Security integration

Similar Messages

• [svn:bz-trunk] 20680: Tomcat 7 Login Module work, due to the Tomcat 7 Security framework change we need to work out the security integration piece for tomcat 7 .

  Revision: 20680
  Revision: 20680
  Author:   [email protected]
  Date:     2011-03-08 08:23:30 -0800 (Tue, 08 Mar 2011)
  Log Message:
  Tomcat 7 Login Module work, due to the Tomcat 7 Security framework change we need to work out the security integration piece for tomcat 7. So far the ValveBase and tomcat Realm had API changes which will impact on the Login integration with Tomcat 7
  Modified Paths:
      blazeds/trunk/modules/opt/build.xml
  Added Paths:
      blazeds/trunk/modules/opt/lib/catalina-708.jar
      blazeds/trunk/modules/opt/src/tomcat/flex/messaging/security/TomcatValve708.java

  Revision: 20680
  Revision: 20680
  Author:   [email protected]
  Date:     2011-03-08 08:23:30 -0800 (Tue, 08 Mar 2011)
  Log Message:
  Tomcat 7 Login Module work, due to the Tomcat 7 Security framework change we need to work out the security integration piece for tomcat 7. So far the ValveBase and tomcat Realm had API changes which will impact on the Login integration with Tomcat 7
  Modified Paths:
      blazeds/trunk/modules/opt/build.xml
  Added Paths:
      blazeds/trunk/modules/opt/lib/catalina-708.jar
      blazeds/trunk/modules/opt/src/tomcat/flex/messaging/security/TomcatValve708.java

• OBIEE-EBS data security integration

  Hi all,
  I am trying to implement the HR-Org based data security in EBS-OBIEE integration.
  After creating the initialization blocks EBS Single Sign-on Integration,Get Oracle EBS Security Context,Group-EBS Responsibility I have created a new initialization block HR Organizations to populate the session variable "HR_ORG" and I am using the following the query.
  Even though the session variables GROUP and USER are getting their values correctly and integration works fine, the variable HR_ORG says "has no value definition".
  [nQSError: 10058] A general error has occurred. [nQSError: 23006] The session variable, NQ_SESSION.HR_ORG, has no value definition. (HY000)
  SQL Issued: SELECT "Per Business Groups"."Business Group Id", VALUEOF(NQ_SESSION.HR_ORG) FROM HR
  Please help me for implementing the data security after the EBS-OBIEE integration..
  For populating HR_ORG variable by row wise initialization:
  SELECT DISTINCT 'HR_ORG',TO_CHAR(SEC_DET.ORGANIZATION_ID)
  FROM
  SELECT
  'HR_ORG', ASG.ORGANIZATION_ID
  FROM
  FND_USER_RESP_GROUPS URP
  ,FND_USER USR
  ,PER_SECURITY_PROFILES PSEC
  ,PER_PERSON_LIST PER
  ,PER_ALL_ASSIGNMENTS_F ASG
  WHERE
  URP.START_DATE < TRUNC(SYSDATE)
  AND (CASE WHEN URP.END_DATE IS NULL THEN TRUNC(SYSDATE) ELSE TO_DATE(URP.END_DATE) END) >= TRUNC(SYSDATE)
  AND USR.USER_NAME = ':USER'
  AND USR.USER_ID = URP.USER_ID
  AND TRUNC(SYSDATE)
  BETWEEN URP.START_DATE AND NVL(URP.END_DATE, HR_GENERAL.END_OF_TIME)
  AND PSEC.SECURITY_PROFILE_ID = FND_PROFILE.VALUE_SPECIFIC('PER_SECURITY_PROFILE_ID', URP.USER_ID, URP.RESPONSIBILITY_ID, URP.RESPONSIBILITY_APPLICATION_ID)
  AND PER.SECURITY_PROFILE_ID = PSEC.SECURITY_PROFILE_ID
  AND PER.PERSON_ID = ASG.PERSON_ID
  AND TRUNC(SYSDATE) BETWEEN ASG.EFFECTIVE_START_DATE AND ASG.EFFECTIVE_END_DATE
  AND URP.RESPONSIBILITY_ID = DECODE(FND_GLOBAL.RESP_ID,
  -1, URP.RESPONSIBILITY_ID,
  NULL, URP.RESPONSIBILITY_ID,
  FND_GLOBAL.RESP_ID)
  UNION
  SELECT DISTINCT 'HR_ORG',
  ORGANIZATION_ID
  FROM PER_ALL_ASSIGNMENTS_F ASG,
  FND_USER USR
  WHERE ASG.PERSON_ID = USR.EMPLOYEE_ID
  AND USR.USER_NAME = ':USER'
  AND TRUNC(SYSDATE) BETWEEN ASG.EFFECTIVE_START_DATE AND ASG.EFFECTIVE_END_DATE
  AND ASG.PRIMARY_FLAG = 'Y'
  ) SEC_DET
  Thx!

