Security component implementation

I'm working on a security component that will grant access (or deny access) to protected resources through a password verification, in a JSF RI website.
Can you tell me, in your opinion, what is the best practises to achieve this? Can I rely on the standard JSF validation approach?
Thank you very much,
Ivan Saorin

ivan.saorin wrote:
Maybe we have found an anomaly in the way JSF manage validation/security. It is not a exactly a bug, rather, the absolute lack of documentation on the argument.
We have found that in certain situation the standard security offered by JSF MUST be enforced by some kind of measure.
Immagine a scenario like this (real life sick), you build a custom component with an internal validation. The component accepts a password from the user, the confirm button is not on the component itself, instead the component rely on the confirm button present on the page (becouse the button is on a toolbar).
The page confirm button usually is associated with an action that, for example, grant to the user to confirm a transaction of some kind.
What normaly happen if the user put the wrong passord in the password field, is that tha validation rule fails, a ValidationException is thrown by the validator. The page re-render itself signaling the error occured to the user.
But if an ill-intentioned user remove the component from the page (with a famous firefox plugin for example),The component exists on the server and the server only. The client cannot remove it from the JSF view.
or simply remove the secCmpId=secCmpId parameter from the request, the decode of the component is not even called, and so any associated validation rule. The result is that the action fired by the page confirm button is not blocked at all!That sounds like a poorly written component to me. The component will exist in the restored view (or this is kept server side); if it is enabled and rendered then it should be decoded. The absence of the expected parameter in the request parameter map should cause an error.
>
For me isan error that JSF is not blocking action by default. They should be admitted only and only is all the validation are gone ok, ad not if one fails.
I know that is a rather peculiar use case, but the extreme confidence in the absolute server-side security usually bounded by JSF can lead to such an implementation.
Obviously we have resolved the security hole that luckily was found during an internal security test.Personally I wouldn't (and haven't) checked something like a password in a validator, preferring to do it in the action method.

Similar Messages

  • An alert message pops up upon opening saying could not initiate application security component, and it says to check to see if profile has no read/write restrictions.

    An alert message pops up upon opening saying could not initiate application security component, and it says to check to see if profile has no read/write restrictions. Than when it opens all of my saved passwords are gone, I use a master password and its disabled. When I try to enter in a new on e it says can't change password. I can't even open yahoo e-mail says that my ssl security is down but when I check it its clicked. I'm just very confused as to whats going on.
    == This happened ==
    Every time Firefox opened
    == 5/14/2010 ==
    == User Agent ==
    Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/532.5 (KHTML, like Gecko) Chrome/4.1.249.1064 Safari/532.5

    See [[Could not initialize the browser security component]]
    Rename (or delete) secmod.db (secmod.db.old) in the [http://kb.mozillazine.org/Profile_folder_-_Firefox Profile Folder] in case there is a problem with the file.

  • I am receiving an alert message that reads: Could not initialize the application's security component.

    Could not initialize the application's security component. The most likely cause is problems with files in your application's profile directory. Please check that this directory has no read/write restrictions and your hard disk is not full or close to full. It is recommended that you exit the application and fix the problem. If you continue to use this session, you might see incorrect application behaviour when accessing security features.

    See this support article:
    *https://support.mozilla.com/kb/Could+not+initialize+the+browser+security+component

  • I keep getting the following error message: "Could not initialize the application's security component." Firefox then crashes when I try to enter a secure website. Help?

    The exact error message is: "Could not initialize the application's security component. The most likely cause is problems with files in your application's profile directory. Please check that this directory has no read/write restrictions and your hard disk is not full or close to full. It is recommended that you exit the application and fix the problem. If you continue to use this session, you might see incorrect application behaviour when accessing security features." I am on a MacBook and have been using Firefox for years without any problem until now.

    Can you access other apps? Can you acess the internet? Can you access applications that use internet besides facebook?
    If answer is yes to all of these; contact Facebook.

  • Error message: Count not initialize the applications security component.....

    I have been receiving the following error message when trying to access Firefox:
    Could not initialize the applications security component. The most likely cause is problems with files in your applications profile directory. Please check that this directory has no read/write restrictions and your hard disk is not full or close to full. It is recommended that you exit the application and fix the problem. If our continue to use this session you might see incorrect application behavior when accessing security features.
    Firefox will not open any site. I am using a MacBook. The hard drive is not full. I recently had to start using a vpn to get remote access to my desktop at work. Then it wouldn't load so I had to install something to trick it into accepting the vpn. I do not recall what this was as I got this from a person at our helpdesk at work. I hadn't had any trouble for several days, then all of a sudden, Firefox won't open anything, no websites, no email, etc. I have been using Safari as so far it seems to be working. I do not wish to continue to use Safari and for portions of my job, I need to download things and using Firefox is the only browser that works with the software program I am using.
    Can anyone help me with this problem?
    Thank you very much.

