Weblogic 8.1 SP4 Two Interesting Security Issues

FIRST ISSUE:
Has anyone correctly configured a SSL Enabled Active Directory Authentication Provider ? The documentation is a little vague on this topic.
SECOND ISSUE:
We just noticed an issue with the initial authentication request to our security providers. It appears to be handeling initial responses incorrectly but subsequent authentication request are work correctly.
-Corey

Hi. We don't update docs well... You should have zero problems. I might
recommend contacting official support to get the latest version of our
JDBC driver package, but it may not be necessary.
Joe

Similar Messages

Weblogic- Fusion Middleware 11g domain JPS security issue.

Hello All,
I'm not very familar with the extensive Security "JPS" managembnt inside weblogic including fusion middleware and the domain security policy.
I just wanted to remove the below line from my "Reports Engine" configuration and now I'm stuck with the further below error constantly.
As far as I can tell the Domain security provide is configure to OID (which I don't even use). All teh files .sso, system_jazn... are all available and have never been deleted or changed.
Fusion Report Engine config (want to remove the security )
=======================================
<engine minEngine="3" maxIdle="30" maxEngine="8" id="rwEng" engLife="50" defaultEnvId="GICQA" class="oracle.reports.engine.EngineImpl"/>
    
    JPS security errors
============
[2012-08-20T13:49:57.567-04:00] [reports] [TRACE:32] [REP-56025] [oracle.reports.server] [tid: 10] [ecid: 0000J_59wD2Fc5WFLzINOA1GCbZ5000001,0] [SRC_CLASS: oracle.reports.utility.RWLogger] [SRC_METHOD: writeln] RWServer:startServer Reports Server is starting up.
[2012-08-20T13:49:58.098-04:00] [reports] [WARNING] [] [oracle.reports.server] [tid: 10] [ecid: 0000J_59wD2Fc5WFLzINOA1GCbZ5000001,0] Multicast:init java.net.SocketException: Unrecognized Windows Sockets error: 0: no Inet4Address associated with interface
[2012-08-20T13:49:58.098-04:00] [reports] [WARNING] [] [oracle.reports.server] [tid: 10] [ecid: 0000J_59wD2Fc5WFLzINOA1GCbZ5000001,0] Multicast:init java.net.SocketException: Unrecognized Windows Sockets error: 0: no Inet4Address associated with interface
[2012-08-20T13:49:58.113-04:00] [reports] [NOTIFICATION:16] [REP-65000] [oracle.reports.server] [tid: 10] [ecid: 0000J_59wD2Fc5WFLzINOA1GCbZ5000001,0] Multicast:init Communication channel is initialized.
[2012-08-20T13:49:58.113-04:00] [reports] [TRACE:16] [] [oracle.reports.server] [tid: 10] [ecid: 0000J_59wD2Fc5WFLzINOA1GCbZ5000001,0] [SRC_CLASS: oracle.reports.utility.RWLogger] [SRC_METHOD: writeln] Multicast:registerReceiver Packet handler registered
[2012-08-20T13:49:58.113-04:00] [reports] [NOTIFICATION:16] [] [oracle.reports.server] [tid: 10] [ecid: 0000J_59wD2Fc5WFLzINOA1GCbZ5000001,0] ServerPacketHandler:start ServerPacketHandler started successfully
[2012-08-20T13:50:00.219-04:00] [reports] [NOTIFICATION:16] [] [oracle.reports.server] [tid: 10] [ecid: 0000J_59wD2Fc5WFLzINOA1GCbZ5000001,0] SecurityHelper:start Security system rwJaznSec successfully started.
[2012-08-20T13:50:00.531-04:00] [reports] [TRACE:16] [] [oracle.reports.server] [tid: 10] [ecid: 0000J_59wD2Fc5WFLzINOA1GCbZ5000001,0] [SRC_CLASS: oracle.reports.utility.RWLogger] [SRC_METHOD: writeln] ReportsCacheHandler:init JOC is initialized
[2012-08-20T13:50:00.578-04:00] [reports] [TRACE:16] [] [oracle.reports.server] [tid: 10] [ecid: 0000J_59wD2Fc5WFLzINOA1GCbZ5000001,0] [SRC_CLASS: oracle.reports.utility.RWLogger] [SRC_METHOD: writeln] JobManager:start Job id sequence = null
[2012-08-20T13:50:00.594-04:00] [reports] [NOTIFICATION] [] [oracle.reports.server] [tid: 10] [ecid: 0000J_59wD2Fc5WFLzINOA1GCbZ5000001,0] Failed initializing JPS D:\Oracle\Middleware\asinst_1\config\ReportsServerComponent\RptSvr_GICPHXAP11_asinst_1\rwserver.conforacle.security.jps.service.credstore.CredStoreException: Could not find the key specified
[2012-08-20T13:50:00.594-04:00] [reports] [INCIDENT_ERROR] [REP-50125] [oracle.reports.server] [tid: 10] [ecid: 0000J_59wD2Fc5WFLzINOA1GCbZ5000001,0] REP-50125 : An internal exception occurred: oracle.security.jps.service.credstore.CredStoreException: Could not find the key specified. [[
oracle.reports.RWException: IDL:oracle/reports/RWException:1.0
     at oracle.reports.utility.Utility.newRWException(Utility.java:1053)
     at oracle.reports.utility.Utility.newRWException(Utility.java:1066)
     at oracle.reports.server.ServerConfig.getValueFromCSF(ServerConfig.java:1354)
     at oracle.reports.server.ServerConfig.getElementProperties(ServerConfig.java:1294)
     at oracle.reports.server.ServerConfig.getElementProperties(ServerConfig.java:1038)
     at oracle.reports.server.JobStoreDB.start(JobStoreDB.java:77)
     at oracle.reports.server.RWServer.startServer(RWServer.java:1038)
     at oracle.reports.server.RWServer.jniMain(RWServer.java:305)
]]Can anybody assist.
Thanks in advance
Jan S.

Hello Kalyan,
I looked at the bug you mentioned and this seem to be related to JSP files as opposed to JPS security. I've searche metalink and may have found some similar and possibly the exact error.
*Error PKI-02002: Unable to open the wallet. Check password When Starting a Reports Server [ID 1316651.1]*
Thanks
Jan S.

Weblogic 8.1 SP4 on AIX Performance issues

We are currently facing big performance issues with our servers that are holding just a couple of applications. The server specs are:
System Model: IBM,7040-681
Processor Type: PowerPC_POWER4
Number Of Processors: 2
Processor Clock Speed: 1500 MHz
CPU Type: 64-bit
Kernel Type: 64-bit
Memory Size: 6144 MB
Good Memory Size: 6144 MB
Java version "1.4.2"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.4.2)
Classic VM (build 1.4.2, J2RE 1.4.2 IBM AIX build ca142-20060824 (SR6) (JIT
enabled: jitc))
Is anybody aware of this kind of problems for Wl8.1+AIX?
Thanks,
Johann

I am getting the same error as well
cannot load libary 'stackdump': java.lang.UnsatisfiedLinkError: no stackdump in java.library.path
I am creating a simple domain using the domain config wizard and I hope all the PATH and LD_LIBRARY_PATH are set by the default scripts. But I am still getting this error.
But Kill -3 <PID> works though!
Is is a know problem OR am I missing something?!
Bala

Weblogic Security Issues

We are running our Web application on Weblogic 5.1 SP12. A security company just
audited our web application using its own tool and produced a report that stated
the following:
1. URL Trickery may be used to list server directories thus revealing sensitive
files. I learned that this problem was fixed in Weblogic server after version
5.1 SP8. I just wanted to make sure that is the case because I heard from another
source that it wasn't until version 6.1. If the latter is right then we have
a problem.
2. A Hacker may be able to use "Forceful Browsing" and "Forceful Browsing by Direcotry
Guessing" to gain access to restricted site content.
3. Parameter Tampering can be used by a hacker by setting a param value out of
the expected value range or changing that value to one beyond its designated range.
4. Cross site scripting (Standard Variants) can be used whereby customer session
and cookies are compromised thereby allowing the attackerto pose as a legitimate
user to view, alter records, or perfrom transactions as that user.
The question is: are still issues in 5.1 SP12? If not, can we provide a proof
of that? If any of those is then what is the workaround/solution/patch required?
Thanks
Sammi

"Sami" <[email protected]> wrote:
>
We are running our Web application on Weblogic 5.1 SP12. A security company
just
audited our web application using its own tool and produced a report
that stated
the following:
1. URL Trickery may be used to list server directories thus revealing
sensitive
files. I learned that this problem was fixed in Weblogic server after
version
5.1 SP8. I just wanted to make sure that is the case because I heard
from another
source that it wasn't until version 6.1. If the latter is right then
we have
a problem.
2. A Hacker may be able to use "Forceful Browsing" and "Forceful Browsing
by Direcotry
Guessing" to gain access to restricted site content.
3. Parameter Tampering can be used by a hacker by setting a param value
out of
the expected value range or changing that value to one beyond its designated
range.
4. Cross site scripting (Standard Variants) can be used whereby customer
session
and cookies are compromised thereby allowing the attackerto pose as a
legitimate
user to view, alter records, or perfrom transactions as that user.
The question is: are still issues in 5.1 SP12? If not, can we provide
a proof
of that? If any of those is then what is the workaround/solution/patch
required?
Thanks
Sammii don't believe some of these issues are necessarily Weblogic issues.
1 and 2) You should be able to setup error pages such that
weblogic.httpd.errorPage.xxx=whatever.html
3 and 4) These are really application architecture and design issues. Eg. If I
were to setup a parameter in the URL, anyone can change it and the page can display
different results. And, the issue with the cookies, again an application issue
as I do not know what you are storing in the local cookies file.

