Security problem? Bounded taskflow and sessionid in loopback url

Similar Messages

• Security problem with tomcat and Ms Access

  Hi there,
  I have read some other posts about this problem but I still do know what the solution is... I am using Tomcat 5.5 and Java 1.5 with Windows Vista Beta
  I have a class to connect de a Ms access, using ODBC. If I test it with a console main it works fine but when I try to connect using a servlet it does not work and I got this error trace:
  java.security.AccessControlException: access denied (java.lang.RuntimePermission accessClassInPackage.sun.jdbc.odbc)
       java.security.AccessControlContext.checkPermission(Unknown Source)
       java.security.AccessController.checkPermission(Unknown Source)
       java.lang.SecurityManager.checkPermission(Unknown Source)
       java.lang.SecurityManager.checkPackageAccess(Unknown Source)
       sun.misc.Launcher$AppClassLoader.loadClass(Unknown Source)
       java.lang.ClassLoader.loadClass(Unknown Source)
       org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1267)
       org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1198)
       java.lang.ClassLoader.loadClassInternal(Unknown Source)
       java.lang.Class.forName0(Native Method)
       java.lang.Class.forName(Unknown Source)
       model.Conect.GeneraConexion(Conect.java:17)
       model.Mediador.creaConexion(Mediador.java:12)
       model.TestServlet.processRequest(TestServlet.java:23)
       model.TestServlet.doGet(TestServlet.java:35)
       javax.servlet.http.HttpServlet.service(HttpServlet.java:689)
       javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
       sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
       sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
       sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
       java.lang.reflect.Method.invoke(Unknown Source)
       org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:243)
       java.security.AccessController.doPrivileged(Native Method)
       javax.security.auth.Subject.doAsPrivileged(Unknown Source)
       org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:275)
       org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:161)
  Any ideas? Thanks a lot in advanced.
  LJ

  Hi there,
  I have read some other posts about this problem but I still do know what the solution is... I am using Tomcat 5.5 and Java 1.5 with Windows Vista Beta
  I have a class to connect de a Ms access, using ODBC. If I test it with a console main it works fine but when I try to connect using a servlet it does not work and I got this error trace:
  java.security.AccessControlException: access denied (java.lang.RuntimePermission accessClassInPackage.sun.jdbc.odbc)
       java.security.AccessControlContext.checkPermission(Unknown Source)
       java.security.AccessController.checkPermission(Unknown Source)
       java.lang.SecurityManager.checkPermission(Unknown Source)
       java.lang.SecurityManager.checkPackageAccess(Unknown Source)
       sun.misc.Launcher$AppClassLoader.loadClass(Unknown Source)
       java.lang.ClassLoader.loadClass(Unknown Source)
       org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1267)
       org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1198)
       java.lang.ClassLoader.loadClassInternal(Unknown Source)
       java.lang.Class.forName0(Native Method)
       java.lang.Class.forName(Unknown Source)
       model.Conect.GeneraConexion(Conect.java:17)
       model.Mediador.creaConexion(Mediador.java:12)
       model.TestServlet.processRequest(TestServlet.java:23)
       model.TestServlet.doGet(TestServlet.java:35)
       javax.servlet.http.HttpServlet.service(HttpServlet.java:689)
       javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
       sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
       sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
       sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
       java.lang.reflect.Method.invoke(Unknown Source)
       org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:243)
       java.security.AccessController.doPrivileged(Native Method)
       javax.security.auth.Subject.doAsPrivileged(Unknown Source)
       org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:275)
       org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:161)
  Any ideas? Thanks a lot in advanced.
  LJ

• Problem with Rescue and Recovery after installing Norton Internet Security 2010

