Security Issue - URGENT from java newbie

Similar Messages

• Calling OWSM Secured BPEL Process from JAVA

  HI,
  I have created OWSM gateway and registered BPEL process under that.
  Now i want to call that BPEL process from java class. Can anybody please tell me how can i pass the security SOAP header.
  Here is the class i am using ...
  package com.javarpc;
  import java.rmi.RemoteException;
  import javax.xml.namespace.QName;
  import javax.xml.rpc.JAXRPCException;
  import javax.xml.rpc.Service;
  import javax.xml.rpc.ServiceException;
  import javax.xml.rpc.ServiceFactory;
  import javax.xml.rpc.ParameterMode;
  import javax.xml.rpc.encoding.XMLType;
  import javax.xml.rpc.soap.SOAPFaultException;
  import org.apache.axis.client.Call;
  import org.apache.axis.message.SOAPBodyElement;
  import java.io.InputStream;
  import java.io.ByteArrayInputStream;
  public class CallHelloWorld
  private static QName SERVICE_NAME;
  private static QName PORT_TYPE;
  private static QName OPERATION_NAME_IN;
  private static String SOAP_ACTION;
  private static String STYLE;
  private static String THIS_NAMESPACE = "http://xmlns.oracle.com/HelloWorld";
  private static String PARAMETER_NAMESPACE = "http://xmlns.oracle.com/HelloWorld";
  private String location;
  static
  SERVICE_NAME = new QName(THIS_NAMESPACE,"HelloWorld");
  PORT_TYPE = new QName(THIS_NAMESPACE,"HelloWorld") ;
  SOAP_ACTION = "process";
  /*Setting for Wraped style of calling*/
  //STYLE = "wraped";
  //OPERATION_NAME_IN = new QName(THIS_NAMESPACE,"HelloWorldProcessRequest");
  /*Setting for Message style of calling*/
  STYLE = "message";
  OPERATION_NAME_IN = new QName(THIS_NAMESPACE,"process");
  public void setLocation(String location)
  this.location = location;
  public void initiate(String symbol)
  try
  /* Create Service and Call object */
  ServiceFactory serviceFactory = ServiceFactory.newInstance();
  Service service = serviceFactory.createService( SERVICE_NAME );
  Call call = (Call)service.createCall( PORT_TYPE );
  /* Set all of the stuff that would normally come from WSDL */
  call.setTargetEndpointAddress( location );
  call.setProperty(Call.SOAPACTION_USE_PROPERTY, Boolean.TRUE);
  call.setProperty(Call.SOAPACTION_URI_PROPERTY, SOAP_ACTION);
  call.setProperty( Call.OPERATION_STYLE_PROPERTY , STYLE );
  call.setOperationName(OPERATION_NAME_IN);
  /*Setting Input for message type and invoke web service through message style*/
  String strXMLInput="<HelloWorldProcessRequest xmlns=\"http://xmlns.oracle.com/HelloWorld\">";
  strXMLInput+="<enovia>test</enovia>";
  strXMLInput+="</HelloWorldProcessRequest>";
  SOAPBodyElement[] requestSBElts = new SOAPBodyElement[1];
  InputStream resultInputStream = new ByteArrayInputStream(strXMLInput.getBytes());
  requestSBElts[0] = new SOAPBodyElement(resultInputStream);
  System.out.println(requestSBElts[0]);
  java.util.Vector output = (java.util.Vector) call.invoke(requestSBElts);
  System.out.println( "HelloWorld BPEL process initiated by message " +output);
  /*Setting Input for message type and invoke web service through wraped style
  call.addParameter(new QName(PARAMETER_NAMESPACE,"input"), XMLType.XSD_STRING, ParameterMode.IN);
  //call.setReturnType(new QName("XMLType.XSD_STRING"));
  // call.setReturnType(new QName("String"));
  Object[] params = new Object[1];
  String outPut = new String();
  params[0] = symbol;
  call.invokeOneWay(params);
  //Object ret;
  //ret = (String) call.invoke( params );
  System.out.println( "HelloWorld BPEL process initiated" );*/
  catch (SOAPFaultException e)
  System.err.println("Generated fault: ");
  System.out.println (" Fault Code = " + e.getFaultCode());
  System.out.println (" Fault String = " + e.getFaultString());
  catch (JAXRPCException e)
  System.err.println("JAXRPC Exception: " + e.getMessage());
  catch (ServiceException e)
  System.err.println("Service Exception: " + e.getMessage());
  catch (RemoteException e)
  System.err.println("RemoteException: " + e.getMessage());
  public static void main(String[] args)
  String symbol = "Kevin";
  // String location = "http://valizprd208.val.cummins.com:7777/orabpel/tst/HelloWorld/1.0";
  String location = "http://integrationvaldlv.cummins.com:7777/gateway/services/SID0003002?wsdl";
  CallHelloWorld client = new CallHelloWorld();
  client.setLocation( location );
  client.initiate( symbol );
  }

