Search Results

Search found 4532 results on 182 pages for 'identity administration'.

Page 12/182 | < Previous Page | 8 9 10 11 12 13 14 15 16 17 18 19  | Next Page >

  • Oracle at Information Security and Risk Management Conference (ISACA Conferences)

    - by Tanu Sood
    The North America Information Security and Risk Management (ISRM) Conference hosted by ISACA will be held this year from November 14 - 16 in Las Vegas, Nevada and Oracle is a platinum sponsor. The ISRM / IT GRC event is not only designed to meet the exact needs of information security, governance, compliance and risk management professionals like you, but also gives you the tools you need to solve the issues you currently face. The event builds on and includes the key elements of information security, governance, compliance and risk management practices, and offers a fresh perspective on current and future trends. As a Platinum Sponsor Oracle will not only have an opportunity to demonstrate but talk through our strategic roadmap and support to ensure all organizations understand our key role within the industry to ensure corporate data and information remains safe. Join us at the Lunch and Learn to learn more about the latest advances in Oracle Identity Management. Lunch and Learn Session: Trends in Identity Management Speaker: Mike Neuenschwander, Senior Product Development Director, Oracle Identity Management As enterprises embrace mobile and social applications, security and audit have moved into the foreground. The way we work and connect with our customers is changing dramatically and this means, re-thinking how we secure the interaction and enable the experience. Work is an activity not a place - mobile access enables employees to work from any device anywhere and anytime. Organizations are utilizing "flash teams" - instead of a dedicated group to solve problems, organizations utilize more cross-functional teams. Work is now social - email collaboration will be replaced by dynamic social media style interaction. In this session, we will examine these three secular trends and discuss how organizations can secure the work experience and adapt audit controls to address the "new work order". We also recommend you bookmark the following session: T1 Session 301: Gone in 60 Seconds: Mitigating Database Security Risk Friday, November 16, 8:30 am – 9:30 am And, do be sure to stop by our booth, # 100 & #102, to not only network with our Product Development Team, but also get an onsite demonstration of Oracle Security Solutions. See you there? ISRM /  IT GRC November 14 – 16, 2012 Mirage Casino-Hotel 3400 Las Vegas Boulevard South Las Vegas, NV, 89109

    Read the article

  • Security Newsletter – September Edition is Out Now

    - by Tanu Sood
      The September issue of Security Inside Out Newsletter is out now. This month’s edition offers a preview of Identity Management and Security events and activities scheduled for Oracle OpenWorld. Oracle OpenWorld (OOW) 2012 will be held in San Francisco from September 30-October 4. Identity Management will have a significant presence at Oracle OpenWorld this year, complete with sessions featuring technology experts, customer panels, implementation specialists, product demonstrations and more. In addition, latest technologies will be on display at OOW demogrounds. Hands-on-Labs sessions will allow attendees to do a technology deep dive and train with technology experts. Executive Edge @ OpenWorld also features the very successful Oracle Chief Security Officer (CSO) Summit. This year’s summit promises to be a great educational and networking forum complete with a contextual agenda and attendance from well known security executives from organizations around the globe. This month’s edition also does a deep dive on the recently announced Oracle Privileged Account Manager (OPAM). Learn more about the product’s key capabilities, business issues the solution addresses and information on key resources. OPAM is part of Oracle’s complete and integrated Oracle Identity Governance solution set. And if you haven’t done so yet, we recommend you subscribe to the Security Newsletter to keep up to date on Security news, events and resources. As always, we look forward to receiving your feedback on the newsletter and what you’d like us to cover in the upcoming editions.

    Read the article

  • polkit: disable all users except those in group wheel?

