User Based whitelist with SpamAssassin

Hello,
im currently setting up a IMS 5.2 with SpamAssassin as a spam filter.
The user should be able to switch the Spam filter on and off. If the filter is on, a check required if the sender (From:) address is within the AddressBook of the receiver of the email. The on/off information and the AddressBook are stored within LDAP. My question is how to configure the rewrite rules and the channels within the IMTA in order to check on/off and if the sender is in the address book of the receiver. Based on this check the mail should be processed by SpamAssassin or not.
tschneider74

I managed to have a ldap lookup for the receiver of the email within the rewrite rule.
The rewrite rule looks like this:
testdomain.com $U%testdomain.com@test_ts-$]ldap://ldaphost:449/ou=people,o=organization?spamenabled?sub?(mail=$[email protected])[daemon
dependent on the ldap value found for this search the test_ts-XXXdaemon channel is used.
But is there a way to use the sender and the receiver of the email within the ldapsearch in such a rewrite rule? In order to solve my task I need to take the receiver and search in the receivers address book for the sender of the email.

Similar Messages

IronPort, user based filtering with MS terminal / Citrix?

Hi there,
Can someone tell me if the IronPort can handle user based filtering on MS terminalserver / Citrix (multi-user server) with AD-integration?
Thanks a lot.
Greets,
Norbert

If you're using transparent redirection on the Citrix boxes you can use
Use Cookie Surrogates
Turn on the "Virtual IP" feature in Citrix. (which really means Citrix is dealing with the problem, not the WSA)
The issue with cookie surrogates is that https traffic appears to be unauthenticated to the WSA and some applications can't deal with them. (check the help file on the box under "Understanding How Authentication Affects HTTPS and FTP over HTTP Requests")
How are you doing the redirection? If you're using explicit redirection, you can turn off surrogates for an identity and it does authentication that is session based...
The simplest would be Virtual IP on Citrix, since that looks the most like a regular workstation to a WSA...

User Based Authorization with ISE

I am trying to configure ISE to limit the activitiy of individual users once they have logged in from an authorized PC into our netowrk. We basically only want them to be able to connect to specific systems. Is ISE able to do this on a per user basis?

Yes.
One of the things you can do via your Authorization policy is to push a downloadable ACL (dACL) to the port (for wired users). For wireless users you can apply a pre-defined Airespace ACL from the WLC to the user session.

Issue with SharePoint foundation 2010 to use Claims Based Auth with Certificate authentication method with ADFS 2.0

