Setting Application Context Attributes for Enterprise Users Based on Roles
Hello,
We have an Oracle 11g database with a table containing data from multiple sites (a SiteID field identifies the site for a record). Since application users can have access to different subsets of sites, we would like to use Oracle's Virtual Private Database feature to enforce row-level security on the table.
I did a successful proof-of-concept with database users. I created a role for each site (example: USER_SITE_A, USER_SITE_B, ...), and then assigned the appropriate site roles to each database user. I then created a package (run via a logon trigger) which set application context attributes for each site. If the current database user has been assigned a role for a given site, then the corresponding attribute named "SITE_PRIVILEGE_SiteID" is set to 'Y'... otherwise, it is set to 'N'. Here is the code which worked to set application context attributes for database users:
-- For each record in my RoleSitePrivileges table, set
-- an attribute named 'SITE_PRIVILEGE_<SiteID>'.
-- If the current user has been assigned a role matching
-- the value in the 'RoleName' field, set the corresponding
-- attribute to 'Y'... otherwise, set it to 'N'.
FOR iPrivRec IN (SELECT RoleName, SiteID
FROM RoleSitePrivileges
ORDER BY SiteID)
LOOP
SELECT COUNT(*)
INTO roleExists
FROM dba_role_privs
WHERE granted_role = UPPER(iPrivRec.RoleName)
AND grantee = USER;
IF roleExists > 0 THEN
DBMS_SESSION.set_context(
namespace => 'my_ctx',
attribute => 'SITE_PRIVILEGE_' || iPrivRec.SiteID,
value => 'Y');
ELSE
DBMS_SESSION.set_context(
namespace => 'my_ctx',
attribute => 'SITE_PRIVILEGE_' || iPrivRec.SiteID,
value => 'N');
END IF;
END LOOP;To finish things off, I created a security policy function for the table which returns the following:
RETURN 'SiteID IN (SELECT TO_NUMBER(SUBSTR(attribute, 15))
FROM session_context
WHERE attribute LIKE ''SITE_PRIVILEGE_%''
AND value = ''Y'')';This setup worked great for database users. I am now working to do a comparable proof-of-concept for enterprise users created in Oracle Internet Directory (OiD). I have Enterprise User Security (EUS) up and running with OiD, global roles created in the database, enterprise roles defined in EUS with global role assignments, and enterprise roles assigned to OiD users. The enterprise users are able to successfully login to the database, and I can see the appropriate global role assignments when I query the session_roles view.
I tried using the same application context package, logon trigger, and security policy function with the enterprise users that I had used with the database users. Unfortunately, I found that the application context attributes are not being set correctly. As you can see from the code above, the applicaiton context package was referencing the dba_role_privs view. Apparently, although this view is populated for database users, it is not populated for enterprise users.
I tried changing the application context package to use invoker's rights and to query the session_roles view instead of the dba_role_privs view. Although this package sets the attributes correctly when called manually, it does not work when called from the logon trigger. That was an oops on my part, as I didn't realize initially that a PL/SQL procedure cannot be called with invoker's rights from a trigger.
So, I am now wondering, is there another view that I could use in code called from a logon trigger to access the roles assigned to the enterprise user ? If not, is there a better way for me to approach this problem? From a maintenance standpoint, I like the idea of controlling site access from the LDAP directory service via role assignments. But, I am open to other ideas as well.
Thank you!
Hello,
We have an Oracle 11g database with a table containing data from multiple sites (a SiteID field identifies the site for a record). Since application users can have access to different subsets of sites, we would like to use Oracle's Virtual Private Database feature to enforce row-level security on the table.
I did a successful proof-of-concept with database users. I created a role for each site (example: USER_SITE_A, USER_SITE_B, ...), and then assigned the appropriate site roles to each database user. I then created a package (run via a logon trigger) which set application context attributes for each site. If the current database user has been assigned a role for a given site, then the corresponding attribute named "SITE_PRIVILEGE_SiteID" is set to 'Y'... otherwise, it is set to 'N'. Here is the code which worked to set application context attributes for database users:
-- For each record in my RoleSitePrivileges table, set
-- an attribute named 'SITE_PRIVILEGE_<SiteID>'.
-- If the current user has been assigned a role matching
-- the value in the 'RoleName' field, set the corresponding
-- attribute to 'Y'... otherwise, set it to 'N'.
FOR iPrivRec IN (SELECT RoleName, SiteID
FROM RoleSitePrivileges
ORDER BY SiteID)
LOOP
SELECT COUNT(*)
INTO roleExists
FROM dba_role_privs
WHERE granted_role = UPPER(iPrivRec.RoleName)
AND grantee = USER;
IF roleExists > 0 THEN
DBMS_SESSION.set_context(
namespace => 'my_ctx',
attribute => 'SITE_PRIVILEGE_' || iPrivRec.SiteID,
value => 'Y');
ELSE
DBMS_SESSION.set_context(
namespace => 'my_ctx',
attribute => 'SITE_PRIVILEGE_' || iPrivRec.SiteID,
value => 'N');
END IF;
END LOOP;To finish things off, I created a security policy function for the table which returns the following:
RETURN 'SiteID IN (SELECT TO_NUMBER(SUBSTR(attribute, 15))
FROM session_context
WHERE attribute LIKE ''SITE_PRIVILEGE_%''
AND value = ''Y'')';This setup worked great for database users. I am now working to do a comparable proof-of-concept for enterprise users created in Oracle Internet Directory (OiD). I have Enterprise User Security (EUS) up and running with OiD, global roles created in the database, enterprise roles defined in EUS with global role assignments, and enterprise roles assigned to OiD users. The enterprise users are able to successfully login to the database, and I can see the appropriate global role assignments when I query the session_roles view.
