Web Composer Admin Customization:'Authorization check failed' error

Similar Messages

• ADFC-0619: Authorization check failed implementing popup through taskflow

  Hi All,
  I receive the error ADFC-0619: Authorization check failed: '/WEB-INF/main-task-flow-template.xml#main-task-flow-template' 'VIEW'. when accessing the taskflow that will show as a popup as described in this blog: http://andrejusb.blogspot.com/2013/03/reusable-adf-region-with-dialog.html. I created a sample application and I have it working as expected.  The sample app has no security configured.  When I put the functionality into our main app the error occurs.  I have checked the jazn-data.xml and have granted a role to both the task flow and the web page.
  Our app is setup where I have a task flow template that most taskflows inherit from.  The calling page is inherited from the template which uses page fragments.  The taskflow for the popup is not inherited from the template and does not use page fragments.
  I am using 11.1.1.6.  The error happens when deploying to the Integrated server as well as a local WLS.  I read a few forum posts on this subject and some folks removed the anonymous role.  I have this role defined but is is only used for my login page so I don't want to remove it from there.
  Appreciate the help as this is blocking me from working on the functionality within the popup.
  Thank you - Rudy

  Resolved.  Our Application is setup as described by Jobinesh in the book "Oracle ADF Real World Developer's Guide".  In this case we have a separate application called "Common", within that we have projects for the ADFFrameWorkExtension, CommonModel, CommonUtilities and CommonUI.  The CommonUI project contains the main-task-flow-template and errorPage.jsff as well as the MainTemplate.jspx.  Each of these projects are deployed as a jar and imported into the main project.
  In the jazn-data.xml under Resource Grants, Resource Type = Task Flow, check the option to "Show task flows imported from ADF libraries".  This showed the main-task-flow-template which I granted the anonymous-role view action.
  When I run it now shows the popup.