I would love some help with this issue. I have configured my SharePoint foundation 2010 site to use Claims Based Auth with Certificate authentication method with ADFS 2.0 I have a test account set up with lab.acme.com to use the ACS.
When I log into my site using Windows Auth, everything is great. However when I log in and select my ACS token issuer, I get sent, to the logon page of the ADFS, after selected the ADFS method. My browser prompt me which Certificate identity I want
to use to log in and after 3-5 second
and return me the logon page with error message “Authentication failed”
I base my setup on the technet article
http://blogs.technet.com/b/speschka/archive/2010/07/30/configuring-sharepoint-2010-and-adfs-v2-end-to-end.aspx
I validated than all my certificate are valid and able to retrieve the crl
I got in eventlog id 300
The Federation Service failed to issue a token as a result of an error during processing of the WS-Trust request.
Request type: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue
Additional Data
Exception details:
Microsoft.IdentityModel.SecurityTokenService.FailedAuthenticationException: MSIS3019: Authentication failed. ---> System.IdentityModel.Tokens.SecurityTokenValidationException:
ID4070: The X.509 certificate 'CN=Me, OU=People, O=Acme., C=COM' chain building failed. The certificate that was used has a trust chain that cannot be verified. Replace the certificate or change the certificateValidationMode. 'A certification chain processed
correctly, but one of the CA certificates is not trusted by the policy provider.
at Microsoft.IdentityModel.X509CertificateChain.Build(X509Certificate2 certificate)
at Microsoft.IdentityModel.Tokens.X509NTAuthChainTrustValidator.Validate(X509Certificate2 certificate)
at Microsoft.IdentityModel.Tokens.X509SecurityTokenHandler.ValidateToken(SecurityToken token)
at Microsoft.IdentityModel.Tokens.SecurityTokenElement.GetSubject()
at Microsoft.IdentityServer.Service.SecurityTokenService.MSISSecurityTokenService.GetOnBehalfOfPrincipal(RequestSecurityToken request, IClaimsPrincipal callerPrincipal)
--- End of inner exception stack trace ---
at Microsoft.IdentityServer.Service.SecurityTokenService.MSISSecurityTokenService.GetOnBehalfOfPrincipal(RequestSecurityToken request, IClaimsPrincipal callerPrincipal)
at Microsoft.IdentityServer.Service.SecurityTokenService.MSISSecurityTokenService.BeginGetScope(IClaimsPrincipal principal, RequestSecurityToken request, AsyncCallback callback, Object state)
at Microsoft.IdentityModel.SecurityTokenService.SecurityTokenService.BeginIssue(IClaimsPrincipal principal, RequestSecurityToken request, AsyncCallback callback, Object state)
at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustServiceContract.DispatchRequestAsyncResult..ctor(DispatchContext dispatchContext, AsyncCallback asyncCallback, Object asyncState)
at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustServiceContract.BeginDispatchRequest(DispatchContext dispatchContext, AsyncCallback asyncCallback, Object asyncState)
at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustServiceContract.ProcessCoreAsyncResult..ctor(WSTrustServiceContract contract, DispatchContext dispatchContext, MessageVersion messageVersion, WSTrustResponseSerializer responseSerializer, WSTrustSerializationContext
serializationContext, AsyncCallback asyncCallback, Object asyncState)
at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustServiceContract.BeginProcessCore(Message requestMessage, WSTrustRequestSerializer requestSerializer, WSTrustResponseSerializer responseSerializer, String requestAction, String responseAction, String
trustNamespace, AsyncCallback callback, Object state)
System.IdentityModel.Tokens.SecurityTokenValidationException: ID4070: The X.509 certificate 'CN=Me, OU=People, O=acme., C=com' chain building
failed. The certificate that was used has a trust chain that cannot be verified. Replace the certificate or change the certificateValidationMode. 'A certification chain processed correctly, but one of the CA certificates is not trusted by the policy provider.
at Microsoft.IdentityModel.X509CertificateChain.Build(X509Certificate2 certificate)
at Microsoft.IdentityModel.Tokens.X509NTAuthChainTrustValidator.Validate(X509Certificate2 certificate)
at Microsoft.IdentityModel.Tokens.X509SecurityTokenHandler.ValidateToken(SecurityToken token)
at Microsoft.IdentityModel.Tokens.SecurityTokenElement.GetSubject()
at Microsoft.IdentityServer.Service.SecurityTokenService.MSISSecurityTokenService.GetOnBehalfOfPrincipal(RequestSecurityToken request, IClaimsPrincipal callerPrincipal)
thx
Stef71

This is perfectly correct on my case I was not adding the root properly you must add the CA and the ADFS as well, which is twice you can see below my results.
on my case was :
PS C:\Users\administrator.domain> $root = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2("C:\
cer\SP2K10\ad0001.cer")
PS C:\Users\administrator.domain> New-SPTrustedRootAuthority -Name "domain.ad0001" -Certificate $root
Certificate : [Subject]
CN=domain.AD0001CA, DC=domain, DC=com
[Issuer]
CN=domain.AD0001CA, DC=portal, DC=com
[Serial Number]
blablabla
[Not Before]
22/07/2014 11:32:05
[Not After]
22/07/2024 11:42:00
[Thumbprint]
blablabla
Name : domain.ad0001
TypeName : Microsoft.SharePoint.Administration.SPTrustedRootAuthority
DisplayName : domain.ad0001
Id : blablabla
Status : Online
Parent : SPTrustedRootAuthorityManager
Version : 17164
Properties : {}
Farm : SPFarm Name=SharePoint_Config
UpgradedPersistedProperties : {}
PS C:\Users\administrator.domain> $cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2("C:\
cer\SP2K10\ADFS_Signing.cer")
PS C:\Users\administrator.domain> New-SPTrustedRootAuthority -Name "Token Signing Cert" -Certificate $cert
Certificate : [Subject]
CN=ADFS Signing - adfs.domain
[Issuer]
CN=ADFS Signing - adfs.domain
[Serial Number]
blablabla
[Not Before]
23/07/2014 07:14:03
[Not After]
23/07/2015 07:14:03
[Thumbprint]
blablabla
Name : Token Signing Cert
TypeName : Microsoft.SharePoint.Administration.SPTrustedRootAuthority
DisplayName : Token Signing Cert
Id : blablabla
Status : Online
Parent : SPTrustedRootAuthorityManager
Version : 17184
Properties : {}
Farm : SPFarm Name=SharePoint_Config
UpgradedPersistedProperties : {}
PS C:\Users\administrator.PORTAL>

