WS-Security and UsernameToken in WS Adapter

Similar Messages

• WS-Security and UsernameToken 1.0 with PI 7.0

  Hello experts,
  we use PI 7.0 and we want to establish a connection to a web service which requires the use of "Message Security 1.0 (WS-Security)" and "UsernameToken Profile 1.0". I can't find the correct settings in the SOAP adapter. Do we have to use PI 7.1 and the WS adapter to establish this connection, is it possible to install the WS adapter on PI 7.0 or is there any workaround to connect to a web service like this?
  The standards are described here:
  http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0.pdf
  http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0.pdf
  Best regards,
  David

  UsernameToken works with the WS-RM adapter very well, basically with every standard compliant SOAP implementation.
  You have to choose User ID/password message authentication in the receiver channel, then you get a Username Token. In the receiver agreement you then enter the actual username and password to use for the call.
  Choosing Asymmetric Message Signature/Encryption the messages will be signed and encrypted in a standadized WS-Security way. The signature will be performed based on a private key (stored inside a PSE of transaction STRUST of the integration server) you supply in the receiver agreement.
  The other option Symmetric Message Signature/Encryption will also add signature and encryption to the SOAP message. However the signature is done with a symmetric key that is created for the particular message exchange.

• Ask the Expert: Introduction to Cisco Adaptive Security Appliance (ASA) version 9.x (Context Aware Security and VPN Features)

  With Namit Agarwal and Rahul Govindan 
  Welcome to the Cisco Support Community Ask the Expert conversation. This is an opportunity to learn and ask questions about Cisco Adaptive Security Appliance (ASA) version 9.x (Context Aware Security and VPN Features) with experts Namit Agarwal and Rahul Govindan.
  This is a continuation of the live webcast.
  Cisco ASA CX (Context-Aware) is a next generation firewall service that serves as an extension to the Cisco Adaptive Security Appliance (ASA) firewall platform. In addition to the proven stateful inspection firewall capabilities, it provides us with next-generation capabilities and a host of additional network-based security controls for end-to-end network intelligence and streamlined security operations.
  Namit Agarwal is a customer support engineer at the Cisco Technical Assistance Center in Bangalore, India. He has more than four years of experience in the security domain. His areas of expertise include ASA firewalls, IPS, and ASA content-aware security (ASA CX). He has been involved in various escalation requests from around the world. He holds CCIE certification (number 33795) in security.   
  Rahul Govindan has been an engineer with the Security Technical Assistance Center team in Bangalore for more than three years. He works on security technologies such as VPN; Cisco ASA firewalls; and authentication, authorization, and accounting. His particular expertise is in Secure Sockets Layer VPN and IP security VPN technologies. He holds CCIE certification (number 29948) in security.
  Remember to use the rating system to let Namit and Govindan know if you have received an adequate response. 
  Because of the volume expected during this event, Namit and Govindan might not be able to answer every question. Remember that you can continue the conversation in the Security community, subcommunity VPN shortly after the event. This event lasts through November 1, 2013. Visit this forum often to view responses to your questions and the questions of other Cisco Support Community members.
  Webcast related links:
  Slides from the live webcast
  Video Recording of the live webcast
  Introduction to Cisco Adaptive Security Appliance (ASA) version 9.x (Context Aware Security and VPN Features): FAQ from live webcast

  Hello Namit and Rahul,
  Here are few questions that came in directly during your live webcast hence posting them here so that users can benifit:
  1)      How is ASA CX different from other UTM solutions ?
  2)      How is dynamic application inspection of CX better than other inspection engines  ?
  3)      What features or functionalities on the CX are available by default ?
  4)      what are the different ways we can run or install CX on the ASA platform ?
  5)      What VPN features are supported with multi context ASA in the 9.x release ?
  6)      What are the IPv6 Enhancements in the ASA version 9.x ?
  Request you to please provide your responses to them individually.
  Thanks.