Security issue between weblogic server

Hello,
Here is security issue that we are facing.
Here is setup
Environment 1
Admin server say "env1admin"
Managed Weblogic Server say "env1managed"
We deployed an EJB called HelloEJB in env1managed server and this has an api
sayHello(). HelloClient is a client to HelloEJB.
S/w Weblogic 6.1 sp3
Environment 2
Admin server say "env2admin"
Managed Weblogic Server say "env2managed"
We deployed an EJB called ServiceEJB in env2managed server and this has an api
serviceRequest(). We use weblogic role based security and restrict access to this
api by user HelloEJB.
s/w Weblogic 6.1 sp3
Here is how the system works:
We start the env2admin, env2managed (ServiceEJB is which is a Stateless session
EJB deployed in env2Managed)
We start the env1admin and env1managed (HelloEJB(which is a Stateless session
EJB is deployed in env1Managed)
Test case:
1)HelloClient invokes HelloEJB api sayHello().
2)Now at this point in ejbCreate() at HelloEJB() end we get a reference to ServiceEJB
using Jndi and the context is never closed ). HelloEJB then calls serviceRequest()
api in ServiceEJB. Then gets back a response and then returns response to HelloClient.
Now if we repeat the above testcase.
After step1 in step2 HelloEJB though has all the permissions to invoke api on
ServiceEJB gets an SecurityException.
Question is why doe this happen. Only way HelloEJB can make api calls to serviceEJB
is by making a lookup() every single time. Which is very expensive. I looked at
documents what they say is leave the context open and never close it. Though I
am doing that I am getting this exception.
Any thoughts ?
Thanks in advance,
Vijay

Here are the details of exception stack trace:
java.rmi.AccessException: Security violation: insufficient permission to access
method; nested exception is:
java.lang.SecurityException: Security violation: insufficient permission
to access method
java.lang.SecurityException: Security violation: insufficient permission to access
method
at weblogic.ejb20.internal.BaseEJBObject.preInvoke(BaseEJBObject.java:92)
at weblogic.ejb20.internal.StatelessEJBObject.preInvoke(StatelessEJBObject.java:63)
at service.ServiceBean_nr0s19_EOImpl.sendServiceRequest(ServiceBean_nr0s19_EOImpl.java:25)
at service.ServiceBean_nr0s19_EOImpl_WLSkel.invoke(Unknown Source)
at weblogic.rmi.internal.BasicServerRef.invoke(BasicServerRef.java:298)
at weblogic.rmi.cluster.ReplicaAwareServerRef.invoke(ReplicaAwareServerRef.java:93)
at weblogic.rmi.internal.BasicServerRef.handleRequest(BasicServerRef.java:267)
at weblogic.rmi.internal.BasicExecuteRequest.execute(BasicExecuteRequest.java:22)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:139)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:120)
End server side stack trace
; nested exception is:
Vijay
"Vijay" <[email protected]> wrote:
>
Hello,
Here is security issue that we are facing.
Here is setup
Environment 1
Admin server say "env1admin"
Managed Weblogic Server say "env1managed"
We deployed an EJB called HelloEJB in env1managed server and this has
an api
sayHello(). HelloClient is a client to HelloEJB.
S/w Weblogic 6.1 sp3
Environment 2
Admin server say "env2admin"
Managed Weblogic Server say "env2managed"
We deployed an EJB called ServiceEJB in env2managed server and this has
an api
serviceRequest(). We use weblogic role based security and restrict access
to this
api by user HelloEJB.
s/w Weblogic 6.1 sp3
Here is how the system works:
We start the env2admin, env2managed (ServiceEJB is which is a Stateless
session
EJB deployed in env2Managed)
We start the env1admin and env1managed (HelloEJB(which is a Stateless
session
EJB is deployed in env1Managed)
Test case:
1)HelloClient invokes HelloEJB api sayHello().
2)Now at this point in ejbCreate() at HelloEJB() end we get a reference
to ServiceEJB
using Jndi and the context is never closed ). HelloEJB then calls serviceRequest()
api in ServiceEJB. Then gets back a response and then returns response
to HelloClient.
Now if we repeat the above testcase.
After step1 in step2 HelloEJB though has all the permissions to invoke
api on
ServiceEJB gets an SecurityException.
Question is why doe this happen. Only way HelloEJB can make api calls
to serviceEJB
is by making a lookup() every single time. Which is very expensive. I
looked at
documents what they say is leave the context open and never close it.
Though I
am doing that I am getting this exception.
Any thoughts ?
Thanks in advance,
Vijay

Weblogic.developer.interest.security has moved!

This newsgroup has been relocated. Going forward, please use the weblogic.developer.interest.security newsgroup, which will be located in the [url http://forums.bea.com/category.jspa?categoryID=2004]WebLogic Server/Java EE Newsgroups folder, located at:
http://forums.bea.com/category.jspa?categoryID=2004

Pls mention the WLS version & service pack level
          Kumar
          Kevin wrote:
          > Has anyone seen this nasty error before. It is killing my server and Idon't yet know why I get it.Tue Jun 26 19:10:52 CST 2001:<E> <ServletContext-General> Servlet failed with Exceptionjava.lang.ArrayIndexOutOfBoundsException: 7743536at weblogic.servlet.jsp.JspBase.service(Compiled Code)at weblogic.servlet.internal.ServletStubImpl.invokeServlet(Compiled Code)at weblogic.servlet.internal.ServletStubImpl.invokeServlet(Compiled Code)at weblogic.servlet.internal.ServletContextImpl.invokeServlet(Compiled Code)at weblogic.servlet.internal.ServletContextImpl.invokeServlet(Compiled Code)at weblogic.servlet.internal.ServletContextManager.invokeServlet(Compiled Code)at weblogic.socket.MuxableSocketHTTP.invokeServlet(Compiled Code)at weblogic.socket.MuxableSocketHTTP.execute(Compiled Code)at weblogic.kernel.ExecuteThread.run(Compiled Code)

Weblogic 6.1 SP4 Oracle Issue

Hi Guys,
We have the following setup:
1) Weblogic 6.1 SP4 on Windows 2000
2) Oracle 8.1.7
3) Oracle Thin Driver provided by Weblogic for connecting to database.
Through the application when a container managed Enterpise bean tries to update
a varchar field in database.
The updation is succesful but certain junk characters are getting updated in the
specific field. While in Weblogic 6.1 SP2 we are having no problems at all.
Is there any fixes around for this.
Any help is highly appreciated.....
Thanks in advance,
Kumar

The Oracle thin driver default changed between SP3 and SP4 from
version 8.1.7 to 9.2.0. However, the kit has classes12.zip
for 8.1.7 and 9.0.1. We have encountered some things that are
broken in 9.20 and some things that are fixed in 9.20.
You could try putting the 81.7 or 9.0.1 classes12.zip at the beginning of
your
CLASSPATH.
"Kumar" <[email protected]> wrote in message
news:3e3ce843$[email protected]..
>
Hi Guys,
We have the following setup:
1) Weblogic 6.1 SP4 on Windows 2000
2) Oracle 8.1.7
3) Oracle Thin Driver provided by Weblogic for connecting to database.
Through the application when a container managed Enterpise bean tries toupdate
a varchar field in database.
The updation is succesful but certain junk characters are getting updatedin the
specific field. While in Weblogic 6.1 SP2 we are having no problems atall.
>
Is there any fixes around for this.
Any help is highly appreciated.....
Thanks in advance,
Kumar

Transaction Timeout (BPEL v10.1.2.0.0, WebLogic 8.1 sp4)

