Iptables: How to allow only one ip through specific port?
- by Camran
How can I on my ubuntu server, in Iptables only allow one IP adress on a specific port?
Thanks
Search Results
Search found 20283 results on 812 pages for 'security context'.
Page 169/812 | < Previous Page | 165 166 167 168 169 170 171 172 173 174 175 176 | Next Page >
-
-
Java process eating CPU; Why?
- by Camran
I have a Linux server which I have installed Java on. Sometimes, and only sometimes when a large nr of visitors visit my website, the site hangs. When I open the terminal and enter the "top" command to see whats going on, I can see that "Java" process is eating CPU! Like 400%. I have also tried ps aux command, and can see that the command is from usr/bin/java I have little experience in troubleshooting this kind of things, so I turn to you guys for help. I have a java container installed (Jetty) which I must have in order to use SOLR (search engine) which is integrated into my website. I can start and stop SOLR by: etc/init.d/solr stop But this didn't remove the java process from the "Top" command. Still java was eating 400% CPU. Is there other methods to restart java only? This has happened twice to me, and each time I have now restarted my entire servers and everithing is fine. If you need more input let me know! ThanksRead the article
-
Why is the word PERSONAL still relevant in the term PC? [closed]
- by Bill
I have spent half an hour trying to change an icon on my Win-7-64 machine (Why Can't I Change the Icon). One reasonable suggestion (reasonable in terms of having a solution, not reasonable in terms of having to jump through these hoops for such a basic requirement) was to delete the old icon from the %userprofile% \ Local Settings..., however when I click on this folder in Windows Explorer I am told the folder is not accessible - Access Denied. Well! It's my PERSONAL computer isn't it? Isn't that what PC stands for? It's MY computer - why can't I get access to that folder? It's about time we started calling these machines MCs (Microsoft Computer), or WCs (Windows Computer) - because they sure as hell aint PERSONAL damn computers!!!!Read the article
-
most simple way to get files on a server
- by acidzombie24
I am on windows and my server is linux. I would like to grab files from the server automatically with a script. Maybe execute a bash script remotely as well but maybe i dont need that. I need to connect securely and i would like some kind of password so not anyone can connect. I need to download files and i'd like to get every file in a set of folders. I do not want to download them again if they exist. What is the easiest way to do this? i thought of creating a simple .NET site with data in App_Data (so it cant be reached from the outside) however i have a feeling an easier way exist. I'd like to do scp with a shell but i am on windows and also i am unsure how to iterate through folders and only get files that dont exist.Read the article
-
Is a VPN a good method for protecting data in an untrusted network? [closed]
- by john
I will be connecting my laptop in an untrusted network. If I setup OpenVpn on a server and use a vpn client on the laptop to connect through it, is it enough? Can someone perform a MITM attack or otherwise eavesdrop on my traffic? If someone on the local network port-scans my laptop, will the open ports be accessible to him while I use the VPN tunnel? Is there anything else I should keep in mind?Read the article
-
What are my options for a secure External File Share in Server 2008 R2?
- by Nitax
Hi, I have a Windows Server 2008 R2 machine installed on a home network with a number of files that need to be shared in a few different scenarios. I would like for all three scenarios to have a solution with some sort of encyption to protect the data during transfer. Scenario 1: I need to access files from my laptop (Mac OSX) or another computer outside of the network. This option seems like the easy one to answer in that I could use LogMeIn, the windows VPN, etc. to create such a connection. Scenario 2: I need to provide access to another user with minimal installation / configuration on his or her end. This makes me think of the new FTP 7.5 provided with Server 2008 R2 but i'm not sure of the details: Does it support SSH or some other form of encryption?, can an OSX user connect?, etc. My question here is what are my options? I really just don't know where to get started...Read the article
-
What are the minimal iptables rules to surf the internet?
- by alexx0186
I am trying to set minimal rules to my Linux iptables rules file to just be able to surf the internet. Here what I did: * filter -A OUTPUT -p tcp --dport 80 -j ACCEPT -A OUTPUT -p tcp --dport 443 -j ACCEPT -A OUTPUT -p udp --dport 53 -j ACCEPT COMMIT With just those rules, I can't surf the web. I noticed that when I put -A INPUT -j ACCEPT, it works but I don't understand why. So what Input/output port do I need to surf the internet? Thanks a lot. Regards EDIT: It still doesn't work and my rules as as follows: # generated by iptables-save filter :INPUT DROP [10:648] :FORWARD DROP [0:0] :OUTPUT ACCEPT [10:648] -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPTED COMMITRead the article
-
Show all text in Terminal window (linux server)
- by Camran
Whenever performing big tasks with lots of "text", the text gets cropped or something from above. I want to be able to read ALL that has happened. Is this possible? because I can only read x nr of lines now. ThanksRead the article
-
Android: Programatically Add UI Elements to a View
- by Shivan Raptor
My view is written as follow: package com.mycompany; import android.view.View; import java.util.concurrent.TimeUnit; import java.util.ArrayList; import android.content.Context; import android.graphics.Canvas; import android.graphics.Color; import android.util.AttributeSet; import android.graphics.Paint; import android.graphics.Point; import android.hardware.Sensor; import android.hardware.SensorEvent; import android.hardware.SensorEventListener; import android.hardware.SensorManager; import android.widget.*; public class GameEngineView extends View implements SensorEventListener { GameLoop gameloop; String txt_acc; float accY; ArrayList<Point> bugPath; private SensorManager sensorManager; private class GameLoop extends Thread { private volatile boolean running = true; public void run() { while (running) { try { TimeUnit.MILLISECONDS.sleep(1); postInvalidate(); pause(); } catch (InterruptedException ex) { running = false; } } } public void pause() { running = false; } public void start() { running = true; run(); } public void safeStop() { running = false; interrupt(); } } public void unload() { gameloop.safeStop(); } public GameEngineView(Context context, AttributeSet attrs, int defStyle) { super(context, attrs, defStyle); // TODO Auto-generated constructor stub init(context); } public GameEngineView(Context context, AttributeSet attrs) { super(context, attrs); // TODO Auto-generated constructor stub init(context); } public GameEngineView(Context context) { super(context); // TODO Auto-generated constructor stub init(context); } private void init(Context context) { txt_acc = ""; // Adding SENSOR sensorManager=(SensorManager)context.getSystemService(Context.SENSOR_SERVICE); // add listener. The listener will be HelloAndroid (this) class sensorManager.registerListener(this, sensorManager.getDefaultSensor(Sensor.TYPE_ACCELEROMETER), SensorManager.SENSOR_DELAY_NORMAL); // Adding UI Elements : How ? Button btn_camera = new Button(context); btn_camera.setLayoutParams(new LinearLayout.LayoutParams(LinearLayout.LayoutParams.FILL_PARENT, LinearLayout.LayoutParams.FILL_PARENT)); btn_camera.setClickable(true); btn_camera.setOnClickListener(new OnClickListener() { @Override public void onClick(View v) { System.out.println("clicked the camera."); } }); gameloop = new GameLoop(); gameloop.run(); } @Override protected void onMeasure(int widthMeasureSpec, int heightMeasureSpec) { // TODO Auto-generated method stub //super.onMeasure(widthMeasureSpec, heightMeasureSpec); System.out.println("Width " + widthMeasureSpec); setMeasuredDimension(widthMeasureSpec, heightMeasureSpec); } @Override protected void onDraw(Canvas canvas) { // TODO Auto-generated method stub // super.onDraw(canvas); Paint p = new Paint(); p.setColor(Color.WHITE); p.setStyle(Paint.Style.FILL); p.setAntiAlias(true); p.setTextSize(30); canvas.drawText("|[ " + txt_acc + " ]|", 50, 500, p); gameloop.start(); } public void onAccuracyChanged(Sensor sensor,int accuracy){ } public void onSensorChanged(SensorEvent event){ if(event.sensor.getType()==Sensor.TYPE_ACCELEROMETER){ //float x=event.values[0]; accY =event.values[1]; //float z=event.values[2]; txt_acc = "" + accY; } } } I would like to add a Button to the scene, but I don't know how to. Can anybody give me some lights? UPDATE: Here is my Activity : public class MyActivity extends Activity { private GameEngineView gameEngine; @Override public void onCreate(Bundle savedInstanceState) { super.onCreate(savedInstanceState); // add Game Engine gameEngine = new GameEngineView(this); setContentView(gameEngine); gameEngine.requestFocus(); } }Read the article
-
Spring @Autowired messageSource working in Controller but not in other classes?