  You can get sample input by intercepting the request to check what exactly you need to put in SOAP header and what in body.
  To manipulate soap header you can look at : http://www.oracle.com/technology/sample_code/tech/java/codesnippet/webservices/soapheader/index.html
  HTH
  Chintan

• Security Issues with Javascript, Java Applet interaction

  First the main idea of the project. I have a system where I need to use an applet to process an image and display it on a web page.
  I have written the applet that does the image processing and it saves the finished image on the users disc. It then uses the showDocument(url) method to pass the URL of the local file to a java script function on the html page.
  This is where the problem occurs. Firefox won't display that image and complains about a security error because the remote page is linking to a local file. Interestingly enough IE6 on windows has no issue displaying the generated image.
  I really have two questions.
  1)Is there a quick/dirty fix that just simply gets around the security barrier Firefox has?
  2)Is there some other, more elegant, way of getting an image from an applet to the webpage. It doesn't matter if it requires writing to disc or not.
  Thanks! Any suggestions out there will help me.

  First the main idea of the project. I have a system where I need to use an applet to process an image and display it on a web page.
  I have written the applet that does the image processing and it saves the finished image on the users disc. It then uses the showDocument(url) method to pass the URL of the local file to a java script function on the html page.
  This is where the problem occurs. Firefox won't display that image and complains about a security error because the remote page is linking to a local file. Interestingly enough IE6 on windows has no issue displaying the generated image.
  I really have two questions.
  1)Is there a quick/dirty fix that just simply gets around the security barrier Firefox has?
  2)Is there some other, more elegant, way of getting an image from an applet to the webpage. It doesn't matter if it requires writing to disc or not.
  Thanks! Any suggestions out there will help me.

• Wlan Security Issue urgent help needed

  Dear Community,
  i have a wlc 5500  with two ssids for employees and contractors
  both ssids with layer2 security WPA+WPA2 and auth key mgmt 802.1x are authenticated with ACS 5.0 (active directory) for users access and are working fine after windows adapter setting
  but my question is, can i do some thing like
  authentication with acs 5.0 (active directory) for users access but without windows adapter seting????
  i mean without changing any setting on windows adapter ( leave it as default).
  if i can then how i can???
  or i cann't do that i mean there is not any option to do that?
  plz give me your seggustions i need urgent help on this topic.

  thanks for your reply George
  it seems only for 802.1x authentication key methode needs windows adaptor changing as per you.
  is there any other option to configure wlan scurity with acs (MS active Dir) user authentication like
  let me tell you something
  i want when any client will try to connect any wlan he ll just prompted to use his username and password(of active directory) without doing any changes in window adapter setting???
  i don't care layer 2 security will be whatever like wpa+wpa2 with 802.1x OR something else
  can i do that or no ??
  if yes i can than what type of security?
  please don't tell me about webauthentication i already know about that and i ll use that mothed for GUSET-Wlan.
  kindly reply me soon 
  Thanks

• Security issue copying from local USB harddrives to local laptop.

  This is strange. My boss has a new laptop and is running Windows 8.1 x64 as a Standard user. I copied a bunch of data from my PC(windows 8.1 x64) to a USB harddrive. I put the USB harddrive on her PC and tried to copy it to her Pictures
  folder. I got an error that I don't have permissions...? This stumped me.  If I share the USB harddrive from my PC, she can access it and copy the files to her laptop fine.
  Today, I coped 2 files from my PC to a USB flash drive.  I logged into my bosses laptop as Domain Admin.  After inserting the USB flash drive, I couldn't copy the 2 file from the USB flash drive to the laptop C:\ or even to
  the Documents folders.  Permissions error.
  What am I missing here...?  even different USB HDs...
  Thanks,  Tom...
  Tom Karpowski...

  This is strange. My boss has a new laptop and is running Windows 8.1 x64 as a Standard user. I copied a bunch of data from my PC(windows 8.1 x64) to a USB harddrive. I put the USB harddrive on her PC and tried to copy it to her Pictures
  folder. I got an error that I don't have permissions...? This stumped me.  If I share the USB harddrive from my PC, she can access it and copy the files to her laptop fine.
  Today, I coped 2 files from my PC to a USB flash drive.  I logged into my bosses laptop as Domain Admin.  After inserting the USB flash drive, I couldn't copy the 2 file from the USB flash drive to the laptop C:\ or even to
  the Documents folders.  Permissions error.
  What am I missing here...?  even different USB HDs...
  Thanks,  Tom...
  Tom Karpowski...
  if you format the USB stick with exFAT it should be less problematic compared to NTFS
  its clearly a permissions issue
  Corsair Carbide 300R with TX850V2
  Asus M5A99FX PRO R2.0 CFX/SLI
  AMD Phenom II 965 C3 Black Edition @ 4.0 GHz
  G.SKILL RipjawsX DDR3-2133 8 GB
  EVGA GTX 660 Ti FTW Signature 2 (GK104 Kepler)
  Asus PA238QR IPS LED HDMI DP 1080p
  ST2000DM001 & Windows 8.1 Professional x64
  Microsoft Wireless Desktop 2000 & Wacom Bamboo CHT470M
  Place your rig specifics into your signature like I have, makes it 100x easier to understand!
  Hardcore Games Legendary is the Only Way to Play!

