SNC server side trust based on kerberos - is it possible ?

Similar Messages

• SAP SNC Server Side Trust Setup Problems

  Single Server BOE instalation of BOE 3.1 SP4 to Windows 2008 R2 machine
  Sap version 720 Patch level 7
  We have used kbase article 1500150 and 1396213 to run thorugh the configuration and testing and all has checked out.
  We are unable to have the "roles" returned when any "DN" value is entered in the SNC name entry in the entitlement systems tab.
  We have turned on RFC tracing and have run the JCO test  The RFC trace file is below followed by the JCO test information.  JCO test was run twice, once with each DN just to make sure.
  Please help
  =======================RFC TRACE===========================
  ERROR file opened at 20111116 174146 Eastern Standard Time, SAP-REL 720,0,93 RFC-VER 3  MT-SL
  T:3988 Error in program 'CMS': ======> SAP_CMINIT3 : rc=20 > Connect to SAP gateway failed
  Connect_PM  GWHOST=torsbid01.cpr.ca, GWSERV=sapgw00, SYSNR=00
  LOCATION    CPIC (TCP/IP) on local host with Unicode
  ERROR       GSS-API(maj): No credentials were supplied
              GSS-API(min): No credentials found for this name (not logged
              on) (USER
              name="p:CN=BOEDEV, OU=BOBJ, O=CPR, C=CA"
  TIME        Wed Nov 16 17:41:46 2011
  RELEASE     720
  COMPONENT   SNC (Secure Network Communication)
  VERSION     5
  RC          -4
  MODULE      sncxxall.c
  LINE        1439
  DETAIL      SncPAcquireCred
  SYSTEM CALL gss_acquire_cred
  COUNTER     55
  T:2800 Error in program 'CMS': ======> SAP_CMINIT3 : rc=20 > Connect to SAP gateway failed
  Connect_PM  GWHOST=torsbid01.cpr.ca, GWSERV=sapgw00, SYSNR=00
  LOCATION    CPIC (TCP/IP) on local host with Unicode
  ERROR       GSS-API(maj): No credentials were supplied
              GSS-API(min): No credentials found for this name (not logged
              on) (USER
              name="p:CN=BOEDEV, OU=BOBJ, O=CPR, C=CA"
  TIME        Wed Nov 16 17:41:46 2011
  RELEASE     720
  COMPONENT   SNC (Secure Network Communication)
  VERSION     5
  RC          -4
  MODULE      sncxxall.c
  LINE        1439
  DETAIL      SncPAcquireCred
  SYSTEM CALL gss_acquire_cred
  COUNTER     4
  T:4760 Error in program 'CMS': ======> SAP_CMINIT3 : rc=20 > Connect to SAP gateway failed
  Connect_PM  GWHOST=torsbid01.cpr.ca, GWSERV=sapgw00, SYSNR=00
  LOCATION    CPIC (TCP/IP) on local host with Unicode
  ERROR       GSS-API(maj): No credentials were supplied
              GSS-API(min): No credentials found for this name (not logged
              on) (USER
              name="p:CN=BOEDEV, OU=BOBJ, O=CPR, C=CA"
  TIME        Wed Nov 16 17:41:46 2011
  RELEASE     720
  COMPONENT   SNC (Secure Network Communication)
  VERSION     5
  RC          -4
  MODULE      sncxxall.c
  LINE        1439
  DETAIL      SncPAcquireCred
  SYSTEM CALL gss_acquire_cred
  COUNTER     3
  ========================JCO TEST=======================
  E:\BusinessObjects\javasdk\bin>java -classpath E:\BusinessObjects\Tomcat55\share
  d\lib\sapjco.jar com.sap.mw.jco.support.JRfcTest
             SAP JCo Client Test             *
                   Possible SAP JCo-Tests
                    1. RFC_SYSTEM_INFO
                    2. CONNECTION
                    3. PERFORMANCE
                    4. INHOMOGENEOUS STRUCTURE/TABLE
                   15. TRANSACTIONAL RFC
                   99. Exit
                 Your Choice....... :2
                        SAP JCo TEST - CONNECTION TEST
                        Send message and wait for ECHO/INFO
                 CONNECTION PARAMETERS:
                   Server is R/2, R/3 or External (2/3/F/E): 3
                   Use load balancing (Y/N)Y...............: Y
                   R/3 system name.........................: BIN
