[svn] 1616: Remove stale security constraint entries in the sample web.xml

Similar Messages

• Remove an oracle home entry from the central repository

  Does anyone know how to remove an oracle home entry from the central repository (inventory.xml file), after the oracle home in question has been deleted. It is left behind and I want to clean it up.
  thanks

  I went to the link you have posted and it did not help me.
  I cannot get rid of my Oracle Home directory. When I attempt to delete this folder, I
  get an error message:
  oci.dll ...is write protected or in use..
  So I deleted this oci.dll file. Then I rebooted and tried to delete the OraHome directory (folder)
  again, and I get the SAME error!!
  Thanks for any advice.

• Remove a sleep log entry from the Lifelog

  Is it possible to somehow remove a sleep log entry from the Lifelog?
  I have an incorrect entry messing up my average value so I would like to get rid of it.
  Solved!
  Go to Solution.

  It is possible to remove a single sleep activity. You scroll in the timeline to the activity you like to remove, then press the avatar while it’s sleeping. You will get a pop-up with sleep details for this specific sleep activity, press the trash can symbol and remove this activity.
   - Official Sony Xperia Support Staff
  If you're new to our forums make sure that you have read our Discussion guidelines.
  If you want to get in touch with the local support team for your country please visit our contact page.

• [svn] 1433: adding 'console' security constraint to MBeanServerGateway remote object for MBean tests and ds-console , used when running on Websphere with administrative security enabled.

  Revision: 1433
  Author: [email protected]
  Date: 2008-04-28 13:13:12 -0700 (Mon, 28 Apr 2008)
  Log Message:
  adding 'console' security constraint to MBeanServerGateway remote object for MBean tests and ds-console, used when running on Websphere with administrative security enabled. Should call setCredentials("bob","bob1") to use this RO.
  Modified Paths:
  blazeds/branches/3.0.x/qa/apps/qa-regress/WEB-INF/flex/remoting-config.mods.xml
  blazeds/branches/3.0.x/qa/apps/qa-regress/WEB-INF/flex/services-config.mods.xml

  Hi,
  It seems that you were using Hyper-V Remote Management Configuration Utility from the link
  http://code.msdn.microsoft.com/HVRemote, if so, you can refer to the following link.
  Configure Hyper-V Remote Management in seconds
  http://blogs.technet.com/jhoward/archive/2008/11/14/configure-hyper-v-remote-management-in-seconds.aspx
  By the way, if you want to perform the further research about Hyper-V Remote Management Configuration Utility, it is recommend that you to get further
  support in the corresponding community so that you can get the most qualified pool of respondents. Thanks for your understanding.
  For your convenience, I have list the related link as followed.
  Discussions for Hyper-V Remote Management Configuration Utility
  http://code.msdn.microsoft.com/HVRemote/Thread/List.aspx
  Best Regards,
  Vincent Hu

• How to remove lavasoft secure search that overtook the homepage

  I installed Ad-Aware Free A11 and Lavasoft Secure Search has replaced the standard google Search. After uninstal;ling the Ad-Aware the Lavasoft secure search remaned as a homepage and it does not show up in the program list in the control center that could be uninstalled! The taskbar disappeared too!

  Start Firefox in <u>[[Safe Mode|Safe Mode]]</u> to check if one of the extensions (Firefox/Tools > Add-ons > Extensions) or if hardware acceleration is causing the problem (switch to the DEFAULT theme: Firefox/Tools > Add-ons > Appearance).
  *Do NOT click the Reset button on the Safe Mode start window.
  *https://support.mozilla.org/kb/Safe+Mode
  *https://support.mozilla.org/kb/Troubleshooting+extensions+and+themes
  If you do not keep changes after a restart or otherwise have problems with preferences, see:
  *http://kb.mozillazine.org/Preferences_not_saved

• Multiple Sample Entries in the Sample Description (stsd) Box

  Hi All,
  I am trying to play a 3GP clip which has H.264 video and AMR-NB audio. Unlike most other clips, the Sample Description (stsd) Box in the video track has multiple Sample Entries.
  QT player plays this file for about 2 seconds and then the video pauses.
  Does QT player support 3GP files which have stsd boxes with multiple sample entries ?
  Thanks

  It looks like something which may have a note released by SAP but we couldn't find any.
  An issue is being raised with SAP but it looks like it will take a while. In the meantime, I am wondering if someone has come across this situation before and who may have a fix / note as a ready reference.
  Thanks,
  Krish.

