Search Results

Search found 29574 results on 1183 pages for 'directory services'.

Page 20/1183 | < Previous Page | 16 17 18 19 20 21 22 23 24 25 26 27  | Next Page >

  • .Net Intermittent System.Web.Services.Protocols.SoapHeaderException

    - by ScottE
    We have a .net 3.5 web app that consumes third party web services. The proxy was created by adding a web reference to their wsdl. This proxy is not compiled. Our error logging is picking up frequent but intermittent exceptions: An exception of type 'System.Web.Services.Protocols.SoapHeaderException' occurred and was caught If I follow the url to the page that generated the exception, I can't recreate it. Edit: Here is most of the exception - where it bubbled up from Message : Internal Error Type : System.Web.Services.Protocols.SoapHeaderException, System.Web.Services, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a Source : System.Web.Services Help link : Actor : Code : http://schemas.xmlsoap.org/soap/envelope/:Client Detail : Lang : Node : Role : SubCode : Data : System.Collections.ListDictionaryInternal TargetSite : System.Object[] ReadResponse(System.Web.Services.Protocols.SoapClientMessage, System.Net.WebResponse, System.IO.Stream, Boolean) Stack Trace : at System.Web.Services.Protocols.SoapHttpClientProtocol.ReadResponse(SoapClientMessage message, WebResponse response, Stream responseStream, Boolean asyncCall) at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters) at Vendor.getSearch(getSearchRequest getSearchRequest) in c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\root\be43c34e\b09edc7e\App_WebReferences.pww-cf-q.0.cs:line 73 Edit 2: Inner exceptions: I sometimes get the following inner exceptions logged: Message : Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host. Type : System.IO.IOException, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 Source : System Help link : Data : System.Collections.ListDictionaryInternal TargetSite : Int32 Read(Byte[], Int32, Int32) Stack Trace : at System.Net.Sockets.NetworkStream.Read(Byte[] buffer, Int32 offset, Int32 size) at System.Net.FixedSizeReader.ReadPacket(Byte[] buffer, Int32 offset, Int32 count) at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult) at System.Net.TlsStream.CallProcessAuthentication(Object state) at System.Threading.ExecutionContext.runTryCode(Object userData) at System.Runtime.CompilerServices.RuntimeHelpers.ExecuteCodeWithGuaranteedCleanup(TryCode code, CleanupCode backoutCode, Object userData) at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state) at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state) at System.Net.TlsStream.ProcessAuthentication(LazyAsyncResult result) at System.Net.TlsStream.Write(Byte[] buffer, Int32 offset, Int32 size) at System.Net.PooledStream.Write(Byte[] buffer, Int32 offset, Int32 size) at System.Net.ConnectStream.WriteHeaders(Boolean async) And/Or: Message : An existing connection was forcibly closed by the remote host Type : System.Net.Sockets.SocketException, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 Source : System Help link : ErrorCode : 10054 SocketErrorCode : ConnectionReset NativeErrorCode : 10054 Data : System.Collections.ListDictionaryInternal TargetSite : Int32 Receive(Byte[], Int32, Int32, System.Net.Sockets.SocketFlags) Stack Trace : at System.Net.Sockets.Socket.Receive(Byte[] buffer, Int32 offset, Int32 size, SocketFlags socketFlags) at System.Net.Sockets.NetworkStream.Read(Byte[] buffer, Int32 offset, Int32 size) Update We're still working on it. Originally there was a route issue, which was resolved. We're still getting the inner exception with socket errors. We had MS support involved today, and they looked at some traces and network captures. The web service host does round-robin DNS, and they may be responding on a different IP address for the syn syn/ack from one ip, and the next from a different ip. This is not good. This is likely quite specific to our situation, but perhaps it applies to others as well. Microsoft Network Monitor and an application trace got us the information we needed.

