Use multiple URLS in Mixed Security mode

.NET Portal Version: 6.0.1.218452 on Windows 2003 server
We have setup portal in Mixed mode (Securoty mode = 1), keeping login-page in secure mode.
Now we wish to use to different URLs. Configured and created Experience definition.
I believe only 1 certificate can be associated to a SITE in IIS-6.
So if I create another site in IIS-6 with header information as 2nd URL, will it work?
Do I need to do anything special?
Any suggestions???
Edited by kuljitsingh at 01/02/2007 12:40 PM

Hi
Yes your above statements are correct, but what is the use?? In effect, you are giving a single transaction code in a single call of the transaction.
whereas in session method, within a single BDC GROUP, you can give multiple transactions.
This is infact one of the major differences between CALL TRANSACTION and SESSION METHOD.
Hope u understood
Reward points if helpful
Regards

Similar Messages

Can I use multiple E4200's in bridge mode, to enable a "guest wifi' mesh?

I have four E4200 units on my network, each with an unique IP address, in bridge mode to act as a wireless mesh across my entire building. They are all connected to my central L3 switch, via their Internet ports.
Is it possible to enable the Guest network on each unit, to create a 'Guest Wifi' mesh (providing that I allow the 192.168.33.0 network to route across my network fabric), or will this not work because each indivudual AP will be assigning IP address 192.168.33.1 as it's gateway address meaning that I would have four distinct MAC addresses within the network, each trying to claim that they are IP 192.168.33.1?

As soon as you enable guest access on the router, it will start providing the IP address 192.168.33.x to the clients connecting to the guest network and we cannot change the IP address range of guest network.
Since you have 4 units (E4200), you can enable guest wi-fi of each of them however cannot create a guest wi-fi mesh as all the 4 units have different IP address.

Pass a record ID without using the URL

I need to pass a record ID when a user clicks a link, but I don't want to pass it via the URL. I can't figure out how to do so.
I have built a forum, and the forum users want to be able to quote a post and the respective replies. So, just like this forum, you have an original post, and then you have a repeating region of numerous replies below. So, what I need to do is enable the page to identify the unipue ID of the clicked record to quote from others that might also be available on the page, but without passing a URL variable, I can't figure out how to do it.
I would like to be able to set a session variable, but I don't know how to acheive this via a link so I am passing the correct record ID.
Does naybody know how I can do it?
If possible, I don't want to use a URL variable for security reasons.
Thanks.

Never mind. The answer was to use
<input type="hidden" name="needId" value="<?php echo $_GET['needId']; ?>" />
Thanks to iPHP for answering this in another thread.

The dreaded 404 message using basicHttpBinding, Transport security mode, and certificates

I am working on setting up a WCF service using mutual authentication with both client and server certifiates. The service is hosted in IIS 7, and I'm trying to access it from a simple console app. When I try to connect to the service, I get the error ""There
was no endpoint listening at
https://localhost/IISHostedService/MyService.svc that could accept the message. This is often caused by an incorrect address or SOAP action. See InnerException, if present, for more details." The inner exception is "The remote server returned an error:
(404) Not Found."
I have seen people all over the net reporting this error, but so far none of their fixes work for me. I have an HTTPS binding in IIS for my app, and I am able to browse to my service (using either http or https) and view it with no problems. I can get the
wsdl (also over either protocol) with no issues, but connecting from the client doesn't work.
Here is my server config:
<system.serviceModel>
<behaviors>
<serviceBehaviors>
<behavior>
<serviceCredentials>
<serviceCertificate findValue="ServerCertificate" storeLocation="LocalMachine" x509FindType="FindBySubjectName" />
<clientCertificate>
<authentication revocationMode="NoCheck" />
</clientCertificate>
</serviceCredentials>
<serviceMetadata httpGetEnabled="true" httpsGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="true" />
</behavior>
</serviceBehaviors>
</behaviors>
<serviceHostingEnvironment multipleSiteBindingsEnabled="true" />
<bindings>
<basicHttpBinding>
<binding name="BasicHttpBinding_MyService">
<security mode="Transport">
<transport clientCredentialType="Certificate" />
</security>
</binding>
</basicHttpBinding>
</bindings>
<services>
<service name="MyService">
<endpoint binding="basicHttpBinding" bindingConfiguration="BasicHttpBinding_MyService" contract="Namespace.IContract" />
</service>
</services>
</system.serviceModel>
And my client:
<system.serviceModel>
<behaviors>
<endpointBehaviors>
<behavior name="clientEndpointBehavior">
<clientCredentials>
<clientCertificate findValue="ClientCertificate" storeLocation="LocalMachine" x509FindType="FindBySubjectName"/>
</clientCredentials>
</behavior>
</endpointBehaviors>
</behaviors>
<bindings>
<basicHttpBinding>
<binding name="BasicHttpBinding_MyService" closeTimeout="00:10:00"
openTimeout="00:10:00" receiveTimeout="00:10:00" sendTimeout="00:10:00"
allowCookies="false" bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard"
maxBufferSize="65536" maxBufferPoolSize="524288" maxReceivedMessageSize="65536"
messageEncoding="Text" textEncoding="utf-8" transferMode="Buffered"
useDefaultWebProxy="true">
<readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
maxBytesPerRead="4096" maxNameTableCharCount="16384" />
<security mode="Transport">
<transport clientCredentialType="Certificate" />
</security>
</binding>
</basicHttpBinding>
</bindings>
<client>
<endpoint address="https://localhost/IISHostedService/MyService.svc behaviorConfiguration="clientEndpointBehavior"
binding="basicHttpBinding" bindingConfiguration="BasicHttpBinding_MyService"
contract="Namespace.IContract" name="BasicHttpBinding_MyService" />
</client>
</system.serviceModel>
I am not sure if it matters, but this client and server are running on the same physical machine in a test environment. I have confirmed that both the client and the server certificates are installed, and that the issuing authority is trusted. The virtual
folder is set in IIS to "Accept" client certificates, and SSL is not required.
Does anyone have any thoughts what I may be missing? This service works without a problem over HTTP, so it has to be somehow related to the certificate that is being passed. With the Server certificate, I just trapped the ServicePointManager.ServerCertificateValidationCallback
event to manually approve the certificate if the subject matched what I was looking for (the subject does not match the domain name, since this is a test environment). Do I need to do something similar for the client certificate?
EDIT: One thing I do notice is that, in the WSDL, the soap location is always pointing to http. I'm not sure if that is correct or not:
<wsdl:service name="MyService">
<wsdl:port name="BasicHttpBinding_MyService" binding="tns:BasicHttpBinding_MyService">
<soap:address location="http://computerName.domain.com/IISHostedService/MyService.svc" />
</wsdl:port>
</wsdl:service>

