Search Results

Search found 14771 results on 591 pages for 'security policy'.

Page 165/591 | < Previous Page | 161 162 163 164 165 166 167 168 169 170 171 172  | Next Page >

• What are the steps needed to achieve EAL4

  - by Anonymous

  I read the wikipedia article on EAL (http://en.wikipedia.org/wiki/Evaluation_Assurance_Level) but didn't find it very helpful in laying out the steps needed to achieve EAL4. Can someone please lay out in plain English what's involved and what's required?

  Read the article

• Is there a way to get Apache to blank sensitive data from logs?

  - by i..

  We're trying to clean up one of our systems as much as possible & have found that despite our attempts to block, users are accessing a certain part of our system through a HTTP GET with their password in the URL. This results in our Apache logs recording their password in plain text on the server. Is there an Apache directive or module that can filter out (or replace) certain patterns in its logs?

  Read the article

• Iptables: How to allow only one ip through specific port?

  - by Camran

  How can I on my ubuntu server, in Iptables only allow one IP adress on a specific port? Thanks

  Read the article

• Why is the word PERSONAL still relevant in the term PC? [closed]

  - by Bill

  I have spent half an hour trying to change an icon on my Win-7-64 machine (Why Can't I Change the Icon). One reasonable suggestion (reasonable in terms of having a solution, not reasonable in terms of having to jump through these hoops for such a basic requirement) was to delete the old icon from the %userprofile% \ Local Settings..., however when I click on this folder in Windows Explorer I am told the folder is not accessible - Access Denied. Well! It's my PERSONAL computer isn't it? Isn't that what PC stands for? It's MY computer - why can't I get access to that folder? It's about time we started calling these machines MCs (Microsoft Computer), or WCs (Windows Computer) - because they sure as hell aint PERSONAL damn computers!!!!

  Read the article

• Java process eating CPU; Why?

  - by Camran

  I have a Linux server which I have installed Java on. Sometimes, and only sometimes when a large nr of visitors visit my website, the site hangs. When I open the terminal and enter the "top" command to see whats going on, I can see that "Java" process is eating CPU! Like 400%. I have also tried ps aux command, and can see that the command is from usr/bin/java I have little experience in troubleshooting this kind of things, so I turn to you guys for help. I have a java container installed (Jetty) which I must have in order to use SOLR (search engine) which is integrated into my website. I can start and stop SOLR by: etc/init.d/solr stop But this didn't remove the java process from the "Top" command. Still java was eating 400% CPU. Is there other methods to restart java only? This has happened twice to me, and each time I have now restarted my entire servers and everithing is fine. If you need more input let me know! Thanks

  Read the article

• most simple way to get files on a server

  - by acidzombie24

  I am on windows and my server is linux. I would like to grab files from the server automatically with a script. Maybe execute a bash script remotely as well but maybe i dont need that. I need to connect securely and i would like some kind of password so not anyone can connect. I need to download files and i'd like to get every file in a set of folders. I do not want to download them again if they exist. What is the easiest way to do this? i thought of creating a simple .NET site with data in App_Data (so it cant be reached from the outside) however i have a feeling an easier way exist. I'd like to do scp with a shell but i am on windows and also i am unsure how to iterate through folders and only get files that dont exist.

  Read the article

• Is a VPN a good method for protecting data in an untrusted network? [closed]

  - by john

  I will be connecting my laptop in an untrusted network. If I setup OpenVpn on a server and use a vpn client on the laptop to connect through it, is it enough? Can someone perform a MITM attack or otherwise eavesdrop on my traffic? If someone on the local network port-scans my laptop, will the open ports be accessible to him while I use the VPN tunnel? Is there anything else I should keep in mind?

  Read the article

• What are my options for a secure External File Share in Server 2008 R2?

  - by Nitax

  Hi, I have a Windows Server 2008 R2 machine installed on a home network with a number of files that need to be shared in a few different scenarios. I would like for all three scenarios to have a solution with some sort of encyption to protect the data during transfer. Scenario 1: I need to access files from my laptop (Mac OSX) or another computer outside of the network. This option seems like the easy one to answer in that I could use LogMeIn, the windows VPN, etc. to create such a connection. Scenario 2: I need to provide access to another user with minimal installation / configuration on his or her end. This makes me think of the new FTP 7.5 provided with Server 2008 R2 but i'm not sure of the details: Does it support SSH or some other form of encryption?, can an OSX user connect?, etc. My question here is what are my options? I really just don't know where to get started...