    Read the article

  • GlassFish Security Realm, Active Directory and Referral

    - by Allan Lykke Christensen
    I've setup up a Security Realm in Glassfish to authenticate against an Active Directory server. The configuration of the realm is as follows: Class Name: com.sun.enterprise.security.auth.realm.ldap.LDAPRealm JAAS context: ldapRealm Directory: ldap://172.16.76.10:389/ Base DN: dc=smallbusiness,dc=local search-filter: (&(objectClass=user)(sAMAccountName=%s)) group-search-filter: (&(objectClass=group)(member=%d)) search-bind-dn: cN=Administrator,CN=Users,dc=smallbusiness,dc=local search-bind-password: abcd1234! The realm is functional and I can log-in, but when ever I log in I get the following error in the log: SEC1106: Error during LDAP search with filter [(&(objectClass=group)(member=CN=Administrator,CN=Users,dc=smallbusiness,dc=local))]. SEC1000: Caught exception. javax.naming.PartialResultException: Unprocessed Continuation Reference(s); remaining name 'dc=smallbusiness,dc=local' at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2820) .... .... ldaplm.searcherror While searching for a solution I found that it was recommended to add java.naming.referral=follow to the properties of the realm. However, after I add this it takes 20 minutes for GlassFish to authenticate against Active Directory. I suspect it is a DNS problem on the Active Directory server. The Active Directory server is a vanilla Windows Server 2003 setup in a Virtual Machine. Any help/recommendation is highly appreciated!

    Read the article

  • Calling web services from your JSF code

    - by Abel Morelos
    Let's say that you have a presentation tier in JSF, and that your business tier is accessed using web services. How would you call your web services from JSF? I was considering to have my backing beans to call the web services, but I just though I could use Ajax with JSF in order to connect to the web services. What would you choose and why? Any other choice you could recommend? Thanks.

    Read the article

  • Temporary operation in a temporary directory in shell script

    - by jhs
    I need a fresh temporary directory to do some work in a shell script. When the work is done (or if I kill the job midway), I want the script to change back to the old working directory and wipe out the temporary one. In Ruby, it might look like this: require 'tmpdir' Dir.mktmpdir 'my_build' do |temp_dir| puts "Temporary workspace is #{temp_dir}" do_some_stuff(temp_dir) end puts "Temporary directory already deleted" What would be the best bang for the buck to do that in a Bash script? I want to trap

    Read the article

  • what is the '<app-directory>' of remote_api in google-app-engine

    - by zjm1126
    http://code.google.com/intl/en/appengine/docs/python/tools/uploadingdata.html the api is : Downloading Data from App Engine To start a data download, run appcfg.py download_data with the appropriate arguments: appcfg.py download_data --config_file=album_loader.py --filename=album_data_archive.csv --kind=Album <app-directory> i want to download data from my gae app zjm1126.appspot.com so i write this in the commond: appcfg.py download_data --config_file=GreetingLoad.py --filename=GreetingLoad.csv but, i don't know how to write the 'app-directory' so , how to write the 'app-directory'.. thanks

    Read the article

  • How to get the current project directory or the bin directory and move a few level up?

    - by melaos
    I have an ASP.Net MVC app, and i have some xsl files inside of the Content directory. I've try a few methods to get directory dynamically buy keep on coming short. So how do i get the directory to point to the Content/xsl folder? the closest that i came to was with this: this.GetType().Assembly.CodeBase which only returns the project DLL, but i can't figure out how to move up a few levels from there or what .net library to use to navigate around the path. there's no ../.. :( Basically i want to navigate to the Content/xsl folder which is at the same level of the Bin directory.

    Read the article

  • Storing source files outside project file directory in Visual Studio C++ 2009

    - by Skurmedel
    Visual Studio projects assumes all files belonging to the project are situated in the same directory as the project file, or one underneath it. For a particular project (in the non-Visual Studio sense) this is not what I want. I want to store the MSVC-specific files in another folder, because there might be other ways to build the application as well, for example with SCons. Also all the stuff MSVC splurts out clutters the source directory. Example: /source /scons /msvc <- here is where I want my MSVC-specific stuff I can add the files, in Explorer, to the source directory manually, and then link them in Visual Studio with the project. It's not the end of the world, but it annoys me a bit that Visual Studio tries to dictate the folder structure of my project. I was looking through the schemas for the project files but realized that this annoying assumption is in the IDE and not the format of the project files. Do someone know a neater way to solve this than manually linking files to the project from the source directory?

    Read the article

  • How to design highly scalable web services in Java?