    - by John Nash
    Is it possible to do the following using 1 polkit .pkla file? Disable all users except those in the wheel group from using polkit. The users in the wheel group will need to provide the root password when using polkit. /etc/polkit-1/localauthority/50-local.d/wheel-only.pkla [disable all users except the wheel group] Identity=unix-group:wheel Action=* ResultAny=??? ResultInactive=??? ResultActive=??? The following file works but you need to provide all the users in /etc/group: [disable all users except those in the wheel group: root and myuser] Identity=unix-user:daemon;unix-user:bin;unix-user:sys;unix-user:adm;unix-user:tty;unix-user:disk;unix-user:lp;unix-user:mail;unix-user:news;unix-user:uucp;unix-user:man;unix-user:proxy;unix-user:kmem;unix-user:dialout;unix-user:fax;unix-user:voice;unix-user:cdrom;unix-user:floppy;unix-user:tape;unix-user:sudo;unix-user:audio;unix-user:dip;unix-user:www-data;unix-user:backup;unix-user:operator;unix-user:list;unix-user:irc;unix-user:src;unix-user:gnats;unix-user:shadow;unix-user:utmp;unix-user:video;unix-user:sasl;unix-user:plugdev;unix-user:staff;unix-user:games;unix-user:users;unix-user:nogroup;unix-user:libuuid;unix-user:crontab;unix-user:messagebus;unix-user:Debian-exim;unix-user:mlocate;unix-user:avahi;unix-user:netdev;unix-user:bluetooth;unix-user:lpadmin;unix-user:ssl-cert;unix-user:fuse;unix-user:utempter;unix-user:Debian-gdm;unix-user:scanner;unix-user:saned;unix-user:i2c;unix-user:haldaemon;unix-user:powerdev Action=* ResultAny=no ResultInactive=no ResultActive=no

    Read the article

  • Oracle Solaris 11 How To Guides

    - by glynn
    Over the past year or so I've been writing a lot of How To Guides for different technologies. While we have really excellent product documentation (including the best set of manual pages available on any UNIX or Linux platform), the various How To Guides we have help to complement some of that learning, giving administrators a chance to learn the motivations for different technologies with a simple set of examples. Not only are they fun to research and write, they're also one of the more popular items on our Oracle Solaris 11 technology pages on OTN. So here's a link to bookmark and come back to on a regular basis: Oracle Solaris 11 How To Guides. We've got an excellent line up of articles there, and below is a list of the ones I've been involved in writing. Let us know if there are technologies that you think a How To Guide would help with and we'd be happy to get them onto our list! TitleLink Taking your First Steps with Oracle Solaris 11An introduction to installing Oracle Solaris 11, including the steps for installing new software and administering other system configuration. Introducing the basics of IPS on Oracle Solaris 11How to administer an Oracle Solaris 11 system using IPS, including how to deal with software package repositories, install and uninstall packages, and update systems. Advanced administration with IPS on Oracle Solaris 11Take a deeper look at advanced IPS to learn how to determine package dependencies, explore manifests, perform advanced searches, and analyze the state of your system. How to create and publish packages with IPS on Oracle Solaris 11How to create new software packages for Oracle Solaris 11 and publish them to a network package repository. How to update your Oracle Solaris 11 systems using Support Repository UpdatesThe steps for updating an Oracle Solaris 11 system with software packages provided by an active Oracle support agreement, plus how to ensure the update is successful and safe. Introducing the basics of SMF on Oracle Solaris 11Simple examples of administering services on Oracle Solaris 11 with the Service Management Facility. Advanced administration with SMF on Oracle Solaris 11Advanced administrative tasks with SMF, including an introduction to service manifests, understanding layering within the SMF configuration repository, and how best to apply configuration to a system.

    Read the article

  • How does IIS persist a user's identity from page to page?

    - by Rising Star
    Web pages are, by nature, state-less objects. When you click from page to page in an ASP.net application, each request for a page is treated as a brand-new request. We use things like cookies, session-variables, and query strings to maintain state from page to page. When you log in to an ASP.net web application using Windows Authentication, how does IIS persist your identity between pages?

    Read the article

  • Which command would replace IDENTITY INSERT ON/OFF from SQLServer in Oracle?

    - by rodrigoq
    Hello, I have to migrate this query (simplified here) from T-SQL to ORACLE SET IDENTITY_INSERT table ON INSERT INTO table (id, value) VALUES (1, 2) SET IDENTITY_INSERT table OFF id being an Identity field in SQLServer. I have the same table with a sequence in ORACLE, I couldn't find a snippet that shows how to disable the sequence and set it to start again with the MAX(id) + 1. Any ORACLE expert can help me with this? Thanks, Rodrigo.

