000:
Cisco Security Advisory: Cisco Small Business Video Surveillance Cameras and Cisco 4-Port Gigabit Security Routers Authentication Bypass Vulnerability
Document ID: 111641
Advisory ID: cisco-sa-20100421-vsc
http://www.cisco.com/warp/public/707/cisco-sa-20100421-vsc.shtml
Revision 1.1
Last Updated 2010 MAY 19 2030 UTC (GMT)
For Public Release 2010 APR 21 1600 UTC (GMT)
Software Versions and Fixes
To determine the software version running on a camera, administrators can click the "About" tab at the top-right of the device user interface. The software version information can be obtained on the System Status page under the "Status" tab.
The latest camera software can be downloaded at http://tools.cisco.com/support/downloads/go/Redirect.x?mdfid=282414029 ( registered customers only) .
The software version of the RVS4000 is displayed on the main router page displayed after users log in.
The latest RVS4000 software can be downloaded at http://tools.cisco.com/support/downloads/pub/Redirect.x?mdfid=282413304 ( registered customers only) .
When considering software upgrades, also consult http://www.cisco.com/go/psirt and any subsequent advisories to determine exposure and a complete upgrade solution.
In all cases, customers should exercise caution to be certain the devices to be upgraded contain sufficient memory and that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, contact the Cisco Small Business Support Center or your contracted maintenance provider for assistance.
Product
First Fixed Version
PVC2300
1.1.2.6
WVC200
1.2.2.0
WVC210
1.1.0.15
WVC2300
1.1.2.6
RVS4000
1.3.2.0
BruceYes, I posted this same information in the Video Surveillance section a few weeks ago. it was actually a Partner on the
community who found this and brought it to our attention and we fixed it.
Thanks for cross posting here, since you are right in it also effected this router.
And a big thank you for taking the time to collaborate some very useful information with the community. I have noticed your recent posts and I think they are well writen, helpful, and well organized. I also like your idea of turning some threads into solutions documents and resource labs perhaps.
If you would ever like to post something of that natire, you may also. Just creat a document with your findings.
Steve -
Connecting 3 RVS 4000 with VPN
Hello,
i want to connect in a triangle 3 RVS 4000 Router with VPN
i have configured 3 routers, which are able to connect to the Internet. Each of them are configured as a gateway.
i have created 2 tunnel on each router. But the vpn connection can't be established,
here is the configuration of router1 the other are configured in the same way, only the remote group setup is different
Do i have to open also some ports for the VPN , if yes which one and were
Thanks fpr your help and response
HP.MeyerHello,
Are you trying to ping the IP address of the clients behind the routers or the computer name? You will need to use the IP addresses only unless you add the names to the LMHOSTS file in your PCs. Also, if there is any antivirus or third party firewall software running on those clients it will block the PC from replying to pings from an untrusted subnet. For example you ping from R1 with 192.168.100.1 to a PC behind R2 that has 192.168.101.x. Because the antivirus or firewall software on the PC sees that the ping request is coming from a different subnet it will block the response. You will need to either disable any security software or add the untrusted subnet to the trusted list in that software. Sometimes it is best to test by pinging something that does not have any software, such as a printer or print server.
Please keep us updated. -
Hello!
Since I got a NAS System connected to my Network (one Month ago) I get attacked every day by DDOS attacks.
I Just set my NAS to the DMZ of my Router and opened 3 Ports for Service of QNAP.
I assume that at this moment I got scanned and thererfore the intrusions started.
For the last month I experianced nearly every Day Internet Connection Problems and the Router didn't respond anymore.
As I found last week a new Firmwar-Version I updated my router, enabled IPS and applied the latest Security file.
In the IPS Report I found loads of DDOS and Synflood attacks.
With IPS my Router Works and I got no more problems that my Inet access is corrupted BUT now I got the Problem that my
downloadrate sunk to 20Mbit from formerly 100Mbit.
I already wrote my ISP about this situation and want them to change my WAN-IP Adress but they to it only in very urgent cases.
