Session Key and initialization vector
Hi,
is the session key the key used with the initialization vector IV as input parameters for the RC4algorithm? In this way the server and the client derive the WEP key for the data unicast encryption.
Very thancks.
Since december 2000, we support a session key, which is negociated by the LEAP protocol after a login/password authentication with the Cisco Secure ACS Radius server. With this implementation the session key is used as the input parameter for the RC4 algorithm.
Since december 2001, we have a new firmware release (actual AP release 11.21 available on CCO) that support a 'TKIP' implementation, where the session key is hashed for each packet to obtain a uniq 'packet' key, used as the input parameter for the RC4 algo for the packet. The radio firmware must be upgraded in both AP and Client.
Similar Messages
-
Session key and MAC generation in SCP '02' i='15'
Hi,
I am trying send a PUT KEY command and it resolves to '6982' after a '9000' EXTERNAL AUTHENTICATE.
I suspect that my encryption is causing the problem.(not really sure!)
I compare my session keys to some that ppl had derived and posted on the forum and I don't really get what they did.
I am trying to find out if I'm deriving the correct session keys or not?!?!
e.g
//Calculating session keys with
//static key = '404142434445464748494a4b4c4d4e4f' (keyData)
//sequence counter = '003b'
//"0101" + sequenceCounter + "000000000000000000000000" for session CMAC key (data)
//"0102" + sequenceCounter + "000000000000000000000000" for session RMAC key (data)
//"0181" + sequenceCounter + "000000000000000000000000" for session DEK key (data)
//"0182" + sequenceCounter + "000000000000000000000000" for session ENC key (data)
//sessionCMAC is :3213860da8f8d9796794cbcec43ef7a23213860da8f8d979: with sequence counter:003b (result)
//sessionRMAC is :042a687f6e0dd3f80eabf1e5d51ccefe042a687f6e0dd3f8: with sequence counter:003b (result)
//sessionDEK is :1fe31370c22354e3b90d6b8ad5686d371fe31370c22354e3: with sequence counter:003b (result)
//sessionENC is :94a47ad54ffbf423fe4a9d915befab5294a47ad54ffbf423: with sequence counter:003b (result)
<code>
if (keyData.length == 16) {
byte[] temp = (byte[]) keyData.clone();
keyData = new byte[24];
System.arraycopy(temp, 0, keyData, 0, temp.length);
System.arraycopy(temp, 0, keyData, 16, 8);
DESedeKeySpec keySpec = new DESedeKeySpec(keyData);
SecretKeyFactory secretKeyFactory = SecretKeyFactory.getInstance("DESede");
SecretKey key = secretKeyFactory.generateSecret(keySpec);
IvParameterSpec iv = new IvParameterSpec(new byte[]{0, 0, 0, 0, 0, 0, 0, 0});
Cipher desedeCBCCipher = Cipher.getInstance("DESede/CBC/NoPadding");
desedeCBCCipher.init(Cipher.ENCRYPT_MODE, key, iv);
byte[] result = desedeCBCCipher.doFinal(data);
if (result .length == 16) {
byte[] temp = (byte[]) result .clone();
result = new byte[24];
System.arraycopy(temp, 0, result , 0, temp.length);
System.arraycopy(temp, 0, result , 16, 8);
keySpec = new DESedeKeySpec(result);
secretKeyFactory = SecretKeyFactory.getInstance("DESede");
key = secretKeyFactory.generateSecret(keySpec);
</code>
I use the same encrytion to derive KeyCheckValue with
newKey ='505152535455565758595a5b5c5d5e5f', data = '0000000000000000'
and it results to : '6d377e' (of course the last 3 bytes)
Even though my CMAC session key is different from others (e.g "RLopes" in "http://192.9.162.102/thread.jspa?threadID=5365173&tstart=363" and I have seen it in others too and its really odd to me that its slightly different if you take a close look you will get what i mean) i get the EXTERNAL AUTHENTICATION to work.
If there is anyone who is 100% sure meaning he/she got other commands to work after EXTERNAL AUTHENTICATE using CMAC please help me verify the keys I got?
Can he/she test with his code to see if he/she is getting the same session keys or check value?
Thanks in advance
KamranHi,
Here is the Class and thanks for the tip, I've honestly tried these <code></code> but didn't work and I know it is indeed annoying without the tags :D
I really hope it helps...
* To change this template, choose Tools | Templates
* and open the template in the editor.
package terminalpcsc;
import java.lang.Exception;
import java.security.GeneralSecurityException;
import java.security.Key;
import java.security.SecureRandom;
import java.util.List;
import javax.crypto.*;
import javax.crypto.spec.*;
import javax.security.sasl.AuthenticationException;
import javax.smartcardio.*;
* @author Kamran
* @param args the command line arguments
public class Main {
private static CardChannel channel;
private static Card card;
private static int CHALLENGE_LENGTH = 8;
private static byte[] keyDiversification = new byte[10];
private static byte[] keyInformation = new byte[2];
private static byte[] sequenceCounter = new byte[2];
private static byte[] cardChallenge = new byte[6];
private static byte[] cardCryptogram = new byte[8];
private static byte[] hostChallenge = new byte[8];
private static byte[] hostCryptogram = new byte[8];
private static String keyDiversificationHexString;
private static String keyInformationHexString;
private static String sequenceCounterHexString;
private static String cardChallengeHexString;
private static String cardCryptogramHexString;
private static String hostChallengeHexString;
private static String hostCryptogramHexString;
private static byte[] sessionCMAC;
private static byte[] sessionDEK;
private static byte[] sessionENC;
private static byte[] sessionRMAC;
private static byte[] icvNextCommand;
private static IvParameterSpec ivAllZeros = new IvParameterSpec(new byte[]{0, 0, 0, 0, 0, 0, 0, 0});
private static byte[] staticKey = hexStringToByteArray("404142434445464748494a4b4c4d4e4f4041424344454647");
private static byte[] newKey = hexStringToByteArray("505152535455565758595a5b5c5d5e5f");
private static byte[] CMAC;
* @param args the command line arguments
public static void main(String[] args) throws Exception {
initiateCardChannel();
String apduString = generateSelectAPDU("a000000003535041");
byte[] bufferC = hexStringToByteArray(apduString);
CommandAPDU capdu = new CommandAPDU(bufferC);
System.out.println("Sending APDU Select AID: " + byteArrayToHexString(bufferC));
ResponseAPDU rapdu = channel.transmit(capdu);
System.out.println("Sending Apdu: Done!");
System.out.println("Waiting For Response...");
byte[] bufferR = rapdu.getData();
String responseData = byteArrayToHexString(rapdu.getBytes());
System.out.println("Response: " + responseData);
apduString = generateInitializeUpdateAPDU();
bufferC = hexStringToByteArray(apduString);
capdu = new CommandAPDU(bufferC);
System.out.println("Sending APDU Initialize Update: " + byteArrayToHexString(bufferC));
rapdu = channel.transmit(capdu);
System.out.println("Sending Apdu: Done!");
System.out.println("Waiting For Response...");
bufferR = rapdu.getData();
responseData = byteArrayToHexString(rapdu.getBytes());
System.out.println("Response: " + responseData);
// protocol 01
//System.arraycopy(bufferR,0,keyDiversification,0,10);
//System.arraycopy(bufferR,10,keyInformation,0,2);
//System.arraycopy(bufferR,12,cardChallenge,0,8);
//System.arraycopy(bufferR,20,cardCryptogram,0,8);
// protocol 02
System.arraycopy(bufferR, 0, keyDiversification, 0, 10);
System.arraycopy(bufferR, 10, keyInformation, 0, 2);
System.arraycopy(bufferR, 12, sequenceCounter, 0, 2);
System.arraycopy(bufferR, 14, cardChallenge, 0, 6);
System.arraycopy(bufferR, 20, cardCryptogram, 0, 8);
keyDiversificationHexString = byteArrayToHexString(keyDiversification);
