WebCenter Spaces Security Model question
Hi All,
I am working on WebCenter Spaces PS3. Wanted to check with forum users if the below given scenario is achievable using WC Spaces ?
Scenario: In a SubSpace say "Oracle HCM" there are multiple groups say HRP_US, HRP_AU etc.. , Now the SubSpace has some Event component included in the page. Is is possible to restrict the access of Event_1 to only HRP_US and Event_2 to only HRp_AU ?
NOTE: The Event_1 and Event_2 component (Calandar) are included in the same page.
I was able to show/hide the component on the page using the show component property, But I also want that Adminstrator for these 2 groups should have access to only their group event component. If this can be done, how?
Just to see if i understand your question correctly.
You want a apge with 2 components Event1 and Event2 but depending on the group you want to show either Event1 or Event2, you don't want to show both of them.
This can be done by using the rendered attribute on the component. You can use the security context and check to see if the user is in a specific group so the EL for the rendered attribute would be
#{securityContext.userInRole[' HRP_AU']} If the user does not have the role, the EL will return false and the component will not be visible.
Similar Messages
-
Need Documentation for WebCenter Spaces "security" ?bean?
Hi, in many of the Webcenter Spaces Page templates and taskflows, I see in the .jspx and .jsff code, EL expressions that have "security.authenticated" and "security.configureSpaceAllowed". I have seen other methods but I am not listing them. I am working on a contract for a customer who wants me to customize some Spaces task flows based on whether or not the user can edit documents. Does anybody have any documentation on this bean or datacontrol so that I can determine if I can use it for the customer's Spaces app? Is there any other way to do this? I need to turn off the "Edit" button in the Wiki document task flow (via the rendered attribute) if the user does not have Edit permissions.
Thanks,
Gary Kindfrom your query, what I understood that -
you basically want to toggle the edit button of document taskflow for wiki-use.
In my opinion,you are maintaining all the users in couple of groups or roles.
while customizing the document taskflow - you need to customize the edit button properties.
in edit button's rendered attribute -give a value of #{WCSecurityContext.userInAppRole['role']} or #{WCSecurityContext.userInGroup['group']} .From the two option,select the best one which meets your requirement.
Regards,
Hoque -
ACL - ILS (Item Level Security) for Content Server & WebCenter Spaces
We're trying to implement Item Level Security (ILS / ACL) for Webcenter spaces. We're following the instructions from the Oracle® Fusion Middleware Administrator's Guide for Oracle WebCenter 11g Release 1 (11.1.1.5.0) http://docs.oracle.com/cd/E15586_01/webcenter.1111/e12405.pdf
After making the configuration changes, we're unable to see the "Security" option from the "File" menu in the Document explorer. Has anyone else implemented this feature and ran into similar issues?
I made the following configuration changes:
UseEntitySecurity=1
SpecialAuthGroups=SecurityGroups (comma separated list with no spaces and the application name is included)
CS: Version:11gR1-11.1.1.5.0
DB: 11.2.0.2.0 ---Oracle Database 11g Enterprise Edition
WebCenter: 11.1.1.4.0 (in a clustered environment)
Also, we're looking at the document properties in webcenter spaces via document explorer and do not see the "security group" or "accounts" metadata fields. We can see the "Content ID" and a whole bunch of fields and do not see "security groups" and "accounts". However, when we log into the content server and look at the folder or file "info" we can clearly see the security group and account values...not sure what is required to make these two fields show up in webcenter spaces.Hi ,
Do you upload the documents from spaces or from UCM side ?
When you say the security and account field are not displayed , is that when viewing the content or during update ?
When the ACL features are turned off do you see the above fields ?
Thanks
Srinath -
Custom Application's Model Bundle in Webcenter Spaces
I created a custom ADF application (MVC) that has a portlet entry. The application has a model, connecting to an oracle database, and a view controller, showing the model's view objects in JSF fragments. I created two ".properties" files, ModelBundle_en and ModelBundle_ar, that contain the same keys as the default ModelBundle created when I used the attributes control hints.
The application works prefectly fine when deployed on the IntegeratedWebLogicServer that comes with JDeveloper 11.1.1.2.0. But when I deploy it on Webcenter and show it on spaces, the application initially gets the right locale and displays the labels correcty, then when i navigate between the pages, it displays the labels based on the browser's locale and not spaces' locale. However, if I refresh the page, it displays the labels correctly; i.e. from spaces' locale.
The only solution I found so far, was adding the model bundle in faces-config.xml, then using the EL Expression, #{modelBundle['Key']}, instead of using the attributes label, #{attribute.hints.label}. I would prefer to use the arrtibutes label, so that when i drag an drop a component, I don't have to manually refer to the bundle in the component's value.
Does anyone have a solution please?My taskflow is actually using a datasource that i have configuered for webcenter spaces also but when i look at the logs, it tells me the following:
javax.naming.NameNotFoundException: While trying to look up comp/env/jdbc/workshopDS in /app/webapp/webcenter/312050545.; remaining name 'comp/env/jdbc/workshopDS.
Any idea how can this be the error even after having thee datasource configuered?
Regards
Ajay -
ACL - ILS (Item Level Security) for Webcenter Spaces
We're trying to implement Item Level Security (ILS / ACL) for Webcenter spaces. We're following the instructions from the Oracle® Fusion Middleware Administrator's Guide for Oracle WebCenter 11g Release 1 (11.1.1.5.0) http://docs.oracle.com/cd/E15586_01/webcenter.1111/e12405.pdf
After making the configuration changes, we're unable to see the "Security" option from the "File" menu in the Document explorer. Has anyone else implemented this feature and ran into similar issues?
Also, we're looking at the document properties in webcenter spaces via document explorer and do not see the "security group" or "accounts" metadata fields. We can see the "Content ID" and a whole bunch of fields and do not see "security groups" and "accounts". However, when we log into the content server and look at the folder or file "info" we can clearly see the security group and account values...not sure what is required to make these two fields show up in webcenter spaces.Hi ,
Do you upload the documents from spaces or from UCM side ?
When you say the security and account field are not displayed , is that when viewing the content or during update ?
When the ACL features are turned off do you see the above fields ?
Thanks
Srinath -
Webcenter spaces user and group and WLS security realm
I want to configure external ORACLE DB,
I configed the security realm in WLS, and I can see the user and group list in WLS page, But I cant find any of them in webcenter spaces,
and also can not login with those users.
