Security Application
dear all,
I design a system, that need security activiti, i am new in java programming, please tell me how to built security web base in java. is tom cat can handle server security?? please sorry, because I'm new in programning.
thanks
How would a security app stop your brothers disturbing you?
Similar Messages
-
Error while running a Secured Application
Hi all,
we have created an application with a single page, which works fine when we run the same. But if security is enabled for the application, following exception is being thrown:
<Mar 9, 2011 4:17:51 PM IST> <Error> <Deployer> <BEA-149265> <Failure occurred in the execution of deployment request with ID '1299667669178' for task '2'. Error is: 'java.lang.NoSuchFieldError: RESOURCE_NAME_EXPRESSION'
java.lang.NoSuchFieldError: RESOURCE_NAME_EXPRESSION
at oracle.security.jps.internal.policystore.entitymanager.impl.PermissionSetManagerImpl.getResourceNameExpressionQuery(PermissionSetManagerImpl.java:2448)
at oracle.security.jps.internal.policystore.entitymanager.impl.PermissionSetManagerImpl.checkPermissionSetSearchQuery(PermissionSetManagerImpl.java:2464)
at oracle.security.jps.internal.policystore.entitymanager.impl.PermissionSetManagerImpl.getPermissionSets(PermissionSetManagerImpl.java:2414)
at oracle.security.jps.internal.tools.utility.destination.apibased.JpsDstPolicy.clone(JpsDstPolicy.java:935)
at oracle.security.jps.internal.tools.utility.destination.apibased.JpsDstPolicy.migrateData(JpsDstPolicy.java:442)
Truncated. see log file for complete stacktrace
Caused By: java.lang.NoSuchFieldError: RESOURCE_NAME_EXPRESSION
at oracle.security.jps.internal.policystore.entitymanager.impl.PermissionSetManagerImpl.getResourceNameExpressionQuery(PermissionSetManagerImpl.java:2448)
at oracle.security.jps.internal.policystore.entitymanager.impl.PermissionSetManagerImpl.checkPermissionSetSearchQuery(PermissionSetManagerImpl.java:2464)
at oracle.security.jps.internal.policystore.entitymanager.impl.PermissionSetManagerImpl.getPermissionSets(PermissionSetManagerImpl.java:2414)
at oracle.security.jps.internal.tools.utility.destination.apibased.JpsDstPolicy.clone(JpsDstPolicy.java:935)
at oracle.security.jps.internal.tools.utility.destination.apibased.JpsDstPolicy.migrateData(JpsDstPolicy.java:442)
Truncated. see log file for complete stacktrace
>
<Mar 9, 2011 4:17:51 PM IST> <Warning> <Deployer> <BEA-149004> <Failures were detected while initiating deploy task for application 'DSDemo [Version=V2.0]'.>
<Mar 9, 2011 4:17:51 PM IST> <Warning> <Deployer> <BEA-149078> <Stack trace for message 149004
java.lang.NoSuchFieldError: RESOURCE_NAME_EXPRESSION
at oracle.security.jps.internal.policystore.entitymanager.impl.PermissionSetManagerImpl.getResourceNameExpressionQuery(PermissionSetManagerImpl.java:2448)
at oracle.security.jps.internal.policystore.entitymanager.impl.PermissionSetManagerImpl.checkPermissionSetSearchQuery(PermissionSetManagerImpl.java:2464)
at oracle.security.jps.internal.policystore.entitymanager.impl.PermissionSetManagerImpl.getPermissionSets(PermissionSetManagerImpl.java:2414)
at oracle.security.jps.internal.tools.utility.destination.apibased.JpsDstPolicy.clone(JpsDstPolicy.java:935)
at oracle.security.jps.internal.tools.utility.destination.apibased.JpsDstPolicy.migrateData(JpsDstPolicy.java:442)
Truncated. see log file for complete stacktrace
Caused By: java.lang.NoSuchFieldError: RESOURCE_NAME_EXPRESSION
at oracle.security.jps.internal.policystore.entitymanager.impl.PermissionSetManagerImpl.getResourceNameExpressionQuery(PermissionSetManagerImpl.java:2448)
at oracle.security.jps.internal.policystore.entitymanager.impl.PermissionSetManagerImpl.checkPermissionSetSearchQuery(PermissionSetManagerImpl.java:2464)
at oracle.security.jps.internal.policystore.entitymanager.impl.PermissionSetManagerImpl.getPermissionSets(PermissionSetManagerImpl.java:2414)
at oracle.security.jps.internal.tools.utility.destination.apibased.JpsDstPolicy.clone(JpsDstPolicy.java:935)
at oracle.security.jps.internal.tools.utility.destination.apibased.JpsDstPolicy.migrateData(JpsDstPolicy.java:442)
Truncated. see log file for complete stacktrace
>
[04:17:51 PM] #### Deployment incomplete. ####
Any help on this regard would be greatly appreciated.