    - by Kshitiz Sharma
    I am creating some Web Services that would have 2000 concurrent users. The services are offered for free and are hence expected to get a large user base. In the future it may be required to scale up to 50,000 users. There are already a few other questions that address the issue like - Building highly scalable web services However my requirements differ from the question above. For example - My application does not have a user interface, so images, CSS, javascript are not an issue. It is in Java so suggestions like using HipHop to translate PHP to native code are useless. Hence I decided to ask my question separately. This is my project setup - Rest based Web services using Apache CXF Hibernate 3.0 (With relevant optimizations like lazy loading and custom HQL for tune up) Tomcat 6.0 MySql 5.5 My questions are - Are there alternatives to Mysql that offer better performance for what I'm trying to do? What are some general things to abide by in order to scale a Java based web application? I am thinking of putting my Application in two tomcat instances with httpd redirecting the request to appropriate tomcat on basis of load. Is this the right approach? Separate tomcat instances can help but then database becomes the bottleneck since both applications access the same database? I am a programmer not a Db Admin, how difficult would it be to cluster a Mysql database (or, to cluster whatever database offered as an alternative to 1)? How effective are caching solutions like EHCache? Any other general best practices? Some clarifications - Could you partition the data? Yes we could but we're trying to avoid it. We need to run a lot of data mining algorithms and the design would evolve over time so we can't be sure what lines of partition should be there.

    Read the article

  • How is the Tomcat temp directory location defined?

    - by sdoca
    I am running Tomcat bundled with Liferay5.2.3 and use Eclipse 3.5 (Galileo) as my IDE. I set up my Tomcat server in Eclipse as per this blog entry: http://www.jroller.com/holy/entry/developing_portlets_for_liferay_in. If I start Tomcat via the Eclipse server config, Liferay/Tomcat uses my C:\Documents and Settings\user\Local Settings\Temp\ directory. However, if I start Tomcat directly using the startup.bat script, Liferay/Tomcat uses the Tomcat temp directory. I can't figure out if Eclipse, Liferay or Tomcat is deciding which temp directory to use or how to change it. I would prefer to use the Tomcat temp directory. I have this issue with both the Lifera/Tomcat bundles 5.5 and 6.0 (liferay-portal-tomcat-6.0-5.2.3.zip and liferay-portal-tomcat-5.5-5.2.3.zip). Anybody have any clues?

    Read the article

  • ASP.NET MVC thinks my virtual directory is a controller

    - by kmehta
    I have a virtual directory under my MVC website in IIS called "Files". This directory is at the same level as my Views directory. When I link to a file from my MVC app to a file under my Files directory, I get the following error: The controller for path '/Files/Images/1c7f7eb8-5d66-4bca-a73a-4ba6340a7805.JPG' was not found or does not implement IController. It thinks that my Files VD is a controller. How do I access my files like a normal VD without MVC interfering? Thanks.

    Read the article

  • IAM / AWS Access control via Windows Azure Active Directory

    - by Haroon
    I am trying to figure out how to configure IAM in Amazon AWS to use Windows Azure Active Directory. I found http://blogs.aws.amazon.com/security/post/Tx71TWXXJ3UI14/Enabling-Federation-to-AWS-using-Windows-Active-Directory-ADFS-and-SAML-2-0, however it is about configuring ADFS. WAAD supports SAML 2.0 http://azure.microsoft.com/en-us/documentation/articles/fundamentals-identity/ Has anyone figured it out yet?

    Read the article

  • virtual directory for php app

    - by Tom
    I created a virtual directory for my php app. Now I get the "Directory Listing Denied This Virtual Directory does not allow contents to be listed." Do I need to make some kind of dummy index.asp file that redirects (OR PREFERRED: just displays index.php) or how to solve this? I have restricted access to webserver, but index.php is set to be default

    Read the article

  • read the contents of a directory using shell script

    - by jrharshath
    Hi, I'm trying to get the contents of a directory using shell script. My script is: for entry in `ls`; do echo $entry done However, my current directory contains many files with whitespaces in their names. In that case, this script fails. What is the correct way to loop over the contents of a directory in shell scripting? PS: I use bash.

