Search Results

Search found 51287 results on 2052 pages for 'commercial application'.

Page 21/2052 | < Previous Page | 17 18 19 20 21 22 23 24 25 26 27 28  | Next Page >

  • Securing an ADF Application using OES11g: Part 2

    - by user12587121
    To validate the integration with OES we need a sample ADF Application that is rich enough to allow us to test securing the various ADF elements.  To achieve this we can add some items including bounded task flows to the application developed in this tutorial. A sample JDeveloper 11.1.1.6 project is available here. It depends on the Fusion Order Demo (FOD) database schema which is easily created using the FOD build scripts.In the deployment we have chosen to enable only ADF Authentication as we will delegate Authorization, mostly, to OES.The welcome page of the application with all the links exposed looks as follows: The Welcome, Browse Products, Browse Stock and System Administration links go to pages while the Supplier Registration and Update Stock are bounded task flows.  The Login link goes to a basic login page and once logged in a link is presented that goes to a logout page.  Only the Browse Products and Browse Stock pages are really connected to the database--the other pages and task flows do not really perform any operations on the database. Required Security Policies We make use of a set of test users and roles as decscribed on the welcome page of the application.  In order to exercise the different authorization possibilities we would like to enforce the following sample policies: Anonymous users can see the Login, Welcome and Supplier Registration links. They can also see the Welcome page, the Login page and follow the Supplier Registration task flow.  They can see the icon adjacent to the Login link indicating whether they have logged in or not. Authenticated users can see the Browse Product page. Only staff granted the right can see the Browse Product page cost price value returned from the database and then only if the value is below a configurable limit. Suppliers and staff can see the Browse Stock links and pages.  Customers cannot. Suppliers can see the Update Stock link but only those with the update permission are allowed to follow the task flow that it launches.  We could hide the link but leave it exposed here so we can easily demonstrate the method call activity protecting the task flow. Only staff granted the right can see the System Administration link and the System Administration page it accesses. Implementing the required policies In order to secure the application we will make use of the following techniques: EL Expressions and Java backing beans: JSF has the notion of EL expressions to reference data from backing Java classes.  We use these to control the presentation of links on the navigation page which respect the security contraints.  So a user will not see links that he is not allowed to click on into. These Java backing beans can call on to OES for an authorization decision.  Important Note: naturally we would configure the WLS domain where our ADF application is running as an OES WLS SM, which would allow us to efficiently query OES over the PEP API.  However versioning conflicts between OES 11.1.1.5 and ADF 11.1.1.6 mean that this is not possible.  Nevertheless, we can make use of the OES RESTful gateway technique from this posting in order to call into OES. You can easily create and manage backing beans in Jdeveloper as follows: Custom ADF Phase Listener: ADF extends the JSF page lifecycle flow and allows one to hook into the flow to intercept page rendering.  We use this to put a check prior to rendering any protected pages, again calling on to OES via the backing bean.  Phase listeners are configured in the adf-settings.xml file.  See the MyPageListener.java class in the project.  Here, for example,  is the code we use in the listener to check for allowed access to the sysadmin page, navigating back to the welcome page if authorization is not granted:                         if (page != null && (page.equals("/system.jspx") || page.equals("/system"))){                             System.out.println("MyPageListener: Checking Authorization for /system");                             if (getValue("#{oesBackingBean.UIAccessSysAdmin}").toString().equals("false") ){                                   System.out.println("MyPageListener: Forcing navigation away from system" +                                       "to welcome");                                 NavigationHandler nh = fc.getApplication().getNavigationHandler();                                   nh.handleNavigation(fc, null, "welcome");                               } else {                                 System.out.println("MyPageListener: access allowed");                              }                         } Method call activity: our app makes use of bounded task flows to implement the sequence of pages that update the stock or allow suppliers to self register.  ADF takes care of ensuring that a bounded task flow can be entered by only one page.  So a way to protect all those pages is to make a call to OES in the first activity and then either exit the task flow or continue depending on the authorization decision.  The method call returns a String which contains the name of the transition to effect. This is where we configure the method call activity in JDeveloper: We implement each of the policies using the above techniques as follows: Policies 1 and 2: as these policies concern the coarse grained notions of controlling access to anonymous and authenticated users we can make use of the container’s security constraints which can be defined in the web.xml file.  The allPages constraint is added automatically when we configure Authentication for the ADF application.  We have added the “anonymousss” constraint to allow access to the the required pages, task flows and icons: <security-constraint>    <web-resource-collection>      <web-resource-name>anonymousss</web-resource-name>      <url-pattern>/faces/welcome</url-pattern>      <url-pattern>/afr/*</url-pattern>      <url-pattern>/adf/*</url-pattern>      <url-pattern>/key.png</url-pattern>      <url-pattern>/faces/supplier-reg-btf/*</url-pattern>      <url-pattern>/faces/supplier_register_complete</url-pattern>    </web-resource-collection>  </security-constraint> Policy 3: we can place an EL expression on the element representing the cost price on the products.jspx page: #{oesBackingBean.dataAccessCostPrice}. This EL Expression references a method in a Java backing bean that will call on to OES for an authorization decision.  