I added a user with WLS, it works well.
do I need to do other configrations?First you need to create a Administrator for this new identity stores. Weblogic user is not identified now because its not mapped by first authenticator. See Oracle WebCenter Admin Guide, section 28.4.1.1 Granting the WebCenter Spaces Administrator Role Using FusionMiddleware Control. Once you have done this step, do the same steps for other application user. For this you have to give Application role to other user so that they can login and use WebCenter Space.See Oracle WebCenter Admin Guide, Section 28.4.2.1 Granting Application Roles Using Fusion Middleware Control.
After doing above steps, restart WC_Spaces managed server. -
Webcenter spool and security features question
1- do we have features to manage Mainframe spooler print Like Ibm cmod (you CAN extract a document from a spool)?
2- do we have security features Like : document encryption, Password protection...?I am not aware of Mainframe integrations available , there is GET_FILE service that can do java IO steam for documents in WCC. You can use this to get multiple documents and merge them.
You need to look into WCC security model documentation on how you want to implement it for your use case below is a link for it
http://docs.oracle.com/cd/E23943_01/doc.1111/e10792/c05_security.htm#CDDECAAF -
Error while adding a parameter to a task flow deployed in webcenter space
Hi,
i have deployed and extended a adf task flow in webcenter spaces.I have a parameter added to the task flow.Whenever i am adding the parameter to tha task flow i get the following error
<Sep 3, 2012 7:20:50 PM IST> <Warning> <oracle.adf.view.rich.component.fragment.UIXRegion> <BEA-000000> <
java.lang.IllegalStateException: The expression "#{bindings.shell_GlobalToolbar.regionModel}" (that was specified for the RegionModel "value" attribute of the region component with id "wc_glb") evaluated to null.
This is typically due to an error in the configuration of the objects referenced by this expression.
If it helps, the expression "#{bindings.shell_GlobalToolbar}" evaluates to "null".
If it helps, the expression "#{bindings}" evaluates to "oracle_webcenter_webcenterapp_view_templates_WCSiteTemplateRRSideNavFlowPageDef". Now using an empty RegionModel instead.
at oracle.adf.view.rich.component.fragment.UIXRegion.getRegionModel(UIXRegion.java:450)
at oracle.adf.view.rich.component.fragment.UIXRegion._beginInterruptibleRegion(UIXRegion.java:682)
at oracle.adf.view.rich.component.fragment.UIXRegion.processRegion(UIXRegion.java:498)
at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl._executeBindings(LifecycleImpl.java:715)
at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl._executeBindings(LifecycleImpl.java:750)
at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl._executeBindings(LifecycleImpl.java:750)
at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl._executeBindings(LifecycleImpl.java:750)
at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl._executeBindings(LifecycleImpl.java:750)
at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl._executeBindings(LifecycleImpl.java:750)
at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl._executeBindings(LifecycleImpl.java:750)
at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl._executeBindings(LifecycleImpl.java:750)
at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl._restoreView(LifecycleImpl.java:655)
at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl._executePhase(LifecycleImpl.java:301)
at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:186)
at javax.faces.webapp.FacesServlet.service(FacesServlet.java:265)
at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:300)
at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.bi.nanserver.adf.servlet.BIADFServletFilter.doFilter(BIADFServletFilter.java:27)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.bi.presentation.runtime.binding.BIRegionBindingFilter.doFilter(BIRegionBindingFilter.java:40)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.portlet.client.adapter.adf.ADFPortletFilter.doFilter(ADFPortletFilter.java:32)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.webcenter.framework.events.dispatcher.EventDispatcherFilter.doFilter(EventDispatcherFilter.java:44)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.wcps.client.PersonalizationFilter.doFilter(PersonalizationFilter.java:75)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.webcenter.content.integration.servlets.ContentServletFilter.doFilter(ContentServletFilter.java:168)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.webcenter.generalsettings.model.provider.GeneralSettingsProviderFilter.doFilter(GeneralSettingsProviderFilter.java:85)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.webcenter.webcenterapp.internal.view.webapp.WebCenterShellPageRedirectionFilter.doFilter(WebCenterShellPageRedirectionFilter.java:250)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.adf.model.servlet.ADFBindingFilter.doFilter(ADFBindingFilter.java:205)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.webcenter.webcenterapp.internal.view.webapp.WebCenterShellFilter.doFilter(WebCenterShellFilter.java:696)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.adf.view.page.editor.webapp.WebCenterComposerFilter.doFilter(WebCenterComposerFilter.java:109)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.adf.share.http.ServletADFFilter.doFilter(ServletADFFilter.java:62)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.adfinternal.view.faces.webapp.rich.RegistrationFilter.doFilter(RegistrationFilter.java:106)
at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl$FilterListChain.doFilter(TrinidadFilterImpl.java:446)
at oracle.adfinternal.view.faces.activedata.AdsFilter.doFilter(AdsFilter.java:60)
at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl$FilterListChain.doFilter(TrinidadFilterImpl.java:446)
at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl._doFilterImpl(TrinidadFilterImpl.java:271)
at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl.doFilter(TrinidadFilterImpl.java:177)
at org.apache.myfaces.trinidad.webapp.TrinidadFilter.doFilter(TrinidadFilter.java:92)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.adf.library.webapp.LibraryFilter.doFilter(LibraryFilter.java:175)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.webcenter.webcenterapp.internal.view.webapp.WebCenterLocaleWrapperFilter.processFilters(WebCenterLocaleWrapperFilter.java:335)
at oracle.webcenter.webcenterapp.internal.view.webapp.WebCenterLocaleWrapperFilter.doFilter(WebCenterLocaleWrapperFilter.java:237)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.security.jps.ee.http.JpsAbsFilter$1.run(JpsAbsFilter.java:111)
at java.security.AccessController.doPrivileged(Native Method)
at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:313)
at oracle.security.jps.ee.util.JpsPlatformUtil.runJaasMode(JpsPlatformUtil.java:413)
at oracle.security.jps.ee.http.JpsAbsFilter.runJaasMode(JpsAbsFilter.java:94)
at oracle.security.jps.ee.http.JpsAbsFilter.doFilter(JpsAbsFilter.java:161)
at oracle.security.jps.ee.http.JpsFilter.doFilter(JpsFilter.java:71)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.dms.servlet.DMSServletFilter.doFilter(DMSServletFilter.java:136)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.security.jps.ee.http.JpsAbsFilter$1.run(JpsAbsFilter.java:111)
