Using NT Security Context with JNDI to talk to AD

Similar Messages

• An impersonation error occurred using the security context of the current user. -- Report server is on remote server and file share folder is on local server

  I have deployed a report on the server (e.g. remoteserver\reports) from my local machine. I opened the report in browser in my local machine and created a new subscription with windows file share delivery option.
  But its giving an error "Failure writing file \\localserver\subscriptions\Report1.xls : An impersonation error occurred using the security context of the current user." Here "subscriptions"
  is the folder which I have created in my local machine.
  I followed the instructions found in the link "http://msdn.microsoft.com/en-us/library/ms157386.aspx"
  Please help to solve this issue.

  Hi,
  Thank you for your reply.
  I have followed the same process. The credentials which I have given are same as my PC. But I am getting the same error. Can you please clarify the statement "Service
  account that is using for file share subscription should have write access to shared folder."
  given in the above link?
  I am the one who created the folder and subscribing the report, so probably I have the full write permissions to the shared folder. What is the service account in this context?
  I think the problem is, I am deploying the report on the server and creating the shared folder in the local machine. I tried giving shared folder permissions to the user on the server. But my local machine is in local domain and I cant access the users on
  the remote server. Do I need to create a shared folder on the server? I am new to SSRS. Please help me.
  PS: I have assigned with all roles viz. Browser, Content Manager, Publisher, Report Builder etc. and My Role name (WEBSERVER\User)
  is different from my local user name (domain\username) in domain.

