With VPD I see other users results - problems with AM caching??

I am using JDeveloper 11.1.1.0.2.
In my application I have 3 Appllication Modules (Admin, Store and Sale) and I use VPD and setcontext in every AM.
@Override
protected void prepareSession(Session session) {
super.prepareSession(session);
setVPDcontext();
private void setVPDcontext() {
String userName = getUserContext().getUserId();
String ind = "J";
String sql =
"begin xxx_context.set_context('" + userName +
"', '" + ind + "'); end;";
java.sql.CallableStatement stmt = null;
try {
stmt = getDBTransaction().createCallableStatement(sql, 0);
stmt.execute();
catch (SQLException se) {
throw new JboException(se.getMessage());
finally {
if (stmt != null) {
try {
stmt.close();
catch (SQLException e) {
throw new JboException(e);
The problem is that I see the results of previous VPD-queries.
3 testcases:
1. User1 has access to 3 AM (Admin, Store, Sale), if I log in I can see the correct results in the application (in Admin, Store and Sale).
User2 has only access to 1 AM (Store), If I log in as User2 I see the results of User1 in Store (wrong).
2. After restarting the weblogic server and logging in as User2 I see the correct results for User2!
If I log in as User1 I see the results of User2 in Store (wrong!!) and the correct results in Admin and Sale!
3. User1 has access to 3 AM (Admin, Store, Sale), if I login as user User1 I only use Admin and Sale (so there are no cached results for Store).
User3 has access to Sale and Store. If I login as User3 I see the results of User1 in Sale and the correct result in Store.
Conclusion: I see cached query results of the first user who logges in a Application Module. Only restarting the Weblogic Server makes the cache empty. The problem only occurs with queries with VPD.
How can I resolve this problem?

User,
I'm on a bind variable crusade today (not the answer to your question, unfortunately). Please please please please use bind variables instead of gluing literals together like that (use PreparedStatement instead of callable statement). You can also parse the PreparedStatement once and avoid the overhead of parsing on each call to prepareSession.
John

Similar Messages

  • How to see other users gift list in atg

    Hi Guys,
    As Giftlist are public we can see other user giftlists also
    could  you please tell me how to see other users giftlists in atg ?

    There is an example of this in the demo CRS application (Page store.war/giftlists/giftListSerach.jsp)From the docs:
    The /atg/commerce/gifts/GiftlistSearch form handler searches the repository for gift lists. The form handler uses input from the customer, such as owner name, event name, event type and state, to find gift lists published by other customers. It returns a list of gift lists that match the given criteria.
    GiftlistSearch should be session-scoped because multiple pages are typically involved in gathering and displaying information for gift list searching (for example, you might want to maintain a list of results for paging purposes). This form handler uses supporting servlet beans to add the retrieved gift lists to the customer’s profile and to display gift list contents.

  • How do you use Time Machine to restore a specific users account?  I can't do it from the user screen because I am not allowed.  I can't do it from the admin because I can't see other users in Time machine.

    I can't restore my user account from the users screen because I get an alert that Mac OS needs something.  I can't restore in TimaeMachine from the Admin screen because I can't see other users home folders.  What can I do?

    See Pondini's TM FAQs for starters.

  • Why do I see other users when I open Finder?  Devices, Shared, Places...

    When I see "shared" and a user's name is listed, I assume they cannot see my files - but rather - they are only listed on the 'network' as a user that is in the area...is that correct?

    If this is your own private home network, then they are a user on your network.
    That most likely means they are using your network and internet connection.
    If you are password protected they can't see your files but real hackers can blow through most passwords.
    You might consider changing your network to require a password to use your network.
    This will stop others from using your network and your bandwidth on the internet.
    Edit:
    If this not your network and is a network on the road then it is normal to see other users on the network.