  Duplicate post see Re: obiee-ebs  data  security integration

• LDAP Security Integration to JSF

  I would like to integrate a security system that we use to the JSF project I'm developing. The setting is as follows:
  We have a centralized single signon authentication system (OBLIX) that present the user with a login screen. Once the user logs in successfully, the system will direct the user to a url of my choice. The login information, such as user id, will be stored in the request as parameters.
  I'm new to JSF. So far I have not have to use any servlets in jsf. All I have done in my application with JSF are backing beans and control beans. The business logic resides in the control beans which invoke the backend model programs (which deals with database etc.).
  The question is how to integrate this OBLIX security nicely into my application. Can I have OBLIX direct a successful login to a jsp that triggers a control bean automatically? I need to read off the request parameters to find out who the login user is.
  Is this something that should be done with JSF listeners?
  Thanks in advance. I hope to hear from you experts soon.

  Hi Gary,
  maybe get in contact with Scott Spendolini from Sumner Technologies (http://sumnertechnologies.com/), I think these guys have some experience integrating APEX with eBusiness Suite.
  Patrick
  My APEX Blog: http://inside-apex.blogspot.com
  The ApexLib Framework: http://apexlib.sourceforge.net
  The APEX Builder Plugin: http://sourceforge.net/projects/apexplugin/

• Oracle ADF security integration with Oracle E-Business Suite SDK JAAS

  I have an Oracle ADF 11.1.2.2 application that is using ADF security for authentication and authorization.
  When we deploy this application to our JDeveloper integrated weblogic server, we utilize the security setting of "Custom" and use weblogic users and roles to map to the ADF application roles. In that environment our security is working properly.
  I have a Weblogic 10.3.5 standalone server that has the ADF runtime installed as well as the Oracle E-Business Suite SDK JAAS implementation installed.
  When I deploy the Oracle ADF application to the standalone weblogic server, I am directed to the JAAS login page when I attempt to access any JSF page (including those that I have granted View access through the anonymous-role. Does the Oracle ADF anonymous-role work (allow for anonymous page access) when JAAS security is handled by the Oracle E-Business Suite SDK JAAS implementation?
  Per the SDK instructions, when we install the Oracle ADF deployment on Weblogic we have selected "DD only" for our security setting. We have defined enterprise roles in the Oracle ADF security setup (jazn-data.xml) that are assigned the appropriate application roles. Those enterprise roles have the same name (i.e. UMX|YOURROLE) as the E-Business Suite roles that are assigned to our test users. When we login with an E-Business Suite user / password we are receiving an error:
  Error 401--Unauthorized
  From RFC 2068 Hypertext Transfer Protocol -- HTTP/1.1:
  10.4.2 401 Unauthorized
  Any thoughts on why that would be?
  Thanks
  Dan