I tried using the same application context package, logon trigger, and security policy function with the enterprise users that I had used with the database users. Unfortunately, I found that the application context attributes are not being set correctly. As you can see from the code above, the applicaiton context package was referencing the dba_role_privs view. Apparently, although this view is populated for database users, it is not populated for enterprise users.
I tried changing the application context package to use invoker's rights and to query the session_roles view instead of the dba_role_privs view. Although this package sets the attributes correctly when called manually, it does not work when called from the logon trigger. That was an oops on my part, as I didn't realize initially that a PL/SQL procedure cannot be called with invoker's rights from a trigger.
So, I am now wondering, is there another view that I could use in code called from a logon trigger to access the roles assigned to the enterprise user ? If not, is there a better way for me to approach this problem? From a maintenance standpoint, I like the idea of controlling site access from the LDAP directory service via role assignments. But, I am open to other ideas as well.
Thank you!
Similar Messages
-
Setting the logonHours attribute for a user in Active Directory
Hi Anyone,
I'm a brasilian guy and I need your help. How can I set the logonHours attribute on my Active Directory?
I have this code but it doesn't works good:
public void setLogonHours(boolean[] logonHoursBits){
int i;
int j;
int k;
int index21 = 0;
int index24 = 0;
byte[] byteLogonHour = new byte[21];
byte byte8Hours = 0;
for(i=0; i <= 6; i++){
for(j=1; j <= 3; j++){
for(k=7; k >= 0; k--){
if (i < 6){
if (logonHoursBits[i] == (boolean)(index24 == 0) ? true : false){
byte8Hours += (byte)Math.pow(2,k);
else{
if (logonHoursBits[0] == (boolean)(index24 == 0) ? true : false){
byte8Hours += (byte)Math.pow(2,k);
index24++;
byteLogonHour[index21] = byte8Hours;
index21++;
index24 = 0;
try{
String nome = "CN=Dryelle,OU=Pesquisa,DC=cifya,DC=com,DC=br";
ctx = new InitialLdapContext(env,null);
ModificationItem logonHours[] = new ModificationItem[1];
logonHours[0]= new ModificationItem(DirContext.REPLACE_ATTRIBUTE, new BasicAttribute("logonHours",byteLogonHour));
ctx.modifyAttributes(name,logonHours);
System.out.println("Atributo logonHours alterado com sucesso.");
catch (NamingException e) {
System.err.println("Problema na altera??o " + e);
}the code set the attribute but wrong. Can anyone help-me? It's making me crazy.
Sorry about my poor english.
Tks.
Edited by: th_slopes on Aug 15, 2008 5:50 PMDirContext ctx = new InitialDirContext(pr);
BasicAttributes entry = new BasicAttributes(true);
String entryDN = "cn=CharbelHad,ou=test users,dc=test,dc=dev";
Attribute cn = new BasicAttribute("cn", "ChHad");
Attribute street = (new BasicAttribute("streetAddress", "Ach"));
Attribute loginPreW2k = (new BasicAttribute("sAMAccountName", "[email protected]"));
Attribute login = (new BasicAttribute("userPrincipalName", "[email protected]"));
Attribute sn = (new BasicAttribute("sn", "Chl"));
Attribute pwd = new BasicAttribute("unicodePwd", "\"Ch@341\"".getBytes("UTF-8"));
Attribute userAccountControl = new BasicAttribute("userAccountControl", "512");
Attribute oc = new BasicAttribute("objectClass");
oc.add("top");
oc.add("person");
oc.add("organizationalPerson");
oc.add("user");
// build the entry
entry.put(cn);
entry.put(street);
entry.put(sn);
entry.put(userAccountControl);
entry.put(pwd);
entry.put(login);
entry.put(loginPreW2k);
entry.put(oc);
ctx.createSubcontext(entryDN, entry); -
Using Static Variable against Context Attribute for Holding IWDView
Dear Friends,
I have a method which is in another DC which has a parameter of the type IWDView. In my view, I will have an action which will call the method in another component by passing the value for the view parameter. Here, I can achieve this in 2 types. One is - I declare a static variable and assign the wdDoModifyView's view as parameter value and I can pass this variable as parameter whenever calling that method or the second way - create an attribute and assign the same wdDoModifyView's view parameter as its value. Whenever I call this method, I can pass this attribute as parameter. What is the difference between these two types of holding the value since I am storing the same value i.e., wdDoModifyView's view parameter. But when I trigger the action from different user sessions, the first type of code (using static variable) prints the same value in both the sessions for view.hashCode() and View.toString(), but the same is printing the different values when I pass the attribute which holds the view parameter.
Clarification on this is highly appreciated
The problem I face is when I use static variable to get the view instance and export the data using the UI element's id, the data belonging to different user sessions is mixed up where as when I use Context Attribute, the same problem doesn't arise. I want to know the reason why it is so. Is there any other place or way where I can get the current view instance of each session instead of wdDoModifyView?Hi Sujai ,
As you have specified the problem that we face when we use static attributes, when end users are using the application .