  • Convergence problem -- users seeing other users' mailboxes

    Hello, all!
    We seem to be having rather a shocking problem with Convergence -- in certain rare circumstances, people logging in to Convergence sometimes end up with other people's mailboxes instead of their own.
    Today, we had another of such incidents reported to our helpdesk -- after the issue was passed to my division, I decided to visit the affected user's desktop to see who they were logged in as, plus some particulars from cookes that Convergence uses, thinking that it may be related to a recent patch we received as a response from a Sun Support ticket filed about a similar incident. Afterwards, I went back to the server and started reading logs to see if I could pinpoint the root cause of what happened.
    Note that these logs have been sanitized -- <INCORRECT_USER> represents the username of the mailbox that the affected user saw instead of their own, <AFFECTED_IP> represents the IP address of the affected user's IP address, and <PREVIOUS_IP> represents the IP address of the user trying to access their mailbox that was seen by the affected user as well. (The IPs are not the same and are not in the same subnet.)
    So, from our Glassfish domain's access logs:
    "<AFFECTED_IP>" "NULL-AUTH-USER" "09/Nov/2010:11:04:37 -0600" "GET /iwc/svc/wmap/msg.mjs?rev=3&sid=&mbox=INBOX&uid=457&process=html%2Cjs%2Clink%2Ctarget%2Cbinhex&maxtext=155000&security=false&lang=en&token=KZc9jnOair&dojo.preventCache=1289322277283 HTTP/1.1" 200 6184
    That was the last access from the affected user's IP address before the incident begins -- this is just to show that they didn't log out. Then:
    "<PREVIOUS_IP>" "NULL-AUTH-USER" "09/Nov/2010:11:19:06 -0600" "GET /iwc_static/layout/login.html?lang=en-us&14.01_234924&svcs=abs,im,mail,calendar,c11n HTTP/1.1" 200 5095
    ...the other user visits the login page to try and log in. (I'll spare everyone the accesses to the preloading of Convergence's UI images. =) After a while, the other user attempts to log in and is successfully sent to main.html:
    "<PREVIOUS_IP>" "NULL-AUTH-USER" "09/Nov/2010:11:19:11 -0600" "POST /iwc/svc/iwcp/login.iwc HTTP/1.1" 200 312
    "<PREVIOUS_IP>" "NULL-AUTH-USER" "09/Nov/2010:11:19:11 -0600" "GET /iwc_static/layout/main.html?lang=en&14.01_234924& HTTP/1.1" 200 8856
    However, out of the blue:
    "<AFFECTED_IP>" "NULL-AUTH-USER" "09/Nov/2010:11:19:11 -0600" "POST /iwc/svc/iwcp/login.iwc HTTP/1.1" 200 312
    "<AFFECTED_IP>" "NULL-AUTH-USER" "09/Nov/2010:11:19:11 -0600" "POST /iwc/svc/wmap/cmd.mjs HTTP/1.1" 200 17
    ...the affected user tries to log in as well, then ask the AJAX cmd process to do something. The affected user mentioned that they usually stay connected to Convergence and just reopen a browser window when they need to check their mail. This seems consistent -- main.html probably prompted the affected user to retype their password to continue on after the previous commmand above failed after an expired session after they closed their browser window.
    Now, according to Convergence's iwc.log:
    AUTH: DEBUG from com.sun.comms.client.web.sso.SSOFilter Thread httpSSLWorkerThread-443-36 ipaddress=<PREVIOUS_IP> sessionid= at 11/09/10 11:19:06,582- SSO is disabled
    AUTH: DEBUG from com.sun.comms.client.web.auth.IwcAuthController Thread httpSSLWorkerThread-443-36 ipaddress=<PREVIOUS_IP> sessionid= at 11/09/10 11:19:06,583- No valid session found, redirecting to login page
    AUTH: DEBUG from com.sun.comms.client.web.auth.IwcAuthController Thread httpSSLWorkerThread-443-36 ipaddress=<PREVIOUS_IP> sessionid= at 11/09/10 11:19:06,584- Redirecting to: /iwc_static/layout/login.html?lang=en-us&14.01_234924&svcs=abs,im,mail,calendar,c11n
    The other user visits the site and is redirected to login.html, then...
    AUTH: DEBUG from com.sun.comms.client.web.sso.SSOFilter Thread httpSSLWorkerThread-443-33 ipaddress=<PREVIOUS_IP> sessionid= at 11/09/10 11:19:14,410- SSO is disabled
    PROTOCOL: DEBUG from com.sun.comms.client.protocol.ProtocolEngineServlet Thread httpSSLWorkerThread-443-33 ipaddress=<PREVIOUS_IP> sessionid= at 11/09/10 11:19:14,411- Iwc Protocol command issued: login.iwc
    AUTH: WARN from com.sun.comms.client.protocol.delegate.agent.LoginContextAgent Thread httpSSLWorkerThread-443-33 ipaddress=<PREVIOUS_IP> sessionid= at 11/09/10 11:19:14,413- Subject not found in session, creating one
    AUTH: DEBUG from com.sun.comms.client.protocol.delegate.agent.LoginContextAgent Thread httpSSLWorkerThread-443-33 ipaddress=<PREVIOUS_IP> sessionid= at 11/09/10 11:19:14,414- Loaded com.sun.comms.client.security.auth.AppCallbackHandler class
    AUTH: DEBUG from com.sun.comms.client.security.auth.modules.impl.SunLDAPLoginModule Thread httpSSLWorkerThread-443-33 ipaddress=<PREVIOUS_IP> sessionid= at 11/09/10 11:19:14,416- SunLDAPLoginModule:initialize()