at java.security.AccessController.doPrivileged(Native Method)
at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:313)
at oracle.security.jps.ee.util.JpsPlatformUtil.runJaasMode(JpsPlatformUtil.java:413)
at oracle.security.jps.ee.http.JpsAbsFilter.runJaasMode(JpsAbsFilter.java:94)
at oracle.security.jps.ee.http.JpsAbsFilter.doFilter(JpsAbsFilter.java:161)
at oracle.security.jps.ee.http.JpsFilter.doFilter(JpsFilter.java:71)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at weblogic.servlet.internal.RequestEventsFilter.doFilter(RequestEventsFilter.java:27)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun(WebAppServletContext.java:3715)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3681)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2277)
at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2183)
at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1454)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:209)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:178)
>
<Sep 3, 2012 7:20:50 PM IST> <Error> <oracle.webcenter.webcenterapp> <BEA-000000> <
javax.el.PropertyNotFoundException: Target Unreachable, 'styleEditor' returned null
at com.sun.el.parser.AstValue.getTarget(Unknown Source)
at com.sun.el.parser.AstValue.setValue(Unknown Source)
at com.sun.el.ValueExpressionImpl.setValue(Unknown Source)
at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl._executeBindings(LifecycleImpl.java:679)
at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl._executeBindings(LifecycleImpl.java:750)
at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl._executeBindings(LifecycleImpl.java:750)
at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl.access$000(LifecycleImpl.java:72)
at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl$1.call(LifecycleImpl.java:720)
at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl$1.call(LifecycleImpl.java:716)
at oracle.adf.view.rich.component.fragment.UIXRegion.processRegion(UIXRegion.java:503)
at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl._executeBindings(LifecycleImpl.java:715)
at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl._executeBindings(LifecycleImpl.java:750)
at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl._executeBindings(LifecycleImpl.java:750)
at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl.access$000(LifecycleImpl.java:72)
at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl$1.call(LifecycleImpl.java:720)
at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl$1.call(LifecycleImpl.java:716)
at oracle.adf.view.rich.component.fragment.UIXRegion.processRegion(UIXRegion.java:503)
at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl._executeBindings(LifecycleImpl.java:715)
at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl._executeBindings(LifecycleImpl.java:750)
at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl._executeBindings(LifecycleImpl.java:750)
at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl._executeBindings(LifecycleImpl.java:750)
at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl._executeBindings(LifecycleImpl.java:750)
at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl.access$000(LifecycleImpl.java:72)
at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl$1.call(LifecycleImpl.java:720)
at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl$1.call(LifecycleImpl.java:716)
at oracle.adf.view.rich.component.fragment.UIXRegion.processRegion(UIXRegion.java:503)
at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl._executeBindings(LifecycleImpl.java:715)
at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl._executeBindings(LifecycleImpl.java:750)
at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl._executeBindings(LifecycleImpl.java:750)
at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl._executeBindings(LifecycleImpl.java:750)
at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl._executeBindings(LifecycleImpl.java:750)
at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl._executeBindings(LifecycleImpl.java:750)
at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl._executeBindings(LifecycleImpl.java:750)
at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl._executeBindings(LifecycleImpl.java:750)
at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl._executeBindings(LifecycleImpl.java:750)
at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl._executeBindings(LifecycleImpl.java:750)
at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl._executeBindings(LifecycleImpl.java:750)
at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl._executeBindings(LifecycleImpl.java:750)
at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl._executeBindings(LifecycleImpl.java:750)
at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl._executeBindings(LifecycleImpl.java:750)
at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl._executeBindings(LifecycleImpl.java:750)
at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl._executeBindings(LifecycleImpl.java:750)
at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl._executeBindings(LifecycleImpl.java:750)
at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl._executeBindings(LifecycleImpl.java:750)
at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl._restoreView(LifecycleImpl.java:655)
at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl._executePhase(LifecycleImpl.java:301)
at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:186)
at javax.faces.webapp.FacesServlet.service(FacesServlet.java:265)
at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:300)
at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.bi.nanserver.adf.servlet.BIADFServletFilter.doFilter(BIADFServletFilter.java:27)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.bi.presentation.runtime.binding.BIRegionBindingFilter.doFilter(BIRegionBindingFilter.java:40)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.portlet.client.adapter.adf.ADFPortletFilter.doFilter(ADFPortletFilter.java:32)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.webcenter.framework.events.dispatcher.EventDispatcherFilter.doFilter(EventDispatcherFilter.java:44)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.wcps.client.PersonalizationFilter.doFilter(PersonalizationFilter.java:75)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.webcenter.content.integration.servlets.ContentServletFilter.doFilter(ContentServletFilter.java:168)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.webcenter.generalsettings.model.provider.GeneralSettingsProviderFilter.doFilter(GeneralSettingsProviderFilter.java:85)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.webcenter.webcenterapp.internal.view.webapp.WebCenterShellPageRedirectionFilter.doFilter(WebCenterShellPageRedirectionFilter.java:250)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.adf.model.servlet.ADFBindingFilter.doFilter(ADFBindingFilter.java:205)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.webcenter.webcenterapp.internal.view.webapp.WebCenterShellFilter.doFilter(WebCenterShellFilter.java:696)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.adf.view.page.editor.webapp.WebCenterComposerFilter.doFilter(WebCenterComposerFilter.java:109)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.adf.share.http.ServletADFFilter.doFilter(ServletADFFilter.java:62)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.adfinternal.view.faces.webapp.rich.RegistrationFilter.doFilter(RegistrationFilter.java:106)