Is there any option to operate the RVS 4000 save AND fast???Sorry I seem to have no access to the documentation,
I get:
Forbidden File or Application
The file or application you are trying to access may require additional entitlement or you are trying to access a file with an invalid name. Additional entitlement levels are granted based on a users relationship with Cisco on a per-application basis.
If you feel you have reached this page in error, please try one of the following methods to locate your document:
If you are manually entering the URL into your browser location bar, be sure to include the file name of the page you are trying to access (file names typically end in .htm, .html or .shtml).
Use the Search feature located in the upper right section of this page.
Return to the Cisco.com Home or select a primary site area from the top navigation bar.
Consult with your Cisco Account Manager to confirm you have the appropriate entitlement to access this page.
If you would like to contact someone about this problem, please click on the Contacts & Feedback link below.
Back
Sorry to bother You again but I have to know in other words if I have extra costs for the IPS or just have to purchase the device like the RVS4000?!? I still do not understand what you mean with paid feature.
Sorry english is not my mothertounge. -
I am being prompted to enter security questions when making a purchase on my new IPad. I don't believe I have ever setup security questions on my apple id. I have tried logging into my apple id and have chosen the security and priviacy settings to set up security questions. However I am prompted to enter answers to security questions and am told they don't match. How to I create new security questions or reset them?
You need to ask Apple to reset your security questions; ways of contacting them include phoning AppleCare and asking for the Account Security team, clicking here and picking a method for your country, and filling out and submitting this form.
They wouldn't be security questions if they could be bypassed without Apple verifying your identity.
(104011) -
No Internet Access with Static IP and RVS 4000
I have an RVS 4000. I have several PC's to which I have assigned static IP addresses. I have recently upgraded most of the PC's to Win 7 (64) machines. I updated the firmware on the RVS4000 to 1.3.3.5 in conjunction with this. After such update (and actually before as well) I could not assign a static IP address to a PC and have access to the internet. It connects fine to my LAN, just no internet access. This is also affected on several other machines running Win XP and Win 2003 Server, so it's not just this computer.
I have:
1. Shut down (powered off/unplugged) everything, router, DSL modem, switches, server, etc.
2. As I said firmware is current.
3. Yes, DNS servers and gateway, subnet, etc. are all correctly specified on the PC.
4. Router is set for gateway mode.
5. Set to only IPV4.
The only way it allows internet access is to use DHCP. I've even tried taking the IP address via DHCP and manually assigning the DNS servers and that works fine, but as soon as I assign a static IP internet access is immediately gone.
There must be something I'm missing, but I can't seem to find it.
Everything worked fine prior to the conversion of the Win 7 machines, i.e. I had several PC's with static IP's and no problems.
Any thoughts appreciated.As an addendum, if I turn off the Firewall (internet access policy to disable) it will allow the static IP computer to have internet access. I have the DHCP range set to be .5 - .54 and am using a static ip outside this range. The Internet access policy is to restrict those PC's getting IP via DHCP.
-
How to Setup an ACL over a Command in solaris 2.6
Hi all,
Has anyone have an idea on how to setup an ACL over a command
in solaris 2.6 . i.e: to force a user (or a group) to enter a
password to run a command (like mount and others).
Thanks for your help.
haed98.
[email protected]Hi head98,
You can set ACL using setfacl commands. This way you can exclusively assign read/write/execute permissions on command that you wish. But ACL doesn't prompt for passwords or you can set passwords using ACL. One way of doing this will be to create wrapper for commands which will prompt for passwd, compare them with /etc/shadow and then execute the real command.
Hope this helps, Thanks. SUN/DTS -
The role of java.security.acl in Java 2 security
I have been trying to assess the role of the java.security.acl package within the Java 2 Security architecture. I have some questions regarding it.
First where in the JVM are the interfaces of java.security.acl used? Are there any examples out there to guide developers in understanding their proper implementation?