    AUTH: DEBUG from com.sun.comms.client.security.auth.modules.impl.SunLDAPLoginModule Thread httpSSLWorkerThread-443-33 ipaddress=<PREVIOUS_IP> sessionid= at 11/09/10 11:19:14,504- SunLDAPLoginModule:login()
    AUTH: INFO from com.sun.comms.client.security.auth.modules.impl.SunAuthCallBack Thread httpSSLWorkerThread-443-33 ipaddress=<PREVIOUS_IP> sessionid= at 11/09/10 11:19:14,506- User LoginID is <INCORRECT_USER>
    AUTH: DEBUG from com.sun.comms.client.security.auth.modules.impl.SunAuthCallBack Thread httpSSLWorkerThread-443-33 ipaddress=<PREVIOUS_IP> sessionid= at 11/09/10 11:19:14,508- Host header is connect.siue.edu
    AUTH: DEBUG from com.sun.comms.client.security.auth.modules.impl.SunAuthCallBack Thread httpSSLWorkerThread-443-33 ipaddress=<PREVIOUS_IP> sessionid= at 11/09/10 11:19:14,510- Attempting to resolve User's domain/organization: siue.edu from the host header...
    AUTH: INFO from com.sun.comms.client.security.auth.modules.impl.SunAuthCallBack Thread httpSSLWorkerThread-443-33 ipaddress=<PREVIOUS_IP> sessionid= at 11/09/10 11:19:14,511- User domain is siue.edu
    AUTH: DEBUG from com.sun.comms.client.security.auth.AppCallbackHandler Thread httpSSLWorkerThread-443-33 ipaddress=<PREVIOUS_IP> sessionid= at 11/09/10 11:19:14,513- Done Handling Callback class: com.sun.comms.client.security.auth.modules.impl.SunLDAPAuthCallBack
    AUTH: DEBUG from com.sun.comms.client.security.auth.AppCallbackHandler Thread httpSSLWorkerThread-443-33 ipaddress=<PREVIOUS_IP> sessionid= at 11/09/10 11:19:14,514- Done Handling Callback class: com.sun.comms.client.security.auth.AuthorizationIdCallback
    AUTH: DEBUG from com.sun.comms.client.security.auth.modules.impl.SunLDAPLoginModule Thread httpSSLWorkerThread-443-33 ipaddress=<PREVIOUS_IP> sessionid= at 11/09/10 11:19:14,516- SunLDAPLoginModule:lookupUser()
    AUTH: INFO from com.sun.comms.client.security.auth.modules.impl.SunLDAPLoginModule Thread httpSSLWorkerThread-443-33 ipaddress=<PREVIOUS_IP> sessionid= at 11/09/10 11:19:14,517- Loaded UG LDAP pool...
    AUTH: DEBUG from com.sun.comms.client.security.auth.modules.impl.SunLDAPLoginModule Thread httpSSLWorkerThread-443-33 ipaddress=<PREVIOUS_IP> sessionid= at 11/09/10 11:19:14,521- Releasing UG LDAP to pool
    AUTH: DEBUG from com.sun.comms.client.security.auth.modules.impl.SunLDAPLoginModule Thread httpSSLWorkerThread-443-33 ipaddress=<PREVIOUS_IP> sessionid= at 11/09/10 11:19:14,523- Loaded Auth LDAP pool...
    AUTH: DEBUG from com.sun.comms.client.security.auth.modules.impl.SunLDAPLoginModule Thread httpSSLWorkerThread-443-33 ipaddress=<PREVIOUS_IP> sessionid= at 11/09/10 11:19:14,527- Releasing Auth LDAP to pool
    AUTH: INFO from com.sun.comms.client.security.auth.modules.impl.SunLDAPLoginModule Thread httpSSLWorkerThread-443-33 ipaddress=<PREVIOUS_IP> sessionid= at 11/09/10 11:19:14,529- SunLDAPLoginModule:User <INCORRECT_USER> Authenticated
    AUTH: INFO from com.sun.comms.client.security.auth.CommsUserInitContext Thread httpSSLWorkerThread-443-33 ipaddress=<PREVIOUS_IP> sessionid= at 11/09/10 11:19:14,533- Loading user entry from LDAP
    ...the other user successfully logs in (using an external Sun-based LDAP server), then starts asking the LDAP server for their Convergence preferences.
    AUTH: DEBUG from com.sun.comms.client.security.auth.CommsUserInitContext Thread httpSSLWorkerThread-443-33 ipaddress=<PREVIOUS_IP> sessionid= at 11/09/10 11:19:14,535- Creating Comms User.....
    AUTH: DEBUG from com.sun.comms.client.security.auth.CommsUserInitContext Thread httpSSLWorkerThread-443-33 ipaddress=<PREVIOUS_IP> sessionid= at 11/09/10 11:19:14,537- Creating new User
    (That's interesting...)
    AUTH: DEBUG from com.sun.comms.client.security.auth.CommsUserInitContext Thread httpSSLWorkerThread-443-33 ipaddress=<PREVIOUS_IP> sessionid= at 11/09/10 11:19:14,539- Login id of the user is <INCORRECT_USER>
    AUTH: DEBUG from com.sun.comms.client.security.auth.CommsUserInitContext Thread httpSSLWorkerThread-443-33 ipaddress=<PREVIOUS_IP> sessionid= at 11/09/10 11:19:14,541- Domain name of the user is siue.edu
    AUTH: DEBUG from com.sun.comms.client.security.auth.CommsUserInitContext Thread httpSSLWorkerThread-443-33 ipaddress=<PREVIOUS_IP> sessionid= at 11/09/10 11:19:14,544- Org DN of the user is o=siue.edu,o=usergroup
    AUTH: DEBUG from com.sun.comms.client.security.auth.CommsUserInitContext Thread httpSSLWorkerThread-443-33 ipaddress=<PREVIOUS_IP> sessionid= at 11/09/10 11:19:14,546- Real domain name of the user is siue.edu
    AUTH: INFO from com.sun.comms.client.security.auth.CommsUserInitContext Thread httpSSLWorkerThread-443-33 ipaddress=<PREVIOUS_IP> sessionid= at 11/09/10 11:19:14,548- User entry loaded successfully
    AUTH: DEBUG from com.sun.comms.client.security.auth.CommsUserInitContext Thread httpSSLWorkerThread-443-33 ipaddress=<PREVIOUS_IP> sessionid= at 11/09/10 11:19:14,550- Updating user cache with default attribute values
