Search Results

Search found 14784 results on 592 pages for 'spring security'.

Page 137/592 | < Previous Page | 133 134 135 136 137 138 139 140 141 142 143 144  | Next Page >

  • How do I connect StaticListableBeanFactory with ClassPathXmlApplicationContext?

    - by Aaron Digulla
    In the setup of my test cases, I have this code: ApplicationContext context = new ClassPathXmlApplicationContext( "spring/common.xml" ); StaticListableBeanFactory testBeanFactory = new StaticListableBeanFactory(); How do I connect the two in such a way that tests can register beans in the testBeanFactory during setup and the rest of the application uses them instead of the ones defined in common.xml? Note: I need to mix a static (common.xml) and a dynamic configuration. I can't use XML for the latter because that would mean to write 1000 XML files.

    Read the article

  • What happens on a JMS queue when onMessage() throws a JMSException?

    - by user311121
    Hi, I'm using Spring 2.5 with my custom class that implements MessageListener. If a JmsException is thrown in my onMessage( ) method, what happens to the state of the queue? Is the message considered "delivered" by the queue the moment onMessage is called? Or does the JmsException trigger some kind of rollback and the message is re-entered on the queue? Thanks in advance!

    Read the article

  • How to upgrade all dependencies to a specific version

    - by Calm Storm
    Hi, I tried doing a mvn dependency:tree and I get a tree of dependencies. My question is, My project depends on many modules which internally depends on many spring artifacts. There are a few version clashes. I want to upgrade all spring related libraries to say the latest one (2.6.x or above). What is the preferred way to do this? Should I declare all the deps spring-context, spring-support (and 10 other artifacts) in my pom.xml and point them to 2.6.x ? Is there any other better method ? [INFO] +- com.xxxx:yyy-jar:jar:1.0-SNAPSHOT:compile [INFO] | +- com.xxxx:zzz-commons:jar:1.0-SNAPSHOT:compile [INFO] | | +- org.springframework:spring-dao:jar:2.0.7:compile [INFO] | | +- org.springframework:spring-jdbc:jar:2.0.7:compile [INFO] | | +- org.springframework:spring-web:jar:2.0.7:compile [INFO] | | +- org.springframework:spring-support:jar:2.0.7:compile [INFO] | | +- net.sf.ehcache:ehcache:jar:1.2:compile [INFO] | | +- commons-collections:commons-collections:jar:3.2:compile [INFO] | | +- aspectj:aspectjweaver:jar:1.5.3:compile [INFO] | | +- betex-commons:betex-commons:jar:5.5.1-2:compile [INFO] | | \- javax.servlet:servlet-api:jar:2.4:compile [INFO] | +- org.springframework:spring-beans:jar:2.0.7:compile [INFO] | +- org.springframework:spring-jmx:jar:2.0.7:compile [INFO] | +- org.springframework:spring-remoting:jar:2.0.7:compile [INFO] | +- org.apache.cxf:cxf-rt-core:jar:2.0.2-incubator:compile [INFO] | | +- org.apache.cxf:cxf-api:jar:2.0.2-incubator:compile [INFO] | | | +- org.apache.geronimo.specs:geronimo-activation_1.1_spec:jar:1.0-M1:compile [INFO] | | | +- org.codehaus.woodstox:wstx-asl:jar:3.2.1:compile [INFO] | | | +- org.apache.neethi:neethi:jar:2.0.2:compile [INFO] | | | \- org.apache.cxf:cxf-common-schemas:jar:2.0.2-incubator:compile UPDATE : I have removed the extra question about "\-" so my question is now what the subject asks for :)