What is the relationship between this package and the core security package? There seems to be a Permission interface in the acl sub-package and an abstract Permission class in the core security package. Why is this the case? Why is the core abstract class not used instead of declaring a new Permission interface within the acl subpackage?
Are not PermissionCollections and Permissions analogous to ACLs? If so then wouldn't that fact make the acl subpackage redundant?
JSR 115 tries to bridge the gap between Java 2 Security in the SDK with security in J2EE. Namely enabling the RBAC-like approach to security in J2EE while using the AccessController of the J2SE to do the evalualtion of J2EE (Servlet/EJB) Permissions. Why are the Group and Owner interfaces defined here not leveraged in both JSR 115 and in general for Role Based Access Control?
Could someone give some background on the vision behind creating the acl subpackage and how it relates to the historical progression of security advances in Java security architectures?
Thanks much,
Alex KarasuluI see from the defined interfaces that its an attempt at a formal approach to RBAC. However RBAC can be implemented without it all together using existing J2SE and JAAS based constructs. This does not answer the redundancy question. Could you elaborate a little bit more?
Thanks,
Alex -
Java.security.acl.NotOwnerException when Administration Port is set
I get the NOE, posted below, when I start some of my managed servers, while other managed servers
start fine. After some scrutiny I discover the differences is that in /console, I've set some of my
managed server's Administration Port to that of my admin server, and these are the ones that are
busted! Those that I left as default '0' start up just fine. Hence the question: "What the heck
is the use of this field???"
<Apr 3, 2001 3:12:02 PM PDT> <Info> <WebLogicServer> <IIOP subsystem enabled.>
<Apr 3, 2001 3:12:02 PM PDT> <Emergency> <Server> <Unable to initialize the server: 'Fatal
initialization exception
Throwable: java.lang.IllegalAccessError: java.security.acl.NotOwnerException
java.lang.IllegalAccessError: java.security.acl.NotOwnerException
at weblogic.security.acl.Realm.getRealm(Realm.java:91)
at weblogic.security.acl.Realm.getRealm(Realm.java:36)
at weblogic.security.acl.Realm.authenticate(Realm.java:183)
at weblogic.security.acl.Realm.getAuthenticatedName(Realm.java:233)
at weblogic.security.acl.internal.Security.authenticate(Security.java:116)
at
weblogic.jndi.WLInitialContextFactoryDelegate.pushUser(WLInitialContextFactoryDelegate.java:429)
at
weblogic.jndi.WLInitialContextFactoryDelegate.newContext(WLInitialContextFactoryDelegate.java:272)
at
weblogic.jndi.WLInitialContextFactoryDelegate.getInitialContext(WLInitialContextFactoryDelegate.java
:244)
at weblogic.jndi.Environment.getContext(Environment.java:135)
at weblogic.jndi.Environment.getInitialContext(Environment.java:118)
at weblogic.management.Admin.initializeRemoteAdminHome(Admin.java:894)
at weblogic.management.Admin.start(Admin.java:311)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:331)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:169)
at weblogic.Server.main(Server.java:35)
'>
The WebLogic Server did not start up properly.
Exception raised: java.lang.IllegalAccessError: java.security.acl.NotOwnerException
java.lang.IllegalAccessError: java.security.acl.NotOwnerException
at weblogic.security.acl.Realm.getRealm(Realm.java:91)
at weblogic.security.acl.Realm.getRealm(Realm.java:36)
at weblogic.security.acl.Realm.authenticate(Realm.java:183)
at weblogic.security.acl.Realm.getAuthenticatedName(Realm.java:233)
at weblogic.security.acl.internal.Security.authenticate(Security.java:116)
at
weblogic.jndi.WLInitialContextFactoryDelegate.pushUser(WLInitialContextFactoryDelegate.java:429)
at
weblogic.jndi.WLInitialContextFactoryDelegate.newContext(WLInitialContextFactoryDelegate.java:272)
at
weblogic.jndi.WLInitialContextFactoryDelegate.getInitialContext(WLInitialContextFactoryDelegate.java
:244)
at weblogic.jndi.Environment.getContext(Environment.java:135)
at weblogic.jndi.Environment.getInitialContext(Environment.java:118)
at weblogic.management.Admin.initializeRemoteAdminHome(Admin.java:894)
at weblogic.management.Admin.start(Admin.java:311)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:331)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:169)
at weblogic.Server.main(Server.java:35)
Reason: Fatal initialization exception
Gene Chuang
Join Kiko.com!Ah, I see! The introduction of an "admin server" in 6.0 caused the confusion for me. The
Administration Port is NOT the port number of the admin server!
