Security violation after logout
When I have a user logout I remove their EJBs and call
ServletAuthentication.done(). If the user tries to log in with a
different account they get a security violation. If they wait about
20-40 seconds and try again everything is okay.
Does anyone know why this happens?
Thanks,
Mike
It usually is unless you are running under Flex Builder
itself. FB allows itself access to almost anything. Running in a
browser is subject to the sandbox.
Actually, as I think about it, the cross domain file might
not help. A Flex app, running in a browser, cannot access the local
file system *at all*. (Again, unless running under FB)
You will probably have to put that file on the network
somewhere, even if it is on a webserver on your own machine.
I assume it can change? If it is static, compile it into the
swf.
Tracy
Similar Messages
-
Last night when i tried to sign a document i received the mesage below and after that it says this document can't be signed what can i do to fix this problem.
Error encountered while signing:
The Windows Cryptographic Service Provider reported an error:
Access was denied because of a security violation.
Error Code: 2148532330I assume you are implying "biztax" application here, right?
I have contacted their program lead, with no result at all.
Past days I have been searching for a solution - reinstalls / new systems - no solution.
This issue appeared a week or two ago only.
I found http://forums.adobe.com/message/5338853 useful - but no positive results either.
http://test.eid.belgium.be/faq/faq_nl.htm obviously didnt help either.
If anyone finds a solution to this issue, please do let me know - any help is appreciated.
Biztax tells to use the "signature", not the "authentication" - but it is only Auth. that is showing up as option to sign (that works)
ps, did you fiddle with the Adobe Reader XI security settings and import that PKI etc as well? I hoped that would be the breaktrough. Sadly i'm still crying in my chair.
Oh, and dont forget: they claim nobody else got this issue. Maybe one or two people. (We got about 8 customers experiencing exactly the same symptoms at the same time )
> I noticed that when I try to open the pdf document that is 'signed' by the government it is not showing the filename in the title bar, but only " - Adobe Reader". every piece of info helps I guess.
Obviously last version of Reader 11.0.03 -
Logged Out session can be accessed again After logout (DAD authentication)
Hello,
Please find the details of my problem below:
SCENERIO:
Current Authentication: No Authentication (USING DAD)
Authorization: MYAUTH
Frequency: Once Per Session
declare
lv_retval boolean;
lv_srec pkg_myutil.r_sessionrectype;
begin
begin
-- This is NOT Apex Session. I am checking the entry in a table to make sure user is logged in
-- and the link is not opened directly. In short making sure user opened the Apex link from the
-- Oracle Forms application.
lv_srec :=pkg_myutil.get_session_info(:P1_SID);
if lv_srec.valid_session then
lv_retval := TRUE;
else
lv_retval := FALSE;
end if;
exception
when others then
lv_retval := FALSE;
end;
return lv_retval;
end;
The Application Security property Authorization is set to : MYAUTH
Logout Navigation Bar Entries-URL TARGET: http://myapp.mycompany.com/pls/apex/apex_custom_auth.logout?p_this_app=105&p_next_url=http://mycompany.com
( I cannot put this in the Authentication Logout URL as using -DATABASE- as sentry function (DAD authentication) gives me error: No functional attributes may be set when page sentry function is '-DATABASE-'.))
so i directly modified the navigation bar entry
Now I open the apex link from my forms application, and it Works fine. For example
http://myapp.mycompany.com/pls/QRYONLYDAD/f?p=105:1:2524984933940261::NO::P1_SID:0137099300:
The authorization function takes the P1_SID value and checks in database,finds the entry so returns TRUE to display the page 1 which i call Menu page.
If I click logout, it works and takes me to the Mycompany home page.
My question:
If save that link and try to access it again AFTER LOGOUT, it still displays the page. Although the session is logged out, how come it still allows to access the page? The authorization function also doesn't fire which would have prevented it atleast. How APEX knows it still a valid session even after logout happens?
I can see that Since there is DAD authentication, the login happens automatically........ but I cannot change that method. What other option do i have?
Please help.
Jay1.) Code for the function:
Basically we are using a private DBMS_PIPE to pass a randomly generated string and read that pipe from Apex using get_session_info. Nothing to do with Apex Session. We just want to make sure the user opened the Apex link from the application.
function get_session_info (p_session_id varchar2) return pkg_myutil.r_sessionrectype is
rv_sessionrec eft.pkg_myutil.r_sessionrectype;
lv_status NUMBER;
lv_app_id varchar2(20);
lv_EMPID VARCHAR2(20);
lv_timeout BINARY_INTEGER := 0; --A timeout of 0 allows you to read without blocking. otherwise the pipe will keep waiting and our purpose won't be solved
lv_rmstatus number;
begin
begin
-- Valid Session theme: If the pipe doesnot exist means the url is not requested from inside the Forms application.
