YAACE (Yet Another Access Control Exception)

Similar Messages

• Access control exception only on Linux/Debian not on Windows!?

  We have a rmi server application with a webstart rmi swing client that we have been running successfully on Windows. The client is downloaded and running without any problems on Windows platforms (W2003, Win2K, WinXP). The client webstart jar is signed and all permissions is set in the jnlp file.
  As soon as we setup a server on linux/debian sarge we get these access control exceptions when the server tries to send events back to the client. It complains on
  file permssions not being set on the server jar file and the strange thing is that the path separator is backslash on linux?
  I've tried the following:
  1) java.policy. Added All permssions to the server jar file and/or bin the folder.
  2) Running without any security manager, i.e., System.setSecurityManager(null)
  3) Explicitly setting the policy on the server. Policy.setPolicy(...)
  4) Explicitly setting a policy on the client. URL policyUrl = Thread.currentThread().getContextClassLoader().getResource("server.policy");
  5) Building the server and client on debian
  I'm at my wits end... I've searched these forums and it seems that this is might be a common problem but I've not found a solution yet.
  Our system works 100% on Windows without any problems, it's only on linux/debian that we get these access control problems.
  2005-sep-19 09:39:19 se.xxx.xxx.admin.AdminManager change
  ERROR: java.security.AccessControlException: access denied (java.io.FilePermission \\usr\local\XXX\bin\server.jar read)
  java.security.AccessControlContext.checkPermission(Unknown Source)
  java.security.AccessController.checkPermission(Unknown Source)
  java.lang.SecurityManager.checkPermission(Unknown Source)
  java.lang.SecurityManager.checkRead(Unknown Source)
  java.io.File.exists(Unknown Source)
  sun.net.www.protocol.file.Handler.openConnection(Unknown Source)
  sun.net.www.protocol.file.Handler.openConnection(Unknown Source)
  java.net.URL.openConnection(Unknown Source)
  sun.rmi.server.LoaderHandler.addPermissionsForURLs(Unknown Source)
  sun.rmi.server.LoaderHandler.access$300(Unknown Source)
  sun.rmi.server.LoaderHandler$Loader.<init>(Unknown Source)
  sun.rmi.server.LoaderHandler$Loader.<init>(Unknown Source)
  sun.rmi.server.LoaderHandler$1.run(Unknown Source)
  java.security.AccessController.doPrivileged(Native Method)
  sun.rmi.server.LoaderHandler.lookupLoader(Unknown Source)
  sun.rmi.server.LoaderHandler.loadClass(Unknown Source)
  sun.rmi.server.LoaderHandler.loadClass(Unknown Source)
  java.rmi.server.RMIClassLoader$2.loadClass(Unknown Source)
  java.rmi.server.RMIClassLoader.loadClass(Unknown Source)
  sun.rmi.server.MarshalInputStream.resolveClass(Unknown Source)
  java.io.ObjectInputStream.readNonProxyDesc(Unknown Source)
  java.io.ObjectInputStream.readClassDesc(Unknown Source)
  java.io.ObjectInputStream.readOrdinaryObject(Unknown Source)
  java.io.ObjectInputStream.readObject0(Unknown Source)
  java.io.ObjectInputStream.readObject(Unknown Source)
  sun.rmi.server.UnicastRef.unmarshalValue(Unknown Source)
  sun.rmi.server.UnicastServerRef.dispatch(Unknown Source)
  sun.rmi.transport.Transport$1.run(Unknown Source)
  java.security.AccessController.doPrivileged(Native Method)
  sun.rmi.transport.Transport.serviceCall(Unknown Source)
  sun.rmi.transport.tcp.TCPTransport.handleMessages(Unknown Source)
  sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run(Unknown Source)
  java.lang.Thread.run(Unknown Source)
  sun.rmi.transport.StreamRemoteCall.exceptionReceivedFromServer(Unknown Source)
  sun.rmi.transport.StreamRemoteCall.executeCall(Unknown Source)
  sun.rmi.server.UnicastRef.invoke(Unknown Source)
  se.xxx.xxx.client.XXXApplication_Stub.notify(Unknown Source)
  )

  I have two suggestions. The first is that you didn't indicate the permissions of the file and the directories above it along with the user you're running the program as. In Unix it is easier to get an access issue as you're probably not running as root. In a traditional Windows environment everything runs with admin permission allowing access to anything. While the error comes from the security manager it has nothing to do with traditional J2SE security - it may be an O/S level thing.
  But the second suggestion touches on the other question you have - why is this showing up as backslashes? Is there perhaps an issue with the JNLP file? Is there any code that should be using System.getProperty( "file.separator") and is instead just using the backslash?