  Hi all.
  It's my first time in this forum.
  I have a problem, with Rescue and Recovery, after installing Norton Internet Security 2010 on my T43.
  The message I get it:
  "Rescue and Recovery is unable to back up the file 'C:\Documents and settings\all Users\Application Data\ Norton\ 00000082\00000109\000003c1\cltMLS1.bat' Because the file is either corrupted or being used by another application. Please close any application that could be using the file.
  I tried to close the Norton but I couldn't find how.
  Tanks
  Doron71

  Hi and welcome to the forum,
  the reason for this situation is, that the antivir files are protected from being modified.
  This is the reason, why this file cannot be backed up. I assume, that you would get much more such messages, as there are surelly multiple files files, that are protected like this.
  So the solution is to block folders from being archived. Please start RnR application and in the configuration set this folder as the excluded one.
  This will skip the backup of this file and will fix your situation.
  Please let me know, if you have covered this.
  Cheers

• Opening and closing a frame from an applet security problem

  can I open a frame or a window from an applet and close the frame by using
  System.exit(0) for the frame or will it throw a security problem.

  I am using system.exit(0) to exit the JVM.
  dispose()
  Releases all of the native screen resources used by this Window, its subcomponents, and all of its owned children. That is, the resources for these Components will be destroyed, any memory they consume will be returned to the OS, and they will be marked as undisplayable.
  If this frame have to be close and open again don't use dispose.
  there is no check whether a frame is active? what you can do is set the the new frame to null (frame = null) and also when you dispose it, this will let you know if the frame is active or not.
  Noah

• Bounded Taskflows with Fragments And Return Activity

  Hi,
  I have Bounded Taskflow that requires-transaction and based on fragments, which means I should commit or rollback at the end of the taskflow. Since the documentation clearly states that you shouldn't add return activities to Bounded taskflows with fragments, I could call this taskflow from another taskflow and add it to the page as a region. Is it a best practice?
  Best Regards,
  Salim

  Hi,
  in the usecase you describe - yes
  Frank

• 10.6.4 Security Update 2010-05 and Flash Disk Problem

  New Mac and System 10.6.4-- Software update notified me of Security Update 2010-05, and I downloaded yesterday without remembering I had a flask disk in 1 of 4 USB ports, using it to organize data when the hard disk on my older IMac (3 years) crashed. Now if I try a restart with the flash disk in 2 of the 4 ports (including the one it was in or the one with the printer connection), I get a blank gray screen, and must do a cold restart. If the flash disk is in one of the other two remaining ports, no problem. If another flash disk is in any of the 4 ports, no problem. I have reinstalled the security update and reformatted the problem flash disk without any change or success

  Hi chgr5, and a warm welcome to the forums!
  If you don't get an answer in the Tiger/10.4 forums where we are now, you might try...
  http://discussions.apple.com/forum.jspa?forumID=1339
  Whew, that's pretty strande, if it were Tiger/10.4 I'd suggest this, but my 10.6 iMac died...
  Safe Boot , (holding Shift key down at bootup), use Disk Utility from there to Repair Permissions, move these files to the Desktop.
  PS. Safe boot may stay on the gray radian for a long time, let it go, it's trying to repair the Hard Drive.
  /Users/YourUserName/Library/Preferences/com.apple.desktop.plist
  /Users/YourUserName/Library/Preferences/com.apple.recentitems.plist
  /Users/YourUserName/Library/Preferences/com.apple.finder.plist
  n Finder, select Go menu>Go to Folder, and go to "/volumes".
  Volumes is where an alias to your hard drive ("/" at boot) is placed at startup, and where all the "mount points" for auxiliary drives are created for you to access them. This folder is normally hidden from view.
  Drives with an extra 1 on the end have a side-effect of mounting a drive with the same name as the system already think exists. Try trashing the duplicates with a 1 or 2 if there are no real files in them, and reboot.
  Reboot & test.