OIM - Email notification to a specific user based on a dynamic rule

Hello, After creation of account in a particular target resource I need to send an email to a specific user based on the location of the user (e.g area admin).
In the notification tab of process tasks, I see only "Assignee", "Requestor", "User", "User Manager"? How can I achive the above specified requirement?
Before posting this question, I tried to search the forum for any previous posts related to this. But I couldn't find any. May be I was not searching with right key words.
Any help is appreciated. Thanks in advance.

You'll need to custom code an adapter to send the email, then you can send to any user you want. Create a new task and trigger it off the completion response code. You can use the following apis:
tcEmailNotificationUtil sendMail = new tcEmailNotificationUtil(ioDatabase);
sendMail.setBody("Type your body here or use a string variable");
sendMail.setSubject("Type your subject here or use a string variable");
sendMail.setFromAddress("[email protected]");
sendMail.sendEmail("[email protected]");
Just populate the above pieces with the information needed.
-Kevin

User based uninstall collections - Dynamic

Hi Guys,
I have been looking for sometime at how User based uninstalls are done and I see that mostly people do an Exclude on the collection and deploy an uninstall to basically everyone who DOESNT have the application deployed to them. The issue with this is
if you have a high number of apps (500 lets say) you deploy 400 either uninstall or install deployments to everyone which dramatically slows down deployment of apps on new machines etc.
With APP-V the queries are fairly straight forward and we have dynamically changing uninstall collections that only show users that have the app for them in a compliant state on a workstation in the estate, when they are fully unpublished they drop
out of the collection based on compliance state.
I am trying to achieve the same method for uninstall collections where physical installs are used. Unfortunately there isn't a class like the APP-V AppClientState for Physical apps, or from what I can see at least and just wanted to see if anyone had
achieved uninstall collection for physical apps in a more dynamic way than doing Include/Exclude on the collections which I see as very static and uneconomical.
Many thanks,
Adam

Hi Hican, Torsten,
Thanks both for your replies. below is the query i have used. I'll just be clear that this may not suit a lot of environments because of users moving around etc.
select SMS_R_USER.ResourceID,SMS_R_USER.ResourceType,SMS_R_USER.Name,SMS_R_USER.UniqueUserName,SMS_R_USER.WindowsNTDomain from SMS_R_User where uniqueusername in (select distinct SMS_G_System_SYSTEM_CONSOLE_USAGE.TopConsoleUser from SMS_G_System_ADD_REMOVE_PROGRAMS INNER JOIN SMS_G_System_SYSTEM_CONSOLE_USAGE ON SMS_G_System_SYSTEM_CONSOLE_USAGE.ResourceID=SMS_G_System_ADD_REMOVE_PROGRAMS.ResourceID WHERE SMS_G_System_ADD_REMOVE_PROGRAMS.DisplayName = '<ARP DISPLAYNAME>' and TopConsoleUser not in (Select SMSID From SMS_CM_RES_COLL_XXXXXXX))
This query basically finds all workstations with a specific Display name in ARP, it then looks at the topconsoleuser in the SystemConsoleUsage class for that workstation. The User resource is then pulled back based on that username and the uninstall is deployed
to the user alongside the install.
When the machine tied to that user no longer has that software installed the user drops out of the collection. I have these collections scheduled to do an update overnight at random intervals.
You will note at the end i use a "NOT IN" clause so i can exlude specific accounts from being included in the uninstall collections. The reason for this is we have a couple of service accounts that gets used heavily in various places
and end up getting registered as the top consoleuser in some instances. This is put in as a safeguard.
the only bits in the query that change is the <DisplayName> section which is what gets added in ARP.
SMS_G_System_ADD_REMOVE_PROGRAMS.DisplayName = '<ARP DISPLAYNAME>'
Again you need to be careful here as a program may have the same displayname as another if it hasnt been versioned correctly. in this case it may be better to use another attribute such and Product GUID.
Lastly if you choose to have an exclude collection like myself the collection Class will also need amending:
and TopConsoleUser not in (Select SMSID From SMS_CM_RES_COLL_XXXXXXX)
Somone may say there is an issue with doing it this way. obviously if users roam a lot you could end up stripping software off peoples machines which is why i say it may not suit some environments but this goes quite well where we are.
Some users may also not show if they are not yet registered as the TopConsoleUser of their workstation yet as this is a 3 month calculation (if i remember rightly). If this is being put in with a new not yet deployed app it looks clean from a returned list
of users standpoint, if however you have an estate where applications have never been unstalled and workstations have changed hands, initially you will see a lot of users in the uninstall collections which werent in the install. These applications will uninstall
for them and they will drop out of the collections.
Hican, like i said adding the software metering part in to the above query could prove even more economical as the uninstall deployment wouldn't actually be deployed if the software was active. If i get a chance i will look at this.
Hopefully the above makes sense, obviously this is just my take on how to do some uninstall collections and if somone decides to try it they are doing so at their own risk. retrofitting uninstalls is painful and risky.
Thanks,
Adam