- by Jayaprakash
New updates: As I could not succeed in configuring messageSource through annotations, I attempted to configure messageSource injection through servlet-context.xml. I still have messageSource as null. Please let me know if you need any more specific info, and I will provide. Thanks for your help in advance. servlet-context.xml <beans:bean id="message" class="com.mycompany.myapp.domain.common.message.Message"> <beans:property name="messageSource" ref="messageSource" /> </beans:bean> Spring gives the below information message about spring initialization. INFO : org.springframework.context.annotation.ClassPathBeanDefinitionScanner - JSR-330 'javax.inject.Named' annotation found and supported for component scanning INFO : org.springframework.beans.factory.support.DefaultListableBeanFactory - Overriding bean definition for bean 'message': replacing [Generic bean: class [com.mycompany.myapp.domain.common.message.Message]; scope=singleton; abstract=false; lazyInit=false; autowireMode=0; dependencyCheck=0; autowireCandidate=true; primary=false; factoryBeanName=null; factoryMethodName=null; initMethodName=null; destroyMethodName=null; defined in file [C:\springsource\tc-server-developer-2.1.0.RELEASE\spring-insight-instance\wtpwebapps\myapp\WEB-INF\classes\com\mycompany\myapp\domain\common\message\Message.class]] with [Generic bean: class [com.mycompany.myapp.domain.common.message.Message]; scope=; abstract=false; lazyInit=false; autowireMode=0; dependencyCheck=0; autowireCandidate=true; primary=false; factoryBeanName=null; factoryMethodName=null; initMethodName=null; destroyMethodName=null; defined in ServletContext resource [/WEB-INF/spring/appServlet/servlet-context.xml]] INFO : org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor - JSR-330 'javax.inject.Inject' annotation found and supported for autowiring INFO : org.springframework.beans.factory.support.DefaultListableBeanFactory - Pre-instantiating singletons in org.springframework.beans.factory.support.DefaultListableBeanFactory@1c7caac5: defining beans [org.springframework.web.servlet.mvc.annotation.DefaultAnnotationHandlerMapping#0,org.springframework.format.support.FormattingConversionServiceFactoryBean#0,org.springframework.validation.beanvalidation.LocalValidatorFactoryBean#0,org.springframework.web.servlet.mvc.annotation.AnnotationMethodHandlerAdapter#0,org.springframework.web.servlet.handler.MappedInterceptor#0,org.springframework.web.servlet.mvc.HttpRequestHandlerAdapter,org.springframework.web.servlet.resource.ResourceHttpRequestHandler#0,org.springframework.web.servlet.handler.SimpleUrlHandlerMapping#0,xxxDao,message,xxxService,jsonDateSerializer,xxxController,homeController,org.springframework.context.annotation.internalConfigurationAnnotationProcessor,org.springframework.context.annotation.internalAutowiredAnnotationProcessor,org.springframework.context.annotation.internalRequiredAnnotationProcessor,org.springframework.context.annotation.internalCommonAnnotationProcessor,tilesViewResolver,tilesConfigurer,messageSource,org.springframework.web.servlet.handler.MappedInterceptor#1,localeResolver,org.springframework.web.servlet.view.ContentNegotiatingViewResolver#0,validator,resourceBundleLocator,messageInterpolator]; parent: org.springframework.beans.factory.support.DefaultListableBeanFactory@4f47af3 I have the below definition for message source in 3 classes. In debug mode, I can see that in class xxxController, messageSource is initialized to org.springframework.context.support.ReloadableResourceBundleMessageSource. I have annotated Message class with @Component and xxxHibernateDaoImpl with @Repository. I also included context namespace definition in servlet-context.xml. But in Message class and xxxHibernateDaoImpl class, the messageSource is still null. Why is Spring not initializing messageSource in the two other classes though in xxxController classes, it initializes correctly? @Controller public class xxxController{ @Autowired private ReloadableResourceBundleMessageSource messageSource; } @Component public class Message{ @Autowired private ReloadableResourceBundleMessageSource messageSource; } @Repository("xxxDao") public class xxxHibernateDaoImpl{ @Autowired private ReloadableResourceBundleMessageSource messageSource; } <beans:beans xmlns:context="http://www.springframework.org/schema/context" xsi:schemaLocation=" http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.0.xsd"> <beans:bean id="messageSource" class="org.springframework.context.support.ReloadableResourceBundleMessageSource"> <beans:property name="basename" value="/resources/messages/messages" /> </beans:bean> <context:component-scan base-package="com.mycompany.myapp"/> </beans>Read the article
-
Takeaways From CSO Roundtable New York
- by Naresh Persaud
Thanks to everyone who attended the Chief Security Officer Roundtable in New York last week. We were lucky to have Dennis Brixus, CSO of McGraw-Hill as a guest speaker. In addition, Jeff Henley, provided a board level perspective on security. Amit Jasuja discussed Oracle's security formula. A few takeaways from Jeff's talk that were interesting: Security is a board level issue. The challenge at the board level is that boards have short attention span. The CSO needs to be vigilant in educating the board on the strategic importance of security. Every CSO needs to think about cost. The CSO has to look at the economics of security and demonstrate fiduciary responsibility. We have to think of security as a business enabler. Security is the enabler that helps us expand into new markets and connect better with our customers and partners. While the CSO can't prevent every threat, we have to expect the CSO to have a plan. Oracle security-formula View more PowerPoint from OracleIDMRead the article
-
Differences when Running with OutputCache managed module under ASP.NET IIS7.x with Cache-control header
- by Shawn Cicoria
This post is to report some differences when using MVC or IHttpHandlers if you’re attempting to set the Cache-control : max-age or s-maxage value under IIS7.x using the HttpResponse.Cache methods. [UPDATE]: 2011-3-14 – The missing piece was calling Response.Cache.SetSlidingExpiration(true) as follows: context.Response.Cache.SetCacheability(HttpCacheability.Public); context.Response.Cache.SetMaxAge(TimeSpan.FromMinutes(5)); context.Response.ContentType = "image/jpeg"; context.Response.Cache.SetSlidingExpiration(true); Under IIS7.x if you us one of the following 2 methods, you will only get a Cache-ability of “public”. public ActionResult Image2() { MemoryStream oStream = new MemoryStream(); using (Bitmap obmp = ImageUtil.RenderImage("Respone.Cache.Setxx calls", 5, DateTime.Now)) { obmp.Save(oStream, ImageFormat.Jpeg); oStream.Position = 0; Response.Cache.SetCacheability(HttpCacheability.Public); Response.Cache.SetMaxAge(TimeSpan.FromMinutes(5)); return new FileStreamResult(oStream, "image/jpeg"); } } Method 2 – which is just a plain old HttpHandler