• ADFC-0619: Authorization check failed: 'oracle.jbo.uicli.binding.JUFormDef

  JDev version : 11.1.1.4
  WLS : 10.3.4
  Hi All,
  Recently we have migrated JDev from 11.1.1.3 to 11.1.1.4 and WLS from 10.3.3 to 10.3.4. We had security enabled in our application and use to work without any issues in our previous version (before migration). We are getting below error after migration and not able to access our application.
  Error 500--Internal Server Error
  oracle.adf.controller.security.AuthorizationException: ADFC-0619: Authorization check failed: 'oracle.jbo.uicli.binding.JUFormDef@d856cd' 'VIEW'.
  We get this exception as soon as log in is successful. We have tried with different users including administrator who has complete permissions but got same exception. Note that same application is working in previous version.
  Please help us in resolving this issue. Below I have mentioned complete stack trace.
  More details:
  Policy store : jaxz-data.xml
  Identity store : integrated WLS LDAP
  WLS : standalone WLS
  Error 500--Internal Server Error
  oracle.adf.controller.security.AuthorizationException: ADFC-0619: Authorization check failed: 'oracle.jbo.uicli.binding.JUFormDef@d856cd' 'VIEW'.
       at oracle.adf.controller.internal.security.AuthorizationEnforcer.handleFailure(AuthorizationEnforcer.java:180)
       at oracle.adf.controller.internal.security.AuthorizationEnforcer.internalCheckPermission(AuthorizationEnforcer.java:160)
       at oracle.adf.controller.internal.security.AuthorizationEnforcer.checkPermission(AuthorizationEnforcer.java:114)
       at oracle.adfinternal.controller.state.ControllerState.checkPermission(ControllerState.java:632)
       at oracle.adfinternal.controller.state.ControllerState.initializeUrl(ControllerState.java:669)
       at oracle.adfinternal.controller.state.ControllerState.synchronizeStatePart2(ControllerState.java:447)
       at oracle.adfinternal.controller.application.SyncNavigationStateListener.afterPhase(SyncNavigationStateListener.java:46)
       at oracle.adfinternal.controller.lifecycle.ADFLifecycleImpl$PagePhaseListenerWrapper.afterPhase(ADFLifecycleImpl.java:531)
       at oracle.adfinternal.controller.lifecycle.LifecycleImpl.internalDispatchAfterEvent(LifecycleImpl.java:120)
       at oracle.adfinternal.controller.lifecycle.LifecycleImpl.dispatchAfterPagePhaseEvent(LifecycleImpl.java:168)
       at oracle.adfinternal.controller.faces.lifecycle.ADFPhaseListener$PhaseInvokerImpl.dispatchAfterPagePhaseEvent(ADFPhaseListener.java:124)
       at oracle.adfinternal.controller.faces.lifecycle.ADFPhaseListener.afterPhase(ADFPhaseListener.java:70)
       at oracle.adfinternal.controller.faces.lifecycle.ADFLifecyclePhaseListener.afterPhase(ADFLifecyclePhaseListener.java:53)
       at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl._executePhase(LifecycleImpl.java:398)
       at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:185)
       at javax.faces.webapp.FacesServlet.service(FacesServlet.java:265)
       at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
       at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
       at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:300)
       at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
       at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
       at oracle.adf.model.servlet.ADFBindingFilter.doFilter(ADFBindingFilter.java:205)
       at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
       at oracle.adfinternal.view.faces.webapp.rich.RegistrationFilter.doFilter(RegistrationFilter.java:106)
       at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl$FilterListChain.doFilter(TrinidadFilterImpl.java:446)
       at oracle.adfinternal.view.faces.activedata.AdsFilter.doFilter(AdsFilter.java:60)
       at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl$FilterListChain.doFilter(TrinidadFilterImpl.java:446)
       at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl._doFilterImpl(TrinidadFilterImpl.java:271)
       at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl.doFilter(TrinidadFilterImpl.java:177)
       at org.apache.myfaces.trinidad.webapp.TrinidadFilter.doFilter(TrinidadFilter.java:92)
       at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
       at oracle.adf.library.webapp.LibraryFilter.doFilter(LibraryFilter.java:175)
       at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
       at oracle.security.jps.ee.http.JpsAbsFilter$1.run(JpsAbsFilter.java:111)
       at java.security.AccessController.doPrivileged(Native Method)
       at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:313)
       at oracle.security.jps.ee.util.JpsPlatformUtil.runJaasMode(JpsPlatformUtil.java:413)
       at oracle.security.jps.ee.http.JpsAbsFilter.runJaasMode(JpsAbsFilter.java:94)
       at oracle.security.jps.ee.http.JpsAbsFilter.doFilter(JpsAbsFilter.java:161)
       at oracle.security.jps.ee.http.JpsFilter.doFilter(JpsFilter.java:71)
       at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
       at oracle.dms.servlet.DMSServletFilter.doFilter(DMSServletFilter.java:136)
       at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
       at weblogic.servlet.internal.RequestEventsFilter.doFilter(RequestEventsFilter.java:27)
       at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
       at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun(WebAppServletContext.java:3715)
       at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3681)
       at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
       at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
       at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2277)
       at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2183)
       at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1454)
       at weblogic.work.ExecuteThread.execute(ExecuteThread.java:207)
       at weblogic.work.ExecuteThread.run(ExecuteThread.java:176)

  Usually, the security policy of the application is bundled in the EAR file. When you deploy the application the security policy is automatically migrated (e.g. added) to domain's security policy repository (e.g. <tt>system-jazn-data.xml</tt> file, if neither LDAP or DB repository is used). Also when you undeploy an application its security policy is removed from domain's security policy repository.
  My practical experience says that both of these happen only if the application has been targetted to WLS domain's admin server (i.e. if the application is targetted only to managed servers but not to the admin server, then the security policy is neither migrated nor removed).
  The trick I apply is to do the following:
  (1) Target and deploy the application to the admin server (so the security policy is migrated into <tt>system-jazn-data.xml</tt>);
  (2) Copy the migrated application's policy section from <tt>system-jazn-data.xml</tt> to the clipboard;
  (3) Undeploy the application from the admin server (the security policy is removed from <tt>system-jazn-data.xml</tt> in result);
  (4) Paste the security section back into <tt>system-jazn-data.xml</tt> file and save it;
  (5) Deploy the application to managed servers;
  (6) Restart the servers.
  (It is not necessary to undeploy the application at step 3, it is enough to remove the admin server from application's targets).
  I am not sure that this is the right approach, but it works and I have not found anything in the documentation about this topic.
  One more thing - the automatic migration of the security policy that is included in the EAR is controlled by the following parameter in <tt>weblogic-application.xml</tt> file:
  <application-param>
      <param-name>jps.policystore.migration</param-name>
      <param-value>OVERWRITE</param-value>
  </application-param>The policy is not migrated if this parameter is not set.
  If you deploy the application from JDeveloper, it will not be necessary to set this parameter in <tt>weblogic-application.xml</tt> manually because JDeveloper will do it for you. Just open the Application Properties dialog in JDev, go to page "Deployment" and check the checkbox "Application Policies". Then JDeveloper will automatically add this parameter into <tt>weblogic-application.xml</tt> file within the EAR files generated from this time onwards (do not be confused that it will not be added to the file in the IDE).
  Dimitar