We are attempting to process a transform on a medium sized xml doc (~4.5 MB). For the test case we are simply reading the the doc using the FileAdapter, performing a transformation, and then writing the result to a file using the FileAdapter once again. The flow works fine for smallish files (under ~4MB), however, when dropping a file greater than that size the flow fails once finished while writing entries to the BPEL audit log with a TransactionTimedOutException (see exception below).
I understand what is happening and why (it certainly takes longer than 2 mins to process the file). I have also done quite a bit of digging around for references to this issue and found several posts regarding bumping the transaction timeout value when running the OC4J container. My problem is that we are not running the OC4J container. I know how to manage the default transaction timeout value for WebLogic but it appears that the BPEL application doesn't seem to be honoring the default transaction timeout on the WL Server. I have come to this conclusion for two reasons: first, the default transaction timeout on the WL Server (before modification) is 30 seconds, not the 120 seconds that this transaction is timing out on. second, changing the transaction timeout value on the WebLogic server has no impact on this issue what so ever. I can set the transaction timeout to any value I like, the process ALWAYS times out after 120 seconds.
Is there another setting on the BPEL server that I may have missed that is overriding the default timeout, i.e. is it possible that when the BPEL server process is starting the transaction it is setting the timeout on the TransactionManager in code prior to starting the transaction?
Any pointers are greatly appreciated.
------------- START STACK TRACE ------------------
<2007-03-15 13:50:24,625> <ERROR> <default.collaxa.cube> <BaseCubeSessionBean::logError> Error while invoking bean "cube delivery": Cannot insert audit trail.
The process domain was unable to insert the current log entries for the instance "10601" to the audit trail table. The exception reported is: The transaction is no longer active - status: 'Rolled back. [Reason=weblogic.transaction.internal.TimedOutException: Transaction timed out after 120 seconds
Name=[EJB com.collaxa.cube.engine.ejb.impl.CubeDeliveryBean.handleInvoke(java.lang.String,com.oracle.bpel.client.auth.DomainAuth)],Xid=BEA1-0021B65431A170F9CFEF(31469464),Status=Active,numRepliesOwedMe=0,numRepliesOwedOthers=0,seconds since begin=120,seconds left=60,activeThread=Thread[ExecuteThread: '9' for queue: 'default',5,Thread Group for Queue: 'default'],XAServerResourceInfo[weblogic.jdbc.wrapper.JTSXAResourceImpl]=(ServerResourceInfo[weblogic.jdbc.wrapper.JTSXAResourceImpl]=(state=ended,assigned=none),xar=weblogic.jdbc.wrapper.JTSXAResourceImpl@154d033,re-Registered = false),SCInfo[f58_integration+orabpelServer]=(state=active),properties=({weblogic.transaction.name=[EJB com.collaxa.cube.engine.ejb.impl.CubeDeliveryBean.handleInvoke(java.lang.String,com.oracle.bpel.client.auth.DomainAuth)], weblogic.jdbc=t3://127.0.0.1:9700}),OwnerTransactionManager=ServerTM[ServerCoordinatorDescriptor=(CoordinatorURL=orabpelServer+127.0.0.1:9700+f58_integration+t3+, XAResources={},NonXAResources={})],CoordinatorURL=orabpelServer+127.0.0.1:9700+f58_integration+t3+)]'. No further JDBC access is allowed within this transaction.
Please check that the machine hosting the datasource is physically connected to the network. Otherwise, check that the datasource connection parameters (user/password) is currently valid.
sql statement: INSERT INTO audit_trail( cikey, domain_ref, count_id, block, block_csize, block_usize, log ) VALUES( ?, ?, ?, ?, ?, ?, ? )
<2007-03-15 13:50:24,643> <ERROR> <default.collaxa.cube.engine.dispatch> <BaseScheduledWorker::process> Failed to handle dispatch message ... exception ORABPEL-05002
Message handle error.
An exception occurred while attempting to process the message "com.collaxa.cube.engine.dispatch.message.invoke.InvokeInstanceMessage"; the exception is: Transaction Rolledback.: weblogic.transaction.internal.TimedOutException: Transaction timed out after 120 seconds
Name=[EJB com.collaxa.cube.engine.ejb.impl.CubeDeliveryBean.handleInvoke(java.lang.String,com.oracle.bpel.client.auth.DomainAuth)],Xid=BEA1-0021B65431A170F9CFEF(31469464),Status=Active,numRepliesOwedMe=0,numRepliesOwedOthers=0,seconds since begin=120,seconds left=60,activeThread=Thread[ExecuteThread: '9' for queue: 'default',5,Thread Group for Queue: 'default'],XAServerResourceInfo[weblogic.jdbc.wrapper.JTSXAResourceImpl]=(ServerResourceInfo[weblogic.jdbc.wrapper.JTSXAResourceImpl]=(state=ended,assigned=none),xar=weblogic.jdbc.wrapper.JTSXAResourceImpl@154d033,re-Registered = false),SCInfo[f58_integration+orabpelServer]=(state=active),properties=({weblogic.transaction.name=[EJB com.collaxa.cube.engine.ejb.impl.CubeDeliveryBean.handleInvoke(java.lang.String,com.oracle.bpel.client.auth.DomainAuth)], weblogic.jdbc=t3://127.0.0.1:9700}),OwnerTransactionManager=ServerTM[ServerCoordinatorDescriptor=(CoordinatorURL=orabpelServer+127.0.0.1:9700+f58_integration+t3+, XAResources={},NonXAResources={})],CoordinatorURL=orabpelServer+127.0.0.1:9700+f58_integration+t3+)
at weblogic.transaction.internal.ServerTransactionImpl.wakeUp(ServerTransactionImpl.java:1614)
at weblogic.transaction.internal.ServerTransactionManagerImpl.processTimedOutTransactions(ServerTransactionManagerImpl.java:1117)
at weblogic.transaction.internal.TransactionManagerImpl.wakeUp(TransactionManagerImpl.java:1881)
at weblogic.transaction.internal.ServerTransactionManagerImpl.wakeUp(ServerTransactionManagerImpl.java:1034)
at weblogic.transaction.internal.WLSTimer.trigger(WLSTimer.java:31)
at weblogic.time.common.internal.ScheduledTrigger.run(ScheduledTrigger.java:243)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:121)
at weblogic.time.common.internal.ScheduledTrigger.executeLocally(ScheduledTrigger.java:229)
at weblogic.time.common.internal.ScheduledTrigger.execute(ScheduledTrigger.java:223)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:219)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:178)
; nested exception is: weblogic.transaction.internal.TimedOutException: Transaction timed out after 120 seconds
Name=[EJB com.collaxa.cube.engine.ejb.impl.CubeDeliveryBean.handleInvoke(java.lang.String,com.oracle.bpel.client.auth.DomainAuth)],Xid=BEA1-0021B65431A170F9CFEF(31469464),Status=Active,numRepliesOwedMe=0,numRepliesOwedOthers=0,seconds since begin=120,seconds left=60,activeThread=Thread[ExecuteThread: '9' for queue: 'default',5,Thread Group for Queue: 'default'],XAServerResourceInfo[weblogic.jdbc.wrapper.JTSXAResourceImpl]=(ServerResourceInfo[weblogic.jdbc.wrapper.JTSXAResourceImpl]=(state=ended,assigned=none),xar=weblogic.jdbc.wrapper.JTSXAResourceImpl@154d033,re-Registered = false),SCInfo[f58_integration+orabpelServer]=(state=active),properties=({weblogic.transaction.name=[EJB com.collaxa.cube.engine.ejb.impl.CubeDeliveryBean.handleInvoke(java.lang.String,com.oracle.bpel.client.auth.DomainAuth)], weblogic.jdbc=t3://127.0.0.1:9700}),OwnerTransactionManager=ServerTM[ServerCoordinatorDescriptor=(CoordinatorURL=orabpelServer+127.0.0.1:9700+f58_integration+t3+, XAResources={},NonXAResources={})],CoordinatorURL=orabpelServer+127.0.0.1:9700+f58_integration+t3+)
------------- END STACK TRACE ------------------

Hi
i am facing a similar problem..did u find the solution for this problem?
Please pass the solution/workaround u performed for solving this...
Thanks & Regards
Subramanian

Security issue - or not? (remote trigger SMC startup)

