Securing ability to Invalidate HTTP Cache in SMICM

Similar Messages

• Securing Parameters send over Http (Reports 9i)

  What the proposed solution to secure parameters send over http.
  Let's take the example of a report which take a user parameter called 'secret_id'; I'd like to send over http a request dynamically construct from a servlet (or a jsp) which should look like:
  http://myserver:8888/reports/rwservlet?report=test.jsp+destype=cache+server=r90srv+desformat=pdf+secret_id=25568+userid=too/foo@pdde
  And of course I'd like to send userid and secret_id in a secure way.
  Is using SSL enough ?
  Is there some encryption mechanism available (think there was some thing in reports 3) ?
  Can we use hidden parameters ? And how would it be done ?
  Many thanks for any Hint / idea / recommendation.

  Well... got the same question ?
  Needs a solution for making a servlet, with hidden parameters and session identifiers to build the query string - how is this possible ???
  Anyone knows ? - it would be a big help.
  PS: seen the TextPDS, but neds an example with database connection.

• How do I invalidate the cache in the JCos on EP Portal.

  How do I invalidate the cache in the JCos on EP Portal.

  hi michael,
  for NW7.3+ environmnet this can be done via the netweaver administrator ( http://host:port/nwa).
  you can find the function under "Availablity and Performance" - "Resource Monitoring" - "JCo Monitoring" - "Metadata Cache". there you have the possibility to clear the cache for an abap application server and/or a special structure from it.
  regards,
  christian

• What is the HTTP caching flowchart/logic in Firefox?

  Hello,
  I am configuring a reverse HTTP proxy and I am trying to optimize it as much as possible. I found the following article which was written on Oct. 9, 2002 and it describes the HTTP caching logic in Firefox.
  http://www-archive.mozilla.org/projects/netlib/http/http-caching-faq.html
  However, the article is pretty old and I don't think that Firefox uses the same flowchart in the latest versions of the browser. Do you know how exactly Firefox caches certain object. What I mean is does FF check the Cache-control header first and then the Expires header and finally the Last-Modified. What happens if there are both Cache-control header and Expires header?
  Kind Regards,
  Daniel K.

  WebLogic Server is a single java process, that has two listen ports, one SSL
  and non-ssl.
  These two ports use protocol discrimination to handle multiple protocols on
  a single port.
  NON-SSL --> http, t3 (proprietary rmi protocol), iiop
  SSL --> https, t3s, iiops
  So WebLogic comes with a build in Webserver. Or you can use a third party
  webserver in front of WLS with plugin to proxy to WLS.
  See;
  http://edocs.bea.com/wls/docs81/plugins/
  Cheers
  mbg
  "Manoj" <[email protected]> wrote in message
  news:3edb0ba5$[email protected]..
  >
  Is the built-in web server in weblogic Apache or is it some other httpserver that
  BEA owns ?

• Unable to FInd HTTPS port in SMICM

  Hi,
  I'am trying to work on HTTPS .When i check on SMICM->Goto->Services i'am unable to find HTTPS service.
  I did all this steps
  1. From SAPGUI, run rz10
  2. Add the parameter such as "PROT=HTTPS, PORT=443, TIMEOUT=9000" for icm/server_port_3.
  You may use smcim->goto->parameters->display to check how many icm/server_port_<xx> already been defined and use next integer.
  3. Save and activate the changes
  4. Shutdown SAP system
  5. go to c:\usr\sap\<sid>\SYS\profile, copy the changes from default.pfl to default.
  6. Start SAP system.
  but still i'am unable to find HTTPS service in SMICM.
  Please guide me how to create this service.
  With Regards,
  Pradeep.B

  ERROR => DlLoadLib()==DLENOACCESS - dlopen("/usr/sap/HRQ/SYS/exe/run/libsapcrypto.so") FAILED
  .1: icman: fatal: /usr/sap/HRQ/SYS/exe/run/libsapcrypto.so: open failed: No such file or directory"  [dlux_mt.c    445]
  ERROR => secudessl_LoadLibrary(): Unable to load "/usr/sap/HRQ/SYS/exe/run/libsapcrypto.so" [ssslsecu_mt. 387]
  ERROR => Loading of SSL library failed    NO SSL available!
  =================================================
  <<- ERROR: SapSSLInit(read_profile=1)==SSSLERR_LIB_NOT_FOUND
  ERROR => IcmIActivateService: SapSSLInit (rc=-1): SSSLERR_LIB_NOT_FOUND [icxxserv_mt. 737]
  ERROR => IcmHandleMonServMsg: IcmActivateService failed for 8443, 2(rc=-14) [icxxmsg_mt.c 1872]
  Fri Apr 30 04:55:45 2010
  Am getting the above error when activating HTTPS service in SMICM, please help