    Read the article

  • What does the \- mean in the mvn dependency tree output

    - by Calm Storm
    Hi, I tried doing a mvn dependency:tree and I get a tree of dependencies. The output looks like below. I want to know what is the "-" symbol that is shown at times and the "+-" symbol for other dependencies (it doesnt seem to be the scope) My actual question is, My project depends on many modules which internally depends on many spring artifacts. There are a few version clashes. I want to upgrade all spring related libraries to say the latest one (2.6.x or above). What is the preferred way to do this? Should I declare all the deps spring-context, spring-support (and 10 other artifacts) in my pom.xml and point them to 2.6.x ? Is there any other better method ? [INFO] +- com.xxxx:yyy-jar:jar:1.0-SNAPSHOT:compile [INFO] | +- com.xxxx:zzz-commons:jar:1.0-SNAPSHOT:compile [INFO] | | +- org.springframework:spring-dao:jar:2.0.7:compile [INFO] | | +- org.springframework:spring-jdbc:jar:2.0.7:compile [INFO] | | +- org.springframework:spring-web:jar:2.0.7:compile [INFO] | | +- org.springframework:spring-support:jar:2.0.7:compile [INFO] | | +- net.sf.ehcache:ehcache:jar:1.2:compile [INFO] | | +- commons-collections:commons-collections:jar:3.2:compile [INFO] | | +- aspectj:aspectjweaver:jar:1.5.3:compile [INFO] | | +- betex-commons:betex-commons:jar:5.5.1-2:compile [INFO] | | \- javax.servlet:servlet-api:jar:2.4:compile [INFO] | +- org.springframework:spring-beans:jar:2.0.7:compile [INFO] | +- org.springframework:spring-jmx:jar:2.0.7:compile [INFO] | +- org.springframework:spring-remoting:jar:2.0.7:compile [INFO] | +- org.apache.cxf:cxf-rt-core:jar:2.0.2-incubator:compile [INFO] | | +- org.apache.cxf:cxf-api:jar:2.0.2-incubator:compile [INFO] | | | +- org.apache.geronimo.specs:geronimo-activation_1.1_spec:jar:1.0-M1:compile [INFO] | | | +- org.codehaus.woodstox:wstx-asl:jar:3.2.1:compile [INFO] | | | +- org.apache.neethi:neethi:jar:2.0.2:compile [INFO] | | | \- org.apache.cxf:cxf-common-schemas:jar:2.0.2-incubator:compile

    Read the article

  • How can I test a form that requires the entry of two random characters from a security phrase?

    - by lawm
    I need to test a two-stage login system which first asks for your email address and password and then presents the user with two select lists containing [a-zA-Z0-9]. The labels beside the drop down's are of the form 'Select character X from your security phrase', where X is a random character index from a known security phrase. I'd rather not stub the code for an acceptance test, so is it possible to write a matcher in cucumber which will, given that we know the whole phrase, select the required character in each of the two lists? Here is the scenario I have so far and the steps involved: Scenario: valid login email, password and secret phrase takes me to the dashboard Given I am not logged in When I log in as "[email protected]" Then I should be on the dashboard page And I should see "Your Dashboard" When /^I log in as "([^\"]*)"$/ do |login| visit path_to('Login page') fill_in "Email", :with => login fill_in "Password", :with => "Password123" click_button "Log in" response.should contain("Please verify some characters from your security phrase") select "a", :from => "Select character X of your security phrase" select "b", :from => "Select character Y of your security phrase" click_button "Submit" end For example, if the security phrase is 'Secret123', X = 3 and Y = 8, the above would have to produce the equivalent of: select "c", :from => "Select character 3 of your security phrase" select "2", :from => "Select character 8 of your security phrase" The numbers X and Y in the actual page are inside span#svc_1 and span#svc_2 respectively. Thanks,