                   Message server..........................: binmain
                   Selected group..........................: PUBLIC
                   Working with SNC (Y/N)N.................: N
                 RFC-SPECIFIC PARAMETERS:
                   Working with ABAP debugger (Y/N)N.......: N
                   Use SAPGUI (Y/N)N.......................: N
                   RFC trace (Y/N)N........................: N
                   JCo trace level (0-10)..................: 0
                 SAP LOGON DATA:
                   Client..................................: 000
                   UserID..................................: SAPCPIC
                   Password................................: XXXXXX
                   Language (E)............................: E
                 #Calls of this JCo Test...................: 1
                 Do You Want To Test With These Parameters (Y/N).. :N
                 CONNECTION PARAMETERS:
                   Server is R/2, R/3 or External (2/3/F/E): [3] :3
                   Use load balancing (Y/N)Y...............: [Y] :N
                   Host name of an application server......: [binmain] :torsbid01.
  cpr.ca
                   System number...........................: [53] :00
                   Working with SNC (Y/N)N.................: [N] :Y
                   SNC Library Name........................: [C:\Program Files\SEC
  UDE\SECUDE for R3\secude.dll] :E:\SAP\Crypto\sapcrypto.dll
                   SNC name of partner program.............: [s:sample@hs0335] :p:
  CN=BOEDEV, OU=BOBJ, O=CPR, C=CA
                 RFC-SPECIFIC PARAMETERS:
                   Working with ABAP debugger (Y/N)N.......: [N] :N
                   Use SAPGUI (Y/N)N.......................: [N] :Y
                   Automatically invisible SAPGUI (Y/N)N...: [N] :Y
                   RFC trace (Y/N)N........................: [N] :Y
                   JCo trace level (0-10)..................: [0] :10
                 SAP LOGON DATA:
                   Client..................................: [000] :200
                   UserID..................................: [SAPCPIC] :Crystal
                   Password................................: [******] :Welcome1
                   Language (E)............................: [E] :
                 #Calls of this JCo Test...................: [1] :
                 Do You Want To Test With These Parameters (Y/N).. :y
  >>>>>>>>>>>>>>>> SAP JCo TEST - CONNECTION TEST >>>>>>>>>>>>>>>>
  main [18:02:41:758]: [JAV-LAYER] INFO: JCo version is 2.1.10 (2011-05-10)
  main [18:02:41:758]: [JAV-LAYER] JCO.setProperty("jco.trace_level", "10")
  main [18:02:41:758]: [JNI-LAYER] RFC.nativeSetTraceLevel()                with r
  c = RFC_OK   leave, [SUCCESS]
  main [18:02:41:758]: [JAV-LAYER] JCO.setProperty("jco.trace_path", ".")
  Stack trace of call to JCO.setProperty("jco.trace_path", ".")
          at com.sap.mw.jco.JCO.setProperty(JCO.java:554)
          at com.sap.mw.jco.JCO.setTracePath(JCO.java:791)
          at com.sap.mw.jco.support.JRfcTest.correctProperties(JRfcTest.java:1047)
          at com.sap.mw.jco.support.JRfcTest.initCall(JRfcTest.java:1074)
          at com.sap.mw.jco.support.JRfcTest.runConnectionTest(JRfcTest.java:737)
          at com.sap.mw.jco.support.JRfcTest.main(JRfcTest.java:203)
  E:\BusinessObjects\javasdk\bin>java -classpath E:\BusinessObjects\Tomcat55\share
  d\lib\sapjco.jar com.sap.mw.jco.support.JRfcTest
             SAP JCo Client Test             *
                   Possible SAP JCo-Tests
                    1. RFC_SYSTEM_INFO
                    2. CONNECTION
                    3. PERFORMANCE
                    4. INHOMOGENEOUS STRUCTURE/TABLE
                   15. TRANSACTIONAL RFC
                   99. Exit
                 Your Choice....... :2