    This link shows things to check - https://support.mozilla.com/kb/Could+not+initialize+the+browser+security+component

  • I suddenly have this error message on FireFoxthis message pops up: "Could not initialize the application's security component. The most likely cause is problems with files in your application's profile directory. Please check that this directory has no re

    I suddenly encounter this error message from Fire Fox.
    Could not initialize the application's security component. The most likely cause is problems with files in your application's profile directory. Please check that this directory has no read/write restrictions and your hard disk is not full or close to full. It is recommended that you exit the application and fix the problem. If you continue to use this session, you might see incorrect application behaviour when accessing security features.
    I uninstalled the browser and download a new version but it does not resolve the issue.
    I know my hard disc has ample space. I do NOT know where to find the Profile directory to fix the read restriction box.
    == This happened ==
    Every time Firefox opened
    == After something about security add-on of Norton pop up by itself. ==
    == User Agent ==
    Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; MSN Optimized;US)

    This link shows things to check - https://support.mozilla.com/kb/Could+not+initialize+the+browser+security+component

  • Getting an error message talking about not initializing the application's security component when starting up

    i get a message every time i start up firefox saying "Could not initialize the application's security component. The most likely cause is problems with files in your application's profile directory. Please check that this directory has no read/write restrictions and your hard disk is not full or close to full. It is recommended that you exit the application and fix the problem. If you continue to use this session, you might see incorrect application behaviour when accessing security features."

    This link shows how to fix this - https://support.mozilla.com/kb/Could+not+initialize+the+browser+security+component

  • Can only open firefox as admin, otherwise get error to say a security component could not be initilaised. Have tried deleted cert8 file but it is not recreated and still will not open

    Had problems with os and now can not open firefox unless I run as admin. Error appears - Could not initialise the application's security component. The most probable cause is problems with files in your browser's profile directory. Please check that this directory has no read/write restrictions and your hard drive is not full or close to full. It is recommended that you exit the browser and fix the problem. If you continue to use this browser session, you might see incorrect browser behaviour when accessing security features.
    I have tried deleting the cert8 db file but it is not recreated when I start firefox again. HD has lots of room. Can you suggest anything else to try please?
    thanks, mandi

    If deleting or otherwise removing the cert8.db and secmod.db file doesn't help then try a new profile.
    *https://support.mozilla.org/kb/Could+not+initialize+the+browser+security+component
    Create a new profile as a test to check if your current profile is causing the problems.
    See "Creating a profile":
    *https://support.mozilla.org/kb/profile-manager-create-and-remove-firefox-profiles
    *http://kb.mozillazine.org/Standard_diagnostic_-_Firefox#Profile_issues
    If the new profile works then you can transfer some files from an existing profile to the new profile, but be careful not to copy corrupted files.
    *http://kb.mozillazine.org/Transferring_data_to_a_new_profile_-_Firefox

  • Firefox stopped working properly, it says it cannot initialize the applications security component...

    Firefox starts with this: Could not initialize the application's security component. The most likely cause is problems with files in your application's profile directory. Please check that this directory has no read/write restrictions and your hard disk is not full or close to full. It is recommended that you exit the application and fix the problem. If you continue to use this session, you might see incorrect application behaviour when accessing security features.
    it then opens and will not let me click anything, just opens the homepage and stops, tried reinstalling and it still doesn't work.

    Create a new profile as a test to check if your current profile is causing the problems.
    See Basic Troubleshooting: Make a new profile:
    *https://support.mozilla.com/kb/Basic+Troubleshooting#w_8-make-a-new-profile
    There may be extensions and plugins installed by default in a new profile, so check that in "Tools > Add-ons > Extensions & Plugins" in case there are still problems.
    If that new profile works then you can transfer some files from the old profile to that new profile (be careful not to copy corrupted files)
    See:
    *http://kb.mozillazine.org/Transferring_data_to_a_new_profile_-_Firefox

  • New WIN7 System, FFox gives error "Could not initialize the application's security component. The most likely cause is problems with files in your application's profile directory" - will not go to any site.

    New Windows 7 computer. After installing Firefox, every time I bring it up I get the following message:
    "Could not initialize the application's security component. The most likely cause is problems with files in your application's profile directory. Please check that this directory has no read/write restrictions and your hard disk is not full or close to full. It is recommended that you exit the application and fix the problem. If you continue to use this session, you might see incorrect application behaviour when accessing security features."
    Then Firefox comes up, but will not function at all - can enter url address, but will not respond to ANY clicks, so can not go to any site.

    This link shows how to fix this - https://support.mozilla.com/kb/Could+not+initialize+the+browser+security+component

  • I get the following when I try to open fox: "Could not initialize the application's security component. The most likely cause......"