    Read the article

  • Page.User.Identity.Name is blank on pages of subdomains

    - by sparks
    I have multiple subdomains trying to use a single subdomain for authentiction using forms authentication all running on windows server 2008 r2. All of the forms authentication pages are setup to use the same name, and on the authentication page the cookie is added with the following snippet: FormsAuthentication.SetAuthCookie(txtUserName.Text, false); System.Web.HttpCookie MyCookie = System.Web.Security.FormsAuthentication.GetAuthCookie(User.Identity.Name.ToString(), false); MyCookie.Domain = ConfigurationManager.AppSettings["domainName"]; Response.AppendCookie(MyCookie); When I am logged in to signon.mysite.com the page.user.identity.isauthenticated and page.user.identity.name properties both work fine. When I navigate to subdomain.mysite.com the page.user.identity.isauthenticated returns true, bue the name is empty. I tried to retrieve it from the cookie using the following, but it also was blank. HttpCookie cookie = Request.Cookies[".ASPXAUTH"]; FormsAuthenticationTicket fat = FormsAuthentication.Decrypt(cookie.Value); user2_lbl.Text = fat.Name; When googling the issue I found some people saying something must be added to global.asax and other saying it wasn't necessary. The goal is to be able to login on the authentication subdomain and have the user identity accessible from the root site and other subdomains. Machine keys match in all web.config, and the AppSettings["domainName"] is set to "mysite.com" currently. Does anyone know what is preventing me from accessing the user information?

    Read the article

  • ms sql server identity counterpart problem

    - by Guru
    hi there, I'm using MS Sql Server and I want to use identity constraint in it I know how to use it in following manner create table mytable ( c1 int primary key identity(1,1); ) the above code works fine but what if i want the identity column to have values as EMP001, EMP002,... instead of 1,2.... Thanks in advance, Guru

    Read the article

  • HttpContext.Current.User.Identity.Name loses value

    - by Yagami
    Hi, I am using HttpContext.Current.User.Identity.Name to get a user id from 2 web application i'am developping. the problem is when i'am loggin in teh first application i get always HttpContext.Current.User.Identity.Name value (i put test in Application_AuthenticateRequest event) but when i log in teh 2nd application adn i ty to naviagte trough the 1st application teh HttpContext.Current.User.Identity.Name loses value. Environnement of test : Windows XP / VS.NET 2005 / Authentication forms BTW : both application are deployed in teh same machine Thank you for your help

    Read the article

  • SQL Server identity counterpart problem

    - by Guru
    Hi there, I'm using SQL Server and I want to use identity constraint in it I know how to use it in following manner create table mytable ( c1 int primary key identity(1,1); ) the above code works fine but what if i want the identity column to have values as EMP001, EMP002,... instead of 1,2.... Thanks in advance, Guru

    Read the article

  • does @@identity return the primary key or identity field?

    - by elspiko
    Hi, My issue is that I've got update triggers on an SQL View (MS SQL 2005) which I'm mapping to LINQ to SQL entities in C#... My SQL looks correct but it complains about trying to insert a null value into a secondary table PK field. I believe my issue relates to having the primary key and identity as seperate fields in the primary table. So my question is this....when using @@identity, does it look at the primary key of the inserted row, or does it look at the field with "IDENTITY" specified???

    Read the article

  • Should I be afraid of Linux server administration?

    - by markle976
    I've been trying to figure out what to focus on. I finally realized that the root of my quandary is that I am unsure about learning Linux server administration. I have been getting pretty good with PHP/MySQL and web development, but I am not very familiar with Linux. Is it hard to learn? What would I need to know in order to manage a LAMP stack? Also, which version is most used in enterprises? I think I have also hesitated to dive in because it seems like it is mostly used in small companies, but I guess that could be a good thing.