Gene
"Kumar Allamraju" <[email protected]> wrote in message news:[email protected]...
This is equivalent to weblogic.system.AdministrationPort in 451/510.
In 451/51 if you start WLS server with
java -Dweblogic.system.administrativePort=2000 weblogic.Server
and then executing
D:\releases\510>java weblogic.Admin admin://localhost:2000 VERSION
returns the WLS version.
WebLogic Build: 5.1.0 Service Pack 8 12/20/2000 16:34:54 #95137
Bottom line is, once you set admin port, all admin stuff can be done on admin protocol only.
It appears this is not happening/broken in 6.0 . There's already an engg issue filed on thisproblem.
>
Kumar
Gene Chuang wrote:
I get the NOE, posted below, when I start some of my managed servers, while other managed
servers
start fine. After some scrutiny I discover the differences is that in /console, I've set someof my
managed server's Administration Port to that of my admin server, and these are the ones that are
busted! Those that I left as default '0' start up just fine. Hence the question: "What theheck
is the use of this field???"
<Apr 3, 2001 3:12:02 PM PDT> <Info> <WebLogicServer> <IIOP subsystem enabled.>
<Apr 3, 2001 3:12:02 PM PDT> <Emergency> <Server> <Unable to initialize the server: 'Fatal
initialization exception
Throwable: java.lang.IllegalAccessError: java.security.acl.NotOwnerException
java.lang.IllegalAccessError: java.security.acl.NotOwnerException
at weblogic.security.acl.Realm.getRealm(Realm.java:91)
at weblogic.security.acl.Realm.getRealm(Realm.java:36)
at weblogic.security.acl.Realm.authenticate(Realm.java:183)
at weblogic.security.acl.Realm.getAuthenticatedName(Realm.java:233)
at weblogic.security.acl.internal.Security.authenticate(Security.java:116)
at
weblogic.jndi.WLInitialContextFactoryDelegate.pushUser(WLInitialContextFactoryDelegate.java:429)
at
weblogic.jndi.WLInitialContextFactoryDelegate.newContext(WLInitialContextFactoryDelegate.java:272)
at
weblogic.jndi.WLInitialContextFactoryDelegate.getInitialContext(WLInitialContextFactoryDelegate.java
:244)
at weblogic.jndi.Environment.getContext(Environment.java:135)
at weblogic.jndi.Environment.getInitialContext(Environment.java:118)
at weblogic.management.Admin.initializeRemoteAdminHome(Admin.java:894)
at weblogic.management.Admin.start(Admin.java:311)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:331)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:169)
at weblogic.Server.main(Server.java:35)
'>
The WebLogic Server did not start up properly.
