Using a Filter on OC4J with JAZN security enabled using LDAP

Similar Messages

• [svn] 1433: adding 'console' security constraint to MBeanServerGateway remote object for MBean tests and ds-console , used when running on Websphere with administrative security enabled.

  Revision: 1433
  Author: [email protected]
  Date: 2008-04-28 13:13:12 -0700 (Mon, 28 Apr 2008)
  Log Message:
  adding 'console' security constraint to MBeanServerGateway remote object for MBean tests and ds-console, used when running on Websphere with administrative security enabled. Should call setCredentials("bob","bob1") to use this RO.
  Modified Paths:
  blazeds/branches/3.0.x/qa/apps/qa-regress/WEB-INF/flex/remoting-config.mods.xml
  blazeds/branches/3.0.x/qa/apps/qa-regress/WEB-INF/flex/services-config.mods.xml

  Hi,
  It seems that you were using Hyper-V Remote Management Configuration Utility from the link
  http://code.msdn.microsoft.com/HVRemote, if so, you can refer to the following link.
  Configure Hyper-V Remote Management in seconds
  http://blogs.technet.com/jhoward/archive/2008/11/14/configure-hyper-v-remote-management-in-seconds.aspx
  By the way, if you want to perform the further research about Hyper-V Remote Management Configuration Utility, it is recommend that you to get further
  support in the corresponding community so that you can get the most qualified pool of respondents. Thanks for your understanding.
  For your convenience, I have list the related link as followed.
  Discussions for Hyper-V Remote Management Configuration Utility
  http://code.msdn.microsoft.com/HVRemote/Thread/List.aspx
  Best Regards,
  Vincent Hu

• Is anyone using iPhoto having a problem with the slide show using shatter where it does not let you put a title over photo?

  Is anyone using iPhoto having a problem with the slide show using shatter where it does not let you put a title over photo? It use to work but it no longer lets you place a title over the opening photo.

  Is your signature still current?(iPhoto '08, OS X Mountain Lion (10.8.4))    I can confirm this for iPhoto '11; Shatter will only show the text slide title between the slides. Ken Burns and Classic theme can still be set to overlay the caption and title directly over the slides.

• DataSocket fails intermittently with multiple NICs enabled using LV7.1

  Using LV7.1 and Datasocket v4.2, I was intermittently (but quite often) having problems reading and writing to the datasocket server (primarily from the server side). My application should read the value in the item and upon finding a specific string it should immediately follow it with a write of a default string. However, it can find the same string multiple times and not complete the write. Logging the errors from the write shows that no error is occurring. The client is not at fault because it only writes the string once every few minutes. I was able to finally show that by disabling the extra NIC on my system running the datasocket server that the connection seems to operate reliably. Both NICs
  were set to static IP addresses, but only one was connected. I do have the program writing to "dstp://localhost/UUT" as opposed to a specific IP address (not sure if it matters).
  With Labview6.1 I did not have this problem. It was only after I re-compiled my application with LV7.1 that I started having issues.

  Philip,
  I do not feel I am running out of bandwidth since I have run it successfully on 1Gbit NIC connections on a P4 2.4GHz system as well as a 10/100Gbit NIC on an old 650MHz system with LV6.1. I only do two writes per variable (on up to 8 variables) once every few minutes. I did not seem to be a re-entrant VI issue.
  I have created two VIs which should allow you to recreate the failing conditions with multiple NICs enabled. It responds very quickly with one NIC enabled, but when one or two more NICs is enabled, it gets very slow to respond and has some timeouts.
  One VI is the writer, the other is the reader. Start both VIs and start all 8 reader loops. Then you can consecutive
  ly click on all 8 sender loops. Doing this with and without multiple NICs enabled should show you the problem.
  Note: I think the issue I was talking about in earlier posts about getting multiple strings back before it wrote out "Loop" was due to the fact that the writes were not occurring quickly enough and the reads were happening multiple times. Therefore, in these VIs, I revised the read and close timeouts to -1.
  I think it would be best if you could call me so we can discuss this issue. If you can email me, I will send you my contact information if you don't already have access to it.
  Attachments:
  ReadSocket_Multiple_MSHv1.vi ‏360 KB
  WriteSocket_Multiple_MSHv1.vi ‏216 KB