• How access control exception is removed

  Pls suggest me how to overcome with this problem .
  I have only this simple code=============>>
  public MyRemoteServer() {
  try {
  MyRemote c = new MyRemoteImpl();
  if (System.getSecurityManager() == null) {
  System.setSecurityManager(new RMISecurityManager());
  Registry r=LocateRegistry.createRegistry(1099);
  Naming.rebind("rmi://192.168.0.60:1099/CalculatorService", c);
  System.out.println("Server is now running ,waiting for client's stimlus");
  } catch (Exception e) {
  System.out.println("Trouble: " + e);
  e.printStackTrace();
  and i got the following exception :============>>
  java.security.AccessControlException: access denied (java.net.SocketPermission 192.168.0.60:1099 connect,resolve)
       at java.security.AccessControlContext.checkPermission(AccessControlContext.java:269)
       at java.security.AccessController.checkPermission(AccessController.java:401)
       at java.lang.SecurityManager.checkPermission(SecurityManager.java:524)Trouble: java.security.AccessControlException: access denied (java.net.SocketPermission 192.168.0.60:1099 connect,resolve)
       at java.lang.SecurityManager.checkConnect(SecurityManager.java:1026)
       at java.net.Socket.connect(Socket.java:446)
       at java.net.Socket.connect(Socket.java:402)
       at java.net.Socket.<init>(Socket.java:309)
       at java.net.Socket.<init>(Socket.java:124)
       at sun.rmi.transport.proxy.RMIDirectSocketFactory.createSocket(RMIDirectSocketFactory.java:22)
       at sun.rmi.transport.proxy.RMIMasterSocketFactory.createSocket(RMIMasterSocketFactory.java:128)
       at sun.rmi.transport.tcp.TCPEndpoint.newSocket(TCPEndpoint.java:562)
       at sun.rmi.transport.tcp.TCPChannel.createConnection(TCPChannel.java:185)
       at sun.rmi.transport.tcp.TCPChannel.newConnection(TCPChannel.java:171)
       at sun.rmi.server.UnicastRef.newCall(UnicastRef.java:313)
       at sun.rmi.registry.RegistryImpl_Stub.rebind(Unknown Source)
       at java.rmi.Naming.rebind(Naming.java:160)
       at com.myrmi.server.MyRemoteServer.<init>(MyRemoteServer.java:22)
       at com.myrmi.server.MyRemoteServer.main(MyRemoteServer.java:32)
  what things sud i do.
  how to set code base ???
  pls help

  Thanx Fedrik
  I got it. Thanx a lot for ur co -operation.
  The summary is that we dont need to specify any security manager
  or code base at server side.
  at client side we'll provide the security manager and codepase property
  like
  System.setProperty("java.security.policy","C:/myrmi.policy");
  System.setProperty("java.rmi.server.codebase", "http://192.168.0.11:8080/rmiclientclasses/");
  but the restriction( or drawback) is that we can only specify the url of http server.
  the policy file is like this --->
  grant
  permission java.net.SocketPermission "*:1024-65535","connect,accept,listen,resolve";
  permission java.security.AllPermission;
  once again thanx Fedrik
  Regards
  Manish Agarwal
  [email protected]
  [email protected]