A little more information (since this is the main thing I have to work on today):
After some research, I decided to try using a custom certificate validator, in case something is wrong with the client certificate. In the clientCertificate\authentication node on the server, I set the certificateValidationMode="Custom" and set customValidationType="MyType.Validator,
MyType". My type is apparently being found (when it is not found I get a "service could not be activated" error), but my Validate() method is never being called.
Now this leads me to believe that it's not a problem with the client certificate, but something else, before it even gets that far.

I accessed the page protected by ADF security using direct url access attac

hi,
I played with my application which is based on SRDemo code (with added ADF security handling protection of resources) using direct url access scenarios. I was able to access a protected page as authenticated but not authorized user. I'll try to explain what I did.
There are two folders/web resources in my application, faces/folderA/* and faces/folderB/*.
roleA only is configured to access first web resource and the roleB is configured to access the second resource.
I used ADF security to authorize only roleA for page in folderA and to authorize only roleB for page in folderB.
I configured error pages in web.xml:
<error-page>
<error-code>400</error-code>
<location>faces/error/error400.jspx</location>
</error-page>
<error-page>
<error-code>401</error-code>
<location>faces/error/error401.jspx</location>
</error-page>
<error-page>
<error-code>403</error-code>
<location>faces/error/error403.jspx</location>
</error-page>
<error-page>
<error-code>404</error-code>
<location>faces/error/error404.jspx</location>
</error-page>
<error-page>
<exception-type>java.lang.Throwable</exception-type>
<location>faces/error/error500.jspx</location>
</error-page>
Other config params are:
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>infrastructure/ABLogin.jspx</form-login-page>
<form-error-page>faces/error/error401.jspx</form-error-page>
</form-login-config>
</login-config>
<security-constraint>
<web-resource-collection>
<web-resource-name>AB Prototype</web-resource-name>
<url-pattern>faces/ABAbout.jspx</url-pattern>
<url-pattern>faces/ABHelp.jspx</url-pattern>
<url-pattern>faces/ABLogout.jspx</url-pattern>
<url-pattern>faces/ABWelcome.jspx</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>A</role-name>
<role-name>B</role-name>
</auth-constraint>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>AZone</web-resource-name>
<url-pattern>faces/folderA/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>A</role-name>
</auth-constraint>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>BZone</web-resource-name>
<url-pattern>faces/folderB/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>B</role-name>
</auth-constraint>
</security-constraint>
<filter>
<filter-name>adfBindings</filter-name>
<filter-class>oracle.adf.model.servlet.ADFBindingFilter</filter-class>
<init-param>
<param-name>unauthorizedErrorPage</param-name>
<param-value>faces/error/error401.jspx</param-value>
</init-param>
</filter>
<filter>
<filter-name>adfFaces</filter-name>
<filter-class>oracle.adf.view.faces.webapp.AdfFacesFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>adfBindings</filter-name>
<url-pattern>*.jsp</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>adfBindings</filter-name>
<url-pattern>*.jspx</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>adfFaces</filter-name>
<url-pattern>*.jsp</url-pattern>
<dispatcher>FORWARD</dispatcher>
<dispatcher>REQUEST</dispatcher>
<dispatcher>ERROR</dispatcher>
</filter-mapping>
<filter-mapping>
<filter-name>adfFaces</filter-name>
<url-pattern>*.jspx</url-pattern>
<dispatcher>FORWARD</dispatcher>
<dispatcher>REQUEST</dispatcher>
<dispatcher>ERROR</dispatcher>
</filter-mapping>
<servlet>
<servlet-name>Faces Servlet</servlet-name>
<servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet>
<servlet-name>resources</servlet-name>
<servlet-class>oracle.adf.view.faces.webapp.ResourceServlet</servlet-class>
</servlet>
<servlet>
<servlet-name>adfAuthentication</servlet-name>
<servlet-class>oracle.adf.share.security.authentication.AuthenticationServlet</servlet-class>
<load-on-startup>2</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>Faces Servlet</servlet-name>
<url-pattern>/faces/*</url-pattern>
</servlet-mapping>
Once I authenticated as user in roleA I was trying to directly access URLs accessible only by users in roleB. In the beginning everything worked OK: I was dispatched to error401.jspx page with message Not authorized... etc.
But I kept trying to access different URLs, like http://localhost:8988/AB/faces, http://localhost:8988/AB/faces/folderB, http://localhost:8988/AB/faces/folderB/pageB.jspx, http://localhost:8988/AB
(not necessarily in that order, I played for a couple of minutes and the system would always dispatch to error401.jspx page if unauthorized attempt. But all of sudden, to my surprise, I got the pageB.jspx page while logged in as user belonging to roleA!)
Not sure how that happened but the connectedUser on pageB (#{userInfo.authenticated}) shows that I am logged in as user whose role is A.
I checked Authorization in ADF security and it is still correct: pageB is only accessible to roleB and pageA is only accessible to roleA.
I hope I made some stupid mistake in my configuration?