• Invalidate EJB Caching

  Hi
  I'm using Sun Application Server 8, where i'm deploying some CMPs
  I was wondering how can i Invalidate the Cache SAS8 makes for each of my CMPs
  In Caucho i can do this
  com.caucho.ejb.admin.EJBAdmin.invalidateCache()
  In WebLogic i have
  public void invalidate(Object pk) throws RemoteException;
  public void invalidate (Collection pks) throws RemoteException;
  public void invalidateAll() throws RemoteException;
  How can i do it in SAS8 ?
  Thanks

  Can you explain what use-case you're trying to support? Are you talking about invalidating a cache within a transaction or outisde of a transaction? Our EJB 2.x CMP implementation doesn't use a non-transactional JVM-specific cache so there's no need for the application to invalidate anything. Each new transaction will have the latest view of the database.
  The only place in App Server 8 where we use a non-transactional cache is for our Read Only Bean feature.
  --ken                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                               

• ABAP HTTP cache refresh

  Hi-
  What role is required for an Integration Server (ABAP) HTTP cache refresh?
  This is accessible if you go to XI Administration -> Cache Overview and click on Full Cache Refresh for INTEGRATIONSERVER_. It calls this URL.
  http://hostname:8000/sap/xi/cache?sap-client=800&mode=F
  XISUPER has all SAP_XI* roles. I get a "403 Forbidden" unless I include SAP_ALL.
  Thanks,
  J Wolff

  Hi,
  Check this document:
  https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/1a69ea11-0d01-0010-fa80-b47a79301290
  Also verify if the user has such roles:
  SAP_XI_ID_SERV_USER
  SAP_XI_IS_SERV_USER
  SAP_XI_IR_SERV_USER
  Regards,
  Wojciech

• Programatically disabling the HTTP cache in the JVMlt

  How do I programatically disable the HTTP cache in the JVM that is being used by the URLConnection classes?

  Working through the HTTP request properties did the trick, but I actually used the if-modifed-since property, which was more appropriate for me for a number of reasons.
  Edited by: beuchelt on Nov 25, 2008 9:02 PM

• What parameter control the HTTP port at SMICM?

  We need to adjust the HTTP port at SMICM.
  Currently it is wrong.
  We compare 2 systems by running RSPARAM but cannot tell
  which parameter control the HTTP port.
  Please help. Thanks a lot!

  Hi Jennifer,
  Please check the address, below;
  http://help.sap.com/saphelp_nw70/helpdata/EN/61/f5183a3bef2669e10000000a114084/frameset.htm
  "icm/server_port_<xx>" parameter indicates the HTTP port #.
  Best regards,