• Lenovo S90u "Security problem" and network problems

  I recently unistalled the security application (lenovo safecenter?) from my lenovo s90u phone. After this every time i turn on the phone there is an annoying message "Security problem" at the bottom left corner and the android "robot" at the top left corner of the screen, Reset to factory didn't solved the problem as also and a lenovo safecenter apk which i downloaded from a link i found here at the "Lenovo S850 security problem" topic. Also there is a serious problem with network connections as wifi and/or data connection are turning on at spear times without my permission. Every time i turn the phone on data connection in on and although i turn it off it turns on again (or the wifi) at spear times.Can you suggest any solution?
  ‎08-09-2014 03:06 AM

  I recently unistalled the security application (lenovo safecenter?) from my lenovo s90u phone. After this every time i turn on the phone there is an annoying message "Security problem" at the bottom left corner and the android "robot" at the top left corner of the screen, Reset to factory didn't solved the problem as also and a lenovo safecenter apk which i downloaded from a link i found here at the "Lenovo S850 security problem" topic. Also there is a serious problem with network connections as wifi and/or data connection are turning on at spear times without my permission. Every time i turn the phone on data connection in on and although i turn it off it turns on again (or the wifi) at spear times.Can you suggest any solution?
  ‎08-09-2014 03:06 AM

• Possible security problem with my iPhone4, it seems like it has been hacked into and my hotmail, facebook and university accounts (which all have different passwords) and proceed to change my passwords on me. This has happened twice.

  I seem to be having security problems with my iPhone4, it seems like someone has hacked into my hotmail, facebook and university accounts (which all have different passwords) and proceed to change my passwords on me. This has happened twice and I have not left my phone unattended at any time that I can recall nor have I accessed these accounts from another source (i.e. computer/laptop) since changing my passwords after the first hacking occurred. Please help.

  Anyone else at your university complaining about the same thing?  It is more likely someone is stealing passwords by sniffing traffic over the university wifi or with a man-in-the-middle attack or by other means external to your phone.  Try a Google search on "steal password" (without quotes) or "steal SSL password" and you'll learn more than you wanted to know about how passwords get stolen.
  Some related info:
  http://en.wikipedia.org/wiki/Session_hijacking
  http://en.wikipedia.org/wiki/Man-in-the-middle_attack

• My Apple ID showed security problem that needs to reset my password. But I forget my resue email and scecurity questions' answers. So what can I do?

  My Apple ID showed security problem that needs to reset my password. But I forget my resue email and scecurity questions' answers. So what can I do?

  If you are on Lion or newer, follow directions here:
  Reset the user password in OS X Lion, Mountain Lion and Mavericks
  Reset 10.5 Leopard & 10.6 Snow Leopard password
    1. Power on or restart your Mac.
    2. At the chime (or grey screen if your chime is turned off), hold down Command+S on your keyboard to enter single-user mode.
    3. This step is optional, but it’s a good idea because it checks the consistency of the hard disk before moving on. At the prompt, type fsck -fy and press Enter/Return. Wait for the checks to complete before going to the next step.
    4. Type mount -uw / and press Enter.
    5. Type launchctl load /System/Library/LaunchDaemons/com.apple.DirectoryServices.plistand press Enter.
    6. Type ls /Users and press Enter. This lists all of the usernames on the computer – helpful if you don’t know or remember what these are.
    7. Type dscl . -passwd /Users/username password and replace “username” with one of the users displayed in the previous step. Replace “password” with a new password of your choice. Press Enter.
    8. Type reboot and press Enter.

• My computer continually asks me to enter my password for Keychain access. This problem is continuos and I am having trouble with eliminating it. I have changed my password through Security and my Accounts numerous times to no avail.  Is there anythin

  My computer continually asks me to enter my password for Keychain access. This problem is continuos and I am having trouble with eliminating it.
  I have changed my password through Security and my Accounts numerous times to no avail.
  Is there anything I can do other than Resetting the entire computer and re installing all of the software, apps, etc.etc.