• SEcurity settings for sender SOAP adapter

  Hey guys
  i m implemeting some security features in sender SOAP adapter by taking help frm www.help.sap.com,i have checked the message security box in sender Communication channel but in sender agreement i dont see any options for Decryt or Validate,i only see Keystore,Issuer and subject.
  i m on SP9 and XI 3.0
  where can i find these options of Decrypt etc?
  thanx
  ahmad

  Hi,
  Please see below links
  https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/f0650f56-7587-2910-7c99-e1b6ffbe4d50
  http://msdn.microsoft.com/library/default.asp?url=/library/en-us/BTS06CoreDocs/html/a3229d73-170d-42b7-bab9-12ae5f2d0fa7.asp
  http://msdn.microsoft.com/library/default.asp?url=/library/en-us/BTS06CoreDocs/html/f869bd82-df93-45e1-b747-b538820253fb.asp
  https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/121b053d-0401-0010-539f-f9295efb7bad
  Document security option in webservices
  And also check,
  Launch Visual administrator and navigate to Server->Services->Security Provider. In 'Policy Configurations' tab page, select the component 'sap.com/com.sap.aii.af.soapadapter*XISOAPAdapter'. Then click on the tab page 'Security Roles' and select 'xi_adapter_soap_message'. You will find the groups (equivalent to roles in PFCG) to which this security role (xi_adapter_soap_message) is assigned to. Make sure you assign the PFCG role listed here to the user.
  regards
  Chilla..

• Security and encryption inside Integration Server

  Hi,
  is it possible to encrypt the entire message process INSIDE PI. I don't mean "Adapter-Inbound" or "Adapter Outbound" communication, but rather "Adapter-to-Integration Server" and "Integration-Server-to-Adapter"?
  For example, that the message payload cannot be seen in SXMB_MONI etc.
  A potential scenario are HCM payroll data exchange.
  Thanks for any idea.
  -hs

  For example, that the message payload cannot be seen in SXMB_MONI etc.
  1) Do not log the message (check the blog: /people/michal.krawczyk2/blog/2007/04/30/xipi-personalized-logging-tracing) ....monitoring may not be possible then.
  2) restrict the user from viewing the payload....adding new-users to the no-view list to be managed by the Admins
  3) Make use of java logic in adapter module to encode the message before passing it to SXMB_MONI.....not all adapters support modules...complexity increases....decoding logic at receiving end required
  4) Make use of com.sap.security.api.ssf...disadvantages same as for point 3.
  Regards,
  Abhishek.

• How to fix SOAP Security Header UsernameToken is required for operation?