TS1541 volume won't mount for main user-intel imac with mountain lion-what to do?

After logging in to admin user, grey screen with spinning arrow
Can login to Guest User but that is just set up for Safari only
Tried starting in Safe Boot, zapped the PRAM, removed all peripherals, rebooted with installation disk and used Disk Utility - disk greyed out and says not mounted
How can that be?
this is an Intel-based iMac purchased last summer, recently installed Mountain Lion

I have the same problem. Installed Mountain Lion, got the spinning orb with no escape so I powered down. Upon re-boot I have the dreaded "?" Tried restarting several times to no avial.
In desperation, I inserted the 10.5 (Leopard) disk to install the original system version that came with my iMac. Now the install disk cannot find or mount my hard drive. I'm stuck.
Anyone??

Certificate based authentication with sender SOAP adapter. Please help!

Hi Experts,
I have a scenario where first a .Net application makes a webservice call to XI via SOAP Adapter. Then the input from the .Net application is sent to the R/3 system via RFC adapter.
.Net --->SOAP -
>XI -
>RFC -
R/3 System
Now as per client requirement I have to implement certificate based authentication in the sender side for the webservice call. In this case the .Net application is the "client" and XI is the "server". In other words the client has to be authenticated by XI server. In order to accomplish this I have setup the security level in the SOAP sender channel as "HTTPS with client authentication". Additionally I have assigned a .Net userid in the sender agreement under "Assigned users" tab.
I have also installed the SSL certificate in the client side. Then generated the public key and loaded it into the XI server's keystore.
When I test the webservice via SOAPUI tool I am always getting the "401 Unauthorized" error. However if I give the userid/password for XI login in the properties option in the SOAPUI tool then it works fine. But my understanding is that in certificate based authentication, the authentication should happen based on the certificate and hence there is no need for the user to enter userid/password. Is my understanding correct? How to exactly test certificate based authentication?
Am I missing any steps for certificate based authentication?
Please help
Thanks
Gopal
Edited by: gopalkrishna baliga on Feb 5, 2008 10:51 AM

Hi!
Although soapUI is a very goot SOAP testing tool, you can't test certificate based authentication with it. There is no way (since I know) how to import certificat into soapUI.
So, try to find other tool, which can use certificates or tey it directly with the sender system.
Peter

In search of end user based forums

in search of end user based forums
Any one know of SAP website for (expert) end user Q/A ?
Development is fun and all, but when I need A break from the 011001101000100110100 where do I go?

