Search Results

Search found 12717 results on 509 pages for 'ouaf security'.

Page 11/509 | < Previous Page | 7 8 9 10 11 12 13 14 15 16 17 18  | Next Page >

  • .NET Declarative Security: Why is SecurityAction.Deny impossible to work with?

    - by rally25rs
    I've been messing with this for about a day and a half now sifting through .NET reflector and MSDN docs, and can't figure anything out... As it stands in the .NET framework, you can demand that the current Principal belong to a role to be able to execute a method by marking a method like this: [PrincipalPermission(SecurityAction.Demand, Role = "CanEdit")] public void Save() { ... } I am working with an existing security model that already has a "ReadOnly" role defined, so I need to do exactly the opposite of above... block the Save() method if a user is in the "ReadOnly" role. No problem, right? just flip the SecurityAction to .Deny: [PrincipalPermission(SecurityAction.Deny, Role = "ReadOnly")] public void Save() { ... } Well, it turns out that this does nothing at all. The method still runs fine. It seems that the PrincipalPermissionAttribute defines: public override IPermission CreatePermission() But when the attribute is set to SecurityAction.Deny, this method is never called, so no IPermission object is ever created. Does anyone know of a way to get .Deny to work? I've been trying to make a custom secutiry attribute, but even that doesn't work. I tried to get tricky and do: public class MyPermissionAttribute : CodeAccessSecurityAttribute { private SecurityAction securityAction; public MyPermissionAttribute(SecurityAction action) : base(SecurityAction.Demand) { if (action != SecurityAction.Demand && action != SecurityAction.Deny) throw new ArgumentException("Unsupported SecurityAction. Only Demand and Deny are supported."); this.securityAction = action; } public override IPermission CreatePermission() { // do something based on the SecurityAction... } } Notice my attribute constructor always passes SecurityAction.Demand, which is the one action that would work previously. However, even in this case, the CreatePermission() method is still only called when the attribute is set to .Demand, and not .Deny! Maybe the runtime is actually checking the attribute instead of the SecurityAction passed to the CodeAccessSecurityAttribute constructor? I'm not sure what else to try here... anyone have any ideas? You wouldn't think it would be that hard to deny method access based on a role, instead of only demanding it. It really disturbed me that the default PrincipalPermission appears from within an IDE like it would be just fine doing a .Deny, and there is like a 1-liner in the MSDN docs that hint that it won't work. You would think the PrincipalPermissionAttribute constructor would throw an exception immediately if anything other that .Demand is specified, since that could create a big security hole! I never would have realized that .Deny does nothing at all if I hadn't been unit testing! Again, all this stems from having to deal with an existing security model that has a "ReadOnly" role that needs to be denied access, instead of doing it the other way around, where I cna just grant access to a role. Thanks for any help! Quick followup: I can actually make my custom attribute work by doing this: public class MyPermissionAttribute : CodeAccessSecurityAttribute { public SecurityAction SecurityAction { get; set; } public MyPermissionAttribute(SecurityAction action) : base(action) { } public override IPermission CreatePermission() { switch(this.SecurityAction) { ... } // check Demand or Deny } } And decorating the method: [MyPermission(SecurityAction.Demand, SecurityAction = SecurityAction.Deny, Role = "ReadOnly")] public void Save() { ... } But that is terribly ugly, since I'm specifying both Demand and Deny in the same attribute. But it does work... Another interesting note: My custom class extends CodeAccessSecurityAttribute, which in turn only extends SecurityAttribute. If I cnage my custom class to directly extend SecurityAttribute, then nothing at all works. So it seems the runtime is definately looking for only CodeAccessSecurityAttribute instances in the metadata, and does something funny with the SecurityAction specified, even if a custom constructor overrides it.

    Read the article

  • Spring Security - Persistent Remember Me Issue

    - by Taylor L
    I've been trying to track down why Spring Security isn't creating the Spring Security remember me cookie (SPRING_SECURITY_REMEMBER_ME_COOKIE). At first glance, the logs make it seem like the login is failing, but the login is actually successful in the sense that if I navigate to a page that requires authentication I am not redirected back to the login page. However, the logs appear to be saying the login credentials are invalid. I'm using Spring 3.0.1, Spring Security 3.0.1, and Google App Engine 1.3.1. Any ideas as to what is going on? Mar 16, 2010 10:05:56 AM org.springframework.security.web.authentication.rememberme.PersistentTokenBasedRememberMeServices onLoginSuccess FINE: Creating new persistent login for user [email protected] Mar 16, 2010 10:10:07 AM org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices loginFail FINE: Interactive login attempt was unsuccessful. Mar 16, 2010 10:10:07 AM org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices cancelCookie FINE: Cancelling cookie Below is the relevant portion of the applicationContext-security.xml. <http auto-config="false"> <intercept-url pattern="/css/**" filters="none" /> <intercept-url pattern="/img/**" filters="none" /> <intercept-url pattern="/js/**" filters="none" /> <intercept-url pattern="/app/admin/**" filters="none" /> <intercept-url pattern="/app/login/**" filters="none" /> <intercept-url pattern="/app/register/**" filters="none" /> <intercept-url pattern="/app/error/**" filters="none" /> <intercept-url pattern="/" filters="none" /> <intercept-url pattern="/**" access="ROLE_USER" /> <logout logout-success-url="/" /> <form-login login-page="/app/login" default-target-url="/" authentication-failure-url="/app/login?login_error=1" /> <session-management invalid-session-url="/app/login" /> <remember-me services-ref="rememberMeServices" key="myKey" /> </http> <authentication-manager alias="authenticationManager"> <authentication-provider user-service-ref="userDetailsService"> <password-encoder hash="sha-256" base64="true"> <salt-source user-property="username" /> </password-encoder> </authentication-provider> </authentication-manager> <beans:bean id="userDetailsService" class="com.my.service.auth.UserDetailsServiceImpl" /> <beans:bean id="rememberMeServices" class="org.springframework.security.web.authentication.rememberme.PersistentTokenBasedRememberMeServices"> <beans:property name="userDetailsService" ref="userDetailsService" /> <beans:property name="tokenRepository" ref="persistentTokenRepository" /> <beans:property name="key" value="myKey" /> </beans:bean> <beans:bean id="persistentTokenRepository" class="com.my.service.auth.PersistentTokenRepositoryImpl" />