  hi all,
  can somone help me how to resolve the error "javax.xml.ws.soap.SOAPFaultException: SOAP Security Header UsernameToken is required for operation" when i run a client.
  i got a WSDL and using wsdl2java i generated the stubs
  Here is my client code
  public final class LiteratureClient {
       public final static QName SERVICE = new QName("http://siebel.com/asi/",
                 "Literature");
       public final static URL WSDL_LOCATION;
       private LiteratureClient() {
       static {
            URL url = null;
            try {
                 url = new URL(
                           "file:c:\\reprintwsdl\\http___siebel.com_asi__Literature17.WSDL");
            } catch (MalformedURLException e) {
                 System.err
                           .println("Can not initialize the default wsdl from file:http___siebel.com_asi__Literature17.WSDL");
                 // e.printStackTrace();
            WSDL_LOCATION = url;
       public static void main(String args[]) throws Exception {
            System.out.println(WSDL_LOCATION);
            Literature obj = new Literature(WSDL_LOCATION, SERVICE);
            DefaultBindingSpcLiteratureSpcWS port = obj.getDefault();
            Client cxfClient = ClientProxy.getClient(port);
            cxfClient.getInInterceptors().add(new LoggingInInterceptor());
            cxfClient.getOutInterceptors().add(new LoggingOutInterceptor());
            cxfClient.getOutInterceptors().add(new SiebelPasswordInterceptor());
            com.siebel.xml.literatureio.iterature inputObj = new com.siebel.xml.literatureio.lterature();
  inputObj.setDocId("1234");          
            // Query by ID
       LiteratureQueryByIdlInput input = new LiteratureQueryByIdInput();
            com.siebel.xml.iteratureio.ListOfliteratureio list = new com.siebel.xml.iteratureio.ListOfliteratureio();
            list.getLiterature().add(inputObj);
            input.setListOfliteratureio(list);
            LiteratureQueryByIdOutput output = obj.getDefault().LiteratureQueryById(input);
  This is the interceptor which i added to the client before performing the query operation
  public class SiebelPasswordInterceptor extends AbstractPhaseInterceptor<SoapMessage> {
       public static final String SECURITY_TAG_NAME = "wsse:Security";
       public static final String SECURITY_NAMESPACE = "http://schemas.xmlsoap.org/ws/2002/04/secext";
       public static final String USERNAME_TOKEN_TAG_NAME = "wsse:UsernameToken";
       public static final String USERNAME_TAG_NAME = "wsse:Username";
       public static final String PASSWORD_TAG_NAME = "wsse:Password";
       public static final String PASSWORD_TEXT_ATTRIBUTE_NAME = "wsse:PasswordText";
       public static final String TYPE_TAG_NAME = "Type";
       public static final String SECURITY_NAMESPACE_NAME = "wsse";
       public static final String SECURITY = "Security";
       public SiebelPasswordInterceptor() {
            super(Phase.PREPARE_SEND);
       public void handleMessage(SoapMessage message) {
            List l = message.getHeaders();
            Document d = DOMUtils.createDocument();
            Element securityParent = d
                      .createElementNS(
                                SECURITY_NAMESPACE,
                                SECURITY_TAG_NAME);
            Element userNameToken = d.createElementNS(
                      SECURITY_NAMESPACE,
                      USERNAME_TOKEN_TAG_NAME);
            Element userName = d
                      .createElementNS(
                                SECURITY_NAMESPACE,
                                USERNAME_TAG_NAME);
            userName.setTextContent(getUsername());
            userNameToken.appendChild(userName);
            Element pwdText = d
                      .createElementNS(
                                SECURITY_NAMESPACE,
                                PASSWORD_TAG_NAME);
            pwdText.setAttribute(TYPE_TAG_NAME, PASSWORD_TEXT_ATTRIBUTE_NAME);
            pwdText.setTextContent(getPassword());
            userNameToken.appendChild(pwdText);
            securityParent.appendChild(userNameToken);
            SoapHeader header = new SoapHeader(new QName(
                      SECURITY_NAMESPACE, SECURITY,
                      SECURITY_NAMESPACE_NAME), securityParent);
            System.out.println(" HEADER "+header.toString());
            l.add(header);
       protected String getUsername(){
  return "test";
       protected String getPassword(){
            return test";
  I did add this interceptor as out interceptor to my client but for some reason the header is not getting added to the request . can someone pls. help me in troubleshooting this issue.
  Thank you

  The problem is in <form action="http://www.eastsidestudios.com.au/FormProcessv2.aspx?WebFormID=42582&O ID={module_oid}&amp;OTYPE={module_otype}&amp;EID={module_eid}&amp;CID={mo dule_cid}"
  You have to remove http://www.eastsidestudios.com.au from the action URL and make it relative:
  <form action="/FormProcessv2.aspx?WebFormID=42582&O ID={module_oid}&amp;OTYPE={module_otype}&amp;EID={module_eid}&amp;CID={mo dule_cid}"
  Cheers,
  -mario

• Mac security and maintenance advice needed.

  can someone please advice me how to keep my mac secured and well maintained. i mean the macbook hardware as well as software.
  any antispyware or antivirus i should get for mac? would u recommend one? and which one? also suggest me some free alternatives.
  on pcs putting realtime scanners would slow down the system. i hope thats not the case in mac.
  also, any maintenance software like a defragmenter? i have been told macs dont need a defrag program. recently a whole lot of permissions went bad when i did a 'verify permissions' check.
  also, can someone tell me how often one should calibrate the battery?