lv_status := DBMS_PIPE.RECEIVE_MESSAGE(p_session_id,lv_timeout);
IF lv_status <> 0 THEN
raise_application_error(-20003,'Error while receiving.Status = ' || lv_status);
END IF;
DBMS_PIPE.UNPACK_MESSAGE(lv_app_id);
DBMS_PIPE.UNPACK_MESSAGE(lv_EMPID);
if lv_EMPID is null then
raise_application_error(-20004,'User EMPID is null in the session info.');
end if;
-- construct return record
rv_sessionrec.session_id:=p_session_id;
rv_sessionrec.valid_session :=TRUE;
-- remove pipe
lv_rmstatus:=DBMS_PIPE.REMOVE_PIPE(p_session_id);
if lv_rmstatus <> 0 then
null; -- think what to do
end if;
exception
when others then
rv_sessionrec.session_id:=p_session_id;
rv_sessionrec.valid_session :=FALSE;
end;
return rv_sessionrec;
end get_session_info;
2.) I guess you are right. But doesn't Apex use the Userid and password hardcoded in the DAD? because it displays the username in DAD on the page footer. But It will authenticate everytime. So I want to put another layer so that my pipe verification code executes everytime which can decide whether to show the page or redirect to a error page.
If i put in a On-Load Before Header Process on Page 1 with the pl/sql code, is there a way there to redirect to different page? I couldn't think of a way to do it. Then i can remove the code from authorization scheme and add to the On-Load process?
Does this help any?
Thanks for your prompt response.
Thanks,
Jay -
Problem accessing sessionScope after logout
Hello,
after logout (session.invalidate) I cannot use
ADFContext.getCurrent().getSessionScope().put(...) (java.lang.NullPointerException)
How to recreate sessionScope?
After logout not secured part of our application must be still functioning.
RadoHi,
This is my logout code:
ExternalContext ectx =
FacesContext.getCurrentInstance().getExternalContext();
HttpServletResponse response = (HttpServletResponse)ectx.getResponse();
HttpServletRequest request = (HttpServletRequest)ectx.getRequest();
HttpSession session = (HttpSession)ectx.getSession(false);
session.invalidate();
pageUri = Params.getStartUri();
try {
response.sendRedirect(request.getContextPath() + pageUri);
} catch (IOException e) {
JSFUtils.addFacesErrorMessage(MsgBundle.INTERNAL_ERROR,
new Object[] { "Logout" });
}The problematic code accessing the sessionScope is in constructor of session scope managed bean.
When are instances of session scope managed beans created? I guess after a new session was created. Why then the sessionScope doesn't exists? Have my session managed bean higher priority and is created prior to sessionScope?
I can postpone accessing sessionScope in the constructor but don't know have can I check sessionScope has not been prepared yet? In debugger it seems to be ok.
Rado -
Security violation from using underscores template
When using the template-function of the well-known underscore.js library I get an error:
Adobe AIR runtime security violation for JavaScript code in the application security sandbox (Function constructor).
In the browser this works fine. I don't see any security problems from using templates !?I made some more tests: This code
var compiled = _.template("hello: <%= name %>");
air.trace(compiled({name : 'moe'}));
works when executed in $(document).ready (jQuery), but
it fails in the air.InvokeEvent.INVOKE-eventlistener, which
is always triggered after document-ready.
Seems that everything is fine until the AIR-part of the app
is up. -
SG-500-28P How to configure switchport port-security violation setting
Is there a way to do switchport port-security violation {protect | restrict | shutdown} in SG-500-28P in case of a BPDU Guard violation?
Seems like the default option is shutdown and I don't know how to change it.
Thank you!Hi,
you can recover this Violation.By using below command:
To enable automatic re-activation of an interface after an Err-Disable shutdown,
use the errdisable recovery cause Global Configuration mode command. To
disable automatic re-activation, use the no form of this command.
Syntax
errdisable recovery cause {all | port-security | dot1x-src-address | acl-deny |
stp-bpdu-guard | loopback-detection | udld }
no errdisable recovery cause {all | port-security | dot1x-src-address | acl-deny |
stp-bpdu-guard | loopback-detection | udld }
For more information:
Refer this URL:page no :406
http://www.cisco.com/c/dam/en/us/td/docs/switches/lan/csbms/Sx500/cli_guide/CLI_500.pdf
regards
Moorthy -
IPSec Security Violation iTunes Desktop On Shutdown
I could use some insight into why the iTunes desktop is causing a security violation when I shut the program down. I am receiving the following failure audit code in the Event Viewer/Security File:
Event ID 615
Error Message Received:
IP Sec Services: IPSec Services failed to get the complete list of network interfaces on the machine. This can be a potential security hazard to the machine since some of the network interfaces may not get the protection as desired by the applied IPSec filters. Please run IPSec monitor snap-in to further diagnose the problem.
IPSec Snap-in Statistics:
When I run the snap in I am not receiving any changes in values within the IPSec Statistics. All categories are reflecting “0”. Within the IKS Statistics the following two categories values have been changed to “1”, Active Acquire and Acquire Heap Size. I am allowing an exception to occur within my firewall for iTunes.
This problem is only occurring when I shut the program down and the error message is appearing randomly in the event viwer. Any help would be greatly appreciated in helping me understand why this is occurring.