• Webutil in Forms: Access Control Exception

  Hi
  I have a forms application (Developed using DS10g 9.0.4 on Windows) deployed on a Linux Application Server (10g 9.0.4).
  I am trying to incorporate webutil into my application.
  I believe I have configured webutil (release 1.0.5) correctly and have signed the jacob.jar and webutil.jar files and placed them on the AS box as per the release notes.
  On opening the form which uses webutil I get the following error:
  connectMode=HTTP, native.
  Forms Applet version is : 9.0.4.0
  Exception occurred during event dispatching:
  java.lang.ExceptionInInitializerError: java.security.AccessControlException: access denied (java.util.PropertyPermission java.home read)
       at java.security.AccessControlContext.checkPermission(Unknown Source)
       at java.security.AccessController.checkPermission(Unknown Source)
       at java.lang.SecurityManager.checkPermission(Unknown Source)
       at java.lang.SecurityManager.checkPropertyAccess(Unknown Source)
       at java.lang.System.getProperty(Unknown Source)
       at oracle.forms.webutil.common.VBeanCommon.<clinit>(VBeanCommon.java:130)
       at java.lang.Class.forName0(Native Method)
       at java.lang.Class.forName(Unknown Source)
       at oracle.forms.handler.UICommon.instantiate(Unknown Source)
       at oracle.forms.handler.UICommon.onCreate(Unknown Source)
       at oracle.forms.handler.JavaContainer.onCreate(Unknown Source)
       at oracle.forms.engine.Runform.onCreateHandler(Unknown Source)
       at oracle.forms.engine.Runform.processMessage(Unknown Source)
       at oracle.forms.engine.Runform.processSet(Unknown Source)
       at oracle.forms.engine.Runform.onMessageReal(Unknown Source)
       at oracle.forms.engine.Runform.onMessage(Unknown Source)
       at oracle.forms.engine.Runform.processEventEnd(Unknown Source)
       at oracle.ewt.lwAWT.LWComponent.redispatchEvent(Unknown Source)
       at oracle.ewt.lwAWT.LWComponent.processEvent(Unknown Source)
       at java.awt.Component.dispatchEventImpl(Unknown Source)
       at java.awt.Container.dispatchEventImpl(Unknown Source)
       at java.awt.Component.dispatchEvent(Unknown Source)
       at java.awt.LightweightDispatcher.retargetMouseEvent(Unknown Source)
       at java.awt.LightweightDispatcher.processMouseEvent(Unknown Source)
       at java.awt.LightweightDispatcher.dispatchEvent(Unknown Source)
       at java.awt.Container.dispatchEventImpl(Unknown Source)
       at java.awt.Component.dispatchEvent(Unknown Source)
       at java.awt.EventQueue.dispatchEvent(Unknown Source)
       at java.awt.EventDispatchThread.pumpOneEventForHierarchy(Unknown Source)
       at java.awt.EventDispatchThread.pumpEventsForHierarchy(Unknown Source)
       at java.awt.EventDispatchThread.pumpEvents(Unknown Source)
       at java.awt.EventDispatchThread.run(Unknown Source)
  This to me is indicative of something not being right with the signing process. I have confirmed that both files were signed (using 'jarsigner -verify').
  I have also tried re-signing the f90all.jar file (is this still required, or has the feature present in earlier versions of forms relating to multiple signing identities now been fixed)?
  Any ideas would be appreciated.
  Thanks
  Steve

  Just tried this again (after a gap of about a week), and it works fine.
  The only thing I can think of is that somewhere old versions of the jar files (unsigned) were being cached, probably on the application server (I had tried clearing out the cache on the client previously).

• Access Control Exception

  Hi
  i have an applet which prints an image file to printer. When i clicked on print i am getting the following exception ...i set grant all permissions also..but getting the same error ....
  can anybody suggest me
  java.security.AccessControlException: access denied (java.io.FilePermission D:\Tomcat 4.1\webapps\examples\images\testimages\anim-1.tif read)

  Why did you have to start a new thread when you've been given the answer to your problem here. The answer to your problem was sorted out in the reply there and please, when next you get response from people in this forum, always make sure you come back to tell them the outcome of the solution given. The reason is that it allows others to learn from it.
  However, if you do not acknowledge any help given, you are more or less stopping people from helping you again.
  All the best

• Access control Exception - additional file in project

  Hello, I'm trying to add 2 files to my project, it all works when I run it by netbeans, but when I try to run it from dist/*.html or dist/*.jnpl I'm getting error :
  java.security.AccessControlException: access denied ("java.io.FilePermission" "\milionerzy\pytania.xml" "read")
       at java.security.AccessControlContext.checkPermission(Unknown Source)
       at java.security.AccessController.checkPermission(Unknown Source)
       at java.lang.SecurityManager.checkPermission(Unknown Source)
       at java.lang.SecurityManager.checkRead(Unknown Source)
       at java.io.File.isDirectory(Unknown Source)
       at sun.net.www.protocol.file.FileURLConnection.connect(Unknown Source)
       at sun.net.www.protocol.file.FileURLConnection.getInputStream(Unknown Source)
       at org.apache.xerces.impl.XMLEntityManager.setupCurrentEntity(Unknown Source)
       at org.apache.xerces.impl.XMLVersionDetector.determineDocVersion(Unknown Source)
       at org.apache.xerces.parsers.XML11Configuration.parse(Unknown Source)
       at org.apache.xerces.parsers.XML11Configuration.parse(Unknown Source)
       at org.apache.xerces.parsers.XMLParser.parse(Unknown Source)
       at org.apache.xerces.parsers.DOMParser.parse(Unknown Source)
       at org.apache.xerces.jaxp.DocumentBuilderImpl.parse(Unknown Source)
       at milionerzy.Pytanie.getPytania(Pytanie.java:33)
       at milionerzy.GameWindow.start(GameWindow.java:53)
       at milionerzy.Milionerzy.start(Milionerzy.java:26)
       at com.sun.javafx.applet.FXApplet2$1.run(Unknown Source)
       at com.sun.javafx.application.PlatformImpl$3.run(Unknown Source)
       at com.sun.glass.ui.win.WinApplication._runLoop(Native Method)
       at com.sun.glass.ui.win.WinApplication.access$100(Unknown Source)
       at com.sun.glass.ui.win.WinApplication$2$1.run(Unknown Source)
       at java.lang.Thread.run(Unknown Source)
  Pytania.xml is inside dist/ Directory
  Code in java :
  Document doc = builder.parse(new InputSource(filename));
  How and where should I add permission for additional files?