and really isn’t MVC3, but under the same MVC ASP.NET application, same result. public class image : IHttpHandler { public void ProcessRequest(HttpContext context) { using (var image = ImageUtil.RenderImage("called from IHttpHandler direct", 5, DateTime.Now)) { context.Response.Cache.SetCacheability(HttpCacheability.Public); context.Response.Cache.SetMaxAge(TimeSpan.FromMinutes(5)); context.Response.ContentType = "image/jpeg"; image.Save(context.Response.OutputStream, ImageFormat.Jpeg); } } } Using the following under MVC3 (I haven’t tried under earlier versions) will work by applying the OutputCacheAttribute to your Action: [OutputCache(Location = OutputCacheLocation.Any, Duration = 300)] public ActionResult Image1() { MemoryStream oStream = new MemoryStream(); using (Bitmap obmp = ImageUtil.RenderImage("called with OutputCacheAttribute", 5, DateTime.Now)) { obmp.Save(oStream, ImageFormat.Jpeg); oStream.Position = 0; return new FileStreamResult(oStream, "image/jpeg"); } } To remove the “OutputCache” module, you use the following in your web.config: <system.webServer> <validation validateIntegratedModeConfiguration="false"/> <modules runAllManagedModulesForAllRequests="true"> <!--<remove name="OutputCache"/>--> </modules>Read the article
-
Securing Web Service communication with SSL using CXF
- by reef
Hi all, I am trying to secure communications via SSL/TLS for one of our Web Service using CXF 2.2.5. I am wondering how to update client and server Spring configuration file to activate this feature. I found some information on CXF's website (CXF Wiki) for the client configuration, here is the given example: <http:conduit name="{http://apache.org/hello_world}HelloWorld.http-conduit"> <http:tlsClientParameters> <sec:keyManagers keyPassword="password"> <sec:keyStore type="JKS" password="password" file="src/test/java/org/apache/cxf/systest/http/resources/Morpit.jks"/> </sec:keyManagers> <sec:trustManagers> <sec:keyStore type="JKS" password="password" file="src/test/java/org/apache/cxf/systest/http/resources/Truststore.jks"/> </sec:trustManagers> <sec:cipherSuitesFilter> <!-- these filters ensure that a ciphersuite with export-suitable or null encryption is used, but exclude anonymous Diffie-Hellman key change as this is vulnerable to man-in-the-middle attacks --> <sec:include>.*_EXPORT_.*</sec:include> <sec:include>.*_EXPORT1024_.*</sec:include> <sec:include>.*_WITH_DES_.*</sec:include> <sec:include>.*_WITH_NULL_.*</sec:include> <sec:exclude>.*_DH_anon_.*</sec:exclude> </sec:cipherSuitesFilter> </http:tlsClientParameters> <http:authorization> <sec:UserName>Betty</sec:UserName> <sec:Password>password</sec:Password> </http:authorization> <http:client AutoRedirect="true" Connection="Keep-Alive"/> </http:conduit> Concerning this configuration, the Concerning the server side configuration I am unable to launch the server properly, here is the configuration I have: <http:destination name="{urn:ihe:iti:xds-b:2007}DocumentRepository_Port_Soap12.http-destination"> </http:destination> <httpj:engine-factory> <httpj:engine port="9043"> <httpj:tlsServerParameters> <sec:keyManagers keyPassword="changeit"> <sec:keyStore type="JKS" password="changeit" file="security/keystore.jks" /> </sec:keyManagers> <sec:trustManagers> <sec:keyStore type="JKS" password="changeit" file="security/cacerts.jks" /> </sec:trustManagers> <sec:cipherSuitesFilter> <!-- these filters ensure that a ciphersuite with export-suitable or null encryption is used, but exclude anonymous Diffie-Hellman key change as this is vulnerable to man-in-the-middle attacks --> <sec:include>.*_EXPORT_.*</sec:include> <sec:include>.*_EXPORT1024_.*</sec:include> <sec:include>.*_WITH_DES_.*</sec:include> <sec:include>.*_WITH_NULL_.*</sec:include> <sec:exclude>.*_DH_anon_.*</sec:exclude> </sec:cipherSuitesFilter> <sec:clientAuthentication want="true" required="true" /> </httpj:tlsServerParameters> </httpj:engine> </httpj:engine-factory> But when I run my application server (JOnas) with this configuration I have the following error message: Line 20 in XML document from ServletContext resource [/WEB-INF/beans.xml] is invalid; nested exception is org.xml.sax.SAXParseException: cvc-complex-type.2.4.c: The matching wildcard is strict, but no declaration can be found for element 'httpj:engine-factory'. Do you guys know how to solve this issue? Thanks in advance,Read the article
-
How to Achieve OC4J RMI Load Balancing
- by fip
This is an old, Oracle SOA and OC4J 10G topic. In fact this is not even a SOA topic per se. Questions of RMI load balancing arise when you developed custom web applications accessing human tasks running off a remote SOA 10G cluster. Having returned from a customer who faced challenges with OC4J RMI load balancing, I felt there is still some confusions in the field how OC4J RMI load balancing work. Hence I decide to dust off an old tech note that I wrote a few years back and share it with the general public. Here is the tech note: Overview A typical use case in Oracle SOA is that you are building web based, custom human tasks UI that will interact with the task services housed in a remote BPEL 10G cluster. Or, in a more generic way, you are just building a web based application in Java that needs to interact with the EJBs in a remote OC4J cluster. In either case, you are talking to an OC4J cluster as RMI client. Then immediately you must ask yourself the following questions: 1. How do I make sure that the web application, as an RMI client, even distribute its load against all the nodes in the remote OC4J cluster? 2. How do I make sure that the web application, as an RMI client, is resilient to the node failures in the remote OC4J cluster, so that in the unlikely case when one of the remote OC4J nodes fail, my web application will continue to function? That is the topic of how to achieve load balancing with OC4J RMI client. Solutions You need to configure and code RMI load balancing in two places: 1. Provider URL can be specified with a comma separated list of URLs, so that the initial lookup will land to one of the available URLs. 2. Choose a proper value for the oracle.j2ee.rmi.loadBalance property, which, along side with the PROVIDER_URL property, is one of the JNDI properties passed to the JNDI lookup.