  Back up all data before proceeding.
  Launch the Keychain Access application in any of the following ways:
  ☞ Enter the first few letters of its name into a Spotlight search. Select it in the results (it should be at the top.)
  ☞ In the Finder, select Go ▹ Utilities from the menu bar, or press the key combination shift-command-U. The application is in the folder that opens.
  ☞ Open LaunchPad and start typing the name.
  Select the login keychain from the list on the left side of the Keychain Access window. If your default keychain has a different name, select that.
  If the lock icon in the top left corner of the window shows that the keychain is locked, click to unlock it. You'll be prompted for the keychain password, which is the same as your login password, unless you've changed it.
  Right-click or control-click the login entry in the list. From the menu that pops up, select
            Change Settings for Keychain "login"
  In the sheet that opens, uncheck both boxes, if not already unchecked.
  From the menu bar, select
            Keychain Access ▹ Preferences... ▹ First Aid
  There are four checkboxes in the window that opens. Check all of them. if they're not already checked. Close the window.
  Select
            Keychain Access ▹ Keychain First Aid
  from the menu bar and repair the keychain. Quit Keychain Access.
  If you use iCloud Keychain, open the iCloud preference pane and uncheck the Keychain box. You'll be prompted to delete the local iCloud keychain. Confirm. Then re-check the box. Follow one of the procedures described in this support article to set up iCloud Keychain on an additional device.

• HT4623 Why isn't Apple talking about the security problem and the iOS software patch?

  Why isn't Apple telling us about the iOS security problem and the software patch?

  There's an iOS security problem already?
  They just issued an iOS update...

• Using wildcard in return activity in bounded taskflow

  This is my situation:
  I have a page to which the user may only navigate through a router activity, and I want the user to be authenticated too. So I thought I'd set the router activity (and a filter) and the page inside a bounded taskflow.
  But now I have a problem exiting the bounded taskflow. I don't want to specify all the possible outcomes and create different return activities. I have tabs on each page and I want the user to be able to click a tab and go to that page. But when I set a wildcard the navigation doesn't work.
  What does work is this:
      <control-flow-rule id="__22">
        <from-activity-id id="__23">rr_start</from-activity-id>
        <control-flow-case id="__25">
          <from-outcome id="__28">toAvIndex</from-outcome>
          <to-activity-id id="__24">returnFromStartFlow</to-activity-id>
        </control-flow-case>
      </control-flow-rule>
      <task-flow-return id="returnFromStartFlow">
        <outcome id="__21">
          <name>toAvIndex</name>
        </outcome>
      </task-flow-return>But this allows me only to navigate to AvIndex and I have 4 more pages I want to navigate to.
  What I would like to have is this:
      <control-flow-rule id="__22">
        <from-activity-id id="__23">rr_start</from-activity-id>
        <control-flow-case id="__25">
          <from-outcome id="__28">*</from-outcome>
          <to-activity-id id="__24">returnFromStartFlow</to-activity-id>
        </control-flow-case>
      </control-flow-rule>
      <task-flow-return id="returnFromStartFlow">
        <outcome id="__21">
          <name>*</name>
        </outcome>
      </task-flow-return>and let the unbounded taskflow check the outcome and do the navigation. Could this be possible?

  Wendy,
  have you considered to use a taskflow template for the navigation and use this template for your taskflows?
  Only other thing which come to mind is to set a parameter from inside your flow and check this parameter in a method in the parent flow to decide where to go.
  Timo