  Kappy's Personal Suggestions for OS X Maintenance
  For disk repairs use Disk Utility. For situations DU cannot handle the best third-party utilities are: Disk Warrior; DW only fixes problems with the disk directory, but most disk problems are caused by directory corruption; Disk Warrior 4.x is now Intel Mac compatible. TechTool Pro provides additional repair options including file repair and recovery, system diagnostics, and disk defragmentation. TechTool Pro 4.5.1 or higher are Intel Mac compatible; Drive Genius is similar to TechTool Pro in terms of the various repair services provided. Versions 1.5.1 or later are Intel Mac compatible.
  OS X performs certain maintenance functions that are scheduled to occur on a daily, weekly, or monthly period. The maintenance scripts run in the early AM only if the computer is turned on 24/7 (no sleep.) If this isn't the case, then an excellent solution is to download and install a shareware utility such as Macaroni, JAW PseudoAnacron, or Anacron that will automate the maintenance activity regardless of whether the computer is turned off or asleep. Dependence upon third-party utilities to run the periodic maintenance scripts had been significantly reduced in Tiger and Leopard.
  OS X automatically defrags files less than 20 MBs in size, so unless you have a disk full of very large files there's little need for defragmenting the hard drive. As for virus protection there are few if any such animals affecting OS X. You can protect the computer easily using the freeware Open Source virus protection software ClamXAV. Personally I would avoid most commercial anti-virus software because of their potential for causing problems.
  I would also recommend downloading the shareware utility TinkerTool System that you can use for periodic maintenance such as removing old logfiles and archives, clearing caches, etc.
  For emergency repairs install the freeware utility Applejack. If you cannot start up in OS X, you may be able to start in single-user mode from which you can run Applejack to do a whole set of repair and maintenance routines from the commandline. Note that presently AppleJack is not compatible with Leopard.
  When you install any new system software or updates be sure to repair the hard drive and permissions beforehand. I also recommend booting into safe mode before doing system software updates.
  Get an external Firewire drive at least equal in size to the internal hard drive and make (and maintain) a bootable clone/backup. You can make a bootable clone using the Restore option of Disk Utility. You can also make and maintain clones with good backup software. My personal recommendations are (order is not significant):
  1. Retrospect Desktop (Commercial - not yet universal binary)
  2. Synchronize! Pro X (Commercial)
  3. Synk (Backup, Standard, or Pro)
  4. Deja Vu (Shareware)
  5. Carbon Copy Cloner (Donationware)
  6. SuperDuper! (Commercial)
  7. Intego Personal Backup (Commercial)
  8. Data Backup (Commercial)
  The following utilities can also be used for backup, but cannot create bootable clones:
  1. Backup (requires a .Mac account with Apple both to get the software and to use it.)
  2. Toast
  3. Impression
  4. arRSync
  Apple's Backup is a full backup tool capable of also backing up across multiple media such as CD/DVD. However, it cannot create bootable backups. It is primarily an "archiving" utility as are the other two.
  Impression and Toast are disk image based backups, only. Particularly useful if you need to backup to CD/DVD across multiple media.
  Visit The XLab FAQs and read the FAQs on maintenance, optimization, virus protection, and backup and restore.
  Additional suggestions will be found in Mac Maintenance Quick Assist.
  Referenced software can be found at www.versiontracker.com and www.macupdate.com.
  Do You Need Anti-Virus Protection for Your Mac?
  According to Rich Mogull's article, Should Mac Users Run Antivirus Software?,
  "The reality is that today the Mac platform is relatively safe. There are hundreds of thousands of viruses and other malicious software programs floating around for Windows, but less than 200 are known to target the Mac, and many of those are aimed at versions of the Mac OS prior to Mac OS X (and thus have no effect on a modern Mac).
  It's not that Mac OS X is inherently more secure against viruses than current versions of Windows (although it was clearly more secure than Windows prior to XP SP2); the numerous vulnerabilities reported and patched in recent years are just as exploitable as their Windows equivalents. But most security experts agree that malicious software these days is driven by financial incentives, and it's far more profitable to target the most dominant platform."
  Mr. Mogull is a computer security expert. I recommend reading the entire article as it is quite informative.
  For additional information on viruses, trojans, and spyware visit The XLab FAQs and read the FAQs on viruses and spyware.
  About Batteries in Modern Apple Laptops
  Apple - Batteries - Notebooks
  Extending the Life of Your Laptop Battery
  Apple - Batteries
  Determining Battery Cycle Count
  Calibrating your computer's battery for best performance
  Battery University
  Repairing the Hard Drive and Permissions
  Boot from your OS X Installer disc. After the installer loads select your language and click on the Continue button. When the menu bar appears select Disk Utility from the Installer menu (Utilities menu for Tiger and Leopard.) After DU loads select your hard drive entry (mfgr.'s ID and drive size) from the the left side list. In the DU status area you will see an entry for the S.M.A.R.T. status of the hard drive. If it does not say "Verified" then the hard drive is failing or failed. (SMART status is not reported on external Firewire or USB drives.) If the drive is "Verified" then select your OS X volume from the list on the left (sub-entry below the drive entry,) click on the First Aid tab, then click on the Repair Disk button. If DU reports any errors that have been fixed, then re-run Repair Disk until no errors are reported. If no errors are reported click on the Repair Permissions button. Wait until the operation completes, then quit DU and return to the installer. Now restart normally.
  If DU reports errors it cannot fix, then you will need Disk Warrior (4.0 for Tiger, and 4.1 for Leopard) and/or TechTool Pro (4.6.1 for Leopard) to repair the drive. If you don't have either of them or if neither of them can fix the drive, then you will need to reformat the drive and reinstall OS X.
  would keeping the charger plugged in extend battery life?
  It will neither hurt nor improve battery life. The life of the battery is determined by the number of full charge cycles - about 500 is the average life. If you use the computer mostly in a location with access to an AC outlet then you should use the AC adapter rather than run on the battery.