keyInformationHexString = byteArrayToHexString(keyInformation);
sequenceCounterHexString = byteArrayToHexString(sequenceCounter);
cardChallengeHexString = byteArrayToHexString(cardChallenge);
cardCryptogramHexString = byteArrayToHexString(cardCryptogram);
System.out.println("keyDiversification: " + keyDiversificationHexString);
System.out.println("keyInformation: " + keyInformationHexString);
System.out.println("sequenceCounter: " + sequenceCounterHexString);
System.out.println("cardChallenge: " + cardChallengeHexString);
System.out.println("cardCryptogram: " + cardCryptogramHexString);
System.out.println("Calculating Session Keys... encryption with CBC");
//E.4.1 GP 2.1.1
sessionCMAC = deriveEncryptionCBC(staticKey, hexStringToByteArray("0101" + sequenceCounterHexString + "000000000000000000000000"));
System.out.println("sessionCMAC is :" + byteArrayToHexString(sessionCMAC) + ": with sequence counter:" + sequenceCounterHexString);
sessionRMAC = deriveEncryptionCBC(staticKey, hexStringToByteArray("0102" + sequenceCounterHexString + "000000000000000000000000"));
System.out.println("sessionRMAC is :" + byteArrayToHexString(sessionRMAC) + ": with sequence counter:" + sequenceCounterHexString);
sessionDEK = deriveEncryptionCBC(staticKey, hexStringToByteArray("0181" + sequenceCounterHexString + "000000000000000000000000"));
System.out.println("sessionDEK is :" + byteArrayToHexString(sessionDEK) + ": with sequence counter:" + sequenceCounterHexString);
sessionENC = deriveEncryptionCBC(staticKey, hexStringToByteArray("0182" + sequenceCounterHexString + "000000000000000000000000"));
System.out.println("sessionENC is :" + byteArrayToHexString(sessionENC) + ": with sequence counter:" + sequenceCounterHexString);
System.out.println("Calculating and Verifying Card Cryptogram...");
byte[] signature = cbcMACSignature(hexStringToByteArray(hostChallengeHexString + sequenceCounterHexString + cardChallengeHexString + "8000000000000000"), sessionENC);
String signatureHexString = byteArrayToHexString(signature);
if (signatureHexString.equalsIgnoreCase(cardCryptogramHexString)) {
System.out.println("signature is :" + signatureHexString + "\ncardCryptogram is :" + cardCryptogramHexString + " \nCard cryptogram authenticated");
apduString = generateExternalAuthenticateAPDU();
bufferC = hexStringToByteArray(apduString);
capdu = new CommandAPDU(bufferC);
System.out.println("Sending APDU External Authenticate: " + byteArrayToHexString(bufferC));
rapdu = channel.transmit(capdu);
System.out.println("Sending Apdu: Done!");
System.out.println("Waiting For Response...");
bufferR = rapdu.getData();
responseData = byteArrayToHexString(rapdu.getBytes());
System.out.println("Response: " + responseData);
apduString = generatePutKeyAPDU();
bufferC = hexStringToByteArray(apduString);
capdu = new CommandAPDU(bufferC);
System.out.println("Sending APDU Put Key: " + byteArrayToHexString(bufferC));
rapdu = channel.transmit(capdu);
System.out.println("Sending Apdu: Done!");
System.out.println("Waiting For Response...");
bufferR = rapdu.getData();
responseData = byteArrayToHexString(rapdu.getBytes());
System.out.println("Response: " + responseData);
} else {
System.out.println("signature is :" + signatureHexString + "\ncardCryptogram is :" + cardCryptogramHexString + " \nCard cryptogram is not authenticated");
releaseCardChannel();
public static byte[] cbcMACSignature(byte[] data, byte[] sessionSENC) throws AuthenticationException {
IvParameterSpec params =
new IvParameterSpec(new byte[]{0, 0, 0, 0, 0, 0, 0, 0});
if (sessionSENC.length == 16) {
byte[] temp = (byte[]) sessionSENC.clone();
sessionSENC = new byte[24];
System.arraycopy(temp, 0, sessionSENC, 0, temp.length);
System.arraycopy(temp, 0, sessionSENC, 16, 8);
byte[] temp = null;
SecretKey secretKey = new SecretKeySpec(sessionSENC, "DESede");
try {
Cipher cbcDES = Cipher.getInstance("DESede/CBC/NoPadding");
cbcDES.init(Cipher.ENCRYPT_MODE, secretKey, params);
temp = cbcDES.doFinal(data);
} catch (GeneralSecurityException e) {
e.printStackTrace();
byte[] signature = new byte[8];
System.arraycopy(temp, temp.length - 8, signature, 0, signature.length);
return signature;
// generateInitialUpdateAPDU()
//CLA '80'
//INS '50' INITIALIZE UPDATE
//P1 'xx' Key Version Number
//P2 '00' Reference control parameter P2
//Lc '08' Length of host challenge
//Data 'xx xx…' Host challenge
//Le '00'
//RESPONSE TEMPLATE
//Key diversification data 10 bytes
//Key information 2 bytes
//Card challenge 8 bytes
//Card cryptogram 8 bytes
public static String generateInitializeUpdateAPDU() throws Exception {
hostChallenge = generateHostChallenge();
hostChallengeHexString = byteArrayToHexString(hostChallenge);
return "8050000008" + hostChallengeHexString + "00";
//CLA '80' or '84'
//INS 'D8' PUT KEY
//P1 'xx' Reference control parameter P1 Key Version Number -- '00' is new key range is '01' to '7F'
//P2 'xx' Reference control parameter P2 Key Identifier -- '00' to '7F'
//Lc 'xx' Length of data field
//Data 'xxxx..' Key data (and MAC if present)
//Le '00'
public static String generatePutKeyAPDU() throws Exception {
String keyCheckValue = new String();
//keyCheckValue = keyCheckValue.substring(keyCheckValue.length() - (3 * 2));
keyCheckValue = byteArrayToHexString(deriveEncryptionECB(newKey, hexStringToByteArray("0000000000000000")));
keyCheckValue = keyCheckValue.substring(keyCheckValue.length() - (3 * 2));
System.out.println("keyCheckValue :" + keyCheckValue + " 3DES ECB, key is new key '505152535455565758595a5b5c5d5e5f5051525354555657', data is 8 zeroes");
String encryptedNewKey = byteArrayToHexString(deriveEncryptionECB(sessionDEK, newKey));
//System.out.println("sessionDEK.getEncoded() :" + sessionDEK.getEncoded() + " len is:" + sessionDEK.getEncoded().length);
System.out.println("encryptedNewKey :" + encryptedNewKey);
//testing newKey
String dataField = "01" + "8010" + encryptedNewKey + "03" + keyCheckValue + "8010" + encryptedNewKey + "03" + keyCheckValue + "8010" + encryptedNewKey + "03" + keyCheckValue;
// String dataField2 = "01" + "8010" + byteArrayToHexString(newKey) + "03" + keyCheckValue + "8010" + byteArrayToHexString(newKey) + "03" + keyCheckValue + "8010" + byteArrayToHexString(newKey) + "03" + keyCheckValue;
System.out.println("datafield to calculate cmac :" + dataField);
System.out.println("icv to calculate cmac is previous mac first 8 byte sessionCMAC in CBC single des :" + byteArrayToHexString(icvNextCommand));
CMAC = generateCMac2((byte) 0x84, (byte) 0xD8, (byte) 0x00, (byte) 0x81, hexStringToByteArray(dataField), sessionCMAC, icvNextCommand);
System.out.println("data field with des padding for encryption (encryption in CBC sessionENC) :" + desPadding(dataField));
String dataField3 = byteArrayToHexString(deriveEncryptionCBC(sessionENC, hexStringToByteArray(desPadding(dataField))));
System.out.println("data field after encryption :" + dataField3);
Integer CMACLen = byteArrayToHexString(CMAC).length() / 2;
System.out.println("CMACLen :" + CMACLen);
Integer dataFieldLen = dataField3.length() / 2;
System.out.println("dataFieldLen :" + dataFieldLen);
Integer intLc = dataFieldLen + CMACLen;
System.out.println("intLc :" + intLc);
String hexLc = Integer.toString(intLc, 16);
System.out.println("hexLc :" + hexLc);
return "84D80081" + hexLc + dataField3 + byteArrayToHexString(CMAC) + "00";
//generateExternalAuthenticateAPDU()
//CLA '84'
//INS '82' EXTERNAL AUTHENTICATE
//P1 'xx' Security level --'03' C-DECRYPTION and C-MAC.--'01' C-MAC.'00' No secure messaging expected.