  Thanks Juan.
  With the debugging options enabled it appears the issue is not an issue with the user / role credentials - it seems like the resource grants from jazn-data.xml are not being reviewed in my standalone weblogic instance EAR deployment:
  [JpsAuth] Check Permission
  PolicyContext: [TestApp]
  Resource/Target: [untitled1PageDef]
  Action: [view]
  Permission Class: [oracle.adf.share.security.authorization.RegionPermission]
  Result: [FAILED]
  Evaluator: [ACC]
  Failed ProtectionDomain:ClassLoader=sun.misc.Launcher$AppClassLoader@13f5d07
  CodeSource=file:/app/oracle/product/Middleware/oracle_common/modules/oracle.adf.share_11.1.1/adf-share-support.jar
  Principals=total 2 of principals(
  1. JpsPrincipal: oracle.security.jps.internal.core.principals.JpsAnonymousUserImpl "anonymous" GUID=null DN=null
  2. JpsPrincipal: oracle.security.jps.internal.core.principals.JpsAnonymousRoleImpl "anonymous-role" GUID=null DN=null)
  When I access the same page from my integrated weblogic server I see:
  [JpsAuth] Check Permission
  PolicyContext: [TestApp]
  Resource/Target: [untitled1PageDef]
  Action: [view]
  Permission Class: [oracle.adf.share.security.authorization.RegionPermission]
  Result: [FAILED]
  Evaluator: [ACC]
  Failed ProtectionDomain:ClassLoader=sun.misc.Launcher$AppClassLoader@13f5d07
  CodeSource=file:/app/oracle/product/Middleware/oracle_common/modules/oracle.adf.share_11.1.1/adf-share-support.jar
  Principals=total 2 of principals(
  1. JpsPrincipal: oracle.security.jps.internal.core.principals.JpsAnonymousUserImpl "anonymous" GUID=null DN=null
  2. JpsPrincipal: oracle.security.jps.internal.core.principals.JpsAnonymousRoleImpl "anonymous-role" GUID=null DN=null)
  When I review my EAR - I do see jazn-data.xml at:
  /META-INF/jazn-data.xml
  I will review the system-jazn-data.xml to see if the policy information has been migrated properly as part of the EAR deployment.
  Thanks.
  -Dan

• APEX Security Integration To E-Business Suite

  Hi all,
  I am reasonably new to APEX and the Forum so please excuse me if this question has been posted previously.
  I am looking at creating applications that leverage the user and organization security that is inherent within E-Biz Suite to control access and data returned within my APEX applications.
  Environment Details:
  O/S: Sun Solaris Unix
  APEX: 3.0.1
  E-Biz: 11.5.10.2 (no SSO)
  APEX and E-Biz use same Apache HTTP Server
  I plan to access the APEX application from a custom Menu item on E-Biz and automatically authenticate the E-Biz user's credentials within APEX processes to determine USER_ID, ORG_ID, SECURITY_GROUP_ID, etc for access control of the returned data queries. The APEX application will be primarily reporting on E-Biz data.
  I would prefer to utilize APEX rather than built custom modules in Application developer Framework (ADF).
  Are there any whitepapers, best practices, or individuals experiences available on this subject that you could share with me please.
  Many thanks :-)
  Kind Regards,
  Gary.

  Hi Gary,
  maybe get in contact with Scott Spendolini from Sumner Technologies (http://sumnertechnologies.com/), I think these guys have some experience integrating APEX with eBusiness Suite.
  Patrick
  My APEX Blog: http://inside-apex.blogspot.com
  The ApexLib Framework: http://apexlib.sourceforge.net
  The APEX Builder Plugin: http://sourceforge.net/projects/apexplugin/

• EBS Security Integration with BI Publisher

  Hi All,
  I have few questions regarding integration of EBS Security with BIP. I went through the following document Oracle Fusion Middleware Administrator's Guide for Oracle Business Intelligence Publisher.
  and have following questions.
  -- Upon on logging on into BIP after integration with EBS should I assign the three roles of BI i.e. BI Administrator, BI Author and BI Conusmer to all EBS roles for catalog permission set up.
  Below is my requirement. EBS user logging into BIP
  a) Set of Users should have to build reports , publish on dashboard etc.
  b)Set of users need only view reports i.e. read only.
  c) One User should have Admin privileges.
  How do I associated above with EBS roles. Should I assign BI roles to EBS roles in EM and give catalog permissions? Any thoughts will be really appreciated.
  Thanks
  SYK

  have you got a response for this? We are having the same issue after following everything as well.