    Read the article

  • Cannot update, apt-get cannot fetch index files

    - by Evan
    I have a fresh install of Ubuntu 11.10 from the iso 'ubuntu-11.10-desktop-amd64.iso'. I installed this in VMWare Fusion 4.1.1 running on OSX 10.7.3. When setting up the VM, I allowed easy install to take care of creating my user and installing VMWare tools. No problems during installation, everything seems to be working great. The problem is that apt-get will NOT update, so I can't do software updates or install any software with apt-get install. I have been searching high and low, and have found several threads covering similar issues. How to fix a ruined package catalog? is one, Update manager generates 404 error while attempting update. Will not update is another, Ubuntu 11.10 Update issue (failed to fetch...) is a third I have tried changing my software source download location to "Main Server" rather than "Server for United States", to no avail. Same errors. Tried sudo apt-get clean, sudo apt-get autoclean, Have done a sudo rm /var/lib/apt/lists/*, still having the exact same problem. As I said, this is a brand new installation as of yesterday evening. Since I know it will be needed, here is my output from a sudo apt-get update: evan@ubuntu:~$ sudo apt-get update Ign http://archive.ubuntu.com oneiric InRelease Ign http://archive.ubuntu.com oneiric-updates InRelease Ign http://archive.ubuntu.com oneiric-backports InRelease Ign http://archive.ubuntu.com oneiric-security InRelease Ign http://archive.ubuntu.com oneiric Release.gpg Ign http://archive.ubuntu.com oneiric-updates Release.gpg Ign http://archive.ubuntu.com oneiric-backports Release.gpg Ign http://archive.ubuntu.com oneiric-security Release.gpg Ign http://archive.ubuntu.com oneiric Release Ign http://archive.ubuntu.com oneiric-updates Release Ign http://archive.ubuntu.com oneiric-backports Release Ign http://archive.ubuntu.com oneiric-security Release Ign http://archive.ubuntu.com oneiric/main TranslationIndex Ign http://archive.ubuntu.com oneiric/multiverse TranslationIndex Ign http://archive.ubuntu.com oneiric/restricted TranslationIndex Ign http://archive.ubuntu.com oneiric/universe TranslationIndex Ign http://archive.ubuntu.com oneiric-updates/main TranslationIndex Ign http://archive.ubuntu.com oneiric-updates/multiverse TranslationIndex Ign http://archive.ubuntu.com oneiric-updates/restricted TranslationIndex Ign http://archive.ubuntu.com oneiric-updates/universe TranslationIndex Ign http://archive.ubuntu.com oneiric-backports/main TranslationIndex Ign http://archive.ubuntu.com oneiric-backports/multiverse TranslationIndex Ign http://archive.ubuntu.com oneiric-backports/restricted TranslationIndex Ign http://archive.ubuntu.com oneiric-backports/universe TranslationIndex Ign http://archive.ubuntu.com oneiric-security/main TranslationIndex Ign http://archive.ubuntu.com oneiric-security/multiverse TranslationIndex Ign http://archive.ubuntu.com oneiric-security/restricted TranslationIndex Ign http://archive.ubuntu.com oneiric-security/universe TranslationIndex Err http://archive.ubuntu.com oneiric/main Sources 404 Not Found Err http://archive.ubuntu.com oneiric/restricted Sources 404 Not Found Err http://archive.ubuntu.com oneiric/universe Sources 404 Not Found Err http://archive.ubuntu.com oneiric/multiverse Sources 404 Not Found Err http://archive.ubuntu.com oneiric/main amd64 Packages 404 Not Found Err http://archive.ubuntu.com oneiric/restricted amd64 Packages 404 Not Found Err http://archive.ubuntu.com oneiric/universe amd64 Packages 404 Not Found Err http://archive.ubuntu.com oneiric/multiverse amd64 Packages 404 Not Found Err http://archive.ubuntu.com oneiric/main i386 Packages 404 Not Found Err http://archive.ubuntu.com oneiric/restricted i386 Packages 404 Not Found Err http://archive.ubuntu.com oneiric/universe i386 Packages 404 Not Found Err http://archive.ubuntu.com oneiric/multiverse i386 Packages 404 Not Found Err http://archive.ubuntu.com oneiric-updates/main Sources 404 Not Found Err http://archive.ubuntu.com oneiric-updates/restricted Sources 404 Not Found Err http://archive.ubuntu.com oneiric-updates/universe Sources 404 Not Found Err http://archive.ubuntu.com oneiric-updates/multiverse Sources 404 Not Found Err http://archive.ubuntu.com oneiric-updates/main amd64 Packages 404 Not Found Err http://archive.ubuntu.com oneiric-updates/restricted amd64 Packages 404 Not Found Err http://archive.ubuntu.com oneiric-updates/universe amd64 Packages 404 Not Found Err http://archive.ubuntu.com oneiric-updates/multiverse amd64 Packages 404 Not Found Err http://archive.ubuntu.com oneiric-updates/main i386 Packages 404 Not Found Err http://archive.ubuntu.com oneiric-updates/restricted i386 Packages 404 Not Found Err http://archive.ubuntu.com oneiric-updates/universe i386 Packages 404 Not Found Err http://archive.ubuntu.com oneiric-updates/multiverse i386 Packages 404 Not Found Ign http://extras.ubuntu.com oneiric InRelease Err http://archive.ubuntu.com oneiric-backports/main Sources 404 Not Found Err http://archive.ubuntu.com oneiric-backports/restricted Sources 404 Not Found Err http://archive.ubuntu.com oneiric-backports/universe Sources 404 Not Found Err http://archive.ubuntu.com oneiric-backports/multiverse Sources 404 Not Found Err http://archive.ubuntu.com oneiric-backports/main amd64 Packages 404 Not Found Err http://archive.ubuntu.com oneiric-backports/restricted amd64 Packages 404 Not Found Err http://archive.ubuntu.com oneiric-backports/universe amd64 Packages 404 Not Found Err http://archive.ubuntu.com oneiric-backports/multiverse amd64 Packages 404 Not Found Err http://archive.ubuntu.com oneiric-backports/main i386 Packages 404 Not Found Err http://archive.ubuntu.com oneiric-backports/restricted i386 Packages 404 Not Found Err http://archive.ubuntu.com oneiric-backports/universe i386 Packages 404 Not Found Err http://archive.ubuntu.com oneiric-backports/multiverse i386 Packages 404 Not Found Err http://archive.ubuntu.com oneiric-security/main Sources 404 Not Found Err http://archive.ubuntu.com oneiric-security/restricted Sources 404 Not Found Err http://archive.ubuntu.com oneiric-security/universe