Hi,
During installation of a few zones on a Sol10U2 system today, I noticed that simply running an nmap scan on a freshly installed and booted zone would cause the SMC to start:
Starting Solaris Management Console server version 2.1.0.
endpoint created: :898
Adding instance of solaris_providerpath
Adding class Solaris_LocalFileSystem
Adding class Solaris_Directory
Adding class Solaris_Mount
Adding class Solaris_UFS
Adding class Solaris_HSFS
Adding class Solaris_UFSMount
Adding class Solaris_HSFSMount
Adding class Solaris_LocalFSResidesOnExtent
Compilation succeeded.
Adding class Solaris_DiskDrive
Adding class Solaris_DiskPartition
Adding class Solaris_MediaPresent
Adding class Solaris_LogicalDisk
Adding class Solaris_PhysicalMedia
Adding class Solaris_Disk
Adding class Solaris_PhysicalPackage
Adding class Solaris_RealizesExtent
Adding class Solaris_RealizesDiskPartition
Adding class Solaris_RealizesDiskDrive
Adding class Solaris_DiskPartitionBasedOnDisk
Adding class Solaris_DiskPartitionBasedOnFDisk
Adding class Solaris_SCSIController
Adding class Solaris_IDEController
Adding class Solaris_MPXIOController
Adding class Solaris_USBSCSIController
Adding class Solaris_GenericController
Adding class Solaris_SCSIInterface
Adding class Solaris_MPXIOInterface
Adding class Solaris_IDEInterface
Adding class Solaris_ExtraCapacityGroup
Adding class Solaris_MPXIOGroup
Adding class Solaris_ControllerLogicalIdentity
Adding class Solaris_MPXIOCtrlrLogicalIdentity
Adding class Solaris_ControllerComponent
Adding class Solaris_MPXIOComponent
Adding class Solaris_StorageLibrary
Compilation succeeded.
Adding class CIM_ManagedElement
Adding class CIM_SettingData
Adding class CIM_Share
Adding class CIM_FileShare
Adding class CIM_NFSShare
Adding class CIM_SharedElement
Adding class CIM_HostedShare
Compilation succeeded.
Adding class Solaris_NFSShare
Adding class Solaris_NFSShareSecurity
Adding class Solaris_NFS
Adding class Solaris_PersistentShare
Adding class Solaris_MountSetting
Adding class Solaris_NFSMountSetting
Adding class Solaris_ShareSetting
Adding class Solaris_NFSShareSetting
Adding class Solaris_ShareService
Adding class Solaris_MountService
Adding class Solaris_NFSMount
Adding class Solaris_NFSShareSecurityModes
Adding class Solaris_NFSShareDefSecurityMode
Adding class Solaris_HostedShare
Adding class Solaris_PersistentShareConfiguration
Adding class Solaris_PersistentShareForSystem
Adding class Solaris_NFSShareEntry
Adding class Solaris_SharedElement
Adding class Solaris_NFSExport
Adding class Solaris_SharedFileSystem
Compilation succeeded.
Adding instance of solaris_providerpath
Adding instance of solaris_providerpath
Adding class Solaris_VMStateDatabase
Adding class Solaris_VMSoftPartition
Adding class Solaris_VMExtent
Adding class Solaris_VMStripe
Adding class Solaris_VMConcat
Adding class Solaris_VMMirror
Adding class Solaris_VMRaid5
Adding class Solaris_VMTrans
Adding class Solaris_VMHotSparePool
Adding class Solaris_VMDiskSet
Adding class Solaris_VMStorageVolume
Adding class Solaris_VMConcatComponent
Adding class Solaris_VMDriveInDiskSet
Adding class Solaris_VMExtentBasedOn
Adding class Solaris_VMSoftPartComponent
Adding class Solaris_VMExtentInDiskSet
Adding class Solaris_VMHostInDiskSet
Adding class Solaris_VMHotSpareInUse
Adding class Solaris_VMHotSpares
Adding class Solaris_VMMirrorSubmirrors
Adding class Solaris_VMRaid5Component
Adding class Solaris_VMStatistics
Adding class Solaris_VMStripeComponent
Adding class Solaris_VMTransLog
Adding class Solaris_VMTransMaster
Adding class Solaris_VMUsesHotSparePool
Adding class Solaris_VMVolumeBasedOn
Adding class Solaris_DiskIOPerformanceMonitor
Compilation succeeded.
Adding instance of solaris_providerpath
Adding class Solaris_ActiveUser
Adding class Solaris_ActiveProject
Adding class Solaris_ProcessStatisticalInformation
Adding class Solaris_UserProcessAggregateStatisticalInformation
Adding class Solaris_ProjectProcessAggregateStatisticalInformation
Adding class Solaris_ProcessStatistics
Adding class Solaris_ActiveUserProcessAggregateStatistics
Adding class Solaris_ActiveProjectProcessAggregateStatistics
Compilation succeeded.
Registration setup: 8/8 (Executing SUNWpmgr_reg.sh)
Registering components: 64/64 (Registering PatchMgrCli.jar)                 er)
Solaris Management Console server is ready.For interest, the nmap result is:
toby@deepthought ~ $ nmap -v 192.168.1.122
Starting Nmap 4.01 ( http://www.insecure.org/nmap/ ) at 2006-08-29 20:39 EDT
DNS resolution of 1 IPs took 0.23s. Mode: Async [#: 2, OK: 0, NX: 1, DR: 0, SF: 0, TR: 1, CN: 0]
Initiating Connect() Scan against 192.168.1.122 [1672 ports] at 20:39
The Connect() Scan took 44.49s to scan 1672 total ports.
Host 192.168.1.122 appears to be up ... good.
Interesting ports on 192.168.1.122:
(The 1662 ports scanned but not shown below are in state: closed)
PORT     STATE SERVICE
21/tcp   open ftp
22/tcp   open ssh
23/tcp   open telnet
79/tcp   open finger
111/tcp open rpcbind
513/tcp open login
514/tcp open shell
898/tcp open sun-manageconsole
4045/tcp open lockd
7100/tcp open font-service
Nmap finished: 1 IP address (1 host up) scanned in 44.874 seconds(port 7100 is actually a non-standard VNC server which was carried over from the global zone)
Of course, this is immediately before running Solaris Security Toolkit (jass) to apply a secure profile.
Does it matter that this SMC startup can be triggered so easily remotely?

It just struck me odd that simply port-scanning the
machine could produce this behaviour, and I wonder if
it might be a security issue.Probably not directly. Sun has distributed several items in the past that launch via inetd connections (calendar manager and font server were two common ones). Just because it launches doesn't mean it's a security problem. The application itself may require authentication after running.
Of course the resources required by the process may be non-trivial, and the application may have security issues, but the fact that it launches isn't a direct indication of a problem.
Darren

Oracle Deadlock Weblogic 8.1 sp4, Oracle 8i, StuckThreadMaxTime

It will be very helpful if you can suggest on the deadlock issue....
Application was fine for more than 6 months, all of a sudden Appplication goes down after throwing Oracle deadlock exception and after which all thread are hung and no ideal thread available to process incoming request.
We are using weblogic 8.1 sp4 and Oracle 8.1.7
"<WebLogicServer> <BEA-000337> <ExecuteThread: '19' for queue: 'weblogic.kernel.Default' has been busy for "1,209" seconds working on the request "Http Request: /requestconfirmed", which is more than the configured time (StuckThreadMaxTime) of "600" seconds.>"
Attaching part of Thread dump and Jdbc log:
"ExecuteThread: '24' for queue: 'weblogic.kernel.Default'" daemon prio=10 tid=0006a308 nid=37 lwp_id=17700 runnable [0x574e400
0..0x574e34c0]
at java.net.SocketInputStream.socketRead0(Native Method)
at java.net.SocketInputStream.read(SocketInputStream.java:134)
at oracle.net.ns.Packet.receive(Unknown Source)
at oracle.net.ns.DataPacket.receive(Unknown Source)
at oracle.net.ns.NetInputStream.getNextPacket(Unknown Source)
at oracle.net.ns.NetInputStream.read(Unknown Source)
at oracle.net.ns.NetInputStream.read(Unknown Source)
at oracle.net.ns.NetInputStream.read(Unknown Source)
at oracle.jdbc.driver.T4CMAREngine.unmarshalUB1(T4CMAREngine.java:971)
at oracle.jdbc.driver.T4CMAREngine.unmarshalSB1(T4CMAREngine.java:941)
at oracle.jdbc.driver.T4C8Oall.receive(T4C8Oall.java:432)
at oracle.jdbc.driver.T4CCallableStatement.doOall8(T4CCallableStatement.java:180)
at oracle.jdbc.driver.T4CCallableStatement.execute_for_rows(T4CCallableStatement.java:783)
at oracle.jdbc.driver.OracleStatement.doExecuteWithTimeout(OracleStatement.java:1027)
at oracle.jdbc.driver.OraclePreparedStatement.executeInternal(OraclePreparedStatement.java:2885)
at oracle.jdbc.driver.OraclePreparedStatement.execute(OraclePreparedStatement.java:2976)
- locked <79098e48> (a oracle.jdbc.driver.T4CCallableStatement)
- locked <5d00fca0> (a oracle.jdbc.driver.T4CConnection)
at oracle.jdbc.driver.OracleCallableStatement.execute(OracleCallableStatement.java:4103)
- locked <79098e48> (a oracle.jdbc.driver.T4CCallableStatement)
- locked <5d00fca0> (a oracle.jdbc.driver.T4CConnection)
at weblogic.jdbc.wrapper.PreparedStatement.execute(PreparedStatement.java:102)
at com.compoundrequester.dataobjects.DeliveryDO.creatOrderOnSubmitRequest(DeliveryDO.java:157)
at com.compoundrequester.servlets.RequestConfirmedServlet.processInitialScreen(RequestConfirmedServlet.java:
264)
at com.compoundrequester.servlets.RequestConfirmedServlet.service(RequestConfirmedServlet.java:115)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at weblogic.servlet.internal.ServletStubImpl$ServletInvocationAction.run(ServletStubImpl.java:1006)
at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:419)
at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:315)
at weblogic.servlet.internal.RequestDispatcherImpl.forward(RequestDispatcherImpl.java:322)
at com.compoundrequester.servlets.AbstractRequesterServlet.forwardTo(AbstractRequesterServlet.java:140)
at com.compoundrequester.servlets.RequestInformationServlet.processSubmitRequest(RequestInformationServlet.j
ava:312)
JDBC log stream started at Mon Sep 10 03:00:51 EDT 2007
DriverManager.initialize: jdbc.drivers = null
JDBC DriverManager initialized
registerDriver: driver[className=oracle.jdbc.driver.OracleDriver,oracle.jdbc.driver.OracleDriver@893e69]
DriverManager.getDriver("jdbc:oracle:thin:@prd-coats.prius.jnj.com:1601:CMIP1")
trying driver[className=oracle.jdbc.driver.OracleDriver,oracle.jdbc.driver.OracleDriver@893e69]
getDriver returning driver[className=oracle.jdbc.driver.OracleDriver,oracle.jdbc.driver.OracleDriver@893e69]
registerDriver: driver[className=weblogic.jdbc.jts.Driver,weblogic.jdbc.jts.Driver@8864af]
registerDriver: driver[className=weblogic.jdbc.pool.Driver,weblogic.jdbc.pool.Driver@c787d7]
registerDriver: driver[className=oracle.jdbc.driver.OracleDriver,oracle.jdbc.driver.OracleDriver@1051922]
DriverManager.getConnection("jdbc:oracle:thin:@ncsprd04.rar.ncsus.jnj.com:1573:cosmprp4")
trying driver[className=oracle.jdbc.driver.OracleDriver,oracle.jdbc.driver.OracleDriver@893e69]
DriverManager.deregisterDriver: oracle.jdbc.driver.OracleDriver@1051922
getConnection returning driver[className=oracle.jdbc.driver.OracleDriver,oracle.jdbc.driver.OracleDriver@893e69]
registerDriver: driver[className=oracle.jdbc.driver.OracleDriver,oracle.jdbc.driver.OracleDriver@1402772]
DriverManager.getConnection("jdbc:oracle:thin:@ncsprd04.rar.ncsus.jnj.com:1573:cosmprp4")
trying driver[className=oracle.jdbc.driver.OracleDriver,oracle.jdbc.driver.OracleDriver@893e69]
DriverManager.deregisterDriver: oracle.jdbc.driver.OracleDriver@1402772
getConnection returning driver[className=oracle.jdbc.driver.OracleDriver,oracle.jdbc.driver.OracleDriver@893e69]
SQLException: SQLState(null) vendor code(17110)
java.sql.SQLException: execution completed with warning
     at oracle.jdbc.driver.DatabaseError.newSqlException(DatabaseError.java:80)
     at oracle.jdbc.driver.DatabaseError.newSqlException(DatabaseError.java:98)
java.sql.SQLException: Error (-60) caught executing stored procedure: ORA-00060: deadlock detected while waiting for resource
     at com.compoundrequester.dataobjects.AbstractRequestorDataObject.checkStoredProcedure(AbstractRequestorDataObject.java:91)