                        SAP JCo TEST - CONNECTION TEST
                        Send message and wait for ECHO/INFO
                 CONNECTION PARAMETERS:
                   Server is R/2, R/3 or External (2/3/F/E): 3
                   Use load balancing (Y/N)Y...............: Y
                   R/3 system name.........................: BIN
                   Message server..........................: binmain
                   Selected group..........................: PUBLIC
                   Working with SNC (Y/N)N.................: N
                 RFC-SPECIFIC PARAMETERS:
                   Working with ABAP debugger (Y/N)N.......: N
                   Use SAPGUI (Y/N)N.......................: N
                   RFC trace (Y/N)N........................: N
                   JCo trace level (0-10)..................: 0
                 SAP LOGON DATA:
                   Client..................................: 000
                   UserID..................................: SAPCPIC
                   Password................................: XXXXXX
                   Language (E)............................: E
                 #Calls of this JCo Test...................: 1
                 Do You Want To Test With These Parameters (Y/N).. :n
                 CONNECTION PARAMETERS:
                   Server is R/2, R/3 or External (2/3/F/E): [3] :3
                   Use load balancing (Y/N)Y...............: [Y] :N
                   Host name of an application server......: [binmain] :torsbid01.
  cpr.ca
                   System number...........................: [53] :00
                   Working with SNC (Y/N)N.................: [N] :Y
                   SNC Library Name........................: [C:\Program Files\SEC
  UDE\SECUDE for R3\secude.dll] :E:\SAP\Crypto\sapcrypto.dll
                   SNC name of partner program.............: [s:sample@hs0335] :p:
  CN=BOEDEVSERVER, OU=BOBJ, O=CPR, C=CA
                 RFC-SPECIFIC PARAMETERS:
                   Working with ABAP debugger (Y/N)N.......: [N] :N
                   Use SAPGUI (Y/N)N.......................: [N] :Y
                   Automatically invisible SAPGUI (Y/N)N...: [N] :Y
                   RFC trace (Y/N)N........................: [N] :Y
                   JCo trace level (0-10)..................: [0] :10
                 SAP LOGON DATA:
                   Client..................................: [000] :200
                   UserID..................................: [SAPCPIC] :Crystal
                   Password................................: [******] :Welcome1
                   Language (E)............................: [E] :
                 #Calls of this JCo Test...................: [1] :
                 Do You Want To Test With These Parameters (Y/N).. :y
  >>>>>>>>>>>>>>>> SAP JCo TEST - CONNECTION TEST >>>>>>>>>>>>>>>>
  main [18:04:58:041]: [JAV-LAYER] INFO: JCo version is 2.1.10 (2011-05-10)
  main [18:04:58:041]: [JAV-LAYER] JCO.setProperty("jco.trace_level", "10")
  main [18:04:58:041]: [JNI-LAYER] RFC.nativeSetTraceLevel()                with r
  c = RFC_OK   leave, [SUCCESS]
  main [18:04:58:041]: [JAV-LAYER] JCO.setProperty("jco.trace_path", ".")
  Stack trace of call to JCO.setProperty("jco.trace_path", ".")
          at com.sap.mw.jco.JCO.setProperty(JCO.java:554)
          at com.sap.mw.jco.JCO.setTracePath(JCO.java:791)
          at com.sap.mw.jco.support.JRfcTest.correctProperties(JRfcTest.java:1047)
          at com.sap.mw.jco.support.JRfcTest.initCall(JRfcTest.java:1074)
          at com.sap.mw.jco.support.JRfcTest.runConnectionTest(JRfcTest.java:737)
          at com.sap.mw.jco.support.JRfcTest.main(JRfcTest.java:203)
  E:\BusinessObjects\javasdk\bin>
  Edited by: Joseph Borojevic on Nov 17, 2011 12:07 AM