at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl$FilterListChain.doFilter(TrinidadFilterImpl.java:446)
at oracle.adfinternal.view.faces.activedata.AdsFilter.doFilter(AdsFilter.java:60)
at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl$FilterListChain.doFilter(TrinidadFilterImpl.java:446)
at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl._doFilterImpl(TrinidadFilterImpl.java:271)
at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl.doFilter(TrinidadFilterImpl.java:177)
at org.apache.myfaces.trinidad.webapp.TrinidadFilter.doFilter(TrinidadFilter.java:92)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.adf.library.webapp.LibraryFilter.doFilter(LibraryFilter.java:175)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.webcenter.webcenterapp.internal.view.webapp.WebCenterLocaleWrapperFilter.processFilters(WebCenterLocaleWrapperFilter.java:335)
at oracle.webcenter.webcenterapp.internal.view.webapp.WebCenterLocaleWrapperFilter.doFilter(WebCenterLocaleWrapperFilter.java:237)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.security.jps.ee.http.JpsAbsFilter$1.run(JpsAbsFilter.java:111)
at java.security.AccessController.doPrivileged(Native Method)
at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:313)
at oracle.security.jps.ee.util.JpsPlatformUtil.runJaasMode(JpsPlatformUtil.java:413)
at oracle.security.jps.ee.http.JpsAbsFilter.runJaasMode(JpsAbsFilter.java:94)
at oracle.security.jps.ee.http.JpsAbsFilter.doFilter(JpsAbsFilter.java:161)
at oracle.security.jps.ee.http.JpsFilter.doFilter(JpsFilter.java:71)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.dms.servlet.DMSServletFilter.doFilter(DMSServletFilter.java:136)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.security.jps.ee.http.JpsAbsFilter$1.run(JpsAbsFilter.java:111)
at java.security.AccessController.doPrivileged(Native Method)
at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:313)
at oracle.security.jps.ee.util.JpsPlatformUtil.runJaasMode(JpsPlatformUtil.java:413)
at oracle.security.jps.ee.http.JpsAbsFilter.runJaasMode(JpsAbsFilter.java:94)
at oracle.security.jps.ee.http.JpsAbsFilter.doFilter(JpsAbsFilter.java:161)
at oracle.security.jps.ee.http.JpsFilter.doFilter(JpsFilter.java:71)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at weblogic.servlet.internal.RequestEventsFilter.doFilter(RequestEventsFilter.java:27)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun(WebAppServletContext.java:3715)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3681)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2277)
at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2183)
at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1454)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:209)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:178)
>
Can anyone please help.I would recommend reading this before posting here: https://groups.google.com/forum/#!msg/adf-methodology/PzncJBPMFDw/7mxNblt_ppYJ
You give far to little detail about the scenario.
Is it an OOTB taskflow that you extended. If so, which one and what parameter did you add + how did you do it.
How did you deploy to spaces
There are a lot of steps in that process that can go wrong so don't expect us to come up with an answer based upon this basic information. -
Webcenter Spaces : New Account creation issue
I have installed Webcenter Suite 11g and did the require configurations post installation. I can see three servers in the webcenter domian created. Namely -
Portlet
Spaces
Services
Now, if I open the link for spaces i.e host:port/webcenter/spaces , it comes up, but requires user name and password. I have not provided any user name and password during the installation.
In the spaces page there is a provision of creating "New Account / Register" . I tried that giving username, pwd, name, mail id etc. It gives error saying -
"User not created. Either the user name or password doesnot adhere to the registration policy or the identity store is unavailable."
Now My questions are :
a) is there any default user , using which I can log into spaces ?
b) what is the registration policy (In error there is no link available to check the same) to make user my user name adhere the same?
c) Do I need to have LDAP server / identity store configuration before hand which contains the user ? If So how to do it ?
Please do suggest. Thanks in advance.
AmritaYou can access the users and groups using the console
Just go to your WLS: http://localhost:7001/console (replace localhost and port to your server) and than login with your weblogic account.
In the left menu you will have a link to the security realm. By default their is a "myrealm". If you click on that you will see the tabs "User and groups". Their are all the users that are currently in the LDAP of your WLS.
To create a new user just press the "new" button.
Normally you should be able to login with the weblogic user without any problem. Try creating a new user and try to login with that. -
AccessControlException: access denied when logging into WebCenter Spaces
I am running into an issue with my new WebCenter 11g PS5 deployment.
I have a single domain with WebCenter Content and WebCenter Portal, but the servers are stored in $ORACLE_BASE/admin/wc_domain/aserver and $ORACLE_BASE/admin/wc_domain/mserver as per the Enterprise Deployment Guide.
Everything seems fine, all my servers start up (from the Admin console through the Node Manager), I can log into WebCenter Spaces, but once I am forwarded to the home page I am thrown out and sent to the error page. In the log there is the following error:
<Oct 3, 2012 5:03:55 PM CEST> <Error> <oracle.webcenter.webcenterapp> <BEA-000000> <
java.security.AccessControlException: access denied (oracle.security.jps.service.policystore.PolicyStoreAccessPermission Context:APPLICATION Context Name:webcenter Actions:getApplicationPolicy)
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:374)
at java.security.AccessController.checkPermission(AccessController.java:546)
at oracle.security.jps.util.JpsAuth$AuthorizationMechanism$3.checkPermission(JpsAuth.java:458)
at oracle.security.jps.util.JpsAuth.checkPermission(JpsAuth.java:518)
at oracle.security.jps.util.JpsAuth.checkPermission(JpsAuth.java:544)
at oracle.security.jps.internal.policystore.AbstractPolicyStore.checkPolicyStoreAccessPermission(AbstractPolicyStore.java:380)
at oracle.security.jps.internal.policystore.ldap.LdapPolicyStore.getApplicationPolicy(LdapPolicyStore.java:810)
at oracle.webcenter.webcenterapp.internal.model.security.WCSecurityManagerImpl$1.run(WCSecurityManagerImpl.java:419)
at oracle.webcenter.webcenterapp.internal.model.security.WCSecurityManagerImpl.init(WCSecurityManagerImpl.java:411)
at oracle.webcenter.webcenterapp.internal.model.security.WCSecurityManagerImpl.<init>(WCSecurityManagerImpl.java:454)
at oracle.webcenter.webcenterapp.internal.view.shell.WCApplicationImpl.getSecurityManager(WCApplicationImpl.java:158)