    Read the article

  • Server Administration

    - by Kassem
    Hi everyone, My client asked me for a job description of a system administration because I might be assigned this position along with the other guy I'm working with. To be honest, I do not know much about a System Administrator's job but I'm willing to learn. Questions: What are the security requirements of a server? * What are the key responsibilities in a system admin's job description? What are some of the day to day tasks of a system admin? What is the average monthly salary of a system admin? Note: I will be working inside a Windows environment. But your replies do not necessarily need to be constricted to a Windows environment. (*) Other software I know will be required are: Windows Server 2008 IIS 7.0 MS SQL Server .NET 4.0 Runtime Let me know if there are other things I should be aware of as well. Thanks!

    Read the article

  • sql server: losing identity column on export/import

    - by Y.G.J
    Recently I started dealing with SQL Server, my previous experience was in MS-Access. When I'm doing an import/export of a db, from the server to my computer or even in the server, all column with primary key loose the key. Identity is set to false and even bit is not set to the default. How can I can I use an import/export job to make an exact copy of the db and its data? I don't want to have to perform a backup and restore every time I want the same db somewhere else, for another project, etc. I have read about "edit mapping" and the checkbox but that did not helped with the identity specification... and what about the primary key of the tables and the rest of the things?

    Read the article

  • Fresher in Linux administration [closed]

    - by user127452
    i am fresher in the administration field & i just got the job as a linux support executive,though i have basic knowledge of linux .. the server handling,configuring & network related issues are a new part for me.So i am confuse for where to start with the basic requirement that linux admin should know & how to & from where to study about it .. we hav a 6 working days for +9 hours each ..so it is not possible to join any RHCE course or classes .. so please help me regarding to this issue as the there was no proper handoff is done from previous employer ... & now there is a lot work pressure on me ... so please suggest me something ... :)

    Read the article

  • SQL: without a cursor, how to select records making a unique integer id (identity like) for dups?

    - by Dr. Zim
    If you have the select statement below where the PK is the primary key: select distinct dbo.DateAsInt( dateEntered) * 100 as PK, recordDescription as Data from MyTable and the output is something like this (the first numbers are spaced for clarity): PK Data 2010 01 01 00 New Years Day 2010 01 01 00 Make Resolutions 2010 01 01 00 Return Gifts 2010 02 14 00 Valentines day 2010 02 14 00 Buy flowers and you want to output something like this: PK Data 2010 01 01 01 New Years Day 2010 01 01 02 Make Resolutions 2010 01 01 03 Return Gifts 2010 02 14 01 Valentines day 2010 02 14 02 Buy flowers Is it possible to make the "00" in the PK have an "identity" number effect within a single select? Otherwise, how could you increment the number by 1 for each found activity for that date? I am already thinking as I type to try something like Sum(case when ?? then 1 end) with a group by.

    Read the article

  • SQL Rally Voting Open

    - by AllenMWhite
    The voting for sessions for SQL Rally has been going on for a couple of weeks now. This week the Enterprise Database Administration & Deployment sessions are up for voting. I didn't go into politics because I don't feel comfortable telling people that they should vote for me but this is how the sessions are being decided for this conference, so here goes. I've submitted two abstracts, both grouped in the Summit Spotlight section. The first is a new session based on what I learned implementing...(read more)

    Read the article

  • Webcast Reminder: Implementing IDM in Healthcare, September 19th @10:00 am PST

    - by Darin Pendergraft
    Join me and Rex Thexton from PwC tomorrow (September 19th) as we review an IDM project that Rex and his team completed for a large healthcare organization.  Rex will talk through the IT environment and business drivers that lead to the project, and then we will go through planning, design and implementation of the Oracle Identity Management products that PwC and the customer chose to complete the project. This will be a great opportunity to hear about the trends that are driving IT Healthcare, and to get your Identity Management questions answered. If you haven't already registered - Register Here!