//P2 '00' Reference control parameter P2
//Lc '10' Length of host cryptogram and MAC
//Data 'xx xx…' Host cryptogram and MAC
//Le Not present
public static String generateExternalAuthenticateAPDU() throws Exception {
System.out.println("Calculating and Verifying Host Cryptogram...");
hostCryptogram = cbcMACSignature(hexStringToByteArray(sequenceCounterHexString + cardChallengeHexString + hostChallengeHexString + "8000000000000000"), sessionENC);
hostCryptogramHexString = byteArrayToHexString(hostCryptogram);
System.out.println("hostCryptogram is :" + hostCryptogramHexString);
CMAC = generateCMac2((byte) 0x84, (byte) 0x82, (byte) 0x03, (byte) 0x00, hostCryptogram, sessionCMAC, new byte[]{0, 0, 0, 0, 0, 0, 0, 0});
return "8482030010" + hostCryptogramHexString + byteArrayToHexString(CMAC);
// generateSelectAPDU()
//CLA '00' ISO/IEC 7816-4 command
//INS 'A4' SELECT
//P1 'xx' Reference control parameter P1 --'04' select by name
//P2 'xx' Reference control parameter P2 --'00' First or only occurrence --'02' Next occurrence
//Lc 'xx' Length of AID
//Data 'xxxx..' AID of Application to be selected
//Le '00'
// RESPONSE TEMPLATE
//'6F' File Control Information (FCI template) Mandatory
//'84' Application / file AID Mandatory
//'A5' Proprietary data Mandatory
//'73' Security Domain Management Data (see Appendix F for detailed coding) Optional
//'9F6E' Application production life cycle data Optional
//'9F65' Maximum length of data field in command message Mandatory
public static String generateSelectAPDU(String AID) throws Exception {
String AIDlen = Integer.toString(AID.length() / 2, 16);
if (AIDlen.length() == 1) {
AIDlen = "0" + AIDlen;
System.out.println("00A40400" + AIDlen + AID);
return "00A40400" + AIDlen + AID;
public static String byteArrayToHexString(byte[] b) throws Exception {
String result = "";
for (int i = 0; i < b.length; i++) {
result +=
Integer.toString((b[i] & 0xff) + 0x100, 16).substring(1);
return result;
public static void initiateCardChannel() throws CardException {
System.out.println("Connecting to Java Card...");
TerminalFactory factory = TerminalFactory.getDefault();
List<CardTerminal> terminals = factory.terminals().list();
System.out.println("Terminals Detected: " + terminals);
// get the first terminal
System.out.println("Connecting to: " + terminals + "...");
CardTerminal terminal = terminals.get(0);
System.out.println("Connected to: " + terminals);
// establish a connection with the card
System.out.println("Connecting to Java Card...");
card = terminal.connect("T=0");
System.out.println("Connected to card: " + card);
System.out.println("Obtaining Channel...");
channel = card.getBasicChannel();
System.out.println("Connecting to Channel: " + channel.getChannelNumber());
public static void releaseCardChannel() throws CardException {
System.out.println("Disconnection all...");
card.disconnect(false);
System.out.println("Disconnection Done");
System.out.println("*END*");
public static byte[] hexStringToByteArray(String s) {
int len = s.length();
byte[] data = new byte[len / 2];
for (int i = 0; i < len; i += 2) {
data[i / 2] = (byte) ((Character.digit(s.charAt(i), 16) << 4) + Character.digit(s.charAt(i + 1), 16));
return data;
//To generate the derivation data:
public static byte[] deriveEncryptionCBC(byte[] keyData, byte[] data) throws GeneralSecurityException {
//Key key = getSecretKey(keyData);
if (keyData.length == 16) {
byte[] temp = (byte[]) keyData.clone();
keyData = new byte[24];
System.arraycopy(temp, 0, keyData, 0, temp.length);
System.arraycopy(temp, 0, keyData, 16, 8);
SecretKey secretKey = new SecretKeySpec(keyData, "DESede");
IvParameterSpec dps =
new IvParameterSpec(new byte[]{0, 0, 0, 0, 0, 0, 0, 0});
String algorithm = "DESede/CBC/NoPadding";
Cipher desedeCBCCipher = Cipher.getInstance(algorithm);
desedeCBCCipher.init(Cipher.ENCRYPT_MODE, secretKey, dps);
byte[] result = desedeCBCCipher.doFinal(data);
//adjustParity(result);
return result;
public static byte[] deriveEncryptionECB(byte[] keyData, byte[] data) throws GeneralSecurityException {
//Key key = getSecretKey(keyData);
if (keyData.length == 16) {
byte[] temp = (byte[]) keyData.clone();
keyData = new byte[24];
System.arraycopy(temp, 0, keyData, 0, temp.length);
System.arraycopy(temp, 0, keyData, 16, 8);
SecretKey secretKey = new SecretKeySpec(keyData, "DESede");
String algorithm = "DESede/ECB/NoPadding";
Cipher desedeCBCCipher = Cipher.getInstance(algorithm);
desedeCBCCipher.init(Cipher.ENCRYPT_MODE, secretKey);
byte[] result = desedeCBCCipher.doFinal(data);
//adjustParity(result);
return result;
* Adjust a DES key to odd parity
* @param key
* to be adjusted
public static byte[] adjustParity(byte[] key) {
for (int i = 0; i < key.length; i++) {
int akku = (key[i] & 0xFF) | 1;
for (int c = 7; c > 0; c--) {
akku = (akku & 1) ^ (akku >> 1);
key[i] = (byte) ((key[i] & 0xFE) | akku);
return key;
public static byte[] generateCMac2(byte cla, byte ins, byte p1, byte p2, byte[] dataField, byte[] SMacSessionKey, byte[] icv) throws GeneralSecurityException, Exception {
if (SMacSessionKey.length == 16) {
byte[] temp = (byte[]) SMacSessionKey.clone();
SMacSessionKey = new byte[24];
System.arraycopy(temp, 0, SMacSessionKey, 0, temp.length);
System.arraycopy(temp, 0, SMacSessionKey, 16, 8);
byte[] cMac = new byte[8];
byte[] padding = {(byte) 0x80, 0, 0, 0, 0, 0, 0, 0};
int paddingRequired = 8 - (5 + dataField.length) % 8;
byte[] data = new byte[5 + dataField.length + paddingRequired];
//Build APDU
data[0] = cla;
data[1] = ins;
data[2] = p1;
data[3] = p2;
data[4] = (byte) ((byte) dataField.length + (byte) 0x08);
System.arraycopy(dataField, 0, data, 5, dataField.length);
System.arraycopy(padding, 0, data, 5 + dataField.length, paddingRequired);
System.out.println("data to calculate mac :" + byteArrayToHexString(data));
System.out.println("icv to calculate mac :" + byteArrayToHexString(icv));
Cipher cipher = Cipher.getInstance("DESede/CBC/NoPadding");
