Setup of security issue

Hi Gurus,
Please help!
What do we need to do to resolve the below security issue?
The Functional Guys says:
I do not know how an authorization group on the material master works within SAP security. For example, we need to be able to prevent someone from seeing a BOM in a production order, when the production order is for a material with the military goods indicator selected. Yet, for other materials (but without the military goods indicator), in the same plant, with the same production order type u2013 they would be allowed to see the BOM.
BASIS tried:
we have tried to create it in one of the SAP system; we tried to handle security through Authorization group field in material master.
Since standard SAP does not allows in our current scenario, but still we are trying for this and getting a solution.
Please help ASAP, The Project is in very IMP stage.
Thanks, please let me know If I need to call you to explain, I would do this.
Best regards,
Manas

Hi Rav,
cheers!
So, as I understood, separate order type for these military components need to be created by Functional consultant.
Shall I advise them in that fashion and We would maitain Authorization group in the BOM by restricting access for the users.
please advise!
thank you,
Manas

Similar Messages

Security issues for Discoverer 10g apps 12i

gurus,
I have couple of things to get it done at client.
We are on Oracle Apps rel 12i with dicoverer 10g.
Did anyone setup MOAC to be enabled and operational in business areas?
Setting up secure responsibilities in discoverer for MOAC?
Any setup needs to be done for custom report security in discoverer ?
thx

Hi,
I did setup new MOAC security profiles and assigned multiple organizations to that profile for testing purpose.
After this, I did run concurrent program "Security List Maintennce" etc...
Tested Upding profile at user level or responsibility level.
On APPS side fine.
I need the some basic steps on setup of security issues for discoverer side.
1) Business areas (any security steps need to be followed in order to access data for single or multi-org)
2) Custom Reports ( any security setup or any moac security profile setting against responsibilty for accessing single or multi-org data)
Since we dont have default operating unit parameter as specified in the concurrent program, how do you restrict data?
3) Reconciling security approach r12 with discoverer (any steps need to be followed here after r12 configuration with security issues)
4) Custom Views ( any steps to be followed for single or multi-org data as security aspect)
Looking for info on these setups.
Thx

Security issues for mail relay.

When setting up a mail relay.
Are there any special considerations regarding passwords for the administrator?
Are there any services that need to be specifically turned off?
Any other issues?
TIA
Hans

Hi,
I did setup new MOAC security profiles and assigned multiple organizations to that profile for testing purpose.
After this, I did run concurrent program "Security List Maintennce" etc...
Tested Upding profile at user level or responsibility level.
On APPS side fine.
I need the some basic steps on setup of security issues for discoverer side.
1) Business areas (any security steps need to be followed in order to access data for single or multi-org)
2) Custom Reports ( any security setup or any moac security profile setting against responsibilty for accessing single or multi-org data)
Since we dont have default operating unit parameter as specified in the concurrent program, how do you restrict data?
3) Reconciling security approach r12 with discoverer (any steps need to be followed here after r12 configuration with security issues)
4) Custom Views ( any steps to be followed for single or multi-org data as security aspect)
Looking for info on these setups.
Thx

Spoof dialog Boxes security issue

Hi all
Any one out there aware of this security issue with Safari
"Secunia Research has discovered a vulnerability in various browser's, which can be exploited by malicious web sites to spoof dialog boxes.
The problem is that JavaScript dialog boxes do not display or include their origin, which allows a new window to open e.g. a prompt dialog box, which appears to be from a trusted site."
I found the above by accident as i was looking up something else.
If you go to Secunia site and try the test you may find that you are also vulnerable.
http://secunia.com/multiple_browser'sdialog_origin_vulnerabilitytest/
The only way i found to stop the spoof dialog box was to turn off enable plug-ins in preferences. However i don't have any plug-ins in my Safari plug-in folder.
I'am running safari 1.3(v312) however it would appear that it also effects version 2.2 of Safari too. Also i have installed the latest update but to no effect. Other browser effect are:-
_ Internet Explorer for Mac
- Internet Explorer
- Opera
- iCab
- Mozilla / FireFox / Camino
My question is, is this vulnerability true, or just a setup
Any comments welcome.
~Tim

Hi,
The issue is resolved, but I don't know what caused this error.
I uninstalled the java components and BO then I deleted the BO folder under program files, then I deleted all BO entries in the registry.
Finally I reinstalled everything except the service pack and that finally worked. I don't know the cause of this error.
Regards,
Marcela

Security issue - or not? (remote trigger SMC startup)