OS: Windows XP Home SP2 Toshiba 1135/S155 LaptopB Noir
After my last discussion with you on this subject matter I continued receive the 615-error code in my Event Viewer\Security folder. This really ticked me off my friend. All along I thought iTunes was the source of the problem. But this just was not the case. Before I present to you the actual problem I will say by changing the Target Scope on the firewall it did resolve some minor issues that I was having with iTunes. My apologies for any misunderstandings that may have taken place on this issue. Therefore, let me present the following information to you to settle this issue once and for all:
Event Viewer – Failure Audit Id 615 Description – Security Folder
Source: Security
Category: Policy Change
Failure Aud Event Id: 615
User: NT AUTHORITY\NETWORK SERVICE
Computer: OWNER-(For security reasons I have removed the rest of this information)
Description:
IPSec. Services: IPSec Services failed to get the complete list of Network Interfaces on the machine. This can be a potential security hazard to the machine since some of the interfaces may not get the protection as desired by the applied IPSec. Filters. Please run IPSec. Monitor to further diagnose the problem.
Notes:
This event discussion will apply to the following modem:
2Wire 1700HW
SN: 384114124206
Assembly Number: 4200-00174-000
When this event occurred no special filters were in place. All settings were set to “Default” system wide. Snap-in Monitor: IKE Statistics were in normal range. IPSec. Statistics values did not change indicating any problems.
I was determined to find out what was causing the problem. So, since the 615 entries were identified as a security issue I contacted MS Security Department as my starting point. After an hour of discussion with the security team and ruling out the possibilities it was not security related. So, they shot me over to the Windows XP Home SP2 support team. After ruling out any Windows based problems we determined that it was a Modem\port issue that was causing the problem.
Now that I had a starting to point to work with my final investigation produced the final solution to correct the problem.
When the event occurred I was receiving the entry’s randomly on start-up\reboot. After several hours of discussions and running tests with a BellSouth tech, I tracked the problem down to my Troubleshooting – Event Log in the 2Wire MDC\Management and Diagnostic Console. A BellSouth Tech Supervisor confirmed this problem once I identified the possible source.
Source of the problem: “Bad Modem\Port Issue” on link up. The modem is not connecting properly on link-up with the server. As a result I began having lost connection entries indicating that the service was restarting itself on the lost connection. To confirm my lost connection findings I installed a Server Monitor and set the monitor to “Poll” the server in one-minute intervals. The source of the actual problem in this case will be centered on the following connection process: “vlanmon0”. I have provided a copy of the link-up process tree for your review.
Final Summary: At times I was receiving a lot of lost connection entries in the MDC event log. This is what was causing the 615 entries to occur in the event log on my machine. You will not automatically receive a 615 entry in the Event Viewer\Security folder on lost connections. Again in this case I was only receiving the entries on start-up\reboot randomly.
What was more frustrating is when the events started to occur I went to my command prompt and pinged the IP’s within the routing table I kept coming back with 100% Success back to the server. Bottlenecking at the Socket Connection was also ruled out. I spent a total of five hours over a two-day period diagnosing the problem. I even allowed the tech to do a remote access session on my machine. In the end I had nothing but kudos’ on how well my machine was set-up and protected. Final conclusion: BellSouth will be replacing the modem.
615 error codes can be very difficult to resolve. In closing my discussion with you on this issue I would advise caution in resolving this issue due to the many variables involved with IPSec Services.
Thank you for the intelligent discussion on the issue.
2WIRE MDC - Link Tree
Management and Diagnostic Console
Advanced – Link Manager States
root
|-->homenet0 is up
||-->vlan0 is up
||\-->ipv4net1 is up
|| |-->vlanmon0 is up >>>>>>>(Source of Event Id 615 in Security Folder)
|| \-->ipv4bridge2 is up
|\-->vlan3 is up
\-->broadband0 is up
\-->adsl0 is up
Snap Shot of today’s lost connection: 2Wire Troubleshooting – Event Log
Type Date/Time Event Description
INF +000 days 00:00:00 SYS: System started
INF 2003/01/15 05:00:01 EST SYS: Set system clock from: 1969/12/31 19:00:00 EST
INF 2003/01/15 05:00:03 EST SYS: ipv4net1: Up on vlan0 with 192.168.1.254/24
INF 2003/01/15 05:00:24 EST SYS: ppp0: Up with ipv4 service on pppoe0
INF 2003/01/15 05:00:24 EST SYS: ipv4net0: Up on ppp0 with 72.155.108.75/32
INF 2006/09/05 07:02:42 EDT SYS: Set system clock from: 2003/01/15 05:00:25 EST
INF 2006/09/05 08:44:56 EDT SYS: Successfully logged into a password protected page
INF 2006/09/05 16:48:19 EDT SYS: Successfully logged into a password protected page
INF 2006/09/05 20:18:35 EDT SYS: vlanmon0: connection lost, reconnecting...