Hi,
ADF Security is JAAS permission based and not container managed. Note that unless you explicitly configured ADF Security you don't use ADF Security but container managed security, which is all that I can see in your configurations.
Not sure which version fo JDeveloper you use, but if you could change the following setting
<security-constraint>
<web-resource-collection>
<web-resource-name>AZone</web-resource-name>
<url-pattern>faces/folderA/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>A</role-name>
</auth-constraint>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>BZone</web-resource-name>
<url-pattern>faces/folderB/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>B</role-name>
</auth-constraint>
</security-constraint>
to contain jspx file references instead of wildcards like in faces/folderB/* then what you see should no longer be possible. There was a known issue with the security settings in SRDemo that was caused by a defect in OC4J container managed security. I would expect this issue to be fixed in a more recent version of OC4J.
However, the work around until then is to protect all JSPX files in a directory instead of using wild card matches
Frank

Sharing a PM's project with a TeamMember using SharePoint Security Mode

When using SharePoint Security Mode, is it possible for a Project Manager to share a his project plan with a particular Team Member? If so what are the steps?
I am asking because we want certain Team Member to be the Status Manager for certain assignments in the project plan.
Thanks in advance,
\Spiro Theopoulos PMP, MCITP. Montreal, QC (Canada)

Hi Spiro,
Have you tried assigning the particular Team member to the Owners group for that Project/Site so the team member can edit the project?
Paul

Opening multiple URLs using window.open in Safari 3

Anyone know how to write javascript to open multiple URLs at once using Safari 3? Code like this worked fine in Safari 2, but when I upgraded to 10.4.11, Safari 3 now only opens the first URL when the javascript is run.
window.open(url1);
window.open(url2);
window.open(url3);
Thanks!
BTW, I'm also using Saft (and had been using it before when this worked).

If the Saft preference of "Always open browser window in tab" is unchecked, then Safari 3 will open each of the URLs in new Windows.
I've written to the author of Saft about the issue and will follow-up here with more details when available.

TAPS in cucm secure mode (mixed mode)

hi guys,
as far as my research goes, the TAPS will not work in cucm with secure mode because it does not allow auto registration. the option is to make it non-secure, deploy phones using TAPS and then make it secure. but this will not work for us at this point because we have already 200 phones deployed and in production.
is there any better way to deploy 1200 phones. I mean I can scan macs and assign to users and bulk import but it will be a nightmare for 1200 phones as we need to know each and every mac to user assignment. this require separation by floors and departments.
thanks in advance.
vijay

1. Check your ports, make sure they are open.
2. For password sync you'll need to have SSL certificates configured so AD, OIM and the connector can talk securely. Make sure the proper keystore is used and certificate is present on all 3 (the connector includes the guide to install them)
With the above I got my connector working to this point. Hope that helps.
- JP

ACE-Single VIP-Multiple URL-Multiple ServerFarm

Hi Everyone,
I am trying to put together a configuration that has multiple requirements that are all dependant so I wanted to post in a single discussion. Please see the parameters below:
1. ACE 4710 placed in DMZ in one-armed mode
2. Use only 2 VIPS (1 for HTTP traffic and 1 HTTPS traffic)
3. Multiple URLs for each VIP. Each URL makes use of sub-domains (ex. "subdomain1.domain.com" , "subdomain2.domain.com")
4. Match on the hostheader and send to a corresponding serverfarm. (each URL has seperate serverfarm).
5. SSL off-load. All Secure URL's share a single wild-card certificate.
6. Any connections to Secure URL's that connect using HTTP need to be redirected to HTTPS and then load-balanced. I would like to have a single redirect serverfarm that will take the path and url that is sent,whichever that may be, and redirect it to HTTPS.
So here are my questions:
1. One of the URL's being matched is for Exchange 2010 (OWA and ActiveSync). Since all services will be directed at the same serverfarm I believe that matching on the sub-domain (host header) will be sufficient for both services but I would like some confirmation.
2. I would like to confirm that the composition of my class-maps and subsequent policy-maps will meet the requirements listed above.
3. I would like any suggestions on how I may make this configuration more efficient.
I have attached a scrubbed copy of my configuration, any suggestions would be greatly appreciated!!!

Hi Michael,
One of the URL's being matched is for Exchange 2010 (OWA and ActiveSync). Since all services will be directed at the same serverfarm I believe that matching on the sub-domain (host header) will be sufficient for both services but I would like some confirmation
The ACE performs regular expression matching against the received packet data and hence you can use a single expression like \.mvnu\.edu and that should match msmail\.mvnu\.edu", ihelp\.mvnu\.edu and ishare\.mvnu\.edu and since all of them need to go to same serverfarm there is no need to define three different server farms under policy map.
2. I would like to confirm that the composition of my class-maps and subsequent policy-maps will meet the requirements listed above.
The config looks fine but you can make it more stream line by using one regex which will match all host header information and since it needs to go one serverfarm only, it is not required to have three different server farms unless needed of course. Pardon if i haven't understood your requirment correctly.
3. I would like any suggestions on how I may make this configuration more efficient.
It should be there in answer 1:)
Please feel free to discuss if there is something which is not what you were looking for.
Regards,
Kanwal