• Security and/or filtering error in data form creation

  Hi,
  I am getting this error when I am trying to preview my data form.
  This is the first time I am creating an application and data form in Hyperion.
  The data form is multicurrency and plan type is Plan1.
  Row:
  Account members: Descendants(Account)
  Column:
  Year:Descendants(FY10)
  Period:Descendants(YearTotal)
  Page Dimension(s)
  Entity:Descendants(Entity)
  Scenario:Current
  Version:BU Version_1
  POV:
  Currency:USD
  Disabled all options in "Other options" and Not selected any business rukes.
  When selecting preview data form I am getting below error:
  Security and/or filtering has resulted in a required dimension not being represented on this data form
  I have not selected any security/filter settings as of now. Please suggest whats causing this.
  Thanks,

  Hi Jake,
  I did what you suggested,but I am still getting same error.
  Here I would like to point out that. I have selected my application to support multicurrency, but 'HSP_RATES' does not come in Dimension selection drop down. I can see 'HSP_RATES' in Performance settings tab, but I cant see it in Dimensions tab or Evaluation order tab.
  Is this causing problem? Should I add it manually?
  Thanks,
  Rajni.

• Mac Mini and DVI-Video PAL Adapter no picture

  Hello,
  I have a mac mini g4 (late 2005) and the pal video-adapter to connect this thing to my tv however I don't get a picture out of this on the tv. In the system preferences I don't have the choice to a pal setting but just 800x600 in different colors and 1024x768.
  When the mac boots with tv connected (s-video cable) I see some flickering but nothing comes out of it.
  Any hints how to proceed here?
  konstantin

  After rebooting the mac mini with a vga-monitor connected, then unplugging that monitor and plugging in the tv adapter it is working.
  If somebody could shed some light, what has happened there I would really be interested..
  Konstantin

• My MBP Retina doesn't allow the use of two Thunderbolt to DVI adapters. It only works with one TB - VGA adapter and one TB - DVI adapter. However now the color on the VGA connected monitor is slightly different.