    Read the article

  • WCF: Using Streaming and Username/Password authentication at the same time

    - by Kay
    Hi, I have a WCF Service with the following requirements: a) The client requests a file from the server which is transferred as a Stream. Files may be 100MB or larger. I need streaming or chucking or whatever to make sure that IIS is not loading the whole package into memory before starting to send it. b) The client will transfer an ID to identify the file to be downloaded. The user should be authenticated by providing username/password. c) While the username/password part of the communication needs to be encrypted, encryption of the downloaded file is optional for our use case. My other services, where I am returning smaller files, I am using the following binding: <ws2007HttpBinding> <binding name="ws2007HttpExtern" maxReceivedMessageSize="65536000"> <security mode="Message"> <message clientCredentialType="UserName" /> </security> </binding> </ws2007HttpBinding> But, as I said, that is no good for streaming (Message encryption needs the complete message to encrypt and that is not the case when streaming). So, I asked Microsoft support and I got more or less the following proposal: <bindings> <basicHttpBinding> <binding name="basicStreaming" messageEncoding="Mtom" transferMode="StreamedResponse"> <security mode="Transport"> <transport clientCredentialType="Basic" /> </security> </binding> </bindings> <services> <service behaviorConfiguration="MyProject.WCFInterface.DownloadBehavior" name="MyProject.WCFInterface.DownloadFile"> <endpoint address="" binding="basicHttpBinding" bindingConfiguration="basicStreaming" contract="MyProject.WCFInterface.IDownloadFile" /> <endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" /> </service> </services> <behaviors> <serviceBehaviors> <behavior name="MyProject.WCFInterface.DownloadBehavior"> <serviceMetadata httpGetEnabled="false" httpsGetEnabled="true" /> <serviceDebug includeExceptionDetailInFaults="true" /> </behavior> </serviceBehaviors> </behaviors> When I use this, I get the following error message: Could not find a base address that matches scheme https for the endpoint with binding BasicHttpBinding. Registered base address schemes are [http]. I am using the Web Development Server so far (for production IIS7). I have two questions. a) How would you configure WCF to achieve the goal? b) If the MS proposal is good: What I am doing wrong, the error message does not really help me. Thanks.

    Read the article

  • Winforms role based security limitations

    - by muhan
    I'm implementing role based security using Microsoft's membership and role provider. The theoretical problem I'm having is that you implement a specific role on a method such as: [PrincipalPermissionAttribute(SecurityAction.Demand, Role="Supervisor")] private void someMethod() {} What if at some point down the road, I don't want Supervisors to access someMethod() anymore? Wouldn't I have to change the source code to make that change? Am I missing something? It seems there has to be some way to abstract the relationship between the supervisors role and the method so I can create a way in the application to change this coupling of role permission to method. Any insight or direction would be appreciated. Thank you.

    Read the article

  • System.Security.VerificationException: Operation could destabilize the runtime

    - by Rigobert Song
    I have a web service which is queried using linq to sql but returns an array of objects. I keep getting the following error: System.Security.VerificationException: Operation could destabilize the runtime When I run a method that uses a linq statement to return an array I get this error, but only on my test server, which is windows server 2008. Everything works fine in my win 7 machine. The project is a .net 3.5. Any ideas what the problem might be? Thanks UPDATE: My linq queries return IQueryable.

    Read the article

  • Quick question on session security.

    - by Scarface
    Hey guys, I was scanning my site for security and I noticed that it was possible for non users to send requests and post information, so I decided to put login checks on all information posts. I was wondering if it was a good way to keep a session id that is created by md5(uniqid()); in a session variable $_SESSION['id']=md5(uniqid()); for each user and then store that in a database under active users for that user. Then when a user tries to insert information, verify that their $_SESSION['id'] variable is equal to the one in the database where the username equals their $_SESSION['username']. What are your ideas on this guys? Thanks in advance!

    Read the article

  • Implementing Security on custom BCS/.net class?