• Using Dynamic JDBC Credentials with jazn security (web.xml) in BC

  I have followed the document “How To Support Dynamic JDBC Credentials” http://www.oracle.com/technology/products/jdev/howtos/10g/dynamicjdbchowto.html to connect to the database using Business Components, as the user who logs in the application. (Proxy)
  The only matter is that as I could see, I cannot use the application server integrated security (with roles) to protect the web resources.
  The main objective is to protect the web resources using Declarative J2EE authentication and authorization using the Data Base users (and roles). I have implemented the solution for the first part (authentication) using DBLoginModule (DBSystemLoginModule) from Frank Nimphius and Duncan Mills, it’s working OK, but I need the second part; how to use the user that is logged in as the PROXY user of the BC connection.
  Using the DBLoginModule, and the “How To Support Dynamic JDBC Credentials” separates works fine, but I can’t make them work together.

  Frank, Thanks a lot for your quick answer.
  "Maybe you should look at using database proxy users with ADF BC so you can use the J2EE authenticated user principal as the database schema to connect through. I am working on documenting this approach, which however needs some more time of writing and testing."
  Yes, that's exactly what I need!!!
  Can you give me some tips about how to do that.. Do you have any idea of when you will finish that document?.
  By the way, I'm using FORM authentication, but I don't know how to modify what’s in the “How To Support Dynamic JDBC Credentials” document, to use the J2EE authenticated user principal as the database schema to connect through.
  One of the problems is that when using this approach, I cannot get the J2EE security to redirect to the login page...
  Any help would be really appreciated

• JDev EA1 Error with JAZN/Security Roles/Authentication

  I have a current JSF application created under JDev 10.1.3 Preview which runs fine, but under JDev EA1 it crashes.
  The application has a JAZN definition with a realm and user defined. The user is also tied to a security role.
  In the web.xml I have a security role defined and security constraints. I also have the security-role-mappings in the orion-application.xml for deployment which uses OID to authenticate.
  This all works fine in JDev 10.1.3 preview.
  When I run the application in JDev EA1, the login dialog does not appear and the application crashes because it can't authenticate who is using the application. I have deleted and recreated the Jazn user and security roles under EA1.
  I have noticed that JDev is now reporting the "<security-constraint>" tag in web.xml is an error now.
  Any ideas on what's wrong?
  Thanks