• BPC_MS ver 10 security integration with BusinessObjects BIP

  We have a client that has both BPC for MS ver 10 and BIP 4.1. They want to use the BIP tools such as Web Intelligence to report against the BPC data. They also only want the user running the report to see the data they are allowed to see based on the data access profiles in BPC. How can this be done without maintaining security in both BPC and BIP separately?

  Hi Francois & José Jaimes,
  BPC for MS is not integrated in Netweaver platform that's why you didn't find any documentation about real estate.
  There aren't relations just with BI you can use Xcelsius dashboard or ODBC to read the cubes but I don't think you will found the files to connect with RE (for BI connections see please 1731626 - Data source connectivity options between BusinessObjects BI tools and BPC).
  If you need to insert data in BPC from RE you need to export this data in a flat file and after to Import in BPC through the standard import package using transformation and conversion files, to transfer data from BPC to RE use the standard export package.
  Regards
       Roberto

• OBIA 7.9.6.3 security integration with EBS R12.1.2

  Hi Experts,
  We are implementing OBI Apps 7.9.6.3 with EBS R12.1.2 as source.We need to integrate Active Directory with OBIEE and implement security of BI Apps with EBS R12.1.2. Need help on this.
  How to map EBS Responsibilities into Application Role and Groups? Whether we need to create one Application Role and Group for each responsibility ? Then provide permissions in rpd for each of them? The user should have similar permission in BI as they have in EBS - like people can see only US Finance data in EBS should see only US Finance data in BI also.
  Regards,
  mvsst

  You can go through obia security guide which explains step by step procedure with screenshot on how to implement ebs authentication and role based access.
  here is the link.
  http://docs.oracle.com/cd/E21043_01/bi.1111/e16364/ebs_actions.htm
  Regards,
  RAM
  Edited by: RAM CH on May 20, 2012 1:34 PM

• Campus / Enterprise VLAN Security Integration

  Ji Jeal  
  One of the things that always bothers me about (including the many different ways of) deploying guest wireless is the need to have a VLAN that contains untrusted guest traffic on the same switches that carry trusted corporate traffic.
  Given that the deployment model for a site with local internet break-out such as H-REAP requires the VLAN to be on multiple switches what are the recommendations and best practices to make the chance of someone breaking out of this guest VLAN nil?
  Is this a viable model for a high security environment (like a bank or defence company)
  Whilst my perception is that the biggest risk here is that someone unintentionally / mistakenly creates a L3 interface on the VLAN e.g. to provide DHCP services the same as all the corporate VLANs, I am also concerned that there is the possibility that someone could potentially attack the devices / switches and configure their way out of the VLAN.
  I know there are several ways to get around this (like using the anchor controller) but that doesn't always work.
  Thanks

  I am trying to figure out two things;
  1) Can I be confident that logical VLAN seperation provides "enough" security and the answer to that really is dependent upon how well and robustly the infrastructure components (AP, WLC, switch) are tested to manage the attack vectors, for example the obvious one being to encapsulate with VLAN tagging, do all the devices "deny" the possibility to spoof the vlan and so on...
  2) In terms of configuration - is there something I havent thought of that is a (easy ?) way to not have the untrusted data directly touching the VLAN (e.g. tunnelling or something) between the AP and the local internet break-out (like an anchor controller but without the need to deploy WLCs in every branch) - which would effectively mean it didn't matter if the switch was misconfigured or a bug allowed crafted packets to break the switch or break the security as there's a "buffer" between the guest wireless traffic and the switch.
  But I guess as a side question - is there a way to protect against mis-configuration (other than adding a note on the vlan saying "Dont configure a layer 3 address on this VLAN" - VRF Lite could be an option but as you say - quite a bit of overhead.
  Thanks