We solved the deadlock after changing code.
Issue is, when Submit button is clicked, it calls requestconfirmed servlet, which in turn calls a proceduer and gets stuck, we tested the same proceduer on development server, but on production it gives the following error, some how database is not processing requests fast enough...
<Error> <WebLogicServer> <BEA-000337> <ExecuteThread: '20' for queue: 'weblogic.kernel.Default' has been busy for "821" seconds working on the request "Http Request: /us/requestconfirmed", which is more than the configured time (StuckThreadMaxTime) of "600" seconds.>
<Error> <WebLogicServer> <BEA-000337> <ExecuteThread: '21' for queue: 'weblogic.kernel.Default' has been busy for "825" seconds working on the request "Http Request: /us/requestconfirmed", which is more than the configured time (StuckThreadMaxTime) of "600" seconds.>
<Error> <WebLogicServer> <BEA-000337> <ExecuteThread: '22' for queue: 'weblogic.kernel.Default' has been busy for "1,125" seconds working on the request "Http Request: /us/requestconfirmed", which is more than the configured time (StuckThreadMaxTime) of "600" seconds.>
<Error> <WebLogicServer> <BEA-000337> <ExecuteThread: '23' for queue: 'weblogic.kernel.Default' has been busy for "1,425" seconds working on the request "Http Request: /us/requestconfirmed", which is more than the configured time (StuckThreadMaxTime) of "600" seconds.>
<Error> <WebLogicServer> <BEA-000337> <ExecuteThread: '24' for queue: 'weblogic.kernel.Default' has been busy for "1,121" seconds working on the request "Http Request: /us/requestconfirmed", which is more than the configured time (StuckThreadMaxTime) of "600" seconds.>
Below is thread dump
Full thread dump [Wed Sep 19 11:58:59 EDT 2007] (Java HotSpot(TM) Server VM 1.4.2 1.4.2.05-040917-18:54-PA_RISC2.0 PA2.0 (aCC_AP) mixed mode):
"ListenThread.Default" prio=10 tid=0007a318 nid=62 lwp_id=24967 runnable [0x56d54000..0x56d544c0]
     at java.net.PlainSocketImpl.socketAccept(Native Method)
     at java.net.PlainSocketImpl.accept(PlainSocketImpl.java:353)
     - locked <5d2455d8> (a java.net.PlainSocketImpl)
     at java.net.ServerSocket.implAccept(ServerSocket.java:454)
     at java.net.ServerSocket.accept(ServerSocket.java:425)
     at weblogic.socket.WeblogicServerSocket.accept(WeblogicServerSocket.java:26)
     at weblogic.t3.srvr.ListenThread.accept(ListenThread.java:735)
     at weblogic.t3.srvr.ListenThread.run(ListenThread.java:301)
"OracleTimeoutPollingThread" daemon prio=8 tid=01ddf950 nid=61 lwp_id=24114 waiting on condition [0x568cb000..0x568cb4c0]
     at java.lang.Thread.sleep(Native Method)
     at oracle.jdbc.driver.OracleTimeoutPollingThread.run(OracleTimeoutPollingThread.java:144)
"Thread-8" prio=8 tid=0007aa20 nid=60 lwp_id=24110 waiting on condition [0x5694c000..0x5694c4c0]
     at java.lang.Thread.sleep(Native Method)
     at com.jandj.rwjpri.us.release.REL1.run(REL1.java:221)
     at java.lang.Thread.run(Thread.java:534)
"Thread-7" daemon prio=8 tid=0007a8b8 nid=59 lwp_id=24107 waiting on condition [0x569cd000..0x569cd4c0]
     at java.lang.Thread.sleep(Native Method)
     at com.jandj.rwjpri.us.sessiontracker.usSessionTracker.run(usSessionTracker.java:171)
     at java.lang.Thread.run(Thread.java:534)
"Thread-6" prio=10 tid=0007a750 nid=58 lwp_id=24088 in Object.wait() [0x56a4e000..0x56a4e4c0]
     at java.lang.Object.wait(Native Method)
     - waiting on <5cfb8c18> (a java.util.TaskQueue)
     at java.util.TimerThread.mainLoop(Timer.java:429)
     - locked <5cfb8c18> (a java.util.TaskQueue)
     at java.util.TimerThread.run(Timer.java:382)
"weblogic.health.CoreHealthMonitor" daemon prio=8 tid=0007a5e8 nid=57 lwp_id=24022 waiting on condition [0x56acf000..0x56acf4c0]
     at java.lang.Thread.sleep(Native Method)
     at weblogic.t3.srvr.CoreHealthMonitorThread.run(CoreHealthMonitorThread.java:128)
"Thread-5" prio=10 tid=0007a480 nid=56 lwp_id=24020 in Object.wait() [0x56b50000..0x56b504c0]
     at java.lang.Object.wait(Native Method)
     - waiting on <5cd1cdc0> (a java.util.TaskQueue)
     at java.util.TimerThread.mainLoop(Timer.java:429)
     - locked <5cd1cdc0> (a java.util.TaskQueue)
     at java.util.TimerThread.run(Timer.java:382)
"LDAPConnThread-0 ldap://NCSUSRAEBZWLA01:5001" daemon prio=10 tid=0007a1b0 nid=53 lwp_id=23989 runnable [0x56cd3000..0x56cd34c0]
     at java.net.SocketInputStream.socketRead0(Native Method)
     at java.net.SocketInputStream.read(SocketInputStream.java:134)
     at java.io.BufferedInputStream.fill(BufferedInputStream.java:183)
     at java.io.BufferedInputStream.read(BufferedInputStream.java:201)
     - locked <5cc37d78> (a java.io.BufferedInputStream)
     at netscape.ldap.ber.stream.BERElement.getElement(BERElement.java:101)
     at netscape.ldap.LDAPConnThread.run(LDAPConnThread.java:538)
     at java.lang.Thread.run(Thread.java:534)
"VDE Transaction Processor Thread" prio=10 tid=00079ee0 nid=51 lwp_id=23986 in Object.wait() [0x56dd5000..0x56dd54c0]
     at java.lang.Object.wait(Native Method)
     - waiting on <5cc0c2c8> (a com.octetstring.vde.backend.standard.TransactionProcessor)
     at java.lang.Object.wait(Object.java:429)
     at com.octetstring.vde.backend.standard.TransactionProcessor.waitChange(TransactionProcessor.java:365)
     - locked <5cc0c2c8> (a com.octetstring.vde.backend.standard.TransactionProcessor)
     at com.octetstring.vde.backend.standard.TransactionProcessor.run(TransactionProcessor.java:212)
"ExecuteThread: '2' for queue: 'weblogic.admin.RMI'" daemon prio=10 tid=0007a048 nid=50 lwp_id=23985 in Object.wait() [0x56e56000..0x56e564c0]
     at java.lang.Object.wait(Native Method)
     at java.lang.Object.wait(Object.java:429)
     at weblogic.kernel.ExecuteThread.waitForRequest(ExecuteThread.java:153)
     - locked <5cb6f4f0> (a weblogic.kernel.ExecuteThread)
     at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:172)
"ExecuteThread: '1' for queue: 'weblogic.admin.RMI'" daemon prio=10 tid=00079c10 nid=49 lwp_id=23984 in Object.wait() [0x56ed7000..0x56ed74c0]
     at java.lang.Object.wait(Native Method)
     at java.lang.Object.wait(Object.java:429)
     at weblogic.kernel.ExecuteThread.waitForRequest(ExecuteThread.java:153)
     - locked <5cb6efc8> (a weblogic.kernel.ExecuteThread)
     at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:172)
"ExecuteThread: '0' for queue: 'weblogic.admin.RMI'" daemon prio=10 tid=00079d78 nid=48 lwp_id=23983 in Object.wait() [0x56f58000..0x56f584c0]
     at java.lang.Object.wait(Native Method)
     at java.lang.Object.wait(Object.java:429)
     at weblogic.kernel.ExecuteThread.waitForRequest(ExecuteThread.java:153)
     - locked <5cb6ea80> (a weblogic.kernel.ExecuteThread)
     at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:172)
"ExecuteThread: '2' for queue: 'weblogic.socket.Muxer'" daemon prio=10 tid=00079aa8 nid=47 lwp_id=23978 waiting for monitor entry [0x56fd9000..0x56fd94c0]
     at weblogic.socket.PosixSocketMuxer.processSockets(PosixSocketMuxer.java:93)
     - waiting to lock <5ca5efe0> (a java.lang.String)
     at weblogic.socket.SocketReaderRequest.execute(SocketReaderRequest.java:32)
     at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:219)
     at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:178)
"ExecuteThread: '1' for queue: 'weblogic.socket.Muxer'" daemon prio=10 tid=00079940 nid=46 lwp_id=23977 waiting for monitor entry [0x5705a000..0x5705a4c0]
     at weblogic.socket.PosixSocketMuxer.processSockets(PosixSocketMuxer.java:93)
     - waiting to lock <5ca5efe0> (a java.lang.String)
     at weblogic.socket.SocketReaderRequest.execute(SocketReaderRequest.java:32)
     at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:219)
     at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:178)
"ExecuteThread: '0' for queue: 'weblogic.socket.Muxer'" daemon prio=10 tid=000797d8 nid=45 lwp_id=23976 runnable [0x570db000..0x570db4c0]
     at weblogic.socket.PosixSocketMuxer.poll(Native Method)
     at weblogic.socket.PosixSocketMuxer.processSockets(PosixSocketMuxer.java:100)
     - locked <5ca5efe0> (a java.lang.String)
     at weblogic.socket.SocketReaderRequest.execute(SocketReaderRequest.java:32)
     at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:219)
     at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:178)
"weblogic.security.SpinnerRandomSource" daemon prio=10 tid=00079670 nid=44 lwp_id=23974 in Object.wait() [0x5715c000..0x5715c4c0]
     at java.lang.Object.wait(Native Method)
     - waiting on <5ca48110> (a java.lang.Object)
     at java.lang.Object.wait(Object.java:429)
     at weblogic.security.SpinnerRandomBitsSource.run(SpinnerRandomBitsSource.java:60)
     - locked <5ca48110> (a java.lang.Object)
     at java.lang.Thread.run(Thread.java:534)
"weblogic.time.TimeEventGenerator" daemon prio=10 tid=00079508 nid=43 lwp_id=23973 in Object.wait() [0x571dd000..0x571dd4c0]
     at java.lang.Object.wait(Native Method)
     - waiting on <5ca46690> (a weblogic.time.common.internal.TimeTable)
     at weblogic.time.common.internal.TimeTable.snooze(TimeTable.java:272)
     - locked <5ca46690> (a weblogic.time.common.internal.TimeTable)
     at weblogic.time.common.internal.TimeEventGenerator.run(TimeEventGenerator.java:118)
     at java.lang.Thread.run(Thread.java:534)
"ExecuteThread: '4' for queue: 'weblogic.kernel.System'" daemon prio=10 tid=000793a0 nid=42 lwp_id=23972 in Object.wait() [0x5725e000..0x5725e4c0]
     at java.lang.Object.wait(Native Method)