Exception raised: java.lang.IllegalAccessError: java.security.acl.NotOwnerException
java.lang.IllegalAccessError: java.security.acl.NotOwnerException
at weblogic.security.acl.Realm.getRealm(Realm.java:91)
at weblogic.security.acl.Realm.getRealm(Realm.java:36)
at weblogic.security.acl.Realm.authenticate(Realm.java:183)
at weblogic.security.acl.Realm.getAuthenticatedName(Realm.java:233)
at weblogic.security.acl.internal.Security.authenticate(Security.java:116)
at
weblogic.jndi.WLInitialContextFactoryDelegate.pushUser(WLInitialContextFactoryDelegate.java:429)
at
weblogic.jndi.WLInitialContextFactoryDelegate.newContext(WLInitialContextFactoryDelegate.java:272)
at
weblogic.jndi.WLInitialContextFactoryDelegate.getInitialContext(WLInitialContextFactoryDelegate.java
:244)
at weblogic.jndi.Environment.getContext(Environment.java:135)
at weblogic.jndi.Environment.getInitialContext(Environment.java:118)
at weblogic.management.Admin.initializeRemoteAdminHome(Admin.java:894)
at weblogic.management.Admin.start(Admin.java:311)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:331)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:169)
at weblogic.Server.main(Server.java:35)
Reason: Fatal initialization exception
Gene Chuang
Join Kiko.com! -
Weblogic.security.acl in Weblogic 6
I came across the following in the migration documention
(http://edocs.bea.com/wls/docs60/notes/migrate.html#1026915):
I'm assuming that this is just a typo or wording issue but it currently
reads "weblogic.security.acl" is deprecated? Can't be the whole package.
Anyone else notice this?
Deprecated APIs and Features
The following APIs and features are deprecated in anticipation of future
removal from the product:
a.. weblogic.security.acl
b.. WebLogic Events
WebLogic Events are deprecated and should be replaced by JMS messages with
NO_ACKNOWLEDGE or MULTICAST_NO_ACKNOWLEDGE delivery modes. See Programming
WebLogic JMS for more information.
c.. WebLogic HTMLKona
d.. T3 Driverrequest.getRemoteUser() still works fine for me after I implented a custom
Autthenication / LoginModule.
"patrik" <[email protected]> wrote in message
news:[email protected]..
>
Yes, I have. see:
http://newsgroups.bea.com/cgi-bin/dnewsweb?cmd=article&group=weblogic.develo
per.interest.security&item=8553&utag=
>
But if you've managed to get out the information from it I'd be gratefulto know
how.
/Patrik
"Utpal" <[email protected]> wrote:
Have you tried weblogic.security.Security.getCurrentSubject() ??
-utpal -
Weblogic.security.acl.realm.authentication... Exception
Hello All
the reason I'm moving a post-question from JMS to this section is people there
suggested this. anyway,
when I tried to use an applet which implemented MessageListener to send message,
I got the following exception ( the port 7001 had been granted to connect, resolve
in java.policy)
javax.naming.AuthenticationException [root exception is java.lang.SecurityException:Authentication
for user admin denied in realm webogic start server side trace: java.lang.SecurityException:Authentication
for user admin denied in realm weblogic at weblogic.security.acl.Realm.authentication(Realm.java
212) at weblogic.security.acl.Realm.getAuthenticatedName(Realm.java 233) at weblogic.security.acl.internal.Security.authenticate(Security.java
135) at weblogic.kernel.bootSevicesImp.authenticat(BootServicesImp.java 119) at
weblogic.kernel.ExecuteThread.run(ExcuteThread.java:120 ..
My Question is why servlet or swing or other application out of applet don't generate
such exceptions even most codes are similar ? How to deal with this?
Thanks
John
Hello All
the reason I'm moving a post-question from JMS to this section is people there
suggested this. anyway,
when I tried to use an applet which implemented MessageListener to send message,
I got the following exception ( the port 7001 had been granted to connect, resolve
in java.policy)
javax.naming.AuthenticationException [root exception is java.lang.SecurityException:Authentication
for user admin denied in realm webogic start server side trace: java.lang.SecurityException:Authentication
for user admin denied in realm weblogic at weblogic.security.acl.Realm.authentication(Realm.java
212) at weblogic.security.acl.Realm.getAuthenticatedName(Realm.java 233) at weblogic.security.acl.internal.Security.authenticate(Security.java
135) at weblogic.kernel.bootSevicesImp.authenticat(BootServicesImp.java 119) at
weblogic.kernel.ExecuteThread.run(ExcuteThread.java:120 ..