In OES we model the authorization requirement by requiring the view permission on the resource /MyADFApp/data/costprice and granting it only to the staff application role.  We recover any obligations to determine the limit.  Policy 4: is implemented by putting an EL expression on the Browse Stock link #{oesBackingBean.UIAccessBrowseStock} which checks for the view permission on the /MyADFApp/ui/stock resource. The stock.jspx page is protected by checking for the same permission in a custom phase listener—if the required permission is not satisfied then we force navigation back to the welcome page. Policy 5: the Update Stock link is protected with the same EL expression as the Browse Link: #{oesBackingBean.UIAccessBrowseStock}.  However the Update Stock link launches a bounded task flow and to protect it the first activity in the flow is a method call activity which will execute an EL expression #{oesBackingBean.isUIAccessSupplierUpdateTransition}  to check for the update permission on the /MyADFApp/ui/stock resource and either transition to the next step in the flow or terminate the flow with an authorization error. Policy 6: the System Administration link is protected with an EL Expression #{oesBackingBean.UIAccessSysAdmin} that checks for view access on the /MyADF/ui/sysadmin resource.  The system page is protected in the same way at the stock page—the custom phase listener checks for the same permission that protects the link and if not satisfied we navigate back to the welcome page. Testing the Application To test the application: deploy the OES11g Admin to a WLS domain deploy the OES gateway in a another domain configured to be a WLS SM. You must ensure that the jps-config.xml file therein is configured to allow access to the identity store, otherwise the gateway will not b eable to resolve the principals for the requested users.  To do this ensure that the following elements appear in the jps-config.xml file: <serviceProvider type="IDENTITY_STORE" name="idstore.ldap.provider" class="oracle.security.jps.internal.idstore.ldap.LdapIdentityStoreProvider">             <description>LDAP-based IdentityStore Provider</description>  </serviceProvider> <serviceInstance name="idstore.ldap" provider="idstore.ldap.provider">             <property name="idstore.config.provider" value="oracle.security.jps.wls.internal.idstore.WlsLdapIdStoreConfigProvider"/>             <property name="CONNECTION_POOL_CLASS" value="oracle.security.idm.providers.stdldap.JNDIPool"/></serviceInstance> <serviceInstanceRef ref="idstore.ldap"/> download the sample application and change the URL to the gateway in the MyADFApp OESBackingBean code to point to the OES Gateway and deploy the application to an 11.1.1.6 WLS domain that has been extended with the ADF JRF files. You will need to configure the FOD database connection to point your database which contains the FOD schema. populate the OES Admin and OES Gateway WLS LDAP stores with the sample set of users and groups.  If  you have configured the WLS domains to point to the same LDAP then it would only have to be done once.  To help with this there is a directory called ldap_scripts in the sample project with ldif files for the test users and groups. start the OES Admin console and configure the required OES authorization policies for the MyADFApp application and push them to the WLS SM containing the OES Gateway. Login to the MyADFApp as each of the users described on the login page to test that the security policy is correct. You will see informative logging from the OES Gateway and the ADF application to their respective WLS consoles. Congratulations, you may now login to the OES Admin console and change policies that will control the behaviour of your ADF application--change the limit value in the obligation for the cost price for example, or define Role Mapping policies to determine staff access to the system administration page based on user profile attributes. ADF Development Notes Some notes on ADF development which are probably typical gotchas: May need this on WLS startup in order to allow us to overwrite credentials for the database, the signal here is that there is an error trying to access the data base: -Djps.app.credential.overwrite.allowed=true Best to call Bounded Task flows via a CommandLink (as opposed to a go link) as you cannot seem to start them again from a go link, even having completed the task flow correctly with a return activity. Once a bounded task flow (BTF) is initated it must complete correctly  via a return activity—attempting to click on any other link whilst in the context of a  BTF has no effect.  See here for example: When using the ADF Authentication only security approach it seems to be awkward to allow anonymous access to the welcome and registration pages.  We can achieve anonymous access using the web.xml security constraint shown above (where no auth-constraint is specified) however it is not clear what needs to be listed in there….for example the /afr/* and /adf/* are in there by trial and error as sometimes the welcome page will not render if we omit those items.  I was not able to use the default allPages constraint with for example the anonymous-role or the everyone WLS group in order to be able to allow anonymous access to pages. The ADF security best practice advises placing all pages under the public_html/WEB-INF folder as then ADF will not allow any direct access to the .jspx pages but will only allow acces via a link of the form /faces/welcome rather than /faces/welcome.jspx.  This seems like a very good practice to follow as having multiple entry points to data is a source of confusion in a web application (particulary from a security point of view). In Authentication+Authorization mode only pages with a Page definition file are protected.  In order to add an emty one right click on the page and choose Go to Page Definition.  This will create an empty page definition and now the page will require explicit permission to be seen. It is advisable to give a unique context root via the weblogic.xml for the application, as otherwise the application will clash with any other application with the same context root and it will not deploy