  The error in the logs:  u201CNo credentials found for this name (not logged on)u201Du201D  usually is a  problem with case.
  We used the sapgenpse get_my_name command and found that the id being referenced was being pulled incorrectly with wrong case. 
  The problem was the ID we logged into the remote sesison into the windows server with. 
  That ID is the ID that the commands are run under.
  The sapgenpse seclogin u2013p BOESERVER.pse command takes the ID of the user you are logged into the session with. 
  We re-ran the command when logged in with the user with the correct case and it worked

• Scheduling web intelligence reports from SAP EP Portal : Server Side Trust

  Hello,
  We have set-up SSO between SAP EP 701, SAP BI 701 and Business Object XI 3.1  to allow users to access reports without having to sign-on again as explained here :
  /people/ingo.hilgefort/blog/2008/09/19/businessobjects-and-sap--configure-sap-authentication
  But, we have recently been contacted by some users because when scheduling Webi Report from a link within the portal they have the following errors :
  u201CA database error occured. The database error text is: Unable to connect to SAP BW server System received an expired SSO ticket. (WIS 10901) u201D
  The user told us that he doesn't encounter the error when :
  Login in directly to the BO Infoview (without SSO from the SAP Enterprise Portal.)
  The first Webi scheduling is succesful from the portal (I suppose because the portal token is still valid)
  I understand that we also have to configure the Server Side Trust between BO Enterprise server and the SAP BI7 backend as explained here , but I do not really understand its purpose
  https://websmp106.sap-ag.de/~sapidb/011000358700001646962008E/XI3-1_BIP_SAP_INSTALL_EN.pdf
  I've found a similar discussions here ;
  Issue with SAP Single Sign-On and Scheduling Reports
  I still have some questions :
  If we configure the Server Side Trust between BO Enterprise server and the SAP BI7 backend .
  The Portal Logon ticket will remain an issue at some point of time , does it mean tha the WeBi report job sheduling should not be perfromed from the SAP EP Portal ?
  We haven't configured the Server Side Trust , yet the users told us that they are able to schedule webi report directly from the BO Infoview ? How is it posible ?
  Thank you in advance for your help.
  Regards.

  Thank you Mr Hilgefort for your detailled explanations.
  I now have to provide some explanations to my managers, and to be honest , there are still some points that
  are unclear to me, and it would be extremely helpful if could confirm (or not) the follwoing points.
  When scheduing Webi report from the sap portal, we're getting SSO errors.
  SAP provide the follwoing note explaining how to extend the validity of the J2EE token (Portal token), but this is not a long term solution, at certain point of time the ticket will expire. Webi shceduling should not be perfromed from the Portal.
  Sap note 1352127 - Scheduled Webi report fails with: A database error occurred. The database error text is: Unable to connect to SAP BW server System received an expired SSO ticket
  Webi Scheduling should be performed from BO Infoview. SNC should be configured between BO server and SAP BI7.0 backend.
  We should Configure Server SNC as explained in the BusinessObjects XI Integration for SAP Solutions Installation and Administration Guide at Chapter "Configuring SAP for server-side trust". (1341043)
  The SAP Portal is not involved here and is not an option even with the configuration of SNC/Server side trust.
  thank you for your patience.
  Best Regards.

• Server-side Trust with CryptoLib &/or 3rd party tool

  I have a new installtion:
  > BOE XI 3.1 SP2 (Solaris)
  > SAP Integration Kit
  Intend to enable server-side trust / SNC betw BOE and BW.
  Separately, BASIS just installed/config'd new standard tool (Quest's Vintela) on BW for SSO from SAP GUI clients to BW.  I notice some parms (such as snc/gssapi_lib) now are configured to Quest/Vintela libraries on BW.
  Possible to have both Vintela and CryptoLib co-exist/co-active on BW?  ... or is best approach (even forced / only approach) is to standardize on one? ... likely install Vintela on BOE and use Vintela for BOE-to-BW SNC?
  thx, Clay

  Hi Clay,
  I believe you're right, that they can't co-exist for use as SNC libraries.  I really don't have a complete understanding of how this all works, but I believe they can co-exist if the sapcrytolib is used for RFC that is not using SNC.  Maybe someone else can confirm, deny, or expand on that?
  Even though we (Quest) donu2019t always know the exact configuration options for each application that supports SNC, as a certified SNC interface it should always be possible to get things working in a fully supported manner.  If you would like to work with me on this directly I would be happy to help.  You can find my e-mail address under my business card.
  Thanks!
  Kyle