• Error while using webmethod JMS provider with JNDI

  Hi,
  I am using webmethod JMS provider (not SAP JMS) with JNDI to connect to webmethod with XI. Central J2EE adapter engine is used and the comm chaneel is configured in with appropriate Provider JNDI Server address, initial context factory, Name of queue connection factory etc. 
  While activated the adapter short log shows: Adapter has not provided any status information about this channel"
  In the detailed log following error message is displayed: "Obtained connection factory: null#"
  #1.5 #001A4BAC31000052000001520000152200045090BF28DACA#1214482519514#com.sap.aii.adapter.jms.core.connector.JndiConnectorImpl##com.sap.aii.adapter.jms.core.connector.JndiConnectorImpl.createConnectionFactory()#J2EE_GUEST#0##n/a##8b16bd50437911ddc9f2001a4bac3100#SAPEngine_Application_Thread[impl:3]_16##0#0#Path##Plain###Entering method#
  #1.5 #001A4BAC31000052000001530000152200045090BF28DB65#1214482519514#com.sap.aii.adapter.jms.core.connector.JndiConnectorImpl##com.sap.aii.adapter.jms.core.connector.JndiConnectorImpl.createConnectionFactory()#J2EE_GUEST#0##n/a##8b16bd50437911ddc9f2001a4bac3100#SAPEngine_Application_Thread[impl:3]_16##0#0#Debug##Plain###Looking up connection factory under name NAIP_XIQueueConnectionFactory#
  #1.5 #001A4BAC31000052000001540000152200045090BF28E42E#1214482519516#com.sap.aii.adapter.jms.core.connector.JndiConnectorImpl##com.sap.aii.adapter.jms.core.connector.JndiConnectorImpl.createConnectionFactory()#J2EE_GUEST#0##n/a##8b16bd50437911ddc9f2001a4bac3100#SAPEngine_Application_Thread[impl:3]_16##0#0#Debug##Plain###Obtained connection factory: null#
  #1.5 #001A4BAC31000052000001550000152200045090BF28E4B3#1214482519516#com.sap.aii.adapter.jms.core.connector.JndiConnectorImpl##com.sap.aii.adapter.jms.core.connector.JndiConnectorImpl.createConnectionFactory()#J2EE_GUEST#0##n/a##8b16bd50437911ddc9f2001a4bac3100#SAPEngine_Application_Thread[impl:3]_16##0#0#Path##Plain###Exiting method#
  #1.5 #001A4BAC31000052000001560000152200045090BF28E528#1214482519516#com.sap.aii.adapter.jms.core.connector.ConnectorImpl##com.sap.aii.adapter.jms.core.connector.ConnectorImpl.executeConnectionFactoryInvocations()#J2EE_GUEST#0##n/a##8b16bd50437911ddc9f2001a4bac3100#SAPEngine_Application_Thread[impl:3]_16##0#0#Path##Plain###Entering method#
  #1.5 #001A4BAC31000052000001570000152200045090BF28E5A9#1214482519517#com.sap.aii.adapter.jms.core.connector.ConnectorImpl##com.sap.aii.adapter.jms.core.connector.ConnectorImpl.executeConnectionFactoryInvocations()#J2EE_GUEST#0##n/a##8b16bd50437911ddc9f2001a4bac3100#SAPEngine_Application_Thread[impl:3]_16##0#0#Info##Java###Sucessfully executed CF invocations for connection factory object: for profile: #2#<null>#ConnectionProfile of channel: CC_RCV_JMS_SAPJNDIon node: 3010950 having object id: e4413a5265a436459e271d5e0dd4859b#
  #1.5 #001A4BAC31000052000001580000152200045090BF28E64E#1214482519517#com.sap.aii.adapter.jms.core.connector.ConnectorImpl##com.sap.aii.adapter.jms.core.connector.ConnectorImpl.executeConnectionFactoryInvocations()#J2EE_GUEST#0##n/a##8b16bd50437911ddc9f2001a4bac3100#SAPEngine_Application_Thread[impl:3]_16##0#0#Path##Plain###Exiting method#
  #1.5 #001A4BAC31000052000001590000152200045090BF28E6CA#1214482519517#com.sap.aii.adapter.jms.core.connector.ConnectorImpl##com.sap.aii.adapter.jms.core.connector.ConnectorImpl.buildConnection()#J2EE_GUEST#0##n/a##8b16bd50437911ddc9f2001a4bac3100#SAPEngine_Application_Thread[impl:3]_16##0#0#Path##Plain###Entering method#
  #1.5 #001A4BAC310000520000015A0000152200045090BF28E741#1214482519517#com.sap.aii.adapter.jms.core.common.StringUtils##com.sap.aii.adapter.jms.core.common.StringUtils.isBlank(String str)#J2EE_GUEST#0##n/a##8b16bd50437911ddc9f2001a4bac3100#SAPEngine_Application_Thread[impl:3]_16##0#0#Path##Plain###Entering method#
  #1.5 #001A4BAC310000520000015B0000152200045090BF28E7C3#1214482519517#com.sap.aii.adapter.jms.core.connector.ConnectorImpl##com.sap.aii.adapter.jms.core.connector.ConnectorImpl.buildConnection()#J2EE_GUEST#0##n/a##8b16bd50437911ddc9f2001a4bac3100#SAPEngine_Application_Thread[impl:3]_16##0#0#Debug##Plain###Creating connection...#
  #1.5 #001A4BAC310000520000015C0000152200045090BF28EB51#1214482519518#com.sap.aii.adapter.jms.core.channel.AdapterImpl##com.sap.aii.adapter.jms.core.channel.AdapterImpl.addOrReplaceChannel(Channel cpaChannel)#J2EE_GUEST#0##n/a##8b16bd50437911ddc9f2001a4bac3100#SAPEngine_Application_Thread[impl:3]_16##0#0#Warning##Java###Catching #1#java.lang.NullPointerException
  at com.sap.aii.adapter.jms.core.connector.ConnectorImpl.buildConnection(ConnectorImpl.java:198)
  at com.sap.aii.adapter.jms.core.connector.ConnectorImpl.doConnect(ConnectorImpl.java:166)
  at com.sap.aii.adapter.jms.core.connector.JndiConnectorImpl.doConnect(JndiConnectorImpl.java:186)
  at com.sap.aii.adapter.jms.core.connector.ConnectorImpl.connect(ConnectorImpl.java:151)
  at com.sap.aii.adapter.jms.core.channel.ChannelImpl.doStart(ChannelImpl.java:235)
  at com.sap.aii.adapter.jms.core.channel.ChannelImpl.start(ChannelImpl.java:154)
  at com.sap.aii.adapter.jms.core.channel.AdapterImpl.doAddUpdateChannel(AdapterImpl.java:404)
  at com.sap.aii.adapter.jms.core.channel.AdapterImpl.addOrReplaceChannel(AdapterImpl.java:376)
  at com.sap.aii.adapter.jms.core.channel.ChannelLifecycleCallbackImpl$1.run(ChannelLifecycleCallbackImpl.java:51)
  at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
  at java.security.AccessController.doPrivileged(Native Method)
  at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:102)
  at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:172)
  #1.5 #001A4BAC310000520000015D0000152200045090BF28EC6A#1214482519518#com.sap.aii.adapter.jms.core.channel.AdapterImpl##com.sap.aii.adapter.jms.core.channel.AdapterImpl.addOrReplaceChannel(Channel cpaChannel)#J2EE_GUEST#0##n/a##8b16bd50437911ddc9f2001a4bac3100#SAPEngine_Application_Thread[impl:3]_16##0#0#Error##Plain###[[ChannelName:CC_RCV_JMS_SAPJNDI,ChannelId: e4413a5265a436459e271d5e0dd4859b]] Error adding/updating channel.#
  #1.5 #001A4BAC310000520000015E0000152200045090BF28ECF8#1214482519518#com.sap.aii.adapter.jms.core.channel.AdapterImpl##com.sap.aii.adapter.jms.core.channel.AdapterImpl.addOrReplaceChannel(Channel cpaChannel)#J2EE_GUEST#0##n/a##8b16bd50437911ddc9f2001a4bac3100#SAPEngine_Application_Thread[impl:3]_16##0#0#Path##Plain###Exiting method#
  #1.5 #001A4BAC310000520000015F0000152200045090BF28ED76#1214482519519#com.sap.aii.adapter.jms.core.channel.ChannelLifecycleCallbackImpl##com.sap.aii.adapter.jms.core.channel.ChannelLifecycleCallbackImpl.channelAdded().run()#J2EE_GUEST#0##n/a##8b16bd50437911ddc9f2001a4bac3100#SAPEngine_Application_Thread[impl:3]_16##0#0#Path##Plain###Exiting method#
  #1.5 #001A4BAC3100005F000000660000152200045090BF65478A#1214482523474#com.sap.aii.adapter.jms.core.channel.ChannelLifecycleCallbackImpl#sap.com/com.sap.xi.mdt#com.sap.aii.adapter.jms.core.channel.ChannelLifecycleCallbackImpl.channelAdded(Channel channel)#AAAAAAAAA#108##n/a##002ee500437911dd99cf001a4bac3100#SAPEngine_Application_Thread[impl:3]_29##0#0#Path##Plain###Exiting method#
  Please let me know anyone has come accross the problem or has idea how to solve it. Thanks.