    Read the article

  • Copying files from one directory to another in Java

    - by user42155
    Hello, I want to copy files from one directory to another (subdirectory) using Java. I have a directory, dir, with text files. I iterate over the first 20 files in dir, and want to copy them to another directory in the dir directory, which I have created right before the iteration. In the code, I want to copy the review (which represents the ith text file or review) to trainingDir. How can I do this? There seems not to be such a function (or I couldn't find). Thank you. boolean success = false; File[] reviews = dir.listFiles(); String trainingDir = dir.getAbsolutePath() + "/trainingData"; File trDir = new File(trainingDir); success = trDir.mkdir(); for(int i = 1; i <= 20; i++) { File review = reviews[i]; }

    Read the article

  • Active directory 1355 0x54b ERROR_NO_SUCH_DOMAIN

    - by Elgreco08
    Hi! I have 3 domain controlers 2x 2008 1x 2003 server When i use the nltest /server:dcN.domain.local /sc_verify:domain.local i get: on the 2 of them OK status on one of them i get I_NetLogonControl failed: Status = 1355 0x54b ERROR_NO_SUCH_DOMAIN i did some tests and when i moved the role "Domain Role Owner" from the server i had the error to another DC the error moved also is there any connection with the Domain role owner role? and the 1355 error? //// To be more clear about: dc1 server FMSO role "domain owner role" testing nltest /sc_verify:domain.local error: I_NetLogonControl failed: Status = 1355 0x54b ERROR_NO_SUCH_DOMAIN dc2 server no FMSO role testing nltest /sc_verify:domain.local success now i move fmso domain owner rule to server DC2 dc1 server FMSO none testing nltest /sc_verify:domain.local sucess dc2 server FMSO role "domain owner role" testing nltest /sc_verify:domain.local error: I_NetLogonControl failed: Status = 1355 0x54b ERROR_NO_SUCH_DOMAIN

    Read the article

  • Retrieve user details from Active Directory using SID

    - by er4z0r
    Hi, How can I find a user in my AD when I have his/her SID. I don't want to rely on other attributes, since I am trying to detect changes to these. Example: I get a message about a change to user record containing: Message: User Account Changed: Target Account Name: test12 Target Domain: DOMAIN Target Account ID: %{S-1-5-21-3968247570-3627839482-368725868-1110} Caller User Name: Administrator Caller Domain: DOMAIN Caller Logon ID: (0x0,0x62AB1) Privileges: - I want to notify the user about the change. So I need their account-information from AD. When I try to retrieve the user's data from AD via VBScript like this: Wscript.StdOut.writeLine "Found an Account ID: " & objMatch.value Set objUser = GetObject("LDAP://GUID=1521396824757036278394823687258681110") Wscript.StdOut.writeLine objUser I receive an error stating The handle is invalid Code:80070006