at oracle.webcenter.webcenterapp.internal.model.WebCenterConfig.getSecurityManager(WebCenterConfig.java:617)
at oracle.webcenter.webcenterapp.internal.view.shell.handler.WebCenterApplicationShellHandler.canAccessPage(WebCenterApplicationShellHandler.java:675)
at oracle.webcenter.webcenterapp.internal.view.shell.handler.WebCenterApplicationShellHandler.getPhysicalPageURI(WebCenterApplicationShellHandler.java:1442)
at oracle.webcenter.webcenterapp.internal.view.webapp.WebCenterShellPageRedirectionFilter.doFilter(WebCenterShellPageRedirectionFilter.java:193)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:57)
at oracle.adf.model.servlet.ADFBindingFilter.doFilter(ADFBindingFilter.java:205)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:57)
at oracle.webcenter.webcenterapp.internal.view.webapp.WebCenterShellFilter.doFilter(WebCenterShellFilter.java:724)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:57)
at oracle.adf.view.page.editor.webapp.WebCenterComposerFilter.doFilter(WebCenterComposerFilter.java:117)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:57)
at oracle.adf.share.http.ServletADFFilter.doFilter(ServletADFFilter.java:62)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:57)
at oracle.adfinternal.view.faces.webapp.rich.RegistrationFilter.doFilter(RegistrationFilter.java:106)
at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl$FilterListChain.doFilter(TrinidadFilterImpl.java:447)
at oracle.adfinternal.view.faces.activedata.AdsFilter.doFilter(AdsFilter.java:60)
at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl$FilterListChain.doFilter(TrinidadFilterImpl.java:447)
at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl._doFilterImpl(TrinidadFilterImpl.java:271)
at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl.doFilter(TrinidadFilterImpl.java:177)
at org.apache.myfaces.trinidad.webapp.TrinidadFilter.doFilter(TrinidadFilter.java:92)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:57)
at oracle.adf.library.webapp.LibraryFilter.doFilter(LibraryFilter.java:180)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:57)
at oracle.webcenter.webcenterapp.internal.view.webapp.WebCenterLocaleWrapperFilter.processFilters(WebCenterLocaleWrapperFilter.java:344)
at oracle.webcenter.webcenterapp.internal.view.webapp.WebCenterLocaleWrapperFilter.doFilter(WebCenterLocaleWrapperFilter.java:237)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:57)
at oracle.security.jps.ee.http.JpsAbsFilter$1.run(JpsAbsFilter.java:119)
at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:315)
at oracle.security.jps.ee.util.JpsPlatformUtil.runJaasMode(JpsPlatformUtil.java:442)
at oracle.security.jps.ee.http.JpsAbsFilter.runJaasMode(JpsAbsFilter.java:103)
at oracle.security.jps.ee.http.JpsAbsFilter.doFilter(JpsAbsFilter.java:171)
at oracle.security.jps.ee.http.JpsFilter.doFilter(JpsFilter.java:71)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:57)
at oracle.dms.servlet.DMSServletFilter.doFilter(DMSServletFilter.java:139)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:57)
at oracle.security.jps.ee.http.JpsAbsFilter$1.run(JpsAbsFilter.java:119)
at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:315)
at oracle.security.jps.ee.util.JpsPlatformUtil.runJaasMode(JpsPlatformUtil.java:442)
at oracle.security.jps.ee.http.JpsAbsFilter.runJaasMode(JpsAbsFilter.java:103)
at oracle.security.jps.ee.http.JpsAbsFilter.doFilter(JpsAbsFilter.java:171)
at oracle.security.jps.ee.http.JpsFilter.doFilter(JpsFilter.java:71)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:57)
at weblogic.servlet.internal.RequestEventsFilter.doFilter(RequestEventsFilter.java:27)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:57)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun(WebAppServletContext.java:3730)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3696)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2273)
at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2179)
at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1490)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:256)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)
>
If I start the managed server using startManagedWebLogic.sh from the prompt, it works without issues.
Node Manager is using the startWebLogic.sh file by default.
I have set up other domains with all the standard paths, so my guess is that this may be caused by a (conflicting) path issue.
Any idea what could be causing this?This is in reply to the first post. I don't know what happened after.
Caused by: java.security.AccessControlException: access denied (java.util.PropertyPermission sun.arch.data.model read)
at java.security.AccessControlContext.checkPermission(Unknown Source)
at java.security.AccessController.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkPropertyAccess(Unknown Source)
at java.lang.System.getProperty(Unknown Source)
at org.eclipse.swt.internal.Library.loadLibrary(Library.java:167)
at org.eclipse.swt.internal.Library.loadLibrary(Library.java:151)
at org.eclipse.swt.internal.C.<clinit>(C.java:21)
If you read the above trace from bottom to top, it shows none of you classes, only classes from that Eclipse library, which seems to loadLibrary() a native DLL. In order to do this, it needs to call System.getProperty( "sun.arch.data.model" ). This call is not allowed from un unsigned applet. So I guess you need to sign the applet and this problem will go away. Many other problems may follow. Just read very very carefully all the related documentation, which I did not. -
Using WebCenter Spaces Web Service API through JDeveloper's Data Control
Hi,
I'm trying to access WebCenter Spaces Web Service API (located at http://host:port/webcenter/SpacesWebService)
using JDeveloper's Web Center Data Control.
I created a data control in my portal project using JDeveloper's Web Service Data Control wizard.
I also created and configured key stores (jps-config.xml) at both sides (spaces server and my portal client).
How I created a data control:
* First I entered the name and the URL (http://host:port/webcenter/SpacesWebService?WSDL)
* Then I entered HTTP basic authentication details (user name and password)
* After that I drag-and-drop the getGroupSpaces() method from the data control to a .jspx page as a ADF read-only table.
* Then ran my portal project and navigated to this .jspx page and it worked. List of group spaces appeared well on that page.
The problem is that I got only public group spaces and group spaces created by the user I entered on HTTP basic authentication details.
I makes no sense to enter some static user details in a web service client (or a data control).
So the question is; can I use identity propagation to get only group spaces created by the same user which I logged in my portal?
Edited by: 832886 on Feb 18, 2011 3:09 AMHi,
You generally get NameError when you are executing the createCred/updateCred from a incorrect location. Are you using the wlst from oracle_common\common\bin?
Also, In your steps I don't see what you did to populate the walllet at JDeveloper end after your updateCred failed. This is a required step. Use the wlst from the location emntioned above and you should be able to proceed.
Thanks,
Vishal -
How can I incorporate new backing beans into a Webcenter Spaces Server?