  We're using SSO, so we haven't written our own login handler. The orion-application.xml has the "<jazn-web-app auth-method="SSO"/>" tag in it. We let SSO handle the login. You can write your own login handler if you wanted to. I think there's several threads about doing it. We wanted to try and use SSO and not have to write the piece to do the login.
  orion-application.xml:
  <jazn provider="LDAP"
  location="ldap://my.company.com:<port number>"
  default-realm="my_realm_here">
  <jazn-web-app auth-method="SSO"/>
  </jazn>
  The way we approached it, we have a User and Visit object. The User object just holds some data:
  public class User implements Serializable
  private String userid;
  private String name;
  private String email;
  private Date loginTime;
  The faces-config.xml is like this:
  <!--========User Bean=========-->
  <managed-bean>
  <managed-bean-name>user</managed-bean-name>
  <managed-bean-class>com.mycompany.User</managed-bean-class>
  <managed-bean-scope>session</managed-bean-scope>
  <managed-property>
  <property-name>queryService</property-name>
  <value>#{queryservicebean}</value>
  </managed-property>
  </managed-bean>
  We're using Spring to inject the "queryservicebean". You may not need this section. We're having to grab data from a database table. So you can probably skip that "<managed-property>" section.
  The section I think you are really asking about is the ViewHandler. You probably need to look at extending the ViewHandler to populate your user object.
  public class AuthenticatingViewHandler extends ViewHandler{...}
  You will probably need to look at adding code in the createView and restoreView methods.
  Something like:
  public class AuthenticatingViewHandler extends ViewHandler
  private final ViewHandler _base;
  public AuthenticatingAurepViewHandler(ViewHandler base)
  _base = base;
  public UIViewRoot createView(FacesContext facesContext, String viewId)
  viewId = loadUser(facesContext,viewId);
  return _base.createView(facesContext, viewId);
  } //END createView(FacesContext facesContext, String viewId)
  public UIViewRoot restoreView(FacesContext facesContext, String viewId)
  viewId = loadUser(facesContext,viewId);
  return _base.restoreView(facesContext,viewId);
  } //END restoreView(FacesContext facesContext, String viewId)
  --Then "loadUser" would populate your User object:
  public String loadUser(FacesContext facesContext, String viewId)
  String userId = facesContext.getExternalContext().getRemoteUser();
  User user = (User) JSFUtils.getManagedBean(ViewConstants.USER);
  -- Set the userid from OID in your User object
  user.setUserid(userId);
  -- Note: You may need to do some parsing on your user id string from OID.
  -- Do more stuff here, may switch to a differnt viewId if needed, like an error page.
  return viewId;
  } // END loadUser(FacesContext facesContext, String viewId)
  } //END AuthenticatingViewHandler
  The "JSFUtils.getManagedBean" uses the valuebinding to get the User bean from the FacesContext. We also carry a boolean isUserLoaded in the User object so we're not executing the loadUser code each time a view is rendered. The Visit object just has a navigation trace and other things of interest to us, so you may not care about it.
  A lot of this is from Adam Wiener's post on Sun's JSF forum. I think there's a couple of ways to approach this, with our requirements this works out better. If anybody else has any suggestions, it would be great to hear about them.
  As always, hope it helps out with what you are doing and thanks for the chocolate.

• Packet drops on 2960 with port-security enabled

  Hello,
  We are using the following port-security configuration on user access ports on Cisco 2960 switches, in order to protect the infrastructure to prevent MAC flooding attacks:
  switchport port-security maximum 10 switchport port-security switchport port-security aging time 1 switchport port-security violation restrict switchport port-security aging type inactivity
  There is a problem with the more "quiet" hosts, especially in technology - every time the MAC address ages out, the first packets (an ARP request usually) sent by the host is dropped by the switch. There is no violation logged, the switch should be OK to forward the packets but doesn't:
  Port Security              : EnabledPort Status                : Secure-upViolation Mode             : RestrictAging Time                 : 1 minsAging Type                 : InactivitySecureStatic Address Aging : DisabledMaximum MAC Addresses      : 10Total MAC Addresses        : 0Configured MAC Addresses   : 0Sticky MAC Addresses       : 0Last Source Address:Vlan   : 0011.aabb.ccdd:11Security Violation Count   : 0
  When port-security is turned off, all packets are forwarded without trouble. This is happening on both WS-C2960-24TT-L and WS-C2960-8TC-L, with IOS 12.2(35)SE1 and 12.2(50)SE5, respectively. I didn't check other models yet.
  I have found similar reports and bugs for the 2950 and 3750:
  https://supportforums.cisco.com/thread/163910
  https://supportforums.cisco.com/message/89560
  https://tools.cisco.com/bugsearch/bug/CSCeg63177
  https://tools.cisco.com/bugsearch/bug/CSCec21652
  Is there anything we can do to fix this?
  Is there an access switch that would not suffer from this problem? (Like 2960-S maybe?)
  Thank you.

  Hi Alioune,
  This is expected behaviour on the Nexus 1000v Ethernet interfaces when the uplinks are configured with MAC pinning.
  When using MAC pinning there's no special configuration of the ports on the upstream physical switches and so any broadcast packets are sent by the upstream switches on all uplinks towards the Nexus 1000v switch.
  On each VEM of the Nexus there's one uplink interface that is chosen as the Designated Receiver for broadcast traffic, and the function of the DR is to forward received broadcast traffic to VMs within the VLAN. The broadcast traffic received on any other uplinks of the VEM i.e., those that are not the acting as DR, drop the received broadcast traffic on ingress to the VEM.
  The drops you're seeing on the uplink interfaces are almost certainly the broadcast traffic being received on one or more non DR uplinks.
  Regards