    Read the article

  • Oracle Internet Directory 11gR1 11.1.1.6 Certified with E-Business Suite

    - by Elke Phelps (Oracle Development)
    Oracle E-Business Suite comes with native user authentication and management capabilities out-of-the-box. If you need more-advanced features, it's also possible to integrate it with Oracle Internet Directory and Oracle Single Sign-On or Oracle Access Manager, which allows you to link the E-Business Suite with third-party tools like Microsoft Active Directory, Windows Kerberos, and CA Netegrity SiteMinder.  For details about third-party integration architectures, see either of these article for EBS 11i and 12: In-Depth: Using Third-Party Identity Managers with E-Business Suite Release 12 In-Depth: Using Third-Party Identity Managers with the E-Business Suite Release 11i Oracle Internet Directory 11.1.1.6 is now certified with Oracle E-Business Suite Release 11i, 12.0 and 12.1.  OID 11.1.1.6 is part of Oracle Fusion Middleware 11g Release 1 Version 11.1.1.6.0, also known as FMW 11g Patchset 5.  Certified E-Business Suite releases are: EBS Release 11i 11.5.10.2 + ATG PH.H RUP 7 and higher EBS Release 12.0.6 and higher EBS Release 12.1.1 and higher Supported Configurations Oracle Internet Directory 11.1.1.5.0 can be integrated with two single sign-on solutions for EBS environments: Oracle Internet Directory and Directory Integration Platform from Fusion Middleware 11gR1 Patchset 5 (11.1.1.6.0) with Oracle Access Manager 10g (10.1.4.3) with an existing Oracle E-Business Suite system (Release 11i or 12.1.x). Oracle Internet Directory and Directory Integration Platform from Fusion Middleware 11gR1 Patchset 5 (11.1.1.6.0) with Oracle Access Manager 11gR1 (11.1.1.5) with an existing Oracle E-Business Suite system (Release 12.0.6 or higher or 12.1.x). Oracle Internet Directory (OID) and Directory Integration Platform (DIP) from Oracle Fusion Middleware 11gR1 Patchset 5  (11.1.1.6.0) with Oracle Single Sign-On Server and Oracle Delegated Administration Services Release 10g (10.1.4.3.0) with an existing Oracle E-Business Suite system (Release 11i, 12.0.6 or 12.1.x) Oracle Access Manager strongly recommended Oracle has two single sign-on solutions: Oracle Single Sign-On Server (OSSO) and Oracle Access Manager (OAM). Oracle strongly recommends that all new single sign-on implementations use Oracle Access Manager. Oracle Access Manager is the preferred solution going forward, and forms the basis of Oracle Fusion Middleware 11g. OSSO is no longer being actively developed and will not be ported to Oracle WebLogic Server. Platform certifications Oracle Internet Directory is certified to run on any operating system for which Oracle WebLogic Server 11g is certified. Refer to the Oracle Fusion Middleware 11g System Requirements for more details.For information on operating systems supported by Oracle Internet Directory and its components, refer to the Oracle Identity and Access Management 11gR1 certification matrix.Integration with Oracle Internet Directory involves components spanning several different suites of Oracle products. There are no restrictions on which platform any particular component may be installed so long as the platform is supported for that component.References Overview of Single Sign-On Integration Options for Oracle E-Business Suite Note 1388152.1 Using the Latest Oracle Internet Directory 11gR1 Patchset with Oracle Single Sign-on and Oracle E-Business Suite (Note 876539.1) Integrating Oracle E-Business Suite with Oracle Access Manager 11g using Oracle E-Business Suite AccessGate (Note 1309013.1) Integrating Oracle E-Business Suite with Oracle Access Manager 10g using Oracle E-Business Suite AccessGate (Note 975182.1) Migrating Oracle Single Sign-On 10gR3 to Oracle Access Manager 11g with Oracle E-Business Suite (Note 1304550.1) Oracle Fusion Middleware Download, Installation & Configuration Readme Oracle Fusion Middleware Installation Guide for Oracle Identity Management 11g Release 1 (11.1.1) (Part Number E12002-09) Oracle Fusion Middleware Upgrade Guide for Oracle Identity Management 11g Release 1 (11.1.1) (Part Number E10129-09) Oracle Fusion Middleware Upgrade Planning Guide 11g Release 1 (11.1.1) (Part Number E10125-06) Oracle Fusion Middleware Patching Guide 11g Release 1 (11.1.1) (Part Number E16793-12) Related Articles Understanding Options for Integrating Oracle Access Manager with E-Business Suite In-Depth: Using Third-Party Identity Managers with E-Business Suite Release 12 In-Depth: Using Third-Party Identity Managers with the E-Business Suite Release 11i Oracle Access Manager 10gR3 Certified with E-Business Suite Portal 11.1.1.4 Certified with E-Business Suite Discoverer 11.1.1.4 Certified with E-Business Suite

    Read the article

  • Creating a new Active Directory account with an InfoPath form

    - by ryan
    I am setting up a business partner portal in our Sharepoint server. There will be an AD group with permissions limited to viewing and possibly contributing to the specific business partner site and employees of our business partners will have accounts created for them as needed. Now we would like to let our business development group(BDG) have control over the partner accounts. Ideally they should be able to add and delete accounts and change permissions on them. The BDG are not domain admins so we don't want to give them access to the domain controller. We want to create an Infopath form that will allow them to do all this. Is it possible to create and manage AD accounts from within an Infopath form on the sharepoint server? I searched this site and MSDN and can not find anything specifically related to my question.

    Read the article

  • Tomcat SPNEGO authentication against Active Directory not working.