I am using the WebCenterSpaces application in Customization Developer Role to make changes to some taskflows for a customer. In order to implement a desired change in the Nav Model for the customer, I had to write 3 very small backing beans. They compiled fine, the taskflow let me add them as managed beans. It even new about these backing beans, presumably because I compiled them. I made changes to the .jsff file to use them and that worked fine. However the metadata.mar created when I deploy the application does not have these new classes, so they will not get put into the WC_Spaces server when I use WLST to import the metadata. Can anybody tell me how to get new backing beans into WebCenter Spaces?
I cant be the only one who has had to do this.
Thanks.I don't know if you can import as part of the metadata import but an alternative will be to create a shared library out of your java classes and referencing the shared lib in spaces.
-
Java Security Model: Java Protection Domains
1. Policy Configuration
Until now, security policy was hard-coded in the security manager used by Java applications. This gives us the effective but rigid Java sandbox for applets.A major enhancement to the Java sandbox is the separation of policy from mechanism. Policy is now expressed in a separate, persistent format. The policy is represented in simple ascii, and can be modified and displayed by any tools that support the policy syntax specification. This allows:
o Configurable policies -- no longer is the security policy hard-coded into the application.
o Flexible policies -- Since the policy is configurable, system administrators can enforce global polices for the enterprise. If permitted by the enterprise's global policy, end-users can refine the policy for their desktop.
o Fine-grain policies -- The policy configuration file uses a simple, extensible syntax that allows you to specify access on specific files or to particular network hosts. Access to resources can be granted only to code signed by trusted principals.
o Application policies -- The sandbox is generalized so that applications of any stripe can use the policy mechanism. Previously, to establish a security policy for an application, an developer needed to implement a subclass of the SecurityManager, and hard-code the application's policies in that subclass. Now, the application can make use of the policy file and the extensible Permission object to build an application whose policy is separate from the implementation of the application.
o Extensible policies -- Application developers can choose to define new resource types that require fine-grain access control. They need only define a new Permission object and a method that the system invokes to make access decisions. The policy configuration file and policy tools automatically support application-defined permissions. For example, an application could define a CheckBook object and a CheckBookPermission.
2. X.509v3 Certificate APIs
Public-key cryptography is an effective tool for associating an identity with a piece of code. JavaSoft is introducing API support in the core APIs for X.509v3 certificates. This allows system administrators to use certificates from enterprise Certificate Authorities (CAs), as well as trusted third-party CAs, to cryptographically establish identities.
3. Protection Domains
The central architectural feature of the Java security model is its concept of a Protection Domain. The Java sandbox is an example of a Protection Domain that places tight controls around the execution of downloaded code. This concept is generalized so that each Java class executes within one and only one Protection Domain, with associated permissions.
When code is loaded, its Protection Domain comes into existence. The Protection Domain has two attributes - a signer and a location. The signer could be null if the code is not signed by anyone. The location is the URL where the Java classes reside. The system consults the global policy on behalf of the new Protection Domain. It derives the set of permissions for the Protection Domain based on its signer/location attributes. Those permissions are put into the Protection Domain's bag of permissions.
4. Access Decisions
Access decisions are straightforward. When code tries to access a protected resource, it creates an access request. If the request matches a permission contained in the bag of permissions, then access is granted. Otherwise, access is denied. This simple way of making access decisions extends easily to application-defined resources and access control. For example, the banking application allows access to the CheckBook only when the executing code holds the appropriate CheckBookPermission.
Sandbox model for Security
Java is supported in applications and applets, small programs that spurred Java's early growth and are executable in a browser environment. The applet code is downloaded at runtime and executes in the context of a JVM hosted by the browser. An applet's code can be downloaded from anywhere in the network, so Java's early designers thought such code should not be given unlimited access to the target system. That led to the sandbox model -- the security model introduced with JDK 1.0.
The sandbox model deems all code downloaded from the network untrustworthy, and confines the code to a limited area of the browser -- the sandbox. For instance, code downloaded from the network could not update the local file system. It's probably more accurate to call this a "fenced-in" model, since a sandbox does not connote strict confinement.
While this may seem a very secure approach, there are inherent problems. First, it dictates a rigid policy that is closely tied to the implementation. Second, it's seldom a good idea to put all one's eggs in one basket -- that is, it's unwise to rely entirely on one approach to provide overall system security.
Security needs to be layered for depth of defense and flexible enough to accommodate different policies -- the sandbox model is neither.
java.security.ProtectionDomain
This class represents a unit of protection within the Java application environment, and is typically associated with a concept of "principal," where a principal is an entity in the computer system to which permissions (and as a result, accountability) are granted.
A domain conceptually encloses a set of classes whose instances are granted the same set of permissions. Currently, a domain is uniquely identified by a CodeSource, which encapsulates two characteristics of the code running inside the domain: the codebase (java.net.URL), and a set of certificates (of type java.security.cert.Certificate) for public keys that correspond to the private keys that signed all code in this domain. Thus, classes signed by the same keys and from the same URL are placed in the same domain.
A domain also encompasses the permissions granted to code in the domain, as determined by the security policy currently in effect.
Classes that have the same permissions but are from different code sources belong to different domains.
A class belongs to one and only one ProtectionDomain.
Note that currently in Java 2 SDK, v 1.2, protection domains are created "on demand" as a result of class loading. The getProtectionDomain method in java.lang.Class can be used to look up the protection domain that is associated with a given class. Note that one must have the appropriate permission (the RuntimePermission "getProtectionDomain") to successfully invoke this method.
Today all code shipped as part of the Java 2 SDK is considered system code and run inside the unique system domain. Each applet or application runs in its appropriate domain, determined by its code source.
It is possible to ensure that objects in any non-system domain cannot automatically discover objects in another non-system domain. This partition can be achieved by careful class resolution and loading, for example, using different classloaders for different domains. However, SecureClassLoader (or its subclasses) can, at its choice, load classes from different domains, thus allowing these classes to co-exist within the same name space (as partitioned by a classloader).
jarsigner and keytool
example : cd D:\EicherProject\EicherWEB\Web Content jarsigner -keystore eicher.store source.jar eichercert
The javakey tool from JDK 1.1 has been replaced by two tools in Java 2.
One tool manages keys and certificates in a database. The other is responsible for signing and verifying JAR files. Both tools require access to a keystore that contains certificate and key information to operate. The keystore replaces the identitydb.obj from JDK 1.1. New to Java 2 is the notion of policy, which controls what resources applets are granted access to outside of the sandbox (see Chapter 3).