  Hi,
  Ask ur basis admin to restart JMS adpater From Vis administrator and try again to activate the comm channel.
  Hope this will solve ur problem and once again check connection fatcory and Queue name provided by Webmethod admin.
  Regards,
  Srini

• Using existing Security Providers with Spring Security

  Has anyone successfully tied their existing WLS JAAS security providers in to the Spring Application Context? I can't seem to find any documentation on how to do this. I've got providers that work correctly in WLS 10.0 MP 1 for a Struts application and I'm developing a new application in Spring MVC and I'd like to use Spring Security (formerly acegi) but I'd like to share the security providers the other application is using since they've already been reviewed/approved by our internal security team.

  A JAAS Authentication Provider along with a JAAS Login Module
  A JAAS Identity Asserter
  A JAAS Role Mapping Provider

• How can I use Norton Security Suite with firfox

  I want to use firefox instead of Explorer but the tool bar for Norton will not load with firefox. What can I do.

  Symantec need to update their Firefox add-ons so that they are compatible with Firefox 4. They have indicated that for Norton 360 they plan to release an update to Norton 360 to support Firefox 4 in early May - http://us.norton.com/support/kb/web_view.jsp?wv_type=public_web&docurl=20100720113635EN&ln=en_US
  I do not know about the time scale for updates for other Norton products. Pending the update by Symantec, if you want to use the Norton add-ons you will need to downgrade to Firefox 3.6.
  To downgrade to Firefox 3.6 first uninstall Firefox 4, but do not select the option to "Remove my Firefox personal data". If you select that option it will delete your bookmarks, passwords and other user data.
  You can then install the latest version of Firefox 3.6 available from http://www.mozilla.com/en-US/firefox/all-older.html - it will automatically use your current bookmarks, passwords etc.
  To avoid possible problems with downgrading, I recommend going to your profile folder and deleting the following files if they exist - extensions.cache, extensions.rdf, extensions.ini, extensions.sqlite and localstore.rdf. Deleting these files will force Firefox to rebuild the list of installed extensions, checking their compatibility, and reset toolbar customizations.
  For details of how to find your profile folder see https://support.mozilla.com/kb/Profiles

• Best way Of providing user authentication using ADF security...

  Hi,
  I have a web application . I want to implement to ADF security to the application.. What is the best approach of doing this? I have the user information in the database tables along with the roles and other information. I want to these tables for authorization ?
  What is the best approach to do this? It would be great if u could help ..
  I ma using 11g release 2
  Thanks in advance.
  Rakesh

  Hi,
  Thanks for the quick response.
  I have been looking at the post but i found one of the forum post in which the person was saying the SQLAuthentication doesnt work ..
  "Be wary when using ADF Security (OPSS) with a SQLAuthenticator.
  This is feedback I got in SR 3-4124753004 :
  "If the you want to use DB as the identity store, then the supported way is to buy OVD server license and configure DB adapter in OVD and then configure an OVD authenticator in Weblogic. SQLAuthenticator will not be used as identity store. And, we do not recommend to use LibOVD for DB identity store. OVD server is the recommended and supported way."
  related bugs are :
  - bug 13876651, "FMW CONTROL SHOULD NOT ALLOW MANAGING USERS GROUPS FROM SQL AUTHENTICATOR"
  - enhancement request 12864498, "OPSS : ADDMEMBERSTOAPPLICATIONROLE : THE SEARCH FOR ROLE FAILED"
  related forum threads are :
  - "ADF Security : identity store : tables in a SQL database"
  - "OPSS : addMembersToApplicationRole : The search for role failed"
  regards
  Jan Vervecken"
  Is this true?
  Rakesh

• Error during JNDI lookup Accessing Remote EJB (access to web service restricted using declarative security model)