• Pacman transparent HTTP cache

  Hey all,
  I'm a fairly new Arch user, and to be honest, a fairly new Linux user in general. Over the years I tried so many times to make the transition from Windows to Linux and after finding Arch, I felt it was finally time, but I digress...
  I now run 2 Arch machines here and one Arch virtual machine, but I found myself with a little problem. Having 3 machines meant that it required either 3 times the bandwidth to keep them updated, or a lot of hassle with copying packages around the network. I even experimented with using the Pacman cache directory on an NFS share, but none of these were acceptable to me.
  So this afternoon I sat down and coded a solution I was happy with.
  I run a small Linux server here, Debian based, which serves as a small file server to the local network and also hosts a few services for myself and a friend. This server also runs Lighttpd which I use for developing with PHP and Perl.
  The idea was that this machine would be a mirror for Arch to update from, but I didn't want to mirror everything, just those packages which I used. After much searching through Google I discovered someone who had done something similar for Debian based distributions, apt-cache. It's essentially a small web-server which, when queried for a package, first checks it's local cache, and if it doesn't find the file, it downloads it from an official mirror, both storing it locally and sending it to the client.
  I've never coded in Java personally and I didn't want to have 2 web-servers running when one would suffice, so I set about coding something similar in PHP.
  The end result is 130 lines of code, and a url.rewrite rule, which achieves exactly what I was after. It works like this:
  1) Pacman requests a file from the local server
  2) Local server checks to see if it has the file
  3a) Local server cannot find the file so it requests it from an Arch mirror
  4a) The file is simultaneously downloaded, written to disk and sent to Pacman.
  3b) Local server has the file
  4b) The file is sent to Pacman
  The end result is a transparent cache which will only have to download the file once. An example of the speed increase is as follows:
  # pacman -S --downloadonly kernel26
  kernel26 21.7M 806.4K/s 00:00:28
  # rm /var/cache/pacman/pkg/kernel26-2.6.21.5-1.pkg.tar.gz
  # pacman -S --downloadonly kernel26
  kernel26 21.7M 8.5M/s 00:00:03
  As you can see, after the package was cached on the server, it didn't need re-downloading and as such it transferred to the local machine at LAN speeds.
  My mirror entries for the repositories looks like this:
  Server = http://192.168.0.1/pacman-cache/pkg/current/os/i686/
  Server = http://192.168.0.1/pacman-cache/pkg/extra/os/i686/
  etc....
  So, my question is this; would anyone out there be interested in the code? Right now it still needs a lot of work before it could be made public as there's very little error checking; I need to handle unexpected conditions like a broken download, and I also have to add handling to deal with the db.tar.gz files being updated, but as and when I feel it's ready would anyone use it?
  I'd appreciate any input anyone felt like sharing, even feature requests =^.^=
  PS: I hope this is in the right sub-forum... I didn't think it belonged in the actual Pacman forum, but if it did, apologies!

  Just a little update
  I solved the timeout problem. It wasn't a misconfiguration but rather a bug in the code that was causing it to stall randomly when retrieving a remote package, it'll now happily retrieve multiple packages without a problem.
  The following new features have been added since I last posted:
  Logging support
  It's a little primitive, but it works. The location of the log file is customizable so it should be possible for logrotate to work with it, hence I've not added any rotation system of my own.
  Setup support
  The cache script now functions correctly when initially installing Arch via the /arch/setup script. I've run it through once or twice, but it could do with further testing.
  Testing & Unstable repository support
  Self explanatory really
  Currently the script only supports the i686 architecture (due to some hard-coded paths), I'd need to do some recoding to support x86_64 as well, it's something I'm considering, assuming I can get VMWare to run a 64bit Arch install. Resuming is still on the "maybe" pile as I'm still trying to come up with a way of coding it cleanly, it's a case of trying to balance effort vs reward on this one.
  I'm also currently working on a quick-and-simple administration interface for the cache. It should let you see what files are cached, remove selected ones or an entire repository worth of cache. Perhaps even have the ability to verify the local files against the md5 summary files I build. It's in the early stages right now, but it'll hopefully be complete in the near future.
  Overall it works very well and depending on how many bugs I run into when giving it a real test, I should be able to release it here in the not-too-distant future, then anyone who's interested can play with it and perhaps improve it beyond my original design.

• Securing Web Applications by HTTP Basic Authentication

  We are working on providing security for web applications in Webdynpro.We downloaded the material from net regarding this.In that it was mentioned to open the webdynpro project's web.xml file in the Netweaver Developer Studio.In the material,we are asked to click the General  TAb and check "Login Configuration".But there is no such checkbox in our general tab screen.Also many tabs are missing like Context,Resources,mapping,Environment,EJB's,Web objects.How to enable/display these tabs?Is there any means of setting properties in the server to get these tabs?
  regards,
  J.Iswaryal
  K.Brinda

  Hi J.Iswaryal,
  I guess two things based on your post.
  1. You have created one wer service and you want to make secure this web service using HTTP basic authentication.
  2. You have such wweb service and you want to consume this web service lets say in webdynpro application.
  <b>For, point one,</b>
  After creating web service goto webservice perspective in NWDS. there, choose your web service project.
  Now, open Web service configuration file recided in your project.
  Here, go under config1-> security and double click on it.
  It will display security options for this web service.
  Choose transport protocol as HTTP, Authentication mechanism as HTTP authentication and choose Basic radio button.
  Now, save this, rebuild this and deploy on server.
  <b>For point 2,</b>
  Make model for your web service.
  before calling your web service, set your username and password in code as shown below.
  wdContext.current<web service model node>element().modelobject()._setusername(<username>);
  wdContext.current<web service model node>element().modelobject()._setPassword(<password>);
  Rehards,
  Bhavik

• How to publish a file as secure content, i.e https: ??

  https: ??