    - by Michael Stum
    I'm implementing a custom BCS Model to get data from a backend system. As the backend uses it's own user management, I'm accessing it through a service account. All of this works well and allows me to pull data into SharePoint. However because it's channeled through the service account, everyone can access it, which is bad. Can anyone give me some tips which method to implement? The backend does not give me NT ACLs, but I wonder if I could just "fake" them somehow? (Essentially saying "This NT Group has Read Access" is good enough). I am aware of ISecurityTrimmer2 for Search Results, but ideally I want to cover security inside the BCS Model so that it applies to external lists as well. I want to avoid using Secure storage and mapping each individual user to the backend.

    Read the article

  • Hacking your own application

    - by instigator
    I am a web developer that is very conscious of security and try and make my web applications as secure as possible. How ever I have started writing my own windows applications in C# and when it comes testing the security of my C# application, I am really only a novice. Just wondering if anyone has any good tutorials/readme's on how to hack your own windows application and writing secure code.

    Read the article

  • Objective-C Plugin Architecture Security (Mac, not iphone)

    - by Tom Dalling
    I'm possibly writing a plugin system for a Cocoa application (Mac, not iphone). A common approach is the make each plugin a bundle, then inject the bundle into the main application. I'm concerned with the security implications of doing this, as the bundle will have complete access to the Objective-C runtime. I am especially concerned with a plugin having access to the code that handles registration and serial keys. Another plugin system we are considering is based on distributed notifications. Basically, each plugin will be a separate process, and they will communicate via distributed notifications only. Is there a way to load bundles securely (e.g. sandboxing)? If not, do you see any problems with using distributed notifications? Are there any other plugin architectures that would be better?

    Read the article

  • Flash security popup is unclickable on a layered window

    - by sjlewis
    I have a layered (TransparencyKey is set) winform w/ a WebBrowser control on it that navigates to a page that contains flash (swf). Everything works okay except that when flash shows a security popup, none of the buttons on the popup respond to mouse click, so I can't click Allow/Deny. Right-click works but only shows the context menu that is normal to flash. I tried overriding WndProc on the WebBrowser control, as suggested here, but it still does not respond to mouse click. If I comment out the TransparencyKey setting, even w/o the WndProc override, the buttons respond. I thought this'd be a container issue so I decided to host the swf file on the form, using the example here, but this, too, had the same problem w/ layered window. So, is there another way that can get around this problem? What is it w/ layered window that renders the buttons on the flash popup unclickable? What is it w/ flash...?

    Read the article

  • outputting html in runtime in asp.net

    - by madness800
    Hi all, I'm building a website at the moment, I've some html fragment that is being stored into the database, I've been reading around that inserting HTML at runtime poses security risks by using the InnerHTML property of any html tag with runat server on it. So, my question is there any alternative way to safely display the html code and won't pose security risks and is it best to assume any textboxes on any given page is dangerous and process the text in the textboxes with Server.HtmlEncode before I store it to database? Cheers

    Read the article

  • ie6 p3p 'file download security warning'

    - by cometta
    i have a page inside iframe, so i set the header to "P3P","CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"" after that my page inside iframe able to load properly and i able to authenticate user with 'form' post . but on ie6, when i post 'form' inside iframe, i get ie6 message 'file download security warning on javascript file' . those javascript files are put on 'head' of pages inside iframe. how comes ie6 suddenly pop up dialog asking to download those files? anyone know which p3p parameter cause this problem?

    Read the article

  • Need a Security Scenario for asp.net webservice

    - by Karamafrooz
    I have developed a .Net 3.5 windows forms application. I also want to design a website that has a webservice with multiple Webmethods to query the database on the host machine. I want the webservice to be called ONLY through my winapp and my website! And I don't want any other people to be able to call and use my webservice but only some people who have access to the windows application that I have developed. I need a good security scenario for this! I truly appreciate anyone who can help me because this is my first experience of developing a webservice and I really need it to be as secure as I mentioned!

    Read the article

  • Making sure a web page is not cached, across all browsers.