  Read the article

• What are the minimal iptables rules to surf the internet?

  - by alexx0186

  I am trying to set minimal rules to my Linux iptables rules file to just be able to surf the internet. Here what I did: * filter -A OUTPUT -p tcp --dport 80 -j ACCEPT -A OUTPUT -p tcp --dport 443 -j ACCEPT -A OUTPUT -p udp --dport 53 -j ACCEPT COMMIT With just those rules, I can't surf the web. I noticed that when I put -A INPUT -j ACCEPT, it works but I don't understand why. So what Input/output port do I need to surf the internet? Thanks a lot. Regards EDIT: It still doesn't work and my rules as as follows: # generated by iptables-save filter :INPUT DROP [10:648] :FORWARD DROP [0:0] :OUTPUT ACCEPT [10:648] -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPTED COMMIT

  Read the article

• Show all text in Terminal window (linux server)

  - by Camran

  Whenever performing big tasks with lots of "text", the text gets cropped or something from above. I want to be able to read ALL that has happened. Is this possible? because I can only read x nr of lines now. Thanks

  Read the article

• Takeaways From CSO Roundtable New York

  - by Naresh Persaud

  Thanks to everyone who attended the Chief Security Officer Roundtable in New York last week. We were lucky to have Dennis Brixus, CSO of McGraw-Hill  as a guest speaker. In addition, Jeff Henley, provided a board level perspective on security. Amit Jasuja discussed Oracle's security formula.  A few takeaways from Jeff's talk that were interesting: Security is a board level issue. The challenge at the board level is that boards have short attention span. The CSO needs to be vigilant in educating the board on the strategic importance of security. Every CSO needs to think about cost. The CSO has to look at the economics of security and demonstrate fiduciary responsibility. We have to think of security as a business enabler. Security is the enabler that helps us expand into new markets and connect better with our customers and partners. While the CSO can't prevent every threat, we have to expect the CSO to have a plan. Oracle security-formula View more PowerPoint from OracleIDM

  Read the article

• Block Skype on Cisco IOS

  - by ensnare

  I'm trying to block skype via policy routing but it's not working ... here's my configuration: class-map match-any block match protocol skype policy-map QoS-Priority-Input class block police 1000000 31250 31250 conform-action drop exceed-action drop violate-action drop policy-map QoS-Priority-Output class block police 1000000 31250 31250 conform-action drop exceed-action drop violate-action drop interface FastEthernet4 description WAN service-policy input QoS-Priority-Input service-policy output QoS-Priority-Output