Hi,
During installation of a few zones on a Sol10U2 system today, I noticed that simply running an nmap scan on a freshly installed and booted zone would cause the SMC to start:
Starting Solaris Management Console server version 2.1.0.
endpoint created: :898
Adding instance of solaris_providerpath
Adding class Solaris_LocalFileSystem
Adding class Solaris_Directory
Adding class Solaris_Mount
Adding class Solaris_UFS
Adding class Solaris_HSFS
Adding class Solaris_UFSMount
Adding class Solaris_HSFSMount
Adding class Solaris_LocalFSResidesOnExtent
Compilation succeeded.
Adding class Solaris_DiskDrive
Adding class Solaris_DiskPartition
Adding class Solaris_MediaPresent
Adding class Solaris_LogicalDisk
Adding class Solaris_PhysicalMedia
Adding class Solaris_Disk
Adding class Solaris_PhysicalPackage
Adding class Solaris_RealizesExtent
Adding class Solaris_RealizesDiskPartition
Adding class Solaris_RealizesDiskDrive
Adding class Solaris_DiskPartitionBasedOnDisk
Adding class Solaris_DiskPartitionBasedOnFDisk
Adding class Solaris_SCSIController
Adding class Solaris_IDEController
Adding class Solaris_MPXIOController
Adding class Solaris_USBSCSIController
Adding class Solaris_GenericController
Adding class Solaris_SCSIInterface
Adding class Solaris_MPXIOInterface
Adding class Solaris_IDEInterface
Adding class Solaris_ExtraCapacityGroup
Adding class Solaris_MPXIOGroup
Adding class Solaris_ControllerLogicalIdentity
Adding class Solaris_MPXIOCtrlrLogicalIdentity
Adding class Solaris_ControllerComponent
Adding class Solaris_MPXIOComponent
Adding class Solaris_StorageLibrary
Compilation succeeded.
Adding class CIM_ManagedElement
Adding class CIM_SettingData
Adding class CIM_Share
Adding class CIM_FileShare
Adding class CIM_NFSShare
Adding class CIM_SharedElement
Adding class CIM_HostedShare
Compilation succeeded.
Adding class Solaris_NFSShare
Adding class Solaris_NFSShareSecurity
Adding class Solaris_NFS
Adding class Solaris_PersistentShare
Adding class Solaris_MountSetting
Adding class Solaris_NFSMountSetting
Adding class Solaris_ShareSetting
Adding class Solaris_NFSShareSetting
Adding class Solaris_ShareService
Adding class Solaris_MountService
Adding class Solaris_NFSMount
Adding class Solaris_NFSShareSecurityModes
Adding class Solaris_NFSShareDefSecurityMode
Adding class Solaris_HostedShare
Adding class Solaris_PersistentShareConfiguration
Adding class Solaris_PersistentShareForSystem
Adding class Solaris_NFSShareEntry
Adding class Solaris_SharedElement
Adding class Solaris_NFSExport
Adding class Solaris_SharedFileSystem
Compilation succeeded.
Adding instance of solaris_providerpath
Adding instance of solaris_providerpath
Adding class Solaris_VMStateDatabase
Adding class Solaris_VMSoftPartition
Adding class Solaris_VMExtent
Adding class Solaris_VMStripe
Adding class Solaris_VMConcat
Adding class Solaris_VMMirror
Adding class Solaris_VMRaid5
Adding class Solaris_VMTrans
Adding class Solaris_VMHotSparePool
Adding class Solaris_VMDiskSet
Adding class Solaris_VMStorageVolume
Adding class Solaris_VMConcatComponent
Adding class Solaris_VMDriveInDiskSet
Adding class Solaris_VMExtentBasedOn
Adding class Solaris_VMSoftPartComponent
Adding class Solaris_VMExtentInDiskSet
Adding class Solaris_VMHostInDiskSet
Adding class Solaris_VMHotSpareInUse
Adding class Solaris_VMHotSpares
Adding class Solaris_VMMirrorSubmirrors
Adding class Solaris_VMRaid5Component
Adding class Solaris_VMStatistics
Adding class Solaris_VMStripeComponent
Adding class Solaris_VMTransLog
Adding class Solaris_VMTransMaster
Adding class Solaris_VMUsesHotSparePool
Adding class Solaris_VMVolumeBasedOn
Adding class Solaris_DiskIOPerformanceMonitor
Compilation succeeded.
Adding instance of solaris_providerpath
Adding class Solaris_ActiveUser
Adding class Solaris_ActiveProject
Adding class Solaris_ProcessStatisticalInformation
Adding class Solaris_UserProcessAggregateStatisticalInformation
Adding class Solaris_ProjectProcessAggregateStatisticalInformation
Adding class Solaris_ProcessStatistics
Adding class Solaris_ActiveUserProcessAggregateStatistics
Adding class Solaris_ActiveProjectProcessAggregateStatistics
Compilation succeeded.
Registration setup: 8/8 (Executing SUNWpmgr_reg.sh)
Registering components: 64/64 (Registering PatchMgrCli.jar)                 er)
Solaris Management Console server is ready.For interest, the nmap result is:
toby@deepthought ~ $ nmap -v 192.168.1.122
Starting Nmap 4.01 ( http://www.insecure.org/nmap/ ) at 2006-08-29 20:39 EDT
DNS resolution of 1 IPs took 0.23s. Mode: Async [#: 2, OK: 0, NX: 1, DR: 0, SF: 0, TR: 1, CN: 0]
Initiating Connect() Scan against 192.168.1.122 [1672 ports] at 20:39
The Connect() Scan took 44.49s to scan 1672 total ports.
Host 192.168.1.122 appears to be up ... good.
Interesting ports on 192.168.1.122:
(The 1662 ports scanned but not shown below are in state: closed)
PORT     STATE SERVICE
21/tcp   open ftp
22/tcp   open ssh
23/tcp   open telnet
79/tcp   open finger
111/tcp open rpcbind
513/tcp open login
514/tcp open shell
898/tcp open sun-manageconsole
4045/tcp open lockd
7100/tcp open font-service
Nmap finished: 1 IP address (1 host up) scanned in 44.874 seconds(port 7100 is actually a non-standard VNC server which was carried over from the global zone)
Of course, this is immediately before running Solaris Security Toolkit (jass) to apply a secure profile.
Does it matter that this SMC startup can be triggered so easily remotely?