Using container managed form-based security in JSF

h1. Using container managed, form-based security in a JSF web app.
A Practical Solution
h2. {color:#993300}*But first, some background on the problem*{color}
The Form components available in JSF will not let you specify the target action, everything is a post-back. When using container security, however, you have to specifically submit to the magic action j_security_check to trigger authentication. This means that the only way to do this in a JSF page is to use an HTML form tag enclosed in verbatim tags. This has the side effect that the post is not handled by JSF at all meaning you can't take advantage of normal JSF functionality such as validators, plus you have a horrible chimera of a page containing both markup and components. This screws up things like skinning. ([credit to Duncan Mills in this 2 years old article|http://groundside.com/blog/DuncanMills.php?title=j2ee_security_a_jsf_based_login_form&more=1&c=1&tb=1&pb=1]).
In this solution, I will use a pure JSF page as the login page that the end user interacts with. This page will simply gather the input for the username and password and pass that on to a plain old jsp proxy to do the actual submit. This will avoid the whole problem of having to use verbatim tags or a mixture of JSF and JSP in the user view.
h2. {color:#993300}*Step 1: Configure the Security Realm in the Web App Container*{color}
What is a container? A container is basically a security framework that is implemented directly by whatever app server you are running, in my case Glassfish v2ur2 that comes with Netbeans 6.1. Your container can have multiple security realms. Each realm manages a definition of the security "*principles*" that are defined to interact with your application. A security principle is basically just a user of the system that is defined by three fields:
- Username
- Group
- Password
The security realm can be set up to authenticate using a simple file, or through JDBC, or LDAP, and more. In my case, I am using a "file" based realm. The users are statically defined directly through the app server interface. Here's how to do it (on Glassfish):
1. Start up your app server and log into the admin interface (http://localhost:4848)
2. Drill down into Configuration > Security > Realms.
3. Here you will see the default realms defined on the server. Drill down into the file realm.
4. There is no need to change any of the default settings. Click the Manage Users button.
5. Create a new user by entering username/password.
Note: If you enter a group name then you will be able to define permissions based on group in your app, which is much more usefull in a real app.
I entered a group named "Users" since my app will only have one set of permissions and all users should be authenticated and treated the same.
That way I will be able to set permissions to resources for the "Users" group that will apply to all users that have this group assigned.
TIP: After you get everything working, you can hook it all up to JDBC instead of "file" so that you can manage your users in a database.
h2. {color:#993300}*Step 2: Create the project*{color}
Since I'm a newbie to JSF, I am using Netbeans 6.1 so that I can play around with all of the fancy Visual Web JavaServer Faces components and the visual designer.
1. Start by creating a new Visual Web JSF project.
2. Next, create a new subfolder under your web root called "secure". This is the folder that we will define a Security Constraint for in a later step, so that any user trying to access any page in this folder will be redirected to a login page to sign in, if they haven't already.
h2. {color:#993300}*Step 3: Create the JSF and JSP files*{color}
In my very simple project I have 3 pages set up. Create the following files using the default templates in Netbeans 6.1:
1. login.jsp (A Visual Web JSF file)
2. loginproxy.jspx (A plain JSPX file)
3. secure/securepage.jsp (A Visual Web JSF file... Note that it is in the sub-folder named secure)
Code follows for each of the files:
h3. {color:#ff6600}*First we need to add a navigation rule to faces-config.xml:*{color}
    <navigation-rule>
<from-view-id>/login.jsp</from-view-id>
        <navigation-case>
<from-outcome>loginproxy</from-outcome>
<to-view-id>/loginproxy.jspx</to-view-id>
        </navigation-case>
    </navigation-rule>
NOTE: This navigation rule simply forwards the request to loginproxy.jspx whenever the user clicks the submit button. The button1_action() method below returns the "loginproxy" case to make this happen.
h3. {color:#ff6600}*login.jsp -- A very simple Visual Web JSF file with two input fields and a button:*{color}
<?xml version="1.0" encoding="UTF-8"?>
<jsp:root version="2.1"
xmlns:f="http://java.sun.com/jsf/core"
xmlns:h="http://java.sun.com/jsf/html"
xmlns:jsp="http://java.sun.com/JSP/Page"
xmlns:webuijsf="http://www.sun.com/webui/webuijsf">
    <jsp:directive.page
contentType="text/html;charset=UTF-8"
pageEncoding="UTF-8"/>
    <f:view>
        <webuijsf:page
id="page1">
<webuijsf:html id="html1">
<webuijsf:head id="head1">
<webuijsf:link id="link1"
url="/resources/stylesheet.css"/>
</webuijsf:head>
<webuijsf:body id="body1" style="-rave-layout: grid">
<webuijsf:form id="form1">
<webuijsf:textField binding="#{login.username}"
id="username" style="position: absolute; left: 216px; top:
96px"/>
<webuijsf:passwordField binding="#{login.password}" id="password"
style="left: 216px; top: 144px; position: absolute"/>
<webuijsf:button actionExpression="#{login.button1_action}"
id="button1" style="position: absolute; left: 216px; top:
216px" text="GO"/>
</webuijsf:form>
</webuijsf:body>
</webuijsf:html>
        </webuijsf:page>
    </f:view>
</jsp:root>h3. *login.java -- implent the
button1_action() method in the login.java backing bean*
    public String button1_action() {
        setValue("#{requestScope.username}",
(String)username.getValue());
setValue("#{requestScope.password}", (String)password.getValue());
        return "loginproxy";
    }h3. {color:#ff6600}*loginproxy.jspx -- a login proxy that the user never sees. The onload="document.forms[0].submit()" automatically submits the form as soon as it is rendered in the browser.*{color}
{code}
<?xml version="1.0" encoding="UTF-8"?>
<jsp:root xmlns:jsp="http://java.sun.com/JSP/Page"
version="2.0">
<jsp:output omit-xml-declaration="true" doctype-root-element="HTML"
doctype-system="http://www.w3.org/TR/html4/loose.dtd"
doctype-public="-W3CDTD HTML 4.01 Transitional//EN"/>
<jsp:directive.page contentType="text/html"
pageEncoding="UTF-8"/>
<html>
<head> <meta
http-equiv="Content-Type" content="text/html;
charset=UTF-8"/>
<title>Logging in...</title>
</head>
<body
onload="document.forms[0].submit()">
<form
action="j_security_check" method="POST">
<input type="hidden" name="j_username"
value="${requestScope.username}" />
<input type="hidden" name="j_password"
value="${requestScope.password}" />
</form>
</body>
</html>
</jsp:root>
{code}
h3. {color:#ff6600}*secure/securepage.jsp -- A simple JSF{color}
target page, placed in the secure folder to test access*
{code}
<?xml version="1.0" encoding="UTF-8"?>
<jsp:root version="2.1"
xmlns:f="http://java.sun.com/jsf/core"
xmlns:h="http://java.sun.com/jsf/html"
xmlns:jsp="http://java.sun.com/JSP/Page" xmlns:webuijsf="http://www.sun.com/webui/webuijsf">
<jsp:directive.page
contentType="text/html;charset=UTF-8"
pageEncoding="UTF-8"/>
<f:view>
<webuijsf:page
id="page1">
<webuijsf:html id="html1">
<webuijsf:head id="head1">
<webuijsf:link id="link1"
url="/resources/stylesheet.css"/>
</webuijsf:head>
<webuijsf:body id="body1" style="-rave-layout: grid">
<webuijsf:form id="form1">
<webuijsf:staticText id="staticText1" style="position:
absolute; left: 168px; top: 144px" text="A Secure Page"/>
</webuijsf:form>
</webuijsf:body>
</webuijsf:html>
</webuijsf:page>
</f:view>
</jsp:root>
{code}
h2. {color:#993300}*_Step 4: Configure Declarative Security_*{color}
This type of security is called +declarative+ because it is not configured programatically. It is configured by declaring all of the relevant parameters in the configuration files: *web.xml* and *sun-web.xml*. Once you have it configured, the container (application server and java framework) already have the implementation to make everything work for you.
*web.xml will be used to define:*
- Type of security - We will be using "form based". The loginpage.jsp we created will be set as both the login and error page.
- Security Roles - The security role defined here will be mapped (in sun-web.xml) to users or groups.
- Security Constraints - A security constraint defines the resource(s) that is being secured, and which Roles are able to authenticate to them.
*sun-web.xml will be used to define:*
- This is where you map a Role to the Users or Groups that are allowed to use it.
+I know this is confusing the first time, but basically it works like this:+
*Security Constraint for a URL* -> mapped to -> *Role* -> mapped to -> *Users & Groups*
h3. {color:#ff6600}*web.xml -- here's the relevant section:*{color}
{code}
<security-constraint>
<display-name>SecurityConstraint</display-name>
<web-resource-collection>
<web-resource-name>SecurePages</web-resource-name>
<description/>
<url-pattern>/faces/secure/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
<http-method>HEAD</http-method>
<http-method>PUT</http-method>
<http-method>OPTIONS</http-method>
<http-method>TRACE</http-method>
<http-method>DELETE</http-method>
</web-resource-collection>
<auth-constraint>
<description/>
<role-name>User</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<realm-name/>
<form-login-config>
<form-login-page>/faces/login.jsp</form-login-page>
<form-error-page>/faces/login.jsp</form-error-page>
</form-login-config>
</login-config>
<security-role>
<description/>
<role-name>User</role-name>
</security-role>
{code}
h3. {color:#ff6600}*sun-web.xml -- here's the relevant section:*{color}
{code}
<security-role-mapping>
<role-name>User</role-name>
<group-name>Users</group-name>
</security-role-mapping>
{code}
h3. {color:#ff6600}*Almost done!!!*{color}
h2. {color:#993300}*_Step 5: A couple of minor "Gotcha's"_ *{color}
h3. {color:#ff6600}*_Gotcha #1_*{color}
You need to configure the "welcome page" in web.xml to point to faces/secure/securepage.jsp ... Note that there is *_no_* leading / ... If you put a / in there it will barf all over itself .
h3. {color:#ff6600}*_Gotcha #2_*{color}
Note that we set the <form-login-page> in web.xml to /faces/login.jsp ... Note the leading / ... This time, you NEED the leading slash, or the server will gag.
*DONE!!!*
h2. {color:#993300}*_Here's how it works:_*{color}
1. The user requests the a page from your context (http://localhost/MyLogin/)
2. The servlet forwards the request to the welcome page: faces/secure/securepage.jsp
3. faces/secure/securepage.jsp has a security constraint defined, so the servlet checks to see if the user is authenticated for the session.
4. Of course the user is not authenticated since this is the first request, so the servlet forwards the request to the login page we configured in web.xml (/faces/login.jsp).
5. The user enters username and password and clicks a button to submit.
6. The button's action method stores away the username and password in the request scope.
7. The button returns "loginproxy" navigation case which tells the navigation handler to forward the request to loginproxy.jspx
8. loginproxy.jspx renders a blank page to the user which has hidden username and password fields.
9. The hidden username and password fields grab the username and password variables from the request scope.
10. The loginproxy page is automatically submitted with the magic action "j_security_check"
11. j_security_check notifies the container that authentication needs to be intercepted and handled.
12. The container authenticates the user credentials.
13. If the credentials fail, the container forwards the request to the login.jsp page.
14. If the credentials pass, the container forwards the request to *+the last protected resource that was attempted.+*
+Note the last point! I don't know how, but no matter how many times you fail authentication, the container remembers the last page that triggered authentication and once you finally succeed the container forwards your request there!!!!+
+The user is now at the secure welcome page.+
If you have read this far, I thank you for your time, and I seriously question your ability to ration your time pragmatically.
Kerry Randolph

