Security Athorization without authentication - wiill this work? Attn Frank

Similar Messages

• Creating/Mapping security roles without authentication

  Hello all, I am new to WebLogic 9.1, and I appreciate your help in advance.
  I have an HTTP header pre-populated with the roles a logged-in user has (these roles are defined outside websphere), and the user has already been authenticated.
  I want to map each role from my header to a URI configured in weblogic, so it can authorize/deny access to that page within the container, based on the role in the header.
  What would be a good approach to doing this? I have been looking through the security documentation, and I am a bit overwhelmed, I'm not sure where to begin.
  Thanks

  Hi,
  1) as said, nothing prevents you from building a JAAS LoginModule that does what you need - e.g. authenticate a user against LDAP, then connect to the database and query for his/her user roles. You can't have container managed authorization without authentication though.
  There will be a change in API in JDeveloper 11 (and most likely in JDeveloper 10.1.3.4 - upcoming) that allows you to set a Subject into the OC4J context, in which case you don't need container managed autehntication. However, I don't have it tested yet and can't tell to what extend this would be useful
  3) Sure, you can build a JAAS LoginModule that doesn't care for authentication. However, this doesn't work with container managed security. As far as I am aware, the only option to not show a login dialog is to use certificates. And certificates are not yet to use with custom LoginModules. So the above mentioned API - that is available as a backported patch for 10.1.3.1 - might do the trick
  Frank

• Network security:LAN manager authentication level setting on GPO

  Hi,
  We have a requirement from project team to change the one of the security setting on default domain policy for all computers in domain. Below are the security setting which we need to modify.
  computer configuration-->windows settings-->security settings-->local policies-->security options-->
  Network security: LAN manager authentication level 
  this setting need to be changed to - Send LM & NTLM - use NTLMv2 session security if negotiated.
  The project team facing issue with Apache web server and they found the solution on below link.(we have tested this  by changing local group policy and this solution works as expected)
  https://www.sysaid.com/Sysforums/posts/list/9065.page 
  We need to know what is the impact after enabling this on domain computers.
  Need help on this to go-head on this.