It just struck me odd that simply port-scanning the
machine could produce this behaviour, and I wonder if
it might be a security issue.Probably not directly. Sun has distributed several items in the past that launch via inetd connections (calendar manager and font server were two common ones). Just because it launches doesn't mean it's a security problem. The application itself may require authentication after running.
Of course the resources required by the process may be non-trivial, and the application may have security issues, but the fact that it launches isn't a direct indication of a problem.
Darren

Security Issue in Planning. Unable to write to particular Year member

Hello Everyone,
I am currently facing a strange security issue in our PRD environment. I am unable to lock and send any data or punch the data in directly through a dataform for a particular Year, Scenario and Version combination. I have all the write access set up on these dimensions directly from planning interface and configured myself as Admin through Shared services.
Dimensions are as follows:
Year
-FY11
-FY12
-FY13
Scenario
-Forecast
Version
-Working
I can key in the data for FY11+Forecast+Working BUT all the cells in the dataform appear to be green for below combination:
FY12+Forecast+Working and FY13+Forecast+Working
I am not sure whats happening here as I have right security setup and Forecast is setup correctly too, from FY11 to FY13 for all the months(Jan:Dec).
Please Help
Thanks

Hi John,
Yes the months are setup correctly. I resolved the issue. We had a replicated partition connected to it, which pushes data to my application for FY12 and FY13. The partition needed to be dropped. Now I can see the cells in yellow.
Thanks

Samba 3.2.6 patch for security issue

I know the security issue is hard to trigger, but I created a new PKGBUILD for samba 3.2.6 containing the patch.
Excerpt from the patch commentary:
commit 288fa94ac7cfdf7457b5098c33fc840bed3d5410
Author: Michael Adam <[email protected]>
AuthorDate: Thu Dec 18 18:01:55 2008 +0100
Commit: Karolin Seeger <[email protected]>
CommitDate: Fri Dec 19 08:30:23 2008 +0100
smbd: prevent access to root filesystem when connecting with empty service name
This only applies to a setup with "registry shares = yes"
Michael
And here's the PKGBUILD:
# $Id: PKGBUILD 22200 2008-12-22 22:24:26Z tpowa $
# Maintainer: judd <[email protected]>
pkgname=samba
pkgver=3.2.6
# We use the 'A' to fake out pacman's version comparators. Samba chooses
# to append 'a','b',etc to their subsequent releases, which pamcan
# misconstrues as alpha, beta, etc. Bad samba!
_realver=3.2.6
pkgrel=2.1
pkgdesc="Tools to access a server's filespace and printers via SMB"
arch=(i686 x86_64)
url="http://www.samba.org"
license=('GPL3')
backup=(etc/logrotate.d/samba etc/pam.d/samba etc/samba/smb.conf etc/xinetd.d/swat etc/conf.d/samba)
depends=('db>=4.7' 'popt' 'libcups' 'acl' 'libldap' 'smbclient=3.2.6' 'libcap' 'heimdal>=1.2-1' 'pam' 'fam' 'gnutls>=2.4.1' 'tdb=3.2.6')
options=(!makeflags)
source=(http://us1.samba.org/samba/ftp/stable/${pkgname}-${_realver}.tar.gz \
no-clients.patch samba samba.logrotate swat.xinetd samba.pam samba.conf.d \
ftp://us1.samba.org/pub/samba/patches/security/samba-3.2.6-CVE-2009-0022.patch)
build() {
cd ${srcdir}/${pkgname}-${_realver}/source
patch -Np2 -i ${srcdir}/no-clients.patch || return 1
patch -Np2 -i ${srcdir}/samba-3.2.6-CVE-2009-0022.patch || return 1
./configure --prefix=/usr --with-configdir=/etc/samba \
--with-lockdir=/var/cache/samba \
--with-piddir=/var/run/samba \
--with-fhs --with-pam --with-ads --with-acl-support \
--without-cifsmount --without-libsmbclient \
--with-syslog --with-pam_smbpass \
--localstatedir=/var --disable-dnssd --libdir=/usr/lib/samba
make || return 1
mkdir -p ${pkgdir}/var/log/samba
mkdir -p ${pkgdir}/etc/samba/private
chmod 700 ${pkgdir}/etc/samba/private
make DESTDIR=$startdir/pkg install
chmod 644 ${pkgdir}/usr/include/*.h
rm -rf ${pkgdir}/usr/var
(cd script; cp installbin.sh i; cat i | sed 's/\/sbin\///' > installbin.sh)
install -D -m755 ../../samba ${pkgdir}/etc/rc.d/samba
install -D -m644 ../../samba.conf.d ${pkgdir}/etc/conf.d/samba
mkdir -p ${pkgdir}/etc/samba
cat ../examples/smb.conf.default | \
sed 's|log file = .*$|log file = /var/log/samba/log.%m|g' >${pkgdir}/etc/samba/smb.conf.default
install -D -m644 ../../samba.logrotate ${pkgdir}/etc/logrotate.d/samba
install -D -m644 ../../swat.xinetd ${pkgdir}/etc/xinetd.d/swat
install -D -m644 ../../samba.pam ${pkgdir}/etc/pam.d/samba
# symlink libs
for i in ${pkgdir}/usr/lib/samba/libsmbshare*; do
ln -sf samba/$(basename $i) ${pkgdir}/usr/lib/$(basename $i)
done
# spool directory
install -d -m1777 ${pkgdir}/var/spool/samba
sed -i 's|/usr/spool/samba|/var/spool/samba|g' ${pkgdir}/etc/samba/smb.conf.default
# fix logrotate
sed -i -e 's|log.%m|%m.log|g' ${pkgdir}/etc/samba/smb.conf.default
# nsswitch libraries
install -D -m755 nsswitch/libnss_wins.so ${pkgdir}/lib/libnss_wins.so
ln -s libnss_wins.so ${pkgdir}/lib/libnss_wins.so.2
install -D -m755 nsswitch/libnss_winbind.so ${pkgdir}/lib/libnss_winbind.so
install -D -m755 bin/pam_winbind.so ${pkgdir}/lib/security/pam_winbind.so
# remove conflict files of smbclient and tdb
for man in libsmbclient smbspool \
umount.cifs mount.cifs net; do
rm -f ${pkgdir}/usr/share/man/man8/${man}.8
done
for i in libnetapi* libtdb* libtalloc* libwbclient*; do
rm -f ${pkgdir}/usr/lib/samba/$i
done
rm -f ${pkgdir}/usr/bin/tdbbackup
rm -f ${pkgdir}/usr/include/{tdb.h,talloc.h,netapi.h}
for man in rpcclient smbcacls smbclient smbcquotas \
smbtree smbtar nmblookup smbget; do
rm -f ${pkgdir}/usr/share/man/man1/${man}.1
done
rm -f ${pkgdir}/usr/share/man/man7/libsmbclient.7
rm -f ${pkgdir}/usr/include/libsmbclient.h
md5sums=('0cd27c7afbb8211616eea4010f32271c'
'a676f0dde2c434aeb5125376b8797a64'
'e93533fa2296c07c1f645dfdd373657f'
'5697da77590ec092cc8a883bae06093c'
'a4bbfa39fee95bba2e7ad6b535fae7e6'
'96f82c38f3f540b53f3e5144900acf17'
'f2f2e348acd1ccb566e95fa8a561b828'
'e15ab37115101cf3a8d110f0c1f8e29e')
I think a security task force should be initiated (I know discussions existed, but I don't know what were the consequences), so that important packages (like those providing services) could be updated in a timely manner. This is a minor issue as I stated earlier, but it could be worse. Those interested, let's initiate a discussion with the developers of important packages and try to get some things working. People (mostly trusted users) who can generate early packages are welcome, so that they can provide early versions of unvulnerable packages.