Static means i have n number of objects but the static variable value will remain same every where.
when it is context attribute for every object i.e nth object you have a nth context attribute i mean nth copy of the context attribute.
so every user has a unique Iview parameter , when context is used and
when static is used , assume you have userA , his iview is set this intially and u have another user B , when he is using , since the variable is static and when you access this variable you will get the value of userA.
Regards
Govardan Raj -
Set a default layout for all users via DIAPI
Hello everyone,
I am attempting to set a default report for all users/business partners using the DI-API.
I can accomplish this in the B1 application via Tools> Layout Designer...>Set as Default
If there are entries in the RDFL table for this layout, I am prompted to delete these entries and set this layout as the default for all users/BP's
Based on the SDK Documentation, the following code should accomplish the same thing via the DI-API
(stripped down for clarity)
Dim oDefaultReportParams As DefaultReportParams
oDefaultReportParams = oLayoutService.GetDataInterface(ReportLayoutsServiceDataInterfaces.rlsdiDefaultReportParams)
oDefaultReportParams.LayoutCode = sMyLayoutCode
oDefaultReportParams.ReportCode = sMyReportCode
Me.oLayoutService.SetDefaultReport(oDefaultReportParams)
Code executes fine, but it doesn't have the expected impact on settings. The above code adds an entry to the RDFL table rather than changing the DfltReport field in the RTYP table like I expected, so instead of setting the default report globally for all bps/users, its adding an entry to the RDFL table to set the value for a specific user/bp
I experimented by including and setting the following properties to every combination I could think of with the same results
oDefaultReportParams.UserID = 'tried 1, 0, -1
oDefaultReportParams.CardCode = 'tried "", "0", "-1"
Am I misunderstanding the API, or using the wrong objects/calls...? If all else fails I could accomplish this via the UI-API instead, but the application was intended to be a stand alone app that didn't rely on SAP B1 application running, so any help or suggestions would be much appreciated.
Thanks!Hi,
Please repost at SDK forum to get quick response. Close this thread here with helpful answer.
Thanks. -
Jdev11G XMLMenuModel : Setting the "destination" attribute for the itemNode
Hi,
I am trying to set the "destination" attribute for the itemNode in the metadata.xml.This is the URI to which the user must be taken on clicking that node. But it is unable to pick the URI set for the destination attribute and hence there is no navigation that happens.Using the "action" attribute works fine. But I need to use the "destination" attribute.
Here are some of the files:
The metadata.xml (root_menu.xml):
<?xml version="1.0" encoding="windows-1252" ?>
<menu xmlns="http://myfaces.apache.org/trinidad/menu">
<groupNode id="groupNode1" idref="itemNode1" label="Merchant">
<itemNode id="itemNode1" label="Sites" action="site_action" rendered="#{testBean.test}"
focusViewId="/common/site/Site.jspx">
</itemNode>
<groupNode id="groupNode2" idref="itemNode2" label="Settings">
<itemNode id="itemNode2" label="Page Template" action="template_action"
focusViewId="/common/template/TemplateRules.jspx">
</itemNode>
<itemNode id="itemNode3" label="Configuration Parameters" destination="http://www.google.com"
action="config_action" focusViewId="/common/others/ConfigurationParameters.jspx">
</itemNode>
</groupNode>
<groupNode id="groupNode3" idref="itemNode4" label="System Admin">
<itemNode id="itemNode4" label="Cache Invalidation" destination="/faces/common/others/CacheInvalidation.jspx"
focusViewId="/common/others/CacheInvalidation.jspx">
</itemNode>
</groupNode>
</groupNode>
</menu>
The faces_config.xml:
<?xml version="1.0" encoding="windows-1252"?>
<faces-config version="1.2" xmlns="http://java.sun.com/xml/ns/javaee">
<application>
<default-render-kit-id>oracle.adf.rich</default-render-kit-id>
</application>
<navigation-rule>
<navigation-case>
<from-outcome>site_action</from-outcome>
<to-view-id>/common/site/Site.jspx</to-view-id>
</navigation-case>
<navigation-case>
<from-outcome>template_action</from-outcome>
<to-view-id>/common/template/TemplateRules.jspx</to-view-id>
</navigation-case>
<navigation-case>
<from-outcome>config_action</from-outcome>
<to-view-id>/common/others/ConfigurationParameters.jspx</to-view-id>
</navigation-case>
<navigation-case>
<from-outcome>cache_action</from-outcome>
<to-view-id>/common/others/CacheInvalidation.jspx</to-view-id>
</navigation-case>
</navigation-rule>
<managed-bean>
<managed-bean-name>root_menu</managed-bean-name>
<managed-bean-class>org.apache.myfaces.trinidad.model.XMLMenuModel</managed-bean-class>
<managed-bean-scope>request</managed-bean-scope>
<managed-property>
<property-name>createHiddenNodes</property-name>
<value>false</value>
</managed-property>
<managed-property>
<property-name>source</property-name>
<property-class>java.lang.String</property-class>
<value>/WEB-INF/root_menu.xml</value>
</managed-property>
</managed-bean>
<managed-bean>
<managed-bean-name>testBean</managed-bean-name>
<managed-bean-class>testBean</managed-bean-class>
<managed-bean-scope>request</managed-bean-scope>
</managed-bean>
</faces-config>
Can you please tell me what else has to be set for the "destination" attribute to work?