Sources 404 Not Found Err http://archive.ubuntu.com oneiric-security/multiverse Sources 404 Not Found Err http://archive.ubuntu.com oneiric-security/main amd64 Packages 404 Not Found Err http://archive.ubuntu.com oneiric-security/restricted amd64 Packages 404 Not Found Err http://archive.ubuntu.com oneiric-security/universe amd64 Packages 404 Not Found Err http://archive.ubuntu.com oneiric-security/multiverse amd64 Packages 404 Not Found Err http://archive.ubuntu.com oneiric-security/main i386 Packages 404 Not Found Err http://archive.ubuntu.com oneiric-security/restricted i386 Packages 404 Not Found Err http://archive.ubuntu.com oneiric-security/universe i386 Packages 404 Not Found Err http://archive.ubuntu.com oneiric-security/multiverse i386 Packages 404 Not Found Ign http://archive.ubuntu.com oneiric/main Translation-en_US Ign http://archive.ubuntu.com oneiric/main Translation-en Ign http://archive.ubuntu.com oneiric/multiverse Translation-en_US Ign http://archive.ubuntu.com oneiric/multiverse Translation-en Ign http://archive.ubuntu.com oneiric/restricted Translation-en_US Ign http://archive.ubuntu.com oneiric/restricted Translation-en Ign http://archive.ubuntu.com oneiric/universe Translation-en_US Ign http://archive.ubuntu.com oneiric/universe Translation-en Ign http://archive.ubuntu.com oneiric-updates/main Translation-en_US Ign http://archive.ubuntu.com oneiric-updates/main Translation-en Ign http://archive.ubuntu.com oneiric-updates/multiverse Translation-en_US Ign http://archive.ubuntu.com oneiric-updates/multiverse Translation-en Ign http://archive.ubuntu.com oneiric-updates/restricted Translation-en_US Ign http://archive.ubuntu.com oneiric-updates/restricted Translation-en Ign http://archive.ubuntu.com oneiric-updates/universe Translation-en_US Ign http://archive.ubuntu.com oneiric-updates/universe Translation-en Ign http://archive.ubuntu.com oneiric-backports/main Translation-en_US Ign http://archive.ubuntu.com oneiric-backports/main Translation-en Ign http://archive.ubuntu.com oneiric-backports/multiverse Translation-en_US Ign http://archive.ubuntu.com oneiric-backports/multiverse Translation-en Ign http://archive.ubuntu.com oneiric-backports/restricted Translation-en_US Ign http://archive.ubuntu.com oneiric-backports/restricted Translation-en Ign http://archive.ubuntu.com oneiric-backports/universe Translation-en_US Ign http://archive.ubuntu.com oneiric-backports/universe Translation-en Ign http://archive.ubuntu.com oneiric-security/main Translation-en_US Ign http://archive.ubuntu.com oneiric-security/main Translation-en Ign http://archive.ubuntu.com oneiric-security/multiverse Translation-en_US Ign http://archive.ubuntu.com oneiric-security/multiverse Translation-en Ign http://archive.ubuntu.com oneiric-security/restricted Translation-en_US Ign http://archive.ubuntu.com oneiric-security/restricted Translation-en Ign http://archive.ubuntu.com oneiric-security/universe Translation-en_US Ign http://archive.ubuntu.com oneiric-security/universe Translation-en Hit http://extras.ubuntu.com oneiric Release.gpg Hit http://extras.ubuntu.com oneiric Release Hit http://extras.ubuntu.com oneiric/main Sources Hit http://extras.ubuntu.com oneiric/main amd64 Packages Hit http://extras.ubuntu.com oneiric/main i386 Packages Ign http://extras.ubuntu.com oneiric/main TranslationIndex Ign http://extras.ubuntu.com oneiric/main Translation-en_US Ign http://extras.ubuntu.com oneiric/main Translation-en W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/oneiric/main/source/Sources 404 Not Found W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/oneiric/restricted/source/Sources 404 Not Found W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/oneiric/universe/source/Sources 404 Not Found W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/oneiric/multiverse/source/Sources 404 Not Found W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/oneiric/main/binary-amd64/Packages 404 Not Found W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/oneiric/restricted/binary-amd64/Packages 404 Not Found W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/oneiric/universe/binary-amd64/Packages 404 Not Found W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/oneiric/multiverse/binary-amd64/Packages 404 Not Found W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/oneiric/main/binary-i386/Packages 404 Not Found W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/oneiric/restricted/binary-i386/Packages 404 Not Found W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/oneiric/universe/binary-i386/Packages 404 Not Found W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/oneiric/multiverse/binary-i386/Packages 404 Not Found W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/oneiric-updates/main/source/Sources 404 Not Found W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/oneiric-updates/restricted/source/Sources 404 Not Found W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/oneiric-updates/universe/source/Sources 404 Not Found W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/oneiric-updates/multiverse/source/Sources 404 Not Found W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/oneiric-updates/main/binary-amd64/Packages 404 Not Found W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/oneiric-updates/restricted/binary-amd64/Packages 404 Not Found W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/oneiric-updates/universe/binary-amd64/Packages 404 Not Found W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/oneiric-updates/multiverse/binary-amd64/Packages 404 Not Found W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/oneiric-updates/main/binary-i386/Packages 404 Not Found W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/oneiric-updates/restricted/binary-i386/Packages 404 Not Found W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/oneiric-updates/universe/binary-i386/Packages 404 Not Found W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/oneiric-updates/multiverse/binary-i386/Packages 404 Not Found W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/oneiric-backports/main/source/Sources 404 Not