The javakey replacement tools are both command-line driven, and neither requires the use of the awkward directive files required in JDK 1.1.x. Management of keystores, and the generation of keys and certificates, is carried out by keytool. jarsigner uses certificates to sign JAR files and to verify the signatures found on signed JAR files.
Here we list simple steps of doing the signing. We assume that JDK 1.3 is installed and the tools jarsigner and keytool that are part of JDK are in the execution PATH. Following are Unix commands, however with proper changes, these could be used in Windows as well.
1. First generate a key pair for our Certificate:
keytool -genkey -keyalg rsa -alias AppletCert
2. Generate a certification-signing request.
keytool -certreq -alias AppletCert > CertReq.pem
3. Send this CertReq.pem to VeriSign/Thawte webform. Let the signed reply from them be SignedCert.pem.
4. Import the chain into keystore:
keytool -import -alias AppletCert -file SignedCert.pem
5. Sign the CyberVote archive �TeleVote.jar�:
jarsigner TeleVote.jar AppletCert
This signed applet TeleVote.jar can now be made available to the web server. For testing purpose we can have our own test root CA. Following are the steps to generate a root CA by using openssl.
1. Generate a key pair for root CA:
openssl genrsa -des3 -out CyberVoteCA.key 1024
2. Generate an x509 certificate using the above keypair:
openssl req -new -x509 -days key CyberVoteCA.key -out CyberVoteCA.crt
3. Import the Certificate to keystore.
keytool -import -alias CyberVoteRoot -file CyberVoteCA.crt
Now, in the step 3 of jar signing above, instead of sending the request certificate to VeriSign/Thawte webform for signing, we 365 - can sign using our newly created root CA using this command:
openssl x509 -req -CA CyberVoteCA.crt -CAkey CyberVoteCA.key -days 365 -in CertReq.pem -out SignedCert.pem �Cacreateserial
However, our test root CA has to be imported to the keystore of voter�s web browser in some way. [This was not investigated. We used some manual importing procedure which is not recommended way]
The Important Classes
The MessageDigest class, which is used in current CyberVote mockup system (see section 2), is an engine class designed to provide the functionality of cryptographically secure message digests such as SHA-1 or MD5. A cryptographically secure message digest takes arbitrary-sized input (a byte array), and generates a fixed-size output, called a digest or hash. A digest has the following properties:
� It should be computationally infeasible to find two messages that hashed to the same value.
� The digest does not reveal anything about the input that was used to generate it.
Message digests are used to produce unique and reliable identifiers of data. They are sometimes called the "digital fingerprints" of data.
The (Digital)Signature class is an engine class designed to provide the functionality of a cryptographic digital signature algorithm such as DSA or RSA with MD5. A cryptographically secure signature algorithm takes arbitrary-sized input and a private key and generates a relatively short (often fixed-size) string of bytes, called the signature, with the following properties:
� Given the public key corresponding to the private key used to generate the signature, it should be possible to verify the authenticity and integrity of the input.
� The signature and the public key do not reveal anything about the private key.
A Signature object can be used to sign data. It can also be used to verify whether or not an alleged signature is in fact the authentic signature of the data associated with it.
----Cheers
---- Dinesh VishwakarmaHi,
these concepts are used and implemented in jGuard(www.jguard.net) which enable easy JAAS integration into j2ee webapps across application servers.
cheers,
Charles(jGuard team). -
Problem integrating BPM Process Spaces with Webcenter Spaces PS5
Good Day!
I have currently installed a fresh build of Webcenter 11.1.1.6 stack in a single domain which contains:
1.) UCM
2.) Spaces
3.) SOA with BPM
After configuring process-portal-install.properties, I have run the ant –f install.xml command which will integrate Process Spaces into Webcenter Spaces.
The problem currently I am facing is that after seeing the process spaces link in Webcenter Spaces, I am also being redirected to internal problem and seeing the logs, I have something like:
[2012-06-11T16:28:43.918-07:00] [WC_Spaces] [ERROR] [] [oracle.webcenter.webcenterapp.internal.view.webapp] [tid: [ACTIVE].ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: weblogic] [ecid: 81caeefafba8cb1a:-15b44550:137ddb9ada0:-8000-000000000000022e,0] [APP: webcenter#11.1.1.4.0] [[
oracle.adf.controller.ControllerException: ADFC-06002: unhandled exception
at oracle.adfinternal.controller.util.Utils.createAndLogControllerException(Utils.java:208)
at oracle.adfinternal.controller.engine.ControlFlowEngine.handleException(ControlFlowEngine.java:640)
at oracle.adfinternal.controller.engine.ControlFlowEngine.invokeTaskFlow(ControlFlowEngine.java:235)
at oracle.adfinternal.controller.state.ChildViewPortContextImpl.invokeTaskFlow(ChildViewPortContextImpl.java:104)
at oracle.adfinternal.controller.state.ControllerState.createChildViewPort(ControllerState.java:1387)
at oracle.adfinternal.controller.ControllerContextImpl.createChildViewPort(ControllerContextImpl.java:78)
at oracle.adf.controller.internal.binding.DCTaskFlowBinding.createRegionViewPortContext(DCTaskFlowBinding.java:474)
at oracle.adf.controller.internal.binding.DCTaskFlowBinding.getViewPort(DCTaskFlowBinding.java:392)
at oracle.adf.controller.internal.binding.TaskFlowRegionModel.doProcessBeginRegion(TaskFlowRegionModel.java:164)
at oracle.adf.controller.internal.binding.TaskFlowRegionModel.processBeginRegion(TaskFlowRegionModel.java:112)
at oracle.adf.controller.internal.binding.TaskFlowRegionController.doRegionRefresh(TaskFlowRegionController.java:241)
at oracle.adf.controller.internal.binding.TaskFlowRegionController.refreshRegion(TaskFlowRegionController.java:119)
at oracle.adf.model.binding.DCBindingContainer.internalRefreshControl(DCBindingContainer.java:3204)
at oracle.adf.model.binding.DCBindingContainer.refresh(DCBindingContainer.java:2876)
at oracle.adf.controller.v2.lifecycle.PageLifecycleImpl.prepareModel(PageLifecycleImpl.java:115)
at oracle.adf.controller.faces.lifecycle.FacesPageLifecycle.prepareModel(FacesPageLifecycle.java:359)
Caused by: oracle.adf.controller.ControllerException: ADFC-02001: The ADF Controller cannot find '/WEB-INF/processApplicationsTaskflow.xml'.