INF 2006/09/06 06:20:08 EDT SYS: Successfully logged into a password protected page
INF 2006/09/06 06:21:25 EDT SYS: Successfully logged into a password protected page
INF 2006/09/06 09:50:24 EDT SYS: Successfully logged into a password protected page
Jblittlejohn
OS: Toshiba Satellite 1135’S155 Windows XP SP2
Server: BellSouth – DSL Lite
Socket Connection: LPT2T1 -
Making user policies stay in effect after logout
We enforce highly restrictive Windows group policies on our student users. Sometimes, a student is able to login offline, so they don't get the restrictive policy. In ZDM 7, we had the ability to make a user policy stay in effect after logout, which would keep the restrictions turned on until a user with less restrictions logged in. Is there a way to do this in ZCM 11? I looked in ZCC, and I can't see any option for this. FYI, we are using ZCM 11.2.2 MU 2.
Rick P.
Walla Walla Public SchoolsOriginally Posted by craig_wilson
Kevin,
Whoever told you that was clueless about GPOs.
User GPOs are removed at Logout.
Device GPOs are removed at Shutdown.
They are removed by Re-Applying the "Blank" GPOs located in
%zenworks_home%\bin\cachefiles\Orginal_GPO
(Or something like that w/o looking.)
These will only exist if a GPO is in place.
It would be possible to replace those GPO files with your locked down
files so when User/Machine GPOs are replaced with the "Blank" one, they
are actually using a Strong GPO.
On 2/15/2013 7:06 PM, RPummel wrote:
>
> kjhurni;2247277 Wrote:
>> I was told the policies were cached and would remain in effect unless a
>> new user with a DIFF policy logged in.
>>
>> I'll have to dig up my old emails as this was like over a year ago.
>
> This may be the theory, but it is not what we have observed in
> practice.
>
> Rick
>
>
Craig Wilson - MCNE, MCSE, CCNA
Novell Knowledge Partner
Novell does not officially monitor these forums.
Suggestions/Opinions/Statements made by me are solely my own.
These thoughts may not be shared by either Novell or any rational human.
Thanks Craig. Too bad it doesn't remain in effect on logout. Seems like a glaring security hole, IMO compared to how MS does it. OR how ZFD used to do it.
Guess an RMS is in order? -
safari, chrome and firefox cannot verify identity of secure websites after upgrading to 10.7.4, apple engineers have tried multiple things including operating system with no success
There are several threads about this problem, most notably one called 'Invalid Certificates' is over 4 pages long. Many of us have experienced difficulty connecting to banking and other secure sites. On my Macbook Pro, I cannot get to my banking site with any browser, however I can get there on my iMac using Safari, but get the 'Invalid Certificate' notice with FF and Chrome. The problem started after the installation of 10.7.4. I have sent a message to Apple--they will be dismayed to hear that I cannot complete an order at their online store!
-
No keyboard at login window after logout
Hello all,
I'm just starting state testing and have been presented with a problem. When a student logs out of a machine in order to log into the testing account the login window won't accept input from the keyboard.
Bacground and details:
We have labs of computers using workgroup manager and open directory for management. In a normal lab the machine will boot to a login window. This is so that the preferences will be refreshed before a student logs in. The student will login as a local user (student) and procede to do whatever for the day.
We have recently started state mandated testing. I have set up an OD account which is very locked down and keeps the student on track while testing. This requires someone to log the normal user out and login as the OD user. This is where the problem arises.
About 50% of the time the keyboard will no longer funtion after logout. No keys of any sort work. The mouse still works. Even keystrokes through ARD do nothing. A end user is then required to reboot the system in order to do ANYTHING. This is not ideal for elementary kids.
From my digging in log files and poking around i noticed that the loginwindow process was hanging or crashing. If i kill the process the login window blinks and then works just fine. I'm sure i could write a logout script that drops a process into the background to kill the loginwindow process after so many seconds, but thats messy. Has anyone seen this? Any thoughts or solution? Only happens on a logout, never on an initial bootup.
I have found that 95% of these issues occur on Mac Mini's. I can consistantly replicate the issue on a mini. If i clone the mini to a macbook, i no longer have the problem (using carbon copy cloner). So either the hardware is part of the issue or the clone fixed something in the process.
OSX 10.5.8
/var/log/windowserver.log (on logout)
May 02 16:27:30 [252] kCGErrorIllegalArgument: CGXSetWindowListTags: Operation on a window 0x6 not owned by caller loginwindow
May 02 16:27:32 [252] CGXRestartSessionWorkspace: session workspace exited for session 256 ( on console )
May 02 16:27:32 [252] loginwindow connection closed; closing server.