Thanks,
SwapnaThe code you sent is not clear, could you send your jspx page.
Thanks -
OIM - Error updating the Teminal Services Attributes for a Users AD account
Hi,
I am trying to populate 'Terminal Profile Path', 'Terminal Home Directory' and 'Terminal Allow Login' attributes for a users Active DIrectory account from the OIM admin interface. and the request keeps getting rejected in OIM.
*1) I get the below message in OIM -*
Response: non-JRMP server at remote endpoint
Response Description: Unknown response received
Error Details
Setting task status... "non-JRMP server at remote endpoint" does not correspond to a known Response Code. Using "UNKNOWN".
*2) Below are the error messages from the logs:*
2010-04-13 13:42:15,843 ERROR [XELLERATE.ADAPTERS] Class/Method: tcAdpEvent/getRemoteManagerInfo encounter some problems: No Remote Manager associated with current IT Resource.
2010-04-13 13:42:15,843 ERROR [XELLERATE.ADAPTERS] Class/Method: tcAdpEvent/getRemoteManagerInfo encounter some problems: INTERNAL_ERROR
com.thortech.xl.dataobj.util.tcAdapterTaskException: INTERNAL_ERROR
at com.thortech.xl.adapterfactory.events.tcAdpEvent.getRemoteManagerInfo(Unknown Source)
at com.thortech.xl.adapterGlue.ScheduleItemEvents.adpADCSEXECUTEREMOTESCRIPT.EXECUTEREMOTESCRIPT(adpADCSEXECUTEREMOTESCRIPT.java:646)
at com.thortech.xl.adapterGlue.ScheduleItemEvents.adpADCSEXECUTEREMOTESCRIPT.implementation(adpADCSEXECUTEREMOTESCRIPT.java:148)
at com.thortech.xl.client.events.tcBaseEvent.run(Unknown Source)
at com.thortech.xl.dataobj.tcDataObj.runEvent(Unknown Source)
at com.thortech.xl.dataobj.tcScheduleItem.runMilestoneEvent(Unknown Source)
at com.thortech.xl.dataobj.tcScheduleItem.eventPostInsert(Unknown Source)
at com.thortech.xl.dataobj.tcDataObj.insert(Unknown Source)
at com.thortech.xl.dataobj.tcDataObj.save(Unknown Source)
at com.thortech.xl.dataobj.tcOrderItemInfo.eventPostUpdate(Unknown Source)
at com.thortech.xl.dataobj.tcDataObj.update(Unknown Source)
at com.thortech.xl.dataobj.tcDataObj.save(Unknown Source)
at com.thortech.xl.dataobj.tcTableDataObj.save(Unknown Source)
at com.thortech.xl.ejb.beansimpl.tcFormInstanceOperationsBean.setProcessFormData(Unknown Source)
at com.thortech.xl.ejb.beansimpl.tcFormInstanceOperationsBean.setProcessFormData(Unknown Source)
at com.thortech.xl.ejb.beans.tcFormInstanceOperationsSession.setProcessFormData(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.jboss.invocation.Invocation.performCall(Invocation.java:359)
at org.jboss.ejb.StatelessSessionContainer$ContainerInterceptor.invoke(StatelessSessionContainer.java:237)
at org.jboss.resource.connectionmanager.CachedConnectionInterceptor.invoke(CachedConnectionInterceptor.java:158)
at org.jboss.ejb.plugins.StatelessSessionInstanceInterceptor.invoke(StatelessSessionInstanceInterceptor.java:169)
at org.jboss.ejb.plugins.CallValidationInterceptor.invoke(CallValidationInterceptor.java:63)
at org.jboss.ejb.plugins.AbstractTxInterceptor.invokeNext(AbstractTxInterceptor.java:121)
at org.jboss.ejb.plugins.TxInterceptorCMT.runWithTransactions(TxInterceptorCMT.java:350)
at org.jboss.ejb.plugins.TxInterceptorCMT.invoke(TxInterceptorCMT.java:181)
at org.jboss.ejb.plugins.SecurityInterceptor.invoke(SecurityInterceptor.java:168)
at org.jboss.ejb.plugins.LogInterceptor.invoke(LogInterceptor.java:205)
at org.jboss.ejb.plugins.ProxyFactoryFinderInterceptor.invoke(ProxyFactoryFinderInterceptor.java:138)
at org.jboss.ejb.SessionContainer.internalInvoke(SessionContainer.java:648)
at org.jboss.ejb.Container.invoke(Container.java:960)
at sun.reflect.GeneratedMethodAccessor133.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:155)
at org.jboss.mx.server.Invocation.dispatch(Invocation.java:94)
at org.jboss.mx.server.Invocation.invoke(Invocation.java:86)
at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:264)
at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:659)
at org.jboss.invocation.local.LocalInvoker$MBeanServerAction.invoke(LocalInvoker.java:169)
at org.jboss.invocation.local.LocalInvoker.invoke(LocalInvoker.java:118)
at org.jboss.invocation.InvokerInterceptor.invokeLocal(InvokerInterceptor.java:209)
at org.jboss.invocation.InvokerInterceptor.invoke(InvokerInterceptor.java:195)
at org.jboss.proxy.TransactionInterceptor.invoke(TransactionInterceptor.java:61)
at org.jboss.proxy.SecurityInterceptor.invoke(SecurityInterceptor.java:70)
at org.jboss.proxy.ejb.StatelessSessionInterceptor.invoke(StatelessSessionInterceptor.java:112)
at org.jboss.proxy.ClientContainer.invoke(ClientContainer.java:100)
at $Proxy758.setProcessFormData(Unknown Source)