• Help for school security issues urgent

  recently taken over a mac room at school with 15 machines one problem with safari is on the students limited accounts if they type in somthing on the address bar in terminal they can then open terminal and open apps that they are not permitted to anyway round this ? please help

  Hi Craig
  I don't have a current copy of Panther. However, I recall you can impose restrictions in the limited account setup (System Preferences>Accounts) precluding the use of certain applications. This would include access to Terminal.
  Perhaps someone else in the forum who currently uses Panther can confirm, or clarify my recollection.

• Why is Java Deployment Toolkit (click-to-play) blocked, also the referenced bug is closed and there are no security issues known in Version 7 U51?

  I think it is important to block unsecure addons. But if you do so there should be an open bug assigened. The referenced bug for this add-on is allready resolved so I do not know why this plugin is disabled. https://bugzilla.mozilla.org/show_bug.cgi?id=636633
  I have the problem that I want to use Secure_Auth that is using the Java Deployment Kit in such a nasty way (via javascript) that firefox doesn't see that the deployment kit should be started. Therefore I will not be asked to allow this plugin always for this web site. Since there is no documentation available how to do this configuration in a config file I am stuck at the moment.
  I'm a liitle bit suprised that blocking all versions (even secure versions) is a way to get a good user experience.
  Regards
  Martin

  ''MG_DAU wrote:''
  The referenced bug for this add-on is allready resolved so I do not know why this plugin is disabled. https://bugzilla.mozilla.org/show_bug.cgi?id=636633
  That's a bug report in the Blocklisting component, meaning it's a request to add an add-on to the blocklist. The fact that it's marked as fixed means the add-on has been added to the blocklist.
  * https://addons.mozilla.org/firefox/blocked/p428
  * [[Add-ons that cause stability or security issues are put on a blocklist]]
  Given that there's no way to disable Click-to-Play for this plug-in (the only options are Ask to Activate or Never Activate), if Firefox doesn't trigger a Click-to-Play prompt, I see no way to use it apart from disabling the entire blocklist. This carries a considerable security risk, as no plug-ins will be blocked or set to Click-to-Play, including known malware. If you're sure you want to go through with it, set ''extensions.blocklist.enabled'' to '''false''' in [http://kb.mozillazine.org/About:config about:config].

• Weblogic 8.1 JAAS login.configuration.provider from java.security does not seem to work?

  We configure a custom implementation of the JAAS
  javax.security.auth.login.Configuration class for our applications security
  framework in JRE_LIB/security/java.security using the entry
  login.configuration.provider=com.foo.SecurityConfiguration
  However, this does not seem get picked up and the configuration provider
  class instead seems to default to
  weblogic.security.service.ServerConfiguration
  instead.
  Has anyone else seen this?
  We're using the JDK bundled with Weblogic 8.1
  TIA for your help