    - by Edward Wilde
    Our investigations have shown us that not all browsers respect the http cache directives in a uniform manner. For security reasons we do not want certain pages in our application to cached, ever, by the web browser. This must work for at least the following browsers: Internet Explorer versions 6-8 FireFox versions 1.5 - 3.0 Safari version 3 Opera 9 Our requirement came from a security test. After logging out from our website you could press the back button and view cached pages.

    Read the article

  • serving files using django - is this a security vulnerability

    - by Tom Tom
    I'm using the following code to serve uploaded files from a login secured view in a django app. Do you think that there is a security vulnerability in this code? I'm a bit concerned about that the user could place arbitrary strings in the url after the upload/ and this is directly mapped to the local filesystem. Actually I don't think that it is a vulnerability issue, since the access to the filesystem is restricted to the files in the folder defined with the UPLOAD_LOCATION setting. UPLOAD_LOCATION = is set to a not publicly available folder on the webserver url(r'^upload/(?P<file_url>[/,.,\s,_,\-,\w]+)', 'aeon_infrastructure.views.serve_upload_files', name='project_detail'), @login_required def serve_upload_files(request, file_url): import os.path import mimetypes mimetypes.init() try: file_path = settings.UPLOAD_LOCATION + '/' + file_url fsock = open(file_path,"r") file_name = os.path.basename(file_path) file_size = os.path.getsize(file_path) print "file size is: " + str(file_size) mime_type_guess = mimetypes.guess_type(file_name) if mime_type_guess is not None: response = HttpResponse(fsock, mimetype=mime_type_guess[0]) response['Content-Disposition'] = 'attachment; filename=' + file_name #response.write(file) except IOError: response = HttpResponseNotFound() return response

    Read the article

  • How would a php or java client authenticate if I'm using WCF w/ forms auth?

    - by Toran Billups
    I have a generic proof of concept WCF service that is using forms authentication to secure access. All works great when my client is .NET (vb code below) Dim client As SupplierServiceClient = New SupplierServiceClient() client.ClientCredentials.UserName.UserName = "[email protected]" client.ClientCredentials.UserName.Password = "password" Dim SupplierList As List(Of Supplier) = client.GetSuppliers() but as I want this to interop w/ anyone who can do SOAP 1.1/1.2 - how would a PHP or Java client connect? My WCF web.config is listed below (fyi) <system.serviceModel> <services> <service name="SampleApplicationWCF.Library.SupplierService" behaviorConfiguration="NorthwindBehavior"> <endpoint address="" name="wsHttpSupplierService" contract="SampleApplicationWCF.Library.ISupplierService" binding="wsHttpBinding" bindingConfiguration="wsHttp"/> <endpoint address="https://server/SampleApplicationWCF/SupplierService.svc/Basic" name="basicHttpSupplierService" contract="SampleApplicationWCF.Library.ISupplierService" binding="basicHttpBinding" bindingConfiguration="basicHttp"/> <endpoint contract="IMetadataExchange" binding="mexHttpBinding" address="mex"/> </service> </services> <bindings> <wsHttpBinding> <binding name="wsHttp"> <security mode="TransportWithMessageCredential"> <transport/> <message clientCredentialType="UserName" negotiateServiceCredential="false" establishSecurityContext="true"/> </security> </binding> </wsHttpBinding> <basicHttpBinding> <binding name="basicHttp"> <security mode="TransportWithMessageCredential"> <transport/> <message clientCredentialType="UserName"/> </security> </binding> </basicHttpBinding> </bindings> <behaviors> <serviceBehaviors> <behavior name="NorthwindBehavior"> <serviceMetadata httpGetEnabled="true"/> <serviceAuthorization principalPermissionMode="UseAspNetRoles"/> <serviceCredentials> <userNameAuthentication userNamePasswordValidationMode="MembershipProvider"/> </serviceCredentials> </behavior> </serviceBehaviors> </behaviors> </system.serviceModel>

    Read the article

< Previous Page | 133 134 135 136 137 138 139 140 141 142 143 144  | Next Page >