Thanks in advance,
RaghuHi,
By secured application, i mean, i have configured security in the Application and ran it in the jdev. The same app was running smoothly without enabling the security.
Thanks,
Raghu -
All applications I try to open from my desktop ,where I used FIREFOX to open them...crash when trying to open. I tried to re-install FIREFOX, but my security application shut it down as a 'malicious threat'.
What's going on?Thanks, I deleted a bunch of apps and some other TV shows I had on there. All of the other movies have an active download button so there is room for other movies, just not that one for some reason...weird!
-
Juniper Java Secure Application Manager does not work with Snow Leopard
Anyone else having issues as well? I'm not using a client - its basically the Java based application manager for VPN connections to work (so I can remote desktop to my work PC).
Once logged in, it gives a "Restart your browser" error.
Thanks for your helpOK - so I got it to work. Here's what I did. Let me know if it works for you:
I wasn't able to follow the instructions exactly as noted in the original link I posted above.
The terminal command, specifically wget would not work - there is no wget.
I manually downloaded the Java 1.5 version, by following the link (just clicked on it). I 'unzipped' it and moved it into the library/frameworks/JavaVM.framework/versions folder.
So now the 1.5.0 is not an alias (as it is by default in SL), but the older version of Java.
I then followed the instruction related to changing the order in JAVA PREFERENCES.
The final stop - and I think this is key, is that I forced Safari to start in 32 bit mode. You can do this by going to Applications, highlighting Safari and hitting CMD-I. Then check the 32 bit option.
Start Safari, go to the appropriate URL and login. The Java Secure Application Manager should then start as it used to do in Leopard. You should be all set.
Hope this helps - let me know if someone has questions. -
Internet security applications for XP - which one?
I'm about to do boot camp and add XP. Once I've turn the machine into a windows PC I'll need to have some anti-virus, firewall and all that. Don't trust XP's own offering.
Which is the most compatible internet security application when using Boot Camp and/or VMware Fusion? Has anyone got an 'avoid this' recommendation?
Thanks for any ideas.For 10 yrs I've said, "avoid Norton" but I have to admit that Norton Internet Security 2008 really is good, a complete ground-up rewrite and works very well and I'm not even aware it is there unless I want to. Working.
AVG Suite was annoying, in your face, and why I had to find a replacement. It just bogs system down and always asking or telling you and wants to put a notification up (which goes away after 30 seconds).
Real-time AV applications - for viral malware.
Do not utilize more than one (1) real-time anti-virus scanning engine.
Disable the e-mail scanning function during installation (Custom
Installation on some AV apps.) as it provides no additional protection.
http://www.oehelp.com/OETips.aspx#3
Some experts believe that scanning incoming and outgoing mail causes e-mail file corruption.
Avira AntiVir® PersonalEdition Classic - Free
http://www.free-av.com/antivirus/allinonen.html
Free antivirus - avast! 4 Home Edition
http://www.avast.com/eng/avast4home.html
(Choose Custom Installation and under Resident
Protection, uncheck: Internet Mail and Outlook/Exchange.)