• Problem with taskflows within the Dynamic region

  Hi,
  I am creating a application which have two bounded taskflows search-flow and admin flow.In admin-flow taskflow i have two jsff pages admin_login and welcome.whenever we click login button present in login.jsff it should navigate to welcome page.I have created the control flow case (from outcome is welcome).I have created a Home.jspx in adfc-config.xml.Using the splitter i divided the page into two facets.In facet 1 there are two command links search, admin.In the second facet i have dropped search flow as dynamic region and written the following beanclass.
  package com.Search;
  import oracle.adf.controller.TaskFlowId;
  public class Search {
  private String SearchtaskFlowId = "/WEB-INF/Search-fllow.xml#Search-fllow";
  private String AdminTaskFlowId = "/WEB-INF/Admin-flow.xml#Admin-flow";
  private String currentTF = "home";
  public SearchFlight() {
  public TaskFlowId getDynamicTaskFlowId() {
  if (this.getCurrentTF().equalsIgnoreCase("home"))
  return TaskFlowId.parse(SearchtaskFlowId);
  else
  return TaskFlowId.parse(AdminTaskFlowId);
  public void setCurrentTF(String currentTF) {
  this.currentTF = currentTF;
  public String getCurrentTF() {
  return currentTF;
  When i click the admin link in home.jspx the admin_login.jsff page is opening.After entering the credentials and clicking login button it is going to the search page of search task-flow not to the welcome.jsff.
  The admin_login.jsff is
  <?xml version='1.0' encoding='UTF-8'?>
  <jsp:root xmlns:jsp="http://java.sun.com/JSP/Page" version="2.1"
  xmlns:f="http://java.sun.com/jsf/core"
  xmlns:h="http://java.sun.com/jsf/html"
  xmlns:af="http://xmlns.oracle.com/adf/faces/rich">
  <af:decorativeBox id="db1">
  <f:facet name="center">
  <af:panelGroupLayout layout="scroll"
  xmlns:af="http://xmlns.oracle.com/adf/faces/rich"
  id="pgl1" inlineStyle="width:50cm; height:50.0cm;">
  <p>
  <af:inputText label="UserName" id="it1"
  binding="#{LoginBean.userName}"/><af:inputText label="Password"
  id="it2"
  secret="true"
  binding="#{LoginBean.password}"/><af:commandButton text="Login"
  id="cb1" binding= "#{LoginBean.login}"
  action="#{LoginBean.login_action}" />
  </p>
  <p>
  <af:commandButton text="Cancel" id="cb2"/>
  </p>
  </af:panelGroupLayout>
  </f:facet>
  <f:facet name="top">
  <h:outputFormat value="Administrator Login" id="of1"
  style="font-family:Verdana, Arial, Helvetica, sans-serif; font-size:large; color:Purple;"/>
  </f:facet>
  </af:decorativeBox>
  <!--oracle-jdev-comment:preferred-managed-bean-name:NewLoginBean-->
  </jsp:root>
  The loginbean for the admin_login.jsff is
  package com.LoginBean;
  import java.sql.Connection;
  import java.sql.DriverManager;
  import java.sql.ResultSet;
  import java.sql.SQLException;
  import java.sql.Statement;
  import oracle.adf.view.rich.component.rich.input.RichInputText;
  import oracle.adf.view.rich.component.rich.nav.RichCommandButton;
  import oracle.jdbc.OracleDriver;
  public class Login {
  public Login() {
  private RichInputText userName;
  private RichInputText password;
  private RichCommandButton login;
  public void setUserName(RichInputText userName) {
  this.userName = userName;
  public RichInputText getUserName() {
  return userName;
  public void setPassword(RichInputText password) {
  this.password = password;
  public RichInputText getPassword() {
  return password;
  public void setLogin(RichCommandButton login) {
  this.login = login;
  public RichCommandButton getLogin() {
  return login;
  public String login_action() {
  // Add event code here...
  String UserName = this.getUserName().getValue().toString();
  String Password = this.getPassword().getValue().toString();
  Connection conn;
  try {
  conn = getConnection();
  Statement stmt = conn.createStatement();
  ResultSet rset = stmt.executeQuery ("SELECT 'x' FROM administrator where username = '"+UserName+"' and password='"+Password+"' " );
  if (rset.next()) {
  conn.close();
  return "welcome";
  conn.close();
  } catch (SQLException e) {
  System.out.println(e);
  return "error";
  public static Connection getConnection() throws SQLException {
  String username = "hr";
  String password = "hr";
  String thinConn = "jdbc:oracle:thin:@localhost:1521:XE";
  DriverManager.registerDriver(new OracleDriver());
  Connection conn =
  DriverManager.getConnection(thinConn, username, password);
  conn.setAutoCommit(false);
  return conn;
  }