• Authorization check failed

  hello experts!
  i created a program via smartforms but when my user try to generate a printed form an error message appear than FORM
  cannot be displayed. when i check Tcode: SU53 Authorization check failed.
  Object Class HR Human Resources
  Authorization Obj. P_ABAP  HR Reporting\
  Authorization Field COARS Degree of simplification for authorizaton check       1
  Authorization field REPID ABAP program name     ZHRPY00018C
  Please help on this one...
  How to fixed this
  Thank you

  hello...
  actually this report has 2 display a List display and via smartforms...
  we laready add this program  in her authorization profile... the only problem
  is when she try to generate the report via smartform she cannot produced the
  the output print docu. because an error appears that my FORM cannot be display.
  But when i check it in the development i can produced a test document.
  please help...

• Authorization Check Failed for HR P_ORGIN on VDSK1

  Hi Experts,
  We have an issue where an HR secretary is making an address change to an employee via pa30.  She is successfully able to save the change with no warning on the screen.  However, when we run /nsu53 immediately after, we see that there was an authorization check failed.  The check failed is in class HR, object P_ORGIN.  The field is VDSK1.  We have values defined there, whereas SAP is requesting a *.  We do not want to use the *, but the value in VDSK1 is correct and should not be failing.
  Anyone ever see this issue before?
  Thanks
  Shane

  Hi Shane,
  Since the secretary was able to save the record I assume there is no issue with the role. SU53 always shows last failed authorisation check. Even if transaction has been succesful you normally find failed authorisation checks from SU53. In your case I assume that PA30 checks first that if user happens to have P_ORGIN with * value in VDSK1. If not then it checks employees infotype 0001 and organisational key and tries to match that to the value in the role. If you pass this check SU53 will still show failed check where VDSK1=*.
  So this is normal behaviour for SU53 and nothing to be worried about. Annoying is when SU53 gives something sill as last check after error. Annoying are SU53 reports from users to add S_DEVELOP with Debug object because programmer has decided to leave break-point to program.
  cheers, s

• "ADFC-0619: Authorization check failed" on standalone WLS10.3.2

  Hi,
  After migrating from 11.1.1.1.0 to 11.1.1.2.0 we run into the following authorization problem:
  ADFC-0619: Authorization check failed: 'pages/UIShell.jspx' 'VIEW'. (as popup, logging at debug level doesn't give more info)
  This error occurs after the user has logged in with correct username/password, and continues from Home.jspx to UIShell.jspx.
  - When testing with JDeveloper on embedded WLS, everything works fine. But as soon as we deploy to standalone WLS 10.3.2, this problem starts.
  - We checked jazn-data.xml on the standalone WLS, but it no missing parts there compared to the 11.1.1.1.0 deployment version.
  - A difference between embedded WLS and standalone WLS is that for the standalone we use LDAP for user authentication. We had this setup working on 11.1.1.1.0, so what has changed?
  A similar situation is described here:
  ADF 11g security: deploy to WebLogic 10.3.1
  Any clues or directions?
  Thanks alot,
  Gerben

  I found a workaround for my problem. Because we're using custom authorization (JHeadstart) in our applications, we don't need adf authorization. So I've just simply set authorizationEnforce to "false" in adf-config.xml, which works in our case.
  Following blogposts helped alot:
  http://hardnoxjava.blogspot.com/2009/02/how-we-handled-adf-security.html
  http://andrejusb.blogspot.com/2009/01/practical-adf-security-deployment-on.html
  -- Gerben

• HCM Transfer process - Authorization Check Failed

  Hi All
      We are trying to run the Standard Transfer  process of HCM . We are trying to run the tcode u201C HRASR_TEST_PROCESSu201D  Can anybody Tell us what authorization objects does a user  require to run this process if the user does not have SAP_All Authorization.
  We have already added u201CP_ASRCONTu201DAuthorization object  as suggested by sap .
  We are failing in some HR authorization check but we have already added the same in useru2019s profile and it has already been genereated . 
  Note : We have already ran this process with SAP_All Authorization and it ran succesfully . Employee was Succesfully transferred to the new position .
  Please check the shreen  shots (click the links) below to get an idea of the problem .
  Authorization Check Failed :
  Link : [http://www.mediafire.com/?edtznzkmdm0]
  Process flow :
  Link : [http://www.mediafire.com/?ytxz3wlmjiz]
  Please click on " Click here to start download.. "  to check the screenshots.