If you want login security on your web app, this is one way to do it. (the easiest way i have seen).
This method allows you to create a custom login form and error page using JSF.
The container handles the actual authentication and protection of the resources based on what you declare in web.xml and sun-web.xml.
This example uses a statically defined user/password, stored in a file, but you can also configure JDBC realm in Glassfish, so that that users can register for access and your program can store the username/passwrod in a database.
I'm new to programming, so none of this may be a good practice, or may not be secure at all.
I really don't know what I'm doing, but I'm learning, and this has been the easiest way that I have found to add authentication to a web app, without having to write the login modules yourself.
Another benefit, and I think this is key ***You don't have to include any extra code in the pages that you want to protect*** The container manages this for you, based on the constraints you declare in web.xml.
So basically you set it up to protect certain folders, then when any user tries to access pages in that folder, they are required to authenticate.
--Kerry

What are the things taken care while using multiple suites?

Hi all,
I have created a plugin which sends the current file path to an url,
its working fine with debugging in Visual studio 2005 and while it is added to the Adobe Illustrator its works only once.
That is its sending the file path only for one file. While i tried for the second time its not working
I am using following suits in my plugin
AIDocumentSuite
AIFilePathSuite
AIActionManagerSuite
AIUnicodeStringSuite
AIURLSuite
I am using the "AIURLSuite" for calling the url and it is calling the url multiple times while its used alone, and its only working once with the multiple suites.
What are the things taken care while using multiple suites? , is it neccessary to release all variables and the suites after completing the task?
Should they released in the same order in which they are acquired?
Thanks in advance
Sreejesh K V

Hi,
The problem was with the "sAIDocument->GetDocumentModified(mod);"
The "GetDocumentModified" is crashing after executing once, i just removed that statement , and now
i am forcefully saving the document with out checking the modification status!
Its working fine now!
Could you please tell me how can we lock a plugin , or a particular function in a plugin.
There is any specific standard to use the GetDocumentModified function?
Thanks and Best Regards
Sreejesh K V