Found W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/oneiric-backports/restricted/source/Sources 404 Not Found W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/oneiric-backports/universe/source/Sources 404 Not Found W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/oneiric-backports/multiverse/source/Sources 404 Not Found W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/oneiric-backports/main/binary-amd64/Packages 404 Not Found W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/oneiric-backports/restricted/binary-amd64/Packages 404 Not Found W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/oneiric-backports/universe/binary-amd64/Packages 404 Not Found W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/oneiric-backports/multiverse/binary-amd64/Packages 404 Not Found W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/oneiric-backports/main/binary-i386/Packages 404 Not Found W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/oneiric-backports/restricted/binary-i386/Packages 404 Not Found W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/oneiric-backports/universe/binary-i386/Packages 404 Not Found W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/oneiric-backports/multiverse/binary-i386/Packages 404 Not Found W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/oneiric-security/main/source/Sources 404 Not Found W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/oneiric-security/restricted/source/Sources 404 Not Found W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/oneiric-security/universe/source/Sources 404 Not Found W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/oneiric-security/multiverse/source/Sources 404 Not Found W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/oneiric-security/main/binary-amd64/Packages 404 Not Found W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/oneiric-security/restricted/binary-amd64/Packages 404 Not Found W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/oneiric-security/universe/binary-amd64/Packages 404 Not Found W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/oneiric-security/multiverse/binary-amd64/Packages 404 Not Found W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/oneiric-security/main/binary-i386/Packages 404 Not Found W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/oneiric-security/restricted/binary-i386/Packages 404 Not Found W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/oneiric-security/universe/binary-i386/Packages 404 Not Found W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/oneiric-security/multiverse/binary-i386/Packages 404 Not Found E: Some index files failed to download. They have been ignored, or old ones used instead. Here is my /etc/apt/source.list: evan@ubuntu:~$ cat /etc/apt/sources.list # deb cdrom:[Ubuntu 11.10 _Oneiric Ocelot_ - Release amd64 (20111012)]/ dists/oneiric/main/binary-i386/ # deb cdrom:[Ubuntu 11.10 _Oneiric Ocelot_ - Release amd64 (20111012)]/ oneiric main restricted # See http://help.ubuntu.com/community/UpgradeNotes for how to upgrade to # newer versions of the distribution. deb http://archive.ubuntu.com/ubuntu oneiric main restricted deb-src http://archive.ubuntu.com/ubuntu oneiric main restricted ## Major bug fix updates produced after the final release of the ## distribution. deb http://archive.ubuntu.com/ubuntu oneiric-updates main restricted deb-src http://archive.ubuntu.com/ubuntu oneiric-updates main restricted ## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu ## team. Also, please note that software in universe WILL NOT receive any ## review or updates from the Ubuntu security team. deb http://archive.ubuntu.com/ubuntu oneiric universe deb-src http://archive.ubuntu.com/ubuntu oneiric universe deb http://archive.ubuntu.com/ubuntu oneiric-updates universe deb-src http://archive.ubuntu.com/ubuntu oneiric-updates universe ## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu ## team, and may not be under a free licence. Please satisfy yourself as to ## your rights to use the software. Also, please note that software in ## multiverse WILL NOT receive any review or updates from the Ubuntu ## security team. deb http://archive.ubuntu.com/ubuntu oneiric multiverse deb-src http://archive.ubuntu.com/ubuntu oneiric multiverse deb http://archive.ubuntu.com/ubuntu oneiric-updates multiverse deb-src http://archive.ubuntu.com/ubuntu oneiric-updates multiverse ## N.B. software from this repository may not have been tested as ## extensively as that contained in the main release, although it includes ## newer versions of some applications which may provide useful features. ## Also, please note that software in backports WILL NOT receive any review ## or updates from the Ubuntu security team. deb http://archive.ubuntu.com/ubuntu oneiric-backports main restricted universe multiverse deb-src http://archive.ubuntu.com/ubuntu oneiric-backports main restricted universe multiverse deb http://archive.ubuntu.com/ubuntu oneiric-security main restricted deb-src http://archive.ubuntu.com/ubuntu oneiric-security main restricted deb http://archive.ubuntu.com/ubuntu oneiric-security universe deb-src http://archive.ubuntu.com/ubuntu oneiric-security universe deb http://archive.ubuntu.com/ubuntu oneiric-security multiverse deb-src http://archive.ubuntu.com/ubuntu oneiric-security multiverse ## Uncomment the following two lines to add software from Canonical's ## 'partner' repository. ## This software is not part of Ubuntu, but is offered by Canonical and the ## respective vendors as a service to Ubuntu users. # deb http://archive.canonical.com/ubuntu oneiric partner # deb-src http://archive.canonical.com/ubuntu oneiric partner ## This software is not part of Ubuntu, but is offered by third-party ## developers who want to ship their latest software. deb http://extras.ubuntu.com/ubuntu oneiric main deb-src http://extras.ubuntu.com/ubuntu oneiric main And here is my output from lsb_release -a: evan@ubuntu:~$ lsb_release -a No LSB modules are available. Distributor ID: Ubuntu Description: Ubuntu 11.10 Release: 11.10 Codename: oneiric If anyone could help me out here, that would be wonderful!