Cipher singleDesCipher = Cipher.getInstance("DES/CBC/NoPadding", "SunJCE");
SecretKeySpec desSingleKey = new SecretKeySpec(SMacSessionKey, 0, 8, "DES");
SecretKey secretKey = new SecretKeySpec(SMacSessionKey, "DESede");
//Calculate the first n - 1 block. For this case, n = 1
IvParameterSpec ivSpec = new IvParameterSpec(icv);
singleDesCipher.init(Cipher.ENCRYPT_MODE, desSingleKey, ivSpec);
byte ivForLastBlock[] = singleDesCipher.doFinal(data, 0, 8);
int blocks = data.length / 8;
for (int i = 0; i < blocks - 1; i++) {
singleDesCipher.init(Cipher.ENCRYPT_MODE, desSingleKey, ivSpec);
byte[] block = singleDesCipher.doFinal(data, i * 8, 8);
ivSpec = new IvParameterSpec(block);
int offset = (blocks - 1) * 8;
cipher.init(Cipher.ENCRYPT_MODE, secretKey, ivSpec);
cMac = cipher.doFinal(data, offset, 8);
ivSpec = new IvParameterSpec(new byte[8]);
singleDesCipher.init(Cipher.ENCRYPT_MODE, desSingleKey, ivSpec);
icvNextCommand = singleDesCipher.doFinal(cMac);
return cMac;
public static byte[] generateHostChallenge() {
byte[] hostChallenge = new byte[CHALLENGE_LENGTH];
SecureRandom random = new SecureRandom();
random.nextBytes(hostChallenge);
return hostChallenge;
public static String desPadding(String hexString) {
System.out.println("String to pad before:" + hexString);
hexString = hexString + "80";
int hexStringLen = hexString.length() / 2;
int padding = 8 - (hexStringLen % 8);
for (int i = 0; i < padding; i++) {
hexString = hexString + "00";
System.out.println("String to pad after :" + hexString);
return hexString;
}Thanks in advance
Kamran -
Session variable and initialization block issues
We are using OBIEE 10.1.3.3 and utilizes built in security features. (No LDAP or other single sign on). The user or group names are not stored in any external table. I have a need to supplement Group info of the user to the usage tracking we implemented recently as the NQ_LOGIN_GROUP.RESP column contains username instead of group name. So I created a session variable and associated with a new initialization block and also had a junk default value set to the variable. In the initialization block, I wrote the following query and as a result it inserted correct values into the table when the TEST button was clicked from the initialization block form.
insert into stra_login_data (username, groupname, login_time) values ('VALUEOF(NQ_SESSION.USER)', 'VALUEOF(NQ_SESSION.GROUP)', SYSDATE)
My intention is to make this execute whenever any user logs on. The nqserver.log reports the following error and it doesn?t insert values into the table.
[nQSError: 13011] Query for Initialization Block 'SET_USER_LOGIN_BLOCK' has failed.
[nQSError: 23006] The session variable, NQ_SESSION.USER, has no value definition.
[nQSError: 13011] Query for Initialization Block 'SET_USER_LOGIN_BLOCK' has failed.
[nQSError: 23006] The session variable, NQ_SESSION.GROUP, has no value definition.
When I changed the insert statement as below, this does get populated whenever someone logs in. But I need the values of GROUP associated with the user as defined in the repository.
insert into stra_login_data (username, groupname, login_time) values ('TEST_USER', TEST_GROUP', SYSDATE)
Could someone help me out! As I mentioned above, I need the GROUP info into the usage tracking. So, if there is another successful approach, could you please share?
Thank you
AminHi Amin,
See [this thread|http://forums.oracle.com/forums/thread.jspa?messageID=3376946�]. You can't use the GROUP session variable in an Init Block unless it has been seeded from an Init Block first. There isn't an easy solution for what you want, but here are some options:
1) Create a copy of your User => Groups assignments in your RPD in an table so you can use it in your Usage Tracking Subject Area. But this means you will have to replicate the changes in two places so it's not a good solution.
2) As the GROUP session variable is populated when you login you could theoretically use it a Dashboard and pass it a parameter to write the value to the database. But as I am not sure how can you make fire only once when the user logins it sounds like a bad idea.
3) Move your User => Groups assignments from your RPD to a DB table. Use OBIEE Write Back or something like Oracle APEX to maintain them.
I think 3) is the best solution to be honest. -
Session variable and Tracking in Header file
Is there a way for me to keep track of the session and use a variable in my Header to pass around for this?
I have a login.jsp, validate_login.jsp and other jsp's that have the same header file. Instead of me using the same code in all of the jsp's I thought it would be easier to put it in the header Please look at the example code below:
// validate_login.jsp is passed username and password from the login.jsp.
// validate_login then calls the logIn method in my Session class.
<%@page contentType="text/html"%>
<%@page pageEncoding="UTF-8"%>
<%@page import="uom.edu.rd.session.Session"%>
<html>
<head><title>Validate Login</title></head>
<body>
<jsp:include page="header.jsp" />
<%
String username = request.getParameter("username");
String password = request.getParameter("password");
this_session.logIn(username, password);
boolean b = this_session.getLoggedIn();
%>
==================================================================
// The logIn method in Session class
public void logIn(String userName, String password) {
Connection con = null;
Statement stmt = null;
ResultSet rs = null;
try{
con = db.getConnection();
stmt = con.createStatement();
String sql = "SELECT * FROM RD_USER WHERE USER_NAME = '" + userName +"' AND USER_PASSWORD = '" + password + "'";
rs = stmt.executeQuery(sql);
if(rs.next()){
loggedIn=true;
}else{
loggedIn=false;
catch(Exception e){
// If something goes wrong, make sure
// the user is not logged in.
loggedIn=false;
}finally{
try{
rs.close();
stmt.close();
con.close();
}catch(Exception e){
* Log the user out.
public void logOut() {
loggedIn = false;
* Get the login status.