May 02 16:27:33 [352] Server is starting up
May 02 16:27:36 [352] CGXMappedDisplayStart: Unit 0: no display alias property
May 02 16:27:36 [352] kCGErrorFailure: IOHIDSetCursorEnable returns -536870208
May 02 16:27:36 [352] kCGErrorFailure: Set a breakpoint at CGErrorBreakpoint() to catch errors as they are returned
May 02 16:27:36 [352] CGXPerformInitialDisplayConfiguration
May 02 16:27:36 [352] Display 0x41dc9d00: VirtualDisplay Unit 0; Vendor 0x756e6b6e Model 0x76697274 S/N 0; online enabled built-in (0,0)[1280 x 1024], base addr 0xb0021000
May 02 16:27:36 [352] AGCAttach: Couldn't find any matches
May 02 16:27:43 [352] kCGErrorIllegalArgument: CGXSetWindowListTags: Operation on a window 0x2 not owned by caller SecurityAgent
May 02 16:27:45 [352] kCGErrorIllegalArgument: CGXOrderWindow: Operation on a window 0x2 not owned by caller SecurityAgent>kCGErrorIllegalArgument: CGXSetWindowListTags: Operation on a window 0x2 not owned by caller SecurityAgent
In those cases there may be threads and/or processes trying to do things with windows that they don't own. In other words, some programmers may have goofed up a little bit someplace.
But might try the one Helpful marked post here...
https://discussions.apple.com/thread/987826?start=0&tstart=0 -
Weblogic 10.3.0 - Security Violation when Group Membership Lookup enabled
Dear Admins,
We're running a Weblogic 10.3.0 cluster with our own software deployed.
We're using SQL authentication (JDBC to Oracle DB) to authenticate users.
Recently we've been tuning our WL cluster to improve performance, and have enabled Group Membership Lookup Hierarchy Caching.
Sometimes users log into our application and get inssuficient rights (or some other error). This appears to happen at random. Most of the times they can log in without problems.
We determined it's not something to do with the cluster, although it can happen on one node and the other node will work as normal.
In the Managed server we see this error (with test user):
Managed7Server.out00011:java.rmi.AccessException: [EJB:010160]Security Violation: User: 'test' has insufficient permission to access EJB: type=<ejb>, application=leanapps, module=process_general.jar, ejb=LaLifeProcessController,
method=create, methodInterface=Home, signature={}.
When we disable Group Membership Lookup Hierarchy Caching, this error never occurs.
Our settings (Security Realms -> myrealm -> Providers -> SQL Authenticator -> Performance):
Max Group Hierarchies In Cache: 5000 (we have approx. 2000 groups)
Group Hierarchy Cache TTL: 3600
provider specific settings :
Group Membership Searching: unlimited
Max Group Membership Search Level: 0
Also in Myrealm -> Performance we have set :
Enable WebLogic Principal Validator Cache
Max WebLogic Principals In Cache: 5000
If we put the TTL really low (default 60 seconds), the error hardly ever occurs. But we want to have cache that lasts longer then one minute.
This might be a bug, as we have other clusters running on WL 10.3.5, 12c where we use the same cache settings. This issue does not occur there.
I'm more then willing to provide more info or config files
Edited by: user5974192 on 21-nov-2012 5:17This is fixed now. Someone had defined a Servlet for the web service in web.xml that was preventing the EJB container to kick in.
Edited by: user572625 on Aug 25, 2011 11:54 PM -
Security Violation Error while running schedule task from OIM.
Hi All,
I am getting this error while running a custom java schedule task from OIM:
*Thor.API.Exceptions.tcAPIException [EJB:010160] Security Violation: User '<anonymous>' has insufficient permission to access EJB:*
type=<ejb>,application=Xellerate,module=xlDataObjectBeans.jar,ejb=tcReconciliationoperations,method=createDeleteReconciliationEvent
at Thor.API.Operations.tcReconciliationOperationsClient.createDeleteReconciliationEvent(UnKnown Source).
I got this error as soon as my code start creating Delete Reconciliation Event.
Note: I have already protected the JNDI Namespace.
Please provide some pointers.