    Read the article

  • Spring security ldap: no declaration can be found for element 'ldap-authentication-provider'

    - by wuntee
    Following the spring-security documentation: http://static.springsource.org/spring-security/site/docs/3.0.x/reference/ldap.html I am trying to set up ldap authentication (very simple - just need to know if a user is authenticated or not, no authorities mapping needed) and have put this in my applicationContext-security.xml file <beans:beans xmlns="http://www.springframework.org/schema/security" xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd"> ... <ldap-server url="ldap://adapps.company.com:389/dc=company,dc=com" /> <ldap-authentication-provider user-search-filter="(samaccountname={0})" user-search-base="dc=company,dc=com"/> The problem I run into is that it doesnt seem like ldap-authentication-provider; I fell like i may be missing some configuration isn the beans definition. The error I get when trying to run the application is: SEVERE: Exception sending context initialized event to listener instance of class org.springframework.web.context.ContextLoaderListener org.springframework.beans.factory.xml.XmlBeanDefinitionStoreException: Line 27 in XML document from ServletContext resource [/WEB-INF/rvaContext-security.xml] is invalid; nested exception is org.xml.sax.SAXParseException: cvc-complex-type.2.4.c: The matching wildcard is strict, but no declaration can be found for element 'ldap-authentication-provider'. at org.springframework.beans.factory.xml.XmlBeanDefinitionReader.doLoadBeanDefinitions(XmlBeanDefinitionReader.java:396) at org.springframework.beans.factory.xml.XmlBeanDefinitionReader.loadBeanDefinitions(XmlBeanDefinitionReader.java:334) at org.springframework.beans.factory.xml.XmlBeanDefinitionReader.loadBeanDefinitions(XmlBeanDefinitionReader.java:302) at org.springframework.beans.factory.support.AbstractBeanDefinitionReader.loadBeanDefinitions(AbstractBeanDefinitionReader.java:143) at org.springframework.beans.factory.support.AbstractBeanDefinitionReader.loadBeanDefinitions(AbstractBeanDefinitionReader.java:178) at org.springframework.beans.factory.support.AbstractBeanDefinitionReader.loadBeanDefinitions(AbstractBeanDefinitionReader.java:149) at org.springframework.web.context.support.XmlWebApplicationContext.loadBeanDefinitions(XmlWebApplicationContext.java:124) at org.springframework.web.context.support.XmlWebApplicationContext.loadBeanDefinitions(XmlWebApplicationContext.java:93) at org.springframework.context.support.AbstractRefreshableApplicationContext.refreshBeanFactory(AbstractRefreshableApplicationContext.java:130) at org.springframework.context.support.AbstractApplicationContext.obtainFreshBeanFactory(AbstractApplicationContext.java:465) at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:395) at org.springframework.web.context.ContextLoader.createWebApplicationContext(ContextLoader.java:272) at org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:196) at org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:47) at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:3972) at org.apache.catalina.core.StandardContext.start(StandardContext.java:4467) at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1045) at org.apache.catalina.core.StandardHost.start(StandardHost.java:722) at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1045) at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:443) at org.apache.catalina.core.StandardService.start(StandardService.java:516) at org.apache.catalina.core.StandardServer.start(StandardServer.java:710) at org.apache.catalina.startup.Catalina.start(Catalina.java:593) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:592) at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:289) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:414) Caused by: org.xml.sax.SAXParseException: cvc-complex-type.2.4.c: The matching wildcard is strict, but no declaration can be found for element 'ldap-authentication-provider'. at com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.createSAXParseException(ErrorHandlerWrapper.java:236) at com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.error(ErrorHandlerWrapper.java:172) at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError(XMLErrorReporter.java:382) at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError(XMLErrorReporter.java:316) at com.sun.org.apache.xerces.internal.impl.xs.XMLSchemaValidator$XSIErrorReporter.reportError(XMLSchemaValidator.java:429) at com.sun.org.apache.xerces.internal.impl.xs.XMLSchemaValidator.reportSchemaError(XMLSchemaValidator.java:3185) at com.sun.org.apache.xerces.internal.impl.xs.XMLSchemaValidator.handleStartElement(XMLSchemaValidator.java:1955) at com.sun.org.apache.xerces.internal.impl.xs.XMLSchemaValidator.emptyElement(XMLSchemaValidator.java:725) at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.scanStartElement(XMLNSDocumentScannerImpl.java:322) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl$FragmentContentDispatcher.dispatch(XMLDocumentFragmentScannerImpl.java:1693) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanDocument(XMLDocumentFragmentScannerImpl.java:368) at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:834) at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:764) at com.sun.org.apache.xerces.internal.parsers.XMLParser.parse(XMLParser.java:148) at com.sun.org.apache.xerces.internal.parsers.DOMParser.parse(DOMParser.java:250) at com.sun.org.apache.xerces.internal.jaxp.DocumentBuilderImpl.parse(DocumentBuilderImpl.java:292) at org.springframework.beans.factory.xml.DefaultDocumentLoader.loadDocument(DefaultDocumentLoader.java:75) at org.springframework.beans.factory.xml.XmlBeanDefinitionReader.doLoadBeanDefinitions(XmlBeanDefinitionReader.java:388) ... 28 more Can anyone see what im missing? Also, is that all I need to add to the security bean in order to authenticate against ldap?

    Read the article

  • Security permissions for remote shared folders

    - by Tomas Lycken
    I have two servers running Windows Server 2003, and I want copy files from one server (A), programmatically with a windows service running under the Local System account, to a shared folder on the other (B). I keep getting "access denied" errors, and I can't figure out what security settings I need to set to open the shared folder for writing. This is what I've done on the recieving end: On A, right-click on the folder to share, choose the tab "Sharing" and select "Share this folder". Set a share name. Click "Permissions", add the group "Everyone" and give it full control. I tried choosing the "Security" tab to give some permissions there as well, but the "Add" dialog only finds local users, despite the fact that B shows up in the "Workgroup computers" dialog. After further inspection, this is the case also for the "Permissions" dialog under the "Sharing" tab (are they the same?).

    Read the article

  • XAMPP vs WAMP security and other on Windows XP

    - by typoknig
    Not long ago I found WAMP and thought it was a God send because it had all the things I wanted/needed (Apache, PHP, MySQL, and phpMyAdmin) all built into one installer. One thing about WAMP has been making me mad is an error I get in phpMyAdmin about the advanced features not working. I have tried to fix that error long enough on that error for long enough. http://stackoverflow.com/questions/2688385/problem-with-phpmyadmin-advanced-features I now read that most people prefer XAMPP over WAMP, but I am a bit concerned that XAMPP might have some extra security holes with Mercury and Perl, two thing that I don't really need or want right now. Are my security concerns justified or not? Is there any other reasons to go with XAMPP over WAMP or vice versa?

    Read the article

  • Security Resources

    - by dr.pooter
    What types of sites do you visit, on a regular basis, to stay current on information security issues? Some examples from my list include: http://isc.sans.org/ http://www.kaspersky.com/viruswatch3 http://www.schneier.com/blog/ http://blog.fireeye.com/research/ As well as following the security heavyweights on twitter. I'm curious to hear what resources you recommend for daily monitoring. Anything specific to particular operating systems or other software. Are mailing lists still considered valuable. My goal would be to trim the cruft of all the things I'm currently subscribed to and focus on the essentials.