• [svn] 3867: Add new user-agent info to the sample services-config.xml file.

  Revision: 3867
  Author: [email protected]
  Date: 2008-10-24 07:13:10 -0700 (Fri, 24 Oct 2008)
  Log Message:
  Add new user-agent info to the sample services-config.xml file.
  Modified Paths:
  blazeds/trunk/resources/config/services-config.xml

  Resolved! The problem was in the php code the wizard had generated as an example and that I had edited in Dreamweaver. I had tried to start a session and set session objects in the php code. I developed if() { statements} to check the session variable before executing the function in some of my data services. Apparently the wizard does not like this. I removed all references to session. I reconfigured the input types and the return types for each service. With the code now clean the wizard created the example code and placed the proper package in the scr.services package. I still have custom php code and it executes.
  Things I learned:
  If the php code stops when a session variable is not available in the if statement and the data service is refreshed, the wizard will not "look" beyond the if statement.
  Functions downstream of a session variable misshap will show in the data services window but the functions will have a circle icon to the left of the function name and each variable to be passed to the php code will be declared as type = Object in Flashbuilder. The input types and return types will have to be reconfigured for each non-functioning function. Simply commenting out a portion of the php code and attempting a refresh will not make it work again.
  When the wizard is unable to refresh properly because of a stop in the php code it stops working completely so additional refreshes or creation of code is not carried out.
  I decided to create a My SQL table for user and other identifiers rather than attempting the session object again.
  Sorry, I did not make screen shots as I solved this problem. I hope the solution is not hard to visualize.
  Thanks for looking and considering how to help me. I hope my solution works for you.

• How do I remove a form completion entry in the form completion list?

  This question originally appeared in the question:
  How do you take something out of the suggestion drop down sign-in list?
  The suggested answer is fine for desktop Firefox (click on form, down arrow to show list, click on entry and hit DELETE) but doesn't work for the Android version. I can get the drop-down list, of course, but highlighting an entry and hitting the BACKSPACE doesn't delete the entry. As far as I can tell, once it's in a list, it's there for keeps. or is it?

  What steps are you taking to remove the form from Tracker?

• Removing a Mozilla "Valentine Persona" from the firefox web browser

  Email from Mozilla for a free Valentines day Persone. This it installed onto the top of my browser. How can I remove it?

  Hi Cavey,
  This pretty easy actually. Just go to ''Tools > Add ons > Appearance'' and change it back to the default profile. You can find more information in the [[Using themes with Firefox]] Knowledge Base article.
  Hopefully this helps!

• Stolen iPad was wiped and erased/synched my exchange calendar. I have recovered some of the calendar entries through the outlook web app, but only entries made in the last 15 or so days. Any ideas on how to recover the rest?

  My ipad was stolen over the weekend and i immediately contacted apple to do a data-wipe.
  On wednesday, the ipad was apparently wiped and then decided to sync with all of my other systems. It's been two days and I just figured out how to access and recover deleted items from the Outlook Web App from my exchange host.
  They were scattered throughout and sorted by the date they were added to the calendar so some things are still missing. Anyone know how to restore what i'm still missing?

  My ipad was stolen over the weekend and i immediately contacted apple to do a data-wipe.
  On wednesday, the ipad was apparently wiped and then decided to sync with all of my other systems. It's been two days and I just figured out how to access and recover deleted items from the Outlook Web App from my exchange host.
  They were scattered throughout and sorted by the date they were added to the calendar so some things are still missing. Anyone know how to restore what i'm still missing?