at Thor.API.Operations.tcFormInstanceOperationsClient.setProcessFormData(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at Thor.API.Base.SecurityInvocationHandler$1.run(Unknown Source)
at Thor.API.Security.LoginHandler.jbossLoginSession.runAs(Unknown Source)
at Thor.API.Base.SecurityInvocationHandler.invoke(Unknown Source)
at $Proxy801.setProcessFormData(Unknown Source)
at com.thortech.xl.webclient.actions.UserDefinedFormAction.editForm(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.struts.actions.DispatchAction.dispatchMethod(DispatchAction.java:280)
at com.thortech.xl.webclient.actions.tcLookupDispatchAction.execute(Unknown Source)
at com.thortech.xl.webclient.actions.tcActionBase.execute(Unknown Source)
at com.thortech.xl.webclient.actions.tcAction.execute(Unknown Source)
at org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:484)
at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:274)
at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1482)
at org.apache.struts.action.ActionServlet.doPost(ActionServlet.java:525)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:710)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at com.thortech.xl.webclient.security.SecurityFilter.doFilter(Unknown Source)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:182)
at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:84)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:157)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:262)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:446)
at java.lang.Thread.run(Thread.java:619)
2010-04-13 13:42:15,843 DEBUG [XELLERATE.ADAPTERS] Class/Method: tcAdpEvent/getRemoteManagerInfo left.
2010-04-13 13:42:15,843 DEBUG [XELLERATE.REMOTEMANAGER] Class/Method: RemoteManagerSupport/getRemoteManager entered.
2010-04-13 13:42:15,843 DEBUG [XELLERATE.REMOTEMANAGER] Class/Method: RemoteManagerSupport/getRemoteManager Remote Manager Host Lookup URL is null
2010-04-13 13:42:15,843 DEBUG [XELLERATE.REMOTEMANAGER] Class/Method: RemoteManagerSupport/getRemoteManager Remote Manager service name is null
2010-04-13 13:42:15,843 INFO [XELLERATE.REMOTEMANAGER] Class/Method: RemoteManagerSupport/getRemoteManager Remote Manager full URL is null/null
2010-04-13 13:42:15,843 ERROR [XELLERATE.REMOTEMANAGER] Class/Method: RemoteManagerSupport/getRemoteManager encounter some problems: non-JRMP server at remote endpoint
java.rmi.ConnectIOException: non-JRMP server at remote endpoint
at sun.rmi.transport.tcp.TCPChannel.createConnection(TCPChannel.java:230)
at sun.rmi.transport.tcp.TCPChannel.newConnection(TCPChannel.java:184)
at sun.rmi.server.UnicastRef.newCall(UnicastRef.java:322)
at sun.rmi.registry.RegistryImpl_Stub.lookup(Unknown Source)
at java.rmi.Naming.lookup(Naming.java:84)
at com.thortech.xl.remotemanager.RemoteManagerSupport.getRemoteManager(Unknown Source)
at com.thortech.xl.adapterGlue.ScheduleItemEvents.adpADCSEXECUTEREMOTESCRIPT.EXECUTEREMOTESCRIPT(adpADCSEXECUTEREMOTESCRIPT.java:649)
at com.thortech.xl.adapterGlue.ScheduleItemEvents.adpADCSEXECUTEREMOTESCRIPT.implementation(adpADCSEXECUTEREMOTESCRIPT.java:148)
at com.thortech.xl.client.events.tcBaseEvent.run(Unknown Source)
at com.thortech.xl.dataobj.tcDataObj.runEvent(Unknown Source)
at com.thortech.xl.dataobj.tcScheduleItem.runMilestoneEvent(Unknown Source)
at com.thortech.xl.dataobj.tcScheduleItem.eventPostInsert(Unknown Source)
at com.thortech.xl.dataobj.tcDataObj.insert(Unknown Source)
at com.thortech.xl.dataobj.tcDataObj.save(Unknown Source)
at com.thortech.xl.dataobj.tcOrderItemInfo.eventPostUpdate(Unknown Source)
at com.thortech.xl.dataobj.tcDataObj.update(Unknown Source)
at com.thortech.xl.dataobj.tcDataObj.save(Unknown Source)
at com.thortech.xl.dataobj.tcTableDataObj.save(Unknown Source)
at com.thortech.xl.ejb.beansimpl.tcFormInstanceOperationsBean.setProcessFormData(Unknown Source)
at com.thortech.xl.ejb.beansimpl.tcFormInstanceOperationsBean.setProcessFormData(Unknown Source)
at com.thortech.xl.ejb.beans.tcFormInstanceOperationsSession.setProcessFormData(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.jboss.invocation.Invocation.performCall(Invocation.java:359)
at org.jboss.ejb.StatelessSessionContainer$ContainerInterceptor.invoke(StatelessSessionContainer.java:237)
at org.jboss.resource.connectionmanager.CachedConnectionInterceptor.invoke(CachedConnectionInterceptor.java:158)
at org.jboss.ejb.plugins.StatelessSessionInstanceInterceptor.invoke(StatelessSessionInstanceInterceptor.java:169)
at org.jboss.ejb.plugins.CallValidationInterceptor.invoke(CallValidationInterceptor.java:63)
at org.jboss.ejb.plugins.AbstractTxInterceptor.invokeNext(AbstractTxInterceptor.java:121)