  Hi, Mr. Joe Bo.
  Thanx for your reply. We are using ECC6 (HP Unix with Oracle)
  Basis Patch - 15, Kernel 159
  I have seen the the note but it's showing ccms method defination settings, but for my case we are yet to go live we have not made any settings from sap they are planning to run a session for the go live. When i am running sdcc i am getting a error in the system log "Failed to activate authorization check for user SAPSYS"
  Thanks & Regards
  Venkatesan J

• ADFC-0619: Authorization check failed

  I am running JDeveloper 11.1.2.4
  ADF Security is enabled for the application.
  Security model is ADF Authentication and Authorization.
  I have created roles for employee, manager and admin.
  The roles are used to hide/display menu items and to allow/disallow access to task flows.
  I have dozens of task flows and this approach has worked well for some time.
  I added a new task flow that is accessible only to the admin role. The menu item is rendered only if the user is in the admin role. View access to the task flow is only granted to the admin role.
  As with new task flows in the past, I created and deployed an .ear file on my stand alone WLS. I then tested the functionality. This works as expected.
  I then gave the .ear file to our system admin to deploy on the sun server WLS. The deployment went fine but when I log in as an admin user and try to access the new menu item and task flow, the menu item is rendered but it says that the user is not authorized for the task flow.
  ADFC-0619: Authorization check failed: '/WEBINF/PlnDollarsSpentLineGraphTF.xml#PlnDollarsSpentLineGraphTF' 'VIEW'.
  Since the menu item is rendered I know that the user is assigned to the admin group. Access to all other menu items and task flows in the application is correct. Only having a problem with the new task flow.
  It would appear that the problem is with the .ear file rather than WLS. However, it works fine on my stand alone WLS and I looked at the jazn-data.xml file in the .ear file. It looks normal. The entry for the task flow looks like all the other task flow entries.
  Any ideas?
  Thanks for your help, Steve

  I examimed the system-jazn-date.xml file and found that the entry for the new task flow did not make it from the jazn-data.xml file into the system-jazn-data.xml file. I had the server system administrator do the deploy a second time. This time the system-jazn-date.xml file was updated properly and the new functionality is working.
  If anyone has an idea why system-jazn-date.xmp did not get updated in the first deployment I would be very interested.
  Thanks, Steve