(http://docs.oracle.com/cd/B31017_01/web.1013/b28958/rmi.htm#BABDGFBI) More details below: About the PROVIDER_URL The JNDI property java.name.provider.url's job is, when the client looks up for a new context at the very first time in the client session, to provide a list of RMI context The value of the JNDI property java.name.provider.url goes by the format of a single URL, or a comma separate list of URLs. A single URL. For example: opmn:ormi://host1:6003:oc4j_instance1/appName1 A comma separated list of multiple URLs. For examples: opmn:ormi://host1:6003:oc4j_instanc1/appName, opmn:ormi://host2:6003:oc4j_instance1/appName, opmn:ormi://host3:6003:oc4j_instance1/appName When the client looks up for a new Context the very first time in the client session, it sends a query against the OPMN referenced by the provider URL. The OPMN host and port specifies the destination of such query, and the OC4J instance name and appName are actually the “where clause” of the query. When the PROVIDER URL reference a single OPMN server Let's consider the case when the provider url only reference a single OPMN server of the destination cluster. In this case, that single OPMN server receives the query and returns a list of the qualified Contexts from all OC4Js within the cluster, even though there is a single OPMN server in the provider URL. A context represent a particular starting point at a particular server for subsequent object lookup. For example, if the URL is opmn:ormi://host1:6003:oc4j_instance1/appName, then, OPMN will return the following contexts: appName on oc4j_instance1 on host1 appName on oc4j_instance1 on host2, appName on oc4j_instance1 on host3, (provided that host1, host2, host3 are all in the same cluster) Please note that One OPMN will be sufficient to find the list of all contexts from the entire cluster that satisfy the JNDI lookup query. You can do an experiment by shutting down appName on host1, and observe that OPMN on host1 will still be able to return you appname on host2 and appName on host3. When the PROVIDER URL reference a comma separated list of multiple OPMN servers When the JNDI propery java.naming.provider.url references a comma separated list of multiple URLs, the lookup will return the exact same things as with the single OPMN server: a list of qualified Contexts from the cluster. The purpose of having multiple OPMN servers is to provide high availability in the initial context creation, such that if OPMN at host1 is unavailable, client will try the lookup via OPMN on host2, and so on. After the initial lookup returns and cache a list of contexts, the JNDI URL(s) are no longer used in the same client session. That explains why removing the 3rd URL from the list of JNDI URLs will not stop the client from getting the EJB on the 3rd server. About the oracle.j2ee.rmi.loadBalance Property After the client acquires the list of contexts, it will cache it at the client side as “list of available RMI contexts”. This list includes all the servers in the destination cluster. This list will stay in the cache until the client session (JVM) ends. The RMI load balancing against the destination cluster is happening at the client side, as the client is switching between the members of the list. Whether and how often the client will fresh the Context from the list of Context is based on the value of the oracle.j2ee.rmi.loadBalance. The documentation at http://docs.oracle.com/cd/B31017_01/web.1013/b28958/rmi.htm#BABDGFBI list all the available values for the oracle.j2ee.rmi.loadBalance. Value Description client If specified, the client interacts with the OC4J process that was initially chosen at the first lookup for the entire conversation. context Used for a Web client (servlet or JSP) that will access EJBs in a clustered OC4J environment. If specified, a new Context object for a randomly-selected OC4J instance will be returned each time InitialContext() is invoked. lookup Used for a standalone client that will access EJBs in a clustered OC4J environment. If specified, a new Context object for a randomly-selected OC4J instance will be created each time the client calls Context.lookup(). Please note the regardless of the setting of oracle.j2ee.rmi.loadBalance property, the “refresh” only occurs at the client. The client can only choose from the "list of available context" that was returned and cached from the very first lookup. That is, the client will merely get a new Context object from the “list of available RMI contexts” from the cache at the client side. The client will NOT go to the OPMN server again to get the list. That also implies that if you are adding a node to the server cluster AFTER the client’s initial lookup, the client would not know it because neither the server nor the client will initiate a refresh of the “list of available servers” to reflect the new node. About High Availability (i.e. Resilience Against Node Failure of Remote OC4J Cluster) What we have discussed above is about load balancing. Let's also discuss high availability. This is how the High Availability works in RMI: when the client use the context but get an exception such as socket is closed, it knows that the server referenced by that Context is problematic and will try to get another unused Context from the “list of available contexts”. Again, this list is the list that was returned and cached at the very first lookup in the entire client session.Read the article
-
Securing an ADF Application using OES11g: Part 1
- by user12587121
Future releases of the Oracle stack should allow ADF applications to be secured natively with Oracle Entitlements Server (OES). In a sequence of postings here I explore one way to achive this with the current technology, namely OES 11.1.1.5 and ADF 11.1.1.6. ADF Security Basics ADF Bascis The Application Development Framework (ADF) is Oracle’s preferred technology for developing GUI based Java applications. It can be used to develop a UI for Swing applications or, more typically in the Oracle stack, for Web and J2EE applications. ADF is based on and extends the Java Server Faces (JSF) technology. To get an idea, Oracle provides an online demo to showcase ADF components. ADF can be used to develop just the UI part of an application, where, for example, the data access layer is implemented using some custom Java beans or EJBs. However ADF also has it’s own data access layer, ADF Business Components (ADF BC) that will allow rapid integration of data from data bases and Webservice interfaces to the ADF UI component. In this way ADF helps implement the MVC approach to building applications with UI and data components. The canonical tutorial for ADF is to open JDeveloper, define a connection to a database, drag and drop a table from the database view to a UI page, build and deploy. One has an application up and running very quickly with the ability to quickly integrate changes to, for example, the DB schema. ADF allows web pages to be created graphically and components like tables, forms, text fields, graphs and so on to be easily added to a page. On top of JSF Oracle have added drag and drop tooling with JDeveloper and declarative binding of the UI to the data layer, be it database, WebService or Java beans. An important addition is the bounded task flow which is a reusable set of pages and transitions. ADF adds some steps to the page lifecycle defined in JSF and adds extra widgets including powerful visualizations. It is worth pointing out that the Oracle Web Center product (portal, content management and so on) is based on and extends ADF. ADF Security ADF comes with it’s own security mechanism that is exposed by JDeveloper at development