Regards,
SunnyHi Rajiv,
Check this:
package com.centrica.iam.scheduletask;
import java.io.BufferedReader;
import java.io.File;
import java.io.FileFilter;
import java.io.FileNotFoundException;
import java.io.FileReader;
import java.text.SimpleDateFormat;
import java.util.ArrayList;
import java.util.Calendar;
import java.util.Date;
import java.util.HashMap;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.Set;
import oracle.iam.connectors.common.ConnectorLogger;
import com.thortech.xl.dataaccess.tcDataSet;
import com.thortech.xl.dataaccess.tcDataSetException;
import com.thortech.xl.dataobj.PreparedStatementUtil;
import com.thortech.xl.orb.dataaccess.tcDataAccessException;
import com.thortech.xl.scheduler.tasks.SchedulerBaseTask;
import Thor.API.tcResultSet;
import Thor.API.Exceptions.tcAPIException;
import Thor.API.Exceptions.tcInvalidValueException;
import Thor.API.Operations.tcLookupOperationsIntf;
import Thor.API.Operations.tcReconciliationOperationsIntf;
import Thor.API.Operations.tcSchedulerOperationsIntf;
public class CustomFlatFile extends SchedulerBaseTask {
private static tcSchedulerOperationsIntf schedulerIntf;
private static tcLookupOperationsIntf lookupIntf;
private static tcReconciliationOperationsIntf reconIntf;
String sObjectName;
String LookupName;
String LookupName2;
String FileDirectory;
String FileName;
String File;
String delimeter;
String isDeleteTrue;
HashMap<String, String> attrMap = new HashMap();
HashMap<String, String> delMap = new HashMap();
HashMap<String, String> finalMap = new HashMap();
ArrayList list = new ArrayList();
public boolean isReconStopped;
public CustomFlatFile()
isReconStopped = false;
public void init()
LookupName = getAttribute("Attribute Lookup Name");
FileDirectory = getAttribute("Directory Path");
FileName = getAttribute("File Name");
delimeter = getAttribute("Delimeter");
sObjectName = getAttribute("Resource Object Name");
isDeleteTrue = getAttribute("Is Delete Allowed");
public void execute(){
try {
System.out.println("Start Exceute");
//Initiate lookupIntf
lookupIntf = (tcLookupOperationsIntf)getUtility("Thor.API.Operations.tcLookupOperationsIntf");
reconIntf=(tcReconciliationOperationsIntf)getUtility("Thor.API.Operations.tcReconciliationOperationsIntf");
catch (tcAPIException tcapiexception){
tcapiexception.printStackTrace();
//logger.error(classname, s, tcapiexception.toString());
//logger.setStackTrace(tcapiexception, classname, s, tcapiexception.getMessage());
catch (Exception excep){
excep.printStackTrace();
//logger.error(classname, s, excep.toString());
//logger.setStackTrace(excep, classname, s, excep.getMessage());
attrMap = readLookup(LookupName);
System.out.println(attrMap.toString());
readFile();
if (isDeleteTrue.equalsIgnoreCase("true"))
performDelete();
System.out.println("Finish Execute");
public void performDelete()
System.out.println("Start Perform delete");
int k = list.size();
System.out.println("list size " + list.size());
try
Thread.sleep(15000);
/* Hashtable ahashtable[] = new Hashtable[k];
Hashtable hashtable = new Hashtable();
for (int i=0;i<k;i++)
hashtable.put("User Id", list.get(i));
ahashtable[i] = hashtable;
System.out.println(list.get(i));
Set set = reconIntf.provideDeletionDetectionData(sObjectName, ahashtable);
System.out.println("Set--" + set.toString());
tcResultSet tcresultset = reconIntf.getMissingAccounts(sObjectName, set);
System.out.println("tcresultset - " + tcresultset.getRowCount());
if (!(tcresultset.isEmpty()))
long l[] = reconIntf.deleteDetectedAccounts(tcresultset);
for (int i1=0;i1<l.length;i1++)
System.out.println("delete recon key " + l[i1]);
//Get the existing list of Managed users
tcDataSet tcdataset = new tcDataSet();
tcDataSet tcdataset1 = new tcDataSet();
String query = "select orf.orf_fieldname,prf.prf_columnname, sdk.sdk_name from orf, sdk, pkg, tos, prf, obj " +
"where pkg.obj_key = obj.obj_key and pkg.pkg_key = tos.pkg_key and tos.sdk_key is not null " +
"and tos.sdk_key=sdk.sdk_key and tos.tos_key=prf.tos_key and prf.prf_iskey='1' and prf.orf_key=orf.orf_key " +
"and orf.orf_parent_orf_key is null and obj.obj_name='" + sObjectName + "'";
tcdataset.setQuery(getDataBase(), query);
tcdataset.executeQuery();
String FFName = tcdataset.getString("prf_columnname");
String FName = tcdataset.getString("sdk_name");
String ROFName = tcdataset.getString("orf_fieldname");
System.out.println("form- " + FName + " Field- " + FFName);
query = "select " + FFName + " from " + FName + " udtable, oiu a, ost b " +
"where udtable.orc_key=a.orc_key and a.ost_key=b.ost_key and b.ost_status!='Revoked'";
System.out.println(query);
tcdataset1.setQuery(getDataBase(), query);
tcdataset1.executeQuery();
int i = tcdataset1.getRowCount();
ArrayList list1 = new ArrayList();
String s1 = null;
System.out.println("N. of rows--" + i);
for (int j=0;j<i;j++)
tcdataset1.goToRow(j);
s1 = tcdataset1.getString(0);
System.out.println("s1---" + s1);
if (!(list.contains(s1)))
list1.add(s1);
System.out.println("under if--" + s1);
//Getting the existing list of unmanaged users
query = "select distinct (b.rcd_value) from rce a, rcd b, orf c, obj d where a.rce_key=b.rce_key and " +
"b.orf_key=c.orf_key and c.orf_fieldname='" + ROFName + "' and a.rce_status!='Event Linked' " +