AVG Anti-Virus Free Edition
http://free.grisoft.com/
On-demand AV application.
(add it to your arsenal and use it as a "second opinion" av scanner).
BitDefender10 Free Edition
http://www.bitdefender.com/PRODUCT-14-en--BitDefender-8-Free-Edition.html
A-S applications - for non-viral malware.
The effectiveness of an individual A-S scanners can be wide-ranging and
oftentimes a collection of scanners is best. There isn't one software that
cleans and immunizes you against everything. That's why you need multiple
products to do the job i.e. overlap their coverage - one may catch what
another may miss, (grab'em all).
SuperAntispyware - Free
http://www.superantispyware.com/superantispywarefreevspro.html
Ad-Aware - Free
http://www.lavasoftusa.com/products/adawarefree.php
http://www.download.com/3000-2144-10045910.html
Spybot Search & Destroy - Free
http://www.safer-networking.org/en/download/index.html
Windows Defender - Free (build-in in Vista)
http://www.microsoft.com/athome/security/spyware/software/default.mspx
Interesting reading:
http://www.pcworld.com/article/id,136195/article.html
"...Windows Defender did excel in behavior-based protection, which detects
changes to key areas of the system without having to know anything about
the actual threat."
A clarification on the terminology: the word "malware" is short for
"malicious software." Most Anti-Virus applications detect many types of
malware such as viruses, worms, trojans, etc.
What AV applications usually don't detect is "non-viral" malware, and the
term "non-viral malware" is normally used to refer to things like spyware
and adware.
Some more useful applications:
Spyware Blaster - Free
http://www.javacoolsoftware.com/spywareblaster.html
Rootkit Revealer - Free
http://www.microsoft.com/technet/sysinternals/Utilities/RootkitRevealer.mspx
Crap Cleaner - Free
http://www.filehippo.com/download_ccleaner/
If Windows Defender is utilized go to Applications, under Utilities
uncheck "Windows Defender".
CW Shredder - Free
http://www.softpedia.com/get/Internet/Popup-Ad-Spyware-Blockers/CWShredder.shtml -
Secure Application Roles in SE.
I’m looking for ideas to implement or replicate the behavior of “Secure Application Roles” feature of EE in SE.
Any help/sample are welcome!
Thanks,
Diego.Unfortunately there are features from the kernel that prevent the use of Application Roles in a Standard Edition. You must upgrade to a Enterprise Edition.
~ Madrid -
System security application addon
What is "System security application 1.0" addon? Is it firefox software? Why it's getting installed after i've remvoed it?
it sounds like malware - please run a full scan of your system with the security software already in place and different tools like the [http://www.malwarebytes.org/products/malwarebytes_free free version of malwarebytes], [http://www.bleepingcomputer.com/download/adwcleaner/ adwcleaner] & [http://www.microsoft.com/security/scanner/default.aspx microsoft safety scanner].
[[Troubleshoot Firefox issues caused by malware]] -
I've started testing the Cisco OnPlus Advanced Security Application. It states that it is free for a limited time. However I don't see how long that "limited time" is and I also don't see any information about costs, skus, etc. for maintaining the subscription. Any assistance would be appreciated. Thank you.
As an update to this, I spoke with some of my contacts at Cisco. From what I understand, there aren't currently any plans to make the Cisco OnPlus Advanced Security Application a "pay for" service. It might be one day but at this time it should continue to work without expiration.
-
"security" application package to CLEAN the widely "known" Malicious code?
Professionally & Personally - I use, make, and Read many PDF files daily [reports, documents, & books]; I have many "many" thousands of PDF documents in my Archives.