  Hello everyone,
  I developed a Web Service prototype accessing remote EJB using the EJB
  control with special syntax in the jndi-name attribute: @jws:ejb
  home-jndi-name="t3://10.10.245.70:7131/AccountDelegatorEJB"
  Everything works fine, but I get an error when I restrict access to my web
  service with a declarative security model by implementing steps provided in
  help doc:
  - Define the web resource you wish to protect
  - Define which security role is required to access the web resource
  - Define which users are granted the required security role
  - Configure WebLogic Server security for my web service(Compatibility
  Security/Users)
  I launch the service by entering the address in a web browser. When prompted
  to accept the digital certificate, click Yes, when prompted for network
  authentication information, enter username and password, navigate to the
  Test Form tab of Test View, invoke the method by clicking the button and I
  get the following exception:
  <error>
  <faultcode>JWSError</faultcode>
  <faultstring>Error during JNDI lookup from
  jndi:t3://10.10.245.70:7131/AccountDelegatorEJB[Lookup failed for
  name:t3://10.10.245.70:7131/AccountDelegatorEJB]</faultstring>
  <detail>
  <jwErrorDetail> weblogic.jws.control.ControlException: Error during JNDI
  lookup from jndi:t3://10.10.245.70:7131/AccountDelegatorEJB[Lookup failed
  for name:t3://10.10.245.70:7131/AccountDelegatorEJB] at
  weblogic.knex.control.EJBControlImpl.acquireResources(EJBControlImpl.java:27
  8) at
  weblogic.knex.context.JwsInternalContext.acquireResources(JwsInternalContext
  .java:220) at
  weblogic.knex.control.ControlHandler.invoke(ControlHandler.java:260) at
  ibas.AccountControl.getTransactionHistory(AccountControl.ctrl) at
  ibas.GetSecure.retrieveVisaHistoryTxn(GetSecure.jws:64) </jwErrorDetail>
  </detail>
  </error>
  I have a simple Hello method as well in my WebService (which is also
  restricted) and it works fine, but remote EJB access doesn't. I tested my
  prototype on Weblogic 7.2 and 8.1 platforms - same result.
  Is that a bug or I am missing some additional configuration in order to get
  that working. Has anyone seen similar behavior? Is there a known resolution?
  Or a suggested way to work around the problem?
  Thank you.
  Andre

  Andre,
  It would be best if this issue is handled as an Eval Support case. Please
  BEA Customer Support at http://support.beasys.com along with the required
  files, and request that an Eval support case be created for this issue.
  Thanks
  Raj Alagumalai
  WebLogic Workshop Support
  "Andre Shergin" <[email protected]> wrote in message
  news:[email protected]...
  Anurag,
  I removed "t3", still get an error but a different one (Unable to create
  InitialContext:null):
  <error>
  <faultcode>JWSError</faultcode>
  <faultstring>Error during JNDI lookup from
  jndi://secuser1:[email protected]:7131/AccountDelegatorEJB[Unable to
  create InitialContext:null]</faultstring>
  <detail>
  <jwErrorDetail> weblogic.jws.control.ControlException: Error during JNDI
  lookup from
  jndi://secuser1:[email protected]:7131/AccountDelegatorEJB[Unable to
  create InitialContext:null] at
  weblogic.knex.control.EJBControlImpl.acquireResources(EJBControlImpl.java:27
  8) at
  weblogic.knex.context.JwsInternalContext.acquireResources(JwsInternalContext
  .java:220) at
  weblogic.knex.control.ControlHandler.invoke(ControlHandler.java:260) at
  ibas.AccountControl.getTransactionHistory(AccountControl.ctrl) at
  ibas.GetVisaHistoryTransactions.getVisaHistoryTxn(GetVisaHistoryTransactions
  .jws:67) </jwErrorDetail>
  </detail>
  </error>
  Note: inter-domain communication is configured properly. The Web Service to
  remote EJB works fine without a declarative security.
  Any other ideas?
  Thank you for your help.
  Andre
  "Anurag" <[email protected]> wrote in message
  news:[email protected]...
  Andre,
  It seems you are using the URL
  jndi:t3://secuser1:[email protected]:7131/AccountDelegatorEJB
  whereas you should not be specifying the "t3:" protocol.
  The URL should be like
  jndi://secuser1:[email protected]:7131/AccountDelegatorEJB
  Please do let me know if you see any issues with this.
  Note that this will only allow you to access remote EJBs in the same WLS
  domain. For accessing EJBs on another domain, you need to configure
  inter-domain communication by
  following a few simple steps as mentioned at
  http://e-docs.bea.com/wls/docs81/ConsoleHelp/jta.html#1106135. This link has
  been provided in the EJB Control Workshop documentation.
  Regards,
  Anurag
  "Andre Shergin" <[email protected]> wrote in message
  news:[email protected]...
  Raj,
  I tried that before, it didn't help. I got similar error message:
  <error>
  <faultcode>JWSError</faultcode>
  <faultstring>Error during JNDI lookup from
  jndi:t3://secuser1:[email protected]:7131/AccountDelegatorEJB[Lookup
  failed for
  name:t3://secuser1:[email protected]:7131/AccountDelegatorEJB]</faultstr
  ing>
  <detail>
  <jwErrorDetail> weblogic.jws.control.ControlException: Error during JNDI
  lookup from
  jndi:t3://secuser1:[email protected]:7131/AccountDelegatorEJB[Lookup
  failed for
  name:t3://secuser1:[email protected]:7131/AccountDelegatorEJB] at
  weblogic.knex.control.EJBControlImpl.acquireResources(EJBControlImpl.java:27
  8) at
  weblogic.knex.context.JwsInternalContext.acquireResources(JwsInternalContext
  .java:220) at
  weblogic.knex.control.ControlHandler.invoke(ControlHandler.java:260) at
  ibas.AccountControl.getTransactionHistory(AccountControl.ctrl) at
  ibas.GetSecure.retrieveVisaHistoryTxn(GetSecure.jws:64) </jwErrorDetail>
  </detail>
  </error>
  Anything else should I try?
  P.S. AccountDelegatorEJB, the remote EJB my Web Service calls is NOTaccess
  restricted.
  I hope there is a solution.
  Thanks,
  Andre
  "Raj Alagumalai" <[email protected]> wrote in message
  news:[email protected]...
  Andre,
  Can you try using the following url with username and password
  jndi://username:password@host:7001/my.resource.jndi.object ?
  once you add webapp level security, the authenticated is the user who
  invokes the EJB.
  http://e-docs.bea.com/workshop/docs81/doc/en/workshop/guide/controls/ejb/con
  CreatingANewEJBControl.html?skipReload=true
  has more info on using remote EJB's.
  Hope this helps.
  Thanks
  Raj Alagumalai
  WebLogic Workshop Support
  "Alla Resnik" <[email protected]> wrote in message
  news:[email protected]...
  Hello everyone,
  I developed a Web Service prototype accessing remote EJB using the EJB
  control with special syntax in the jndi-name attribute: @jws:ejb
  home-jndi-name="t3://10.10.245.70:7131/AccountDelegatorEJB"
  Everything works fine, but I get an error when I restrict access to my
  web
  service with a declarative security model by implementing steps
  provided
  in
  help doc:
  - Define the web resource you wish to protect
  - Define which security role is required to access the web resource
  - Define which users are granted the required security role
  - Configure WebLogic Server security for my web service(Compatibility
  Security/Users)
  I launch the service by entering the address in a web browser. Whenprompted
  to accept the digital certificate, click Yes, when prompted for
  network
  authentication information, enter username and password, navigate tothe
  Test Form tab of Test View, invoke the method by clicking the buttonand
  I
  get the following exception:
  <error>
  <faultcode>JWSError</faultcode>
  <faultstring>Error during JNDI lookup from
  jndi:t3://10.10.245.70:7131/AccountDelegatorEJB[Lookup failed for
  name:t3://10.10.245.70:7131/AccountDelegatorEJB]</faultstring>
  <detail>
  <jwErrorDetail> weblogic.jws.control.ControlException: Error during
  JNDI
  lookup from jndi:t3://10.10.245.70:7131/AccountDelegatorEJB[Lookupfailed
  for name:t3://10.10.245.70:7131/AccountDelegatorEJB] at
  weblogic.knex.control.EJBControlImpl.acquireResources(EJBControlImpl.java:27
  8) at
  weblogic.knex.context.JwsInternalContext.acquireResources(JwsInternalContext
  .java:220) at
  weblogic.knex.control.ControlHandler.invoke(ControlHandler.java:260)at
  ibas.AccountControl.getTransactionHistory(AccountControl.ctrl) at
  ibas.GetSecure.retrieveVisaHistoryTxn(GetSecure.jws:64)</jwErrorDetail>
  </detail>
  </error>
  I have a simple Hello method as well in my WebService (which is also
  restricted) and it works fine, but remote EJB access doesn't. I testedmy
  prototype on Weblogic 7.2 and 8.1 platforms - same result.
  Is that a bug or I am missing some additional configuration in order
  to
  get
  that working. Has anyone seen similar behavior? Is there a knownresolution?
  Or a suggested way to work around the problem?
  Thank you.
  Andre