Interesting question.
You could try the forum or even [Scripting Languages|/community [original link is broken]; here on SDN to get closer to the front end, but I guess the "expert level" would need to be quite advanced before an end user spends more than just a careless mouse-click there.
Otherwise there is the [SAP Design Guild|http://www.sapdesignguild.org] which has a lot of interesting things about the UI. However they closed their forums because of spam, and now point to . Downside: Not much action going on. Upside: You could become top contributor and will a free entry to SDN Community Day with just one post.
Another option worth taking a look through is the [BPX category|/community [original link is broken]; where you might find some .ppt programmers hanging out.
Cheers,
Julius

Shared Calendars / Room Lists and automatically forcing them to users based on Security Group Membership

Good morning all,
I need some help achieving the following in our Exchange 2013 Environment. First off, we have Exchange 2013, but all our clients have Outlook 2010.
Here's what I would like to be able to do:
1) create/manage public calendars / rooms in exchange 2013
2) force these shared public calendars / rooms to users' calendars who are members of particular security groups
3) give edit permissions / "booking" permissions for the shared calendars so select users are able to make changes to the shared calendars, as well as accept/deny requests to "book" shared room calendars
Any one got any resources they can give to point me in the right direction?
I have already created two mailbox room resources, and have them set up in a room list in AD. But need to know the above as far as creating a shared calendar for events, and forcing these calendars / room lists out to users based on security group
membership.
I don't want my users to have to know how to add a shared calendar...that would be a nightmare explaining. I just want it to show up.
Any help on this is greatly appreciated, thank you!

1) I recommend using Room Mailboxes for resource calendars because it just works better.
2) This is a standard feature of a Room Mailbox.
3) You're pretty specific here, but I think this is also more or less available with a Room Mailbox combined with folder rights.
I don't know any way to just make them "show up". You'll have to teach them. Well written instructions can work wonders.
Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."