    Read the article

  • IE8 Windows 7 (64bit) security certificate problem

    - by Steve
    Hi, We have just received some new computers for use in the office (Dell Vostro). They seem to work fine in the main. When we use IE8 to go to some web pages such as yahoo mail it tells us: “There is a problem with this websites security certificate” If we have a look at the details it says: “This certificate cannot be verified up to a trusted certification authority” This however works correctly in Firefox. I don't understand why I should get such an error message, should this not just work? I don't think its anything to do with the certificate itself as this is happening on www.yahoo.co.uk and other commercial (amazon I think?) sites. I think there is something off with the PCs setup. The PC has Windows 7 (64 bit) and Norton Internet Security installed. Any ideas as to why this is happening? Thanks

    Read the article

  • Windows Security Center Service is missing

    - by TheTub
    I am trying to fix a Windows 7 machine here that has been infected with all kinds of Malware. I have removed all of them as far as I can see but I am stumped by one last task. One little bugger managed to remove the Windows Security Center service from the list of Windows services. So I cannot start it or set to automatically start. At the moment I cannot get the Windows firewall to turn on or any anti-virus software. The security center shows the following image when I try: Does anyone know how to add this back to the list of services so I may set it to start. I don't have a backup of the registry for this computer (it's not mine). Many thanks TT

    Read the article

  • Oracle OpenWorld 2012: Focus On Database Security

    - by Troy Kitch
    Oracle OpenWorld 2012 is going to be the place to learn about Oracle Database Security solutions including Oracle Advanced Security with transparent data encryption, Database Vault, Audit Vault and Database Firewall, Label Security, and more. We've put together this Focus On Database Security document so you'll know when and where to attend the key database security sessions, and not miss a thing. 

    Read the article

  • Access Denied on a Drive where All Users list have been deleted in Security Tab

    - by darkstar13
    Hi All, (System is Windows 7 x64) I wanted to restrict access of other people in a certain drive of my computer (Harddisk 1 is partitioned to C & D; I want to restrict Drive D). What I did was go to the Security Tab (under Drive Properties) and remove the All Users entry. My account is an administrator account. I left only Systems and Administrator on the list. However, when I tried to access drive D, I got an Access Denied error, and Security Tab is already missing. I tried to edit Local Group Policy; it does not work. Take Ownership is not available for the Drive as well, but I see it enabled if I select files / folders. Please help. Thanks. Also, I am wondering why, as an Administrator, have my access to that drive denied.

    Read the article

  • 2012 Independent Oracle Users Group Survey: Closing the Security Gap

    - by jgelhaus
    What Security Gaps Do You Have? The latest survey report from the Independent Oracle Users Group (IOUG) uncovers trends in IT security among IOUG members and offers recommendations for securing data stored in enterprise databases. According to the report, “despite growing threats and enterprise data security risks, organizations that do implement appropriate detective, preventive, and administrative controls are seeing significant results.” Download a free copy of the 2012 IOUG Data Security Survey Report and find out what your business can do to close the security gap. 

    Read the article

  • Linux EC2 Instance Security Consideration

    - by Amzath
    I am going to host a web site in Amazon EC2 instance which would be a Linux instance. My web application will be developed using PHP, Apache and MySql. As I am new to Linux and Amazon EC2 environment, what are key areas in security should I consider to protect my server? This may be very very generic question as the security itself a vast area. But I need to kick start with most imporant points. That way I would be able to track down all those areas one by one.

    Read the article

  • UNIX-Security Advise

    - by Phoibe
    Hello, I want to build a quite secure UNIX-Server. Mechanisms I already implemented: SNORT + fwsnort for banning psad to block network-scanning attempts Portknocking to start+open SSH (key-based login - no password) hourly update of IP-Tables-Rules from a Security-Subscription Fail2Ban ClamAV & Rootkithunter + Logwatch What service-independent security mechanism would you add to this? What mechanism are you using? The server will run Apache&Postfix. For Apache hiding the server-information ofc. and nothing I can think of for Postfix. Thanks

    Read the article

  • Security and Windows Login

    - by Mimisbrunnr
    I'm not entirely sure this is the right place for the is question but I cannot think of another so here goes. In order to login to the windows machines at my office one must press the almighty CTRL-ALT-DELETE command combo first. I, finding this very frustrating, decided to look into why and found claims from both my sys and Microsoft stating that it's a security feature and that "Because only windows could read the CTRL-ALT-DELETE it helped to ensure that an automated program cannot log in. Now I'm not a master of the windows operating system ( as I generally use *nix ) but I cannot believe that "Only windows can send that signal" bull. It just doesn't sit right. Is there a good reason for the CTRL-ALT-DELETE to login thing? is it something I'm missing? or is it another example of antiquated legacy security measures?

    Read the article

  • VMware Workstation 9 Security Best Practice Guides

    - by slickboy
    Could someone please point me in the direction of where I could find some best practice securiy guides for VMware Workstation 9 please? I've searched the VMware site and to say it's badly organised is an understatement! I've been able to find general setup guides but nothing with a specific focus on security. I'm also wondering is there any best practice guides that I should follow when installing Windows 7 Professional and Windows Server 2008 R2 on VMware Workstation 9? I obviously will be implementing Microsofts recommended security best practices but I'd be very interested in any recommendations for virtualizing these operating systems. Any help is much appreciated.

    Read the article

  • Need help on implementing corporate network security solution and coming up with time lines to test it

    - by abc
    I have to come up with a proposal to implement corporate network security. Once I have done that I also have to come up with estimates on the time / money needed to test (QA) the implementation. What I need help with: What should I keep in mind while coming up with this proposal? I have already considered: Routers, Firewalls, VPN, Wireless, Server System, Web Apps etc. I know I am missing quite a lot. What else should I include? This the most challenging part I feel: How should I estimate the time needed for testing these security implementations? I guess I need to understand how can I test these security implementations first...right? Can you help me?

    Read the article

  • windows 7 security settings for non-admins

    - by Wasi
    I was recently modifying the security settings for my drive C. I did not notice that i was logged in as a user and changed the permissions for users to "read". Later i realized that there was no admin set up on the pc (when switching user). Now with the security settings changed I can't do anything on the computer. I can only read the files that previously existed. And this applies to every drive on my computer. Now the user accounts do not have the privileges to change the permissions. How can i allow users to have full control without having admin on my pc

    Read the article

  • Windows 7 Open File Security Warning

    - by Lucy
    I downloaded something and now, it is show this open file security warning. I have searched but I have only found how to disable security warnings globally. I only want to say NO forever to this warning, but it keeps showing up whenever Windows starts. The "Name" and "From" are: "C:/Users/MyUser/AppData/Local/Temp/Windows-Update.exe" I cannot even find that folder and file! I don't really know what was downloaded, I am helping someone else. (I am not a Windows user, so I am very lost here)

    Read the article

  • Improving server security [closed]

    - by Vicenç Gascó
    I've been developing webapps for a while ... and I always had a sysadmin which made the environment perfect to run my apps with no worries. But now I am starting a project on myself, and I need to set up a server, knowing near to nothing about it. All I need to do is just have a Linux, with a webserver (I usually used Apache), PHP and MySQL. I'll also need SSH, SSL to run https:// and FTP to transfer files. I know how to install almost everything (need advice about SSL) with Ubuntu Server, but I am concerned about the security topic ... say: firewall, open/closed ports, php security, etc ... Where can I found a good guide covering this topics? Everything else in the server... I don't need it, and I wanna know how to remove it, to avoid resources consumption. Final note: I'll be running the webapp at amazon-ec2 or rackspace cloud servers. Thanks in advance!!