• IBots are erroring with VPD Security Enabled

  Hello,
  We are using VPD security in our implementation.We are facing a problem while scheduling the iBots it is giving follwoing error.
  Error Codes: OPR4ONWY:U9IM8TAC:OI2DL65P
  State: HY000. Code: 10058. [NQODBC] [SQL_STATE: HY000] [nQSError: 10058] A general error has occurred. [nQSError: 17001] Oracle Error code: 1017, message: ORA-01017: invalid username/password; logon denied at OCI call OCISessionBegin. [nQSError: 17014] Could not connect to Oracle database. (HY000)
  Could any one share your thoughts on this issue?
  Thanks in Advance,

  Hi,
  In your Authentication block do you have the "Required for Authentication" checkbox checked? We ran into some problems with iBots and this turned out to be the problem. When Delivers is connecting to the repository it is "impersonating" a user and so you can't authenticate to LDAP. Uncheck that and it works.
  This also causes problems when connecting using SSO.

• Is there any way to ban Winsock Packet Editor from workin on your browser other players are using this progarm to interfer with peopels game play using your web browser on forfox

  ok i play yoville and people are using your web browser for the program Winsock Packet Editor Pro and everytime I try to enjoy yoville by zynga some fool uses your web browser to make winsock packet aditor to disconnect my player im so sick of this crap i work all day i exspect to come on yo and enjoy my game play not for some fool to use your web browser to make a program work and disconnect my player by gaining access to cdata people can also use wpe to get into others account with out any password or user name so is there any way to stop this program from working on your browser to stop these hackers from compromising accounts and ruining the fun of zynga games Ty for your kind Support and i hope u can help stop this program from working on your browser and from other browsers game play would be better off for all

  If you are meaning [http://wpepro.net http://wpepro.net], that tool doesn't use Firefox in the slightest. It uses TCP/IP (part of Windows) to Monitor networks (it can also be used nefariously).
  Please update your Firefox to Firefox 11, as the version you are running Is vulnerable to Many known security holes. After you do that, try to see if your problem is still going on.

• How do I go from using a single Apple ID with multiple libraries to using home sharing?

  Until now my wife and I have opted to share our iTunes/Apple ID and use multiple libraries to manage our iPhones. This has become increasingly difficult...with issues such as having apps I've downloaded that she doesn't want automatically downloading to her library and even her phone. Now, add in the fact that I want to continue to manage my iTunes library from our PC and allow her to manage hers from her new MacBook Pro and we have good reason to move to home sharing with separate Apple IDs for each of us.
  My question is the logistics of doing so. Not only do we need to replicate her existing library on a new Apple ID, but then we need to migrate all the necessary files over to her MacBook Pro. Quite honestly, I don't even know where to begin. Is it possible to associate her existing library with her new Apple ID without having to create her library from scratch? Then is there anyway to migrate only the items in her library over to her MacBook Pro as opposed having to move all of our music & apps? Where do I begin?
  Thanks!

  Okay...I misunderstood and thought we needed separate ID's...but I see we actually need to use the same ID which simplifies things in my mind a bit. But still some followups...
  1) What do you mean by restore the library on her computer? Simply open her library file in iTunes?
  2) On our current machine...media is actually split between a couple folders but all under the My Music folder. But there are multiple subfolders (iTunes, Her iPhone, and Amazon MP3). I presume as long as I copy over the entire My Music folder there shouldn't be any access issues when the library is opened on her machine?
  3) Is there any easy way to get rid of all the extra files that she doesn't have in her library? For instance, all my music and apps that she doesn't actually want, is there any easy way of separating those out from the files that are actually linked to in her library? Vice versa for me...once we've go her library set up on her machine, any easy way to purge all the extra files from my PC that aren't actually in my library?
  Thanks!

• Can I use my iPad power cord with my iPhone 5, using the new 30-pin/lightning adapter?