    AUTH: DEBUG from com.sun.comms.client.security.auth.CommsUserInitContext Thread httpSSLWorkerThread-443-33 ipaddress=<PREVIOUS_IP> sessionid= at 11/09/10 11:19:14,552- Updating user cache common preference with default values
    AUTH: DEBUG from com.sun.comms.client.security.auth.CommsUserInitContext Thread httpSSLWorkerThread-443-33 ipaddress=<PREVIOUS_IP> sessionid= at 11/09/10 11:19:14,555- Processing AttrName: sunUCDefaultApplication
    AUTH: DEBUG from com.sun.comms.client.security.auth.CommsUserInitContext Thread httpSSLWorkerThread-443-33 ipaddress=<PREVIOUS_IP> sessionid= at 11/09/10 11:19:14,557- Preference Attribute : sunUCDefaultApplication is not present in user cache
    And intermixed with the loading of preferences for the other user...
    AUTH: DEBUG from com.sun.comms.client.web.sso.SSOFilter Thread httpSSLWorkerThread-443-18 ipaddress=<AFFECTED_IP> sessionid= at 11/09/10 11:19:14,666- SSO is disabled
    PROTOCOL: DEBUG from com.sun.comms.client.protocol.ProtocolEngineServlet Thread httpSSLWorkerThread-443-18 ipaddress=<AFFECTED_IP> sessionid= at 11/09/10 11:19:14,667- Iwc Protocol command issued: login.iwc
    AUTH: WARN from com.sun.comms.client.protocol.delegate.agent.LoginContextAgent Thread httpSSLWorkerThread-443-18 ipaddress=<AFFECTED_IP> sessionid= at 11/09/10 11:19:14,669- Subject not found in session, creating one
    AUTH: DEBUG from com.sun.comms.client.protocol.delegate.agent.LoginContextAgent Thread httpSSLWorkerThread-443-18 ipaddress=<AFFECTED_IP> sessionid= at 11/09/10 11:19:14,671- Loaded com.sun.comms.client.security.auth.AppCallbackHandler class
    AUTH: DEBUG from com.sun.comms.client.security.auth.modules.impl.SunLDAPLoginModule Thread httpSSLWorkerThread-443-18 ipaddress=<AFFECTED_IP> sessionid= at 11/09/10 11:19:14,674- SunLDAPLoginModule:initialize()
    AUTH: DEBUG from com.sun.comms.client.security.auth.modules.impl.SunLDAPLoginModule Thread httpSSLWorkerThread-443-18 ipaddress=<AFFECTED_IP> sessionid= at 11/09/10 11:19:14,676- SunLDAPLoginModule:login()
    AUTH: INFO from com.sun.comms.client.security.auth.modules.impl.SunAuthCallBack Thread httpSSLWorkerThread-443-18 ipaddress=<AFFECTED_IP> sessionid= at 11/09/10 11:19:14,678- User LoginID is <INCORRECT_USER>
    ...there's the affected user trying to log in -- and getting the same username as the other user!
    AUTH: DEBUG from com.sun.comms.client.web.sso.SSOFilter Thread httpSSLWorkerThread-443-32 ipaddress=<AFFECTED_IP> sessionid=0fabb5152fbab756c5ef6cdb2c1d at 11/09/10 11:19:14,933- SSO is disabled
    AUTH: DEBUG from com.sun.comms.client.web.authorization.MailAuthorizationFilter Thread httpSSLWorkerThread-443-32 ipaddress=<AFFECTED_IP> sessionid=0fabb5152fbab756c5ef6cdb2c1d at 11/09/10 11:19:14,935- Removing token parameter from the mail backend service request
    PROXY_MAIL: DEBUG from com.sun.comms.client.web.services.sun.MailServiceProxy Thread httpSSLWorkerThread-443-32 ipaddress=<AFFECTED_IP> sessionid=0fabb5152fbab756c5ef6cdb2c1d at 11/09/10 11:19:14,938- reqURI: /iwc/svc/wmap/cmd.mjs
    The affected user (seeing that they have less to load) tries to send the command referenced above. Note their session ID...
    AUTH: DEBUG from com.sun.comms.client.web.sso.SSOFilter Thread httpSSLWorkerThread-443-37 ipaddress=<PREVIOUS_IP> sessionid=1a60d56c1deb585e05bf126aa4fe at 11/09/10 11:19:15,740- SSO is disabled
    PROTOCOL: DEBUG from com.sun.comms.client.protocol.ProtocolEngineServlet Thread httpSSLWorkerThread-443-37 ipaddress=<PREVIOUS_IP> sessionid=1a60d56c1deb585e05bf126aa4fe at 11/09/10 11:19:15,831- Iwc Protocol command issued: get_allprefs.iwc
    PROTOCOL: WARN from com.sun.comms.client.protocol.delegate.UserPrefsCommandDelegate Thread httpSSLWorkerThread-443-37 ipaddress=<PREVIOUS_IP> sessionid=1a60d56c1deb585e05bf126aa4fe at 11/09/10 11:19:15,834- get_allprefs.iwc : Service is not enabled : smime
    CONFIG: DEBUG from com.sun.comms.client.web.ServerConfiguration Thread httpSSLWorkerThread-443-37 ipaddress=<PREVIOUS_IP> sessionid=1a60d56c1deb585e05bf126aa4fe at 11/09/10 11:19:15,837- Virtual domain is enabled
    PROTOCOL: WARN from com.sun.comms.client.protocol.delegate.agent.ClientOptionsAgent Thread httpSSLWorkerThread-443-37 ipaddress=<PREVIOUS_IP> sessionid=1a60d56c1deb585e05bf126aa4fe at 11/09/10 11:19:15,839- client preferences not found for domain: siue.edu
    ...and how it's completely different from the other user's session ID. (One odd note -- the other user's browser asks for get_allprefs.iwc, but the affected user's browser doesn't until much later when, after seeing the incorrect mailbox, tried to rectify the problem by closing their browser and revisiting the domain, which bounced them off to main.html since they (apparently) had a valid session:
    From Glassfish's access logs:
    "<AFFECTED_IP>" "NULL-AUTH-USER" "09/Nov/2010:11:24:48 -0600" "GET / HTTP/1.1" 200 279
    "<AFFECTED_IP>" "NULL-AUTH-USER" "09/Nov/2010:11:24:48 -0600" "GET /iwc/ HTTP/1.1" 302 0
    "<AFFECTED_IP>" "NULL-AUTH-USER" "09/Nov/2010:11:24:48 -0600" "GET /iwc_static/layout/main.html?lang=en-us&14.01_234924 HTTP/1.1" 200 8856
    And from Convergence's iwc.log:
    AUTH: DEBUG from com.sun.comms.client.web.sso.SSOFilter Thread httpSSLWorkerThread-443-36 ipaddress=<AFFECTED_IP> sessionid=1a60de74f3d0ef2780bc181221e2 at 11/09/10 11:24:50,928- SSO is disabled
    AUTH: DEBUG from com.sun.comms.client.web.auth.IwcAuthController Thread httpSSLWorkerThread-443-36 ipaddress=<AFFECTED_IP> sessionid=1a60de74f3d0ef2780bc181221e2 at 11/09/10 11:24:50,934- Found a valid session, redirecting user to the main view page
    PROTOCOL: WARN from com.sun.comms.client.protocol.delegate.agent.ClientOptionsAgent Thread httpSSLWorkerThread-443-36 ipaddress=<AFFECTED_IP> sessionid=1a60de74f3d0ef2780bc181221e2 at 11/09/10 11:24:50,952- client preferences not found for domain: siue.edu
    AUTH: DEBUG from com.sun.comms.client.web.sso.SSOFilter Thread httpSSLWorkerThread-443-37 ipaddress=<AFFECTED_IP> sessionid=1a60de74f3d0ef2780bc181221e2 at 11/09/10 11:24:51,947- SSO is disabled
    PROTOCOL: DEBUG from com.sun.comms.client.protocol.ProtocolEngineServlet Thread httpSSLWorkerThread-443-37 ipaddress=<AFFECTED_IP> sessionid=1a60de74f3d0ef2780bc181221e2 at 11/09/10 11:24:51,949- Iwc Protocol command issued: get_allprefs.iwc
    PROTOCOL: WARN from com.sun.comms.client.protocol.delegate.UserPrefsCommandDelegate Thread httpSSLWorkerThread-443-37 ipaddress=<AFFECTED_IP> sessionid=1a60de74f3d0ef2780bc181221e2 at 11/09/10 11:24:51,951- get_allprefs.iwc : Service is not enabled : smime
    CONFIG: DEBUG from com.sun.comms.client.web.ServerConfiguration Thread httpSSLWorkerThread-443-37 ipaddress=<AFFECTED_IP> sessionid=1a60de74f3d0ef2780bc181221e2 at 11/09/10 11:24:51,952- Virtual domain is enabled
    PROTOCOL: WARN from com.sun.comms.client.protocol.delegate.agent.ClientOptionsAgent Thread httpSSLWorkerThread-443-37 ipaddress=<AFFECTED_IP> sessionid=1a60de74f3d0ef2780bc181221e2 at 11/09/10 11:24:51,954- client preferences not found for domain: siue.edu
    (Again, what's odd is that the JSESSIONID changes again.)
    I thought initially that it may be a pooling problem, so I decided to check out the logs for the Sun ONE Directory Server that this instance of Convergence is connected to and:
    [09/Nov/2010:11:19:14 -0600] conn=407075 op=22106 msgId=86900 - SRCH base="o=siue.edu,o=usergroup" scope=2 filter="(uid=<INCORRECT_USER>)" attrs="* isMemberOf"
    [09/Nov/2010:11:19:14 -0600] conn=407075 op=22106 msgId=86900 - RESULT err=0 tag=101 nentries=1 etime=0
    [09/Nov/2010:11:19:14 -0600] conn=408714 op=2173 msgId=86901 - BIND dn="uid=<INCORRECT_USER>,ou=People,o=siue.edu,o=usergroup" method=128 version=3
    [09/Nov/2010:11:19:14 -0600] conn=408714 op=2173 msgId=86901 - RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=<INCORRECT_USER>,ou=people,o=siue.edu,o=usergroup"
    [09/Nov/2010:11:19:14 -0600] conn=408784 op=4786 msgId=86902 - SRCH base="o=siue.edu,o=usergroup" scope=2 filter="(uid=<INCORRECT_USER>)" attrs="* isMemberOf"
    [09/Nov/2010:11:19:14 -0600] conn=408784 op=4786 msgId=86902 - RESULT err=0 tag=101 nentries=1 etime=0
    [09/Nov/2010:11:19:14 -0600] conn=408714 op=2174 msgId=86903 - BIND dn="uid=<INCORRECT_USER>,ou=People,o=siue.edu,o=usergroup" method=128 version=3
    [09/Nov/2010:11:19:14 -0600] conn=408714 op=2174 msgId=86903 - RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=<INCORRECT_USER>,ou=people,o=siue.edu,o=usergroup"
    But two different LDAP connections.... well, actually four... searched for and bound to the other user's username.
    The other interesting thing I found was while I was searching for the other user's username in the LDAP logs -- earlier I pointed out an interesting entry about "creating a Comms user"; however, the other user logged in previously to Convergence:
    [08/Nov/2010:21:23:10 -0600] conn=407075 op=18839 msgId=75351 - SRCH base="o=siue.edu,o=usergroup" scope=2 filter="(uid=<INCORRECT_USER>)" attrs="* isMemberOf"
    [08/Nov/2010:21:23:10 -0600] conn=407075 op=18839 msgId=75351 - RESULT err=0 tag=101 nentries=1 etime=0
    [08/Nov/2010:21:23:10 -0600] conn=408714 op=680 msgId=75352 - BIND dn="uid=<INCORRECT_USER>,ou=People,o=siue.edu,o=usergroup" method=128 version=3
    [08/Nov/2010:21:23:10 -0600] conn=408714 op=680 msgId=75352 - RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=<INCORRECT_USER>,ou=people,o=siue.edu,o=usergroup"
    I'm stumped -- anyone have any ideas why this is happening to us? (Due to these problems, we've been forced to shutdown our Convergence servers and redirect users to another older webmail product until this is fixed.)