• Configure SAP for server-side trust

  Hi all,
  I am installing BusinessObejcts XI integration for SAP Solution. I need configure SAP for server-side trust. I have read BussinessObjects XI Integration for SAP Solution Installation Guide. In chapter 6, It introduce how to configure SAP Server-Side trust. But I don't understand how to configure SAP for server-side trust, specially configure SAP Cryptographic. Would you please to give me more detailed explanation?
  Please advise,
  Duypm

  Hi Duypm,
  the SAP server side configuration is part of the Installation Guide Chapter 6. It starts on Page 94.
  If you unclear about this and what SNC configuration means for the SAP server make sure you talk to the administrator for the SAP system. You need administrative rights for the SAP system and the system will have to be restarted as outlined in the installation guide
  Ingo

• Server Side Trust and Webi Report Scheduling via Portal

  Hello,
  I have opened a similar  thread about Server Side Trust and webintelligence reporting through the portal a few months ago.
  At the time, we had some complaints about users that were getting SSO errors after 8 hours when scheduling WeBi Report through the SAP Portal.
  Basically, the users connect to the Portal and then FROM the Portal, to a BOI view pointing to the Infoview.
  Then, after investigatinon, it was my understanding that the WebI Reports should be scheduled through an Infoview token and not a portal token. In concrete terms Server Side Trust had to be implemented between the SAP BW Backend and the BOE 3.1 Server.
  And after that the users who wanted to schedule WebI reports should connect to the Infoview directly (using their SAP BW credentials) to generate an Infoview Token.
  Scheduling Webi reports from the Portal will not be solved by implementing Server Side Trust, since it is only a matter of time before the  the Portal token expires ( 8 hour by default).
  Now, I have configured the server side Trust between our BOE 3.1 SP2 and our BW 701 system, SNC configuration, PSE generation, exchange of certificats , etc ...
  I did some scheduling tests connecting directly to the BO Infoview and it works.
  But of course, now I am being told by the users that this solution is not acceptable.
  The Portal being the entry point of our Infrastructure, they don't want to connect to the Infoview to schedule their reports.
  So I opened a SAP customer call to try to have an official and clear statement from SAP but I never obtained it.
  I had a look at my SAP BO courses but I am still confused
  For example according to SAP BO100 , server side trust should be implemented when ;
  "BOE client session authenticated using Single sign on using SAP token
  (Enterprise Portal) and SAP reports are being scheduled at a future point in
  time (after token expiry date)."
  Anyone can help me to clear my mind ?
  Thank you
  Best Regards

  Hi,
  first of all lets separate the UI portion from the technical portion.
  on the technical side:
  yes for scheduling the Web Intelligence document you will need Server side trust
  on the UI side:
  - scheduling is part of InfoView
  - scheduling is part of the KM integration with the portal
  if that is not accepted from a UI point of view from the user you can create your own application to schedule documents using the SDK.
  ingo

• Server Side Trust - Server Group

  Hi,
  One of the steps to create publications / server side trust (as per SAP Press BO and BW Integ book) is to create a Server Group and add certain services to it. It says that the Destination and Publication Job Server should be added. I dont have them - will that be a problem?
  Thanks

  Hi,
  They dont seem to exist so I am guessing I will have to create them myself?
  Could you or someone please confirm that the following selections should be made when creating the servers:
  DESTINATION JOB SERVER - Service Category: Core Services, Service: Destination Delivery Scheduling Service
  PUBLICATION JOB SERVER - Service Category: Core Services, Service: Publication Scheduling Service
  Also, do I need to include any of the additional services when creating the servers?
  Many Thanks
  Edited by: Leo on Apr 20, 2011 10:03 AM

• Server Side Trust

  Hi,
  I have a question regards to server trust between Business Objects and SAP BW. Can Business Objects XI R2 accpet third party server certificate or X509 compatible cerfificates?