     at java.lang.Object.wait(Object.java:429)
     at weblogic.kernel.ExecuteThread.waitForRequest(ExecuteThread.java:153)
     - locked <5ca45e18> (a weblogic.kernel.ExecuteThread)
     at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:172)
"ExecuteThread: '3' for queue: 'weblogic.kernel.System'" daemon prio=10 tid=00079238 nid=41 lwp_id=23971 in Object.wait() [0x572df000..0x572df4c0]
     at java.lang.Object.wait(Native Method)
     at java.lang.Object.wait(Object.java:429)
     at weblogic.kernel.ExecuteThread.waitForRequest(ExecuteThread.java:153)
     - locked <5ca45958> (a weblogic.kernel.ExecuteThread)
     at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:172)
"ExecuteThread: '2' for queue: 'weblogic.kernel.System'" daemon prio=10 tid=000790d0 nid=40 lwp_id=23970 in Object.wait() [0x57360000..0x573604c0]
     at java.lang.Object.wait(Native Method)
     at java.lang.Object.wait(Object.java:429)
     at weblogic.kernel.ExecuteThread.waitForRequest(ExecuteThread.java:153)
     - locked <5ca45498> (a weblogic.kernel.ExecuteThread)
     at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:172)
"ExecuteThread: '1' for queue: 'weblogic.kernel.System'" daemon prio=10 tid=00078f68 nid=39 lwp_id=23969 in Object.wait() [0x573e1000..0x573e14c0]
     at java.lang.Object.wait(Native Method)
     at java.lang.Object.wait(Object.java:429)
     at weblogic.kernel.ExecuteThread.waitForRequest(ExecuteThread.java:153)
     - locked <5ca44fd8> (a weblogic.kernel.ExecuteThread)
     at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:172)
"ExecuteThread: '0' for queue: 'weblogic.kernel.System'" daemon prio=10 tid=00078e00 nid=38 lwp_id=23968 in Object.wait() [0x57462000..0x574624c0]
     at java.lang.Object.wait(Native Method)
     - waiting on <5ca44b18> (a weblogic.kernel.ExecuteThread)
     at java.lang.Object.wait(Object.java:429)
     at weblogic.kernel.ExecuteThread.waitForRequest(ExecuteThread.java:153)
     - locked <5ca44b18> (a weblogic.kernel.ExecuteThread)
     at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:172)
"ExecuteThread: '24' for queue: 'weblogic.kernel.Default'" daemon prio=10 tid=00078c98 nid=37 lwp_id=23967 runnable [0x574e4000..0x574e34c0]
     at java.net.SocketInputStream.socketRead0(Native Method)
     at java.net.SocketInputStream.read(SocketInputStream.java:134)
     at oracle.net.ns.Packet.receive(Unknown Source)
     at oracle.net.ns.DataPacket.receive(Unknown Source)
     at oracle.net.ns.NetInputStream.getNextPacket(Unknown Source)
     at oracle.net.ns.NetInputStream.read(Unknown Source)
     at oracle.net.ns.NetInputStream.read(Unknown Source)
     at oracle.net.ns.NetInputStream.read(Unknown Source)
     at oracle.jdbc.driver.T4CMAREngine.unmarshalUB1(T4CMAREngine.java:971)
     at oracle.jdbc.driver.T4CMAREngine.unmarshalSB1(T4CMAREngine.java:941)
     at oracle.jdbc.driver.T4C8Oall.receive(T4C8Oall.java:432)
     at oracle.jdbc.driver.T4CCallableStatement.doOall8(T4CCallableStatement.java:180)
     at oracle.jdbc.driver.T4CCallableStatement.execute_for_rows(T4CCallableStatement.java:783)
     at oracle.jdbc.driver.OracleStatement.doExecuteWithTimeout(OracleStatement.java:1027)
     at oracle.jdbc.driver.OraclePreparedStatement.executeInternal(OraclePreparedStatement.java:2885)
     at oracle.jdbc.driver.OraclePreparedStatement.execute(OraclePreparedStatement.java:2976)
     - locked <5d4c8b68> (a oracle.jdbc.driver.T4CCallableStatement)
     - locked <5d01e348> (a oracle.jdbc.driver.T4CConnection)
     at oracle.jdbc.driver.OracleCallableStatement.execute(OracleCallableStatement.java:4103)
     - locked <5d4c8b68> (a oracle.jdbc.driver.T4CCallableStatement)
     - locked <5d01e348> (a oracle.jdbc.driver.T4CConnection)
     at weblogic.jdbc.wrapper.PreparedStatement.execute(PreparedStatement.java:102)
     at com.jnj.jjprd.compoundrequester.dataobjects.DeliveryDO.creatOrderOnSubmitRequest(DeliveryDO.java:157)
     at com.jnj.jjprd.compoundrequester.servlets.RequestConfirmedServlet.processInitialScreen(RequestConfirmedServlet.java:264)
     at com.jnj.jjprd.compoundrequester.servlets.RequestConfirmedServlet.service(RequestConfirmedServlet.java:115)
     at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
     at weblogic.servlet.internal.ServletStubImpl$ServletInvocationAction.run(ServletStubImpl.java:1006)
     at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:419)
     at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:315)
     at weblogic.servlet.internal.RequestDispatcherImpl.forward(RequestDispatcherImpl.java:322)
     at com.jnj.jjprd.compoundrequester.servlets.AbstractRequesterServlet.forwardTo(AbstractRequesterServlet.java:140)
     at com.jnj.jjprd.compoundrequester.servlets.RequestInformationServlet.processSubmitRequest(RequestInformationServlet.java:312)
     at com.jnj.jjprd.compoundrequester.servlets.RequestInformationServlet.service(RequestInformationServlet.java:102)
     at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
     at weblogic.servlet.internal.ServletStubImpl$ServletInvocationAction.run(ServletStubImpl.java:1006)
     at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:419)
     at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:315)
     at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:6718)
     at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
     at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:121)
     at weblogic.servlet.internal.WebAppServletContext.invokeServlet(WebAppServletContext.java:3764)
     at weblogic.servlet.internal.ServletRequestImpl.execute(ServletRequestImpl.java:2644)
     at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:219)
     at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:178)
"ExecuteThread: '23' for queue: 'weblogic.kernel.Default'" daemon prio=10 tid=00078b30 nid=36 lwp_id=23966 runnable [0x57565000..0x575644c0]
     at java.net.SocketInputStream.socketRead0(Native Method)
     at java.net.SocketInputStream.read(SocketInputStream.java:134)
     at oracle.net.ns.Packet.receive(Unknown Source)
     at oracle.net.ns.DataPacket.receive(Unknown Source)
     at oracle.net.ns.NetInputStream.getNextPacket(Unknown Source)
     at oracle.net.ns.NetInputStream.read(Unknown Source)
     at oracle.net.ns.NetInputStream.read(Unknown Source)
     at oracle.net.ns.NetInputStream.read(Unknown Source)
     at oracle.jdbc.driver.T4CMAREngine.unmarshalUB1(T4CMAREngine.java:971)
     at oracle.jdbc.driver.T4CMAREngine.unmarshalSB1(T4CMAREngine.java:941)
     at oracle.jdbc.driver.T4C8Oall.receive(T4C8Oall.java:432)
     at oracle.jdbc.driver.T4CCallableStatement.doOall8(T4CCallableStatement.java:180)
     at oracle.jdbc.driver.T4CCallableStatement.execute_for_rows(T4CCallableStatement.java:783)
     at oracle.jdbc.driver.OracleStatement.doExecuteWithTimeout(OracleStatement.java:1027)
     at oracle.jdbc.driver.OraclePreparedStatement.executeInternal(OraclePreparedStatement.java:2885)
     at oracle.jdbc.driver.OraclePreparedStatement.execute(OraclePreparedStatement.java:2976)
     - locked <7a880610> (a oracle.jdbc.driver.T4CCallableStatement)
     - locked <7a880958> (a oracle.jdbc.driver.T4CConnection)
     at oracle.jdbc.driver.OracleCallableStatement.execute(OracleCallableStatement.java:4103)
     - locked <7a880610> (a oracle.jdbc.driver.T4CCallableStatement)
     - locked <7a880958> (a oracle.jdbc.driver.T4CConnection)
     at weblogic.jdbc.wrapper.PreparedStatement.execute(PreparedStatement.java:102)
     at com.jnj.jjprd.compoundrequester.dataobjects.DeliveryDO.creatOrderOnSubmitRequest(DeliveryDO.java:157)
     at com.jnj.jjprd.compoundrequester.servlets.RequestConfirmedServlet.processInitialScreen(RequestConfirmedServlet.java:264)
     at com.jnj.jjprd.compoundrequester.servlets.RequestConfirmedServlet.service(RequestConfirmedServlet.java:115)
     at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
     at weblogic.servlet.internal.ServletStubImpl$ServletInvocationAction.run(ServletStubImpl.java:1006)
     at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:419)
     at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:315)
     at weblogic.servlet.internal.RequestDispatcherImpl.forward(RequestDispatcherImpl.java:322)
     at com.jnj.jjprd.compoundrequester.servlets.AbstractRequesterServlet.forwardTo(AbstractRequesterServlet.java:140)
     at com.jnj.jjprd.compoundrequester.servlets.RequestInformationServlet.processSubmitRequest(RequestInformationServlet.java:312)
     at com.jnj.jjprd.compoundrequester.servlets.RequestInformationServlet.service(RequestInformationServlet.java:102)
     at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
     at weblogic.servlet.internal.ServletStubImpl$ServletInvocationAction.run(ServletStubImpl.java:1006)
     at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:419)
     at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:315)
     at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:6718)
     at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
     at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:121)
     at weblogic.servlet.internal.WebAppServletContext.invokeServlet(WebAppServletContext.java:3764)
     at weblogic.servlet.internal.ServletRequestImpl.execute(ServletRequestImpl.java:2644)
     at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:219)
     at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:178)
vs
Edited by sw_vishal at 09/25/2007 10:29 AM