  Access the files through the class getResourceAsStream function or sign your app using the documention in the javafx deployment guide or at the net beans site.

• Yet another parental control issue

  Since the initial set up of my broadband on Thursday I have been unable to access Twitter, Facebook or instragram. It seems that I'm not alone with this problem so I'll spare the details. Any help would be gratefully received as daughters are driving me mad because they can't access their facebooks.
  Many thanks

  See this link and in particular the part I've copied below which goes someway to explain what the moderators "can/may" do
  https://community.bt.com/t5/Announcements-Terms/Change-of-Mods-Contact-Us-link/td-p/931648
  "The forum is a customer to customer environment and moderation intervention is normally reserved for back end or account specific fixes that community members will never be able to resolve, there are members of the forum who have had similar experiences to you and the wealth of knowledge on the community is valuable to all BT customers, we have a great team of community leaders who are here to help and many other users who have a whole host of knowledge between them."

• Access Security Exception

  Hello,
  I have written an applet and when I upload the applet to the website and open the browser I get an access control exception error.
  Platform: MacOS X
  I.E: 5.1.2
  Error:
  java.security.AccessControlException: access deinied (java.lang.RuntimePermission writeFileDescriptor)
  What can I do about this problem?
  Thanks!

  You are trying to access a file on the local PC, you can't do this with an applet. If you are actually trying to refer to a file on the Server, make sure you are not using File objects. Refer to them as URL objects. Obvisouly I am guessing without knowing what your code looks like or what your are trying to get the applet to do.
  Being it says FileDescriptor in your error try using the Url object as I did below:
       private URL theUrl;
       private Color backColor;
       private String sztemp;
       public void init()
            //????Maybe Make a thread and move all to start???
            //Set All Values to defaults
            filename = "counter.dat";
            fullURL = getCodeBase() + filename;
            displaytype = "text";
            value = 0;
            digits = 5;
            backColor = new Color(255,255,255);
            //Get AppletParameters that were set
            // Create the URL for Counter file
            try{
                 theUrl = new URL(fullURL);
            } catch( MalformedURLException e)
                 System.out.println("Bad URL: " + theUrl );
  then
            try {
                 connect = this.theUrl.openConnection();
                 connect.connect();
            } catch ( IOException e ) {
                 System.out.println("IO Error: " + e.getMessage() );
  and to use the Input Stream
                 DataInputStream stream = new DataInputStream( new BufferedInputStream(connection.getInputStream() ) );
  As far as the output stream, I need answer to my posting.
  Hope that helped.

• Another ORA-24247: network access denied by access control list (ACL)

  Hi
  We have just upgraded from 10g to 11g (DB version is 11.2.0.1.0), and i've have nothing but problems with ACL.
  I've tried:
  Creation code (as dba-user):
  begin
  DBMS_NETWORK_ACL_ADMIN.CREATE_ACL(’netacl.xml’,
  ‘Allow usage to the UTL network packages’, ‘ACLTEST’, TRUE, ‘connect’);
  DBMS_NETWORK_ACL_ADMIN.ADD_PRIVILEGE(’netacl.xml’ ,’ACLTEST’, TRUE, ‘resolve’);
  DBMS_NETWORK_ACL_ADMIN.ASSIGN_ACL(’netacl.xml’,'*’);
  commit;
  end;
  Execution code (as ACLTEST):
  declare
  l_conn UTL_TCP.connection;
  v_file ftp.TStringTable;
  l_list ftp.t_string_table;
  begin
  l_conn := ftp.Logind('DOMAIN', 21, 'USERNAME', 'PASSWORD');
  ftp.logout(l_conn);
  end;
  Error stack
  ORA-24247: network access denied by access control list (ACL)
  ORA-06512: at “SYS.UTL_TCP”, line 17
  ORA-06512: at “SYS.UTL_TCP”, line 246
  ORA-06512: at “COMMON.FTP”, line 784
  ORA-06512: at line 7
  i've tried to add the domain in the acl with full port range with no luck:
  begin
  DBMS_NETWORK_ACL_ADMIN.ASSIGN_ACL(’netacl.xml’,'DOMAIN’,1,65000);
  commit;
  end;