  Hi
  what kind of external authentication system do you want to use? Can you please describe your use case with more details please? I assume that you need SSO but it would be helpful to know the setup you plan to use.
  Regards,
  Stratos

• Weirdness involving IE, JSP, data scraping and server-side redirecting

  I have a JSP script that validates inputted data. Upon successful input, it will
  1) set a cookie
  2) Do a data scrape to a URL that points to a servlet that performs server-side actions based upon query string data that is formed from your input
  3) Redirect back to itself to ensure cookie availablity and further actions.
  If you run this script on Netscape or Firefox, all is well.
  If you run this script on IE, while [2] works, it seems to be performing [2] twice, because the actions are duplicated (the actions in [2] consist of placing info into flat files so you can see what is going on).
  Does IE have a problem with data scraping + server-side redirection (I am using response.sendRedirect()) that I don't know about?
  Thanx
  Phil

  Agoston_Bejo wrote:
  The problem is that right after having logged in, while you're still in the filter, the beans managed by JSF haven't been put into any scope yet. (The faces servlet hasn't been called yet, so it hasn't had the chance to instantiate the managed beans, put them into the appropriate scopes etc.) So it is request scoped? Just create one yourself. I however don't see any benefit/reason for having the logged in user in the request scope ..

• How to delete the server side sessions

  Hi All,
  I have a wireless application and it is accessed through ptg/rm gateway from a PDA browser. Oracle wireless AS gives default login page (when the application is accessed through ptg/rm gateway) and when user login, user information session might get stored in server side (I am not sure, if any one can pls clarify me on this also?).
  Now i have a requirement, in which my application user should get 'logoff' button in each and every page of my application. When he clicks on this button the user information session should get invalidated, so that even if the user goes back to the application (using back button of the browser) he should not able to enter the application. (This is same as any std. login/logout page logic).
  Invalidating the session which resides in client side is easy (By using session.invalide()), but how can i delete the session which resides on the server side??? Whether is it possible??
  If yes then how can i do it.
  Any help will be very usefull.
  Thanks well in adavance.
  Shrikant

  Shrikant:
  Shouldn't it be easy to invalidate the server sided sessions? Right before invalidating the client side session, send a message to the server, which should call its session.invalidate() after it has obtained the current session. If desired, a message can be sent back to the browser informing user that server side session has been deleted.

• Http Authentication server side

  I searched the internet and this forum a lot without finding a non commercial solution to this common scenario.
  Inside an active directory based intranet I would like to authenticate the users who access a java web application running on Tomcat.
  The requisites to meet are:
  - the users connect with IE6 and they are authenticated with their login credentials using Kerberos.
  - the application needs to know the name of the user.
  The web application will run with a specific windows account. Is there a way to perform a task using the credentials of the authenticated user ?
  What I'm looking for is an implementation of the following scenario: User John connects to the web application and besides other tasks, read/writes files from a directory where only John has permissions to do (as configured through windows acl).
  Thanks for any help.
  Filippo

  So far as I know, to do this you would have to run the server side of HTTP Negotiate (SPNEGO) in Tomcat. This protocol uses HTTP Authorization exchanges to carry out the GSS-API exchange that allows Tomcat to trust the browser user's identity. In this context the GSS-API mechanism would be Kerberos (or NTLM if Kerberos failed). The browser (if HTTP Negotiate capable, like IE) would send Kerberos credentials to the server during the context exchange, thereby achieving what you want.
  I believe this is what commercial products like Vintela and IT Practice do.
  Question to the Sun developers: SE6 supports the client side of HTTP Negotiate (so a Java client can talk to e.g. IIS). Are there any plans to support the server side? The case of IE/Windows workstations accessing Java web servers/servlet engines is a much more common requirement than "the other way round".
  Thanks,
  Alec

• Needs a background webdynpro application running at the server side

  Hi All,
  We have a requirement wherein we need to have an application running all the time at the server side to capture the response coming from a web application. Based on the response that the application receives, it needs to update some backend R/3 tables.
  We are thinking of a webdynpro java application.
  Can anyone suggest what kind of application needs to be implemented here?
  And what  would be the steps required to run the application at the server side without calling the application.
  Thanks & Regards,
  Anurag