  Thanks for all the posting re. this issue....
  I think the way Weblogic implemented "support" for JAAS in 8.1 totally
  blows. In fact, when I asked BEA support about this, they basically sent me
  an email saying that "Weblogic owns the JAAS configuration" so if you have a
  security framework that is application server agnostic, but leverages JAAS
  then you are screwed when deploying on Weblogic 8.1.
  I looked for a workaround and believe that instead of using an entry in
  java.security for your custom configuration class, if you set the JVM
  parameter
  -Dlogin.configuration.provider=com.foo.SecurityConfiguration
  then what happens is that the Weblogic custom class
  weblogic.security.service.ServerConfiguration is invoked by JAAS. It tries
  to load the login module configuration and if that fails, it delegates to
  com.foo.SecurityConfiguration. So this should enable both the weblogic
  security framework and a custom security framework that are both based on
  JAAS
  I'm currently testing this out
  "Lloyd Fernandes" <[email protected]> wrote in message
  news:[email protected]...
  >
  Robert Greig <[email protected]> wrote:
  Lloyd Fernandes wrote:
  "Lloyd Fernandes" <[email protected]> wrote:
  "Prashant Nayak" <[email protected]> wrote:
  We configure a custom implementation of the JAAS
  javax.security.auth.login.Configuration class for our applications
  security
  framework in JRE_LIB/security/java.security using the entry
  login.configuration.provider=com.foo.SecurityConfiguration
  However, this does not seem get picked up and the configuration
  provider
  class instead seems to default to
  weblogic.security.service.ServerConfiguration
  instead.
  Has anyone else seen this?
  We're using the JDK bundled with Weblogic 8.1
  TIA for your help
  As per documentation in the API JAVADOCS forjavax.security.auth.login.Configuration
  >>>>
  >>>>
  The default Configuration implementation can be changed by settingthe
  value of
  the "login.configuration.provider" security property (in the Java
  security
  properties
  file) to the fully qualified name of the desired Configurationimplementation
  class. The Java security properties file is located in the file named
  <JAVA_HOME>/lib/security/java.security,
  where <JAVA_HOME> refers to the directory where the JDK was installed.
  Have you tried to use a startup class to set the configuration providerusing
  javax.security.auth.login.setConfiguration(YourConfigClass);
  Weblogic probably uses this to set the configuration class to it'sown.
  You have to consider whether this is really something you want to do
  however. If you want to get WLS to use a custom authenticator use its
  SSPIs. You can configure the order etc. in the admin console.
  By overriding the configuration you override it for the server as a
  whole which can mean for example that you cannot login to the admin
  console. Having said this, from memory, I believe that the property is
  ignored in WLS. However you can still call
  Configuration.setConfiguration if you really want to.
  The fact that there is a "global static" in the Configuration class is
  a
  Bad Thing IMHO, that was never really designed for an app server
  environment.
  Robert
  If it is a bad thing to have a static how come Weblogic uses it instead ofthe
  standard way of modifying the property in java security file - it isbecause
  weblogic wants it's own way of implementing instead of using using the'plugable
  module' architecture of JAAS.
  When weblogic advertised that it will support JAAS the impression was thatWeblogic
  would provide a login module that will implement the security mechanism itwanted
  - instead it went it's own way.
  Also consider the following
  1. JAAS specifies a mechanism for multiple configurations based on a'application'.
  This is not possible in the current 'weblogic security mechanism'
  2. Weblogic says it supports JAAS but what it does not tell you is that inorder
  to use available login modules you have to write a whole bunch of code tosupport
  principal validators and authenticators. (I begin to wonder if write oncedeploy
  anywhere is not part of Sun's certification process anymore)