  Hi;
  First what below query return
  SELECT acl,
  principal,
  privilege,
  is_grant,
  to_char(start_date) ,
  to_char(end_date)
  FROM dba_network_acl_privileges;
  Regard
  Helios

• Yet another dead mic with Win7 64-bit upgrd - Portege M700

  Title says it all.  Mics used to work fine on this machine under Windows XP. Under Win7, except as I note below, the mic has inaudibly low volume with any Control Panel Sound settings. I've spent huge amounts of time trying to solve this. After seeing all the similar posts (with no solutions, it seems) from users of many different Toshiba laptops, I'm about to start spreading the meme across the Internet that Toshiba laptops can't use mics.
  I started by upgrading to Win7 then adding just the 64-bit drivers I need from Toshiba's support site. No joy.  Then I started from a clean Win7 upgrade (64-bit Home) using Toshiba's upgrade script.  Nope.  Installed latest generic drivers from Realtek.  Hmm .. some progress, maybe: now with some Sound settings I can get slightly more volume but the mic input is drowned out by white noise-ish hissing.  All right, disable any other sound sources I can adjust: disable Chicony webcam driver from Device Manager. Hmm, now mike volume can get fairly high but the hissing still drowns it out.
  Toshiba: At some level, this is a problem between Microsoft and Realtek, I know. But you can help us.  MS changed the audio model significantly since Win XP, including (god knows why!) giving up the little audio mixer app that used to let you adjust levels for different sound sources.  And Realtek's generic driver doesn't provide one either.  So just give us a way to adjust levels for different audio inputs!  Maybe I haven't Googled sufficiently and some hacker out there has one, but I kinda doubt it ... if it requires driver-level access as I suspect, Microsoft's new DRM-motivated hammerlock limiting us to signed drivers prevents us from fixing this ourselves.  (It also means we can't access our ext3 partitions without extreme measures, but that's another rant.)  So CAN SOME TOSHIBA ENGINEER PLEASE LET MANAGEMENT KNOW THEY'RE ABOUT TO DESTROY THEIR LAPTOP FRANCHISE OVER AUDIO ISSUES?  Just cut, paste, and forward a couple dozen of these threads.  Sure, it's a career risk but (wo)man up to it!  Audio really matters to laptop buyers nowadays ... without Skype, I'll have do carry Yet Another Device when I'm traveling.  Heck, I've personally bought at least 6 Toshiba laptops over the years and I'm starting to shop for a replacement.  Anything but Toshiba, I'm sorry to say :-(
  Oh, in case somebody has an idea of something else I can try, the specific model is PPM70U-1KC01DB

  Title says it all.  Mics used to work fine on this machine under Windows XP. Under Win7, except as I note below, the mic has inaudibly low volume with any Control Panel Sound settings. I've spent huge amounts of time trying to solve this. After seeing all the similar posts (with no solutions, it seems) from users of many different Toshiba laptops, I'm about to start spreading the meme across the Internet that Toshiba laptops can't use mics.
  I started by upgrading to Win7 then adding just the 64-bit drivers I need from Toshiba's support site. No joy.  Then I started from a clean Win7 upgrade (64-bit Home) using Toshiba's upgrade script.  Nope.  Installed latest generic drivers from Realtek.  Hmm .. some progress, maybe: now with some Sound settings I can get slightly more volume but the mic input is drowned out by white noise-ish hissing.  All right, disable any other sound sources I can adjust: disable Chicony webcam driver from Device Manager. Hmm, now mike volume can get fairly high but the hissing still drowns it out.
  Toshiba: At some level, this is a problem between Microsoft and Realtek, I know. But you can help us.  MS changed the audio model significantly since Win XP, including (god knows why!) giving up the little audio mixer app that used to let you adjust levels for different sound sources.  And Realtek's generic driver doesn't provide one either.  So just give us a way to adjust levels for different audio inputs!  Maybe I haven't Googled sufficiently and some hacker out there has one, but I kinda doubt it ... if it requires driver-level access as I suspect, Microsoft's new DRM-motivated hammerlock limiting us to signed drivers prevents us from fixing this ourselves.  (It also means we can't access our ext3 partitions without extreme measures, but that's another rant.)  So CAN SOME TOSHIBA ENGINEER PLEASE LET MANAGEMENT KNOW THEY'RE ABOUT TO DESTROY THEIR LAPTOP FRANCHISE OVER AUDIO ISSUES?  Just cut, paste, and forward a couple dozen of these threads.  Sure, it's a career risk but (wo)man up to it!  Audio really matters to laptop buyers nowadays ... without Skype, I'll have do carry Yet Another Device when I'm traveling.  Heck, I've personally bought at least 6 Toshiba laptops over the years and I'm starting to shop for a replacement.  Anything but Toshiba, I'm sorry to say :-(
  Oh, in case somebody has an idea of something else I can try, the specific model is PPM70U-1KC01DB