ckristi wrote:I don't know about other packages, but I believe when I checked the PKGBUILD for PHP, that the security fix was included in 5.2.7.
Check http://repos.archlinux.org/viewvc.cgi/p … iew=markup for more info.
And don't get me wrong, I am a little bit concerned about the way vulnerabilities are treated in Arch, 'cause my home server is running this distro.
And I really would think we should start some serious discussions about this security issues and the way they should be treated. I know the developers are doing their best and I'm not going to put fingers at all. They should be helped in maintaining packages for important services. We'll benefit from it and their tasks would be easier.
Why don't you start a wiki page tracking the latest vulnerabilities disclosed on various security mailing lists which are not fixed in arch. This will make it much easier for the devs.
This thing has been already discussed multiple times and already a wiki page exists for Arch Security Team but it seems nobody followed up with that.
http://wiki.archlinux.org/index.php/Security_Task_Force

RMI security issue

Hi, there!
This is cross-post from "NetWeaver AS, Java" forum.
I have a security issue when I try to run RMI client code in the web application on the Web AS 2004s. There is
lookup statement in JSP or servlet code:
Naming.lookup("//server/RemoteClass")
which throws
java.io.AccessControlException: access denied (java.io.FilePermission
D:\usr\sap\AS1\JC00\j2ee\cluster\server0\apps\sap.com\MyEntApp\servlet_jsp\MyWebApp\work\com\mycompany\packagename\RemoteClassImpl_Stub.class read)
I have investigated where "java.security.policy" parameter is setup, there has value "./java.policy". This file is
regenerated each time when web AS is started, thus I created another policy file, granted file permission for
above path and set it as -Djava.security.policy in server start parameter. It doesn't resolve problem, I have
investigated this parameter doesn't correlate with real application run-time permissions. Has anybody ideas?
Thanks
P.S. This code works fine as a standalone application.