    Read the article

  • ING: Scaling Role Management and Access Certification to Thousands of Applications

    - by Tanu Sood
    Organizations deal with employee and user access certifications in different ways.  There’s collation of multiple spreadsheets, an intense two-week exercise by managers or use of access certification tools to do so across a handful of applications. But for most organizations compliance is about certifying user access for thousands of employees across hundreds of systems. Managing and auditing millions of entitlement combinations on a periodic basis poses a huge scale challenge. ING solved the compliance scale challenge using an Identity Platform approach. Join the live webcast featuring ING’s enterprise architect, Mark Robison, as he discusses how a platform approach offers value that is greater than the sum of its parts and enables ING to successfully meet their security and compliance goals. Mark will also share his implementation experiences and discuss the key requirements to manage the complexity and scale of access certification efforts at ING. Mark will be joined by Neil Gandhi, Principal Product Manager for Oracle Identity Analytics. Live WebcastING: Scaling Role Management and Access Certification to Thousands of ApplicationsWednesday, April 11th at 10 am Pacific/ 1 pm EasternRegister Today

    Read the article

  • Do you have a plan for your digital assets after you die?

    - by pablo
    After reading this question I remembered of a news article about some websites that manage your online identity after you pass away. Have you planned what to do with your digital assets once you go? I'd imagine that your online footprint is as important as anything you leave of material value. I mean, what would be the difference of that open-source project that you created to the money and savings that you had? How would you like to have your identity managed after you pass away? Would you prefer to go "off the grid"? It's a sensitive topic and I never met anyone who prepared for it.

    Read the article

  • Meet and Greet with IDM Executives at Oracle OpenWorld

    - by Tanu Sood
    Oracle’s Identity Management Team Invites You to Learn How to Secure The New Digital Experience Come see how the Oracle Identity Management platform can position your company to take advantage of the emerging business opportunities. Leverage Social Identities for web authentication Enable customers and employees to interact through their mobile devices Deploy Self Service User Provisioning for quick role changes based on business needs We look forward to seeing you there! Wednesday, October 3rd  3:30-4:30 PM  Meeting 4:30-5:30 PM  Cocktail Reception Four Seasons Hotel Yerba Buena Room 757 Market Street San Francisco, CA 94103 415.633.3000 http://www.fourseasons.com/sanfrancisco/   RSVP Now Copyright © 2012, Oracle and/or its affiliates.  All rights reserved. Contact Us | Legal Notices and Terms of Use | Privacy Statement

    Read the article

  • Problem running “Central Administration” website after windows update at Windows 2003 Server Standar

    - by Magdy Roshdy
    I was have WSS 2.0 and then I upgraded to WSS 3.0 and the old instalation database was SQL 2000, now I have another SQL Server instance called:server_name\MICROSOFT##SSEE . After upgrade every thing works fine and our team started to use the portal and we sent lot of documents and make lot of activities on it. The problem started after installing Windows updates the website suddenly stopped and giving me an error "Cannot connect to the configuration database" If I tried to open SharePoint Products and Technologies Configuration Wizard it is gives me a strange error says: "An exception of type Microsoft.SharePoint.PostSetupConfiguration.PostSetupConfigurationTaskException was thrown. Additional exception information: SharePoint Products and Technologies cannot be configured. The current installation mode does not support SKU to SKU upgrades because there exists an older version of Windows SharePoint Services that must be upgraded first " At this post:http://stackoverflow.com/questions/114398/iis-error-cannot-connect-to-the-configuration-database/249494#249494 the guy of the second answer have the same problem and he suggested a solution but I don't understand well. I tried as he suggested to make the identity of the app pool of the SharePoint web site as "IWAM_server_name " after that the error changed as he said and I web site give me "Server Application Unavailable " and when checked the Event Viewer at the server I found that ASP.NET 2.0 give this exception: "Could not load file or assembly 'System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a' or one of its dependencies. Access is denied ." and I don't know how to solve this problem. I'm really want to make my web site working because our team really need these documents and its stuff. I hope I will find some one to help me.