    Read the article

  • WCF fails to deserialize correct(?) response message security headers (Security header is empty)

    - by Soeteman
    I'm communicating with an OC4J webservice, using a WCF client. The client is configured as follows: <basicHttpBinding> <binding name="MyBinding"> <security mode="TransportWithMessageCredential"> <transport clientCredentialType="None" proxyCredentialType="None" realm=""/> <message clientCredentialType="UserName" algorithmSuite="Default"/> </security> </binding> My clientcode looks as follows: ServicePointManager.CertificatePolicy = new AcceptAllCertificatePolicy(); string username = ConfigurationManager.AppSettings["user"]; string password = ConfigurationManager.AppSettings["pass"]; // client instance maken WebserviceClient client = new WebserviceClient(); client.Endpoint.Binding = new BasicHttpBinding("MyBinding"); // credentials toevoegen client.ClientCredentials.UserName.UserName = username; client.ClientCredentials.UserName.Password = password; //uitvoeren request var response = client.Ping(); I've altered the CertificatePolicy to accept all certificates, because I need to insert Charles (ssl proxy) in between client and server to intercept the actual Xml that is sent across te wire. My request looks as follows: <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"> <s:Header> <o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"> <u:Timestamp u:Id="_0"> <u:Created>2010-04-01T09:47:01.161Z</u:Created> <u:Expires>2010-04-01T09:52:01.161Z</u:Expires> </u:Timestamp> <o:UsernameToken u:Id="uuid-9b39760f-d504-4e53-908d-6125a1827aea-21"> <o:Username>user</o:Username> <o:Password o:Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username- token-profile-1.0#PasswordText">pass</o:Password> </o:UsernameToken> </o:Security> </s:Header> <s:Body> <getPrdStatus xmlns="http://mynamespace.org/wsdl"> <request xmlns="" xmlns:a="http://mynamespace.org/wsdl" xmlns:i="http://www.w3.org/2001/XMLSchema-instance"> <a:IsgrStsRequestTypeUser> <a:prdCode>LEPTO</a:prdCode> <a:sequenceNumber i:nil="true" /> <a:productionType i:nil="true" /> <a:statusDate>2010-04-01T11:47:01.1617641+02:00</a:statusDate> <a:ubn>123456</a:ubn> <a:animalSpeciesCode>RU</a:animalSpeciesCode> </a:IsgrStsRequestTypeUser> </request> </getPrdStatus> </s:Body> </s:Envelope> In return, I receive the following response: <env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:ns0="http://mynamespace.org/wsdl"> <env:Header> <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:env="http://schemas.xmlsoap.org/soap/envelope/" env:mustUnderstand="1" /> </env:Header> <env:Body> <ns0:getPrdStatusResponse> <result> <ns0:IsgrStsResponseTypeUser> <ns0:prdCode>LEPTO</ns0:prdCode> <ns0:color>green</ns0:color> <ns0:stsCode>LEP1</ns0:stsCode> <ns0:sequenceNumber xsi:nil="1" /> <ns0:productionType xsi:nil="1" /> <ns0:IAndRCode>00</ns0:IAndRCode> <ns0:statusDate>2010-04-01T00:00:00.000+02:00</ns0:statusDate> <ns0:description>Gecertificeerd vrij</ns0:description> <ns0:ubn>123456</ns0:ubn> <ns0:animalSpeciesCode>RU</ns0:animalSpeciesCode> <ns0:name>gecertificeerd vrij</ns0:name> <ns0:ranking>17</ns0:ranking> </ns0:IsgrStsResponseTypeUser> </result> </ns0:getPrdStatusResponse> </env:Body> </env:Envelope> Why can't WCF deserialize this response header? I'm getting a "Security header is empty" exception: Server stack trace: at System.ServiceModel.Security.ReceiveSecurityHeader.Process(TimeSpan timeout) at System.ServiceModel.Security.TransportSecurityProtocol.VerifyIncomingMessageCore(Message& message, TimeSpan timeout) at System.ServiceModel.Security.TransportSecurityProtocol.VerifyIncomingMessage(Message& message, TimeSpan timeout) at System.ServiceModel.Security.SecurityProtocol.VerifyIncomingMessage(Message& message, TimeSpan timeout, SecurityProtocolCorrelationState[] correlationStates) at System.ServiceModel.Channels.SecurityChannelFactory`1.SecurityRequestChannel.ProcessReply(Message reply, SecurityProtocolCorrelationState correlationState, TimeSpan timeout) at System.ServiceModel.Channels.SecurityChannelFactory`1.SecurityRequestChannel.Request(Message message, TimeSpan timeout) at System.ServiceModel.Dispatcher.RequestChannelBinder.Request(Message message, TimeSpan timeout) at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout) at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs) at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation) at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message) Who knows what is going on here? I've already tried Rick Strahl's suggestion and removed the timestamp from the request header. Any help greatly appreciated!

    Read the article

  • Spring Security Issue: Controller, Anonymous Requests...

    - by Srirangan
    Hey guys, I have an app that uses Spring security and BlazeDS. Flex 3.2 is used for the client app. Generally client app makes service calls using RemoteObjects. However, for certain cases client app is sending a request to a URL. We're using Annotated Controllers for URL mapping. Here's where the "Access is denied" exception comes up: 2010-04-12 11:43:23,486 [qtp5138683-16] ERROR fr.plasticomnium.gpoc.utils.ServiceExceptionInterceptor - Unexpected RuntimeException : Access is denied org.springframework.security.access.AccessDeniedException: Access is denied at org.springframework.security.access.vote.AffirmativeBased.decide(AffirmativeBased.java:71) at org.springframework.security.access.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:203) at org.springframework.security.access.intercept.aopalliance.MethodSecurityInterceptor.invoke(MethodSecurityInterceptor.java:64) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172) at fr.plasticomnium.gpoc.utils.ServiceExceptionInterceptor.invoke(ServiceExceptionInterceptor.java:15) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172) at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:110) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172) at org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:89) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172) at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:202) ... ...