  The monitors are Viewsonic VA2406m-LED. The Display preferences show all three monitors but one monitor always says "No Signal" if they are both connected TB -> DVI.
  The Color on the VGA connected one is slighly off. It seems like I should be able to connect two DVI monitors not sure why this is stopped. Does it have something to do with the Graphics card?

  The problem was with the newEgg adapter. I just went to the Apple Store and bought an Apple adapter and the monitor now displays correctly.
  For future reference, in case anyone experiences this problem:
  the newEgg adapter is part number 9SIA1PU0P88920, described as a Thunderbolt Mini Displayporrt Display Port DP to DVI Adapter for APPLE Macbook Pro Air and the full description says it works for macbook pro, etc.
  when this adapter is used, the macbook pro recognizes the monitor, but the monitor displays nothing.
  When the apple adapter (MB507Z/B Mini Display Port to DVI Adapater) is used, the monitor displays correctly.
  Of course, the individual newEgg part might simply be defective, but I doubt it.  moral -- spend the extra $$ and buy the Apple adapter.

• Securing file download with standard web security and ssl

  Hi,
  I want to put some files for download in my webapp. At the same time, I want to protect these files using standard servlet security and ssl. So I added <security-constraint> in my web.xml and configured tomcat to allow SSL connection. Now I got the files protected as I expected. When I try to access the file directly from browser, tomcat shows me the login page. However, after correct login, I.E. pops up an error saying something like "Internet Explorer cannot download XXX from XXX. The file could not be written to the cache.". The log file showed the following exception:
  javax.net.ssl.SSLException: Connection has been shutdown: javax.net.ssl.SSLException: java.net.SocketException: Connection reset by peer: socket write error
       at com.sun.net.ssl.internal.ssl.SSLSocketImpl.checkEOF(SSLSocketImpl.java:1154)
       at com.sun.net.ssl.internal.ssl.AppInputStream.available(AppInputStream.java:40)
       at org.apache.tomcat.util.net.TcpConnection.shutdownInput(TcpConnection.java:90)
       at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:752)
       at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:526)
       at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:80)
       at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:684)
       at java.lang.Thread.run(Thread.java:595)
  Caused by: javax.net.ssl.SSLException: java.net.SocketException: Connection reset by peer: socket write error
       at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:166)
       at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1476)
       at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1443)
       at com.sun.net.ssl.internal.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java:1407)
       at com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:64)
       at org.apache.coyote.http11.InternalOutputBuffer.realWriteBytes(InternalOutputBuffer.java:747)
       at org.apache.tomcat.util.buf.ByteChunk.flushBuffer(ByteChunk.java:403)
       at org.apache.coyote.http11.InternalOutputBuffer.endRequest(InternalOutputBuffer.java:400)
       at org.apache.coyote.http11.Http11Processor.action(Http11Processor.java:961)
       at org.apache.coyote.Response.action(Response.java:182)
       at org.apache.coyote.Response.finish(Response.java:304)
       at org.apache.catalina.connector.OutputBuffer.close(OutputBuffer.java:281)
       at org.apache.catalina.connector.Response.finishResponse(Response.java:473)
       at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:151)
       at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:825)
       at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:738)
       ... 4 more
  Caused by: java.net.SocketException: Connection reset by peer: socket write error
       at java.net.SocketOutputStream.socketWrite0(Native Method)
       at java.net.SocketOutputStream.socketWrite(SocketOutputStream.java:92)
       at java.net.SocketOutputStream.write(SocketOutputStream.java:136)
       at com.sun.net.ssl.internal.ssl.OutputRecord.writeBuffer(OutputRecord.java:283)
       at com.sun.net.ssl.internal.ssl.OutputRecord.write(OutputRecord.java:272)
       at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:663)
       at com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:59)
       ... 15 more
  I've tried separating concerns, for example protect files but not require SSL, and enable SSL but do not protect files. Both works respectively but not together. I also tried using a download4j's DownloadServlet. Still doesn't work.
  Have any of you encouter the same situation? If so, could you enlight me what I did wrong? It maybe just a simple SSL configuration or something. Thanks in advance!
  Jack