    Read the article

  • Setting up a very mixed Active Directory network to work with PowerShell Remote Administration

    - by erictheavg
    Summary: I want to be able to monitor the computers on my network, but don't need it to be automated. We're too small to purchase anything like MOM, but too big to do anything manually (~100 machines in two locations). I just keep running into issues, and was wondering if there's a master list of Group Policy settings I can distribute to my environment to get Remote Powershell working. Environment: Our AD network is pretty mixed. The end users have XP SP3, Win 7, and Win 7 x64. The servers include Win2k3 SP2, Win2k8, Win2k8 x64, Win2k8 R2, and Win2k8 R2 x64. Details: I'm trying to get it to work with Remote Powershell, but I run into errors like the following: Connecting to remote server failed with the following error message : The WinRM client cannot process the request. Default authentication may be used with an IP address under the following conditions: the transport is HTTPS or the destination is in the TrustedHosts list, and explicit credentials are provided. Use winrm.cmd to configure TrustedHosts. Note that computers in the TrustedHosts list might not be authenticated. For more information on how to set TrustedHosts run the following command: winrm help config. For more information, see the about_Remote_Troubleshooting Help topic. + CategoryInfo : OpenError: (:) [], PSRemotingTransportException + FullyQualifiedErrorId : PSSessionStateBroken Then I go to the computer (Win2k3 SP2 server) and run winrm quickconfig per the recommendations via google, and it says: Make these changes [y/n]? y WinRM has been updated to receive requests. WinRM service started. WSManFault Message = The client cannot connect to the destination specified in the request. Verify that the service on the destination is running and is accepting requests. Consult the logs and documentation for the WS-Management service running on the destination, most commonly IIS or WinRM. If the destination is the WinRM service, run the following command on the destination to analyze and configure the WinRM service: "winrm quickconfig". Error number: -2144108526 0x80338012 The client cannot connect to the destination specified in the request. Verify that the service on the destination is running and is accepting requests. Consult the logs and documentation for the WS-Management service running on the destination, most commonly IIS or WinRM. If the destination is the WinRM service, run the following command on the destination to analyze and configure the WinRM service: "winrm quickconfig". That's right. It tells me to remedy my winrm quickconfig failure by running winrm quickconfig. I don't want to band-aid this project one google search at a time. I'm sure there is a step-by-step tutorial out there on how to set up a network for powershell remote administration. Does anyone know of one? Books are acceptable. Thanks in advance! I didn't think my question would get this long.