• ADFC-0619: Authorization check failed: 'oracle.jbo.uicli.binding.JUFormD

  JDev version : 11.1.1.4
  WLS : 10.3.4
  Hi All,
  Recently we have migrated JDev from 11.1.1.3 to 11.1.1.4 and WLS from 10.3.3 to 10.3.4. We had security enabled in our application and use to work without any issues in our previous version (before migration). We are getting below error after migration and not able to access our application.
  Error 500--Internal Server Error
  oracle.adf.controller.security.AuthorizationException: ADFC-0619: Authorization check failed: 'oracle.jbo.uicli.binding.JUFormDef@d856cd' 'VIEW'.We get this exception as soon as log in is successful. We have tried with different users including administrator who has complete permissions but got same exception. Note that same application is working in previous version.
  Please help us in resolving this issue. Below I have mentioned complete stack trace.
  More details:
  Policy store : jaxz-data.xml
  Identity store : integrated WLS LDAP
  WLS : standalone WLS
  Error 500--Internal Server Error
  oracle.adf.controller.security.AuthorizationException: ADFC-0619: Authorization check failed: 'oracle.jbo.uicli.binding.JUFormDef@d856cd' 'VIEW'.
  at oracle.adf.controller.internal.security.AuthorizationEnforcer.handleFailure(AuthorizationEnforcer.java:180)
  at oracle.adf.controller.internal.security.AuthorizationEnforcer.internalCheckPermission(AuthorizationEnforcer.java:160)
  at oracle.adf.controller.internal.security.AuthorizationEnforcer.checkPermission(AuthorizationEnforcer.java:114)
  at oracle.adfinternal.controller.state.ControllerState.checkPermission(ControllerState.java:632)
  at oracle.adfinternal.controller.state.ControllerState.initializeUrl(ControllerState.java:669)
  at oracle.adfinternal.controller.state.ControllerState.synchronizeStatePart2(ControllerState.java:447)
  at oracle.adfinternal.controller.application.SyncNavigationStateListener.afterPhase(SyncNavigationStateListener.java:46)
  at oracle.adfinternal.controller.lifecycle.ADFLifecycleImpl$PagePhaseListenerWrapper.afterPhase(ADFLifecycleImpl.java:531)
  at oracle.adfinternal.controller.lifecycle.LifecycleImpl.internalDispatchAfterEvent(LifecycleImpl.java:120)
  at oracle.adfinternal.controller.lifecycle.LifecycleImpl.dispatchAfterPagePhaseEvent(LifecycleImpl.java:168)
  at oracle.adfinternal.controller.faces.lifecycle.ADFPhaseListener$PhaseInvokerImpl.dispatchAfterPagePhaseEvent(ADFPhaseListener.java:124)
  at oracle.adfinternal.controller.faces.lifecycle.ADFPhaseListener.afterPhase(ADFPhaseListener.java:70)
  at oracle.adfinternal.controller.faces.lifecycle.ADFLifecyclePhaseListener.afterPhase(ADFLifecyclePhaseListener.java:53)
  at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl._executePhase(LifecycleImpl.java:398)
  at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:185)
  at javax.faces.webapp.FacesServlet.service(FacesServlet.java:265)
  at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
  at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
  at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:300)
  at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
  at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
  at oracle.adf.model.servlet.ADFBindingFilter.doFilter(ADFBindingFilter.java:205)
  at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
  at oracle.adfinternal.view.faces.webapp.rich.RegistrationFilter.doFilter(RegistrationFilter.java:106)
  at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl$FilterListChain.doFilter(TrinidadFilterImpl.java:446)
  at oracle.adfinternal.view.faces.activedata.AdsFilter.doFilter(AdsFilter.java:60)
  at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl$FilterListChain.doFilter(TrinidadFilterImpl.java:446)
  at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl._doFilterImpl(TrinidadFilterImpl.java:271)
  at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl.doFilter(TrinidadFilterImpl.java:177)
  at org.apache.myfaces.trinidad.webapp.TrinidadFilter.doFilter(TrinidadFilter.java:92)
  at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
  at oracle.adf.library.webapp.LibraryFilter.doFilter(LibraryFilter.java:175)
  at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
  at oracle.security.jps.ee.http.JpsAbsFilter$1.run(JpsAbsFilter.java:111)
  at java.security.AccessController.doPrivileged(Native Method)
  at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:313)
  at oracle.security.jps.ee.util.JpsPlatformUtil.runJaasMode(JpsPlatformUtil.java:413)
  at oracle.security.jps.ee.http.JpsAbsFilter.runJaasMode(JpsAbsFilter.java:94)
  at oracle.security.jps.ee.http.JpsAbsFilter.doFilter(JpsAbsFilter.java:161)
  at oracle.security.jps.ee.http.JpsFilter.doFilter(JpsFilter.java:71)
  at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
  at oracle.dms.servlet.DMSServletFilter.doFilter(DMSServletFilter.java:136)
  at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
  at weblogic.servlet.internal.RequestEventsFilter.doFilter(RequestEventsFilter.java:27)
  at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
  at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun(WebAppServletContext.java:3715)
  at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3681)
  at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
  at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
  at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2277)
  at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2183)
  at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1454)
  at weblogic.work.ExecuteThread.execute(ExecuteThread.java:207)
  at weblogic.work.ExecuteThread.run(ExecuteThread.java:176)Thanks,
  Ravindra