Weblogic 10.3.2 - Visitor entitlements role issue

1)I am upgrading my weblogic portal application from Weblogic 8.1SP4 to Weblogic 10.3.2 version. I found that roles that created under visitor entitlements thru weblogic portal administration portal are not visible to assigned user.For example I created testRole for my application and added user testuser to this user.When I login to my portal application this user should able to see the portal page that related to testRole.But currently this is not working.
To fix the above issue I created one new group under User and groups management and added the above user to that group and added that group to testRole. Now the user is able to see the portal pages
My question is why the user is not able to access the roles when he is not part of any group.Because My portal application have different business users with different entitlement setups which I cannot categorize under groups.
The above functionality is working fine in Weblogic8.1SP4 production environment.
Regards,
Satya

I think the rolemappings in the application are mapped to groups.
The rolemappings are defined through deployment overrides, such as for example, weblogic.xml (which is located in the WEB-INF/lib directory of a WAR file).
An example of such a role mapping is the following:
<weblogic-web-app ...>
     <security-role-assignment>
          <role-name>EMPLOYEE</role-name>
          <principal-name>employees</principal-name>
     </security-role-assignment>
     <security-role-assignment>
          <role-name>MANAGER</role-name>
          <principal-name>managers</principal-name>
     </security-role-assignment>
</weblogic-web-app>The role-name(s) are set in the web.xml of the application, through a security constraint. The principle names are the user or group names
configured in the admin console.
When you edit the weblogic.xml to included a security role assignment and add role-name - principle-name mapping, for example
<security-role-assignment>
     <role-name>visitor</role-name>
     <principal-name>testuser</principal-name>
</security-role-assignment>now the testuser has visitor rights.

Other web browsers and security issues?

Since even an Apple KB article recognizes the need for an additional browser and because of Safari's limitations and problems, I'm going to try switching to another browser (most likely OmniWeb and am looking at Firefox, Shira and Opera also though perhaps not as a primary browser) but I'm wondering about their ability to keep on top of any security issues for Mac? (and how do you keep up with security updates?)
Though perhaps unfounded, at least with Safari, I feel that Apple has a vested interest in keeping on top of security issues (for Safari and Java) and I can readily find out about security updates via software updater.

Most of the other Mac browsers have their adherents. They are all good browsers (I have 7 browsers installed to test various web sites and for change-of-pace usage). They all have their strengths and they all have their weaknesses. Only iCab and OmniWeb are still shareware, the rest are now or always have been free (Opera just recently stopped charging for its browser).
I have settled on Firefox as my alternate browser and I use it maybe just a tad more than Safari, but I do switch back and forth between them. The Mozilla foundation is good at getting security updates out when needed. Firefox has a button on the toolbar to check for updates. One nice thing about Firefox is that you can install free extensions which enhance the features available. I have one to supplement tab features, one to control iTunes from Firefox's status bar, one to help me format messages in discussion forums, and one to block ads.
I prefer OmniWeb for doing intensive research because of the way it handles tabs in its sidebar, showing me which ones I've looked at and which ones I haven't, and giving me great flexibility in rearranging tabs, which are viewable as thumbnails or text names (I have had up to a hundred or so tabs open in OmniWeb.
Shiira is good and its fast. I have not checked for updates for a while, but the last time I updated there was still a problem with Shiira kicking you out of logged-in sites when you moved from page to page with in web site. This may have been fixed by now - they were aware of the problem back then.
Camino is a native OS X cousin of Firefox and is also fast, but is not updated as often.
I would stay away from Mozilla or Netscape unless you need all the additional modules they have and which take up hard disk space. Firefox and Camino represent the browser module of Mozilla/Netscape. Mozilla and Netscape have modules for email, irc chat, newsgroups, and for creating and editing web pages. Netscape is a branded and slightly customized version of Mozilla and is not updated as often.
Opera is a nice browser and some use it as their main browser, but I have not seen anything that really stands out for me, but that does not mean it is not worth a look.
I would stay away from abandonware Internet Explorer.
As for checking for updates, several of them, as with many Mac programs, now have a menu item that allows you to check for updates. Most of them also announce their updates on both VersionTracker and MacUpdate.
Happy Exploring.

Security Issue with Apple ID

Today while using my iphone and trying to use facetime for the first time since updating to IOS6, my phone asked me if I wanted to use some email address that I do not have for facetime. What? The message pretty much said that this email address was linked to my apple ID. So I got to work logged into AppleID.Apple.com and saw the email address verified and also saw it displayed as an alternate apple id. Immediately, I changed my Apple ID password and called apple at 1800myapple since that is the number on the website and try to talk to someone that could assist me with this severe issue. Anyway, my iphone went dead and the people on the phone couldn't connect me to anyone because I couldn't give them a serial number to an apple device. I tried to explain to the technicians that this is a problem with my ID and that the alternate ID has access to everything that my Apple ID has access to. Both times the call went nowhere. This is ridiculous. Why can't I talk to a security team? Why is the technician telling me that I can manage my ID from the website, when I know that I am looking at the website and I cannot remove the alternate ID? How did this ID get associated with my account and why did I never receive an email informing me of the change?
Since Apple has other services and not just products STOP ASKING FOR A SERIAL NUMBER AND ASSIST THE CUSTOMER WITH THE ISSUE especially since it is a SECURITY ISSUE.

oh man, I know exactly what you're talking about. i have a relatively easy to guess apple id email and everybody in the world thinks it's theirs... but once I turned on two-step authentication, the emails stopped completely. here's a faq about it:
http://support.apple.com/kb/HT5570
once i turned that on, whenever they'd want to reset my password, they would get asked for my recovery key, which they don't have, haha! victory is mine.