• Calling secured webservice from java

  Hi Experts,
  I am trying to call a secured webservice from java.
  I got the code to call a non secured web service in java.
  What changes do i need to do in this to call a secured webservice.
  Please help me.
  Thank you
  Regards
  Gayaz
  calling unsecured webservice
  package wscall1;
  import java.io.BufferedReader;
  import java.io.ByteArrayOutputStream;
  import java.io.IOException;
  import java.io.InputStream;
  import java.io.InputStreamReader;
  import java.io.OutputStream;
  import java.io.StringBufferInputStream;
  import java.io.StringReader;
  import java.io.StringWriter;
  import java.io.Writer;
  import java.net.HttpURLConnection;
  import java.net.MalformedURLException;
  import java.net.URL;
  import java.net.URLConnection;
  import java.security.Permission;
  import javax.xml.parsers.DocumentBuilderFactory;
  import javax.xml.parsers.DocumentBuilder;
  import javax.xml.parsers.ParserConfigurationException;
  import org.apache.xml.serialize.OutputFormat;
  import org.apache.xml.serialize.XMLSerializer;
  import org.w3c.css.sac.InputSource;
  import org.w3c.dom.Document;
  import org.w3c.dom.NodeList;
  import org.xml.sax.SAXException;
  public class WSCall2 {
  public WSCall2() {
  super();
  public static void main(String[] args) {
  try {
  WSCall2 ss = new WSCall2();
  System.out.println(ss.getWeather("Atlanta"));
  } catch (Exception e) {
  e.printStackTrace();
  public String getWeather(String city) throws MalformedURLException, IOException {
  //Code to make a webservice HTTP request
  String responseString = "";
  String outputString = "";
  String wsURL = "https://ewm52rdv:25100/Saws/SawsService";
  URL url = new URL(wsURL);
  URLConnection connection = url.openConnection();
  HttpURLConnection httpConn = (HttpURLConnection)connection;
  ByteArrayOutputStream bout = new ByteArrayOutputStream();
  //Permission p= httpConn.getPermission();
  String xmlInput =
  "<soapenv:Envelope xmlns:soapenv=\"http://schemas.xmlsoap.org/soap/envelope/\" xmlns:ser=\"http://www.ventyx.com/ServiceSuite\">\n" +
  " <soapenv:Header>\n" +
  "     <soapenv:Security>\n" +
  " <soapenv:UsernameToken>\n" +
  " <soapenv:Username>sawsuser</soapenv:Username>\n" +
  " <soapenv:Password>sawsuser1</soapenv:Password>\n" +
  " </soapenv:UsernameToken>\n" +
  " </soapenv:Security>" + "</soapenv:Header>" + " <soapenv:Body>\n" +
  " <ser:GetUser>\n" +
  " <request><![CDATA[<?xml version=\"1.0\" encoding=\"UTF-8\"?> \n" +
              "                        <GetUser xmlns=\"http://www.ventyx.com/ServiceSuite\" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\">\n" +
              "                        <UserId>rs24363t</UserId>\n" +
              "                        </GetUser>]]>\n" +
  " </request>\n" +
  " </ser:GetUser>\n" +
  " </soapenv:Body>\n" +
  "</soapenv:Envelope>";
  byte[] buffer = new byte[xmlInput.length()];
  buffer = xmlInput.getBytes();
  bout.write(buffer);
  byte[] b = bout.toByteArray();
  String SOAPAction = "GetUser";
  // Set the appropriate HTTP parameters.
  httpConn.setRequestProperty("Content-Length", String.valueOf(b.length));
  httpConn.setRequestProperty("Content-Type", "text/xml; charset=utf-8");
  httpConn.setRequestProperty("SOAPAction", SOAPAction);
  // System.out.println( "opening service for [" + httpConn.getURL() + "]" );
  httpConn.setRequestMethod("POST");
  httpConn.setDoOutput(true);
  httpConn.setDoInput(true);
  OutputStream out = httpConn.getOutputStream();
  //Write the content of the request to the outputstream of the HTTP Connection.
  out.write(b);
  out.close();
  //Ready with sending the request.
  //Read the response.
  InputStreamReader isr = new InputStreamReader(httpConn.getInputStream());
  BufferedReader in = new BufferedReader(isr);
  //Write the SOAP message response to a String.
  while ((responseString = in.readLine()) != null) {
  outputString = outputString + responseString;
  //Parse the String output to a org.w3c.dom.Document and be able to reach every node with the org.w3c.dom API.
  Document document = parseXmlFile(outputString);
  NodeList nodeLst = document.getElementsByTagName("User");
  String weatherResult = nodeLst.item(0).getTextContent();
  System.out.println("Weather: " + weatherResult);
  //Write the SOAP message formatted to the console.
  String formattedSOAPResponse = formatXML(outputString);
  System.out.println(formattedSOAPResponse);
  return weatherResult;
  public String formatXML(String unformattedXml) {
  try {
  Document document = parseXmlFile(unformattedXml);
  OutputFormat format = new OutputFormat(document);
  format.setIndenting(true);
  format.setIndent(3);
  format.setOmitXMLDeclaration(true);
  Writer out = new StringWriter();
  XMLSerializer serializer = new XMLSerializer(out, format);
  serializer.serialize(document);
  return out.toString();
  } catch (IOException e) {
  throw new RuntimeException(e);
  private Document parseXmlFile(String in) {
  try {
  DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
  DocumentBuilder db = dbf.newDocumentBuilder();
  InputSource is = new InputSource(new StringReader(in));
  InputStream ins = new StringBufferInputStream(in);
  return db.parse(ins);
  } catch (ParserConfigurationException e) {
  throw new RuntimeException(e);
  } catch (SAXException e) {
  throw new RuntimeException(e);
  } catch (IOException e) {
  throw new RuntimeException(e);
  } catch (Exception e) {
  throw new RuntimeException(e);
  static {
  javax.net.ssl.HttpsURLConnection.setDefaultHostnameVerifier(new javax.net.ssl.HostnameVerifier() {
  public boolean verify(String hostname, javax.net.ssl.SSLSession sslSession) {
  if (hostname.equals("ewm52rdv")) {
  return true;
  return false;
  }

  Gayaz  wrote:
  What we are trying is we are invoking webservice by passing SOAP request and we will get soap response back.I understand what you're trying to do, the problem is with tools you're using it will take a while for you do anything a little away from the trivial... Using string concatenation and URL connection and HTTP post to call webservices is like to use a hand drill... It may work well to go through soft wood, but it will take a lot of effort against a concrete wall...
  JAX-WS and JAXB and annotations will do everything for you in a couple of lines and IMHO you will take longer to figure out how to do everything by hand than to learn those technologies... they are standard java, no need to add any additional jars...
  That's my thought, hope it helps...
  Cheers,
  Vlad