My Question is why servlet or swing or other application out of applet don't generate
such exceptions even most codes are similar ? How to deal with this?
Thanks
John
-
Weblogic.security.acl.DefaultRealmImpl missing
I try to implement a custom realm. I get an Exception because
weblogic.security.acl.Realm tries to use the class
weblogic.security.acl.DefaultRealmImpl which is missing. Instead the
class seems to exists in the package weblogic.security.acl.internal. Is
there a workaround out there to make the whole thing work. Or do I have
to wait for the next service pack (how long)?
Thanks, Bodo.solved!
simply import weblogic.jar in the project -
Weblogic.security.acl.internal.AuthenticatedSubject not resolved
Hi guys,
when I try to implement that code:
CallbackHandler handler = new URLCallbackHandler(username,
password);
Subject mySubject =
weblogic.security.services.Authentication.login(handler);
weblogic.servlet.security.ServletAuthentication.runAs(mySubject, request);
// Where request is the httpservletrequest object.
in my servlet I get that issue in workshop 9.2:
The type weblogic.security.acl.internal.AuthenticatedSubject cannot be resolved. It is indirectly
referenced from required .class files
Any idea??
Thanks a lot
L.solved!
simply import weblogic.jar in the project -
Drive mapping with 2 RVS 4000 over VPN
Hello
i have the following problem. I have created a VPN VPN connection with two RVS 4000 (release 2.x)
i have a local network on one site with some PC's and a NAS drive. I have shared some of the direcorys. From the other Network i can ping each device, but mapp the shared directory isn't possible.
Hope someone can give me a idea
Thansk
HP.MeyerHi Derek my name is Johnnatan and I am part of the Small business Support community, your case involves multiple devices and QoS features, you can contact us to open you a case and get a better help.
https://www.cisco.com/en/US/support/tsd_cisco_small_business_support_center_contacts.html
I hope you find this answer useful,
Greetings,
Johnnatan Rodriguez Miranda.
Cisco network support engineer. -
Location of weblogic.security.acl.internal.AuthenticatedSubject
I'm trying to compile this code:
CallbackHandler handler = new URLCallbackHandler(userName, password);
Subject subject = Authentication.login(handler);
ServletAuthentication.runAs(subject, request);
But ServletAuthentication.runAs complains that it relies on class weblogic.security.acl.internal.AuthenticatedSubject which is not found.
i agree, i don't find it in either weblogic.jar or wls-api.jar from the 10.3.4 lib directory.
Where do i get this code?Found it!
It's in
com.bea.core.weblogic.security.identity.jar in the Middleware/modules directory
Maybe you are looking for
-
HDMI cable - Plus Pay TV with HDMI cable. How to correct?
Today i purchased Apple tv and was told to buy a HDMI cable which i did. My problem is my tv has 1 input and that input currently has HDMI cable connected to the Austar unit (pay TV). Any ideas how to correct this please? i.e. double adapter etc.
-
Problem with starting Lightroom CC 6.0 and 6.1
I upgraded to Lightroom CC (6.0) from 5.7.1. Photographer Cloud Service. Since completing the install, very time I go to start LR, I get an error box stating..."The action cannot be completed because the other program is busy. Chose 'Switch to" to ac
-
Need help in connecting Dell Monitor to Dell Inspiron
I recently purchased an Inspiron 17R laptop to reduce the high usage of my Precision M6600 laptop. A Dell U2312HM monitor was used with the Precision as a second monitor and I want to use it with the newly acquired Inspiron system as a second monitor
-
I recently purchased an app and clicked on another to have alook and it appears I have bought it....it is $20.99 and I don't want it as its not age appropriate for my kids. I have stopped the download for now...but is it possible not to purchase it o
-
Unable to open or create file ... Permission denied
I'm a new user of LC Designer ES. After creating and saving a form, I made changes and now cannot save. Error message in Log tab of Report palette says "PDF generated successfully. Unable to open or create file [file name] Permission denied." Any