    >
    The other interesting thing I found was while I was searching for the other user's username in the LDAP logs -- earlier I pointed out an interesting entry about "creating a Comms user"; however, the other user logged in previously to Convergence:"creating a Comms user" => means creating user object in memory using details in the LDAP and configuration, it does not create a User entry in LDAP.
    Can you please provide following details:
    - version of Convergence
    - output of 'iwcadmin -l'
    - full iwc.log and glassfish access log file

  • Netpoint 5.96 Catalog security problem - Anyone can see other users catalog

    I just had a revelation regarding the security of the catalogs.
    Anyone wise enough to realize that adding ?Category=x on the address can access the catalogs of any other customers !!!!! BIG BIG PROBLEM
    I will soon test if they also get the price list of that other catalog ?
    Is there a way to prevent a user from SEEING other catalogs ?

    Hi Shane,
    thanks for that, it worked nicely.
    For anyone watching this thread, he're my effort at securing the shipment.aspx page.
    It is an ascx control with no visual components, that you should drop in right at the very top of the page:
    <%@ Control Language="C#" ClassName="SBPageSecurity" %>
    <%@ Import Namespace = "netpoint.classes" %>
    <%@ Import Namespace = "netpoint.api.catalog" %>
    <%@ Import Namespace = "netpoint.api" %>
    <%@ Import Namespace = "netpoint.api.commerce" %>
    <script runat="server">
        protected void Page_Load(object sender, EventArgs e)
           string connString =  ConfigurationSettings.AppSettings["connString"].ToString();
           NPSession s = new NPSession(this.Context, connString);
           //verify that the logged-in accountId matches the Shipment object AccountID
           int docnum = (Request["shipmentid"] == null ? 0 : Convert.ToInt32(Request["shipmentid"]));
           if (0 == docnum)
               //no doc num
               Response.End();
           else
               NPShipment shipment = new NPShipment(docnum);
               if (shipment.AccountID != s.AccountID)
                   Response.End();
    </script>
    So basically all it does is verify that the logged in Account "owns" the document they are trying to view.
    I'm sure there is room for improvement, but at least it may be a place to start for some folks.
    Regards,
    Steve

  • I cannot see other user's tables via the OTHER USERS link

    I'm using SQL Developer version 1.5.0.53 Build MAIN-53.38.
    I log into the database as a user who has SELECT access to tables in other schemas via a ROLE.
    In the SQL window, I can select from those other tables as I expect.
    But, when I go down to the bottom of the screen and expand the Other Users link and then go down to one of the schemas that my account can select from,
    no tables appear.
    I've tried a couple of things so far to no avail.
    1. I first granted SELECT ANY TABLE to my account. I then killed my SQL Developer session and started a fresh session. I'm seeing the same results.
    2. I saw a post in here that said I needed to grant SELECT on the ALL_USERS view. So I removed the SELECT ANY TABLE privilege and granted the SELECT on
    ALL_USERS to my account. Once again, I killed the SQL Developer session and re-logged in. Same results.
    Is this a bug?
    Thanks,
    John

    well, it turns out I'm not as dumb as I though. My end user could still not select from other user's Materialized Views. Some more research showed that granting either SELECT ANY TABLE or SELECT_CATALOG_ROLE fixed the problem for him. I'm sure that a more restrictive grant on one of the DBA_ tables would also work (probably DBA_MVIEWS) but I've not tried that.