at oracle.adfinternal.controller.metadata.provider.MdsMetadataResourceProvider.getMetadataObjects(MdsMetadataResourceProvider.java:473)
at oracle.adfinternal.controller.metadata.provider.MdsMetadataResourceProvider.loadUnmutalbeMetadataResources(MdsMetadataResourceProvider.java:372)
at oracle.adfinternal.controller.metadata.provider.MdsMetadataResourceProvider.getResources(MdsMetadataResourceProvider.java:183)
at oracle.adf.controller.internal.metadata.MetadataService.getTaskFlowDefinition(MetadataService.java:239)
at oracle.adfinternal.controller.activity.TaskFlowCallActivityLogic.findTaskFlowDefinition(TaskFlowCallActivityLogic.java:1072)
at oracle.adfinternal.controller.activity.TaskFlowCallActivityLogic.invokeTaskFlow(TaskFlowCallActivityLogic.java:224)
at oracle.adfinternal.controller.engine.ControlFlowEngine.invokeTaskFlow(ControlFlowEngine.java:217)
... 92 more
Caused by: oracle.mds.core.MetadataNotFoundException: MDS-00013: no metadata found for metadata object "/WEB-INF/processApplicationsTaskflow.xml"
at oracle.mds.core.MetadataObject.getBaseMO(MetadataObject.java:1331)
at oracle.mds.core.MDSSession.getBaseMO(MDSSession.java:3200)
at oracle.mds.core.MDSSession.getMetadataObject(MDSSession.java:1190)
at oracle.mds.core.MOResolver.getMetadataObjects(MOResolver.java:218)
at oracle.adfinternal.controller.metadata.provider.MdsMetadataResourceProvider.getMetadataObjects(MdsMetadataResourceProvider.java:421)
... 98 more
I would like to ask if there is a support link or solution to this problem I am facing such that I may able to see BPM Process Spaces in Webcenter Spaces.Hi Jeff,
Its looking that BPM was not correctly configured for some reason, exact root cause could not be pinpointed. You can try following two things:-
1. Run the following ant command and restart the Admin and managed servers
ant -f install.xml post-install -DpiArgs -importGSOnly
2. If Oracle BPM and WebCenter have been configured in different domains, configure Trusted Domain Credentials in both the Oracle BPM and WebCenter domains.
http://docs.oracle.com/cd/E23943_01/web.1111/e13707/domain.htm#SECMG404
If issue is still there, you can open the SR with Oracle and also have a look on following bug that is released on 24-May-2012.
Bug 13894890 : [SUP] ERROR NO METADATA FOUND FOR METADATA OBJECT "/WEB-INF/PROCESSAPPLICATIONST
Regards,
Imran -
Automated packaging and deploying of WebCenter Spaces/Portal
Hey,
I'm using WebCenter PS5 (11.1.1.6) and was wondering if anyone has setup package and deployment scripts for use in Continuous Integration (CI) for Webcenter Portal and Spaces using Ant. From the documents online I can see that there is limited support for this:
WebCenter Portal
You can use the 'New...' wizard to generate an ant build which will build a .war for your Portal.jpr project. What I can't find is something that will generate an .ear for the entire .jws. Is there a way to do this through ant, wlst or other without doing a 'right-click' option in JDeveloper? It looks like the .ear generation adds a bit of extra stuff like the metadata archive and so couldn't fudge it through a normal <ear> task to wrap the .war.
WebCenter Spaces
So it looks like extending spaces requires quite a few different artifacts. The first being the extend.spaces.webapp.war, which is simple enough since the DesignWebCenterSpaces\WebCenterSpacesExtensionLibrary comes with an ant to do packaging and deployment. However it still leaves question marks for all the .ear files that contain Resources. It would seem you only have 2 choices here - right click deploy from JDeveloper or export as EAR from JDeveloper and then manually install. Are there any ojdeploy tasks etc for the individual spaces resources that could package and install into spaces?
It looks like the only thing I can really properly automate at the moment is the extend.spaces.webapp.war deployment, and all the rest I will have to generate an EAR from within JDeveloper. I really want to avoid generating from JDeveloper as that means you have to check-in archives into source control which isn't good practice.
Responses on this topic are next to none so I would really appreciate an answer if anyone has tried or done this.
Cheers,
RossSo I managed to find a way to build the EAR using ant/ojdeploy for the WebCenter Portal Application. See the following text section which is found in the given link:
http://one-size-doesnt-fit-all.blogspot.com.au/2010/11/using-ojdeploy-and-ant-for-creating-adf.html
Entirely separately to generating ADF libraries, if you wish to use the ojdeploy utility to create an EAR via the workspace, you do this by dropping the project option leaving the workspace, profile and outputfile options. If you do this under JDev 11.1.1.2.0 specifically you'll see the error message "Missing <workspace>, <project> or <profile> parameter in <deploy> element", caused by a bug in the ojdeploy utility, of which there is a patch available.
So basically just drop the <ora:parameter name="project" value="${oracle.jdeveloper.project.name}"/> line in your ant script and it will use the .jws instead to build your project.
Maybe you are looking for
-
IPad/iPhone won't print to HP Photosmart Premium (C410a)
I just bought an HP Photosmart Premium All in One printer (C410a). I got it all hooked up, using wireless and I have set a manual IP for it. I have a 2nd generation AirPort Extreme router which is only set to run DHCP from .100 to .200, I have the
-
Hello all, I want to add user to a perticular usergroup. Is there any FM or BAPI available for this. I want to do the processing of SQ03 in Report, BDC will not work. so i want any BAPI Or Fm. THank you for ur support. Points will be rewarded.
-
i keep loosing service and now it says i have no sim and wont get any service back
-
Hi Guys, I'm new in oracle... I'm using oracle in cf application now. Oracle 9i. Now i want to display records for 6 months. How to use datediff function in oracle? My query will like this Select * from tblname Where datediff(now(),fielddate) <= 6. A
-
SD Override doesn't work after changing the channel
I have a Motorola 7XXX series DVR which got the 1.9 upgrade a few days ago. I have SD Override enabled and set to Stretch. When I set it like that, the SD channel I'm on will then stretch to fill the screen (and the black bars disappear as they shou