• Web.xml security-constraint order matters?

  After a long and frustrating debuggin session I've just discovered that the order in which <security-constraint>
  entries are added to the web.xml file matters to OC4J.
  That is if a more laxed rule is matched first the rest
  (even though they might be more precise or even an
  exact match won't be applied.
  Is this normal behaviour?
  EXAMPLE BELOW WORKS - INVERT ENTRIES AND IT WILL FAIL
  <security-constraint>
      <web-resource-collection>
        <web-resource-name>Protected</web-resource-name>
        <url-pattern>/admin*.uix</url-pattern>
      </web-resource-collection>
      <auth-constraint>
        <role-name>DSMSuperUser</role-name>
      </auth-constraint>
    </security-constraint>
    <security-constraint>
      <web-resource-collection>
        <web-resource-name>Secure</web-resource-name>
        <url-pattern>/*</url-pattern>
      </web-resource-collection>
      <auth-constraint>
        <role-name>DSMUser</role-name>
      </auth-constraint>
    </security-constraint>

  Here is an excerpt from the servlet spec stating the proper behavior:
  The container matches URL patterns defined in security constraints
  using the same algorithm described in this specification for matching client
  requests to servlets and static resources as described in SRV.11.1
  SRV.11.1 Use of URL Paths
  Upon receipt of a client request, the web container determines the web application
  to which to forward it. The web application selected must have the the longest
  context path that matches the start of the request URL. The matched part of the URL
  is the context path when mapping to servlets.
  The web container next must locate the servlet to process the request using the
  path mapping procedure described below:
  The path used for mapping to a servlet is the request URL from the request
  object minus the context path. The URL path mapping rules below are used in
  order. The first successful match is used with no further matches attempted:
  1. The container will try to find an exact match of the path of the request to the
  path of the servlet. A successful match selects the servlet.
  2. The container will recursively try to match the longest path-prefix: This is done
  by stepping down the path tree a directory at a time, using the ’/’ character as
  a path separator. The longest match determines the servlet selected.
  3. If the last segment in the URL path contains an extension (e.g. .jsp), the servlet
  container will try to match a servlet that handles requests for the extension.
  An extension is defined as the part of the last segment after the last ’.’ character.
  4. If neither of the previous three rules result in a servlet match, the container will
  attempt to serve content appropriate for the resource requested. If a "default"
  servlet is defined for the application, it will be used.
  The container must use case-sensitive string comparisons for matching.
  So this is STILL an issue w/ 10.1.2.0.2...
  EXAMPLE BELOW WORKS - INVERT ENTRIES AND IT WILL FAIL
  <security-constraint>
  <web-resource-collection>
  <web-resource-name>oemAdmin</web-resource-name>
  <url-pattern>/admin/*</url-pattern>
  </web-resource-collection>
  <auth-constraint>
  <role-name>OEM_ADMIN</role-name>
  </auth-constraint>
  <user-data-constraint>
  <transport-guarantee>NONE</transport-guarantee>
  </user-data-constraint>
  </security-constraint>
  <security-constraint>
  <web-resource-collection>
  <web-resource-name>allOem</web-resource-name>
  <url-pattern>/*</url-pattern>
  </web-resource-collection>
  <auth-constraint>
  <role-name>OEM_USER</role-name>
  </auth-constraint>
  <user-data-constraint>
  <transport-guarantee>NONE</transport-guarantee>
  </user-data-constraint>
  </security-constraint>
  If I don't find a SR for this issue I'll open one b/c this is not acceptable.

• What is the use of security-constraint tag in web.xml

  what is the use of following tag , and how to use that, and where to use that tag.
  <web-resource-collection>
  <web-resource-name>SecureOrderJSP</web-resource-name>
  <descrip<url-pattern>/order/*</url-pattern>
  <http-method>GET</http-method>
  <http-method>POST</http-method>
  </web-resource-collection>
  <auth-constraint>
  <role-name></role-name>
  </auth-constraint>
  </security-constraint>tion>Protect the Order JSP Pages </description>

  Hi,
  You can refer this link
  http://www.whizlabs.com/tutorial/scwcd/j-scwcd-7-5.html
  give the complete description of your doubt
  Thanks,
  Snigdha Sivadas

• Using a custom Custom AuthorizatioProvider with security-constraints on webApp?