  What we observed is that non of our application security policies are getting migrated to system-jazn-data.xml file during deployment. This was working in previous version.
  weblogic-application.xml file contents:
  <?xml version = '1.0' encoding = 'windows-1252'?>
  <weblogic-application xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.bea.com/ns/weblogic/weblogic-application http://www.bea.com/ns/weblogic/weblogic-application/1.0/weblogic-application.xsd" xmlns="http://www.bea.com/ns/weblogic/weblogic-application">
    <xml>
      <parser-factory>
        <saxparser-factory>oracle.xml.jaxp.JXSAXParserFactory</saxparser-factory>
        <document-builder-factory>oracle.xml.jaxp.JXDocumentBuilderFactory</document-builder-factory>
        <transformer-factory>oracle.xml.jaxp.JXSAXTransformerFactory</transformer-factory>
      </parser-factory>
    </xml>
    <application-param>
      <param-name>jps.credstore.migration</param-name>
      <param-value>OVERWRITE</param-value>
    </application-param>
    <application-param>
      <param-name>jps.policystore.migration</param-name>
      <param-value>OVERWRITE</param-value>
    </application-param>
    <listener>
        <listener-class>oracle.communications.brm.pdc.server.common.PricingApplicationLifeCycleListener</listener-class>
    </listener>
    <listener>
      <listener-class>oracle.adf.share.weblogic.listeners.ADFApplicationLifecycleListener</listener-class>
    </listener>
    <listener>
      <listener-class>oracle.mds.lcm.weblogic.WLLifecycleListener</listener-class>
    </listener>
    <listener>
      <listener-class>oracle.security.jps.wls.listeners.JpsApplicationLifecycleListener</listener-class>
    </listener>
    <listener>
      <listener-class>oracle.security.jps.wls.listeners.JpsAppVersionLifecycleListener</listener-class>
    </listener>
    <library-ref>
      <library-name>adf.oracle.domain</library-name>
    </library-ref>
    <library-ref>
      <library-name>oracle.jsp.next</library-name>
    </library-ref>
  </weblogic-application>

• Web composer option not displaying while Customizing Error Messages of Portal applications

  Hi
  I am trying to customize the error messages through web composer in sap portal but when i Choose System Administration → System Configuration → Knowledge Management → Content Management          Web composer option is not shown .  I am using netwearver 7.0
  please guide me I searched google but couln't find any satisfactory answer.
  Thanks

  Hi Raima,
  From your description I assume you are attempting to implement the steps outlined in the following documentation, is this correct -
  Modifying Error Pages - Carrying Out the Initial Configuration - SAP Library
  If you are navigating to the KM configuration through the steps you outlined and you do not see WPC Composer listed under 'Content Management' I would suspect that it is not deployed on your system (at least not successfully). It is not included as part of the default stack in EP 7.0 and must be deployed separately. If you do intent to deploy this component, you should also note that the SP level of the KMC-WPC SCA should match the SP level of the other KM and EP components.

• "Crypto replay check failed" errors

  Hey folks,
  I have a site-to-site IPSEC VPN using 2 catalyst 6500's running IOS 12.2(18)SXD7b on each end.
  After reviewing the syslog files this morning, I noticed that for the last 4 days at approximately the same time each nite, my router reports this error:
  Local7.Warning: %CRYPTO-4-PKT_REPLAY_ERR: decrypt: replay check failed
  The error reporting tool on cisco.com says this error is benign, but does not give much info or troubleshooting tips. I've double checked my configuration and everything looks fine. Have you guys seen this before? Any tips?
  Thanks,
  SM

  Hi Steve, check this link if it can help you:
  http://www.ciscotaccc.com/kaidara-advisor/security/showcase?case=K07229553
  Regards,
  Ricardo

• Authorization check failed Auth. Obj. M_MSEG_LGO Goods Movements

  Hello security team.
  We are using two roles for one authorization object to be checked in the MIRO transaction. One role (1) checks the S_TCODE and the authorization object M_MSEG_LGO for ACTVT and  BWART  fields. The other role (2) checks for the same authorization object M_MSEG_LGO for LGORT and WERKS fields. I mean that the complementary effect between the two profiles attached to one and only user and employing the same authorization object M_MSEG_LGO could satisfy the return code SY-SUBRC = 0.
  I have the detailed error message in a file. Please let me know if the issue is clear enough.
  Best Regards,
  Victor Sarabia
  Edited by: Victor  Sarabia Rangel on Mar 16, 2010 2:16 PM