• Current Security Context Not Trusted When Using Linked Server From ABAP

  Hello,
  I am experiencing a head-scratcher of a problem when trying to use a Linked Server connection to query a remote SQL Server database from our R/3 system.  We have had this working just fine for some time, but after migrating to new hardware and upgrading OS, DBMS, and R/3, now we are running into problems.
  The target database is a named instance on SQL Server 2000 SP3, Windows 2000 Server.  The original source R/3 system was 4.7x2.00, also on SQL Server 2000 (SP4), Windows 2000 Server.  I had been using a Linked Server defined via SQL Enterprise Manager (actually defined when the source was on SQL Server 7), which called an alias defined with the Client Network Utility that pointed to the remote named instance.  This alias and Linked Server worked great for several years.
  Now we have migrated our R/3 system onto new hardware, running Windows Server 2003 SP1 and SQL Server 2005 SP1.  The application itself has been upgraded to ECC 6.0.  I performed the migration with a homogeneous system copy, and everything has worked just fine.  I redefined the Linked Server on the new SQL 2005 installation, this time avoiding the alias and referencing the remote named instance directly, and it tests out just fine using queries from SQL Management Studio.  It also tests fine with OSQL called from the R/3 server console, both when logged on as SAPServiceSID with a trusted connection, and with a SQL login as the schema owner (i.e., 'sid' in lowercase).  From outside of R/3, I cannot make it fail.  It works perfectly.
  That all changes when I try to use the Linked Server within an ABAP application, however.  The basic code in use is
  EXEC SQL.
     SET XACT_ABORT ON
     DELETE FROM [SERVER\INSTANCE].DATABASE.dbo.TABLE
  ENDEXEC.
  The only thing different about this code from that before the upgrade/migration is the reference to [SERVER\INSTANCE] which previously used the alias of just SERVER.
  The program short dumps with runtime error DBIF_DSQL2_SQL_ERROR, exception CX_SY_NATIVE_SQL_ERROR.  The database error code is 15274, and the error text is "Access to the remote server is denied because the current security context is not trusted."
  I have set the "trustworthy" property on the R/3 database, I have ensured SAPServiceSID is a member of the sysadmin SQL role, I've even made it a member of the local Administrators group on both source and target servers, and I've done the same with the SQL Server service account (it uses a domain account).  I have configured the Distributed Transaction Coordinator on the source (Win2003) system per Microsoft KB 839279 (this fixed problems with remote queries coming the other way from the SQL2000 system), and I've upgraded the system stored procedures on the target (SQL2000) system according to MS KB 906954.  I also tried making the schema user a member of the sysadmin role, but naturally that was disastrous, resulting in an instant R/3 crash (don't try this in production!), so I set it back the way it was (default).
  What's really strange is no matter how I try this from outside the R/3 system, it works perfectly, but from within R/3 it does not.  A search of SAP Notes, SDN forums, SAPFANS, Microsoft's KnowledgeBase, and MSDN Forums has not yielded quite the same problem (although that did lead me to learning about the "trustworthy" database property).
  Any insight someone could offer on this thorny problem would be most appreciated.
  Best regards,
  Matt