  Hey there,
  Animate doesn't publish to HTTPS, but this is something you can control on your own when uploading to a secure server. Also be aware that the Animate runtime is served over HTTP so you'll have to upload this component to serve from your server as well.
  Sarah

• Air application throws security alert every time 'HTTPS' request made to server.

  Have a look at the following screenshot.
  On click of next button, application internally sends an https request. Appliction throws Security Alert dialog. The text can also be seen clearly.
  Strange thing about this alert dialog is that, it appears every time when application send a request in given session.
  If I run the same thing in flex (i.e. in browser), it asks for SSL handshake and that is also only once. So why it is happening here in case of Air.
  Regards,
  Prithvee Zankat.

  Back up all data. From the Safari menu bar, select
  Safari ▹ Reset Safari...
  Check these boxes:
  Clear history
  Remove all website data
  Uncheck all other boxes. Press return. Test.
  If Safari crashes immediately on launch and you can't do as above, hold down the shift key and launch it by clicking its icon in the Dock, then try. Failing that, ask for guidance.

• Signing or securing XML sent via https

  Hi there,
  I have designed a form which uses Javascript to submit XML via https to a server.  The https provides the appropriate transport level security, but is there a way to sign or encrypt the xml sent using Javascript?
  Thanks!

  Hi Paul,
  Is there a way that I can sign the content for a single pdf?  I would just like to secure the submission of the XML using a single encryption method even though several different clients will use the pdf for submission purposes.
  Also, I have placed a normal button on the form and written Javascript on the click method of the button which validates the form (according to the business logic which I need to perform) and then, upon successful validation, submit the form using this command:
  event.target.submitForm({cURL
  : URL, cSubmitAs:"XML"});
  The submission works using Reader 8, but can I add a cert or some security mechanism into the submitForm method to help ensure the validity of the XML content?
  Thx.
  Roy