File Name : policy.txt
grant {
permission java.security.AllPermission;
};Run ur program as follows:
java -Djava.security.policy=policy.txt <Java Client >

Security issue between weblogic server

Hello,
Here is security issue that we are facing.
Here is setup
Environment 1
Admin server say "env1admin"
Managed Weblogic Server say "env1managed"
We deployed an EJB called HelloEJB in env1managed server and this has an api
sayHello(). HelloClient is a client to HelloEJB.
S/w Weblogic 6.1 sp3
Environment 2
Admin server say "env2admin"
Managed Weblogic Server say "env2managed"
We deployed an EJB called ServiceEJB in env2managed server and this has an api
serviceRequest(). We use weblogic role based security and restrict access to this
api by user HelloEJB.
s/w Weblogic 6.1 sp3
Here is how the system works:
We start the env2admin, env2managed (ServiceEJB is which is a Stateless session
EJB deployed in env2Managed)
We start the env1admin and env1managed (HelloEJB(which is a Stateless session
EJB is deployed in env1Managed)
Test case:
1)HelloClient invokes HelloEJB api sayHello().
2)Now at this point in ejbCreate() at HelloEJB() end we get a reference to ServiceEJB
using Jndi and the context is never closed ). HelloEJB then calls serviceRequest()
api in ServiceEJB. Then gets back a response and then returns response to HelloClient.
Now if we repeat the above testcase.
After step1 in step2 HelloEJB though has all the permissions to invoke api on
ServiceEJB gets an SecurityException.
Question is why doe this happen. Only way HelloEJB can make api calls to serviceEJB
is by making a lookup() every single time. Which is very expensive. I looked at
documents what they say is leave the context open and never close it. Though I
am doing that I am getting this exception.
Any thoughts ?
Thanks in advance,
Vijay

Here are the details of exception stack trace:
java.rmi.AccessException: Security violation: insufficient permission to access
method; nested exception is:
java.lang.SecurityException: Security violation: insufficient permission
to access method
java.lang.SecurityException: Security violation: insufficient permission to access
method
at weblogic.ejb20.internal.BaseEJBObject.preInvoke(BaseEJBObject.java:92)
at weblogic.ejb20.internal.StatelessEJBObject.preInvoke(StatelessEJBObject.java:63)
at service.ServiceBean_nr0s19_EOImpl.sendServiceRequest(ServiceBean_nr0s19_EOImpl.java:25)
at service.ServiceBean_nr0s19_EOImpl_WLSkel.invoke(Unknown Source)
at weblogic.rmi.internal.BasicServerRef.invoke(BasicServerRef.java:298)
at weblogic.rmi.cluster.ReplicaAwareServerRef.invoke(ReplicaAwareServerRef.java:93)
at weblogic.rmi.internal.BasicServerRef.handleRequest(BasicServerRef.java:267)
at weblogic.rmi.internal.BasicExecuteRequest.execute(BasicExecuteRequest.java:22)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:139)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:120)
End server side stack trace
; nested exception is:
Vijay
"Vijay" <[email protected]> wrote:
>
Hello,
Here is security issue that we are facing.
Here is setup
Environment 1
Admin server say "env1admin"
Managed Weblogic Server say "env1managed"
We deployed an EJB called HelloEJB in env1managed server and this has
an api
sayHello(). HelloClient is a client to HelloEJB.
S/w Weblogic 6.1 sp3
Environment 2
Admin server say "env2admin"
Managed Weblogic Server say "env2managed"
We deployed an EJB called ServiceEJB in env2managed server and this has
an api
serviceRequest(). We use weblogic role based security and restrict access
to this
api by user HelloEJB.
s/w Weblogic 6.1 sp3
Here is how the system works:
We start the env2admin, env2managed (ServiceEJB is which is a Stateless
session
EJB deployed in env2Managed)
We start the env1admin and env1managed (HelloEJB(which is a Stateless
session
EJB is deployed in env1Managed)
Test case:
1)HelloClient invokes HelloEJB api sayHello().
2)Now at this point in ejbCreate() at HelloEJB() end we get a reference
to ServiceEJB
using Jndi and the context is never closed ). HelloEJB then calls serviceRequest()
api in ServiceEJB. Then gets back a response and then returns response
to HelloClient.
Now if we repeat the above testcase.
After step1 in step2 HelloEJB though has all the permissions to invoke
api on
ServiceEJB gets an SecurityException.
Question is why doe this happen. Only way HelloEJB can make api calls
to serviceEJB
is by making a lookup() every single time. Which is very expensive. I
looked at
documents what they say is leave the context open and never close it.
Though I
am doing that I am getting this exception.
Any thoughts ?
Thanks in advance,
Vijay