  If I buy the new 30-pin adapter for the Lightning connector, can I use my iPad charging cords (10w) for my new iPhone 5 (5w)?

  Yes.  The purpose of the adapter is to allow you to use old cords and docks to work with the new iPhone 5.

• Cam I use a newer EF lens with a Rebel that uses EF S lenses

  I have a Rebel T2i that came with EF S lenses - I want to buy a Canon 5d Mark II and am trying to find out if I can use the regular EF lenses used for the mark II on my old Rebel?  I know I can't use EF  S on the Mark II .I am trying to photograph birds and know I need a super telephoto lens I have the EF S 55-250 but need more  - hope since I plan to get the markII that I can get a lens that will work on both cams for now. I have been told that using a super telephoto lens on the mark II or a full frame camera  is counter productive .Do you all agree?  thanks

  carolyn,
  If I may add a step in your bird photography, I suggest you load Photo Shop Elements, it came free with your camera (?), on your computer and learn how to use it.
  Consider these figures before you lay your money down.
  The 55-250mm you already have acts like a 88-400mm on your T2i. The addition of a 400mm lens, zoom or prime, for the 5D Mk II is going to show the same size photograph.
  A 400mm lens on your T2i will act like a 640mm lens.
  One thing I have noticed over the years is most people use a zoom lens at the long end. Otherwise, I mean if you get the 100-400mm zoom, I bet you use the 400mm side way more than the 100mm side. Somethign to consider! That said the 100-400mm zoom is still my choice over the 400mm prime.
  EOS 1Ds Mk III, EOS 1D Mk IV EF 50mm f1.2 L, EF 24-70mm f2.8 L,
  EF 70-200mm f2.8 L IS II, Sigma 120-300mm f2.8 EX APO
  Photoshop CS6, ACR 8.7, Lightroom 5.7

• Issue with ADF security enabled App deployed to java cloud services

  Hi,
  Here are the instance details:
  Jdev cloud build:JDEVADF_11.1.1.6.0CLOUD_GENERIC_121118.1600.6229
  Java cloud service version:13.1
  I have created a simple ADF Application & enabled security by editing web.xml:
  <login-config>
      <auth-method>CLIENT-CERT</auth-method>
      <realm-name>default</realm-name>
    </login-config>
    <security-role>
      <description>manager</description>
      <role-name>manager</role-name>
    </security-role>
  Then I have tried to deploy this Application to Java cloud services.Deployment works fine.
  I have 2 users created in Identity console- x & y.In my case x user has manager role enabled & y doesn't have manager role enabled.
  Now when I try to access the above deployed ADF Application with 'y' user,the page is accessible.
  My question here is that since 'y' user does not have the privilege he should not be able to access this page,could you please let me know if am missing something?
  Thanks.

  Hi,
  You may refer to the documentation available in the link: Developing Applications for Oracle Java Cloud Service - Release 13.1
  Please refer to the section: Securing Java EE Applications- Roles and Constraints
  Hope this helps
  Regards,
  Santhosh

• How to send Secured Mail using Java Mail?

  I want to send mails with "Send Secure" option using Java Mail. Now mails are being sent using Java Mail connecting to smtp host.
  Appreciating your help.
  Thanks.

  There are third party libraries to help with this. Bouncy Castle is very popular.
  See the [JavaMail Third Party Products|http://java.sun.com/products/javamail/Third_Party.html] page.

• How to use SOA Suite in conjunction with SOA Analysis and Design Tools

  Hi everybody,
  I am a novice in this field and I need some help regarding integrating analysis and design tools with SOA Suite.
  We used to analyze and design with Oracle Designer and use its powerful form generator to develop a system. It almost covered all the software lifecycle and kept the traceability between anlaysis,design and implementation.
  I have studied about the SOA concepts and read some papaer about SOA Suite. I have also installed the SOA demo based on SOA Suite and I found it absolutely amazing, but my problem is that It seems oracle does not have any tools for SOA Analysis and Design. am I right? if so, How can we analyze and design a system based on SOA concepts and implement it using soa suite in such a way that keeps traceability? What tools is used for this purpose?
  It seems that IBM have some tools like Rational Software Architect and Rational Suite which enable people to design and analyze based on SOA concepts and then generates some pieces of code (like oracle designer in old days) but is it possible to design in these tools and then generating codes for SOA Suite ? (for example generating a bpel file from a design model)
  As I told before I am a novice in this field and I would be so grateful if other users can share their expriences regarding this matter.
  Any help would be highly appreciated.
  Thanks in advance,
  Navid