• EP 6.0 SP2 KM Access control and version problems

  Hi,
  We have installed EP 6.0 SP2 and have configured KM. We have created a File system repository pointing to a shared folder in the local drive. Now, we are facing the following 2 problems:
  1. Access Control for Resources (folders and files) are not working..i.e, even though, we have given 'Read' access to a particular folder for a given portal user, he is still able to delete, rename, etc. How do we tackle this? Is there any property to be set for ACL to work.
  ACL Manager Cache : ca_rsrc_acl
  Security Manager  : AclSecurityManager
  are used for this particular file system repository.
  2. For the very same file system repository, we are not able to get the option 'versioning' for any of the folders. while for other folders in Content Management (CM) repository, 'versioning' property appears. Why is this so? Is there any setting to be done for the property 'versioning' to appear for a file system repository?
  Any help in this regard is highly appreciated.
  Thanks in advance,
  Pavithra

  Hi,
  Thanks so much for the quick response. It was quite helpful. The problem is that while trying to set up W2Ksecurity manager, the system component monitor shows the following error:
  Startup Error:  Exception during start up of sub-manager: The W2kSecurityManager can only be run under Windows 2000 operating systems.
  Portal server is installed on Microsoft Windows 2003 server. But the file system repository is mapped to a shared drive whose host machine runs Microsoft windows 2000 professional.
  My Questions:
  1. Do I have to have Microsoft Windows 2000 ONLY for portal installation.
  2. Can I not have a shared folder mapped to another local machine's directory
  3. Also, Any ideas on whats the max length of file path for KM..Because, its likely that the file path length may extend to more than 200 characters..
  Please help me in this regard.
  Thanks in advance.
  Pavithra

• APEX and ORA-24247: network access denied by access control list (ACL)

  Hi,
  I try to send email with APEX.
  I have enter the parameters of my mail server and activate the email on my application.
  I have follow the APEX installation guide and apply the script given in the "Granting Connect Privileges" section.
  When I try to send email or make a subscription, I don't receive any email and can see this error in the table "WWV_FLOW_MAIL_LOG"
  +"MAIL_TO","MAIL_FROM","MAIL_REPLYTO","MAIL_SUBJ","MAIL_CC","MAIL_BCC","MAIL_SEND_ERROR","LAST_UPDATED_BY","LAST_UPDATED_ON","SECURITY_GROUP_ID"+
  +"[email protected]","[email protected]","[email protected]","Suivi de Besoins","","","ORA-24247: network access denied by access control list (ACL)","SYS",05/03/12,3210210578052219+
  +"[email protected]","[email protected]","[email protected]","Suivi de Besoins","","","ORA-24247: network access denied by access control list (ACL)","SYS",05/03/12,3210210578052219+
  +"[email protected]","[email protected]","[email protected]","Suivi de Besoins","","","ORA-24247: network access denied by access control list (ACL)","SYS",05/03/12,3210210578052219+
  +"[email protected]","[email protected]","[email protected]","Suivi de Besoins","","","ORA-24247: network access denied by access control list (ACL)","SYS",05/03/12,3210210578052219+
  +"[email protected]","[email protected]","[email protected]","Suivi de Besoins","","","ORA-24247: network access denied by access control list (ACL)","SYS",24/02/12,3210210578052219+
  +"[email protected]","[email protected]","[email protected]","Suivi de Besoins","","","ORA-24247: network access denied by access control list (ACL)","SYS",05/03/12,3210210578052219+
  Do you see what is wrong in my configuration ?
  I use APEX 4.1, Oracle 11g.
  The script that I have apply is :
  DECLARE
  ACL_PATH  VARCHAR2(4000);
  ACL_ID    RAW(16);
  BEGIN
  -- Look for the ACL currently assigned to '*' and give APEX_040100
  -- the "connect" privilege if APEX_040100 does not have the privilege yet.
  SELECT ACL INTO ACL_PATH FROM DBA_NETWORK_ACLS
  WHERE HOST = '*' AND LOWER_PORT IS NULL AND UPPER_PORT IS NULL;
  -- Before checking the privilege, make sure that the ACL is valid
  -- (for example, does not contain stale references to dropped users).
  -- If it does, the following exception will be raised:
  --+
  -- ORA-44416: Invalid ACL: Unresolved principal 'APEX_040100'
  -- ORA-06512: at "XDB.DBMS_XDBZ", line ...
  --+
  SELECT SYS_OP_R2O(extractValue(P.RES, '/Resource/XMLRef')) INTO ACL_ID
  FROM XDB.XDB$ACL A, PATH_VIEW P
  WHERE extractValue(P.RES, '/Resource/XMLRef') = REF(A) AND
  EQUALS_PATH(P.RES, ACL_PATH) = 1;
  DBMS_XDBZ.ValidateACL(ACL_ID);
  IF DBMS_NETWORK_ACL_ADMIN.CHECK_PRIVILEGE(ACL_PATH, 'APEX_040100',
  +'connect') IS NULL THEN+
  DBMS_NETWORK_ACL_ADMIN.ADD_PRIVILEGE(ACL_PATH,
  +'APEX_040100', TRUE, 'connect');+
  END IF;
  EXCEPTION
  -- When no ACL has been assigned to '*'.
  WHEN NO_DATA_FOUND THEN
  DBMS_NETWORK_ACL_ADMIN.CREATE_ACL('power_users.xml',
  +'ACL that lets power users to connect to everywhere',+
  +'APEX_040100', TRUE, 'connect');+
  DBMS_NETWORK_ACL_ADMIN.ASSIGN_ACL('power_users.xml','*');
  END;
  +/+
  COMMIT;
  Thanks for your help,