• Issues in mapping objects from java to flex - using flex4

  Hi,
  I have a class in java which i want to send to flex4 using BlazeDS as middleware. There are a few issues that i am facing and they are:
  When sending the object across (java to flex), the properties with boolean data type having value as true gets converted to properties with value as  false. Even after setting the value to true it still comes as false on flex side. Can't understand why this is happening.
  When sending the list of object containing property with boolean data type, the object on flex side does not show those properties at all. As of there were no boolean properties in that object.
  Last but not the least, When sending List<ContractFilterVO> contractFilterVOs to flex using remote call, the result typecasted to ArrayCollection does not show the holding objects as ContractFilterVOs but as plain default Object though having all the properties send, except the boolean one mentioned in above points. Basically it is not able to typecast the objects in arraycoolection but the same objects gets typecasted when sent individually.
  In all the above points i am using Remote Service through BlazeDS for connectivity with Java. I have done a lot of this stuff in Flex 3 but doing it for the first time in flex 4, is there anything that Flex 4 needs specific. Below is the pasted code for reference purpose.
  Flex Object
  package com.vo
       [RemoteClass(alias="com.vo.ContractFilterVO")]
  public class ContractFilterVO{
       public function ContractFilterVO(){
       public var contractCode:String;
       public var contractDescription:String;
       public var isIndexation:Boolean;
       public var isAdditional:Boolean;
  * Rmote Part of code
  var remoteObject:RemoteObject = new RemoteObject();
  remoteObject.destination="testService";
  remoteObject.addEventListener(ResultEvent.Result,handleResult);
  public function handleResult(event:ResultEvent):void{
       var contarctFilterVOs:ArrayCollection = event.result as ArrayCollection; //Point 2&3 probelem, if list sent form java
       var contarctFilterVO:ContractFilterVO= event.result as ContractFilterVO; //Point 1 probelem, if only single Object of type ContractFilterVO sent form java
  Java Object
  package com.vo
  public class ContractFilterVO implements Serializable 
       public function ContractFilterVO(){
       private static final long serialVersionUID = 8067201720546217193L;
       private String contractCode;
       private String contractDescription;
       private Boolean isIndexation;
       private Boolean isAdditional;
  I don't understand what is wron in my code on either side, it looks syntactically right. It would be great anyone could help me point out my mistake here. Waiting for right solutions...
  Thanks and Regards,
  Jigar

  Hi Jeffery,
  Thanks for your reply, it did solve my query @ point 3 as well as point 2 where the objects in arraycollection were not geting converted and boolean properties did not appear when list of an objects were received. And hey, i did have public functions for properties defined java class, just forgot to mention here in post, sorry for that.
  The solution you gave was right, but than what if i have a VO which has multiple List of objects coming from Java, than i would have to create an instance of each type of object on flex side this is too tedious, is'nt it? Is there any better solution... out there.
  And jeffery do you some tricks up your sleeve for this Boolean issues to that i am facing in point 1... Still struggling with this one...
  Anyone out there would be more than welcome to point my mistake, if any and provide tips/tricks or solutions...
  Thanks again to Jeffery...
  Waiting for more solutions sooner...
  thanks and Regards,
  Jigar

• Urgent :: 11g Invoking Composite from Java/From Webservice Proxy

  Hi All,
  i have a requirement where in need to when ever the exception occurs it invokes custom java and then it invoked a BPEL process to handle the errror.
  in 10.1.3.4 i used to Java Api to invoke the BPEL process and it works fine.
  1) . now we are migrating to 11g, i know this API wont work with 11g as the server is on weblogic and client librairies may be different for invoking in composite it in 11g. if any body has invoked a composite using java and the using 11g libraries to invoke the composite ? if so can you please post here ?
  2). otherway i tried to create a Web Service proxy using Jdeveloper for the composite, when i test it using Jdeveloper it is working fine, but when i place it in the lib directory, im getting a bad response from server 503.
  please see logs below for the second approch
  Caused by: javax.xml.ws.WebServiceException: javax.xml.soap.SOAPException: javax.xml.soap.SOAPException: Bad response: 503 Service Unavailable
       at oracle.j2ee.ws.client.jaxws.DispatchImpl.invokeOneWay(DispatchImpl.java:989)
       at oracle.j2ee.ws.client.jaxws.OracleDispatchImpl.synchronousInvocationWithRetry(OracleDispatchImpl.java:224)
       at oracle.j2ee.ws.client.jaxws.OracleDispatchImpl.invokeOneWay(OracleDispatchImpl.java:102)
       at oracle.integration.platform.blocks.soap.AbstractWebServiceBindingComponent.dispatchRequest(AbstractWebServiceBindingComponent.java:447)
       ... 61 more
  Caused by: javax.xml.soap.SOAPException: javax.xml.soap.SOAPException: Bad response: 503 Service Unavailable
       at oracle.j2ee.ws.saaj.client.p2p.HttpSOAPConnection.call2(HttpSOAPConnection.java:209)
       at oracle.j2ee.ws.common.transport.HttpTransport.transmit(HttpTransport.java:73)
       at oracle.j2ee.ws.common.async.MessageSender.call(MessageSender.java:64)
       at oracle.j2ee.ws.common.async.Transmitter.transmitSync(Transmitter.java:134)
       at oracle.j2ee.ws.common.async.Transmitter.transmit(Transmitter.java:90)
       at oracle.j2ee.ws.common.async.RequestorImpl.transmit(RequestorImpl.java:273)
       at oracle.j2ee.ws.common.async.RequestorImpl.invokeOneWay(RequestorImpl.java:169)
       at oracle.j2ee.ws.client.jaxws.DispatchImpl.invokeOneWay(DispatchImpl.java:985)
       ... 64 more
  Caused by: javax.xml.soap.SOAPException: Bad response: 503 Service Unavailable
       at oracle.j2ee.ws.saaj.client.p2p.HttpSOAPConnection.processHttpResponseCode(HttpSOAPConnection.java:603)
       at oracle.j2ee.ws.saaj.client.p2p.HttpSOAPConnection.post2(HttpSOAPConnection.java:469)
       at oracle.j2ee.ws.saaj.client.p2p.HttpSOAPConnection$PriviledgedPost.run(HttpSOAPConnection.java:1203)
       at java.security.AccessController.doPrivileged(Native Method)
       at oracle.j2ee.ws.saaj.client.p2p.HttpSOAPConnection.call2(HttpSOAPConnection.java:207)
       ... 71 more
  if any body has already implemented the invocation of composite in one of above approaches, please let me know.
  any pointers to resolve this will be of great help
  Thanks
  Nadh