    Read the article

  • Spring-security not processing pre/post annotations

    - by wuntee
    Trying to get pre/post annotations working with a web application, but for some reason nothing is happening with spring-security. Can anyone see what im missing? web.xml contextConfigLocation /WEB-INF/rvaContext-business.xml /WEB-INF/rvaContext-security.xml <context-param> <param-name>log4jConfigLocation</param-name> <param-value>/WEB-INF/log4j.properties</param-value> </context-param> <!-- Spring security filter --> <filter> <filter-name>springSecurityFilterChain</filter-name> <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> </filter> <filter-mapping> <filter-name>springSecurityFilterChain</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <listener> <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class> </listener> <!-- - Publishes events for session creation and destruction through the application - context. Optional unless concurrent session control is being used. --> <listener> <listener-class>org.springframework.security.web.session.HttpSessionEventPublisher</listener-class> </listener> <listener> <listener-class>org.springframework.web.util.Log4jConfigListener</listener-class> </listener> <servlet> <servlet-name>rva</servlet-name> <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class> <load-on-startup>1</load-on-startup> </servlet> <servlet-mapping> <servlet-name>rva</servlet-name> <url-pattern>/rva/*</url-pattern> </servlet-mapping> rvaContext-secuity.xml: <?xml version="1.0" encoding="UTF-8"?> <beans:beans xmlns="http://www.springframework.org/schema/security" xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd"> <global-method-security pre-post-annotations="enabled"/> <http use-expressions="true"> <form-login /> <logout /> <remember-me /> <!-- Uncomment to limit the number of sessions a user can have --> <session-management invalid-session-url="/timeout.jsp"> <concurrency-control max-sessions="1" error-if-maximum-exceeded="true" /> </session-management> <form-login login-page="rva/login" /> </http> ... LoginController class: @Controller @RequestMapping("/login") public class LoginController { @RequestMapping(method = RequestMethod.GET) public String login(ModelMap map){ map.addAttribute("title", "Login: AD Credentials"); return("login"); } @RequestMapping("/secure") @PreAuthorize("hasRole('ROLE_USER')") public String secure(ModelMap map){ return("secure"); } } In the logs, there is nothing even related to spring-security: logs: INFO: Initializing Spring FrameworkServlet 'rva' INFO [org.springframework.web.servlet.DispatcherServlet] - FrameworkServlet 'rva': initialization started INFO [org.springframework.web.context.support.XmlWebApplicationContext] - Refreshing WebApplicationContext for namespace 'rva-servlet': startup date [Fri Mar 26 10:28:51 MDT 2010]; parent: Root WebApplicationContext INFO [org.springframework.beans.factory.xml.XmlBeanDefinitionReader] - Loading XML bean definitions from ServletContext resource [/WEB-INF/rva-servlet.xml] INFO [org.springframework.beans.factory.support.DefaultListableBeanFactory] - Pre-instantiating singletons in org.springframework.beans.factory.support.DefaultListableBeanFactory@a2fc31: defining beans [loginController,org.springframework.context.annotation.internalConfigurationAnnotationProcessor,org.springframework.context.annotation.internalAutowiredAnnotationProcessor,org.springframework.context.annotation.internalRequiredAnnotationProcessor,org.springframework.context.annotation.internalCommonAnnotationProcessor,freemarkerConfig,viewResolver]; parent: org.springframework.beans.factory.support.DefaultListableBeanFactory@cc74e7 INFO [org.springframework.web.servlet.view.freemarker.FreeMarkerConfigurer] - ClassTemplateLoader for Spring macros added to FreeMarker configuration INFO [org.springframework.web.servlet.mvc.annotation.DefaultAnnotationHandlerMapping] - Mapped URL path [/login/secure] onto handler [com.cable.comcast.neto.nse.rva.controller.LoginController@79b32a] INFO [org.springframework.web.servlet.mvc.annotation.DefaultAnnotationHandlerMapping] - Mapped URL path [/login/secure.*] onto handler [com.cable.comcast.neto.nse.rva.controller.LoginController@79b32a] INFO [org.springframework.web.servlet.mvc.annotation.DefaultAnnotationHandlerMapping] - Mapped URL path [/login/secure/] onto handler [com.cable.comcast.neto.nse.rva.controller.LoginController@79b32a] INFO [org.springframework.web.servlet.mvc.annotation.DefaultAnnotationHandlerMapping] - Mapped URL path [/login] onto handler [com.cable.comcast.neto.nse.rva.controller.LoginController@79b32a] INFO [org.springframework.web.servlet.mvc.annotation.DefaultAnnotationHandlerMapping] - Mapped URL path [/login.*] onto handler [com.cable.comcast.neto.nse.rva.controller.LoginController@79b32a] INFO [org.springframework.web.servlet.mvc.annotation.DefaultAnnotationHandlerMapping] - Mapped URL path [/login/] onto handler [com.cable.comcast.neto.nse.rva.controller.LoginController@79b32a] INFO [org.springframework.web.servlet.DispatcherServlet] - FrameworkServlet 'rva': initialization completed in 417 ms Mar 26, 2010 10:28:52 AM org.apache.coyote.http11.Http11Protocol start INFO: Starting Coyote HTTP/1.1 on http-8080 Mar 26, 2010 10:28:52 AM org.apache.jk.common.ChannelSocket init INFO: JK: ajp13 listening on /0.0.0.0:8009 Mar 26, 2010 10:28:52 AM org.apache.jk.server.JkMain start INFO: Jk running ID=0 time=0/31 config=null Mar 26, 2010 10:28:52 AM org.apache.catalina.startup.Catalina start INFO: Server startup in 1873 ms WARN [org.springframework.web.servlet.PageNotFound] - No mapping found for HTTP request with URI [/rva-web/] in DispatcherServlet with name 'rva'

    Read the article

< Previous Page | 7 8 9 10 11 12 13 14 15 16 17 18  | Next Page >