Jdeveloper WS Proxy client and ADFpage both throwing security issues

Hello experts, can you please help me. I have web service deployed on weblogic server.
I have not set any credential for this web service. I can test the service from SOAPUI without providing any credentials.
Then I generated WS proxy client using Jdeveloper. When I try to run the client, I do not know why I get security execption (shown below) eventhough I have not secured the web service deployed on weblogic server.
java.lang.SecurityException: keyStoreFilename is either null or empty string
at weblogic.wsee.security.util.CertUtils.getCertificate(CertUtils.java:87)
at pilot1.ContactWSPortTypePortClient.getBSTCredentialProvider(ContactWSPortTypePortClient.java:104)
at pilot1.ContactWSPortTypePortClient.setPortCredentialProviderList(ContactWSPortTypePortClient.java:78)
at pilot1.ContactWSPortTypePortClient.main(ContactWSPortTypePortClient.java:46)
Process exited with exit code 0.
Here is my client class :
public static void main(String[] args) {
try {
contactWSService = new ContactWSService();
ContactWSPortType contactWSPortType = contactWSService.getContactWSPortTypePort();
Map<String, Object> requestContext = ((BindingProvider) contactWSPortType).getRequestContext();
setPortCredentialProviderList(requestContext);
// Add your code to call the desired methods.
// QueryPageInputSecondPage qpisp= new QueryPageInputSecondPage(); //I have commented it in order to resolve security issue
System.out.println("Inside the client class");
} catch (Exception ex) {
ex.printStackTrace();
Inside the method setPortCredentialProviderList(), I have not provided any credentials, keystores etc. Because weblogic is not setup with SSL and also I have not set up any authorization or authentication for the web service. I do not know why I am able to test it through SOAPUI and why not using WS proxy.
I also tried to invoke the web service from ADF page by creating data contorl. I did not provide any policy details because there is not security enabled for the web service on weblogic server. Even when I run the ADF application, I get below security error :
<Error while invoking endpoint "http://10.1.1.59:7010/ContactWSWebSvc/ContactWSPortTypePort" from client; Security Subject: anonymous>
####<Jul 9, 2012 10:02:31 AM EDT> <Error> <oracle.adf.model.connection.webservice> <dmnov23-HP> <DefaultServer> <[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <a7d8487bcbe16046:-44aec1c2:1386c02f9ac:-8000-000000000000007f> <1341842551474> <BEA-000000> <Failed to execute a SAAJ interaction.
javax.xml.ws.soap.SOAPFaultException: java.lang.NullPointerException
at oracle.j2ee.ws.client.jaxws.DispatchImpl.throwJAXWSSoapFaultException(DispatchImpl.java:1024)
at oracle.j2ee.ws.client.jaxws.DispatchImpl.invoke(DispatchImpl.java:808)
at oracle.j2ee.ws.client.jaxws.OracleDispatchImpl.synchronousInvocationWithRetry(OracleDispatchImpl.java:235)
Appreciate your quick response.
thanks a lot
jyothi
Edited by: Jyothi on Jul 9, 2012 2:45 PM
Edited by: Jyothi on Jul 9, 2012 2:48 PM