• ADF Security integration with Web Logic Security using SQL authenticator

  Hi,
  I was trying to find a suitable way of handling the following requirements:
  1. Administrators should be able to create the roles, groups, users and assign users to roles.
  2. User, Roles, Groups should be stored in DB and Users need to be authenticated accordingly.
  3. I need to be able to map roles with security permissions on Taskflows, JSF Pages, on UI level using groovy expressions and even at Entities level.
  I performed the following tasks:
  1. I created back end Security tables, created SQL authenticator as provider and defined the queries in it then I created ADF Application and used JMX APIs to call the SQL authenticator to perform its operations.
  2. I defined the roles and respective resource permissions in ADF i.e. Jazn xml file because my requirement no 3 would not be achievable without using ADF security.
  Now in this scenario how I can login a user in ADF context and assign roles programmatically that I authenticated from JMX APIs? Or is there any other suitable way to handle these requirements?
  Thanks.
  -Moeen

  Hi Charu,
  Thanks for your reply.
  Can we programmatically add a user in adfsecuritycontext as a currently logged in user, a user which is not present in jazn.xml file? If yes then can we programmatically assign the roles which are defined in jazn.xml to that specific user?
  Moeen

• Bug in bundled Application Server prohibits Acegi security integration

  I am using JSC 2, Update 1 and have run into a problem trying to integrate Acegi security into my Web app. After some hours of frustration I have found that the problem apparently stems from a bug in the bundled Sun Application Server (version 8.2). If I deploy my application to Tomcat 5.5, the problem disappears.
  The exception that occurs on the bundled Sun Application Server is:
  java.lang.ClassCastException: org.acegisecurity.providers.UsernamePasswordAuthenticationToken
  For information about the appserver bug that causes this exception look at:
  http://forums.java.net/jive/thread.jspa?threadID=13150&messageID=83666
  The last three entries in the above thread discuss the problem and also link to other places where the problem is discussed. See in particular these links:
  https://glassfish.dev.java.net/issues/show_bug.cgi?id=221
  and
  http://www.jroller.com/page/agrebnev?entry=acegi_does_not_work_at
  The Glassfish bug database indicates that the bug was fixed in the b38 version of Glassfish. However, the fix apparently hasn't made it into the bundled Sun Appserver 8.2.
  I hope this information will spare someone else the frustration of hunting down the source of this problem. Since Acegi is becoming a very popular option for adding security to Java webapps, I probably won't be the only person to run into this little gotcha.
  Also, I'd appreciate any info the Creator team can provide about when the bundled appserver might be fixed.
  Thanks,
  Charlie

  Could someone on the Creator team please comment on this issue? Is there any plan to upgrade the bundled Sun Application Server to version 9.0? (I'm assuming this bug is fixed in 9.0 -- although I haven't been able to verify that. Actually, I'm not very clear on the relationship between the various Glassfish versions and the various Sun Application Server versions.) Or is there a plan to support Glassfish and/or Tomcat as development servers (rather than just deployment servers).
  It seems like my only other possible alternative is to use Netbeans 5.5 with the Visual Web pack. But since the Visual Web pack is a pre-beta release I'm leery about using it for developing a production Web app.
  Thanks in advance for your help.
  Charlie

• Security Integration Repository

  How do you restrict developers from not being able to Import Software Component Versions from SLD or creating namespaces. I have given SAPXI Developer to most of them.