Retrieving results for comparison in form based authentication with entitie

Hi,Im developing an application using EJB3.0 and at the moment im working on a module involving user authentication.I work with the sun java system appserver 9.1 and netbeans 5.5.2 using the default toplink as the persistent provider.I have problems performing user based authentication.where am at is at shown below.I used a SLSB facade design pattern and created an entity from an existing database I built solely for the application (table name user_table). This is the code I have currently:
Entity
* UserTable.java
* Created on 31 March 2008, 16:06
* To change this template, choose Tools | Template Manager
* and open the template in the editor.
package Entities;
import java.io.Serializable;
import javax.persistence.Column;
import javax.persistence.Entity;
import javax.persistence.Id;
import javax.persistence.Table;
* Entity class UserTable
* @author Ayo
@Entity
@Table(name = "user_table")
public class UserTable implements Serializable {
@Id
@Column(name = "user_id", nullable = false)
private Integer userId;
@Column(name = "username")
private String username;
@Column(name = "password")
private String password;
@Column(name = "user_type")
private String userType;
@Column(name = "access_level")
private String accessLevel;
@Column(name = "staff_id")
private Integer staffId;
@Column(name = "staff_type", nullable = false)
private String staffType;
@Column(name = "time_created")
private String timeCreated;
@Column(name = "time_modified")
private String timeModified;
@Column(name = "time_logged_in")
private String timeLoggedIn;
@Column(name = "time_logged_out")
private String timeLoggedOut;
@Column(name = "created_by")
private String createdBy;
/** Creates a new instance of UserTable */
public UserTable() {
* Creates a new instance of UserTable with the specified values.
* @param userId the userId of the UserTable
public UserTable(Integer userId) {
this.userId = userId;
* Creates a new instance of UserTable with the specified values.
* @param userId the userId of the UserTable
* @param staffType the staffType of the UserTable
public UserTable(Integer userId, String staffType) {
this.userId = userId;
this.staffType = staffType;
* Gets the userId of this UserTable.
* @return the userId
public Integer getUserId() {
return this.userId;
* Sets the userId of this UserTable to the specified value.
* @param userId the new userId
public void setUserId(Integer userId) {
this.userId = userId;
* Gets the username of this UserTable.
* @return the username
public String getUsername() {
return this.username;
* Sets the username of this UserTable to the specified value.
* @param username the new username
public void setUsername(String username) {
this.username=username;
* Gets the password of this UserTable.
* @return the password
public String getPassword() {
return this.password;
* Sets the password of this UserTable to the specified value.
* @param password the new password
public void setPassword(String password) {
this.password=password;
* Gets the userType of this UserTable.
* @return the userType
public String getUserType() {
return this.userType;
* Sets the userType of this UserTable to the specified value.
* @param userType the new userType
public void setUserType(String userType) {
this.userType = userType;
* Gets the accessLevel of this UserTable.
* @return the accessLevel
public String getAccessLevel() {
return this.accessLevel;
* Sets the accessLevel of this UserTable to the specified value.
* @param accessLevel the new accessLevel
public void setAccessLevel(String accessLevel) {
this.accessLevel = accessLevel;
* Gets the staffId of this UserTable.
* @return the staffId
public Integer getStaffId() {
return this.staffId;
* Sets the staffId of this UserTable to the specified value.
* @param staffId the new staffId
public void setStaffId(Integer staffId) {
this.staffId = staffId;
* Gets the staffType of this UserTable.
* @return the staffType
public String getStaffType() {
return this.staffType;
* Sets the staffType of this UserTable to the specified value.
* @param staffType the new staffType
public void setStaffType(String staffType) {
this.staffType = staffType;
* Gets the timeCreated of this UserTable.
* @return the timeCreated
public String getTimeCreated() {
return this.timeCreated;
* Sets the timeCreated of this UserTable to the specified value.
* @param timeCreated the new timeCreated
public void setTimeCreated(String timeCreated) {
this.timeCreated = timeCreated;
* Gets the timeModified of this UserTable.
* @return the timeModified
public String getTimeModified() {
return this.timeModified;
* Sets the timeModified of this UserTable to the specified value.
* @param timeModified the new timeModified
public void setTimeModified(String timeModified) {
this.timeModified = timeModified;
* Gets the timeLoggedIn of this UserTable.
* @return the timeLoggedIn
public String getTimeLoggedIn() {
return this.timeLoggedIn;
* Sets the timeLoggedIn of this UserTable to the specified value.
* @param timeLoggedIn the new timeLoggedIn
public void setTimeLoggedIn(String timeLoggedIn) {
this.timeLoggedIn = timeLoggedIn;
* Gets the timeLoggedOut of this UserTable.
* @return the timeLoggedOut
public String getTimeLoggedOut() {
return this.timeLoggedOut;
* Sets the timeLoggedOut of this UserTable to the specified value.
* @param timeLoggedOut the new timeLoggedOut
public void setTimeLoggedOut(String timeLoggedOut) {
this.timeLoggedOut = timeLoggedOut;
* Gets the createdBy of this UserTable.
* @return the createdBy
public String getCreatedBy() {
return this.createdBy;
* Sets the createdBy of this UserTable to the specified value.
* @param createdBy the new createdBy
public void setCreatedBy(String createdBy) {
this.createdBy = createdBy;
* Returns a hash code value for the object. This implementation computes
* a hash code value based on the id fields in this object.