  • Not able to see other users change list in IR/ID

    Hi All,
    I  need to perform the CTS+ transports  in PI 7.1 and when ever i am going to change list tab apart from my user id i am not able to see any other user id to transfer the objects to my id
    Is some setting is missing or some role we need to assign.
    Appreciate your reponse on this.
    Thanks
    Ankur

    Hi Anku,
    Have a look on this doc [Limit Authorization PI Content objects.pdf|http://www.sdn.sap.com/irj/scn/events?rid=/library/uuid/a005629b-c063-2910-0fb8-f57dc68abaca], and/or contact your basis team who manages the user roles...
    The same in [e-learning|http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/40457bb0-c663-2910-85ad-f5f42edb715a].
    just in case of... for ESR authorization, you have this one [How To Setup Profile Based Authorization In ESR Using PI 7.1 EHP1|http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/50a3efb4-57a1-2d10-a6b9-fed6d21799f8?QuickLink=index&overridelayout=true]
    Else... a stupid question:
    in "change list" tab, have you click on the "filter" button to be able to select "User = All" ?
    and then to do your transfer...
    Regards.
    Mickael
    Edited by: Mickael Huchet on Feb 14, 2012 9:24 AM

  • How do you see other user pictures

    does anyone know how you can view pictures on other user groups on the same computer. I have shared the folder with all the pictures and opened these to all users but still no joy, any ideas?

    iMac model? Mac OSX version?
    The older (pre-2006) iMacs this forum served may be more limited in options than newer models.

  • HT1386 Since updating to OS5 I cannot open downloaded podcasts on my iPad 2, indeed can't confirm If they have been downloaded. I see others have this problem but what is the solution?

    Since updating to OS5 I cannot open downloaded podcasts and can't confirm if they have actually been downloaded. They appear in the "more" list in iTunes music, but won't play. I hear others have this problem but what is the solution ?

    Install the Flex:Player App;  http://itunes.apple.com/app/flex-player/id451024857?alreadyRedirected=1&mt=8
    Then you can open the movies, keep tapping on them and choose Open in Flex:Player.

  • PC does not see other users on Mac except the administrator

    Hello to all,
    I have arranged a network between my PC (one user-administrator) and my Mac (2 users-one administrator and one standard), but I don't know the way to see files of the standard Mac user from my PC. I can only see the Mac administrator's files.
    Any suggestions?
    Thank you in advance.

    How I did it:
    on the mac.
    1. Open "macintosh HD" in the standard user account.
    2. Open "Users".
    3. Open home folder of the "standard user account".
    4. Click on the folder you wish to become accesssible to windows sharing.
    5. Hold down "options" and click "I".
    6. In the "get info" window, click on "Ownership and Permissions".
    7. Click on "Details".
    8. Click on the padlock to unlock it. You may be asked for the adninistrator's username and password. Respond accordingly.
    9. Click on the window besides "Group".
    10. Click on the name of the home folder of the administrator user account to choose it.
    11. Click on the window besides "Access" just below "Group".
    12. Click on "Read & Write" to choose it.
    13. Click on the padlock to lock it.
    14. Close "get info" window.
    15. Repeat steps 4-14 for any other folder you'd like to make it become accesssible to windows sharing.
    on the PC.
    1. Click "start".
    2. Click "my network places".
    3. Click "add a network place".
    On the appearing window:
    4. Click "next".
    5. Click "choose another network location".
    6. Click "next".
    7. In "internet or network address" write
    IP of mac computer\username of administrator mac user.
    8. Click "next".
    9. You may be asked for the adninistrator's username and password. Respond accordingly.
    10. Choose a name for the "network place folder" (I used "IP of mac computer\username of administrator mac user").
    11. Click "finish".
    In this way a network place for the administrator mac user is created. One should repeat these steps for each one of the other mac users. Remember to choose a different name for each mac user.
    If nothing went wrong you will now be able to access the mac files from the PC!
    I hope this helps.

  • I can no longer access the iTunes store on my I pad. I see others have this problem. Ideas?

    Any ideas re how to get the iTunes store?

    no error message.  it works without a problem in my computer.  but a few minutes ago, it just opened on my ipad, so i'm ok for now.  but i had a problem yesterday.  i had it open, and it froze for several hours. this didn't used to happen.  something must be going on.  it's very frustrating  

  • HT5100 I was thrilled with this app at first, the content is amazing, but lately I have not been able to open this on my iPad or to download updates. have other user experienced these problems? Is there a setting I can change to make his work again?

    I was thrilled with this app at first, the content is amazing, but lately I have not be enable to open the app, or to download updates. are other users experiencing problems like this? Is there a setting I can change that will solve the problem?