time and in the WLS Console and Enterprise Manager (EM) at run time. The security elements that need to be addressed in an ADF application are: authentication, authorization of access to web pages, task-flows, components within the pages and data being returned from the model layer. One typically relies on WLS to handle authentication and because of this users and groups will also be handled by WLS. Typically in a Dev environment, users and groups are stored in the WLS embedded LDAP server. One has a choice when enabling ADF security (Application->Secure->Configure ADF Security) about whether to turn on ADF authorization checking or not: In the case where authorization is enabled for ADF one defines a set of roles in which we place users and then we grant access to these roles to the different ADF elements (pages or task flows or elements in a page). An important notion here is the difference between Enterprise Roles and Application Roles. The idea behind an enterprise role is that is defined in terms of users and LDAP groups from the WLS identity store. “Enterprise” in the sense that these are things available for use to all applications that use that store. The other kind of role is an Application Role and the idea is that a given application will make use of Enterprise roles and users to build up a set of roles for it’s own use. These application roles will be available only to that application. The general idea here is that the enterprise roles are relatively static (for example an Employees group in the LDAP directory) while application roles are more dynamic, possibly depending on time, location, accessed resource and so on. One of the things that OES adds that is that we can define these dynamic membership conditions in Role Mapping Policies. To make this concrete, here is how, at design time in Jdeveloper, one assigns these rights in Jdeveloper, which puts them into a file called jazn-data.xml: When the ADF app is deployed to a WLS this JAZN security data is pushed to the system-jazn-data.xml file of the WLS deployment for the policies and application roles and to the WLS backing LDAP for the users and enterprise roles. Note the difference here: after deploying the application we will see the users and enterprise roles show up in the WLS LDAP server. But the policies and application roles are defined in the system-jazn-data.xml file. Consult the embedded WLS LDAP server to manage users and enterprise roles by going to the domain console and then Security Realms->myrealm->Users and Groups: For production environments (or in future to share this data with OES) one would then perform the operation of “reassociating” this security policy and application role data to a DB schema (or an LDAP). This is done in the EM console by reassociating the Security Provider. This blog posting has more explanations and references on this reassociation process. If ADF Authentication and Authorization are enabled then the Security Policies for a deployed application can be managed in EM. Our goal is to be able to manage security policies for the applicaiton rather via OES and it's console. Security Requirements for an ADF Application With this package tour of ADF security we can see that to secure an ADF application with we would expect to be able to take care of at least the following items: Authentication, including a user and user-group store Authorization for page access Authorization for bounded Task Flow access. A bounded task flow has only one point of entry and so if we protect that entry point by calling to OES then all the pages in the flow are protected. Authorization for viewing data coming from the data access layer In the next posting we will describe a sample ADF application and required security policies. References ADF Dev Guide: Fusion Middleware Fusion Developer's Guide for Oracle Application Development Framework: Enabling ADF Security in a Fusion Web Application Oracle tutorial on securing a sample ADF application, appears to require ADF 11.1.2 Normal 0 false false false EN-US X-NONE X-NONE MicrosoftInternetExplorer4 /* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-qformat:yes; mso-style-parent:""; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin:0in; mso-para-margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:10.0pt; font-family:"Calibri","sans-serif"; mso-bidi-font-family:"Times New Roman";} Normal 0 false false false EN-US X-NONE X-NONE MicrosoftInternetExplorer4 /* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-qformat:yes; mso-style-parent:""; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin:0in; mso-para-margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:11.0pt; font-family:"Calibri","sans-serif"; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-fareast-font-family:"Times New Roman"; mso-fareast-theme-font:minor-fareast; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin; mso-bidi-font-family:"Times New Roman"; mso-bidi-theme-font:minor-bidi;}Read the article
-
Send mail via gmail with PowerShell V2's Send-MailMessage
- by Scott Weinstein
I'm trying to figure out how to use PowerShell V2's Send-MailMessage with gmail. Here's what I have so far. $ss = new-object Security.SecureString foreach ($ch in "password".ToCharArray()) { $ss.AppendChar($ch) } $cred = new-object Management.Automation.PSCredential "[email protected]", $ss Send-MailMessage -SmtpServer smtp.gmail.com -UseSsl -Credential $cred -Body... I get the following error Send-MailMessage : The SMTP server requires a secure connection or the client was not authenticated. The server response was: 5.5.1 Authentication Required. Learn more at At foo.ps1:18 char:21 + Send-MailMessage <<<< ` + CategoryInfo : InvalidOperation: (System.Net.Mail.SmtpClient:SmtpClient) [Send-MailMessage], SmtpException + FullyQualifiedErrorId : SmtpException,Microsoft.PowerShell.Commands.SendMailMessage Am I doing something wrong, or is Send-MailMessage not fully baked yet (I'm on CTP 3)? Edit - two additional restrictions I want this to be non-interactive, so get-credential won't work The user account isn't on the gmail domain, but an google apps registered domainRead the article
-
HttpAddUrl permissions
- by Ghostrider
I'm trying to run a custom WinHTTP based web-server on Windows Server 2008 machine. I pass "http://*:22222/" to HttpAddUrl When I start my executable as Administrator or LocalSystem everything works fine. However if I try to run it as NetworkService to minimize security risks (since there are no legitimate reasons for the app to use admin rights) function fails with "Access Denied" error code. I wasn't aware of NetworkService having any restrictions on which ports and interfaces it can listen on. Is there a way to configure permissions in such a way so that I actually can run the app under NetworkService account and connect to it from other internet hosts?Read the article
-
Why does Java tell me my applet contains both signed and unsigned code?