  Here is sample to invoke a composite from JSP, this should be same from Java Class. Note that the composite should use adf binding and not ws binding.
  Here is snippet of composite.xml service:
  <service name="rmibpel_client_ep" ui:wsdlLocation="RMIBPEL.wsdl">
  <interface.wsdl interface="http://xmlns.oracle.com/Application1/RmiVsSOAP/RMIBPEL#wsdl.interface(RMIBPEL)"/>
  <binding.adf serviceName="rmibpel_client" registryName=""/> </service>
  Note the binding should be binding.adf and not binding.ws
  Sample jsp:
  <%@page import="java.util.Hashtable" %>
  <%@page import="java.util.Map" %>
  <%@page import="javax.naming.Context" %>
  <%@page import="oracle.soa.management.facade.Locator" %>
  <%@page import="oracle.soa.management.facade.LocatorFactory" %>
  <%@page import="oracle.fabric.common.NormalizedMessage" %>
  <%@page import="oracle.soa.management.util.NormalizedMessageImpl" %>
  <%@page import="oracle.soa.management.facade.Composite" %>
  <%@page import="oracle.soa.management.facade.Service" %>
  <html>
  <head>
  <title>Invoke HelloWorld</title>
  </head>
  <body>
  <%
  String msg = request.getParameter("world");
  if(msg == null)
  msg = "World";
  String xml = "<process xmlns=\"http://xmlns.oracle.com/Application1/RmiVsSOAP/RMIBPEL\"><input>" + msg + "</input></process>";
       Hashtable jndiProps = new Hashtable();
       jndiProps.put(Context.PROVIDER_URL,"t3://strec03-1.us.oracle.com:8001/soa-infra");
  jndiProps.put(Context.INITIAL_CONTEXT_FACTORY,"weblogic.jndi.WLInitialContextFactory");
  jndiProps.put(Context.SECURITY_PRINCIPAL,"weblogic");
  jndiProps.put(Context.SECURITY_CREDENTIALS,"weblogic");
  jndiProps.put("dedicated.connection","true");
  Locator locator = LocatorFactory.createLocator(jndiProps);
       String compositeDN = "default/RmiVsSOAP!1.0";
  Composite composite = locator.lookupComposite(compositeDN);
  String serviceName = "rmibpel_client_ep";
  Service deliveryService = composite.getService(serviceName);
  System.out.println("composite=" + composite);
  System.out.println("deliveryServce=" + deliveryService);
  // construct the normalized message and send to Oracle WLS
  NormalizedMessage nm = new NormalizedMessageImpl();
  nm.getPayload().put("payload", xml );
       NormalizedMessage res = null;
       try {
            res = deliveryService.request("process", nm);
       catch(Exception e)
       e.printStackTrace();
  Map payload = res.getPayload();
  out.println( "BPELProcess HelloWorldService executed!<br>");
  //See below output in log file
  oracle.xml.parser.v2.XMLElement elem =
       (oracle.xml.parser.v2.XMLElement) payload.get("payload");
  elem.print(System.out);
  %>

• Java IDE Security Issues

  I'm evaluating Java IDE's. My boss wants me to evaluate IDE security issues. I can't think of any issues, or how an IDE can have anything to do with security, but didn't want to sweep it under the rug without asking all of you security experts.
  Are there any security concerns when selecting a Java IDE?