  Good news! We have got it to work. However, we did it in something of
  a backwards way, and I'm sure you'll laugh when you see how it was done. Also, the solution depends upon the fact that the remote server is still using SQL Server 2000, and so doesn't have quite so many restrictions placed upon it for distributed transactions and Linked Servers as SQL Server 2005 now does.
  At the heart of the solution is the fact that the Linked Server coming FROM the remote server TO our SAP system works fine. Finally, coupled with the knowledge that using DBCON on the SAP side to the remote server also does actually provide a connection (see Notes 323151 and 738371), we set up a roundabout way of achieving our goal. In essence, from ABAP, we set up the DBCON connection to the remote server, at which point all the Native SQL commands execute in the context of the remote server. From within that connection, we
  reference the tables in SAP via the Linked Server defined on the remote
  server, as if SAP were the remote server, selecting data from SAP and inserting it into the remote (but apparently local to this connection) tables.
  So, to spell it out, we define a Linked Server on the remote server pointing back to the SAP server as SAPSERV, with a SQL login mapping defined on the remote system pointing back to a SQL login in the SAP database. We also define a connection to the remote server from SAP using DBCON, using that remote SQL login for authentication.
  Then, in our ABAP code, we simply do something along the lines of
  exec sql.
     set connection 'REMOTE'
  endexec.
  exec sql.
     connect to 'REMOTE'
  endexec.
  exec sql.
     insert into REMOTE_TABLE
        select * from SAPSERV.SID.sid.SAP_TABLE
  endexec.
  exec sql.
     commit
  endexec.
  exec sql.
     disconnect 'REMOTE'
  endexec.
  This is, of course, a test program, but it demonstrated that it worked,
  and we were able to see that entries were appropriately deleted and inserted in the remote server's table. The actual program for use is a little more complex, in that there are about four different operations at different times, and we had to resolve the fact that the temp table SAP_TABLE was being held in a lock by our program, resulting in a deadly embrace, but our developer was able to work that out, and all is now well.
  I don't know if this solution will have applicability to any other customers, but it works for us, for now.
  SAPSERV, REMOTE, REMOTE_TABLE, and SAP_TABLE are, of course, placeholder names, not the actual server or table names, so as not to confuse anyone.
  Best regards,
  Matt

• SSO with AD error:An error has occurred propagating the security context...

  Hi.
  On Windows 2003, I have installed BOXI Edge 3.1 with SAP Integration Kit. My primary and only use of the SAPIK will be for retrieving SAP data for BOXI reports. I DO NOT want to use SAP Authentication. For BOXI, I want to set up only AD Authentication, but because the web.xml files change with the installation of the SAPIK, I have not been successful at setting up AD Authentication. I have modified the web.xml files so that they look like the original web.xml files (without SAPIK).
  The AD groups are imported successfully into BOXI. The members of those groups are imported successfully, too. But when a user attempts to login, they get error: An error has occurred propagating the security context between the security server and the client.
  I have tried nearly everything to clear this error and there are no Kerberos errors in Wireshark logs on the BOXI server.
  Help!
  Thank you!
  Luis
  PS - I asked this question in the SAP Integration Kit forum, and they suggested I ask here, I guess because in the end it may have nothing to do with the SAPIK...