  Read the article

• Securing Web Service communication with SSL using CXF

  - by reef

  Hi all, I am trying to secure communications via SSL/TLS for one of our Web Service using CXF 2.2.5. I am wondering how to update client and server Spring configuration file to activate this feature. I found some information on CXF's website (CXF Wiki) for the client configuration, here is the given example: <http:conduit name="{http://apache.org/hello_world}HelloWorld.http-conduit"> <http:tlsClientParameters> <sec:keyManagers keyPassword="password"> <sec:keyStore type="JKS" password="password" file="src/test/java/org/apache/cxf/systest/http/resources/Morpit.jks"/> </sec:keyManagers> <sec:trustManagers> <sec:keyStore type="JKS" password="password" file="src/test/java/org/apache/cxf/systest/http/resources/Truststore.jks"/> </sec:trustManagers> <sec:cipherSuitesFilter> <!-- these filters ensure that a ciphersuite with export-suitable or null encryption is used, but exclude anonymous Diffie-Hellman key change as this is vulnerable to man-in-the-middle attacks --> <sec:include>.*_EXPORT_.*</sec:include> <sec:include>.*_EXPORT1024_.*</sec:include> <sec:include>.*_WITH_DES_.*</sec:include> <sec:include>.*_WITH_NULL_.*</sec:include> <sec:exclude>.*_DH_anon_.*</sec:exclude> </sec:cipherSuitesFilter> </http:tlsClientParameters> <http:authorization> <sec:UserName>Betty</sec:UserName> <sec:Password>password</sec:Password> </http:authorization> <http:client AutoRedirect="true" Connection="Keep-Alive"/> </http:conduit> Concerning this configuration, the Concerning the server side configuration I am unable to launch the server properly, here is the configuration I have: <http:destination name="{urn:ihe:iti:xds-b:2007}DocumentRepository_Port_Soap12.http-destination"> </http:destination> <httpj:engine-factory> <httpj:engine port="9043"> <httpj:tlsServerParameters> <sec:keyManagers keyPassword="changeit"> <sec:keyStore type="JKS" password="changeit" file="security/keystore.jks" /> </sec:keyManagers> <sec:trustManagers> <sec:keyStore type="JKS" password="changeit" file="security/cacerts.jks" /> </sec:trustManagers> <sec:cipherSuitesFilter> <!-- these filters ensure that a ciphersuite with export-suitable or null encryption is used, but exclude anonymous Diffie-Hellman key change as this is vulnerable to man-in-the-middle attacks --> <sec:include>.*_EXPORT_.*</sec:include> <sec:include>.*_EXPORT1024_.*</sec:include> <sec:include>.*_WITH_DES_.*</sec:include> <sec:include>.*_WITH_NULL_.*</sec:include> <sec:exclude>.*_DH_anon_.*</sec:exclude> </sec:cipherSuitesFilter> <sec:clientAuthentication want="true" required="true" /> </httpj:tlsServerParameters> </httpj:engine> </httpj:engine-factory> But when I run my application server (JOnas) with this configuration I have the following error message: Line 20 in XML document from ServletContext resource [/WEB-INF/beans.xml] is invalid; nested exception is org.xml.sax.SAXParseException: cvc-complex-type.2.4.c: The matching wildcard is strict, but no declaration can be found for element 'httpj:engine-factory'. Do you guys know how to solve this issue? Thanks in advance,