  Hello  Prasant and Julius.
  When you enter a goods movement  using transaction MIGO  I use the movement type values for a good movement. vgr. movement type 987 - Init. entry of state balance or movement types 101,102 GR goods receipt & GR PO reversal BWART field from the authorization object  M_MSEG_LGO.  We gather the movement type values into groups that represents the structural basis that distinguish between , for example:  Goods Receipt with Outbound delivery or  Place in Storage with Material Document .
  Authorization profile 1 for Outbound Delivery with transaction MIRO.
  S_TCODE: MIRO
  M_MSEG_LGO: Inactive
  Authorizat. T-C161126200
  Profl. T-C1611262
  Role MM_AL_OPERACION_ENTRADAS MMA_GRC: OPERACIONES ALMACENES
  Authorization profile 2 Bolton
  M_MSEG_LGO maintained
  Authorizat. T-C161137500
  Profl. T-C1611375
  Role NIVORG_ALMACENENTRADAS_4515  BOLTON:  PLANT ORG LEVEL
  Authorization Field ACTVT Activity
  01, 02, 03
  Authorization Field BWART Movement Type (Inventory Management)                                                                                101, 102, 103, 104, 105, 122, 123, 543, 544, 901, 902, 903, 904, 905, 906, 915,                                                                                916, 925, 926, 947, 948, 979, 980, 981, 982, 987, 988, DMS, RMS
  Authorization Field LGORT Storage location
  1000-1100, 1071, 1CBE, 2000, 3000, 3500, 4000, 5000, 6000, 7000, REHA, T000
  Authorization Field WERKS Plant
  4013-4019
  Profile 1: transaction_code MIRO binds with Profile 2: M_MSEG_LGO, movement type 987 and Authorization Field WERKS Plant 4013 and Storage Location 3000 to satisfy the return code SY-SUBRC = 0 for Goods recepit&Oubound Delivery position in the organization
  The  binding between master profile 1 and the bolton profiles 2,3,4u2026u2026.n  results  in an  organized role framework and greater specificity for handling different positions in the organization.
  Thank you.
  Victor Sarabia

• RH_STRU_AUTHORITY_CHECK authorization check fails

  Hi,
  Authorization issue:
  The transaction codes PO10D and PO13D are used to display Organization Unit and Position details resp., but if the user does not have authorization to view all objects these Tcodes should not allow the user from seeing the details of the objects outside his structure. But in my case this authorization thing is failing and the system is allowing the user to view details of the Objects that does not fall under his structure...
  Please help me to understand how this thing can be restricted.
  Thanks in advance

  different function code
  AKTI     Activate
  GENE     Approve
  HITS     Career plan simulation
  HITK     Career planning hit list
  AEND     Change
  AENK     Change canteen field
  AENT     Change temporarily
  COP     Copy
  COPY     Copy object
  COPR     Copy room
  INSE     Create
  MASS     Create
  INSG     Create from OS/2
  DEL     Delete
  DELO     Delete object
  CUTI     Delimit
  CUT     Delimit object
  DISP     Display
  DUTY     Essential relationship
  QUIC     Fast Data Entry
  HITW     Hit list for E&T Planning
  INIT     Initialization
  INTE     Integration
  LISD     List display
  LIST     List display with change
  NEWL     New Language
  PLVO     Propose change
  PLVG     Proposed plan from OS/2
  ABLN     Reject
  SIMU     Simulation
  BEAN     Submit
  VORS     Succession plan screening

• I get the flashing question mark on my G5/10.5 system. When I booted up on the install disc and ran first aid which failed and stated "Volume check failed Error -9972 Vol 1 could not be repaired. What to do next? Do I try the hardware diags first?

  I've never had to reload the original software and would like to avoid it unless absolutely necessary. Anyway any comments on what i should do next?

  HW Diags aren't likely to help.
  https://discussions.apple.com/docs/DOC-1687
  You must repair the HD,  if Disk Utility or fsck should fail to repair it, your best bet is DiskWarrior from Alsoft, you'll need the CD to boot from if you don't have another boot drive...
  http://www.alsoft.com/DiskWarrior/
  Your best bet is DiskWarrior, you need the CD/DVD though.
  http://www.alsoft.com/DiskWarrior/
  But others that may work…
  Drive Genius…
  http://www.prosofteng.com/products/drive_genius.php
  TechTool Pro…
  http://www.micromat.com/index.php?option=com_content&task=view&id=31&Itemid=83

• Custom handling of authorization scheme failed errors

  Is there a way I can catch when someone goes to a page they are not authorized to be on (Authorization Scheme used to enforce it) then instead of stopping cold redirect them to the public page of the application and use global notification to inform the user of the fact he or she is not authorized into the selected page instead of going to the red stop sign X page? I have used global notifications before but I am unsure if there is a way to keep my page secure applying the authorization scheme at the page level and do what I am talking about. Any ideas?

  This only happens when the user tampers with the URL, but that does happen.
  You can code your authorization scheme to return true when it detects unauthorized access to a page but first have it use owa_util.redirect_url to go to the notification page of your choosing.
  Scott