* @return a hash code value for this object.
@Override
public int hashCode() {
int hash = 0;
hash += (this.userId != null ? this.userId.hashCode() : 0);
return hash;
* Determines whether another object is equal to this UserTable. The result is
* <code>true</code> if and only if the argument is not null and is a UserTable object that
* has the same id field values as this object.
* @param object the reference object with which to compare
* @return <code>true</code> if this object is the same as the argument;
* <code>false</code> otherwise.
@Override
public boolean equals(Object object) {
// TODO: Warning - this method won't work in the case the id fields are not set
if (!(object instanceof UserTable)) {
return false;
UserTable other = (UserTable)object;
if (this.userId != other.userId && (this.userId == null || !this.userId.equals(other.userId))) return false;
return true;
* Returns a string representation of the object. This implementation constructs
* that representation based on the id fields.
* @return a string representation of the object.
@Override
public String toString() {
return "Entities.UserTable[userId=" + userId + "]";
SLSB
* UserTableFacade.java
* Created on 31 March 2008, 16:07
* To change this template, choose Tools | Template Manager
* and open the template in the editor.
package Entities;
import java.util.*;
import javax.ejb.Stateless;
import javax.persistence.EntityManager;
import javax.persistence.PersistenceContext;
* @author Ayo
@Stateless
public class UserTableFacade implements UserTableFacadeLocal {
@PersistenceContext
private EntityManager em;
/** Creates a new instance of UserTableFacade */
public UserTableFacade() {
public void create(UserTable userTable) {
em.persist(userTable);
public void edit(UserTable userTable) {
em.merge(userTable);
public void destroy(UserTable userTable) {
em.merge(userTable);
em.remove(userTable);
public List findAll() {
return em.createQuery("select Object(o)from UserTable as o").getResultList();
local interface
* UserTableFacadeLocal.java
* Created on 31 March 2008, 16:07
* To change this template, choose Tools | Template Manager
* and open the template in the editor.
package Entities;
import java.util.*;
import javax.ejb.Local;
* @author Ayo
@Local
public interface UserTableFacadeLocal {
void create(UserTable userTable);
void edit(UserTable userTable);
void destroy(UserTable userTable);
List findAll();
controller servlet
* userCheck.java
* Created on 15 March 2008, 22:41
package servlets;
import Entities.UserTable;
import Entities.UserTableFacadeLocal;
import Entities.userValidationBean;
import Entities.userValidationRemote;
import java.io.*;
import java.util.Iterator;
import java.util.List;
import java.util.Collection;
import javax.servlet.*;
import javax.servlet.http.*;
import javax.ejb.*;
* @author Ayo
* @version
public class userCheck extends HttpServlet {
@EJB
private UserTableFacadeLocal userTableFacade;
UserTable u;
String userFellow;
String pass;
String username,password;
/** Processes requests for both HTTP <code>GET</code> and <code>POST</code> methods.
* @param request servlet request
* @param response servlet response
protected void processRequest(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
/*con=null;
ps=null;
rs=null;
s=null;
*/response.setContentType("text/html;charset=UTF-8");
PrintWriter out = response.getWriter();
username=request.getParameter("username");
password=request.getParameter("password");
if(username==""||password=="")
showError("Please fill in the required blanks.",request,response);
else
List user=userTableFacade.findAll();
for(Iterator it=user.iterator();it.hasNext();)
u=(UserTable)it.next();
userFellow= u.getUsername();
pass=u.getPassword();
//out.println(" "+elem.getTitle()+" ");
//out.println(elem.getBody()+" ");
//I used the following two lines to determing if im actually accessing the database and retrieving results, and I get all records in the table(usernames and passwords).
//BUT I NEED A SPECIFIC RECORD TO MATCH THE USERNAME AND PASSWORD FROM THE FORM AND IF IT DOES NOT MATCH,I REDIRECT TO THE ERROR PAGE.THAT'S WHERE IM STUCK.
out.println(userFellow);
out.println(pass);
/* if(username.equals(userFellow)&&password.equals(pass))
RequestDispatcher d=request.getRequestDispatcher("blah.jsp");
d.forward(request,response);
else
showError("Invalid Login details!",request,response);
private void showError(String errorMsg,HttpServletRequest request,HttpServletResponse response)throws ServletException,IOException
request.setAttribute("error_msg",errorMsg);
RequestDispatcher dispatcher=request.getRequestDispatcher("admin_error.jsp");
dispatcher.forward(request,response);
// <editor-fold defaultstate="collapsed" desc="HttpServlet methods. Click on the + sign on the left to edit the code.">
/** Handles the HTTP <code>GET</code> method.
* @param request servlet request
* @param response servlet response
protected void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
processRequest(request, response);
/** Handles the HTTP <code>POST</code> method.
* @param request servlet request
* @param response servlet response
protected void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
processRequest(request, response);
/** Returns a short description of the servlet.
public String getServletInfo() {
return "Short description";
// </editor-fold>
I NEED HELP.ive been on this for 5 days and i cant seem to get a solution. I tried creating a method (private Collection findByUsername()) and(private Collection
findByPassword()) in the local interface that would supposedly return records based on input from the form but I got a null pointer and an ejb exception saying
unknown find method or something, as in ,or an error message that said i cant search records by name or something.I dont know. Or is it the query that is not
specific enough. I didnt seem to get the syntax right when i was trying to search by username and password.Please someone help me.
Ayo.