A. Background:
1. I have heard, since Acrobat 5, many security specialist have deemed JAVA as a THREAT; and PDF as a security concern! Recently Reported Home Land Security has deemed JAVA as an on-going "continuing high threat", in spite of se7u11; reported that DHLS expressed that 28% of reported ATTACKS were from Adobe Acrobat PDF files embedded user malicious software code [ever growing numbers of attacks]. <PDF security is a major growing DOD concern!>
2. To my great surprise from "IT" professional who disabled JAVA in his Department's systems, the current Security Software and specific program updates offer no real solution or resolutions to this ongoing security problem. I understood that Virus and Trojan Checkers do not check malicious software code hidden inside PDF files, and software updates do not remove or make safe the malicious software code in the actual PDF – thus it remains a potentially very DISTRUCTIVE-DATA-BOMB just setting in your databases awaiting to be activated at some future date.
3. "This is very tedious and time consuming!" I have since disabled JAVA in my Adobe Acrobat and run each PDF through "PDF OPTIMIZER" - Discarding all User Data, User Objects, and especially User JAVA Codes – and disable my LAN internet connection -- before utilizing it. I don’t know if this is of any good or not – but I feel safer.
B. PROBLEMS & QUESTIONS (I’ve given each question its own string to assist with preventing confusion)!
4. CLEAN OLD FILES! Has Abode Acrobat issued stand alone "security" application package to CLEAN the widely "known" Malicious code or attack internet sites from PDF files? I was informed that Security Software doesn't perform this specific function inside PDF files. Does Adobe have a similar Microsoft Windows Malicious Software Removal Tool? What is Adobe's solution?Hello George Johnson
I do so appreciate your assistance…
Although I have used in business and own computers since the 1970’s [built one myself from a kit in 79], I’ve not had to concern myself with programming since, DOS, Lotus/IBM/Apple Basic and COBAL --- especially after XP release I gave up even trying to figure what each does. I did not mean to offend as to which specific JAVA version and/or product is the problem, since I personally have no CLUE – and today totally depend upon goodwill of smart guys like you.
Specifically why recently DHLS [IT security folks and DOD for many years] is saying that Malicious Software code in PDF files is such a big threat and responsible for 28% of the systems attacks I do not know the technicalities or reasoning of these assertions – except it had something to do with JAVA CODE/JavaScript[?] contained inside the actual PDF which virus software doesn’t detect or destroy? I do not know if it is the Additional CODE placed inside the PDF by the bad actor and/or the changing of actual Adobe Program Code is the problem? I may be chasing may tail!
My biggest concern for many years into the future -- is protecting my very large PDA database/Archive, multiple Systems, my personal information, and to try to the best of my ability to not pass PDF having within it Malicious Software CODE [JAVA CODE/JavaScript?] put into it by a bad actor.
Since my PDF database Archives [and back-ups] is many terabytes – it is impossible to “import” each PDF into Acrobat and run PDF Optimizer (removing Adobe known user placed codes and data) – as I am doing now – much less trying to figure out what else I should check for within the PDF file or the ever increasing updates, changes, versions of plugging the hole in the dikes…..
So George, back to my question, Has Abode Acrobat issued stand alone "security" application package to CLEAN the widely "known" Malicious code or attack internet sites from PDF files? [You know 28% DHLS & DOD is talking about.] I was informed that Security Software doesn't perform this specific function inside PDF files. Does Adobe have a similar Microsoft Windows Malicious Software Removal Tool? What is Adobe's solution?
Thank you so very much for your knowledge, help, and interest. -
How to login secured application programmatic way?
Hi All,
I am using JDeveloper 11.1.1.6 .
My Scenarios I have username and password I need to login in the application programmatic way.I tried with the
JAASAuthenticationService jas = new JAASAuthenticationService();
jas.login("UserName", "Password");
But that is not working .How to login the secured application programmatic way ?
Thanks..Can you try this?
public void login(String pUsername, String pPassword)
AuthenticationService vAuthenticationService =
AuthenticationServiceUtil.getAuthenticationService();
vAuthenticationService.login(pUsername, pPassword);
public void logout()
AuthenticationService vAuthenticationService =
AuthenticationServiceUtil.getAuthenticationService();
vAuthenticationService.logout();
Gud luck!