    - by Michael
    I'm trying to authenticate against AD using the http://spnego.sourceforge.net component with tomcat. I've created my SPN's "setspn.exe -A HTTP/servername SVCTomcat" & "setspn.exe -A HTTP/servername.fqdn.net SVCTomcat" I've created my krb5.conf & login.conf file and setup the filter in the web.xml ie. <filter-name>SpnegoHttpFilter</filter-name> <filter-class>net.sourceforge.spnego.SpnegoHttpFilter</filter-class> <param-name>spnego.allow.unsecure.basic</param-name> <param-value>false</param-value> <param-name>spnego.login.client.module</param-name> <param-value>spnego-client</param-value> <param-name>spnego.krb5.conf</param-name> <param-value>krb5.conf</param-value> <param-name>spnego.login.conf</param-name> <param-value>login.conf</param-value> <param-name>spnego.preauth.username</param-name> <param-value>SVCTomcat</param-value> <param-name>spnego.preauth.password</param-name> <param-value>Pasword</param-value> <param-name>spnego.login.server.module</param-name> <param-value>spnego-server</param-value> <param-name>spnego.prompt.ntlm</param-name> <param-value>false</param-value> <param-name>spnego.logger.level</param-name> <param-value>2</param-value> Note i've stripped extraneous tags from this, so it's not the actual XML. When i go to a page protected by this filter i get this in the catalina logfile. 25-Mar-2010 12:41:26 org.apache.catalina.startup.Catalina start INFO: Server startup in 4615 ms 25-Mar-2010 12:41:47 net.sourceforge.spnego.SpnegoHttpFilter doFilter FINE: principal=SYSTEM@TESTDOMAIN And in the hello_spnego.jsp example on the website it just reports the name of the user tomcat is running as (SYSTEM), not the user i'm connecting with. It seems the author stopped halfway through his debugging page, so i've no areas to look in other than to triple check my config. Any ideas?

    Read the article

  • Active Directory Domain Services - Network Name Cannot be Found

    - by Arief
    I have really weird problem that I could not explain. I am trying to redirect all users home folder to the new server. I have copied all the files including the permissions to the new server. All I need to do is to update the user profile for home folder by changing the server name. However, I got this message when I enter the new server name: My server that serving as AD can resolve the name by ping and nslookup of the server name. The only thing that I don't understand why the MMC cannot resolve the name. I did change with the IP Address and I still get the same error message. Thank you so much for your help. UPDATE: I know what seems to be a problem, but I don't know how to fix it. The new server that will serve all Home folder is actually sitting in the cloud with different IP Address as the Domain Controller. The Domain Controller is sitting locally in the office with 10.0.0.0/24 IP Addresses. The new server that is sitting in on Data Centre is on 172.10.10.10/24 IP Addresses. The static route has been set up on both end, and the DNS as well. I believe this is the issue. Does anyone how to overcome this situation? Thank you.

    Read the article

  • Use alternative Active Directory server to gain administrative privileges

    - by Sharuzzaman Ahmat Raslan
    I have this idea, just want to see if it is implementable or not. Let say I have my office laptop, with no administrator privileges, using example domain ASDF Can I set at my home, another AD server (Microsoft or Samba 4), that have the same domain ASDF as my office laptop. Then I set an administrative user in my own AD server. Theoretically, is it possible to authenticate my office laptop with my own AD? If the above is possible, theoretically, is it possible to gain administrative privileges also with this setup? Thanks.