  Hi Robin,
  Thanks for the detailed explaination.
  This may sound silly to you but I've another doubt which is as follows:
  As you mentioned that the external web application will be sending requests to our Web service(in SOAP envelopes) and rest of the functionality can be  achieved by our web service.
  Actually, we are expecting only responses from the external web application. The thing is that we are sending the requests to the external web applications from our custom webdynpro application and in return the web application will be sending us 2 responses.
  First response would be back to our WD java application URL(to the browser in which WD java app is running) which would get the response and display some message based on the response.
  Second would be to this web service which you have just suggested. We are having two responses so that even if the browser in which the WD java application is running gets accidentally closed, the response from the external web application must get captured somewhere else and should not get lost in any case.
  So, now since we are only expecting the response from the web application and we do not want any requests from the web application to our web service; how is this possible?
  I am asking the above question because you have mentioned that the external web application has to request our Web service but we want is only this web service to capture the response coming from the Web application.
  Or is it like the web application will send us the response string as request string to our Web Service and the web service will capture these response parameters as request parameters from the web application and do the further processing.
  But in that case, we do not want any response to be sent by the Web Service to the external web application.
  Please suggest if this is possible.
  Once again, many thanks for the help so far.
  Thanks & Regards,
  Anurag

• Problem with skin for server side buttons.

  Hi,
  I have a problem with the skin for server side renderd buttons.
  In my CSS file I have :
  .AFButtonStartIcon:alias
  content:url(/skins/images/btns.JPG);
  .AFButtonEndIcon:alias
  content:url(/skins/images/btne.JPG);
  .AFButtonTopBackgroundIcon:alias
  content:url(/skins/images/btntb.JPG);
  .AFButtonBottomBackgroundIcon:alias
  content:url(/skins/images/btnbb.JPG);
  JPG files in project are in dir "public_html/skins/images".
  In WAR file,the JPG files are in "/skins/images" directory.
  Skin configuration is correct because other settings from CSS
  file are functioning fine after deploying.
  But buttons are standard browser buttons and are not taking the images i have used.
  In document provided by Oracle it says:
  (Note: These icons must be specified using either context-image or
  resource-image icons. Text-based icons are not allowed.)
  I am nt able to understand what this means?

  Perhaps this thread will help.
  JSF Skining Button Images
  The doc should say whether or not the width/height is a requirement. But since it doesn't mention it, try adding a width and height.
  - Jeanne

• Is there a way to dynamically determine the number of out parameters for a server side procedure?

  Hi,
  Below is a helper method used for calling a server-side function which loops through the inbound bindVars parameter to populate the function's IN parameters. Is there a way to dynamically determine the IN/OUT parameters based on the procedure name in the stmt parameter? No members of the CallableStatement class seemed promising, but the getParameterMetaData() method in the PreparedStatement class seemed like it could be helpful lead. However, I have not found any detailed descriptions (yet) of how to use it.
  protected Object callStoredFunction(int sqlReturnType, String stmt,
    Object[] bindVars) {
    CallableStatement st = null;
    try {
    // 1. Create a JDBC CallabledStatement 
    st = getDBTransaction().createCallableStatement(
    "begin ? := "+stmt+";end;",0);
    // 2. Register the first bind variable for the return value
    st.registerOutParameter(1, sqlReturnType);
    if (bindVars != null) {
    // 3. Loop over values for the bind variables passed in, if any
    for (int z = 0; z < bindVars.length; z++) {
    // 4. Set the value of user-supplied bind vars in the stmt
    st.setObject(z + 2, bindVars[z]);
    // 5. Set the value of user-supplied bind vars in the stmt
    st.executeUpdate();
    // 6. Return the value of the first bind variable
    return st.getObject(1);
    catch (SQLException e) {
    throw new JboException(e);
    finally {
    if (st != null) {
    try {
    // 7. Close the statement
    st.close();
    catch (SQLException e) {}
  James

  The PreparedStatement.getParameterMetaData() object is exactly what you need for this task.
  Once you have the ParameterMetaData you can ask it how many parameters are present and which mode they are. The parameters are numbered from 1 to n and you can use ParameterMetaData.getParameterMode(1); to get the mode of the 1st parameter. The modes are defined as static values in the ParameterMetaData object. Check out the doc at http://docs.oracle.com/javase/7/docs/api/java/sql/ParameterMetaData.html
  Timo

• How do I tell FMS to only serve a section of a file using server-side ActionScript?