- by JohnCooperNZ
My signed Java applet has been running fine until Java update 19. Now some but not all of our users on Java Update 19 report a java security message stating that our applet contains both signed and unsigned code. The process for creating our applet is as follows: 1: Clean and Build the applet project in Netbeans IDE. 2: Open the Applet jar file in WinRAR and add the required mysql JDBC driver .class files to the jar file. 3: Sign the applet jar file. Can someone please tell me how to determine what code is signed and what code is not signed in our applet? Is there a better way to include the mysql JDBC driver jar file in our applet other than copying the jar file contents into our applet jar file? ThanksRead the article
-
Basic Spatial Data with SQL Server and Entity Framework 5.0
- by Rick Strahl
In my most recent project we needed to do a bit of geo-spatial referencing. While spatial features have been in SQL Server for a while using those features inside of .NET applications hasn't been as straight forward as could be, because .NET natively doesn't support spatial types. There are workarounds for this with a few custom project like SharpMap or a hack using the Sql Server specific Geo types found in the Microsoft.SqlTypes assembly that ships with SQL server. While these approaches work for manipulating spatial data from .NET code, they didn't work with database access if you're using Entity Framework. Other ORM vendors have been rolling their own versions of spatial integration. In Entity Framework 5.0 running on .NET 4.5 the Microsoft ORM finally adds support for spatial types as well. In this post I'll describe basic geography features that deal with single location and distance calculations which is probably the most common usage scenario. SQL Server Transact-SQL Syntax for Spatial Data Before we look at how things work with Entity framework, lets take a look at how SQL Server allows you to use spatial data to get an understanding of the underlying semantics. The following SQL examples should work with SQL 2008 and forward. Let's start by creating a test table that includes a Geography field and also a pair of Long/Lat fields that demonstrate how you can work with the geography functions even if you don't have geography/geometry fields in the database. Here's the CREATE command:CREATE TABLE [dbo].[Geo]( [id] [int] IDENTITY(1,1) NOT NULL, [Location] [geography] NULL, [Long] [float] NOT NULL, [Lat] [float] NOT NULL ) Now using plain SQL you can insert data into the table using geography::STGeoFromText SQL CLR function:insert into Geo( Location , long, lat ) values ( geography::STGeomFromText ('POINT(-121.527200 45.712113)', 4326), -121.527200, 45.712113 ) insert into Geo( Location , long, lat ) values ( geography::STGeomFromText ('POINT(-121.517265 45.714240)', 4326), -121.517265, 45.714240 ) insert into Geo( Location , long, lat ) values ( geography::STGeomFromText ('POINT(-121.511536 45.714825)', 4326), -121.511536, 45.714825) The STGeomFromText function accepts a string that points to a geometric item (a point here but can also be a line or path or polygon and many others). You also need to provide an SRID (Spatial Reference System Identifier) which is an integer value that determines the rules for how geography/geometry values are calculated and returned. For mapping/distance functionality you typically want to use 4326 as this is the format used by most mapping software and geo-location libraries like Google and Bing. The spatial data in the Location field is stored in binary format which looks something like this: Once the location data is in the database you can query the data and do simple distance computations very easily. For example to calculate the distance of each of the values in the database to another spatial point is very easy to calculate. Distance calculations compare two points in space using a direct line calculation. For our example I'll compare a new point to all the points in the database. Using the Location field the SQL looks like this:-- create a source point DECLARE @s geography SET @s = geography:: STGeomFromText('POINT(-121.527200 45.712113)' , 4326); --- return the ids select ID, Location as Geo , Location .ToString() as Point , @s.STDistance( Location) as distance from Geo order by distance The code defines a new point which is the base point to compare each of the values to. You can also compare values from the database directly, but typically you'll want to match a location to another location and determine the difference for which you can use the geography::STDistance function. This query produces the following output: The STDistance function returns the straight line distance between the passed in point and the point in the database field. The result for SRID 4326 is always in meters. Notice that the first value passed was the same point so the difference is 0. The other two points are two points here in town in Hood River a little ways away - 808 and 1256 meters respectively. Notice also that you can order the result by the resulting distance, which effectively gives you results that are ordered radially out from closer to further away. This is great for searches of points of interest near a central location (YOU typically!). These geolocation functions are also available to you if you don't use the Geography/Geometry types, but plain float values. It's a little more work, as each point has to be created in the query using the string syntax, but the following code doesn't use a geography field but produces the same result as the previous query.--- using float fields select ID, geography::STGeomFromText ('POINT(' + STR (long, 15,7 ) + ' ' + Str(lat ,15, 7) + ')' , 4326), geography::STGeomFromText ('POINT(' + STR (long, 15,7 ) + ' ' + Str(lat ,15, 7) + ')' , 4326). ToString(), @s.STDistance( geography::STGeomFromText ('POINT(' + STR(long ,15, 7) + ' ' + Str(lat ,15, 7) + ')' , 4326)) as distance from geo order by distance Spatial Data in the Entity Framework Prior to Entity Framework 5.0 on .NET 4.5 consuming of the data above required using stored procedures or raw SQL commands to access the spatial data. In Entity Framework 5 however, Microsoft introduced the new DbGeometry and DbGeography types. These immutable location types provide a bunch of functionality for manipulating spatial points using geometry functions which in turn can be used to do common spatial queries like I described in the SQL syntax above. The DbGeography/DbGeometry types are immutable, meaning that you can't write to them once they've been created. They are a bit odd in that you need to use factory methods in order to instantiate them - they have no constructor() and you can't assign to properties like Latitude and Longitude. Creating a Model with Spatial Data Let's start by creating a simple Entity Framework model that includes a Location property of type DbGeography: public class GeoLocationContext : DbContext { public DbSet<GeoLocation> Locations { get; set; } } public class GeoLocation { public int Id { get; set; } public DbGeography Location { get; set; } public string Address { get; set; } } That's all there's to it. When you run this now against SQL Server, you get a Geography field for the Location property, which looks the same as the Location field in the SQL examples earlier. Adding Spatial Data to the Database Next let's add some data to the table that includes some latitude and longitude data. An easy way to find lat/long locations is to use Google Maps to pinpoint your location, then right click and click on What's Here. Click on the green marker to get the GPS coordinates. To add the actual geolocation data create an instance of the GeoLocation type and use the DbGeography.PointFromText() factory method to create a new point to assign to the Location property:[TestMethod] public void AddLocationsToDataBase() { var context = new GeoLocationContext(); // remove all context.Locations.ToList().ForEach( loc => context.Locations.Remove(loc)); context.SaveChanges(); var location = new GeoLocation() { // Create a point using native DbGeography Factory method Location = DbGeography.PointFromText( string.Format("POINT({0} {1})", -121.527200,45.712113) ,4326), Address = "301 15th Street, Hood River" }; context.Locations.Add(location); location = new GeoLocation() { Location = CreatePoint(45.714240, -121.517265), Address = "The Hatchery, Bingen" }; context.Locations.Add(location); location = new GeoLocation() { // Create a point using a helper function (lat/long) Location = CreatePoint(45.708457, -121.514432), Address = "Kaze Sushi, Hood River" }; context.Locations.Add(location); location = new GeoLocation() { Location = CreatePoint(45.722780, -120.209227), Address = "Arlington, OR" }; context.Locations.Add(location); context.SaveChanges(); } As promised, a DbGeography object has to be created with one of the static factory methods provided on the type as the Location.Longitude and Location.Latitude properties are read only. Here I'm using PointFromText() which uses a "Well Known Text" format to specify spatial data. In the first example I'm specifying to create a Point from a longitude and latitude value, using an SRID of 4326 (just like earlier in the SQL examples). You'll probably want to create a helper method to make the creation of Points easier to avoid that string format and instead just pass in a couple of double values. Here's my helper called CreatePoint that's used for all but the first point creation in the sample above:public static DbGeography CreatePoint(double latitude, double longitude) { var text = string.Format(CultureInfo.InvariantCulture.NumberFormat, "POINT({0} {1})", longitude, latitude); // 4326 is most common coordinate system used by GPS/Maps return DbGeography.PointFromText(text, 4326); } Using the helper the syntax becomes a bit cleaner, requiring only a latitude and longitude respectively. Note that my method intentionally swaps the parameters around because Latitude and Longitude is the common format I've seen with mapping libraries (especially Google Mapping/Geolocation APIs with their LatLng type). When the context is changed the data is written into the database using the SQL Geography type which looks the same as in the earlier SQL examples shown. Querying Once you have some location data in the database it's now super easy to query the data and find out the distance between locations. A common query is to ask for a number of locations that are near a fixed point - typically your current location and order it by distance. Using LINQ to Entities a query like this is easy to construct:[TestMethod] public void QueryLocationsTest() { var sourcePoint = CreatePoint(45.712113, -121.527200); var context = new GeoLocationContext(); // find any locations within 5 kilometers ordered by distance var matches = context.Locations .Where(loc => loc.Location.Distance(sourcePoint) < 5000) .OrderBy( loc=> loc.Location.Distance(sourcePoint) ) .Select( loc=> new { Address = loc.Address, Distance = loc.Location.Distance(sourcePoint) }); Assert.IsTrue(matches.Count() > 0); foreach (var location in matches) { Console.WriteLine("{0} ({1:n0} meters)", location.Address, location.Distance); } } This example produces: 301 15th Street, Hood River (0 meters)The Hatchery, Bingen (809 meters)Kaze Sushi, Hood River (1,074 meters) The first point in the database is the same as my source point I'm comparing against so the distance is 0. The other two are within the 5 mile radius, while the Arlington location which is 65 miles or so out is not returned. The result is ordered by distance from closest to furthest away. In the code, I first create a source point that is the basis for comparison. The LINQ query then selects all locations that are within 5km of the source point using the Location.Distance() function, which takes a source point as a parameter. You can either use a pre-defined value as I'm doing here, or compare against another database DbGeography property (say when you have to points in the same database for things like routes). What's nice about this query syntax is that it's very clean and easy to read and understand. You can calculate the distance and also easily order by the distance to provide a result that shows locations from closest to furthest away which is a common scenario for any application that places a user in the context of several locations. It's now super easy to accomplish this. Meters vs. Miles As with the SQL Server functions, the Distance() method returns data in meters, so if you need to work with miles or feet you need to do some conversion. Here are a couple of helpers that might be useful (can be found in GeoUtils.cs of the sample project):/// <summary> /// Convert meters to miles /// </summary> /// <param name="meters"></param> /// <returns></returns> public static double MetersToMiles(double? meters) { if (meters == null) return 0F; return meters.Value * 0.000621371192; } /// <summary> /// Convert miles to meters /// </summary> /// <param name="miles"></param> /// <returns></returns> public static double MilesToMeters(double? miles) { if (miles == null) return 0; return miles.Value * 1609.344; } Using these two helpers you can query on miles like this:[TestMethod] public void QueryLocationsMilesTest() { var sourcePoint = CreatePoint(45.712113, -121.527200); var context = new GeoLocationContext(); // find any locations within 5 miles ordered by distance var fiveMiles = GeoUtils.MilesToMeters(5); var matches = context.Locations .Where(loc => loc.Location.Distance(sourcePoint) <= fiveMiles) .OrderBy(loc => loc.Location.Distance(sourcePoint)) .Select(loc => new { Address = loc.Address, Distance = loc.Location.Distance(sourcePoint) }); Assert.IsTrue(matches.Count() > 0); foreach (var location in matches) { Console.WriteLine("{0} ({1:n1} miles)", location.Address, GeoUtils.MetersToMiles(location.Distance)); } } which produces: 301 15th Street, Hood River (0.0 miles)The Hatchery, Bingen (0.5 miles)Kaze Sushi, Hood River (0.7 miles) Nice 'n simple. .NET 4.5 Only Note that DbGeography and DbGeometry are exclusive to Entity Framework 5.0 (not 4.4 which ships in the same NuGet package or installer) and requires .NET 4.5. That's because the new DbGeometry and DbGeography (and related) types are defined in the 4.5 version of System.Data.Entity which is a CLR assembly and is only updated by major versions of .NET. Why this decision was made to add these types to System.Data.Entity rather than to the frequently updated EntityFramework assembly that would have possibly made this work in .NET 4.0 is beyond me, especially given that there are no native .NET framework spatial types to begin with. I find it also odd that there is no native CLR spatial type. The DbGeography and DbGeometry types are specific to Entity Framework and live on those assemblies. They will also work for general purpose, non-database spatial data manipulation, but then you are forced into having a dependency on System.Data.Entity, which seems a bit silly. There's also a System.Spatial assembly that's apparently part of WCF Data Services which in turn don't work with Entity framework. Another example of multiple teams at Microsoft not communicating and implementing the same functionality (differently) in several different places. Perplexed as a I may be, for EF specific code the Entity framework specific types are easy to use and work well. Working with pre-.NET 4.5 Entity Framework and Spatial Data If you can't go to .NET 4.5 just yet you can also still use spatial features in Entity Framework, but it's a lot more work as you can't use the DbContext directly to manipulate the location data. You can still run raw SQL statements to write data into the database and retrieve results using the same TSQL syntax I showed earlier using Context.Database.ExecuteSqlCommand(). Here's code that you can use to add location data into the database:[TestMethod] public void RawSqlEfAddTest() { string sqlFormat = @"insert into GeoLocations( Location, Address) values ( geography::STGeomFromText('POINT({0} {1})', 4326),@p0 )"; var sql = string.Format(sqlFormat,-121.527200, 45.712113); Console.WriteLine(sql); var context = new GeoLocationContext(); Assert.IsTrue(context.Database.ExecuteSqlCommand(sql,"301 N. 15th Street") > 0); } Here I'm using the STGeomFromText() function to add the location data. Note that I'm using string.Format here, which usually would be a bad practice but is required here. I was unable to use ExecuteSqlCommand() and its named parameter syntax as the longitude and latitude parameters are embedded into a string. Rest assured it's required as the following does not work:string sqlFormat = @"insert into GeoLocations( Location, Address) values ( geography::STGeomFromText('POINT(@p0 @p1)', 4326),@p2 )";context.Database.ExecuteSqlCommand(sql, -121.527200, 45.712113, "301 N. 15th