"and a.obj_key = d.obj_key and d.obj_name='" + sObjectName + "'";
tcdataset1.setQuery(getDataBase(), query);
tcdataset1.executeQuery();
i = tcdataset1.getRowCount();
System.out.println("No. Of Unmanaged Users " + i);
for (int j=0;j<i;j++)
tcdataset1.goToRow(j);
s1 = tcdataset1.getString(0);
System.out.println("s1---" + s1);
if (!(list.contains(s1)))
list1.add(s1);
System.out.println("under if--" + s1);
int k1 = list1.size();
System.out.println("list1 size--" + k1);
for (int j1=0;j1<k1;j1++)
delMap.clear();
delMap.put(ROFName, (String)list1.get(j1));
System.out.println(delMap.toString());
long l = reconIntf.createDeleteReconciliationEvent(sObjectName, delMap);
System.out.println("delete recon key--- " + l);
catch (Exception exception)
exception.printStackTrace();
public void readFile(){
String s = "readFile()";
//logger.setMethodStartLog(classname, s);
HashMap map = new HashMap();
try {
File = getFile();
BufferedReader reader = new BufferedReader(new FileReader(new
File(File)));
String line = "";
int k = attrMap.size();
String value[] = new String[k];
String Header[]= new String[k];
if (delimeter.equalsIgnoreCase("|"))
delimeter = "\\" + delimeter;
line = reader.readLine();
Header = line.split(delimeter);
while((line = reader.readLine()) != null)
value = line.split(delimeter);
k = value.length;
for (int i = 0;i<k;i++){
finalMap.put(attrMap.get(Header), value[i]);
System.out.println(finalMap.toString());
System.out.println("Start Ignoring Event");
if (!(reconIntf.ignoreEvent(sObjectName, finalMap)))
System.out.println("Not Ignored");
long l1 = reconIntf.createReconciliationEvent(sObjectName, finalMap, true);
System.out.println("Recon Key--" + l1);
else
System.out.println("ignore event ---" + finalMap.toString());
list.add(finalMap.get("User Id"));
System.out.println(list.size() + "add--" +finalMap.get("User Id") );
finalMap.clear();
catch (Exception exception)
exception.printStackTrace();
public boolean stop(){
String s = "stop()";
//logger.setMethodStartLog(classname, s);
//logger.info(classname, s, "Stopping Reconciliation........");
isReconStopped = true;
//logger.setMethodFinishLog(classname, s);
return true;
FileFilter fileFilter = new FileFilter()
public boolean accept(File file)
String sFilePath = file.getName();
if( sFilePath.startsWith(FileName) )
return true;
else
return false;
public String getFile() throws FileNotFoundException, Exception{
String s = "getFile()";
//logger.setMethodStartLog(classname, s);
String s1;
File dir = new File(FileDirectory);
File[] files = dir.listFiles(fileFilter);
if (files.length ==0)
throw new FileNotFoundException();
if (files.length>1)
throw new Exception("Multiple Matches found for this file name");
s1 = files[0].toString();
//logger.setMethodFinishLog(classname, s);
return s1;
public HashMap readLookup(String s1){
String s = "readLookup()";
//logger.setMethodStartLog(classname, s);
HashMap map = new HashMap();
try {
tcResultSet tc1= lookupIntf.getLookupValues(s1);
int i = tc1.getRowCount();
for (int j = 0;j<i;j++){
tc1.goToRow(j);
map.put(tc1.getStringValue("Lookup Definition.Lookup Code Information.Code Key"), tc1.getStringValue("Lookup Definition.Lookup Code Information.Decode"));
catch (tcAPIException tcapiexception){
tcapiexception.printStackTrace();
//logger.error(classname, s, tcapiexception.toString());
//logger.setStackTrace(tcapiexception, classname, s, tcapiexception.getMessage());
catch (Exception excep){
excep.printStackTrace();
//logger.error(classname, s, excep.toString());
//logger.setStackTrace(excep, classname, s, excep.getMessage());
return map; -
Security violation exception with Weblogic cluster installation on OIm 9.1
Hi,
I have OIM9.1 installed on weblogic 8.1 SP4 in clustered environment, which more often than not seems to work fine. But some time I get following exception on server console/log file which causes certain provisioning task to be rejected...
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:224)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:183)
Caused by: javax.ejb.AccessLocalException: [EJB:010160]Security Violation: User: 'xelsysad
m' has insufficient permission to access EJB: type=<ejb>, application=Xellerate, module=xl
DataObjectBeans.jar, ejb=tcFormInstanceOperations, method=create, methodInterface=LocalHom
e, signature={}.
at weblogic.ejb20.internal.MethodDescriptor.checkMethodPermissionsLocal(MethodDesc
riptor.java:486)
at weblogic.ejb20.internal.StatelessEJBLocalHome.create(StatelessEJBLocalHome.java
:80)
at com.thortech.xl.ejb.beans.tcFormInstanceOperations_2j82mm_LocalHomeImpl.create(
tcFormInstanceOperations_2j82mm_LocalHomeImpl.java:93)
... 126 more
ERROR,19 Dec 2008 14:20:03,752,[XELLERATE.APIS],Class/Method: tcBaseUtilityClient/getLocal
Interface encounter some problems: {1}
java.lang.reflect.InvocationTargetException
at sun.reflect.NativeMethodAccessorImpl.in
Problem is, I get this exception only 4 out of 6 times (when it is least expected). I have googled, and tried all possible means but have't been able to resolve it. One more thing I am sure of is, it only comes with Weblogic installation not with Jboss. So there should be some configuration issue with weblogic installation.