  Hi,
  You need to grant privilege to the user.
  i.e add principal
  You can use script :
  DECLARE
  ACL_ID   RAW(16);
  CNT      NUMBER;
  BEGIN
  -- Look for the object ID of the ACL currently assigned to ''*
  SELECT ACLID INTO ACL_ID FROM DBA_NETWORK_ACLS
  WHERE HOST = '' AND LOWER_PORT IS NULL AND UPPER_PORT IS NULL;*
  -- If just some users referenced in the ACL are invalid, remove just those
  -- users in the ACL. Otherwise, drop the ACL completely.
  SELECT COUNT(PRINCIPAL) INTO CNT FROM XDS_ACE
  WHERE ACLID = ACL_ID AND
  EXISTS (SELECT NULL FROM ALL_USERS WHERE USERNAME = PRINCIPAL);
  IF (CNT > 0) THEN
  FOR R IN (SELECT PRINCIPAL FROM XDS_ACE
  WHERE ACLID = ACL_ID AND
  NOT EXISTS (SELECT NULL FROM ALL_USERS
  WHERE USERNAME = PRINCIPAL)) LOOP
  UPDATE XDB.XDB$ACL
  SET OBJECT_VALUE =
  DELETEXML(OBJECT_VALUE,
  *'/ACL/ACE[PRINCIPAL="'||R.PRINCIPAL||'"]')*
  WHERE OBJECT_ID = ACL_ID;
  END LOOP;
  ELSE
  DELETE FROM XDB.XDB$ACL WHERE OBJECT_ID = ACL_ID;
  END IF;
  END;
  REM commit the changes.
  COMMIT;
  Or you need to add privilege to specific user/schema using following script:
  BEGIN
  DBMS_NETWORK_ACL_ADMIN.ADD_PRIVILEGE (
  acl          => 'aclfilename.xml',
  principal    => 'databaseuser',
  is_grant     => TRUE,
  privilege    => 'connect',
  position     => null);
  COMMIT;
  END;
  Please execute this code after connect as sysdba user.
  Thanks & Regards,
  Jaydipsinh Raulji
  Web: [www.oracleapexconsultant.com|www.oracleapexconsultant.com]