  Thanks, Tim, for your willingness to help.
  The problem is resolved.
  I noticed in the Local Security Policy that the right "Log on as a service" displayed only the service account user ID, without the domain identifier - where I expected it to show as "DOMAIN\svcaccount", it only showed "svaccount".
  I stopped the Tomcat and SIA services, I removed "svaccount" from the list in "Log on as a service", I reset the account information in the Tomcat and SIA services as "DOMAIN\svcaccount" and saw that change reflected in "Log on as a service" and now AD Authentication works beautifully.
  My guess is that it must have been using the local account and not the domain account for running the services.
  Next task: SSO...
  Wish me luck!
  Thanks!
  Luis

• ADF Security integration with Web Logic Security using SQL authenticator

  Hi,
  I was trying to find a suitable way of handling the following requirements:
  1. Administrators should be able to create the roles, groups, users and assign users to roles.
  2. User, Roles, Groups should be stored in DB and Users need to be authenticated accordingly.
  3. I need to be able to map roles with security permissions on Taskflows, JSF Pages, on UI level using groovy expressions and even at Entities level.
  I performed the following tasks:
  1. I created back end Security tables, created SQL authenticator as provider and defined the queries in it then I created ADF Application and used JMX APIs to call the SQL authenticator to perform its operations.
  2. I defined the roles and respective resource permissions in ADF i.e. Jazn xml file because my requirement no 3 would not be achievable without using ADF security.
  Now in this scenario how I can login a user in ADF context and assign roles programmatically that I authenticated from JMX APIs? Or is there any other suitable way to handle these requirements?
  Thanks.
  -Moeen

  Hi Charu,
  Thanks for your reply.
  Can we programmatically add a user in adfsecuritycontext as a currently logged in user, a user which is not present in jazn.xml file? If yes then can we programmatically assign the roles which are defined in jazn.xml to that specific user?
  Moeen

• Default security context for signed applets using WinXP+IE8

  What is the default security context for signed applets from the internet zone using Java 6 and WinXP+IE8 combination? My guess is that all file and socket access available for the user's Windows account is provided to the applet as well. Is this correct and if so, is there a way to limit these access privileges for signed applets from the internet zone?
  This information is surprisingly difficult to find given how security concious people now are using the internet.

  AntonBoer wrote:
  Thank you for your swift reply.
  Unfortunately your answer reflects to my worst fears. Frankly I find this security model naiive. Anyone with euros can get their applet signed so that is no security control at all.The same naive security model applies to just about anything signed and downloaded; not just to Java Applets.
  >
  Working for a corporate IT how I am supposed to allow Java installations on any of our computers with internet access? That automatically means I am providing them as platforms to whoever wishes to run Java code on them (given that the user of course visits the web site). I would have expected Sun to put more effort into this but it appers nothig have changed in this regard for 10 years.I don't see this as a Sun problem; it is indicative of what I consider to be a general security weakness for all computer systems. For example, for Windows, Vista just added more user involvement in the trust process but it still allows programs to run pretty much unconstrained if the user agrees to them running.
  For some time I have advocated a more fine grained approach. I would like to see ALL programs run in a sandbox that a user can specify what and what cannot be done by each individual program. Unfortunately, this would annoy the hell out of most users so it has little chance of every of ever being accepted. The average user just wants a run-and-forget-about-security model.

• Need help using XWS-Security with EJB service endpoint

  I am trying to use XWS-Security along the lines of the JWSDP 1.6 examples, but with an EJB endpoint deployed in an ejb-jar file rather than a typical service endpoint deployed in a WAR.
  Any information on how to do this would be appreciated. I believe I'm close to getting an example working- the details on the problem I've encountered are below.
  I use WSCompile to generate stubs and ties for my WS, and XDoclet to generate the ejb-jar.xml. I deploy the ejb-jar on JBoss 4.0.2.
  The problem I'm having is that the security features are handled in the Stubs and Ties generated by WSCompile, and my server-side refuses to use the WSCompile generated Tie. Previously the web service had used the WSCompile argument 'import="true"', which generated no tie, and the web service worked (this was before I tried to add security features). Whatever mechanism had been used to direct messages to my EJB then is still being used now (JNDI, I believe, facilitated by the ejb-jar.xml and webservices.xml files), and bypassing the Tie class that I now generate using 'server="true"'.
  There must be some way I can reconfigure my webservice so that the WSCompile generated Tie is used, but I can't find any help on the topic.
  Can anyone tell me how to make sure my webservice will use the Tie class on the server side? Is it even possible when using EJBs instead of servlets?

  Burn your CD using iTunes. Then rip the music off of the CD using any "ripping" program. Just make sure the program you use has the "save as .wav" option available. Im not familiar with MusicMatch but I'm sure you would be able to use it.

• My itunes in pc fails to secure link with itunes store it shows the process bar it automatically quits the process it also does not shows any on the screen. i am using windows xp service pack 3. what shoul i do?