  Read the article

• Securing an ADF Application using OES11g: Part 1

  - by user12587121

  Future releases of the Oracle stack should allow ADF applications to be secured natively with Oracle Entitlements Server (OES). In a sequence of postings here I explore one way to achive this with the current technology, namely OES 11.1.1.5 and ADF 11.1.1.6. ADF Security Basics ADF Bascis The Application Development Framework (ADF) is Oracle’s preferred technology for developing GUI based Java applications.  It can be used to develop a UI for Swing applications or, more typically in the Oracle stack, for Web and J2EE applications.  ADF is based on and extends the Java Server Faces (JSF) technology.  To get an idea, Oracle provides an online demo to showcase ADF components. ADF can be used to develop just the UI part of an application, where, for example, the data access layer is implemented using some custom Java beans or EJBs.  However ADF also has it’s own data access layer, ADF Business Components (ADF BC) that will allow rapid integration of data from data bases and Webservice interfaces to the ADF UI component.   In this way ADF helps implement the MVC  approach to building applications with UI and data components. The canonical tutorial for ADF is to open JDeveloper, define a connection to a database, drag and drop a table from the database view to a UI page, build and deploy.  One has an application up and running very quickly with the ability to quickly integrate changes to, for example, the DB schema. ADF allows web pages to be created graphically and components like tables, forms, text fields, graphs and so on to be easily added to a page.  On top of JSF Oracle have added drag and drop tooling with JDeveloper and declarative binding of the UI to the data layer, be it database, WebService or Java beans.  An important addition is the bounded task flow which is a reusable set of pages and transitions.   ADF adds some steps to the page lifecycle defined in JSF and adds extra widgets including powerful visualizations. It is worth pointing out that the Oracle Web Center product (portal, content management and so on) is based on and extends ADF. ADF Security ADF comes with it’s own security mechanism that is exposed by JDeveloper at development time and in the WLS Console and Enterprise Manager (EM) at run time. The security elements that need to be addressed in an ADF application are: authentication, authorization of access to web pages, task-flows, components within the pages and data being returned from the model layer. One  typically relies on WLS to handle authentication and because of this users and groups will also be handled by WLS.  Typically in a Dev environment, users and groups are stored in the WLS embedded LDAP server. One has a choice when enabling ADF security (Application->Secure->Configure ADF Security) about whether to turn on ADF authorization checking or not: In the case where authorization is enabled for ADF one defines a set of roles in which we place users and then we grant access to these roles to the different ADF elements (pages or task flows or elements in a page). An important notion here is the difference between Enterprise Roles and Application Roles. The idea behind an enterprise role is that is defined in terms of users and LDAP groups from the WLS identity store.  “Enterprise” in the sense that these are things available for use to all applications that use that store.  The other kind of role is an Application Role and the idea is that  a given application will make use of Enterprise roles and users to build up a set of roles for it’s own use.  These application roles will be available only to that application.   The general idea here is that the enterprise roles are relatively static (for example an Employees group in the LDAP directory) while application roles are more dynamic, possibly depending on time, location, accessed resource and so on.  One of the things that OES adds that is that we can define these dynamic membership conditions in Role Mapping Policies. To make this concrete, here is how, at design time in Jdeveloper, one assigns these rights in Jdeveloper, which puts them into a file called jazn-data.xml: When the ADF app is deployed to a WLS this JAZN security data is pushed to the system-jazn-data.xml file of the WLS deployment for the policies and application roles and to the WLS backing LDAP for the users and enterprise roles.  Note the difference here: after deploying the application we will see the users and enterprise roles show up in the WLS LDAP server.  But the policies and application roles are defined in the system-jazn-data.xml file.  Consult the embedded WLS LDAP server to manage users and enterprise roles by going to the domain console and then Security Realms->myrealm->Users and Groups: For production environments (or in future to share this data with OES) one would then perform the operation of “reassociating” this security policy and application role data to a DB schema (or an LDAP).  This is done in the EM console by reassociating the Security Provider.  This blog posting has more explanations and references on this reassociation process. If ADF Authentication and Authorization are enabled then the Security Policies for a deployed application can be managed in EM.  Our goal is to be able to manage security policies for the applicaiton rather via OES and it's console. Security Requirements for an ADF Application With this package tour of ADF security we can see that to secure an ADF application with we would expect to be able to take care of at least the following items: Authentication, including a user and user-group store Authorization for page access Authorization for bounded Task Flow access.  A bounded task flow has only one point of entry and so if we protect that entry point by calling to OES then all the pages in the flow are protected.  Authorization for viewing data coming from the data access layer In the next posting we will describe a sample ADF application and required security policies. References ADF Dev Guide: Fusion Middleware Fusion Developer's Guide for Oracle Application Development Framework: Enabling ADF Security in a Fusion Web Application Oracle tutorial on securing a sample ADF application, appears to require ADF 11.1.2 Normal 0 false false false EN-US X-NONE X-NONE MicrosoftInternetExplorer4 /* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-qformat:yes; mso-style-parent:""; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin:0in; mso-para-margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:10.0pt; font-family:"Calibri","sans-serif"; mso-bidi-font-family:"Times New Roman";} Normal 0 false false false EN-US X-NONE X-NONE MicrosoftInternetExplorer4 /* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-qformat:yes; mso-style-parent:""; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin:0in; mso-para-margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:11.0pt; font-family:"Calibri","sans-serif"; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-fareast-font-family:"Times New Roman"; mso-fareast-theme-font:minor-fareast; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin; mso-bidi-font-family:"Times New Roman"; mso-bidi-theme-font:minor-bidi;}

  Read the article

• Write-only collections in MongoDB

  - by rcoder

  I'm currently using MongoDB to record application logs, and while I'm quite happy with both the performance and with being able to dump arbitrary structured data into log records, I'm troubled by the mutability of log records once stored. In a traditional database, I would structure the grants for my log tables such that the application user had INSERT and SELECT privileges, but not UPDATE or DELETE. Similarly, in CouchDB, I could write a update validator function that rejected all attempts to modify an existing document. However, I've been unable to find a way to restrict operations on a MongoDB database or collection beyond the three access levels (no access, read-only, "god mode") documented in the security topic on the MongoDB wiki. Has anyone else deployed MongoDB as a document store in a setting where immutability (or at least change tracking) for documents was a requirement? What tricks or techniques did you use to ensure that poorly-written or malicious application code could not modify or destroy existing log records? Do I need to wrap my MongoDB logging in a service layer that enforces the write-only policy, or can I use some combination of configuration, query hacking, and replication to ensure a consistent, audit-able record is maintained?