* @return boolean
public boolean getLoggedIn() {
return loggedIn;
==================================================================
// and this is part of my header.jsp
<%@page import="uom.edu.rd.session.Session"%>
<%
Session this_session = Session.findSession(request);
if ( this_session==null ) {
/* Now, instead of redirecting, create a new Session
* object and initialize it.
this_session = new Session();
this_session.makeSession(request);
this_session.createQueryBuilder(config);
%>
// This is the part I would like to pass around
<!-- Session logged_in = new Session(); -->
<%
boolean loggedIn = this_session.getLoggedIn();
if (loggedIn == false)
{ %>
<A STYLE="color:#FFFFFF;text-decoration:none;" HREF="./login.jsp"><FONT COLOR="#FFFFFF">LOG IN</font></a> <FONT COLOR="#FFFFFF"></font>
<% } else { %>
<A STYLE="color:#FFFFFF;text-decoration:none;" HREF="./logout.jsp"><FONT COLOR="#FFFFFF">LOG OUT</font></a> <FONT COLOR="#FFFFFF"></font>
<% }
%>
// so if you are logged in then you are able to view certain things on the jsp's if you are not logged in
// then of course you cannot. I want to pass around this loggedIn variable to all the jsp's
// after it checks loggIn Status for each page I have tried running this but I keep getting an error: cannot resolve symbol this_sessionUse <%@ include file="header.jsp" %> instead
-
Hi,
As I understand it, in the process of making an SSL connection (during the handshake) certificates are exchanged and their identities are authenticated, and then each create an identical (symetric) session key which will be used to encrypt communication.
My questions are:
1) What algorithm/encryption engine is used to create this key?
2) How strong is the algorithm that generates the key, and what type of key is used?
3) How can custom cyrptographic providers be used with SSL to generate these session keys?
4) Is there a way to force the SSL connection to use one specific method of generating the session key, and fail if it can't?
5) Is there a web page that gives me the deatail on these topics?
I've been looking around, but I can't find the answers to these specific questions.
Any help would be much appreciated, thanks,
JasonYou may consider to look on the following resources:
SSL v3 http://ssllib.sourceforge.net/draft302.txt
SSL v2 http://ssllib.sourceforge.net/SSLv2.spec.html
TLS v1 http://ssllib.sourceforge.net/rfc2246.txt
SSL and TLS book http://www.rtfm.com/sslbook/
JSSE Guide
http://java.sun.com/j2se/1.4/docs/guide/security/jsse/JSSERefGuide.html
http://java.sun.com/j2se/1.4/docs/guide/security/jsse/JSSERefGuide.html#SSLDocs
The algorithms used in SSL hanshake and then in data transmition are driven by the choosen cipher suite http://java.sun.com/j2se/1.4/docs/guide/security/jsse/JSSERefGuide.html#CipherSuite I.e. TLS_RSA_WITH_RC4_128_MD5. See SSLSocket documentation on how to set enabled suites - http://java.sun.com/j2se/1.4/docs/api/javax/net/ssl/SSLSocket.html#setEnabledCipherSuites(java.lang.String[]) -
Nnot Get Session Key for Authentication
I found in trace file of my application
(TRACE_LEVEL_CLIENT = SUPPORT in sqlnet.ora):
ORA-28035 Cannot Get Session Key for Authentication
Cause: Client and server cannot negotiate shared secret during logon.
What is the session key and how to obtain it?DISABLE_OOB = ON
NAMES.DEFAULT_DOMAIN = domain
NAMES.DIRECTORY_PATH= (TNSNAMES)
SQLNET.CRYPTO_SEED = P9EBHPQFLEIAJNUFAZHQP8JBNES8EBEEHS895LCWW9UZKO9HR2R2E5GDN7JV15T27QJO97D89BQAWSRF
# SQLNET.CRYPTO_CHECKSUM_SERVER = requested
# SQLNET.CRYPTO_CHECKSUM_CLIENT = requested
# SQLNET.ENCRYPTION_SERVER = requested
# SQLNET.ENCRYPTION_CLIENT = requested
SQLNET.RADIUS_AUTHENTICATION = ad1.domain
# SQLNET.RADIUS_AUTHENTICATION_PORT = (PORT)
SQLNET.RADIUS_AUTHENTICATION_TIMEOUT = 5
SQLNET.RADIUS_AUTHENTICATION_RETRIES = 3
SQLNET.RADIUS_ALTERNATE = ad2.nlmk
# SQLNET.RADIUS_ALTERNATE_PORT = (1645)
SQLNET.RADIUS_ALTERNATE_TIMEOUT = 5
SQLNET.RADIUS_ALTERNATE_RETRIES = 3
SQLNET.RADIUS_SEND_ACCOUNTING = ON
# SQLNET.RADIUS_SECRET=(path/radius.key)
SQLNET.AUTHENTICATION_SERVICES = (NTS, BEQ,RADIUS)
# TRACE_LEVEL_CLIENT = SUPPORT
# TRACE_LEVEL_SERVER = SUPPORT
domain is the name of my windows domain
TNSNAMES.ORA
SERVER.DOMAIN =
(DESCRIPTION =
(ADDRESS_LIST =
(ADDRESS = (PROTOCOL = TCP)(HOST = server.domain)(PORT = 1521))
(CONNECT_DATA =
(SERVICE_NAME = server.domain)
) -
Regarding Logical level key and row wise initialization
Hi Gurus,
What is the purpose of row wise initialization in external table authentication and when we have to go for row wise initialization.
Why we have to enable logical level key in hierarchy is this only for getting drill down to the next level if we make two columns as logical level key what will happens. If we want to enable a column as a logical level key what are the character sticks that column should satisfy.
Thanks,1) Row Wise Initialization used to hold multiple values in a variable. Let says SQL gives 4 rows (A,B,C,D) as output. Now I want to hold 4 value in a variable to get this happen we need to go for RowwiseIniziation. If you do not do this at any point in time Variable holds only value A not others. Simply it works as Array.
2) Level keys define the unique elements in each level and provide the context for drill down. You can make two logical columns as logical key but you need to make sure what to be displayed in your hierarchy by selecting DISPLAY. If you make to as separate logical keys and set Display for both you get two columns in the hierarchy
http://gerardnico.com/wiki/dat/obiee/hierarchy_level_based -
JAAS, EJB, GlassFish2 and session key/id
I use standalone EJB client to connect to GlassFish 2. I use custom login module on Aplication server side and ProgrammaticLogin to enter login and password.
I see that every call to any of my remote methods is resulted in sending my login and password to Application server (to my login module).
I do not want it sends login/password every time but only first time. Id like to do smth as it is done in http session.
Id like to send login and password only once when I lookup my remote interface or when I do explicit login. Then if authentication is successes Ive got smth like session key/id and use it for client identification.
How I can implement it? How I can send session key back to client on successful login? Is it possible at all in JAAS/EJB world?I think there's something wrong with your application. Have you checked google? There's plenty of threads about this same problem here already please refer to them. Please copy paste your whole stacktrace here, we experts can't help you otherwise.
Best Regards, Angus -
With LEAP, a session key is used. Cisco docs point out, that after the authentication phase, the session key is distributed from the RADIUS Server to the AP and Client.
Does this mean, that the session key is transmitted in cleartext?
I would be very happy to have an answer or doc, which offers an answer to my question.
Thanks in advance
EdgarLEAP is based on symetric keys which are generated on the RADIUS Server and the Client. The Client and Server do authentication using MS-CHAP which uses a U/P. The password is not sent over the network instead a hash key is sent. MSCHAP hashes are known to be volnurable to dictionary attacks. (If I remember correctly LEAP supports mutual auth but I forget how the client authenticates the server). If successfull both the client and the server generate the same WEP key based on the password and other clear text values. The server sends the key to the AP. This transfer is over a wired network but is encrypted. When LEAP is setup, a shared secret must be configured on the RADIUS server and the AP. This secret is used to encrypt the keys passed between the Server and AP. LEAP will also make sure that the WEP keys are rotated.