  Hi,
  you have a weaker domain security overall. "
  LM Hash Generation 
  The algorithm introduces several weaknesses that attackers can exploit. First, all lowercase characters are set to uppercase, reducing the number of possible characters. Second, it splits a long, strong, password into two seven-character chunks.
  Both the LM and NTLM protocols operate essentially the same way; the only difference is the password hash.
  REF: The Most Misunderstood Windows Security Setting of All Time
  This post is provided AS IS with no warranties or guarantees, and confers no rights.
  ~~~
  Questo post non fornisce garanzie e non conferisce diritti

• Hello I have a problem with a Wifi Survey app, this app is from Access Agility, however this app was working fine, but without advise stop of working, I tried to open again, but app be close after few seconds.

  Hello I have a problem with a Wifi Survey app, this app is from Access Agility, however this app was working fine, but without advise stop of working, I tried to open again, but app be close after few seconds. Every time that I tried to open it, in diagnostic and use create some files, in special one named LatestCrash-WifiSurvey.plist, this one generate an incident identifier E73B0164-CDFA-4E9E-839E-A0C021BD17A2, but this incident identifier change every time that I tried to open, the last incident identifier is: DE600EB3-AB57-4C33-8DE8-71F6788A7441.
  After of it, I checked that the app had a new version available for downloading, I took a backup of my ipad and then upgrade this app, but is the same problem, all I want is to save the projects I had in this app, I´m afraid that if I delete this app and re-install it, probably I loss my projects.
  Thanks for your help indicating how I can save my projects and see them for example in an iphone for assurance that data is not lost.
  Something that called my attention is part of the log that shows a big CPU processing, but the strange thing is I killed all applications.
  Incident Identifier: E73B0164-CDFA-4E9E-839E-A0C021BD17A2
  CrashReporter Key:   ed0ca1405ce83d4f80cb3cce063d7248d7b76e91
  Hardware Model:      iPad2,5
  Process:         WifiSurvey [139]
  Path:            /var/mobile/Applications/1BEEE35A-85FC-4BE4-B62A-39A930CB3CE2/WifiSurvey.app/Wi fiSurvey
  Identifier:      WifiSurvey
  Version:         ??? (???)
  Code Type:       ARM (Native)
  Parent Process:  launchd [1]
  Date/Time:       2013-08-08 19:01:13.476 -0500
  OS Version:      iOS 6.1.3 (10B329)
  Report Version:  104
  Exception Type:  00000020
  Exception Codes: 0x000000008badf00d
  Highlighted Thread:  0
  Application Specific Information:
  com.accessagility.wifisurvey failed to launch in time
  Elapsed total CPU time (seconds): 20.990 (user 20.990, system 0.000), 52% CPU
  Elapsed application CPU time (seconds): 19.954, 50% CPU

  See:
  iOS: Troubleshooting applications purchased from the App Store
  Contact the developer/go to their support site if only one app.
  Restore from backup. See:
  iOS: How to back up              
  Restore to factory settings/new iPod

• In disk utility, it shows that my external hard drive is somehow unmounted and I can't access it in finder or repair it in Disk Utility. How can I get this working without losing my important data?

  In disk utility, it shows that my external hard drive is somehow unmounted and I can't access it in finder or repair it in Disk Utility. How can I get this working without losing my important data?
  Thank you!

  When you erased the disk did you select Mac OS Extended Journaled as the format option?

• Page rotate script not working(not allowed error security settings prevent access to this property)

  HI,
  I am using a script to rotate each pages in pdf file when clicking a button. I have added a script to rotate file in the rotate button's click event as a javascript.It is working in acrobat but not in adobe reader. Pleae see the script
  nStart = 0;
  nEnd = this.numPages - 1;
  nRotate = 90;
  try
  if (this.numPages > 0)
             this.setPageRotations(nStart , nEnd , nRotate)
  catch(e)
  app.alert("Processing error: "+e)
  But I'm getting this  error in adobe reader not in acrobat.'not allowed error security settings prevent access to this property or method'. What is the problem. Please anybody tell me.

  OK, so here's what you do:
  - Create a new file in a plain-text editor (I recommend Notepad++), and paste this code into it:
  safeExecMenuItem = app.trustPropagatorFunction(function(code){
      app.beginPriv();
      app.execMenuItem(code);
      app.endPriv();
  mySafeExecMenuItem = app.trustedFunction(function(code){
      app.beginPriv();
      safeExecMenuItem(code);
      app.endPriv();
  Close Reader if it was open and then save this file as "MyScripts.js" and place it in the following directory (this is for Windows):
  C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Javascripts
  If you want it to work in Acrobat as well place the file also under:
  C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Javascripts
  Now to rotate the pages clockwise attach this code to your button (in Acrobat, of course):
  mySafeExecMenuItem("RotateCW");
  And to rotate them counter-clockwise, use this code:
  mySafeExecMenuItem("RotateCCW");
  Open your file in Reader and the buttons should rotate the pages when clicked...

• HT2731 I was ask for my secure question and they did not work. So I went into my account and tap on my secure question that I forgot my secure question. It replied back that it just sent me a email. The email never came. I did this three time. My email is

  I was ask for my secure question and they did not work. So I went into my account and tap on my secure question that I forgot my secure question. It replied back that it just sent me a email. The email never came. I did this three time. You have myy email as correct. I have check my account and it show as being correct.

  It's a really bad idea to post your email addresess - it's an invitation to spam - and I've asked the Hosts to remove them.
  This is a user-to-user forum and no-one on here can take any direct action. If your Yahoo address is not working that's something you would need to take up with Yahoo - have you checked it by sending yourself an email to it?
  Otherwise you will need to contact Support: go to https://expresslane.apple.com/ and click on 'iTunes' in the center column and then 'iTunes Store' in the right-hand column and proceed from there.

• Secure RPC - DH authentication without NIS ??

  I need to setup NFS mounts between two Solaris 10 boxes and one Sol9 box but we need the ability to have users in more than 16 groups. My first round of digging leads me to believe we need to use Secure NFS/RPC. But which flavor of authentication ?? We're trying to minimize impact on the users and the administrators here.
  The DH auth. sounds simpler to me - a straightforward PKI exchange. Has to be easier than using the Kerberos auth.. But all the doc. for setting up the DH says it uses NIS/NIS+ and that is going away. But I can't see any reference to the DH key maps being migrated into LDAP.
  Is there any other way to setup DH authentication for Secure RPC without using NIS(+) ?? Static files would even be acceptable.
  thanks,
  Don M.

  Hi Garth
  I have exactly the same problem as the one you've described.
  Did you find any solution?
  Thanks
  Terence

• Hi  I am a keen photographer and I have just bought you SD card reader for ipad. This works well but was winding if there is an app that I can view the images on the SD card full screen without having to import them to the iPad or is there a way to do thi

  Hi