at org.jboss.ejb.plugins.TxInterceptorCMT.runWithTransactions(TxInterceptorCMT.java:350)
at org.jboss.ejb.plugins.TxInterceptorCMT.invoke(TxInterceptorCMT.java:181)
at org.jboss.ejb.plugins.SecurityInterceptor.invoke(SecurityInterceptor.java:168)
at org.jboss.ejb.plugins.LogInterceptor.invoke(LogInterceptor.java:205)
at org.jboss.ejb.plugins.ProxyFactoryFinderInterceptor.invoke(ProxyFactoryFinderInterceptor.java:138)
at org.jboss.ejb.SessionContainer.internalInvoke(SessionContainer.java:648)
at org.jboss.ejb.Container.invoke(Container.java:960)
at sun.reflect.GeneratedMethodAccessor133.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:155)
at org.jboss.mx.server.Invocation.dispatch(Invocation.java:94)
at org.jboss.mx.server.Invocation.invoke(Invocation.java:86)
at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:264)
at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:659)
at org.jboss.invocation.local.LocalInvoker$MBeanServerAction.invoke(LocalInvoker.java:169)
at org.jboss.invocation.local.LocalInvoker.invoke(LocalInvoker.java:118)
at org.jboss.invocation.InvokerInterceptor.invokeLocal(InvokerInterceptor.java:209)
at org.jboss.invocation.InvokerInterceptor.invoke(InvokerInterceptor.java:195)
at org.jboss.proxy.TransactionInterceptor.invoke(TransactionInterceptor.java:61)
at org.jboss.proxy.SecurityInterceptor.invoke(SecurityInterceptor.java:70)
at org.jboss.proxy.ejb.StatelessSessionInterceptor.invoke(StatelessSessionInterceptor.java:112)
at org.jboss.proxy.ClientContainer.invoke(ClientContainer.java:100)
at $Proxy758.setProcessFormData(Unknown Source)
at Thor.API.Operations.tcFormInstanceOperationsClient.setProcessFormData(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at Thor.API.Base.SecurityInvocationHandler$1.run(Unknown Source)
at Thor.API.Security.LoginHandler.jbossLoginSession.runAs(Unknown Source)
at Thor.API.Base.SecurityInvocationHandler.invoke(Unknown Source)
at $Proxy801.setProcessFormData(Unknown Source)
at com.thortech.xl.webclient.actions.UserDefinedFormAction.editForm(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.struts.actions.DispatchAction.dispatchMethod(DispatchAction.java:280)
at com.thortech.xl.webclient.actions.tcLookupDispatchAction.execute(Unknown Source)
at com.thortech.xl.webclient.actions.tcActionBase.execute(Unknown Source)
at com.thortech.xl.webclient.actions.tcAction.execute(Unknown Source)
at org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:484)
at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:274)
at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1482)
at org.apache.struts.action.ActionServlet.doPost(ActionServlet.java:525)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:710)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at com.thortech.xl.webclient.security.SecurityFilter.doFilter(Unknown Source)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:182)
at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:84)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:157)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:262)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:446)
at java.lang.Thread.run(Thread.java:619)
*3)* I confirmed that RemoteManager is running by going to the design console. Administration -> Remote Manager. And I see that RManager service has both Running and IT Resource to be selected.
But, when I shutdown remote manager and look at the Remote Manager from design console it only has the IT Resource to be selected.
So, I am assuming the OIM is seeing the RManager service to be active when it is running,
Please let me know if you have any ideas of how I should go about resolving this issue.
Thanks,
Rohit Pthat�??s the output of the FIMADMIN. Can you exec that script for the user account you are having problems with?
Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)
Jorge de Almeida Pinto | MVP Identity & Access - Directory Services
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always evaluate/test yourself before using/implementing this!
* DISCLAIMER: http://jorgequestforknowledge.wordpress.com/disclaimer/
################# Jorge's Quest For Knowledge ###############
###### BLOG URL: http://JorgeQuestForKnowledge.wordpress.com/ #####
#### RSS Feed URL: http://jorgequestforknowledge.wordpress.com/feed/ ####
-------------------------------------------------------------------------------------------------------<>
"Raveendra Raju" wrote in message news:[email protected]...
Hi,
I have enable the
attributes �??Domain�?�, �??AccountName�?� and �??ObjectSID�?� and values are populated about that AD user account synched by the FIM Sync Engine".