  Hi,
  Pls check following links -
  https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/a44fdcc4-0401-0010-4ba5-d4ed39510d8c
  http://help.sap.com/saphelp_nw04/helpdata/en/f4/67b340be3dff5fe10000000a155106/frameset.htm
  http://help.sap.com/saphelp_nw2004s/helpdata/en/b6/191041a0f6f16fe10000000a1550b0/frameset.htm
  Hope this helps
  Regards,
  Moorthy

• Problem about BIEE Integration with LDAP

  Hello,
  I have a problem in OBIEE11.1.1.6
  I do BI EE 11g Security Integration with OPENLDAP follow below link,
  http://www.rittmanmead.com/2010/11/oracle-bi-ee-11g-security-integration-with-microsoft-active-directory/
  It works well using user that store in OPENLDAP ,
  now I want to realize this function,
  that user roles store in external db table,then get roles by init block,
  but I faced a problem, If I use session system variable 'WEBGROUPS' to get some value in db,when user login BIEE,it can get values of 'WEBGROUPS'
  but If I use session system variable 'ROLES' ,when user login BIEE,it can't get values of 'ROLES' that store in db,
  the value will always show 'BIConsume;Authenticated User',It is default value in OBIEE11.1.1.6,
  so I doubt way I can't user variable 'ROLES' to get value???
  init block lik follow,
  SQL: select T.att1,T.att2 FROM USER_ACCESS T
  T.att1 is for variable 'WEBGROUPS'
  T.att2 is for variable 'ROLES'
  the value of 'WEBGROUPS' is correct.
  but 'ROLES' not got the values that stored in db.
  anyone know???
  thank you in advance!

  VITAS wrote:
  that user roles store in external db table,then get roles by init block,
  but I faced a problem, If I use session system variable 'WEBGROUPS' to get some value in db,when user login BIEE,it can get values of 'WEBGROUPS'
  but If I use session system variable 'ROLES' ,when user login BIEE,it can't get values of 'ROLES' that store in db,
  the value will always show 'BIConsume;Authenticated User',It is default value in OBIEE11.1.1.6,
  so I doubt way I can't user variable 'ROLES' to get value???
  init block lik follow,
  Go to Enterprise Manager and create the ROLES named the same as the one you named in DB values. Now you should see them magically appear when you click on My account > Roles and Catalog Groups. :)
  SQL: select T.att1,T.att2 FROM USER_ACCESS T
  T.att1 is for variable 'WEBGROUPS'
  T.att2 is for variable 'ROLES'
  the value of 'WEBGROUPS' is correct.
  but 'ROLES' not got the values that stored in db.Hope you did you enable Row Wise Init here ?
  Let us know. Mark if helps.!
  Thanks,
  SVS

• Oracle Forms and Portal. & Portal Security

  I need the following questions answered for a client who is
  trying to move from IIS to Oracle Portal. any pointers would be
  extremely helpful
  1. How to configure Oracle Forms to run with Portal.
  2. Is it possible to display forms inside a Portlet. If so, will
  the forms hold the same state when the page is refresed.
  3. Is it possible to display WORD/PDF/EXECL documents in their
  native format inside a Portlet.
  4. Any information on how IIS security integration is possible
  with POrtal. i.e ( if there are ASP pages running on IIS
  security, how to integrate it with Portal Security mechanism
  -Thanks
  ganesh

  You can create roles in Oracle with the appropriate privileges to access the application. For example,
  you could create a role that has only read access to all the tables in the database. You could assign this role to the menu. Also, you may want a role for a manager that whould enable him to insert data or to see a few special forms. You could assign this role to the menu associated with the form.
  Using Form Builder, you can manage menu security with Oracle server roles. After defining the roles to use for a menu module, you could then specify the roles that have access to each menu item. When you set the 'Use Security' property of a menu module to 'Yes', the form enforces security. After setting the 'Use Security' property to 'Yes', you can use 'Module Roles' property to construct the entire list of roles with access to that menu module.
  I hope it helps.