• Access Control Rules Queries

  Howdy,
  I have a couple of queries about Access Control Rules that I am hoping someone can answer for me.
  We are running GW 8.0.2 with a single GWIA for our external (SMTP) mail. The access control is set up as follows:
  Default Class of Service (allow SMTP in and out, IMAP and POP3) assigned to Everyone.
  Allow Internet Email (allow SMTP in and out, allow IMAP, deny POP3) assigned to a distribution list.
  Deny Internet Email (deny SMTP in (with some source exceptions for internal systems) deny SMTP out, Deny IMAP and POP3) assigned to a distributon list. We add every user to this dist list by default.
  The net effect of these rules is that unless a user is added to the distribution lsit that the Allow Internet Email rule is assigned to they cannot send or receive SMTP mail. This is what we are after. These rules were set up some time ago by another adminstrator who is no longer around.
  My first query is relates to the order of the rules. Are they evaluated in any particular order? If so what determines the precedence?
  My second query is can we dispense with the specific Deny Internet Email rule we have in place by changing the Default Class of Service to DENY SMTP in and out or does this Class of Service need to be Allow for some reason. I note that I cannot delete the Default Clss of Service or change its membership. I can, however, edit it.
  Finally, I would like to set things up so that we can allow only a small group of people to send mail to a particular domain. These people are already members of the distribution list that allows SMTP out. What I am planning to do is:
  Create a distribution list and add the people who need this access to it.
  Modify the Allow Internet Email Class of service so that the SMTP out has an exception added for the domain we want to control.
  Create a new Class of Service that allows SMTP out with out any exceptions and assign the membership of this to the distribution list created above.
  Will this stop everyone who is allowed to send SMTP mail from sending to the nominated domain excpet for those people in the new distribution list?
  Thanks for any help or suggestions.
  Cheers
  Stuart

  Hi.
  On 11.07.2011 01:36, Big Stu wrote:
  > My first query is relates to the order of the rules. Are they
  > evaluated in any particular order? If so what determines the
  > precedence?
  >
  > My second query is can we dispense with the specific Deny Internet
  > Email rule we have in place by changing the Default Class of Service to
  > DENY SMTP in and out or does this Class of Service need to be Allow for
  > some reason. I note that I cannot delete the Default Clss of Service or
  > change its membership. I can, however, edit it.
  To answer both questions, no, you can't deny the default class of
  service, cause you can only *remove* access with other classes, but
  never *expand* from the default.
  > Finally, I would like to set things up so that we can allow only a
  > small group of people to send mail to a particular domain. These people
  > are already members of the distribution list that allows SMTP out. What
  > I am planning to do is:
  >
  > Create a distribution list and add the people who need this access to
  > it.
  > Modify the Allow Internet Email Class of service so that the SMTP out
  > has an exception added for the domain we want to control.
  > Create a new Class of Service that allows SMTP out with out any
  > exceptions and assign the membership of this to the distribution list
  > created above.
  >
  > Will this stop everyone who is allowed to send SMTP mail from sending
  > to the nominated domain excpet for those people in the new distribution
  > list?
  Yes, that should work.
  CU,
  Massimo Rosen
  Novell Knowledge Partner
  No emails please!
  http://www.cfc-it.de

• How to allow multiple domains under Access-Control-Allow-Origin

  Hi,
  We have a domain where will get CORS request from another domain hosted on seperate DC. We can't set
  Access-Control-Allow-Origin as * due to security concerns & IIS can't take more than 1 value at a time. Kindly suggest how to pass multiple httpheader  for
  Access-Control-Allow-Origin.
  Regards,
  Dhiraj

  Hello Dhiraj,
  This is not the suitable forum for your question, you may post in
  IIS forums for more help.
  Thanks for your understanding.
  We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
  Click
  HERE to participate the survey.

• Is this yet another problem with 7.5 or is it just me . . .

  Upgrade seemed to be fine, at first . . . now I keep getting distortion on songs. It seems to be quite random and just because a song has been distorted when I've listened to it once doesn't mean it will be when I listen to it again! It's driving me insane. Is this yet another bug or have I done something wrong (apart from upgrading to 7.5).

  Hi Emlou,
  If you have a Windows based operating system such as XP -
  It seems to me that you are suffering what I am having the same problem with - the program takes up to much of your computer's processing usage. If you go into your task manager and watch performance as ITunes runs - you will see how much of the total computer usage it is taking at any given moment - that's why your songs are distorted, slowing, garbled, etc - the usage on mine spikes from 11% - 93% AT ANY GIVEN MINUTE! I have no idea why, but I have found that by going to your "Control Panel" and clicking on Quicktime you can adjust audio output to help. Click the audio tab, click Safe Mode Wavout only (checkbox) / Then adjust the "Rate" to 96kHz / Then adjust the "Size" to 16 bit. Close that and shut down and restart Itunes - it might help a little for you.
  Maybe someone out there can help us find out why we are suffering with all the CPU usage trouble and how to adjust that spiking.
  Thanks!
  Paul