Why named parameter can't be used multiple times in PL/SQL block in JDBC

with the following PL/SQL block, when I run int in JDBC, I get an error,
it says, The number of parameter names does not match the number of registered parameters.
if all named parameters are used only once, then my program works fine.
My old program uses Oracle Forms to run the attached PL/SQL block correctly, I just want to run them in JDBC without more efforts, I don't want to rewrite all PL/SQL blocks.
Does oracle driver support this case? why the PL/SQL block can work in Oracle Forms but failed in JDBC?
Can we have an another solutions to avoid rewriting the PL/SQL block to stored procedure?
if I use following SQL:
BEGIN if :q is null then :q := 'X'; else :q := 'Y'; end if; END;
, Using java program:
import java.sql.*; public class RunPLSQLBlock { public static void main(String s[]) throws SQLException { String URL = "jdbc:oracle:thin:@192.168.11.199:1521:TIBSTEST"; Connection con = null; try { Class.forName("oracle.jdbc.driver.OracleDriver"); con = (Connection) DriverManager.getConnection(URL, "FBP1DEV", "FBP1DEV"); String SQL = "BEGIN if :q is null then :q := 'X'; else :q := 'Y'; end if; END;"; CallableStatement stmt = con.prepareCall(SQL); stmt.registerOutParameter("q", Types.VARCHAR); stmt.setString("q", "A"); stmt.execute(); } catch (Exception e) { e.printStackTrace(); } finally { if (con != null) { con.close(); } } } }
in the coding, only "q" registered, I got:
java.sql.SQLException: The number of parameter names does not match the number of registered praremeters at oracle.jdbc.driver.OracleSql.setNamedParameters(OracleSql.java:314) at oracle.jdbc.driver.OracleCallableStatement.execute(OracleCallableStatement.java:10096) at oracle.jdbc.driver.OraclePreparedStatementWrapper.execute(OraclePreparedStatementWrapper.java:5693) at RunPLSQLBlock.main(RunPLSQLBlock.java:28)
now, tried to register 3 indexes, changed fragments are below.
import java.sql.*; public class RunPLSQLBlock { public static void main(String s[]) throws SQLException { String URL = "jdbc:oracle:thin:@192.168.11.199:1521:TIBSTEST"; Connection con = null; try { Class.forName("oracle.jdbc.driver.OracleDriver"); con = (Connection) DriverManager.getConnection(URL, "FBP1DEV", "FBP1DEV"); String SQL = "BEGIN if :q is null then :q := 'X'; else :q := 'Y'; end if; END;"; CallableStatement stmt = con.prepareCall(SQL); stmt.registerOutParameter(1, Types.VARCHAR); stmt.registerOutParameter(2, Types.VARCHAR); stmt.registerOutParameter(3, Types.VARCHAR); stmt.setString(1, "A"); stmt.execute(); } catch (Exception e) { e.printStackTrace(); } finally { if (con != null) { con.close(); } } } }
now error changed to:
java.sql.SQLException: ORA-01006: bind variable does not exist at oracle.jdbc.driver.T4CTTIoer.processError(T4CTTIoer.java:457) at oracle.jdbc.driver.T4CTTIoer.processError(T4CTTIoer.java:400) at oracle.jdbc.driver.T4C8Oall.processError(T4C8Oall.java:926) at oracle.jdbc.driver.T4CTTIfun.receive(T4CTTIfun.java:476) at oracle.jdbc.driver.T4CTTIfun.doRPC(T4CTTIfun.java:200) at oracle.jdbc.driver.T4C8Oall.doOALL(T4C8Oall.java:543) at oracle.jdbc.driver.T4CCallableStatement.doOall8(T4CCallableStatement.java:208) at oracle.jdbc.driver.T4CCallableStatement.executeForRows(T4CCallableStatement.java:1416) at oracle.jdbc.driver.OracleStatement.doExecuteWithTimeout(OracleStatement.java:1757) at oracle.jdbc.driver.OraclePreparedStatement.executeInternal(OraclePreparedStatement.java:4372) at oracle.jdbc.driver.OraclePreparedStatement.execute(OraclePreparedStatement.java:4595) at oracle.jdbc.driver.OracleCallableStatement.execute(OracleCallableStatement.java:10100) at oracle.jdbc.driver.OraclePreparedStatementWrapper.execute(OraclePreparedStatementWrapper.java:5693) at RunPLSQLBlock.main(RunPLSQLBlock.java:26)
, now tried register only 1 position like below,
CallableStatement stmt = con.prepareCall(SQL);   stmt.registerOutParameter(1, Types.VARCHAR);   stmt.setString(1, "A");   stmt.execute();
, it says:
java.sql.SQLException: Missing IN or OUT parameter at index:: 2 at oracle.jdbc.driver.OraclePreparedStatement.processCompletedBindRow(OraclePreparedStatement.java:2177) at oracle.jdbc.driver.OraclePreparedStatement.executeInternal(OraclePreparedStatement.java:4356) at oracle.jdbc.driver.OraclePreparedStatement.execute(OraclePreparedStatement.java:4595) at oracle.jdbc.driver.OracleCallableStatement.execute(OracleCallableStatement.java:10100) at oracle.jdbc.driver.OraclePreparedStatementWrapper.execute(OraclePreparedStatementWrapper.java:5693) at RunPLSQLBlock.main(RunPLSQLBlock.java:26)
, now let try a OK case, which use all named parameters only once. coding like below, SQL and Java listed below.
BEGIN if :q is null then :r := 'X'; else :s := 'Y'; end if; EXCEPTION   WHEN NO_DATA_FOUND THEN     NULL; END;
import java.sql.*; public class RunPLSQLBlock { public static void main(String s[]) throws SQLException { String URL = "jdbc:oracle:thin:@192.168.11.199:1521:TIBSTEST"; Connection con = null; try { Class.forName("oracle.jdbc.driver.OracleDriver"); con = (Connection) DriverManager.getConnection(URL, "FBP1DEV", "FBP1DEV"); String SQL = "BEGIN if :q is null then :r := 'X'; else :s := 'Y'; end if; END;"; CallableStatement stmt = con.prepareCall(SQL); stmt.registerOutParameter("q", Types.VARCHAR); stmt.registerOutParameter("r", Types.VARCHAR); stmt.registerOutParameter("s", Types.VARCHAR); stmt.setString("q", "A"); stmt.execute(); System.out.println("Q :" + stmt.getString("q")); System.out.println("R :" + stmt.getString("r")); System.out.println("S :" + stmt.getString("s")); } catch (Exception e) { e.printStackTrace(); } finally { if (con != null) { con.close(); } } } }
, the case give us the following output:
Q :A R :null S :Y
2nd part, I also tried another scheme, to use 'execute immediate', test code attached below, it also have errors.
begin execute immediate 'begin if :q is null then :q := ''X''; else :q := ''Y''; :r := ''Z''; end if; end;' using in out :q, out :r; end;
, Java Code:
import java.sql.*; public class RunDynamicSQL { public static void main(String s[]) throws SQLException { String URL = "jdbc:oracle:thin:@192.168.11.199:1521:TIBSTEST"; Connection con = null; try { Class.forName("oracle.jdbc.driver.OracleDriver"); con = (Connection) DriverManager.getConnection(URL, "FBP1DEV", "FBP1DEV"); String SQL ="begin execute immediate 'begin if :q is null then :q := ''X''; else :q := ''Y''; :r := ''Z''; end if; end;' using in out :q, out :r; end;"; CallableStatement stmt = con.prepareCall(SQL); stmt.registerOutParameter("q", Types.VARCHAR); stmt.registerOutParameter("r", Types.VARCHAR); stmt.setString("q", "A"); stmt.execute(); System.out.println("Q :" + stmt.getString("q")); System.out.println("R :" + stmt.getString("r")); } catch (Exception e) { e.printStackTrace(); } finally { if (con != null) { con.close(); } } } }
, the output is, we can find when parameter 'q' is IN OUT mode, we can't get its final value:
Q :null R :Z
, now I tried my workaround, it works fine by using a temporary variable, now my named parameter is split to 2 roles, one is for IN, another is for OUT, now I can get final out value.
declare q clob; r clob; begin q := ?; r := ?; execute immediate 'begin if :q is null then :q := ''X''; else :q := ''Y''; :r := ''Z''; end if; end;' using in out q, out r; ? := q; ? := r; end;
, my test java code,
import java.sql.*; public class RunDynamicSQL { public static void main(String s[]) throws SQLException { String URL = "jdbc:oracle:thin:@192.168.11.199:1521:TIBSTEST"; Connection con = null; try { Class.forName("oracle.jdbc.driver.OracleDriver"); con = (Connection) DriverManager.getConnection(URL, "FBP1DEV", "FBP1DEV"); String SQL ="declare q clob;r clob; begin q := ?; r := ?; execute immediate 'begin if :q is null then :q := ''X''; else :q := ''Y''; :r := ''Z''; end if; end;' using in out q, out r; ? := q; ? := r; end;"; CallableStatement stmt = con.prepareCall(SQL); stmt.registerOutParameter(3, Types.VARCHAR); stmt.registerOutParameter(4, Types.VARCHAR); stmt.setString(1, "A"); stmt.setString(2, "A"); stmt.execute(); System.out.println("Q :" + stmt.getString(3)); System.out.println("R :" + stmt.getString(4)); } catch (Exception e) { e.printStackTrace(); } finally { if (con != null) { con.close(); } } } }
, the output is expected,
Q :Y R :Z
Database:
Oracle Database 10g Enterprise Edition Release 10.2.0.4.0 - 64bit Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options
JDBC Driver, extracted from ojdbc6_g.jar/META-INF/MANIFEST.MF :
Created-By: 1.5.0_30-b03 (Sun Microsystems Inc.)
Implementation-Vendor: Oracle Corporation
Implementation-Title: JDBC debug
Implementation-Version: 11.2.0.3.0
Repository-Id: JAVAVM_11.2.0.3.0_LINUX_110823
Specification-Vendor: Sun Microsystems Inc.
Specification-Title: JDBC
Specification-Version: 4.0
Main-Class: oracle.jdbc.OracleDriver
JDK:
java version "1.7.0"
Java(TM) SE Runtime Environment (build 1.7.0-b147)
Java HotSpot(TM) Client VM (build 21.0-b17, mixed mode, sharing)
Edited by: jamxval on 2013-3-22 2:01PM (UTC+08:00), Give full test java program and SQL, added environment/API level; Attached another problem.
Edited by: jamxval on 2013-3-26 17:57 (UTC +08), Adjust code style