  Hi,
  we have adapted the security from the medrec-example to build our own
  authorization-provider to fetch our users from an RDBMS. Mainly we want
  to secure a web-application using <security-constraint>'s:
  The MBean for the AUthorizationProvider gets properly deployed into
  <wl-home>/server/lib/mbeantypes
  and the log-messages show, that the user gets logged in and the groups
  for the user are properly resolved. However, when we access a ressource
  in a web-app that is secured using:
  <security-constraint>
            <web-resource-collection>
                 <web-resource-name>SecureCollection</web-resource-name>
                 <description>
  These pages are only accessible by members of the dvr.
  </description>
                 <url-pattern>/htdocs/secure/*</url-pattern>
                 <http-method>DELETE</http-method>
                 <http-method>GET</http-method>
                 <http-method>POST</http-method>
                 <http-method>PUT</http-method>
            </web-resource-collection>
            <auth-constraint>
                 <description>These are the roles who have access</description>
                 <role-name>securegroup</role-name>
            </auth-constraint>
            <user-data-constraint>
                 <description>
  This is how the user data must be transmitted
  </description>
                 <transport-guarantee>NONE</transport-guarantee>
            </user-data-constraint>
       </security-constraint>
  access to the ressource is denied, although the user is in securegroup.
  Is there something else we need?! From the docs I understood, that in
  absence of a security-role-assignment in weblogic.xml, the server takes
  the rolename as principal, so our weblogic.xml is empty right now....
  Any ideas anybody?!
  Cheers
  stf

  As there is obviously noone else to answer this, I had to figure this
  out myself: The reason for this is the "REQUIRED"-Controlflag on the
  Default-AuthorizationProvider. The docs for the medrec-example forgot to
  say, that unless you have your users in both the Database and the
  internal LDAP-Server the Default-AuthorizationProvider, you are not
  granted access - changing the Flag to optional does the trick.
  By the way: Same holds true for the Compatibility-Security you can use
  to upgrade your old RDBMS-Realms from 6.1: Without the Control-Flag on
  the Default-AuthorizationProvider you can search endlessly for the
  reason you can't log in although your realm properly authenticates you....
  Stefan Frank wrote:
  Hi,
  we have adapted the security from the medrec-example to build our own
  authorization-provider to fetch our users from an RDBMS. Mainly we want
  to secure a web-application using <security-constraint>'s:
  The MBean for the AUthorizationProvider gets properly deployed into
  <wl-home>/server/lib/mbeantypes
  and the log-messages show, that the user gets logged in and the groups
  for the user are properly resolved. However, when we access a ressource
  in a web-app that is secured using:
  <security-constraint>
  <web-resource-collection>
  <web-resource-name>SecureCollection</web-resource-name>
  <description>
  These pages are only accessible by members of the dvr.
  </description>
  <url-pattern>/htdocs/secure/*</url-pattern>
  <http-method>DELETE</http-method>
  <http-method>GET</http-method>
  <http-method>POST</http-method>
  <http-method>PUT</http-method>
  </web-resource-collection>
  <auth-constraint>
  <description>These are the roles who have access</description>
  <role-name>securegroup</role-name>
  </auth-constraint>
  <user-data-constraint>
  <description>
  This is how the user data must be transmitted
  </description>
  <transport-guarantee>NONE</transport-guarantee>
  </user-data-constraint>
  </security-constraint>
  access to the ressource is denied, although the user is in securegroup.
  Is there something else we need?! From the docs I understood, that in
  absence of a security-role-assignment in weblogic.xml, the server takes
  the rolename as principal, so our weblogic.xml is empty right now....
  Any ideas anybody?!
  Cheers
  stf