HFM Security Issue - User can submit a journal by by-passing the approval step even though they are not an admin.

Hi All,
I was wondering if anyone could help me with a HFM security issue on HFM 11.1.2.3 we are facing please?
The problem is that a user can by-pass the journal approval stage and post directly after submitting if Custom4 access control=All is selected.
If any of the other access controls (None, Read, Promote) for custom 4 are selected, the first two steps of the process are possible -
input and approval of the journal are possible but final posting of the journal is not and returns an error that says:
"User does not have the access right to perform this journal task"
The options I have thought for a workaround are as follows:
1.       1. Set up a 3rd user called data poster and remove submit journal role from user 1 (data inputter)
2.       2. Put in place process control and use the various review levels (could be quite time consuming given there is no time left for development)
Have anyone experienced this before and come up with a quick way of resolving this please? It would be very much appreciated.
We have two types of users who are associated with groups in HFM and have the appropriate roles assigned to them to complete their tasks,
they are:
1. A data Inputter (who inputs base data and journals, who has access to create and submit journals)
2.   2. A data reviewer (who approves journals)
The process is as follows:
1.       1. Logon as Data inputter to submit the journals
2.       2. Logon as Data reviewer to approve the journals
3.       3. Logon as Data inputter to post the Journals
We are using the custom 4 member to identify different adjustment types. At the moment we are able to set it up in such a way whereby Steps 1 and 2 can be completed
but once it comes back to step 3, we get an error as follows:
"User does not have the access right to perform this journal task"
(This error comes about when the access control on custom 4 is set to None, Read, Promote)
Custom 4 Access Rights looks as follows:
C4_ADJ01
C4_ADJ02
C4_ADJ03
C4_ADJ04
HFMDefault
Read
Read
Read
Read
HFMLoad
All
Promote
None
Read
HFMReview
Read
All
All
All
When Custom 4=C4_ADJ01 all 3 steps can be completed but it by-passes step 2 (journal approval).
For all other Custom 4 we complete steps 1 and 2 successfully but not step 3 due to access issues.
Roles for the groups that users assigned look like the following:
Test User Name
Test User Name
Access Rights
1
Base Data input/Journal Data input
test_HFMLoad
Reviewer 1
Review Supervisor
Create Journals
Read Journals
Database Management
Enable write back in Web Grid
Load Excel Data
Generate Recurring
Post Journals
Create Unbalanced Journals
Manage Templates
Data Form Write Back from Excel
Consolidate
2
Data Reviewer
test_HFMReview
Reviewer 1
Review Supervisor
Create Journals
Read Journals
Database Management
Approve Journals
Consolidate
Reviewer 2
Generate Recurring
Manage Templates
Create Unbalanced Journals
Any help or advice would be much appreciated.
Thanks in advance,
M.

Hi All,
I was wondering if anyone could help me with a HFM security issue on HFM 11.1.2.3 we are facing please?
The problem is that a user can by-pass the journal approval stage and post directly after submitting if Custom4 access control=All is selected.
If any of the other access controls (None, Read, Promote) for custom 4 are selected, the first two steps of the process are possible -
input and approval of the journal are possible but final posting of the journal is not and returns an error that says:
"User does not have the access right to perform this journal task"
The options I have thought for a workaround are as follows:
1.       1. Set up a 3rd user called data poster and remove submit journal role from user 1 (data inputter)
2.       2. Put in place process control and use the various review levels (could be quite time consuming given there is no time left for development)
Have anyone experienced this before and come up with a quick way of resolving this please? It would be very much appreciated.
We have two types of users who are associated with groups in HFM and have the appropriate roles assigned to them to complete their tasks,
they are:
1. A data Inputter (who inputs base data and journals, who has access to create and submit journals)
2.   2. A data reviewer (who approves journals)
The process is as follows:
1.       1. Logon as Data inputter to submit the journals
2.       2. Logon as Data reviewer to approve the journals
3.       3. Logon as Data inputter to post the Journals
We are using the custom 4 member to identify different adjustment types. At the moment we are able to set it up in such a way whereby Steps 1 and 2 can be completed
but once it comes back to step 3, we get an error as follows:
"User does not have the access right to perform this journal task"
(This error comes about when the access control on custom 4 is set to None, Read, Promote)
Custom 4 Access Rights looks as follows:
C4_ADJ01
C4_ADJ02
C4_ADJ03
C4_ADJ04
HFMDefault
Read
Read
Read
Read
HFMLoad
All
Promote
None
Read
HFMReview
Read
All
All
All
When Custom 4=C4_ADJ01 all 3 steps can be completed but it by-passes step 2 (journal approval).
For all other Custom 4 we complete steps 1 and 2 successfully but not step 3 due to access issues.
Roles for the groups that users assigned look like the following:
Test User Name
Test User Name
Access Rights
1
Base Data input/Journal Data input
test_HFMLoad
Reviewer 1
Review Supervisor
Create Journals
Read Journals
Database Management
Enable write back in Web Grid
Load Excel Data
Generate Recurring
Post Journals
Create Unbalanced Journals
Manage Templates
Data Form Write Back from Excel
Consolidate
2
Data Reviewer
test_HFMReview
Reviewer 1
Review Supervisor
Create Journals
Read Journals
Database Management
Approve Journals
Consolidate
Reviewer 2
Generate Recurring
Manage Templates
Create Unbalanced Journals
Any help or advice would be much appreciated.
Thanks in advance,
M.

Can I create a form that doesn't trigger Acrobat's JavaScript disabled / security issues warning?

Hello,
Can I create a pdf that doesn't trigger Acrobat's JavaScript is currently disabled and this document uses it for some features. Enabling JavaScript can lead to potential security issues.
I even get this error when I create a blank pdf.
I'm not using any JavaScript in the form and the nature of the message might tend to be a bit scary to some people since it mentions enabling JS can lead to potential security issues. I basically want to disable the messaging of a feature I'm not even using.
Anyone know if this is possible and if so, how I go about it?
Thank you.

Hi,
I too share your frustration!!
Unfortunately I do not have a complete answer for you.
From the start I must say that Stefan Cameron has been very helpful (http://forms.stefcameron.com/2010/01/14/acrobatreader-9-3-now-available/), however I have not had sufficient time available to deal with the issue (or find a satisfactory resolution).
The original post that Srini shared with you related to an XFA form that had FormCalc and Javascript in it. I will now share with you another situation that is closer to your experiences.
Sometimes where we have a complex solution/form, we often give our users a PDF with instructions and demonstrations. We generate these using Adobe products:
LiveCycle Designer ES to generate the solution/form;
Captivate to record the demonstration (.swf);
Acrobat to package it up in a static PDF.
The screen shots below are from a PDF that includes written instructions and six Flash (.swf) files. The PDF does NOT include fields/form objects and does NOT include any FormCalc or Javascript.
One of the big sells in Acrobat 9 was that Adobe had fully integrated Flash (Adobe product, ex. Macromedia) into Acrobat 9. This mean that .swf files could run natively inside a PDF. Brilliant!!! The website today is still pushing this message, for example:
Now bear in mind that the following screenshots are from a PDF that does not contain any scripting - its sole purpose is to "inform" the user, "look as good as the work I put into it", incorporate instruction and "multimedia" in a "single polished file" and I should be "confident that my audience will be able to view my work exactly as intended".
Not so!!
When the user now opens the form, all looks OK. No warning. They can read the instructions and scroll down to the multimedia (.swf files).
However when the user clicks on the multimedia, the yellow bar appears:
I go through the "trust" process:
And the PDF looks like it is OK, no yellow bar. When I click on the multimedia, it begins to play - yes!! BUT ONLY FOR A SECOND OR TWO AND THEN IT STOPS AND GOES BACK TO THE START - AGGGGHHHHHHH!!!!!. I would apologise for shouting, but this is beyond frustration. The work in capturing six screencasts in Captivate, annotating them, publishing to .swf and packaging up in Acrobat has been a complete waste of time. Worse than that I now have several PDFs out there, that do not work. Good advertisement for my business? I don't think so!!
The document that Stefan provided (Managing JavaScript Execution in the Acrobat Family of Products) does not mention Flash/.swf as being a problem. However I would recommend that you go through this document, as it may help you.
So, where to now? I don't know. The previous posts and Stefan's responses have several urls that may help. You should maybe consider logging your experiences as a bug (log at Adobe).
In the meantime good luck,
Niall
UPDATE:
This behaviour (.swf playing for only a few seconds) happens in PDFs where the .swf is inserted as legacy media to run in earlier versions of Acrobat/Reader. In this case Acrobat/Reader is making an external call to Flash Player. Hence the yellow bar. However it does not explain why the Flash video still does not play when trusted.
If the .swf is added into the PDF as Flash media to run on Acrobat 9 and above, then it works without displaying the yellow warning bar.
So maybe any feature of your PDF that calls an external resource is likely to show the yellow warning bar.

Weblogic 8.1 SP4 Two Interesting Security Issues

Similar Messages

Maybe you are looking for