Any suggestions would be useful...No Response???
Where are the good guys?? -
Security Violation during PATH Variable Substitution
Hi -
I' m trying to write a file with the receiver file adapter by the variable substitution feature from SP12 on.
Whereas the %filename% variable works fine, I get for the %path% variable an exception in the adapter engine, whenever I'm trying either
- to use an absolute path like "/tmp" or
- composed pathnames like "tmp/test" (that are based on $XIHOME/j2ee/cluster/server0)
Non-composed pathnames like $XIHOME/j2ee/cluster/server0/tmp by setting %path% to "tmp" work also.
Any clue?
I'm on AIX on SP12.
Here is the exception:
java.text.ParseException: Security violation encountered during variable substitution: Content of variable path is not safe
Thanks.
StefanHi Stefan,
did you check the flag 'Disable Security Checks' in the communication channel?
Regards
Stefan -
802.1X Port Based Authentication - IP Phone- MDA - Port Security Violation
I have configured 802.1X authentication on selected ports of a Cisco Catalyst 2960S with Micorsoft NPS Radius authentication on a test LAN. I have tested the authentication with a windows XP laptop, a windows 7 laptop with 802.1X, eap-tls authentication and a Mitel 5330 IP Phone using EAP-MD5 aithentication. All the above devices work with with the MS NPS server. However in MDA mode when the 802.1x compliant windows 7 laptop is connected to the already authenticated Mitel IP Phone, the port experiences a security violation and the goes into error sdisable mode.
Feb 4 19:16:16.571: %AUTHMGR-5-START: Starting 'dot1x' for client (24b6.fdfa.749b) on Interface Gi1/0/1 AuditSessionID AC10A0FE0000002F000D3CED
Feb 4 19:16:16.645: %DOT1X-5-SUCCESS: Authentication successful for client (24b6.fdfa.749b) on Interface Gi1/0/1 AuditSessionID AC10A0FE0000002F000D3CED
Feb 4 19:16:16.645: %PM-4-ERR_DISABLE: security-violation error detected on Gi1/0/1, putting Gi1/0/1 in err-disable state
Feb 4 19:16:17.651: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/1, changed state to down
Feb 4 19:16:18.658: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/1, changed state to down
If the port config is changed to "authentication host-mode multi-auth", and the laptop is connected to the phone the port does not experience the security violation but the 802.1x authentication for the laptop fails.
The ports GI1/0./1 & Gi1/02 are configured thus:
interface GigabitEthernet1/0/1
switchport mode access
switchport voice vlan 20
authentication event fail action authorize vlan 4
authentication event no-response action authorize vlan 4
authentication event server alive action reinitialize
authentication host-mode multi-domain
authentication order dot1x mab
authentication priority dot1x mab
authentication port-control auto
mab
mls qos trust cos
dot1x pae authenticator
spanning-tree portfast
sh ver
Switch Ports Model SW Version SW Image
* 1 52 WS-C2960S-48FPS-L 15.2(1)E1 C2960S-UNIVERSALK9-M
Full config attached. Assistance will be grately appreciated.
DonfricoI am currently trying to get 802.1x port authentication working on a Cat3550 against Win2003 IAS but the IAS log shows a invalid message-authenticator error. The 3550 just shows failed. When I authenticate against Cisco ACS (by simply changing the radius-server) it works perfectly.
However, I am successfully using IAS to authenticate WPA users on AP1210s so RADIUS appears to be OK working OK.
Are there special attributes that need to be configured on the switch or IAS?
Maybe you are looking for
-
Hello, I have a customer who uses temp tables all over their application. This customer is a novice and the app has its roots in VB6. We are converting it to .net I would really like to know the best practice for using temp tables. I have seen code l
-
Acrobat 9 crashes MS Office 2010, Firefox, and Cash Manager
On a new 64 bit coMputer with Windows 7, I installed a new MS Office 2010, installed Chrome and Firefox, and reinstalled Acrobat 9 and an accounting program called Cash Manager that were on my old 32 bitcomputer. I also copied all my data files from
-
IPhone 3g white - Strange Display Problem
Hi! Sorry for my english, I don't speak it very well. I have a problem whith the display of my iphone 3g white model. http://mt12.quickshareit.com/share/img_39362126d.JPG http://mt14.quickshareit.com/share/img_39376f950.JPG http://mt14.quickshareit.c
-
Dinamic TableModel with JTable
Hi, I have a JTable table = new JTable(); with a default table model when my JDialog starts. But, when the user types two informations (number of lines/columns) and press a button "Generate table", I'd like to generate a new model with these lines/co
-
Disappear, reappear, disappear again.
My ipad is plugged into a belkin powered usb hub. It cannot charge...that's ok I suppose. However, it is continually going into sync and out of sync. The device disapears from iTunes and comes back up. I was getting an error for which someone suggest