    I was thrilled with this app at first, the content is amazing, but lately I have not be enable to open the app, or to download updates. are other users experiencing problems like this? Is there a setting I can change that will solve the problem?

  • EndUser access to getUsers with option against other user attributes?

    Howdy,
    I am trying to allow an end user to select their account name during our account claiming process. I am running into a problem validating their selected username. I am using a call to getUsers with QueryOptions based on their account name and Uname attributes. (we are storing our username in an attribute called Uname). This works when I run the rule in BPE as my admin user. However, during the account claiming process, the rule is executing from the claim username form, and the end user is logged. Since the getUsers runs against the context of the logged in user, my queries are not able to see other users when they query for the name or Uname. There for the same queries are coming back false for the end user, but true for the admin. I'm assuming I need to run the rule as an admin to fix the problem. I added the following RunAsUser entry to the rule:
    <Rule name='alreadyExists'>
    <Description>This rule checks to see if a username is already being used by the system.</Description>
    <Comments>It returns true if the username already exists, false if the username&#xA;does not exist.</Comments>
    <RuleArgument name='potentialName'>
    <Comments>The potential username.</Comments>
    </RuleArgument>
    <RunAsUser>
    <ObjectRef type='User' id='#ID#Configurator' name='Configurator'/>
    </RunAsUser>
    <block name='outer-check' trace='true'>
    <cond>
    <eq>
    <ref>potentialName</ref>
    <null/>
    </eq>
    <i>0</i>
    <block name='compairison' trace='true'>
    <defvar name='queryOptionsOne'>
    <new class='com.waveset.object.QueryOptions'/>
    </defvar>
    <defvar name='queryOptionsTwo'>
    <new class='com.waveset.object.QueryOptions'/>
    </defvar>
    <invoke name='addCondition'>
    <ref>queryOptionsOne</ref>
    <s>Uname</s>
    <ref>potentialName</ref>
    </invoke>
    <invoke name='addCondition'>
    <ref>queryOptionsTwo</ref>
    <s>name</s>
    <ref>potentialName</ref>
    </invoke>
    <or>
    <neq>
    <invoke name='getUsers' class='com.waveset.ui.FormUtil'>
    <ref>context</ref>
    <ref>queryOptionsOne</ref>
    </invoke>
    <null/>
    </neq>
    <neq>
    <invoke name='getUsers' class='com.waveset.ui.FormUtil'>
    <ref>context</ref>
    <ref>queryOptionsTwo</ref>
    </invoke>
    <null/>
    </neq>
    </or>
    </block>
    </cond>
    </block>
    </Rule>
    But it still isn't working. Is there something else I should be doing?

    Hi Jim,
    your problem is caused by the fact that runAs rules do not switch their context in all cases. It has been that way since LH 4.0. I'm afraid that the only work around that i am aware of (other then giving redicilus rights to end users) is to use unsuported API.
    <invoke name="getCache">
      <invoke name="getServer" class="com.waveset.server.Server"/>
    </invoke>gives you an instance of object cache (com.waveset.object.ObjectCache) without any limitations. I'm to lazy right now to test your case but with an object cache in server context you should be able to do searches without restrictions. For example have a look at
    getObjects(Type type, java.util.List attrConds)
    which looks ok for your intend.
    Regards,
    Patrick
    Message was edited by:
    Patrick.Wehinger

  • Can't connect to other users

    Hi.
    I am having trouble seeing other users that I know are on-line in the buddy window. Their user name is greyed out and I can't see when they go on-line.
    They are in my address book and they have .mac.com accounts.
    Do I have some issues with setting up sharing?
    -pc

    I believe this is the fix. The address book is where I have entered the contact i want to chat with, but the adderss book entry is not enough: you have to update the entry after adding it in iChat.
    Once I had done that, the user is found, no problem and it works.
    -pc

Maybe you are looking for

  • Error when connecting message...........

    I tried this in the Mac Mini section without any help. I have my Airport Extreme in my home office. My DSL is hooked to the Extreme and then out to my iMac which does not have an Airport card. My son is using an Express in his bedroom to use the DSL

  • Problems with Photoshop CS4 on Snow Leopard 10.6.8

    I just upgraded to Snow Leopard 10.6.8 and now my Photoshop CS4 is constantly crashing on me.  Adobe was no help.  Is there anything I can do to fix this?  I don't want to purchase CS5 just to prevent this from happening. I had no problems with CS4 w

  • Error when trying to load a flash file in to a dreamweaver document

    Every time I try to add flash content to my html site in dreamweaver (both version 8) I keep getting an error: "While executing onClick in Object Options.htm, the following javascript error occured: at line 55 of file "C:\program files\...\configurat

  • How to create SharePoint: Group By on more than 2 columns in a view (SP 2013)

    Hi All, I want to create Group by column on more than 2 columns in a view in SharePoint 213 list. The group It for CurrentUser,Yearly,Monthly andWeekly. How can I achieve It? Thanks in Advance

  • Installing antivirus on new Satellite L50B

    hello Toshiba forum i need to install kaspersky internet security 2015 (i've got the third license) on my new laptop but there is McAfee allready installed (but not configured yet) how do you suggest to proceed ? do i need to uninstall McAfee before