Serge -
How to set/get the initialization vector
Hi,
I have an existing database (built by non-java code) containing encrypted data. I know the algorithm, the key and the initialization vector to use in order to decrypt this data. (This is straight-forward DES encryption.)
My problem is that I can't tell from the java documentation how to set the initialization vector on a Cipher object when I need to perform decryption.
As an aside, when I try and encrypt data - the results from Cipher.getIV () are always null.
Any help greatly appreciated,
Thanks,
--JatinderTo set the initialisation vector for a Cipher, you need to use the IvParameterSpec class and specifically create the initialisation vector. This class implements the AlgorithmParameterSpec interface. This is used in one of the init() methods for the Cipher class when you set up the Cipher (ie. it accepts parameters for the mode, key and parameter spec). I also found that this was difficult to work out from the supporting documentation.
To get the initialisation vector for a Cipher, use the getIV() method after you have performed the init() call. If the vector has not been initialised before the init() call, you mayget a random result. If it has been initialised specifically, it will print out the vector that you initialised it with - I have tried this out.
Hope this helps. -
How to use Session Key-based Request Targeting Mechanism in OCCAS ??
I read Session Key-Based Request Targeting(chapter 5) in Developing SIP Applications.
But, I don't work my application using this mechanism.
I add sesssionKey function with @SipApplicationKey annotation.
I deploy this application. And then, other machine send INVITE request.
My application received INVITE request. But sessionKey function is not called before doInvite function is called.
I used @SipApplicationKey(applicationName="...") annotation.
It didn't work.
sample code is following.
Could someone help me?
import javax.servlet.ServletConfig;
import javax.servlet.ServletContext;
import javax.servlet.ServletException;
import javax.servlet.sip.SipFactory;
import javax.servlet.sip.SipServlet;
import javax.servlet.sip.SipServletMessage;
import javax.servlet.sip.SipServletRequest;
import javax.servlet.sip.SipServletResponse;
import javax.servlet.sip.SipURI;
import javax.servlet.sip.URI;
import javax.servlet.sip.annotation.SipApplicationKey;
public class app2SipServlet extends SipServlet {
private static final long serialVersionUID = 1L;
public static SipFactory sipFactory;
public static ServletContext sc;
public void init(ServletConfig cfg) throws ServletException {
super.init(cfg);
sipFactory = getSipFactory();
sc = getServletContext();
trace("+++ app2SipServlet Initialization");
@SipApplicationKey
public static String sessionKey(SipServletRequest req) {
String appid = req.getHeader("ApplicationID");
System.out.println("application id : " + appid);
return appid;
@Override
public void doRequest(SipServletRequest req) throws ServletException, IOException {
trace(req, "doRequest()");
super.doRequest(req);
@Override
protected void doInvite(SipServletRequest req) throws ServletException, IOException {
URI from = req.getFrom().getURI();
String user = ((SipURI)from).getUser();
trace(user + " : " + req.getSession().getApplicationSession().getId());
trace(user + " : " + req.getSession().getApplicationSession().getApplicationName());
SipServletResponse resp = req.createResponse(200);
resp.send();
trace(resp);
}How many servlets you have defined in your sip.xml .If there are multiple you may want to check if
-- You have defined main-servlet ?
-- or Is deployment descriptor version 1.0 or 1.1 -
Initialization vector/Blowfish/Perl
I am trying to do some encryption using the Blowfish algorithm; what I am encrypting will be written as a cookie to a browser (and I can verify that this works) and then be decrypted by a Perl program, written by someone else - I know a little something about Java, yes, but zilch about Perl!
The other programmer and I both are not all that well acquainted with cryptography in general, although we have read some introductory guides and successfully run some programs. However, the one thing we can't seem to get to work is encrypting in one language and decrypting in another. In looking at what each language required for the encryption/decryption, it looked like we would both need to use the same encryption/decryption method, the same key, the same mode, and the same padding type. So we are both using Blowfish, the same key, and PKCS5 padding. However, when it comes to the mode, as I understand it, ECB mode does not require an initialization vector, whereas CBC mode DOES. And the other programmer tells me the only mode he has available it CBC mode.
What that says to me is that I need an initialization vector to use in encryption, and this same iv will have to be used in decryption as well. I have been able to find only scant information on exactly what an initialization vector does, how long it is supposed to be, etc. He tells me that if it will help, he can set a flag in his program to "zero out" the initialization vector his program uses - he says this will have the effect of not using the iv at all. I don't know if this is indeed the case, as I can encrypt using Java and verify that the encrypted value is being passed as a cookie, but something goes wrong when it comes to decryption! My own thought is that the initialization vector must be where I'm going wrong - can anyone point me in the correct direction on this?
Thanks!
Lynn.Hi,
Here ist my test program. IMO a lot of problems with encryption results come from problems with String conversion to/from bytes (at least this was the case for me). This program uses a utility class Hex which I found in the cryptix distribution (www.cryptix.org). It is used in the program to convert between byte arrays and string representations of byte arrays.
Hope this helps
Michael
import cryptix.util.core.Hex;
import javax.crypto.Cipher;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import javax.crypto.spec.IvParameterSpec;
import java.security.GeneralSecurityException;
import java.security.NoSuchAlgorithmException;
import java.security.Security;
public class SunJCE implements ICipher {
private Cipher cipher;
private SecretKey secKey;
private IvParameterSpec iv;
public SunJCE(String transformation) throws GeneralSecurityException {
if (transformation.startsWith("Blowfish")) {
try {
cipher = Cipher.getInstance(transformation);
} catch (NoSuchAlgorithmException e) {
// Try to register provider dynamically (is static registration faster?)
System.out.println("SunJCE: Try to register provider dynamically");
Security.addProvider(
new com.sun.crypto.provider.SunJCE());
try {
cipher = Cipher.getInstance(transformation);
} catch (NoSuchAlgorithmException ex) {
System.err.println("SunJCE: Dynamic registration of SunJCE provider failed. We are giving up!");
// giving up
throw new GeneralSecurityException(ex.toString());
} else {
throw new GeneralSecurityException("SunJCE: Transformation '" + transformation + "' not supported");
public void init(byte[] key, byte[] iv) {
secKey = new SecretKeySpec(key, "Blowfish");
if (iv != null) {
// Feedback-Mode
this.iv = new IvParameterSpec(iv);
* Init the cipher with key and IV.