    Read the article

  • How to properly deny Railo directory access through Apache

    - by Sn3akyP3t3
    I've been battle tested on this and failed to achieve my goal which is to deny all access to all directories except the Public directory and only allow access to all all other directories with specific IP addresses. To get Railo+Apache+Tomcat installed I pretty much followed this script: https://github.com/talltroym/Railo-Ubuntu-Installer-Script then verified settings with this tutorial: http://blog.nictunney.com/2012/03/railo-tomcat-and-apache-on-amazon-ec2.html From the installation script these mods are enabled: sudo a2enmod ssl sudo a2enmod proxy sudo a2enmod proxy_http sudo a2enmod rewrite sudo a2ensite default-ssl Outside of the script I copied the sites-available to sites-enabled then reloaded Apache. I have a directory created for Railo cmfl located at /var/www/Railo/ Navigating the browser to http ://Server_IP_Address/Railo forces ssl and relocates to https ://Server_IP_Address/Railo which shows off index.cfm. Not providing index.cfm and omitting https indicates that the DirectoryIndex directive and RewriteCond of Apache appears to be working for the sites-enabled VirtualHost. The problem I'm encountering is that I cannot seem to deny access to all directories except Public. My directory structure is rather simple and looks like this: Railo error Public NotPublic Sandbox These are my sites-enabled configurations: <VirtualHost *:80> ServerAdmin webmaster@localhost DocumentRoot /var/www #Default Deny All to prevent walking backwards in file system Alias /Railo/ "/var/www/Railo/" <Directory ~ ".*/Railo/(?!Public).*"> Order Deny,Allow Deny from All </Directory> ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/ <Directory "/usr/lib/cgi-bin"> AllowOverride None Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch Order allow,deny Allow from all </Directory> ErrorLog ${APACHE_LOG_DIR}/error.log # Possible values include: debug, info, notice, warn, error, crit, # alert, emerg. LogLevel warn CustomLog ${APACHE_LOG_DIR}/access.log combined Alias /doc/ "/usr/share/doc/" <Directory "/usr/share/doc/"> Options Indexes MultiViews FollowSymLinks AllowOverride None Order deny,allow Deny from all Allow from 127.0.0.0/255.0.0.0 ::1/128 </Directory> DirectoryIndex index.cfm index.cfml default.cfm default.cfml index.htm index.html index.cfc RewriteEngine on RewriteCond %{SERVER_PORT} !^443$ RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [L,R] </VirtualHost> and <IfModule mod_ssl.c> <VirtualHost _default_:443> ServerAdmin webmaster@localhost DocumentRoot /var/www Alias /Railo/ "/var/www/Railo/" <Directory ~ "/var/www/Railo/(?!Public).*"> Order Deny,Allow Deny from All </Directory> ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/ <Directory "/usr/lib/cgi-bin"> AllowOverride None Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch Order allow,deny Allow from all </Directory> ErrorLog ${APACHE_LOG_DIR}/error.log # Possible values include: debug, info, notice, warn, error, crit, # alert, emerg. LogLevel warn CustomLog ${APACHE_LOG_DIR}/ssl_access.log combined Alias /doc/ "/usr/share/doc/" <Directory "/usr/share/doc/"> Options Indexes MultiViews FollowSymLinks AllowOverride None Order deny,allow Deny from all Allow from 127.0.0.0/255.0.0.0 ::1/128 </Directory> # SSL Engine Switch: # Enable/Disable SSL for this virtual host. SSLEngine on # A self-signed (snakeoil) certificate can be created by installing # the ssl-cert package. See # /usr/share/doc/apache2.2-common/README.Debian.gz for more info. # If both key and certificate are stored in the same file, only the # SSLCertificateFile directive is needed. SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key # Server Certificate Chain: # Point SSLCertificateChainFile at a file containing the # concatenation of PEM encoded CA certificates which form the # certificate chain for the server certificate. Alternatively # the referenced file can be the same as SSLCertificateFile # when the CA certificates are directly appended to the server # certificate for convinience. #SSLCertificateChainFile /etc/apache2/ssl.crt/server-ca.crt # Certificate Authority (CA): # Set the CA certificate verification path where to find CA # certificates for client authentication or alternatively one # huge file containing all of them (file must be PEM encoded) # Note: Inside SSLCACertificatePath you need hash symlinks # to point to the certificate files. Use the provided # Makefile to update the hash symlinks after changes. #SSLCACertificatePath /etc/ssl/certs/ #SSLCACertificateFile /etc/apache2/ssl.crt/ca-bundle.crt # Certificate Revocation Lists (CRL): # Set the CA revocation path where to find CA CRLs for client # authentication or alternatively one huge file containing all # of them (file must be PEM encoded) # Note: Inside SSLCARevocationPath you need hash symlinks # to point to the certificate files. Use the provided # Makefile to update the hash symlinks after changes. #SSLCARevocationPath /etc/apache2/ssl.crl/ #SSLCARevocationFile /etc/apache2/ssl.crl/ca-bundle.crl # Client Authentication (Type): # Client certificate verification type and depth. Types are # none, optional, require and optional_no_ca. Depth is a # number which specifies how deeply to verify the certificate # issuer chain before deciding the certificate is not valid. #SSLVerifyClient require #SSLVerifyDepth 10 # Access Control: # With SSLRequire you can do per-directory access control based # on arbitrary