  my itunes in pc fails to secure link with itunes store it shows the process bar it automatically quits the process it also does not shows any on the screen. i am using windows xp service pack 3. what shoul i do?
  Diagnostics test
  Microsoft Windows XP Professional Service Pack 3 (Build 2600)
  ECS G31T-M7
  iTunes 10.5.2.11
  QuickTime 7.6.9
  FairPlay 1.13.37
  Apple Application Support 2.1.6
  iPod Updater Library 10.0d2
  CD Driver 2.2.0.1
  CD Driver DLL 2.1.1.1
  Apple Mobile Device 4.0.0.97
  Apple Mobile Device Driver 1.57.0.0
  Bonjour 3.0.0.10 (333.10)
  Gracenote SDK 1.9.5.502
  Gracenote MusicID 1.9.5.115
  Gracenote Submit 1.9.5.143
  Gracenote DSP 1.9.5.45
  iTunes Serial Number 0012ABAC07F3CCB0
  Current user is an administrator.
  The current local date and time is 2011-12-31 14:06:21.
  iTunes is not running in safe mode.
  WebKit accelerated compositing is enabled.
  HDCP is not supported.
  Core Media is not supported. (16005)
  Video Display Information
  Intel(R) G33/G31 Express Chipset Family
  **** External Plug-ins Information ****
  No external plug-ins installed.
  **** Network Connectivity Tests ****
  Network Adapter Information
  Adapter Name:        {7599FAD1-1BB9-4AC6-80AF-404253DC519E}
  Description:            Atheros L2 Fast Ethernet 10/100 Base-T Controller - Packet Scheduler Miniport
  IP Address:             192.168.1.5
  Subnet Mask:          255.255.255.0
  Default Gateway:    192.168.1.1
  DHCP Enabled:      Yes
  DHCP Server:         192.168.1.1
  Lease Obtained:     Sat Dec 31 13:46:09 2011
  Lease Expires:       Tue Jan 03 13:46:09 2012
  DNS Servers:         192.168.1.1
  Active Connection: LAN Connection
  Connected:             Yes
  Online:                    Yes
  Using Modem:        No
  Using LAN:             Yes
  Using Proxy:           No
  SSL 3.0 Support:     Enabled
  TLS 1.0 Support:     Enabled
  Firewall Information
  Windows Firewall is on.
  iTunes is enabled in Windows Firewall.
  Connection attempt to Apple web site was successful.
  Connection attempt to browsing iTunes Store was successful.
  Connection attempt to purchasing from iTunes Store was successful.
  Connection attempt to iPhone activation server was unsuccessful.
  The network connection timed out.
  Connection attempt to firmware update server was unsuccessful.
  The network connection timed out.
  Connection attempt to Gracenote server was successful.
  Last successful iTunes Store access was 2011-12-31 14:00:02.
  **** Device Connectivity Tests ****
  iPodService 10.5.2.11 is currently running.
  iTunesHelper 10.5.2.11 is currently running.
  Apple Mobile Device service 3.3.0.0 is currently running.
  Universal Serial Bus Controllers:
  Intel(R) 82801G (ICH7 Family) USB Universal Host Controller - 27C8.  Device is working properly.
  Intel(R) 82801G (ICH7 Family) USB Universal Host Controller - 27C9.  Device is working properly.
  Intel(R) 82801G (ICH7 Family) USB Universal Host Controller - 27CA.  Device is working properly.
  Intel(R) 82801G (ICH7 Family) USB Universal Host Controller - 27CB.  Device is working properly.
  Intel(R) 82801G (ICH7 Family) USB2 Enhanced Host Controller - 27CC.  Device is working properly.
  No FireWire (IEEE 1394) Host Controller found.
  Connected Device Information:
  rawkiss’s iPhone, iPhone 3G running firmware version 4.0
  Serial Number:       86931UEAY7H
  **** Device Sync Tests ****
  Sync tests completed successfully.

  I have found a fix after doing additional research through this forum. Tech Note #328730 addresses this problem and it works for Photoshop Album 3.2 even though it was written for release 1.0.
  Here is a link that will take you directly to the Tech Note:
  http://kb.adobe.com/selfservice/viewContent.do?externalId=328730
  When using this fix the Tech Note indicates:
  "Imported image data and tags are lost when you re-create the My Catalog.psa file, so you need to reimport images and reapply any tags"
  however it did retain the captions (at least it did for me).

• Updated my AppleID account info.  Under password security shows an email address to be used to receive email with new password settings.  I need to update that email address, how do I do that?  Thanks!

  Updated my AppleID account info.  Under password security shows an email address to be used to receive email with new password settings.  I need to update that email address, how do I do that?  Thanks!

  Thanks for the help Niel.  I couldn't change the rescue email address (an address that no longer exists and is therefore useless) until I could correctly answer the security questions.  After numerous guesses, finally got them right.  Was then presented with the option to change the rescue email address. Guess the only other option was to have Apple Support make the change or reset my account info.  Have made note of the correct answers so this won't happen again.   Thanks for the fast response!!

• How to use security certificate with Business service

  Hi,
  Information:
  I need to use a security certificate for connection from Business service to legacy system.
  I have created PKI mapper in WebLogic console, deployed keystore on server and Service Key Provider in OSB.
  I can see can connect the certificate in OSB console through the Service Key Provider.
  I have done Authentication setting in the Business service "HTTP Transport Configuration" as "Client Certificate".
  Problem:
  Now whenever I try to invoke BS, the username, password and security key provider is asked at the prompt. Should not the BS collect security certificate automatically? Again,
  when i put username and password as that of WebLogic sbconsole; the error pops up with following message :
  <env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/">
       <env:Header />
       <env:Body>
            <env:Fault>
                 <faultcode>env:Server</faultcode>
                 <faultstring>Failed to process signature.null</faultstring>
            </env:Fault>
       </env:Body>
  </env:Envelope>
  If I don't supply username password and certificate at the time of invoking the message pops up as : "The service requires a digital signature, you must specify a service key provider which has a digital signature credential."
  I think some mistake is done in the above steps, could anybody please clarify?

  The problem was resolved with upgrade to version 10.1.3.4.