  Yeah, you confirmed what I already knew I suppose.
  Unfortunately, I know nothing if this organization, as
  I'm only consulting. The management here INSISTS that
  security be addressed, but I think it's out of scope
  for Java IDE selection. Thanks!In that context, things like "supports HTTPS and ssh access for remote development" may be exactly what they're looking for. It lets managers say "Yes we considered security in making this purchase, and yes the developers of this tool take security seriously." Doesn't mean that security is ever going to impact the actual use of the product.
  Remember that a portion of any management decision goes to insuring you can show a good-faith effort to avoid problems, when/if they happen down the road and someone's looking for a fall guy...
  Good luck!
  Grant

• Your message wasn't delivered due to a permission or security issue. It may have been rejected by a moderator, the address may only accept e-mail from certain senders, or another restriction may be preventing delivery

  HI,
  We are getting following error message for all users while sending mail to external but we able to receive mail from internet.
  Your message wasn't delivered due to a permission or security issue. It may have been rejected by a moderator, the address may only accept e-mail from certain senders, or another restriction may
  be preventing delivery.

  Hi,
  Please follow Luke and Shelly’s suggestion to check your SPF record and Send Connector configuration. Also you can post the complete NDR message(with NDR status code) here for further analysis.
  If there is any updates, please feel free to let us know.
  Thanks,
  Winnie Liang
  TechNet Community Support

• HT1338 There is a lot of talk about the Java security issues and the ability to download a patch fix, do i need to do this or will software update pick this up for me?

  There is a lot of talk about the Java security issues and the ability to download an apple patch fix, do i need to do this or will software update pick this up for me?

  Thanks for that, how do I establish if I have Java installed as on Safari preferences it indicates the following
  Web content - Enable Java
                      - Enable JavaScript

• Java.security.AccessControlException when executing java from the DB

  Hello
  I'm running a Oracle 10.1.0.3.0 on Linux
  I'm having trouble with executing some java code from the DB.
  I created following java stored procedure used to create the directory given by the parameter
  package be.vlaamsparlement.dis.os_commands;
  import java.io.*;
  import java.lang.*;
  import java.sql.*;
  import java.util.*;
  public class ManageOSDirectory {
  public static String createDir(String directoryName) throws Exception
  if ((new File(directoryName)).mkdirs())
  { return ("TRUE");}
  else
  { return ("FALSE");}
  Wrapped it in a pl/sql procedure an execute it as follows under DB schema DIS :
  begin
  declare
  b boolean;
  begin
  b := pck$os_commands.CreateDir('/data/files/vp_docs/schv/2004-2005/jan/1/');
  end;
  end;
  Where /data/files/vp_docs/schv/ already exist, so the proc needs to create the direcories '2004-2005', 'jan' and '1'
  this gives me following error :
  ORA-29532: Java call terminated by uncaught Java exception: java.security.AccessControlException:
  the Permission (java.io.FilePermission /data/files/vp_docs/schv/2004-2005/month/1 write) has not been granted to DIS.
  The PL/SQL to grant this is dbms_java.grant_permission( 'DIS', 'SYS:java.io.FilePermission', '/data/files/vp_docs/schv/2004-2005/jan/1', 'write' )
  I can't give this permission as the given directory does not yet exist. File permissions on os are ok and when i execute
  the code on the os (not from the DB) it works fine.
  This also worked on a Windows 10G DB without any extra grants.
  Also, i can execute the followint
  b := pck$os_commands.CreateDir('/data/files/vp_docs/schv/2004-2005/');
  but if i then execute
  b := pck$os_commands.CreateDir('/data/files/vp_docs/schv/2004-2005/jan/');
  I get the same error. So i can only creaet 1 directory beneath the schv directory
  Any ideas anyone ?

  The Error message is right.
  You need to:
  Ensure the Directory exist in Unix.
  Create the Directory in the Database as SYS.
  Grant Read,Write permission on th DIrectory to DIS
  Grant Java permission on th DIrectory to DIS (using the syntax already shown in the Error message).
  See my example below (10g R1)
  SQL> connect /as sysdba
  Connected.
  SQL> GRANT CONNECT,RESOURCE TO DIS IDENTIFIED BY DIS;
  Grant succeeded.
  SQL> create or replace directory DIS_DOWNLOAD_DIR as '/data/files/vp_docs/schv/2004-2005/month/1';
  Directory created.
  SQL> col DIRECTORY_PATH format a50
  SQL> select * from dba_directories;
  OWNER DIRECTORY_NAME DIRECTORY_PATH
  SYS DIS_DOWNLOAD_DIR /data/files/vp_docs/schv/2004-2005/month/1
  1 row selected.
  SQL> GRANT READ,WRITE ON DIRECTORY "SYS"."DIS_DOWNLOAD_DIR" TO "DIS";
  Grant succeeded.
  SQL> EXECUTE DBMS_JAVA.GRANT_PERMISSION( 'DIS', 'SYS:java.io.FilePermission', '/data/files/vp_docs/schv/2004-2005/jan/1', 'write' )
  2 /
  PL/SQL procedure successfully completed.
  SQL>