Please find the below attributes values
Account Name: fimadmin
Domain Name : TESTNET
Object SID : AQUAAAAAAAUVAAAAeZI7Xt/AsWwbRQVrlAQAAA==
I have already validated the following:
·Grant Authenticated Users access to the FIM Portal
Site (must be checked if you want to allow access to the FIM Portal)
·Grant Authenticated Users access to the FIM Password
Reset Site (must be checked if you want to allow access to the FIM Password Portal)
I have also run the PowerShell script to validate these settings:
·�?�General: Users can read non-administrative configuration
resources�?�
·�??User management: Users can read attributes of
their own�?�
BUT STILL NOT ABLE TO LOGIN AS A REGULAR USER ... PLEASE HELP ME OR SUGGEST ME HOW TO DEBUG TO IDENTIFY THE ISSUE. IF SOME ONE GIVE
ME THE STEPS THAT WOULD BE GREAT HELP.
Jorge de Almeida Pinto [MVP-DS] | Principal Consultant | BLOG: http://jorgequestforknowledge.wordpress.com/ -
Sourcing 7.0 - Strange Login Behaviour for enterprise user
Hello
We have installed SAP Sourcing 7.0 and created one tenant and after that everything was running fine. I have now created another tenant. After this there is a strange login behaviour for enterprise user
When I go to the ...../fsbuyer/portal URL, it given me a login screen. When I try to login with enterprise user and password as specified in the context, it does not let me login even with a correct password. The error is "User Authentication Failed"
I just happened to try NW CE Administrator Login, after this the error changed to "Entry does not exist". Here I gave enterprise user and password and it logged into the system. So I now have to login two times once with NW UME User and other with enterprise user to access the setup page.
However this is the problem only for enteprise user and not for other user accounts that I created. I checked in NW UME, the enterprise user does not exist there. However I can see that other users that I created using "Internal User Accounts" are also created in NW UME.
Anyone faced this behaviour earlier?
This also brings out a very interesting point. In Multi-Tenant Setup when using NW UME does this mean that two tenants cannot share the same user account. Is that so?
Regards,
ShubhamHi Vikram,
Thanks a ton for your reponse.
I would like to understand your solution regarding creating another cluster.
Does this mean I need to install another CE Instance and install sourcing on the same.
OR
I have to create an Add-In instance for the current CE Server and define the Host Name of Add-In Instance in the new cluster
Also in this cluster, which context should I select, System Context or Existing Tenant Context or New Tenant Context.
Regards,
Shubham -
Trying to modify two AD User attributes for multiple users?
Hello,
I'm a newbie to Powershell and need some help.
I have a 2008 R2 AD and need to modify two attributes for multiple users.
The attributes include "homeDirectory" and "unixhomedirectory".
I have started to go through Powershell in a month of lunches but need this solution quickly.
I have been trying number of scripts that I cannot get to work in our test AD lab.
Is there anyone who can help with a simple script with explanations of each line so I know how it works please?
helpThanks clayman2,
Here is what's in my .csv below
samaccountName
homdedirectory
unixhomedirectory
testuser1
\\servername\oldhimedir\%username%
\\servername\oldhimedir\%username%
testuser2
\\servername\oldhimedir\%username%
\\servername\oldhimedir\%username%
This is the code below I'm trying to use.
Import-Module ActiveDirectory
$USERS = Import-CSV c:\users.csv
$USERS|Foreach{Set-ADUSer -Identity $_.samaccountname -homdedirectory $_.\\servername\oldhimedir\%username% -unixhomedirectory $_.\\servername\oldhimedir\%username%}
Please let me know if I have to put the pathing in any special brackets to have PS read it. I have tried {} around the field but I get "Missing property name after reference operator"
Thank you -
How can I set up my Mac for two users to share photos, music etc
How can I set up my Mac for two users to share photos, music etc?
On the Mac with the libraries you want to share:
iTunes Preferences click on the Sharing tab and put a tick in 'Share by library on local network'.
iPhoto Preferences click on Sharing and put a tick against 'Share my photos'.
When launching the same apps on other Macs on the network the libraries should be available, listed on the left. -
How to set a welcome message for a user when he is login
in my server i am creatin a user "john" in solaris10 box when ever he logins in to the server he should get a message like "welcome john" what is the option to set the message ....
how can i set a welcome message for a user in solaris
please guide me the process how i can do
Thanks in AdvanceTHANK YOU FOR YOUR REPLY
i have checked it out in /etc/motd
its working fine but the message is coming for every user when they login
i want message lilke
if john is looged in
than message like "welcome john"
can u please tell me the procedure where to change in /etc/profile and /etc/.login -
How to Update Extended Attributes For the Users in SRM Organization?
Hi,
I am using 'BBP_UPDATE_ATTRIBUTES' function module to load the Default Attributes for the users in a custom program. I am able to update many attributes like company code, Movement type, catalog id, material usage, shop on behalf of and address ship to. But I am having problem updating extended attributes Plants(Attribute ID 'WRK') and Storage Locations (Attribute ID 'LAG').
Storage location and Plants has many values. Can anyone have experienced this problem before. I appreciate any help I get. I debugged enough and not able to find any other function module to do this.
Thanks and Regards,
Sreeni..Hi Sreeni,
I'm stuck up in the same problem. Did you get any solution for this? If yes please provide the same.