complex boolean expressions containing server # variable checks and other lookup directives. The syntax is a # mixture between C and Perl. See the mod_ssl documentation # for more details. #<Location /> #SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \ # and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \ # and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \ # and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \ # and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20 ) \ # or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/ #</Location> # SSL Engine Options: # Set various options for the SSL engine. # o FakeBasicAuth: # Translate the client X.509 into a Basic Authorisation. This means that # the standard Auth/DBMAuth methods can be used for access control. The # user name is the `one line' version of the client's X.509 certificate. # Note that no password is obtained from the user. Every entry in the user # file needs this password: `xxj31ZMTZzkVA'. # o ExportCertData: # This exports two additional environment variables: SSL_CLIENT_CERT and # SSL_SERVER_CERT. These contain the PEM-encoded certificates of the # server (always existing) and the client (only existing when client # authentication is used). This can be used to import the certificates # into CGI scripts. # o StdEnvVars: # This exports the standard SSL/TLS related `SSL_*' environment variables. # Per default this exportation is switched off for performance reasons, # because the extraction step is an expensive operation and is usually # useless for serving static content. So one usually enables the # exportation for CGI and SSI requests only. # o StrictRequire: # This denies access when "SSLRequireSSL" or "SSLRequire" applied even # under a "Satisfy any" situation, i.e. when it applies access is denied # and no other module can change it. # o OptRenegotiate: # This enables optimized SSL connection renegotiation handling when SSL # directives are used in per-directory context. #SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire <FilesMatch "\.(cgi|shtml|phtml|php)$"> SSLOptions +StdEnvVars </FilesMatch> <Directory /usr/lib/cgi-bin> SSLOptions +StdEnvVars </Directory> # SSL Protocol Adjustments: # The safe and default but still SSL/TLS standard compliant shutdown # approach is that mod_ssl sends the close notify alert but doesn't wait for # the close notify alert from client. When you need a different shutdown # approach you can use one of the following variables: # o ssl-unclean-shutdown: # This forces an unclean shutdown when the connection is closed, i.e. no # SSL close notify alert is send or allowed to received. This violates # the SSL/TLS standard but is needed for some brain-dead browsers. Use # this when you receive I/O errors because of the standard approach where # mod_ssl sends the close notify alert. # o ssl-accurate-shutdown: # This forces an accurate shutdown when the connection is closed, i.e. a # SSL close notify alert is send and mod_ssl waits for the close notify # alert of the client. This is 100% SSL/TLS standard compliant, but in # practice often causes hanging connections with brain-dead browsers. Use # this only for browsers where you know that their SSL implementation # works correctly. # Notice: Most problems of broken clients are also related to the HTTP # keep-alive facility, so you usually additionally want to disable # keep-alive for those clients, too. Use variable "nokeepalive" for this. # Similarly, one has to force some clients to use HTTP/1.0 to workaround # their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and # "force-response-1.0" for this. BrowserMatch "MSIE [2-6]" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 # MSIE 7 and newer should be able to use keepalive BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown DirectoryIndex index.cfm index.cfml default.cfm default.cfml index.htm index.html #Proxy .cfm and cfc requests to Railo ProxyPassMatch ^/(.+.cf[cm])(/.*)?$ http://127.0.0.1:8888/$1 ProxyPassReverse / http://127.0.0.1:8888/ #Deny access to admin except for local clients <Location /railo-context/admin/> Order deny,allow Deny from all # Allow from <Omitted> # Allow from <Omitted> Allow from 127.0.0.1 </Location> </VirtualHost> </IfModule> The apache2.conf includes the following: # Include the virtual host configurations: Include sites-enabled/ <IfModule !mod_jk.c> LoadModule jk_module /usr/lib/apache2/modules/mod_jk.so </IfModule> <IfModule mod_jk.c> JkMount /*.cfm ajp13 JkMount /*.cfc ajp13 JkMount /*.do ajp13 JkMount /*.jsp ajp13 JkMount /*.cfchart ajp13 JkMount /*.cfm/* ajp13 JkMount /*.cfml/* ajp13 # Flex Gateway Mappings # JkMount /flex2gateway/* ajp13 # JkMount /flashservices/gateway/* ajp13 # JkMount /messagebroker/* ajp13 JkMountCopy all JkLogFile /var/log/apache2/mod_jk.log </IfModule> I believe I understand most of this except the jk_module inclusion which I've noticed has an error that shows up in the logs that I can't sort out: [warn] No JkShmFile defined in httpd.conf. Using default /etc/apache2/logs/jk-runtime-status I've checked my Regular expression against the paths of the directories with RegexBuddy just to be sure that I wasn't correct. The problem doesn't appear to be Regex related although I may have something incorrect in the Directory directive. The Location directive seems to be working correctly for blocking out Railo admin site access.

    Read the article

< Previous Page | 16 17 18 19 20 21 22 23 24 25 26 27  | Next Page >