  Read the article

• Understanding CSRF - Simple Question

  - by byronh

  I know this might make me seem like an idiot, I've read everything there is to read about CSRF and I still don't understand how using a 'challenge token' would add any sort of prevention. Please help me clarify the basic concept, none of the articles and posts here on SO I read seemed to really explicitly state what value you're comparing with what. From OWASP: In general, developers need only generate this token once for the current session. After initial generation of this token, the value is stored in the session and is utilized for each subsequent request until the session expires. If I understand the process correctly, this is what happens. I log in at http://example.com and a session/cookie is created containing this random token. Then, every form includes a hidden input also containing this random value from the session which is compared with the session/cookie upon form submission. But what does that accomplish? Aren't you just taking session data, putting it in the page, and then comparing it with the exact same session data? Seems like circular reasoning. These articles keep talking about following the "same-origin policy" but that makes no sense, because all CSRF attacks ARE of the same origin as the user, just tricking the user into doing actions he/she didn't intend. Is there any alternative other than appending the token to every single URL as a query string? Seems very ugly and impractical, and makes bookmarking harder for the user.

  Read the article

• How to set WS-SecurityPolicy in an inbound CXF service in Mule?

  - by Brakara

  When configuring the service for handling UsernameToken and signatures, it's setup like this: <service name="serviceName"> <inbound> <cxf:inbound-endpoint address="someUrl" protocolConnector="httpsConnector" > <cxf:inInterceptors> <spring:bean class="org.apache.cxf.binding.soap.saaj.SAAJInInterceptor" /> <spring:bean class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor"> <spring:constructor-arg> <spring:map> <spring:entry key="action" value="UsernameToken Timestamp Signature" /> <spring:entry key="passwordCallbackRef" value-ref="serverCallback" /> <spring:entry key="signaturePropFile" value="wssecurity.properties" /> </spring:map> </spring:constructor-arg> </spring:bean> </cxf:inInterceptors> </cxf:inbound-endpoint> </inbound> </service> But how is it possible to create a policy of what algorithms that are allowed, and what parts of the message that should be signed?

  Read the article

• Send mail via gmail with PowerShell V2's Send-MailMessage

  - by Scott Weinstein

  I'm trying to figure out how to use PowerShell V2's Send-MailMessage with gmail. Here's what I have so far. $ss = new-object Security.SecureString foreach ($ch in "password".ToCharArray()) { $ss.AppendChar($ch) } $cred = new-object Management.Automation.PSCredential "[email protected]", $ss Send-MailMessage -SmtpServer smtp.gmail.com -UseSsl -Credential $cred -Body... I get the following error Send-MailMessage : The SMTP server requires a secure connection or the client was not authenticated. The server response was: 5.5.1 Authentication Required. Learn more at At foo.ps1:18 char:21 + Send-MailMessage <<<< ` + CategoryInfo : InvalidOperation: (System.Net.Mail.SmtpClient:SmtpClient) [Send-MailMessage], SmtpException + FullyQualifiedErrorId : SmtpException,Microsoft.PowerShell.Commands.SendMailMessage Am I doing something wrong, or is Send-MailMessage not fully baked yet (I'm on CTP 3)? Edit - two additional restrictions I want this to be non-interactive, so get-credential won't work The user account isn't on the gmail domain, but an google apps registered domain

  Read the article

• HttpAddUrl permissions

  - by Ghostrider

  I'm trying to run a custom WinHTTP based web-server on Windows Server 2008 machine. I pass "http://*:22222/" to HttpAddUrl When I start my executable as Administrator or LocalSystem everything works fine. However if I try to run it as NetworkService to minimize security risks (since there are no legitimate reasons for the app to use admin rights) function fails with "Access Denied" error code. I wasn't aware of NetworkService having any restrictions on which ports and interfaces it can listen on. Is there a way to configure permissions in such a way so that I actually can run the app under NetworkService account and connect to it from other internet hosts?

  Read the article

• Why does Java tell me my applet contains both signed and unsigned code?