  Learn About All Things SOA:: SOA India 2007:: IISc, Bangalore (Nov 21-23)
  Aligning IT systems to business needs and improving service levels within the constraints of tight budgets has for long been the topmost challenge for CIOs and IT decision makers. Service-oriented Architecture (SOA) provides a proven strategy to clearly address both of these objectives. Creating more agile information systems and making better use of existing infrastructure are two leading factors that are boosting SOA adoption across large, medium, and small Indian industries from the BFSI, Retail, Telecom, Manufacturing, Pharma, Energy, Government and Services verticals in India. If you are an IT decision maker belonging to any of these verticals, SOA India 2007 (IISc, Bangalore, Nov 21-23 2007) presents a unique opportunity to gather cutting-edge business and technical insights on SOA and other related areas such as BPM, BPEL, Enterprise 2.0, SaaS, MDM, Open Source, and more.
  At SOA India 2007, acclaimed SOA analysts, visionaries, and industry speakers from across the world will show you how to keep pace with change and elevate your IT infrastructure to meet competition and scale effectively. The organisers are giving away 100 FREE tickets worth INR 5000 each to the first 100 qualified delegates belonging to the CxO/IT Decision Maker/Senior IT Management profile, so hurry to grab this opportunity to learn about all things SOA. You can send your complete details, including your designation, e-mail ID, and postal address directly to Anirban Karmakar at [email protected] to enrol in this promotion that is open until 12 October 2007.
  SOA India 2007 will also feature two half-day workshops on SOA Governance (by Keith Harrison-Broninski) and SOA Architecture Deep Dive (by Jason Bloomberg). If you are an IT manager, software architect, project leader, network & infrastructure specialist, or a software developer, looking for the latest information, trends, best practices, products and solutions available for building and deploying successful SOA implementations, SOA India 2007’s technical track offers you immense opportunities.
  Speakers at SOA India include:
  •     Jason Bloomberg, Senior Analyst & Managing Partner, ZapThink LLC
  •     Keith Harrison-Broninski, Independent consultant, writer, researcher, HumanEdJ
  •     John Crupi, CTO, JackBe Corporation
  •     Sandy Kemsley, Independent BPM Analyst, column2.com
  •     Prasanna Krishna, SOA Lab Director, THBS
  •     Miko Matsumara, VP & Deputy CTO, SoftwareAG
  •     Atul Patel, Head MDM Business, SAP Asia Pacifc & Japan
  •     Anil Sharma, Staff Engineer, BEA Systems
  •     Coach Wei, Chairman & CTO, Nexaweb
  •     Chaitanya Sharma, Director EDM, Fair Isaac Corporation
  A partial list of the sessions at SOA India 2007 include:
  •     EAI to SOA: Radical Change or Logical Evolution?
  •     BPEL: Strengths, Limitations & Future!
  •     MDM: Jumpstart Your SOA Journey
  •     Governance, Quality, and Management: The Three Pillars of SOA Implementations
  •     Building the Business Case for SOA
  •     Avoiding SOA Pitfalls
  •     SOA Governance and Human Interaction Management
  •     Business Intelligence, BPM, and SOA Handshake
  •     Enterprise 2.0: Social Impact of Web 2.0 Inside Organizations
  •     Web 2.0 and SOA – Friends or Foe?
  •     Achieving Decision Yield across the SOA-based Enterprise
  •     Governance from day one
  •     Demystifying Enterprise Mashups
  •     Perfecting the Approach to Enterprise SOA
  •     How to Build Cost Effective SOA. “Made in India” Really Works!
  For more information, log on to http://www.soaindia2007.com/.