    Read the article

  • Securing an ADF Application using OES11g: Part 2

    - by user12587121
    To validate the integration with OES we need a sample ADF Application that is rich enough to allow us to test securing the various ADF elements.  To achieve this we can add some items including bounded task flows to the application developed in this tutorial. A sample JDeveloper 11.1.1.6 project is available here. It depends on the Fusion Order Demo (FOD) database schema which is easily created using the FOD build scripts.In the deployment we have chosen to enable only ADF Authentication as we will delegate Authorization, mostly, to OES.The welcome page of the application with all the links exposed looks as follows: The Welcome, Browse Products, Browse Stock and System Administration links go to pages while the Supplier Registration and Update Stock are bounded task flows.  The Login link goes to a basic login page and once logged in a link is presented that goes to a logout page.  Only the Browse Products and Browse Stock pages are really connected to the database--the other pages and task flows do not really perform any operations on the database. Required Security Policies We make use of a set of test users and roles as decscribed on the welcome page of the application.  In order to exercise the different authorization possibilities we would like to enforce the following sample policies: Anonymous users can see the Login, Welcome and Supplier Registration links. They can also see the Welcome page, the Login page and follow the Supplier Registration task flow.  They can see the icon adjacent to the Login link indicating whether they have logged in or not. Authenticated users can see the Browse Product page. Only staff granted the right can see the Browse Product page cost price value returned from the database and then only if the value is below a configurable limit. Suppliers and staff can see the Browse Stock links and pages.  Customers cannot. Suppliers can see the Update Stock link but only those with the update permission are allowed to follow the task flow that it launches.  We could hide the link but leave it exposed here so we can easily demonstrate the method call activity protecting the task flow. Only staff granted the right can see the System Administration link and the System Administration page it accesses. Implementing the required policies In order to secure the application we will make use of the following techniques: EL Expressions and Java backing beans: JSF has the notion of EL expressions to reference data from backing Java classes.  We use these to control the presentation of links on the navigation page which respect the security contraints.  So a user will not see links that he is not allowed to click on into. These Java backing beans can call on to OES for an authorization decision.  Important Note: naturally we would configure the WLS domain where our ADF application is running as an OES WLS SM, which would allow us to efficiently query OES over the PEP API.  However versioning conflicts between OES 11.1.1.5 and ADF 11.1.1.6 mean that this is not possible.  Nevertheless, we can make use of the OES RESTful gateway technique from this posting in order to call into OES. You can easily create and manage backing beans in Jdeveloper as follows: Custom ADF Phase Listener: ADF extends the JSF page lifecycle flow and allows one to hook into the flow to intercept page rendering.  We use this to put a check prior to rendering any protected pages, again calling on to OES via the backing bean.  Phase listeners are configured in the adf-settings.xml file.  See the MyPageListener.java class in the project.  Here, for example,  is the code we use in the listener to check for allowed access to the sysadmin page, navigating back to the welcome page if authorization is not granted:                         if (page != null && (page.equals("/system.jspx") || page.equals("/system"))){                             System.out.println("MyPageListener: Checking Authorization for /system");                             if (getValue("#{oesBackingBean.UIAccessSysAdmin}").toString().equals("false") ){                                   System.out.println("MyPageListener: Forcing navigation away from system" +                                       "to welcome");                                 NavigationHandler nh = fc.getApplication().getNavigationHandler();                                   nh.handleNavigation(fc, null, "welcome");                               } else {                                 System.out.println("MyPageListener: access allowed");                              }                         } Method call activity: our app makes use of bounded task flows to implement the sequence of pages that update the stock or allow suppliers to self register.  ADF takes care of ensuring that a bounded task flow can be entered by only one page.  So a way to protect all those pages is to make a call to OES in the first activity and then either exit the task flow or continue depending on the authorization decision.  The method call returns a String which contains the name of the transition to effect. This is where we configure the method call activity in JDeveloper: We implement each of the policies using the above techniques as follows: Policies 1 and 2: as these policies concern the coarse grained notions of controlling access to anonymous and authenticated users we can make use of the container’s security constraints which can be defined in the web.xml file.  The allPages constraint is added automatically when we configure Authentication for the ADF application.  We have added the “anonymousss” constraint to allow access to the the required pages, task flows and icons: <security-constraint>    <web-resource-collection>      <web-resource-name>anonymousss</web-resource-name>      <url-pattern>/faces/welcome</url-pattern>      <url-pattern>/afr/*</url-pattern>      <url-pattern>/adf/*</url-pattern>      <url-pattern>/key.png</url-pattern>      <url-pattern>/faces/supplier-reg-btf/*</url-pattern>      <url-pattern>/faces/supplier_register_complete</url-pattern>    </web-resource-collection>  </security-constraint> Policy 3: we can place an EL expression on the element representing the cost price on the products.jspx page: #{oesBackingBean.dataAccessCostPrice}. This EL Expression references a method in a Java backing bean that will call on to OES for an authorization decision.  