Hi, thanks for your response, now I see, the named parameter is for stored procedure only, for PL/SQL block we name it placeholder name.
After cast my java.sql.CallableStatement to oracle.jdbc.OracleCallableStatement, I can find setStringAtName,
now, I have only one question:I can't find corresponding methods for registerOutputParameter, how we fetch output value?
I tried to callableStatement.getString("q"); it reports errors, but there are no ordinal binding in my source code, does placeholder names doesn't support OUT mode?
Java:
CallableStatement stmt = con.prepareCall("BEGIN if :q is null then :r := 'X'; else :s := 'Y'; end if; END;");
oracle.jdbc.OracleCallableStatement call = (oracle.jdbc.OracleCallableStatement) stmt;
call.registerOutParameter("q", Types.VARCHAR);
call.registerOutParameter("r", Types.VARCHAR);
call.registerOutParameter("s", Types.VARCHAR);
call.setStringAtName("q", "A");
call.setStringAtName("r", "A");
call.setStringAtName("s", "A");
call.execute();
System.out.println("Q :" + call.getString("q"));
</Java>
<output>
java.sql.SQLException: 不允许的操作: Ordinal binding and Named binding cannot be combined!
     at oracle.jdbc.driver.DatabaseError.throwSqlException(DatabaseError.java:112)
     at oracle.jdbc.driver.DatabaseError.throwSqlException(DatabaseError.java:146)
     at oracle.jdbc.driver.OracleCallableStatement.getString(OracleCallableStatement.java:2834)
     at RunPLSQLBlock.main(RunPLSQLBlock.java:33)
</output>by the way, in my below-mentioned SQL 'problematic', when my code uses 'execute immediate' and use placeholder names in IN OUT mode, we always get NULL value (i.e. ':q'), but we can get final value of ':r' when ':r' is OUT mode only; now I get a workaround attached in below-mentioned 'my workaround' block, which split the IN OUT roles to 2 parts, it can work now;
It seems that the difference between 'problematic' and 'my workaround' imply that there are something work unexpectedly when the driver process the placeholder names, because 'my workaround' and ':r in problematic case' make sure the 'execute immediate' returned output values correctly, unluckly driver layer can't get return values.
<SQL name = 'problematic'>
begin
     execute immediate 'begin if :q is null then :q := ''X''; else :q := ''Y''; :r := ''Z''; end if; end;'
     using in out :q, out :r;
end;
</SQL>
<SQL name='my workaround'>
declare
     q clob;
     r clob;
begin
     q := ?;
     r := ?;
     execute immediate 'begin if :q is null then :q := ''X''; else :q := ''Y''; :r := ''Z''; end if; end;' using in out q, out r;
     ? := q;
     ? := r;
end;Edited by: EJP on 26/03/2013 14:14