  My environment setup is:
  JDK 1.5.01
  Tomcat 5.5.7
  For downloading files, I just use plain old <a href> method. I simply right-click the link and choose "save target as...".
  Thanks,
  Jack

• Secure and non-secure access to the web application in one war

  Say we have one web application (in one war) which includes JSP, servlets and the security intercepter. There is one business requirement to have most of the JSP(s) accessed via HTTPS, but a few JSP(S) accessed via HTTP.
  My questions are:
  a. Is this possible, or a reasonable requirement or a good practice?
  b. if yes, what can we do to make it happen in the security intercepter implementation?
  c. If not, what is the technical reasons?
  Thanks much.

  a) Yes its is reasonable and good practive, there is an overhead using https, so you should only encrypt file you need to. When you use an online store, only account details / payments are https, the shop itself is http
  b) I dont really understand your difficulty. You can define a folder as 'secure' and put all your secure pages in this folder, leaving non secure files in a different folder. Whenever a page in the secure folder is accessed, https is automatically invoked.

• After AVG PC Tune up, software update message for security and stability update is available FireFox 3.6.18. Should I Update?

  My Dell laptop (Operating on Windows XP) was hit with multiple viruses - I could not open Mozilla Firefox or any other applications for that matter. After much time and many attempts, I was finally able to install and run an AVG Scan and then an AVG PC Tune up. 4,559 problems found and repaired. After the repairs, I received the following message:
  "Software Update - A security and stability update for Firefox is available: Firefox 3.6.18 - It is strongly recommended that you apply this update for Firefox as soon as possible. - an underlined link reading, "View more information about this update" and then 2 choices - "Ask Later" or "Update Firefox." Since part of the problem was with Firefox and some error messages pointed to that, I'm hesitant to click on any of the three options above. Can you help me to get past this error message, please. I am sending this from my home computer. Thank you. Diane

  Sometimes the updater gets in a funny state - Go to http://www.mozilla.org/en-US/firefox/new/ and download the full installer. Close Firefox and run the installer

• After upgrading to Mountain Lion I am not able to access "security and privacy" button under "system preferences". I like to activate "find my mac" but cannot access privacy setting after upgrade. Kindly advice.

  After upgrading to Mountain Lion I am not able to access "security and privacy" button under "system preferences". I like to activate "find my mac" but cannot access privacy setting after upgrade. Kindly advice.

• I have a 3rd generation iPod Touch and just did the update to IOS 5. Now I can't connect to my Netgear wifi router. My iPhone connects fine along with all of my other laptops etc. I have the router set with WPA-PSK [TKIP] security and an access list.

  I have a 3rd generation iPod Touch and just did the update to IOS 5. Now I can't connect to my Netgear wifi router. My iPhone connects fine along with all of my other laptops etc. I have the router set with WPA-PSK [TKIP] security and an access list. I've confirmed the mac address is included on that list and that the password is correct. Under choses netwrok I select the network and it just goes into a spin. I have tried removing the password and the access list settings and it still will not complete the connection to the router thus no internet access. The routers firmware is also up to date. This thing worked fine before this update and I've already tried to restore from backup. Any ideas or is the wifi nic bad in this thing with the new apple firmware update? Any fix?

  Thanks Bob, I don't know why but it all of a sudden worked a few days later. It's a mystery but at least problem solved.