-- HA -
Security applications, ipfw, intrusions
I have set up an airport extreme network, my MacPro is connected by cable to AE base station. I use AE base station to let Macbooks in my house to connect to the internet. I also use a BlueTooth keyboard. My MacPro's airport is usually off (because it's connected to AE by cable).
Yesterday, by coincidence, I noted my HD spinning wildly and a very high level of network outbound traffic on my activity monitor. I was kind of frightened that somebody was copying data from my HD and physically disconnected my MacPro from AE.
I checked my firewall log and found a lot of ipfw entries, but none at the time when I observed the above behaviour:
...Stealth Mode connection attempt to UDP...etc
...Stealth Mode connection attempt to TCP...etc
...35000 Deny UDP 0.0.0.0:68 255.255.255.255:67 in via en0
My question is, how secure is:
1) Apple's ipfw
2) AE base station's supposedly built-in firewall
3) do Macs need additional firewall software in your experience?
My yesterday's MacPro settings were:
Personal file sharing ON (everything else OFF, except itunes, iphoto, network time)
Stealth mode enabled
My AE Base Station settings are:
Hidden network
Password
MAC set to allow only registered computers
Any security hints and suggestions as to powerful third party security applications are appreciated.hi,i confront the same question
-
Jdev 10.1.3.1 "ADF Security": Application without a custom login page?
Hi,
We are trying to develop an application using "ADF security", which means we can give permissions to certain roles based on "Binding Container", "Iterator Binding", "Method Action Binding" and "Attribute-level Binding".
After reading the document -- "Oracle® Containers for J2EE Security Guide 10g (10.1.3.1.0) B28957-01" that Frank pointed out. We have a question:
Can we develop an ADF application without creating a custom login page? Right now we've followed the security guide and modified the configuration files. But when we run the application, we get the "user null" error message. The reason is clear because we do not have a login page. On the security guide, it says that it is possible to use the oracle default login module. But it does not say how. Does anyone have any idea?
Thanks,
AnnieBrenden,
Thank you so much for the reply. This is our code in the web.xml:
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>default</realm-name>
</login-config>
We are using HTTP basic Authentication. This technique worked for the container-managed security. The browser default login page pops up when the end users try to log into a secured JSP. But here we want to use "ADF security" to set up "Iterator binding" and "Attribute level binding" security. The browser default login page does NOT show up. Instead we get the "user null" error message.
If you have detailed step on how to select HTTP Basic Authentication, it would be very helpful to us. Or if you know any document has the detail.
regards,
Annie -
Securing applications communications running in the same server
Hi everybody,
I want to share critical information between two applications (medical information about patients) using JMS queues, moreover due to this criticity i was planning to secure this communication using SSL. The problem is that one of the client applications, because of his architecture, have problems when accessing the JMS queues.
But I have to say that both applications will run in the same server (physical machine), knowing that, what kind of security problems could we encounter if, finnally we don't cypher the communication?
I guess that the danger is lower than if the two applications would run in different machines, wouldn't it?
Thanks!!!hi,
add crossContext="true" in server.xml under tomcatx.x\conf\ in your <Context tag -
Managing sessions in a "secure" application
Right now I'm working on securing part of a ColdFusion 9 site with some more robust security. I use the basic cflogin / cflogout system for handling logins that is described in most Adobe tutorials online.
What I'd like to do is the following:
Be able to see what user has an active session (who is logged in)
Log out a user remotely (say you want to ban someones account and have that happen immediately)
Block accounts from having multiple sessions at once (i.e. no account sharing)
Are there any guides for this stuff? I read an article from a couple years ago that showed how to see who is logged in, but I think its probably out of date.Hi,
Here is the approach I'd think about taking...
See which users have an active session?
I'd use the login process and the application.cfc onSessionEnd to keep track of this.