Scale 802.1X ACS in High Security Mode any Idea's?

Scenario
Platform ACS V 5.1.0.44
Switch 4510R with 8 48 port modules (384 ports)
802.1x authentication of the ports in High Security Mode (VLAN assignments required)
Authentication Method Cert based eap-tls to machine
we currently have 4 Data Vlans that users and assets drop into on this switch
How do I scale this as I cant differentiate the cert to distribute the users across the 4 vlans in ACS?
I think I can use unique Identity groups for the MAB of assets but the users has me really scratching my head.

Looks like a Switching group has been looking at this as a possible answer for the stack switches but I cant configure vlan groups on 4510's
and would theres no config guide on how to apply it in ACS 5.1 (use attrib 81 like we do for vlan assignment?)
12.2(52)SE
IEEE 802.1x User Distribution to allow deployments with multiple VLANs (for a group of users) to improve scalability of the network by load balancing users across different VLANs. Authorized users are assigned to the least populated VLAN in the group, assigned by RADIUS server.
12.2(52)SE
3750-E, 3560-E
But then you get bit with even using VLAN assignments on large stacks
•When IEEE 802.1x authentication with VLAN assignment is enabled, a CPUHOG message might appear if the switch is authenticating supplicants in a switch stack.
The workaround is not use the VLAN assignment option. (CSCse22791)

SSL and security modes

We are getting ready to implement SSL on the Portal Server and after reading the documentation, I'm not sure which security mode we need to be in. Will mode 0 be fine as long we require SSL on IIS on the portal server?

Hi Eric,
You mentioned that your site is in mode 2. How was the performance? Are you using an accelerator? Please send me the link if that is alright. We have been playing with https (mode 2) but no success since all admin tasks stopped working. Our next step is to install a separate portal inside the firewall....Any tips would be appreciated.
Thanks,
Leona------- Eric Whitley wrote on 9/17/04 10:33 AM -------
I think you'll want to at least set SSL mode to 1. I'm going to just write out my understanding of things, and I only really have PT 4.5 WS in production, so if I'm off, well... somebody correct me. :)
Something to keep in mind - Plumtree needs to "know" which SSL mode you're setting up so it can construct the links for all click-throughs (http://myservervs https://myserver).
0 = no SSL. Even if you place SSL on IIS Plumtree won't care - in fact, if you click on 'require SSL' on IIS, I think you'll run into problems. Plumtree won't construct URLs with the appropriate "https" prefix, which will likely cause problems.
1 = apply security to pages that need it. Login pages, document click-throughs, etc. as defined in the secure activity spaces configuration. Plumtree will apply the "https" to only those pages/links.
2 = SSL everything, everywhere. Our portal current has this configuration.
Clicking on "require SSL" on the virtual directory will only deal with the IIS portion - you still need to indicate to Plumtree how much/where you want it applied so it can construct the links appropriately. Try setting "1" to see if it will get you where baseline security - our clients and global security team force us to SSL everything conceivable, so we use setting "2".
That help?
Eric

Performance Issues with Acrobat Reader 11.0.0.2 when secure mode is enabled

Hello All,
We are experiencing sporadic issues with Acrobat 11.0.0.2 across our domain, users are reporting performance issues when opening PDF documents whether locally or from a network share.
We have found that turning off Secure Mode helps towards reducing this delay and in the cases it doesn't we are repairing the installation and/or reinstalling the application.
Due to the security implications we need to leave this turned on, I am wondering if anyone has encountered this issue and what steps were taken towards resolving it?
I also wonder whether the white list function in the new release 11.0.0.3 would be a solution to this issue?
Kind Regards,
Ryan McCarty

No probelm, so....
We had no problems with Adobe Reader 9 and 10, we encountered the issues when upgrading to 11.0.0.2.
Initially we found that turning off the Protected Mode, helped but did not resolve the issue.
We tried;
1. Turn off protected mode - issue still present
2. Clearing the recent file registry using the below registry path and deleting the keys underneath it.
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\11.0\AVGeneral\cRecentFiles (this does not turn recent files off permanently). - works but needs clearing regularly
3. Turning off welcome screen by creating - HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Adobe\Acrobat Reader\11.0\FeatureLockDown\cWelcomeScreen - works to improve app open speed.
4. uninstall/reinstall of 11.0.0.2 - works most likley due to the recent files being cleared.
5. upgrade to 11.0.0.3 - issue still present
Following reboots the issue is still present.
When Adobe Reader is the only application open this issue is still present.
As mentioned I have no systems available which I could test this issue using 11.0.0.1 as we have fixed them, albeit temporarily using the reinstall method.
I am concious that this issue is going to reoccur once that cache (recent files) builds back up because the fix above (#2) is clearing the recent files cache NOT disabling it.

Use multiple URLS in Mixed Security mode

Similar Messages

Maybe you are looking for