Hey everyone,
Is the question I posted that hard?
I even tried to just load a HTML <img src="picture.jpg"/> tag
on the login.jsp and even this won't show.
I'm thinking that the container, with the security mechanism, is blocking
styles and images???
Anyone...please help.
-Yuri

How to do data level security on users based on region

Hello guys
I currently have created a report with dashboard prompt on column "state" with a default value "CA"
Now, the requirement is to perform data level security on this report, so different users based out of different state will log in to the dashboard and this prompt will change its default value accordingly so the user will have the report on only users home state prompted, and users can't see other state data..
I have thought of creating session variables to achieve the same, but how should i set up the initialization string?
Do I need to create a new table called "user table" that stores username/password and state columns and make that user table join to the fact table in the db?
If so, how should I configure the session value so that users get filtered date based on its state location?
PLease provide guidance
Thanks

Here’s an idea off the top of my head (untested):
First, set up your security constraints normally using Manage…Security in the Administration Tool, so that each user can only see his/her state. Refer to the previous responses to this post for guidelines.
Then, in your dashboard prompt, for the “Default Value”, write a tiny bit of logical SQL to query the “state” column from the presentation layer. If your security constraints are properly in place, the SQL should only return one value.
To get an idea of what the logical SQL should look like, select “All Values” as the default value, then switch it to ‘SQL Results’. That will show you the basic format of the logical SQL. It’s really just normal SQL (select <this> from <that> where <the other>), but referring to presentation layer objects rather than to physical tables and columns.
Untested. Please reply back and let us know how it goes.

User based authorization to create Purchase Orders out of Purchase Req.?

Hello,
I have the following requiment for my client:
User based authorization to create Purchase Orders out of Purchase Req.?
I am told the same can be achieved using same standard menu path in IMG/Customizing.
Please advise with the menu path and detials, Usefull answers will be rewarded.
Thanks

Using OMET Function Authorization, you can restrict users to create Purchase orders without Purchase Reqn.
Using OMET trxn code Create one Function Authorixation Called pr and in General Parameters tab Select the Field Selection and in Possible reference Objects Tab Mark the With ref to Prs check box and save.
Next, you've got to associate via SU01
Click Parameters, insert a new parameter id EFB to the authorization code.
Type in Parameters value you want e.g. XX
You have to assign the control for ALL the SAP buyers via thier SAP users id.
Logoff and login again. Then try to create a Purchase Order without a reference.
From Next time whenever you try to create with out referring PR it will not allow you to Save PO.
Regards,
Ashok

So Can I determine the business partners linked to user based on the assigned role and org. structure?

Hello, I am working on a SAP CRM 7 Sales implementation and we are implementing leads and opportunity scenarios. The current business organization model is that there multiple vertical and horizontal departments. This is typical matrix structure. This organization has done the segregation of its clients based on the verticals so every clients belongs to at least one or more Vertical department but Horizontal departments can contact all the clients. In the same way sales executives are also either belonging to one or more Verticals or Horizontal departments? Horizontal sales executive can create leads for any clients available in the system but a Vertical sales executive can only create lead only for the client belongs to his vertical and assigned to him. This can be achieved by creating organization structure and business partner relationship.
Now the problem statement is that few sales executives need work for both some Verticals and Horizontals at the same time. But requirement is that they should be able to do the both roles with single user id but multiple roles. So when sales executive is creating leads his vertical department, he should only be able to select clients assigned to his Vertical only but when he is creating lead for Horizontal department, he should be able to select any clients.
So Can I determine the business partners linked to user based on the assigned role and org. structure?
Please let me know if this is not clear also note we are only using CRM WebUI no SAP ePortal.
Thanks a lot your help in advance.
Regards
Sudesh Sharma

Thanks, Tahir
my problem has solved
Kind Regards,
Faisal

SAP Hardware sizing for "User-Based sizing".

Short Text
User-based Hardware Sizing
Long Text
Dear SAP Support,
We would like to know the SAP Hardware sizing for "User-Based sizing".
Our queries is
1. In "User-Based sizing", What we have to consider,
the number of users are calculated in the basis of
Concurrent users in the system in a given point of time
or
total number of users logged into the systems in the whole day?
We have referred the SAP document "Sizing SAP System" and the above
point are not clearly mentioned.
Regards,

As the document says there are number of possible definitions for "users" in SAP context...
For understanding assume that no of users logged to the system they consume different resources / areas in the system, some login to the system whole day but they don't work whole day, some user open multiple session to work while other open multiple session but they don't exactly work on it which means (every new session consume memory/resources) like you said their are concurrent users wherein they work and consume resources (SAP WPs)
So before finalizing the sizing first compare the both reports (user based, thorhgput) and read the advantages and disadvantages for both. You can also consult with SAP / Account Manager to help you
as per SAP document there's no point in counting no of pc's, laptops to calculate no of users
Also refer:
http://www.sap.com/solutions/benchmark/index.epx

User Based whitelist with SpamAssassin

Similar Messages

Maybe you are looking for