Street") Explicitly assigning the point value with string.format works however. There are a number of ways to query location data. You can't get the location data directly, but you can retrieve the point string (which can then be parsed to get Latitude and Longitude) and you can return calculated values like distance. Here's an example of how to retrieve some geo data into a resultset using EF's and SqlQuery method:[TestMethod] public void RawSqlEfQueryTest() { var sqlFormat = @" DECLARE @s geography SET @s = geography:: STGeomFromText('POINT({0} {1})' , 4326); SELECT Address, Location.ToString() as GeoString, @s.STDistance( Location) as Distance FROM GeoLocations ORDER BY Distance"; var sql = string.Format(sqlFormat, -121.527200, 45.712113); var context = new GeoLocationContext(); var locations = context.Database.SqlQuery<ResultData>(sql); Assert.IsTrue(locations.Count() > 0); foreach (var location in locations) { Console.WriteLine(location.Address + " " + location.GeoString + " " + location.Distance); } } public class ResultData { public string GeoString { get; set; } public double Distance { get; set; } public string Address { get; set; } } Hopefully you don't have to resort to this approach as it's fairly limited. Using the new DbGeography/DbGeometry types makes this sort of thing so much easier. When I had to use code like this before I typically ended up retrieving data pks only and then running another query with just the PKs to retrieve the actual underlying DbContext entities. This was very inefficient and tedious but it did work. Summary For the current project I'm working on we actually made the switch to .NET 4.5 purely for the spatial features in EF 5.0. This app heavily relies on spatial queries and it was worth taking a chance with pre-release code to get this ease of integration as opposed to manually falling back to stored procedures or raw SQL string queries to return spatial specific queries. Using native Entity Framework code makes life a lot easier than the alternatives. It might be a late addition to Entity Framework, but it sure makes location calculations and storage easy. Where do you want to go today? ;-) Resources Download Sample Project© Rick Strahl, West Wind Technologies, 2005-2012Posted in ADO.NET Sql Server .NET Tweet !function(d,s,id){var js,fjs=d.getElementsByTagName(s)[0];if(!d.getElementById(id)){js=d.createElement(s);js.id=id;js.src="//platform.twitter.com/widgets.js";fjs.parentNode.insertBefore(js,fjs);}}(document,"script","twitter-wjs"); (function() { var po = document.createElement('script'); po.type = 'text/javascript'; po.async = true; po.src = 'https://apis.google.com/js/plusone.js'; var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(po, s); })();Read the article
-
Advice? SSO in N-tiered SOA with mixture of REST and SOAP services
- by Tyler
Hi gang, We are moving to SSO in our N-tiered SOA applications. If all the services were SOAP, I'd be ok with just the WS-Security, WS-Trust, WS-Federation set of protocols. My problem is that many of the services are RESTful (ironic) and those protocols do not address REST services. What is your advice for SSO protecting the REST services in an N-tiered SOA architecture with the following requirements: ideally claims-based identity information available to the REST services original user (eg. bootstrap) information must flow through the tiers so that each service can "ActAs" or "OnBehalfOf" the user support sequences like: WebApp -- REST Svc -- SOAP Svc WebApp -- REST Svc1 -- REST Svc2 WebApp -- SOAP Svc -- REST Svc WebApp -- SOAP Svc1 -- SOAP Svc2 support SSO (and SSOff) service/web app platforms: ASP.Net and WCF Java end-user client platforms: .Net (WSE 3.0 and WCF) flash 10 java javascript and AJAX Normally I'm good at climbing / bashing my way through walls, but this one's knocked me flat. Hopefully with your help, we can get over this one. Thanks, TylerRead the article
-
MVVM/ViewModels and handling Authorization
- by vdh_ant
Hey guys Just wondering how how people handle Authorization when using MVVM and/or View Models. If I wasn't using VM's I would be passing back the Model and it would have a property which I could check if a user can edit a given object/property but when using MVVM I am disconnecting myself from the business object... and thus doen't know what the security should be any more. Is this a case where the mapper should be aware of the Authorization that is in place and don't copy across the data if the Authorization check fails. If this was the case I am guessing that the mapper would have to see some properties on the VM to let the interface know which fields are missing data because of the Authorization failure. If this does occur within the mapper, how does this fit in with things like AutoMapper, etc. Cheers AnthonyRead the article
-
Spring AOP: how to get the annotations of the adviced method
- by hubertg
I'd like to implement declarative security with Spring/AOP and annotations. As you see in the next code sample I have the Restricted Annotations with the paramter "allowedRoles" for defining who is allowed to execute an adviced method. @Restricted(allowedRoles="jira-administrators") public void setPassword(...) throws UserMgmtException { // set password code ... } Now, the problem is that in my Advice I have no access to the defined Annotations: public Object checkPermission(ProceedingJoinPoint pjp) throws Throwable { Signature signature = pjp.getSignature(); System.out.println("Allowed:" + rolesAllowedForJoinPoint(pjp)); ... } private Restricted rolesAllowedForJoinPoint(ProceedingJoinPoint thisJoinPoint) { MethodSignature methodSignature = (MethodSignature) thisJoinPoint.getSignature(); Method targetMethod = methodSignature.getMethod(); return targetMethod.getAnnotation(Restricted.class); } The method above always returns null (there are no annotations found at all). Is there a simple solution to this? I read something about using the AspectJ agent but I would prefer not to use this agent.Read the article
-
Are the ASP.net __EVENTTARGET and __EVENTARGUMENT susceptible to SQL injection?
- by Schleichermann
A security review was done against one of our ASP.net applications and returned in the test results was a SQL Injection Exposures considered to be a high risk item. The test that was performed passed a SQL statement as the value of the __EVENTTARGET and the __EVENTARGUMENT. I am wondering since these 2 values are ASP.net auto-generated hidden fields used for the Auto-Postback feature of the framework and hold information specific to the controls initiating the postback, is there really the potential for SQL injection if you are never manually calling and or pulling values out of these parameters in your code behind?Read the article
-
WCF via Windows Service - Authenticating Clients
- by Sean
I am a WCF / Security Newb. I have created a WCF service which is hosted via a windows service. The WCF service grabs data from a 3rd party data source that is secured via windows authentication. I need to either: Pass the client's privileges through the windows service, through the WCF service and into the 3rd party data source, or... Limit who can call the windows service / WCF service to members of a particular AD group. Any suggestions on how I can do either of these tasks?Read the article
-
WCF - Passing CurrentPrincipal in the Header
- by David Ward
I have a WCF service that needs to know the Principal of the calling user. In the constructor of the service I have: Principal = OperationContext.Current.IncomingMessageHeaders.GetHeader<MyPrincipal>("myPrincipal", "ns"); and in the calling code I have something like: using (var factory = new ChannelFactory<IMyService>(localBinding, endpoint)) { var proxy = factory.CreateChannel(); using (var scope = new OperationContextScope((IContextChannel)proxy)) { var customHeader = MessageHeader.CreateHeader("myPrincipal", "ns", Thread.CurrentPrincipal); OperationContext.Current.OutgoingMessageHeaders.Add(customHeader); newList = proxy.CreateList(); } } This all works fine. My question is, how can I avoid having to wrap all proxy method calls in the using (var scope...{ [create header and add to OperationContext]? Could I create a custom ChannelFactory that will handle adding the myPrincipal header to the operation context? Something like that would save a whole load of copy/paste which I'd rather not do but I'm not sure how to achieve it:) ThanksRead the article