• Security Data : No WS-Security Header - UTL_HTTP for HTTPS calls -Oracle 9i

  Hello,
  I have a SOAP requests to transmitt a on the fly parsed XML file to UTL_HTTP to connect to a SSL connection. Oracle Wallet is installed and connectivity is working as expected. However, in the SOAP response I am getting
  Security Data : No WS-Security Header I am not sure what I am missing? How can I resolve this error?
  Below is the SOAP response that shows this error.
  <?xml version="1.0" encoding="utf-8" ?>
  - <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
  - <soap:Header>
  - <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
  - <wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Timestamp-17449452">
    <wsu:Created>2010-11-20T05:03:40.568Z</wsu:Created>
    </wsu:Timestamp>
    </wsse:Security>
    </soap:Header>
  - <soap:Body>
  - <soap:Fault xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:c="urn:schemas-asource-com:transaction-data-1.0">
    <faultcode>wsse:InvalidSecurity</faultcode>
    <faultstring>Security Data : No WS-Security Header</faultstring>
    </soap:Fault>
    </soap:Body>
    </soap:Envelope>Below is my compete code that generated above response.
  BEGIN
           soap_request :=
                 '<?xml version="1.0" encoding="utf-8"?>
                     <SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
  xmlns:ns1="urn:schemas-asource-com:transaction-data-1.31">
  <SOAP-ENV:Header xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wsswssecurity-
  secext-1.0.xsd">
  <wsse:Security SOAP-ENV:mustUnderstand="1">
  <wsse:UsernameToken>
  <wsse:Username>NPCOMMERCE_DEV</wsse:Username>
  <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wssusername-
  token-profile-1.0#PasswordText">Il/vJa0jat7929f8xxklPjYZIMy5eBCqBMILeGaC+E/1NfIWv+I2KfgghlhkSOaN6rme70OQHEo3e4LJMlWvfC7UfYaN9bqyQwYACmrDFpoiQYCOS+XLnRshhLHMio5VY4+P3C/25tCEH4lBAMRjP1LmjIvZI/h4YJ/65x8OQrqO7tdggZ/KAgvOiNc1GSU+NhkgzLl4EKoEwgt4ZoL4T/U18ha/4jYp+CCGWGRI5o3quZ7vQ5AcSjd7gskyVa98LtR9ho31urJDBgAKasMWmiJBgI5L5cudGyGEscyKjlVjj4/cL/bm0IQfiUEAxGM/UuaMi9kj+Hhgn/rnHw5Cug==</wsse:Password>
  </wsse:UsernameToken>
  </wsse:Security>
  </SOAP-ENV:Header>'
              || '<SOAP-ENV:Body>'
              || '<ns1:requestMessage>'
              || '<ns1:merchantID>'
              || 'ACOMM_DEV'
              || '</ns1:merchantID>'
              || '<ns1:merchantReferenceCode>'
              || lv_sequence
              || '</ns1:merchantReferenceCode>'
              || '<ns1:billTo>'
              || '<ns1:firstName>'
              || p_cc_holder_name_first
              || '</ns1:firstName>'
              || '<ns1:lastName>'
              || p_cc_holder_name_last
              || '</ns1:lastName>'
              || '<ns1:street1>'
              || 'XXX Charleston Road'
              || '</ns1:street1>'
              || '<ns1:city>'
              || 'Mountain View'
              || '</ns1:city>'
              || '<ns1:state>'
              || 'CA'
              || '</ns1:state>'
              || '<ns1:postalCode>'
              || '94043'
              || '</ns1:postalCode>'
              || '<ns1:country>'
              || 'US'
              || '</ns1:country>'
              || '<ns1:email>'
              || '[email protected]'
              || '</ns1:email>'
              || '</ns1:billTo>'
              || '<ns1:item id="0">'
              || '<ns1:unitPrice>'
              || 12.34
              || '</ns1:unitPrice>'
              || '<ns1:quantity>'
              || 2
              || '</ns1:quantity>'
              || '</ns1:item>'
              || '<ns1:purchaseTotals>'
              || '<ns1:currency>'
              || 'USD'
              || '</ns1:currency>'
              || '</ns1:purchaseTotals>'
              || '<ns1:card>'
              || '<ns1:accountNumber>'
              || 111111111111111
              || '</ns1:accountNumber>'
              || '<ns1:expirationMonth>'
              || 12
              || '</ns1:expirationMonth>'
              || '<ns1:expirationYear>'
              || 2020
              || '</ns1:expirationYear>'
              || '</ns1:card>'
              || '<ns1:ccAuthService run="true"/>'
              || '</ns1:requestMessage>'
              || '</SOAP-ENV:Body>'
              || '</SOAP-ENV:Envelope>';
        EXCEPTION
           WHEN OTHERS
           THEN
              errx := SQLERRM;
              raise_application_error (-20003, errx);
        END;
        BEGIN
           UTL_HTTP.set_wallet
                              ('file:/p01/oracle/prj1db/9.2.0/appsutil/wallet',
                               'p4ssword'
        EXCEPTION
           WHEN OTHERS
           THEN
              errx := SQLERRM;
              raise_application_error (-20004, errx);
        END;
        BEGIN
           http_req :=
              UTL_HTTP.begin_request ('https://rvcotest.ss.com/commerce/999/tProcessor',
                                      'POST',
                                      'HTTP/1.1'
        EXCEPTION
           WHEN OTHERS
           THEN
              errx := SQLERRM;
              raise_application_error (-20005, errx);
        END;
        BEGIN
           UTL_HTTP.set_header (http_req, 'Content-Type', 'text/xml');
           UTL_HTTP.set_header (http_req,
                                'Content-Length',
                                LENGTH (soap_request)
           UTL_HTTP.set_header (http_req,
                                'SOAPAction',
                                'xmlns="urn:rvcotest.ss.com/commerce/999/tProcessor"'
        EXCEPTION
           WHEN OTHERS
           THEN
              errx := SQLERRM;
              raise_application_error (-20006, errx);
        END;
        BEGIN
           UTL_HTTP.write_text (http_req, soap_request);
           http_resp := UTL_HTTP.get_response (http_req);
           UTL_HTTP.read_text (http_resp, soap_respond);
           UTL_HTTP.end_response (http_resp);
        EXCEPTION
           WHEN UTL_HTTP.end_of_body
           THEN
              UTL_HTTP.end_response (http_resp);
           WHEN OTHERS
           THEN
              errx := SQLERRM;
              raise_application_error (-20007, errx);
        END;

  Thank you Fahd for quick response.
  I have gone through the note. So, it seems that I have to put a Header tag with username and password. But such tag definitions do not exist neither in my WSDL nor in my XSD that gets validation on destination server. In that case what do I do? :(
  -R