  I am a keen photographer and I have just bought you SD card reader for ipad. This works well but was winding if there is an app that I can view the images on the SD card full screen without having to import them to the iPad or is there a way to do this on the iPad
  The reason for buy this was for when I was out and about to get a better view off my images.
  I have a iPad 2 16gb
  Hope you can help!
  Thanks

  A couple of weeks ago, (after reading a review in TUAW) I bought a wireless hub/ SD card reader called RAVPower.  its app comes with a built in viewer, so you can load it up, and see the pics full screen. 

• You have attempted to access a secure page without the appropriate authorization. I have used this website every week and today received this error message. I can access it with Internet Explorer.

  I received an error message after attempting to log in to a website. Access prohibited. You have attempted to access a secure page without the appropriate authorization.
  I access this website at least twice a week and now I get this error message. I am able to access this website through Internet Explorer. Is there something I can do to fix this problem, so I can use Firefox?

  Maybe:<br />
  Dafizilla Table2Clipboard: https://addons.mozilla.org/firefox/addon/1852

• In trying to use Filelink, it asks for a software security device password - what is this? None of the passwords I can think it might be referring to work!

  In trying to use Filelink, it asks for a software security device password - what is this? None of the passwords I can think it might be referring to work!

  What is the exact error message?

• Jdev 10.1.3.1 "ADF Security": Application without a custom login page?

  Hi,
  We are trying to develop an application using "ADF security", which means we can give permissions to certain roles based on "Binding Container", "Iterator Binding", "Method Action Binding" and "Attribute-level Binding".
  After reading the document -- "Oracle® Containers for J2EE Security Guide 10g (10.1.3.1.0) B28957-01" that Frank pointed out. We have a question:
  Can we develop an ADF application without creating a custom login page? Right now we've followed the security guide and modified the configuration files. But when we run the application, we get the "user null" error message. The reason is clear because we do not have a login page. On the security guide, it says that it is possible to use the oracle default login module. But it does not say how. Does anyone have any idea?
  Thanks,
  Annie

  Brenden,
  Thank you so much for the reply. This is our code in the web.xml:
  <login-config>
  <auth-method>BASIC</auth-method>
  <realm-name>default</realm-name>
  </login-config>
  We are using HTTP basic Authentication. This technique worked for the container-managed security. The browser default login page pops up when the end users try to log into a secured JSP. But here we want to use "ADF security" to set up "Iterator binding" and "Attribute level binding" security. The browser default login page does NOT show up. Instead we get the "user null" error message.
  If you have detailed step on how to select HTTP Basic Authentication, it would be very helpful to us. Or if you know any document has the detail.
  regards,
  Annie

• Authorization without authentication

  Hello,
  From Java code, is there a way to query the users/groups in Weblogic LDAP without requiring a password?  I'm using a Java application with Weblogic 12.1.2 configured to point to an external LDAP server.  From a java client, I would like to use the Windows username and query against LDAP to see which groups the user is in.  It seems like this is possible using SessionContext.getCallerPrincipal() but I always get 'Anonymous', I believe because the user has not been authenticated.  Is there a way to get LDAP user/group information using Java from the Weblogic server without having an authenticated user?
  Thanks for any information!

  Hi,
  Thanks for confirming.
  Sounds like you would need to speak to your LDAP / AD admin to set up an user with no authentication ( no credentials ) required .   If the're happy to set up that up . problem solved.
  Makes me wonder , what is it you are trying to do ?  i,e why would you need to query AD without authentication and check / pull details of users. ?   Even if the AD admin agrees to set one up. that's a security risk.
  In additon you are intending to use that user from within the Java application. Boy ! I'm sure it'll raise quite a lot of heads if thats for an commerical project work .
  Sri

• Require that all senders are authenticated no longer working

  Hello,
  I've already mentioned it in another thread, but maybe it's an update-issue in stead of server issue.
  My problem: It seems (well, it doesn't work anymore, so it's an issue) that the option "Require that all senders are authenticated" on 'Distribution Group' not longer works. I really don't know why this happends and when it doesn't work anymore,
  because it did work when creating the group (and the updates weren't available).
  The situation (so maybe there's another option to find out what causes the problem):
  Pineapp -> Exchange 2007 SP2 Rollup 4. The pineapp is being used before I installed updates of Exchange (and it did work with this setup), so in my opinion, this can't be the problem.
  If someone could help me, or point me to a (new) direction so I can solve the problem with our Exchange server, that would be great :).

  Update: When sending an email to the used distribution group, I get an bounce with 'authentication required'. When sending
  an email to the user in the same group, the email is delivered in stead of bounced.
  This is normal. You only enabled the  "Require that all senders are authenticated" on 'Distribution Group', but the users in the same group do not have 
  "Require that all senders are authenticated" enabled.  So the users outside of your domain still can send the mail to the users without authentication.
  To batch enable the "Require that all senders are authenticated" for the users, you can use the following method:
  1. Create a organizational Unit (OU), move the users to this OU.
  2. Open EMS, type:
  Get-mailbox -OrganizationalUnit   |set-mailbox -requireSenderAuthenticationEnable:$true
  Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. Thanks

• When i drag and drop an image on my site. it gives the following error. "Unable to access local files due to browser security settings. To overcome this, follo"

  I am using the firefox version 17 and when i drag and drop an image on my website. It gives me the following error.
  Unable to access local files due to browser security settings. To overcome this, follow these steps: (1) Enter "about:config" in the URL field; (2) Right click and select New->Boolean; (3) Enter "signed.applets.codebase_principal_support" (without the quotes) as a new preference name; (4) Click OK and try loading the file again. Or go to the homepage for a link to the tutorial on how to do it.
  I have completed the above steps and it is still showing the same error message. Any help would be highly appreciated.
  Thanks.

  Thanks kumars ,
  I have a specific drag and drop area on our website. This works fine for all earlier releases of Firefox after these security settings
  "(1) Enter "about:config" in the URL field; (2) Right click and select New->Boolean; (3) Enter "signed.applets.codebase_principal_support" (without the quotes) as a new preference name; (4) Click OK and try loading the file again."
  Bust these settings not work for me in Firefox 17.
  Yes the drag and drop functionality is java script based and i am not using any script blocker addons.