    When I try to open Firfox, I get the following error message:
    "Could not initialize the application's security component. The most likely cause is problems with files in your application's profile directory. Please check that this directory has no read/write restrictions and your hard disk is not full or close to full. It is recommended that you exit the application and fix the problem. If you continue to use this session, you might see incorrect application behaviour when accessing security features."

    See:
    *https://support.mozilla.com/kb/Could+not+initialize+the+browser+security+component

  • When Firefox loads I get an error saying 'the applications security component could not initiallize'. I have a 64-bit PC based system.

    When I load Firefox I get an error message that tells me that the application security component could nt be initiallized. The suggestion from the error meddage was to see if there is a read/write restriction for the application profile directory. I have looked and found no such restriction on that directory. Firefox will load and allow me to look on the web, but many of the functions do not work. I have a 64-bit system using Windows 7 (64-bit version).

    Rename secmod.db (secmod.db.old) in the [http://kb.mozillazine.org/Profile_folder_-_Firefox Profile Folder] in case there is a problem with the file.
    You may have to rename cert8.db (cert8.db.old) as well.
    Firefox will create new files.
    The file cert8.db stores user certificates and intermediate certificates send by websites, so if you have certificates that you want to keep then you may want to export them now and import them after having removed cert8.db.
    See Tools > Options > Advanced > Encryption: Certificates: View Certificates
    If that works then you can delete the renamed files or undo the changes if you want to revert the process.
    Also make sure that you allow the loopback connection with the Software Security Device in the firewall.<br />
    * [[Firefox makes unrequested connections]]

  • KEEP GETTING FOLLOWING MESSAGE Could not initialize the application's security component.

    everytime click on firefox icon to use browser message box appears Could not initialize the application's security component. The most likely cause is problems with files in your application's profile directory. Please check that this directory has no read/write restrictions and your hard disk is not full or close to full. It is recommended that you exit the application and fix the problem. If you continue to use this session, you might see incorrect application behaviour when accessing security features.

    The following link shows how to resolve this - https://support.mozilla.com/kb/Could+not+initialize+the+browser+security+component

  • Could not initialise the application's security component

    When opening Firefox, I get a message "Could not initialise the application's security component. The most probable cause is problems with files in your browser's profile directory. Please check that this directory has no read/write restrictions and your hard drive is not full or close to full. It is recommended that you exit the browser and fix the problem. If you continue to use this browser session, you might see incorrect browser behaviour when accessing security features." Firefox then opens but all tabs are marked New Tab and no access can be obtained to the various websites. If I try to sign in to Google, a new window opens marked About:blank. I have wireless connection which is functioning correctly. Please help get my connection working if possible.

    Thank you for this detailed explanation - I suspected the answer would be somewhere although I certainly had trouble locating it.
    I haven't utilised this answer as I resurrected another laptop and copied folders from the AppData Local and Roaming folders and pasted them into my corrupted machine, which is now working well. However, I am extremely grateful to you for coming to my aid and have bookmarked the reply should it fail again.
    I see someone else has the same problem, so your help will doubtless reach even further. Regards

  • I keep getting this diologue box as I start up Firefox "Could not initialise the application's security component. The most probable cause is problems with files in your browser's profile directory. ... what should I do exactly?

    I keep getting the following dialogue box when I start Firefox " Could not initialise the application's security component. The most probable cause is problems with files in your browser's profile directory. Please check that this directory has no read/write restrictions." I am not sure how to find or change the profile directory. I have gone to the Options: General: Save files to ...box but it wont allow me to browse to another file and the box remains blank. ideas please!

    See [[Could not initialize the browser security component]]
    Continue here: [/questions/780717]

Maybe you are looking for

  • Partner App OAS SSO integration does not work

    Hi All, I try to make OAS SSO work. I have app I built in HTML DB, I try to make it work as Partner Application for OAS SSO. I've done all requierments to install SSO SDK and try to make it work - it was fruitless. Then I try to make Test App work (\

  • How to populate column value from a sequence in adv table

    Hi Everyone, This is my requirement. When a user clicks on add another row button of advance table a new row should appear with ID column populated as a sequence value. For eg: When the page renders for the first time, no records are shown in the adv

  • PAY_PEOPLE_GROUPS in OBAW

    Hi All, Did anyone brought the PAY_PEOPLE_GROUPS table into OBAW? I wanted to know if it will be a custom table in warehouse as a dimension or can it be integrated with any of the table OOB? appreciate any assistance Thank you. ~Prabhu

  • How do i edit voiceover in imovie

    I am attempting to edit some voiceover audio that I have for a project that I'm working on.  I need to edit because the voiceover is too long and i need several parts of the voiceover.  Is this something that I'll be able to do?

  • Model and Value node data in one form...?

    Hello, I have a requirement where the adobe form is expected to have model data available and then in the same form teh user provides data, which is maintained in value node. Now the problem we are facing is, we are unable to maintain both value node