• Web.xml security-constraint

  Hi,
  Anybody has any idea about this one:
  In web.xml I have:
       <security-constraint>
            <web-resource-collection>
                 <web-resource-name>members</web-resource-name>
                 <url-pattern>/members/*</url-pattern>
            </web-resource-collection>
            <auth-constraint>
                 <role-name>REGISTERED_USERS</role-name>
            </auth-constraint>
            <user-data-constraint>
                 <description>SSL is required</description>
                 <transport-guarantee>CONFIDENTIAL</transport-guarantee>
            </user-data-constraint>
       </security-constraint>
       <security-constraint>
  when using the above one, every time when i click any link in /members, the weblogic
  first treat the user as guest at the beginning, then change to the real logined
  user.
  After I changed it to :
       <security-constraint>
            <web-resource-collection>
                 <web-resource-name>members</web-resource-name>
                 <url-pattern>/members/</url-pattern>
            </web-resource-collection>
            <auth-constraint>
                 <role-name>REGISTERED_USERS</role-name>
            </auth-constraint>
            <user-data-constraint>
                 <description>SSL is required</description>
                 <transport-guarantee>CONFIDENTIAL</transport-guarantee>
            </user-data-constraint>
       </security-constraint>
       <security-constraint>
  i click the links in /members, the weblogic treat the user as the real logined
  user.
  Any idea what is the * 's meaning or any clue where this difference is mentioned
  in weblogic or SUN's documentation?
  BTW: I am using weblogic 5.1 with sp11.
  Thx,
  dliu

  Hi,
  Please provide a "WEB-INF/weblogic.xml" file as well like following:
  *"weblogic.xml"*
  <?xml version='1.0' encoding='UTF-8'?>
  <weblogic-web-app xmlns="http://www.bea.com/ns/weblogic/90" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
  <security-role-assignment>
  <role-name>BMOUser</role-name>
  <principal-name>BMOUser</principal-name>
  </security-role-assignment>
  </weblogic-web-app>
  Thanks
  Jay SenSharma
  http://weblogic-wonders.com (WebLogic Wonders Are here)

• security-constraints

  Hi All,
  <!-- Restrict direct access to JSPs.
           For the security constraint to work, the auth-constraint
           and login-config elements must be present -->
      <security-constraint>
          <web-resource-collection>
              <web-resource-name>JSPs</web-resource-name>
              <url-pattern>/jsp/*</url-pattern>
          </web-resource-collection>
          <auth-constraint/>
      </security-constraint>
      <security-constraint>
          <web-resource-collection>
              <web-resource-name>Admin Area</web-resource-name>
              <url-pattern>/User_input.action</url-pattern>
              <url-pattern>/User.action</url-pattern>
          </web-resource-collection>
          <auth-constraint>
              <role-name>admin</role-name>
          </auth-constraint>
      </security-constraint>
      <login-config>
          <auth-method>BASIC</auth-method>
          <realm-name>User Basic Authentication</realm-name>
      </login-config>
      <security-role>
          <role-name>admin</role-name>
      </security-role>
      <error-page>
          <error-code>403</error-code>
          <location>/403.html</location>
      </error-page>Can any one please confirm my understanding is correct or not?
  In my first constratint no one access my directly and in the second admin only can access the mentioned URL.
  When the second URL accessed by admin user it will shows the dialog box mentioning the BASIC authentication and also force the users to input the username and password.
  My question is, The username and password are mentioned in tomcat-user.xml file in the directory /conf/.
  Is this the only way that i mention the username and password in the .xml file?
  I also need to know that can i store the password based on the username?
  -vignesh

  In my first constratint no one access my directly and in the second admin only can access the mentioned URL.Sounds good to me.
  Is this the only way that i mention the username and password in the .xml file?No it is not the only way. You can look them up from a database, use LDAP, or JAAS...
  The relevant documentation for Tomcat is here
  cheers,
  evnafets