  - by JohnCooperNZ

  My signed Java applet has been running fine until Java update 19. Now some but not all of our users on Java Update 19 report a java security message stating that our applet contains both signed and unsigned code. The process for creating our applet is as follows: 1: Clean and Build the applet project in Netbeans IDE. 2: Open the Applet jar file in WinRAR and add the required mysql JDBC driver .class files to the jar file. 3: Sign the applet jar file. Can someone please tell me how to determine what code is signed and what code is not signed in our applet? Is there a better way to include the mysql JDBC driver jar file in our applet other than copying the jar file contents into our applet jar file? Thanks

  Read the article

• Advice? SSO in N-tiered SOA with mixture of REST and SOAP services

  - by Tyler

  Hi gang, We are moving to SSO in our N-tiered SOA applications. If all the services were SOAP, I'd be ok with just the WS-Security, WS-Trust, WS-Federation set of protocols. My problem is that many of the services are RESTful (ironic) and those protocols do not address REST services. What is your advice for SSO protecting the REST services in an N-tiered SOA architecture with the following requirements: ideally claims-based identity information available to the REST services original user (eg. bootstrap) information must flow through the tiers so that each service can "ActAs" or "OnBehalfOf" the user support sequences like: WebApp -- REST Svc -- SOAP Svc WebApp -- REST Svc1 -- REST Svc2 WebApp -- SOAP Svc -- REST Svc WebApp -- SOAP Svc1 -- SOAP Svc2 support SSO (and SSOff) service/web app platforms: ASP.Net and WCF Java end-user client platforms: .Net (WSE 3.0 and WCF) flash 10 java javascript and AJAX Normally I'm good at climbing / bashing my way through walls, but this one's knocked me flat. Hopefully with your help, we can get over this one. Thanks, Tyler

  Read the article

• MVVM/ViewModels and handling Authorization

  - by vdh_ant

  Hey guys Just wondering how how people handle Authorization when using MVVM and/or View Models. If I wasn't using VM's I would be passing back the Model and it would have a property which I could check if a user can edit a given object/property but when using MVVM I am disconnecting myself from the business object... and thus doen't know what the security should be any more. Is this a case where the mapper should be aware of the Authorization that is in place and don't copy across the data if the Authorization check fails. If this was the case I am guessing that the mapper would have to see some properties on the VM to let the interface know which fields are missing data because of the Authorization failure. If this does occur within the mapper, how does this fit in with things like AutoMapper, etc. Cheers Anthony

  Read the article

• Are the ASP.net __EVENTTARGET and __EVENTARGUMENT susceptible to SQL injection?

  - by Schleichermann

  A security review was done against one of our ASP.net applications and returned in the test results was a SQL Injection Exposures considered to be a high risk item. The test that was performed passed a SQL statement as the value of the __EVENTTARGET and the __EVENTARGUMENT. I am wondering since these 2 values are ASP.net auto-generated hidden fields used for the Auto-Postback feature of the framework and hold information specific to the controls initiating the postback, is there really the potential for SQL injection if you are never manually calling and or pulling values out of these parameters in your code behind?

  Read the article

• Spring AOP: how to get the annotations of the adviced method

  - by hubertg

  I'd like to implement declarative security with Spring/AOP and annotations. As you see in the next code sample I have the Restricted Annotations with the paramter "allowedRoles" for defining who is allowed to execute an adviced method. @Restricted(allowedRoles="jira-administrators") public void setPassword(...) throws UserMgmtException { // set password code ... } Now, the problem is that in my Advice I have no access to the defined Annotations: public Object checkPermission(ProceedingJoinPoint pjp) throws Throwable { Signature signature = pjp.getSignature(); System.out.println("Allowed:" + rolesAllowedForJoinPoint(pjp)); ... } private Restricted rolesAllowedForJoinPoint(ProceedingJoinPoint thisJoinPoint) { MethodSignature methodSignature = (MethodSignature) thisJoinPoint.getSignature(); Method targetMethod = methodSignature.getMethod(); return targetMethod.getAnnotation(Restricted.class); } The method above always returns null (there are no annotations found at all). Is there a simple solution to this? I read something about using the AspectJ agent but I would prefer not to use this agent.

  Read the article

• WCF via Windows Service - Authenticating Clients

  - by Sean

  I am a WCF / Security Newb. I have created a WCF service which is hosted via a windows service. The WCF service grabs data from a 3rd party data source that is secured via windows authentication. I need to either: Pass the client's privileges through the windows service, through the WCF service and into the 3rd party data source, or... Limit who can call the windows service / WCF service to members of a particular AD group. Any suggestions on how I can do either of these tasks?

  Read the article

< Previous Page | 161 162 163 164 165 166 167 168 169 170 171 172  | Next Page >