  We have a bunch of mp3 files on our server and we'd like to serve only particular sections of particular files to users.  For example, hello.mp3 might be four minutes long, but when user 1 tries to play it, he should only be able to play the section from 0:30 to 1:00, whereas user 2 should be able to play the whole thing.
  I'm coming from a background using Wowza Media Server, where this is fairly easy to achieve: http://fmsguru.com/showtutorial.cfm?tutorialID=78.
  Wowza doesn't require any change to the player (it doesn't call any special methods), so I'm looking for the same here.
  I've been fiddling around with the main.asc file and the "Server-Side ActionScript" API to try and achieve something similar.  In particular I've found the Stream.play method, which seems relevant.  But I can't figure out how to attach a handler to a "play" event; all the examples I've seen only attach to Application.onConnect, which doesn't seem to include a connection to a particular file, which I need in order to determine the section that can be played.
  So I'd like to do something along the lines of this (this is completely made up and doesn't follow any of the APIs; it's just an illustration of what I'm trying to achieve):
  application.onConnect = function(client) {
     client.onPlay = function(stream) { // Client.onPlay doesn't exist; what should I do here?
         var section = getStreamSection(client, stream);
         stream.play(section.start, section.end);
  var getStreamSection = function(client, stream) {
     return { start: 30, end: 60 }; // Return value is based on the user's credentials and the file they're trying to stream

  You can find the documentation for Plug-ins here:
  http://help.adobe.com/en_US/flashmediaserver/plugin_apiref/index.html
  http://help.adobe.com/en_US/flashmediaserver/devguide/WS5b3ccc516d4fbf351e63e3d11a0d662434 -7ff6PluginAPI.html
  Basically you need to concentrate on E_PLAY event and two fields F_STREAM_LENGTH & F_STREAM_POSITION. I am pasting below some code which you need to paste in your sample Auth Plug-in which you can find in : <installdir>/samples/plug-ins. You would have paste below code in case E_PLAY section in MyFmsAuthorizeEvent::authorize() function and compile it. You would basically get AuthModule.dll which you need to place in modules/auth and restart FMS.
  // Set the Stream to be played back only for 10 seconds starting from 10 th second
                                // Stream will play from 10th Second to 20th Second
                                   float fValue;
                                char buf[1024];
                                if (getFloatField(m_pAev, IFmsAuthEvent::F_STREAM_LENGTH, fValue))
                                          float fLength = fValue; // in seconds
                                          sprintf(buf,"Original Stream length value passed from player %f\n",fLength);
                  m_pFmsAuthServerContext->log(buf, IFmsServerContext::kInformation, false);
                                          fLength=10.0;
                                          sprintf(buf,"Modifying Stream length value passed from player %f\n",fLength);
                  m_pFmsAuthServerContext->log(buf, IFmsServerContext::kInformation, false);
                                          setFloatField(m_pAev,IFmsAuthEvent::F_STREAM_LENGTH,fLength);
                                if (getFloatField(m_pAev, IFmsAuthEvent::F_STREAM_POSITION, fValue))
                                          float iPosition = fValue; // in seconds
                                          sprintf(buf,"Original Stream Position value passed from player %f\n",iPosition);
                  m_pFmsAuthServerContext->log(buf, IFmsServerContext::kInformation, false);
                                          iPosition=10.0;
                                          sprintf(buf,"Modifying Stream length value passed from player %f\n",iPosition);
                  m_pFmsAuthServerContext->log(buf, IFmsServerContext::kInformation, false);
                                          setFloatField(m_pAev,IFmsAuthEvent::F_STREAM_POSITION,iPosition);