Also, I do not know why the Jdev classpath is set with lot of jar files. May be that is how the Jdeveloper is setup when we install since it has to support lot of applications. I am really shocked to see this.
When I run the WS proxy client (java client) for this webservice from Jdeveloper, it is finally throwing java.lang.SecurityException: keyStoreFilename is either null or empty string error. As I mentioned earlier, I did not provide any credentials or keysotre details inside setPortCredentialProviderList(). I am totally confused why Jdeveloper is behaving like this for unsecured web service.
C:\Program Files\Java\jdk1.6.0_31\bin\javaw.exe" -server -classpath C:\JDeveloper\mywork\Application2\.adf;C:\JDeveloper\mywork\Application2\Pilot1\classes;C:\fmu\oracle_common\modules\oracle.jsf_1.2.9\glassfish.jsf_1.0.0.0_1-2-15.jar;C:\fmu\oracle_common\modules\oracle.jsf_1.2.9\glassfish.jstl_1.2.0.1.jar;C:\fmu\oracle_common\modules\oracle.jsf_1.2.9\javax.jsf_1.1.0.0_1-2.jar;C:\fmu\oracle_common\modules\oracle.jsf_1.2.9\wls.jsf.di.jar;C:\fmu\oracle_common\modules\oracle.idm_11.1.1\identitystore.jar;C:\fmu\oracle_common\modules\oracle.adf.model_11.1.1\adfm.jar;C:\fmu\oracle_common\modules\groovy-all-1.6.3.jar;C:\fmu\oracle_common\modules\oracle.adf.model_11.1.1\adftransactionsdt.jar;C:\fmu\oracle_common\modules\oracle.adf.view_11.1.1\adf-dt-at-rt.jar;C:\fmu\oracle_common\modules\oracle.adf.model_11.1.1\adfdt_common.jar;C:\fmu\oracle_common\modules\oracle.adf.model_11.1.1\adflibrary.jar;C:\fmu\oracle_common\modules\oracle.xdk_11.1.0\xmlparserv2.jar;C:\fmu\oracle_common\modules\oracle.adf.model_11.1.1\db-ca.jar;C:\fmu\oracle_common\modules\oracle.adf.model_11.1.1\jdev-cm.jar;C:\fmu\oracle_common\modules\oracle.ldap_11.1.1\ojmisc.jar;C:\fmu\oracle_common\modules\oracle.adf.share_11.1.1\commons-el.jar;C:\fmu\oracle_common\modules\oracle.adf.share_11.1.1\jsp-el-api.jar;C:\fmu\oracle_common\modules\oracle.adf.share_11.1.1\oracle-el.jar;C:\fmu\oracle_common\modules\oracle.adf.security_11.1.1\adf-share-security.jar;C:\fmu\oracle_common\modules\oracle.adf.security_11.1.1\adf-controller-security.jar;C:\fmu\modules\javax.activation_1.1.0.0_1-1.jar;C:\fmu\oracle_common\modules\oracle.adf.share_11.1.1\adf-share-support.jar;C:\fmu\oracle_common\modules\oracle.adf.share.ca_11.1.1\adf-share-ca.jar;C:\fmu\oracle_common\modules\oracle.adf.share.ca_11.1.1\adf-share-base.jar;C:\fmu\oracle_common\modules\oracle.adf.share_11.1.1\adflogginghandler.jar;C:\fmu\oracle_common\modules\oracle.adf.share_11.1.1\adfsharembean.jar;C:\fmu\oracle_common\modules\oracle.jmx_11.1.1\jmxframework.jar;C:\fmu\oracle_common\modules\oracle.jmx_11.1.1\jmxspi.jar;C:\fmu\oracle_common\modules\oracle.adf.model_11.1.1\bc4j-mbeans.jar;C:\fmu\oracle_common\modules\oracle.adf.model_11.1.1\bc4jwizard.jar;C:\fmu\oracle_common\modules\oracle.javatools_11.1.1\resourcebundle.jar;C:\fmu\modules\javax.mail_1.1.0.0_1-4-1.jar;C:\fmu\oracle_common\modules\oracle.ldap_11.1.1\ldapjclnt11.jar;C:\fmu\oracle_common\modules\oracle.jps_11.1.1\jps-api.jar;C:\fmu\oracle_common\modules\oracle.jps_11.1.1\jps-common.jar;C:\fmu\oracle_common\modules\oracle.jps_11.1.1\jps-ee.jar;C:\fmu\oracle_common\modules\oracle.jps_11.1.1\jps-internal.jar;C:\fmu\oracle_common\modules\oracle.jps_11.1.1\jps-unsupported-api.jar;C:\fmu\oracle_common\modules\oracle.jps_11.1.1\jps-manifest.jar;C:\fmu\oracle_common\modules\oracle.jps_11.1.1\jacc-spi.jar;C:\fmu\oracle_common\modules\oracle.pki_11.1.1\oraclepki.jar;C:\fmu\oracle_common\modules\oracle.osdt_11.1.1\osdt_core.jar;C:\fmu\oracle_common\modules\oracle.osdt_11.1.1\osdt_cert.jar;C:\fmu\oracle_common\modules\oracle.osdt_11.1.1\osdt_xmlsec.jar;C:\fmu\oracle_common\modules\oracle.osdt_11.1.1\osdt_ws_sx.jar;C:\fmu\oracle_common\modules\oracle.iau_11.1.1\fmw_audit.jar;C:\fmu\modules\javax.security.jacc_1.0.0.0_1-1.jar;C:\fmu\oracle_common\modules\oracle.jdbc_11.1.1\ojdbc6dms.jar;C:\fmu\jdeveloper\BC4J\jlib\bc4jtester.jar;C:\fmu\oracle_common\modules\oracle.adf.model_11.1.1\adfm-debugger.jar;C:\fmu\oracle_common\modules\oracle.adf.model_11.1.1\regexp.jar;C:\fmu\oracle_common\modules\oracle.help_5.0\ohj.jar;C:\fmu\oracle_common\modules\oracle.help_5.0\help-share.jar;C:\fmu\oracle_common\modules\oracle.bali.share_11.1.1\share.jar;C:\fmu\jdeveloper\jlib\jewt4.jar;C:\fmu\oracle_common\modules\oracle.help_5.0\oracle_ice.jar;C:\fmu\jdeveloper\ide\lib\idert.jar;C:\fmu\jdeveloper\ide\lib\javatools.jar;C:\fmu\wlserver_10.3\server\lib\weblogic.jar;C:\fmu\oracle_common\modules\oracle.mds_11.1.1\mdsrt.jar;C:\fmu\oracle_common\modules\oracle.mds_11.1.1\oramds.jar;C:\fmu\modules\javax.servlet_1.0.0.0_2-5.jar;C:\fmu\modules\javax.jsp_1.2.0.0_2-1.jar;C:\fmu\jdeveloper\ide\macros\..\..\..\wlserver_10.3\server\lib\ojdbc6.jar;C:\fmu\oracle_common\jlib\commons-cli-1.0.jar;C:\fmu\oracle_common\modules\oracle.xmlef_11.1.1\xmlef.jar;C:\fmu\oracle_common\modules\oracle.dms_11.1.1\dms.jar;C:\fmu\oracle_common\modules\oracle.xdk_11.1.0\xml.jar;C:\fmu\oracle_common\modules\oracle.javacache_11.1.1\cache.jar;C:\fmu\oracle_common\modules\oracle.ucp_11.1.0.jar;C:\fmu\oracle_common\modules\oracle.odl_11.1.1\ojdl.jar;C:\fmu\oracle_common\modules\oracle.javatools_11.1.1\javatools-nodeps.jar;C:\fmu\modules\javax.management_1.2.1.jar;C:\fmu\modules\javax.management.j2ee_1.0.jar;C:\fmu\jdeveloper\ide\macros\..\..\..\oracle_common\modules\oracle.nlsrtl_11.1.0\orai18n.jar;C:\fmu\modules\glassfish.el_1.0.0.0_2-1.jar;C:\fmu\oracle_common\modules\oracle.jrf_11.1.1\jrf.jar;C:\fmu\modules\com.oracle.toplink_1.0.0.0_11-1-1-5-0.jar;C:\fmu\modules\org.eclipse.persistence_1.1.0.0_2-1.jar;C:\fmu\modules\com.bea.core.antlr.runtime_2.7.7.jar;C:\fmu\oracle_common\modules\oracle.toplink_11.1.1\javax.persistence_2.0_preview.jar;C:\fmu\modules\com.bea.core.apache.xercesImpl_2.8.1.jar;C:\fmu\modules\glassfish.jaxb_1.0.0.0_2-1-12.jar;C:\fmu\modules\javax.xml.bind_2.1.1.jar -Djavax.net.ssl.trustStore=C:\fmu\wlserver_10.3\server\lib\DemoTrust.jks pilot1.ContactWSPortTypePortClient
java.lang.SecurityException: keyStoreFilename is either null or empty string
     at weblogic.wsee.security.util.CertUtils.getCertificate(CertUtils.java:87)
     at pilot1.ContactWSPortTypePortClient.getBSTCredentialProvider(ContactWSPortTypePortClient.java:104)
     at pilot1.ContactWSPortTypePortClient.setPortCredentialProviderList(ContactWSPortTypePortClient.java:78)
     at pilot1.ContactWSPortTypePortClient.main(ContactWSPortTypePortClient.java:46)
Process exited with exit code 0.