In OES we model the authorization requirement by requiring the view permission on the resource /MyADFApp/data/costprice and granting it only to the staff application role.  We recover any obligations to determine the limit.  Policy 4: is implemented by putting an EL expression on the Browse Stock link #{oesBackingBean.UIAccessBrowseStock} which checks for the view permission on the /MyADFApp/ui/stock resource. The stock.jspx page is protected by checking for the same permission in a custom phase listener—if the required permission is not satisfied then we force navigation back to the welcome page. Policy 5: the Update Stock link is protected with the same EL expression as the Browse Link: #{oesBackingBean.UIAccessBrowseStock}.  However the Update Stock link launches a bounded task flow and to protect it the first activity in the flow is a method call activity which will execute an EL expression #{oesBackingBean.isUIAccessSupplierUpdateTransition}  to check for the update permission on the /MyADFApp/ui/stock resource and either transition to the next step in the flow or terminate the flow with an authorization error. Policy 6: the System Administration link is protected with an EL Expression #{oesBackingBean.UIAccessSysAdmin} that checks for view access on the /MyADF/ui/sysadmin resource.  The system page is protected in the same way at the stock page—the custom phase listener checks for the same permission that protects the link and if not satisfied we navigate back to the welcome page. Testing the Application To test the application: deploy the OES11g Admin to a WLS domain deploy the OES gateway in a another domain configured to be a WLS SM. You must ensure that the jps-config.xml file therein is configured to allow access to the identity store, otherwise the gateway will not b eable to resolve the principals for the requested users.  To do this ensure that the following elements appear in the jps-config.xml file: <serviceProvider type="IDENTITY_STORE" name="idstore.ldap.provider" class="oracle.security.jps.internal.idstore.ldap.LdapIdentityStoreProvider">             <description>LDAP-based IdentityStore Provider</description>  </serviceProvider> <serviceInstance name="idstore.ldap" provider="idstore.ldap.provider">             <property name="idstore.config.provider" value="oracle.security.jps.wls.internal.idstore.WlsLdapIdStoreConfigProvider"/>             <property name="CONNECTION_POOL_CLASS" value="oracle.security.idm.providers.stdldap.JNDIPool"/></serviceInstance> <serviceInstanceRef ref="idstore.ldap"/> download the sample application and change the URL to the gateway in the MyADFApp OESBackingBean code to point to the OES Gateway and deploy the application to an 11.1.1.6 WLS domain that has been extended with the ADF JRF files. You will need to configure the FOD database connection to point your database which contains the FOD schema. populate the OES Admin and OES Gateway WLS LDAP stores with the sample set of users and groups.  If  you have configured the WLS domains to point to the same LDAP then it would only have to be done once.  To help with this there is a directory called ldap_scripts in the sample project with ldif files for the test users and groups. start the OES Admin console and configure the required OES authorization policies for the MyADFApp application and push them to the WLS SM containing the OES Gateway. Login to the MyADFApp as each of the users described on the login page to test that the security policy is correct. You will see informative logging from the OES Gateway and the ADF application to their respective WLS consoles. Congratulations, you may now login to the OES Admin console and change policies that will control the behaviour of your ADF application--change the limit value in the obligation for the cost price for example, or define Role Mapping policies to determine staff access to the system administration page based on user profile attributes. ADF Development Notes Some notes on ADF development which are probably typical gotchas: May need this on WLS startup in order to allow us to overwrite credentials for the database, the signal here is that there is an error trying to access the data base: -Djps.app.credential.overwrite.allowed=true Best to call Bounded Task flows via a CommandLink (as opposed to a go link) as you cannot seem to start them again from a go link, even having completed the task flow correctly with a return activity. Once a bounded task flow (BTF) is initated it must complete correctly  via a return activity—attempting to click on any other link whilst in the context of a  BTF has no effect.  See here for example: When using the ADF Authentication only security approach it seems to be awkward to allow anonymous access to the welcome and registration pages.  We can achieve anonymous access using the web.xml security constraint shown above (where no auth-constraint is specified) however it is not clear what needs to be listed in there….for example the /afr/* and /adf/* are in there by trial and error as sometimes the welcome page will not render if we omit those items.  I was not able to use the default allPages constraint with for example the anonymous-role or the everyone WLS group in order to be able to allow anonymous access to pages. The ADF security best practice advises placing all pages under the public_html/WEB-INF folder as then ADF will not allow any direct access to the .jspx pages but will only allow acces via a link of the form /faces/welcome rather than /faces/welcome.jspx.  This seems like a very good practice to follow as having multiple entry points to data is a source of confusion in a web application (particulary from a security point of view). In Authentication+Authorization mode only pages with a Page definition file are protected.  In order to add an emty one right click on the page and choose Go to Page Definition.  This will create an empty page definition and now the page will require explicit permission to be seen. It is advisable to give a unique context root via the weblogic.xml for the application, as otherwise the application will clash with any other application with the same context root and it will not deploy

    Read the article

< Previous Page | 8 9 10 11 12 13 14 15 16 17 18 19  | Next Page >