  in your web.xml find this entry and put success_url. to weblogic.jspx
  <servlet>
      <servlet-name>adfAuthentication</servlet-name>
      <servlet-class>oracle.adf.share.security.authentication.AuthenticationServlet</servlet-class>
      <init-param>
        <param-name>success_url</param-name>
        <param-value>/faces/index</param-value>
      </init-param>
      <load-on-startup>1</load-on-startup>
    </servlet>

• WS Policies, Bound Properties and CRMOnDemand

  I've been trying to figure this problem out for about a week, and was hoping that someone here could assist.
  In CRMOnDemand, for a stateless connect, you drop this into your SOAP header:
  <soapenv:Header>
  <wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
  <wsse:UsernameToken wsu:Id="UsernameToken-1">
  <wsse:Username>USERNAME_HERE</wsse:Username>
  <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">PASSWORD_HERE</wsse:Password>
  <wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">q3rLryh0dfQ1BucKrtpagw==</wsse:Nonce>
  <wsu:Created>2012-11-26T20:38:56.682Z</wsu:Created>
  </wsse:UsernameToken>
  </wsse:Security>
  </soapenv:Header>
  However, there is no clear way to do this in JDeveloper. I think I've tried all combinations of WS Policy and bound attributes, and none of them seem to work.
  So, the question is, how do I configure my web-service in my composite application to provide a SOAP document with the above header?

  Create a variable and assign the Security Header XML fragment to it. Then open the Invoke activity and go to Headers tab. Select the variable .
  Cheers,
  Durga

• ADF UI Shell Pattern- How to pass parameter to the called bounded taskflow?

  The sample Launcher class of the ADF UI Shell template has the following code:
      private void _launchActivity(String title, String taskflowId, boolean newTab)
        try
          if (newTab)
            TabContext.getCurrentInstance().addTab(
              title,
              taskflowId);
          else
            TabContext.getCurrentInstance().addOrSelectTab(
              title,
              taskflowId);
        catch (TabContext.TabOverflowException toe)
          // causes a dialog to be displayed to the user saying that there are
          // too many tabs open - the new tab will not be opened...
          toe.handleDefault();
      }How do I pass a parameter to the bounded taskflow that will be launched?
  For example:
  1) I have a list of employees displayed on a tab.
  2) When I select a record and click an edit button inside the tab, A separate tab should open with the corresponding employee to be edited.
  How then could I pass the employee id to the edit-employee-task-flow?
  I can't think on how/what would a "calling taskflow" come into this picture?
  help!
  pino
  Edited by: pino on 16-Dec-2009 05:57
  Edited by: pino on 16-Dec-2009 09:59

  Hi Arunkumar,
  Thanks for the info. I was actually using EJB DataControls, and something similar to what you have suggested can also be done programmatically, but I wanted to follow the one promoted in the Fusion Developers' Guide to take advantage of the "ADF task flow framework" (like pass-by-value, pageflowScope, etc.) especially that we were having problems when we will just follow the procedures that was presented in the tutorials(I mean that- not all the procedures in the tutorials will work on an application based on the UI Shell pattern which do have multiple active taskflows.).
  For instance, you have an active List of employees in one tab, and two other tabs that try to edit employee records. If these employee list and employee edit forms are based on a single iterator binding, then what would happen to the information in the two edit forms on each separate tabs if you selected another row on the employee list tab? -- In our case, the edit tabs' values synchronized to the new selected row in the list tab.
  There are sure many work-arounds for these, but I am looking for a cleaner, clearer, or best way to handle this scenario.
  regards,
  pino