Been awhile since I setup a secure network..years really. How does this look?

KChill wrote:
I could include a WAP that is joined to the domain properly and have employees use that, would increase the number of aps needed a touch but I think that would be more secure.That is not required and a large management overhead. If you properly configure VLAN trunking and access lists, you won't have any security issues between the LAN SSID network and the Guest or whatever you want to call it.

I'm messing around with the idea of a network upgrade and its been so long since I setup a solid network that I could use some feedback if the topology I have created would be a solid choice for a business network.
If I got something wrong on the network just let me know or if this design is overly complicated.
This topic first appeared in the Spiceworks Community

Unexpected change to Time Capsule address--security issue?

I received a message that my Time Capsule address had recently changed and that possibly someone might be trying to use my Time Capsule other than me. I checked the configuration of the Time Capsule and it was still assigned to my Airport router. Since I had not changed the TC address, could someone have hacked into my WiFi even though it is secured with a password?
When I clicked the box opting to backup to the TC, I found that all my previous backups were gone. Now, when I access TC, the message indicates that I am accessing a "server" which I don't remember seeing previously.
I am a computer novice and am afraid that I may have a security issue.

Did you recently do an upgrade to the OS in the computer or even firmware...? The later might have popped up a message you hardly noticed.
These changes can affect things.
If you are using WPA2 Personal security for wireless with a decent password you are very unlikely to have issues. Put that one at least to rest. And the access via the rest of the network, well that just depends on setup but it is generally extremely difficult.
To lose your backups is rather odd. Please go to the airport utility and check how much space is used on the TC hard disk.. if it is about what your backup were then they are not lost.. but merely changed name.. or the computer changed name. Mount the TC disk and check exactly what is there and see if you can reconnect to the backups.
B5 and B6 here might be a help. http://pondini.org/TM/Troubleshooting.html
You can also do a reset of TM .. A4 and see if you can reconnect to the TC and that should help you get the connection back to your backups.

Can not view slidshows or creat a book on Snapfish. SF IT folks say it's a security issue on my end. Any ideas?

Can not view slidshows or creat a book on Snapfish. SF IT folks say it's a security issue on my end. Any ideas?

You will need to contact Snapfish to find out their system requirements and which plugin you need
- http://support.snapfish.com/app/answers/detail/a_id/669/brand/3

I updated some security issues and suddenlly my gmail does not open. it shows 75% of the procees and does not go on

I updated automatically some security issues in my computer (I don't remember which) and now my gmail will start opening until it reaches 75% and it will not go on opening.
I can open it Internet explorer but not in Mozila fireworks

Clear the cache and the cookies from sites that cause problems.
"Clear the Cache":
*Tools > Options > Advanced > Network > Cached Web Content: "Clear Now"
"Remove Cookies" from sites causing problems:
*Tools > Options > Privacy > Cookies: "Show Cookies"
Start Firefox in <u>[[Safe Mode|Safe Mode]]</u> to check if one of the extensions or if hardware acceleration is causing the problem (switch to the DEFAULT theme: Firefox/Tools > Add-ons > Appearance/Themes).
*Don't make any changes on the Safe mode start window.
*https://support.mozilla.org/kb/Safe+Mode
*https://support.mozilla.org/kb/Troubleshooting+extensions+and+themes

I am trying to setup to secure a redirect public port to a private port

I i am trying to setup to secure a redirect public port to a private port to a Microsoft server exchange
A user coming from the outside(Untrusted security level 0) will connect to IIS server in the DMZ(Trusted security level 50) with a port 443 to a PIX 515 , the IIS server has a application called Detour Service(Service transparently reroutes any TCP connection from one IP Port to any other IP Port) will initiate a connection to Microsoft server exchange to the inside(trusted security level 100).
Do you think it is the right solution I term of security?yes or no, are do you have a better solutution
Thanks
User port destination 443(outside)>>>>>> IIS server port destination 9999(DMZ)>>>>>>>>>>> Microsoft server exchange(inside)

Actually the connection from lower security level to higher security level is blocked. You can apply an access list to limit traffic from inside to outside, or allow traffic from outside to inside. For transparent firewall mode, you can also apply an EtherType access list to allow non-IP traffic.

Setup of security issue

Similar Messages

Maybe you are looking for