* @param key Key as hex string
* @param iv Initialization vector as hex string
public void init(String key, String iv) {
byte[] keybytes = Hex.fromString(key);
byte[] ivbytes = null;
if (iv != null) {
// Feedback-Mode
ivbytes = Hex.fromString(iv);
init(keybytes, ivbytes);
* Encrypt byte array
* @param data cleartext as byte array
* @return ciphertext as byte array
* @throws GeneralSecurityException
public byte[] encryptBytes(byte[] data) throws GeneralSecurityException {
if (iv == null) {
// ECB mode
cipher.init(Cipher.ENCRYPT_MODE, secKey);
} else {
// Feedback mode
cipher.init(Cipher.ENCRYPT_MODE, secKey, iv);
return cipher.doFinal(data);
* Encrypt hex string
* @param hexString cleartext
* @return ciphertext as hex string
* @throws GeneralSecurityException
public String encryptHexString(String hexString) throws GeneralSecurityException {
byte[] clearbytes = Hex.fromString(hexString);
byte[] cipherbytes = encryptBytes(clearbytes);
return Hex.toString(cipherbytes);
* Decrypt byte array
* @param data ciphertext as byte array
* @return cleartext as byte array
* @throws GeneralSecurityException
public byte[] decryptBytes(byte[] data) throws GeneralSecurityException {
if (iv == null) {
// ECB mode
cipher.init(Cipher.DECRYPT_MODE, secKey);
} else {
// Feedback mode
cipher.init(Cipher.DECRYPT_MODE, secKey, iv);
return cipher.doFinal(data);
* Decrypt hex string
* @param hexString ciphertext
* @return cleartext as hex string
* @throws GeneralSecurityException
public String decryptHexString(String hexString) throws GeneralSecurityException {
byte[] cipherbytes = Hex.fromString(hexString);
byte[] clearbytes = decryptBytes(cipherbytes);
return Hex.toString(clearbytes);
* For Tests
* Test vectors found at http://www.counterpane.com/vectors.txt
public static void main(String[] args) throws Exception {
// ECB
System.out.println("ECB:");
String hexStringClear = "0000000000000000";
System.out.println("clear: " + hexStringClear);
SunJCE cipher = new SunJCE("Blowfish/ECB/NoPadding");
cipher.init("0000000000000000", null);
String hexStringCipher = cipher.encryptHexString(hexStringClear);
System.out.println("encrypted: " + hexStringCipher + "(erwartet: 4EF997456198DD78)");
System.out.println("decrypted: " + cipher.decryptHexString(hexStringCipher) + "(erwartet: 0000000000000000)");
// CFB
System.out.println("CFB:");
hexStringClear = "37363534333231204E6F77206973207468652074696D6520666F722000";
System.out.println("clear: " + hexStringClear);
cipher = new SunJCE("Blowfish/CFB/NoPadding");
cipher.init("0123456789ABCDEFF0E1D2C3B4A59687", "FEDCBA9876543210");
hexStringCipher = cipher.encryptHexString(hexStringClear); // erwartet
System.out.println("encrypted: " + hexStringCipher + " (erwartet: E73214A2822139CAF26ECF6D2EB9E76E3DA3DE04D1517200519D57A6C3)");
System.out.println("decrypted: " + cipher.decryptHexString(hexStringCipher) + " (erwartet: 37363534333231204E6F77206973207468652074696D6520666F722000)");
// CBC
System.out.println("CBC:");
// hexStringClear = "37363534333231204E6F77206973207468652074696D6520666F722000"; // this is the orginal 29 byte size input string
hexStringClear = "37363534333231204E6F77206973207468652074696D6520666F722000000000"; // input-size has to be multiple of 8 bytes; so we padded the string manually with 3 zero bytes
System.out.println("clear: " + hexStringClear);
cipher = new SunJCE("Blowfish/CBC/NoPadding");
cipher.init("0123456789ABCDEFF0E1D2C3B4A59687", "FEDCBA9876543210");
hexStringCipher = cipher.encryptHexString(hexStringClear); // erwartet
System.out.println("encrypted: " + hexStringCipher + " (erwartet: 6B77B4D63006DEE605B156E27403979358DEB9E7154616D959F1652BD5FF92CC)");
System.out.println("decrypted: " + cipher.decryptHexString(hexStringCipher) + " (erwartet: 37363534333231204E6F77206973207468652074696D6520666F722000000000)");
} -
Session migration and replication
Hi All,
I am having a hard time in configuring my application for HTTP session migration. Our weblogic server consists of two managed servers running in same cluster. Each server has an Ehcache that stores some information of user with key as session ID and value as info object. In case, if a server needs restart, we would want to take this updated info Object from cache residing on server being restarted to another managed server within the same cluster.
I browsed through many documentations online. Most of them explained about session replication but not migration. so I followed replication (I don't want a real time sync up of HTTP session. I want it to migrate if something goes wrong with one of the managed server).
However, I could not achieve this task after following the steps to configure this feature. I would appreciate a lot if someone can help me figuring out the issue here.
Here is what I did.
1) Weblogic.xml
<session-descriptor>
<persistent-store-type>replicated_if_clustered</persistent-store-type>
</session-descriptor>
2) An implementation class of HttpSessionActivationListener, HttpSessionListener, HttSessionAttributeListener:
public void sessionDidActivate(HttpSessionEvent sessionEvent) {
// NEVER GETS CALLED
over here i would check if session has any attribute with name 'CACHE_ELEMENT'. If yes, then it is a migration case for current managed server
Log.info(UserCacheMigrationListener.class, "inside sessionDidActivate");//
public void sessionWillPassivate(HttpSessionEvent sessionEvent) {
// NEVER GETS CALLED
Over here I would set attribute 'CACHE_ELEMENT' so that it is available for target managed server when it's sessionDidActivate is called
Log.info(UserCacheMigrationListener.class, "inside sessionWillPassivate");
public void sessionCreated(HttpSessionEvent sessionEvent) {
THIS GETS CALLED! and I set the following attribute
sessionEvent.getHttpSession().setAttribute(UserCacheMigrationListener.class.getName(), this);
public void sessionDestroyed(HttpSessionEvent arg0) {
THIS GETS CALLED!
public void valueBound(HttpSessionBindingEvent arg0) {
THIS GETS CALLED! WHICH MEANS THAT I WAS ABLE TO setAttribute this class's instance in sessionCreatedMethod
In the above code, the setAttribute method used inside the sessionCreated(..) method successfully sets the attribute to this session. This is apparent because valueBound(..) method is called when session is created. But why does it not call the sessionWillActivate method???
3.) An entry in web.xml for this listener.
<listener>
<listener-class>com.xyz.UserCacheMigrationListener</listener-class>
</listener>
4) from weblogic config.xml. I am copying all meaning stuffs from config.xml to describe as much as I can.
<server>
<name>AdminServer</name>
<ssl>
<enabled>false</enabled>
</ssl>
<listen-address>localhost</listen-address>
<network-access-point>
<name>AdminChannel</name>
<protocol>t3</protocol>
<listen-address>localhost</listen-address>
<http-enabled-for-this-protocol>true</http-enabled-for-this-protocol>
<tunneling-enabled>false</tunneling-enabled>
<outbound-enabled>false</outbound-enabled>
<enabled>true</enabled>
<two-way-ssl-enabled>false</two-way-ssl-enabled>
<client-certificate-enforced>false</client-certificate-enforced>
</network-access-point>
<data-source>
<rmi-jdbc-security xsi:nil="true"></rmi-jdbc-security>
</data-source>
</server>
<server>
<name>Node1</name>
<ssl>
<enabled>false</enabled>
</ssl>
<machine>DevMachine</machine>
<listen-port>7002</listen-port>
<cluster>DevCluster</cluster>
<replication-group>devGroup1</replication-group>
<preferred-secondary-group>devGroup2</preferred-secondary-group>
<web-server>
<keep-alive-secs>500</keep-alive-secs>
<post-timeout-secs>120</post-timeout-secs>
</web-server>
<listen-address>localhost</listen-address>
<jta-migratable-target>
<user-preferred-server>Node1</user-preferred-server>
<cluster>DevCluster</cluster>
</jta-migratable-target>
<data-source>
<rmi-jdbc-security xsi:nil="true"></rmi-jdbc-security>
</data-source>
</server>
<server>
<name>Node2</name>
<ssl>
<enabled>false</enabled>
</ssl>
<machine>DevMachine</machine>
<listen-port>7003</listen-port>
<cluster>DevCluster</cluster>
<replication-group>devGroup2</replication-group>
<preferred-secondary-group>devGroup1</preferred-secondary-group>
<listen-address>localhost</listen-address>
<network-access-point>
<name>Node2Channel</name>
<protocol>t3</protocol>
<listen-address>localhost</listen-address>
<http-enabled-for-this-protocol>true</http-enabled-for-this-protocol>
<tunneling-enabled>true</tunneling-enabled>
<outbound-enabled>false</outbound-enabled>
<enabled>true</enabled>
<two-way-ssl-enabled>false</two-way-ssl-enabled>
<client-certificate-enforced>false</client-certificate-enforced>
</network-access-point>
<jta-migratable-target>
<user-preferred-server>Node2</user-preferred-server>
<cluster>DevCluster</cluster>
</jta-migratable-target>
<data-source>
<rmi-jdbc-security xsi:nil="true"></rmi-jdbc-security>
</data-source>
</server>
<cluster>
<name>DevCluster</name>
<cluster-messaging-mode>unicast</cluster-messaging-mode>
</cluster>
<machine>
<name>DevMachine</name>
<node-manager>
<nm-type>Plain</nm-type>
</node-manager>
</machine>
<migratable-target>
<name>Node1 (migratable)</name>
<notes>This is a system generated default migratable target for a server. Do not delete manually.</notes>
<user-preferred-server>Node1</user-preferred-server>
<cluster>DevCluster</cluster>
</migratable-target>
<migratable-target>
<name>Node2 (migratable)</name>
<notes>This is a system generated default migratable target for a server. Do not delete manually.</notes>
<user-preferred-server>Node2</user-preferred-server>
<cluster>DevCluster</cluster>
</migratable-target>
------------------------------------------------------------------------------------------------------------------Hi,
So you want to migrate your server to server.