Regards,
Gajendra
Message was edited by: Gajendra Bhatt -
HI,
We are running Exchange 2010 and are migrating users from 2003 to 2010 with no problems. The client has asked me to set OWA font to LuidaSans which I can do for individuals with no problems. However, when I try and run the following command
Get-Mailbox -Resultsize Unlimited | Set-MailboxMessageConfiguration -LucidaSans but then got a message to state
"property composefontname can't be set on this object becuase it requires the object to have version 0.1 <8.0.535.0> or later. The object's currant version is 0.0 <6.5.6500.0>"
What object is this reffered to? Can anyone help please?
Thanks
PaulHi,
To set a default font for all users, you can use this command: -
Get-Mailbox | Set-MailboxMessageConfiguration -DefaultFontName "Trebuchet"
You can use any font style in place of “Trebuchet”.
I hope this information will be helpful for you.
Thanks and regards
Ashish@S
Ashish@V -
SimpleSearch can only retrieve documents(reports) for enterprise users!!
Good Day Everybody,
i'm using SimpleSearch to retrieve all reports for specific users, the problem is that i'm only able to retirve reports for enterprise users and i can not get reports for domain users, anybody knows why?? or there is another way to do so??
GetDocumentList is working fine but it's only retirves reports for the loged in user only....
also i would like to extacrt all useres which has permession to reports, so would you please give me a hand of help and send me how to do!!!
kindly find below the code i'm using to retrieve all reports for specific users:
//After creating connection, seesion and login using administrator enterprise user
SimpleSearch mySearch = new SimpleSearch();
mySearch.InAuthor = txtUsername.Text;//.Trim();
//mySearch.InName = "";
mySearch.BeginDate = System.DateTime.Now.AddYears(-2);
mySearch.BeginDateSpecified = true;
mySearch.ObjectType = "documents";// "documents";
BusinessObjects.DSWS.BICatalog.SortType[] mySort = new BusinessObjects.DSWS.BICatalog.SortType[1];
mySort[0] = BusinessObjects.DSWS.BICatalog.SortType.NAMEASC;
BICatalogObject[] searchResults= null ;
searchResults = boCatalog.Search(mySearch, mySort, null, null, InstanceRetrievalType.WITHOUTINSTANCE);
if (searchResults != null)
foreach (BICatalogObject myBOCatObject in searchResults)
Response.Write(myBOCatObject.Name + "----" + myBOCatObject.UID + "" + myBOCatObject.CreationDate + "--" +"<BR>");
else
Response.Write("no documents");Which version are you using?
BICatalog is pretty limited, and has been deprecated for more recent versions.
Sincerely,
Ted Ueda -
How to restrict login for multiple users having same Role
Our Web Application is deployed on Tomcat 5.5
The requirement is ?
There are roles in application like "operator", "admin"?
There are multiple users created for each of the above role.
When one user of "operator" role is logged in, then
It should not allow to login for another user of "operator" role.
Also, if user did not log out & application gets close, then
It should not allow to login for another user of "operator" role.
Also, it should not allow to login for multiple requests of same user
(using another browser instance...)
Is it possible using session object?
But, using session object, it will create separate objects for different users,
So here I will not be able to restrict session object creation rolewise.
Also, how to retrieve these multiple session objects created for different users on server?
If anyone is having the solution please reply as soon as possible,
Thank you.To tell you the truth, this is a stupid requirement. It must be an extremely fragile application.
In any case, you will have to write your stuff for that. Probably a filter that on login, logout, and session expiration checks, makes, or removes entries in a DB (using a synchronized resource to prevent race conditions) or possibly even simply in an application context object. -
How to set application access type for list of users
Hi everybody,
I've an requirement to automise the application access type setting in shared services.
When i searhed to do with MaxL scripts.I'm able to set the application access type for a single user using
alter user 'username' add application access type essbase
alter user 'username' add application access type planning
But,i've to perform this as a daily activity updating for list of users.Is there away to do it..??..i want to pass the list of users to the above alter user command.??
Please help me.
Cheers
Saran
Edited by: user11396937 on Aug 27, 2010 2:09 AMI discovered that changing "Image interpolation" optioon in general preferences of Photoshop has direct influence on smart object interpolation type. You can even reinterpolate smart object after changing image interpolation in preference. Just click ctrl + t and enter.
Maybe you are looking for
-
Can look at library but cant play! iPod shuts off!!! help
i charge ipod mini overnight, take it off charger, it says full battery in the corner, i look at songs, choose one, hit play, and it says "No battery power remains please connect to charger" and shuts off. But then i can turn it back on, and it does
-
Urgent Help Need for the beginner
When trying to bind a object to ldap i am getting the following exception. javax.naming.NameNotFoundException: [LDAP: error code 32 - No Such Object]; rema ining name 'cn=aString' The source code is as follows,the same exception comes even when i try
-
How can I get function keys (volume, brightness) to work in Bootcamp?
I have a MacbookPro purchased in June of 2011 and installed Bootcamp to play certain games that only work on Windows. The only problem is that my volume and brightness keys don't function, which is incredibly hard to work with in a full screen video
-
Interface logs and Report in SOA suite.
Guys, we are building a transactional interface from an external source to EBS and the interface will be built with SOA suite. The following are interface activity logs/report requirements from my client and I would like to have your input from to fi
-
Hi, I need steps to integrate OWSM with OID. We are using Oracle SOA 10.1.3.3. Any help in this regard would be of great help. Thanks & Regards Bhima shankar Kulkarni