Login routine would store the session ID against the user account record.
onSessionEnd would remove the session ID from the user account record.
Log out a user remotely.
Since you have the session ID's, you can modify the "sessionStop" function I created to accept the session ID as an argument http://misterdai.wordpress.com/2010/06/15/cf-sessionstop-ending-a-cf-session/
You'll probably want to pester Adobe to put this into CF10. Otherwise you might run into problems if they change the way things work.
Block accounts from having multiple sessions at once.
If someone tries to log in and they have a session ID on their record, they're already logged on.
You could then either kick off the old ID and let the new one on, or stop the new login attempt.
BTW, I'm also the creator of CfTracker. It does provide an insight into the sessions on your server, it's built more for monitoring than using within another application. -
Running FlexUnit in Security Application Server environments
Hi all,
our flex client is running/provided in a application server context with basic authentification. that mean when the user request our flex client he is running into a authentification dialog box inputs username and password and then after validation our flex clients website would be loaded.
for complex end2end tests we are using flexunit and integrate doing such tests via continous integration with ant. so we have a scenario that we start would start our application server, after start complete we call ant-flexunit with the flex client given url to run our tests after that we shutdown the hole orchestra.
the problem we are currently facing is the security authentification flow which we are not simply abe to disable this only for testing.
so the hole automatically testflow is hanging on this authentification dialog popup where we first have to enter our username/pwd. so is there a way from flexunit to trigger the url request with username/pwd as a kind of params automaticly to the server or something else? or whats best practice testing flex apps using flexunit which are hosted under security restrictions? with JUnit i read its possible the manipulate the http request header injecting username/password into the request...
thanks
danI am using Oracle 10g9.0.4 or 10.1.2 ? There are small differences between them, so it could be helpful to know the exact version.
or it does nothing.For the moment don't use forms with parameter list, to avoid one more possible cause. Did you check sensitivity ? For example, if a form is called with name 'My_Form.fmx', and its name, on disk, is my_form.fmx or MY_FORM.fmx. or anything different, then it won't work.
On form property page activate console window, to see errors, if any.
Of course I'm assuming that test form works correctly.... -
Non-secure application update on standard account
My daughter has just downloaded and updated Microsoft Messenger to version 5.1.1 whilst logged into her standard user account (without admin priviledges). There was no request for an admin password and when she launched the application there was no alert box advising she was opening an application for the first time.
I am concerned the normal security protocols of the OS appear to have been bypassed! All settings have been checked and everything is locked down as far as possible. Was the Messenger update just a very minor issue without any change to the actual application or is there a potential security hole?
Maybe I'm missing something simple but it raises a few questions.
G5 Dual 2GHz Mac OS X (10.4.6) Latest Security Update in placeI figured out my own question and want to delete it but I can't find an option to do so? Anyway, it turns out that when there is two or maybe more "desktops" open at one time, that is when right clicking on an application in the dock shows the assign to options. Ok then.....
Maybe you are looking for
-
I'm using a mid 2014 13" rmbp. I reinstall the Yosemite due to the wifi issue, when finished, the iMovie was not installed, I try to download it from app store, but it's not free. How can I get iMovie back?
-
How can I use the iPhone i bought here in the US in the philippines?
i have an iphone and i was just wondering how can i can use the iphone i bought here in the united states to the philippines? is it even possible? please help me. thanks!
-
Anyone else just getting a message about the iTunes store making an error whenever you do anything like click the forward and back buttons or click on a suggestion if you misspell something?
-
On the Oracle XE BETA Trial License agreement
Hi all, I've got a question concerning the Oracle XE BETA Trial license (I'm referring to the document behind the "License Agreement" link in the "links" pane on the right top of the database home page) I understand that the Oracle XE Beta License gr
-
I just purchased a 2012 mac mini running osx 10.8.2. I want to mount my old linux hard drive on it because this is where all of my data is stored. Is this possible? if so how?