Here are the following links which help you.
http://docs.oracle.com/cd/E15051_01/wls/docs103/cluster/migration.html
http://www.oracle.com/technetwork/middleware/weblogic/messaging/wlasm-1853193.pdf
let me know the status if you need any further help on this issue.
Regards,
Kal -
Session state and browser cache - Back button problem
Hi all,
I have a problem (and unless I'm missing something I think we all do) with session state and use of the browser's Back button. I really hope I'm just being dumb...
Background scenario:
Page P has a sidebar list allowing the user to select what content is displayed (e.g. 'stuff relating to X, Y or Z' where X, Y and Z are rows in, say, a table of projects). When a list entry is clicked, we branch to page P with the value of the list item placed in an application-level item (call it G_PROJECT). Reports on page P use G_PROJECT in their WHERE clauses.
So, click list entry X and G_PROJECT is set to X and page P shows reports for project X.
Page P also has a set of buttons which branch to various edit pages which allow attributes of page P's current project to be updated. These pages similarly use G_PROJECT in their WHERE clauses.
Problem scenario:
1. The user goes to page P and picks project X off the list. Project X's stuff is displayed (G_PROJECT = X).
2. The user then picks project Y off the list. Project Y's stuff is displayed (G_PROJECT = Y).
3. The user then clicks the browser's Back button. The page is served from browser cache, so project X's stuff is displayed, but G_PROJECT still = Y.
4. The user clicks an 'Edit' button; we submit, and branch to an edit page which displays (and will edit) data for project Y because G_PROJECT still = Y.
This is SERIOUSLY BAD NEWS - apart from being confusing, the user's edit permissions on projects X and Y may differ, and so the user may be able to perform 'illegal' updates.
I've read what I can on this forum and the rest of the web looking for ways to a) inhibit browsers' 'Back' functions and/or b) prevent pages being cached by the browser, but none of them have worked for me.
Short of waiting for browser manufacturers to recognise that the web is now full of applications as well as static pages, and enable robust programmatic control of cache behaviour, does anybody know how the problem can be avoided - or at least detected?
Thanks,
jd
Failed attempts to date:
<meta http-equiv="cache-control" content="no-cache">
<meta http-equiv="cache-control" content="no-store">
<meta http-equiv="cache-control" content="private">
<meta http-equiv="cache-control" content="max-age=0, must-revalidate">
<meta http-equiv="expires" content="Wed, 09 Aug 2000 01:01:01 GMT">
<meta http-equiv="pragma" content="no-cache">
Disallowing duplicate submission (page attribute).
window.history.go(1);Thanks Scott,
I may be being dumb here but I don't see how that would help...
P250_PROJECT and G_PROJECT are currently kept in sync by app logic. Whichever is used to drive, if the page is rendered from cache then the app logic is not executed, so the rendered page contents are not those keyed by P250_PROJECT, as illustrated in steps 1-4 of the problem above.
The user sees X, the session items say Y. The engine doesn't know what the user is seeing.
when page P is POSTed, its hidden item P250_PROJECT should always be used to derive the application item G_PROJECT. Then whether the page was pulled from cache or rendered anew via a click from the sidebar link, the project ID is determined by the contents of that page.
As I said above I tried this, with the 'Edit' branch set to:
Set these items: G_PROJECT
With these values: &P250_PROJECT.
but it makes no difference. The project ID is not determined by the rendered page contents - the engine gets the value of P250_PROJECT from session state.
I can code the 'Edit' pages such that they check permissions and if necessary redirect back to p250 (conditional before-header branch), but that's a clunky cure rather than the prevention I was hoping for.
Please tell me if my understanding is incorrect.
jd -
Facebook Export issue - session key validity?
Love the new feature to upload to Facebook/Flickr - however, everything has been working fine until this morning, went to upload a jpg to Facebook and I get the following error message:
"Bridge encountered and error while exporting: Session key invalid or no longer valid."
The very same file just exported to Flickr no problems. Tried resetting the Module (re-creating from scratch), logged back into Facebook through Bridge, re-authorized, even restarted Bridge and made a completely new file to try in case that jpg was corrupt. Same error every time. I blame Facebook, just wondering if there's a workaround.
Cheers on CS5!Sorry, should've mentioned, I did run the updater beforehand and am currently having these issues in 4.0.2.1
EDIT 1:
Solved (see below), per other post:
In the export panel choose the tiny menu icon top right and click on manage modules. In this view there is also a toothed wheel icon. Click on it and choose reinstall all modules. After this you should restart Bridge.
EDIT 2:
Not so solved - worked for awhile, then suddenly stopped working, tried reinstalling all the modules again, restarting Bridge and now cannot repair the Facebook functionality. Submitting as bug, since only 'fix' is temporary and unreliable.
Message was edited by: ficholasnorneris
Maybe you are looking for
-
My Photo website host (SmugMug) converts uploaded video files at a specific Data Rate in Mbps before installing them. I would like to compress my slideshow video file to the same rate before I upload it to reduce file size and upload time. When I cho
-
Using regular expressions for validating time fields
Similar to my problem with converting a big chunk of validation into smaller chunks of functions I am trying to use Regular Expressions to handle the validation of many, many time fields in a flexible working time sheet. I have a set of FormCalc scri
-
Unable to submit form through Windows XP Home edition
Hi All Gurus, I am facing a strange problem with Windows XP Home edition users. We are mailing a survey form having some radio button, textarea, text box for each question asked and "Submit" button. When the user opens the mail, fill the survey form
-
Oracle 10g: Is there a defaul limit on how many user connections are allowed to connect to DB? Is there a way to set it or view the current limit.
-
TC & Linkys together for Wifi Network?
Ok so I have a wireless router (a 2.4GB) Linksys WRT54G hooked up to the cable modem in our house on the first floor. I use a hardwire ethernet cable to connect that to my G5 iMac. I just recently purchases a 1st generation 500GB Time Capsule. What I