    Read the article

  • Unable to load type error in ASP.NET 4 application on Windows Server 2003 / IIS6 -- only happens after first worker process recycle

    - by Daniel Coffman
    I'm running an ASP.NET 4.0 web application on IIS6 (Windows Server 2003 x64). This app is one of many running on this server under the Default Web Site -- but is alone on it's own application pool because the other sites are all running ASP.NET 2.0 still. When I deploy my application, it works just fine until the application pool recycles or kills its worker process (by default 2 hours or 20 minutes with no activity). After this, I get the error: "Unable to load one or more of the requested types. Retrieve the LoaderExceptions property for more information. System.Reflection.ReflectionTypeLoadException: Unable to load one or more of the requested types. Retrieve the LoaderExceptions property for more information." Refreshing the page, recycling the application pool, and iisreset do nothing. But, I can bring the site back online again for a little while by simply redeploying it. The stack trace seems to start at an EntityDataSource -- see below: [ReflectionTypeLoadException: Unable to load one or more of the requested types. Retrieve the LoaderExceptions property for more information.] System.Reflection.RuntimeModule.GetTypes(RuntimeModule module) +0 System.Reflection.Assembly.GetTypes() +144 System.Data.Metadata.Edm.ObjectItemConventionAssemblyLoader.LoadTypesFromAssembly() +45 System.Data.Metadata.Edm.ObjectItemAssemblyLoader.Load() +34 System.Data.Metadata.Edm.AssemblyCache.LoadAssembly(Assembly assembly, Boolean loadReferencedAssemblies, ObjectItemLoadingSessionData loadingData) +130 System.Data.Metadata.Edm.AssemblyCache.LoadAssembly(Assembly assembly, Boolean loadReferencedAssemblies, KnownAssembliesSet knownAssemblies, EdmItemCollection edmItemCollection, Action`1 logLoadMessage, Object& loaderCookie, Dictionary`2& typesInLoading, List`1& errors) +248 System.Data.Metadata.Edm.ObjectItemCollection.LoadAssemblyFromCache(ObjectItemCollection objectItemCollection, Assembly assembly, Boolean loadReferencedAssemblies, EdmItemCollection edmItemCollection, Action`1 logLoadMessage) +580 System.Data.Metadata.Edm.ObjectItemCollection.ExplicitLoadFromAssembly(Assembly assembly, EdmItemCollection edmItemCollection, Action`1 logLoadMessage) +193 System.Data.Metadata.Edm.MetadataWorkspace.ExplicitLoadFromAssembly(Assembly assembly, ObjectItemCollection collection, Action`1 logLoadMessage) +140 System.Web.UI.WebControls.EntityDataSourceView.ConstructContext() +756 System.Web.UI.WebControls.EntityDataSourceView.ExecuteSelect(DataSourceSelectArguments arguments) +147 This is a bug filed for the same (or similar) problem: http://connect.microsoft.com/VisualStudio/feedback/details/541962/unable-to-load-one-or-more-of-the-requested-types-connected-with-entitydatasource Question: Has anyone seen this and have advice? I've tried copy-local on all the references... Works just fine on my dev machine. Works on the server until the application pool worker process recycles. I'm building in release mode, but experience the same result when I build for debug. I'm stumped.

    Read the article

  • HttpUtility.UrlEncode in console application

    - by iar
    I'd like to use HttpUtility.UrlEncode in a console application, VB.NET, VS 2010 Beta 2. System.Web.HttpUtility.UrlEncode(item) Error message: 'HttpUtility' is not a member of 'Web'. In this question Anjisan suggests to add a reference to System.Web, as follows: In your solution explorer, right click on references Choose "add reference" In the "Add Reference" dialog box, use the .NET tab Scroll down to System.Web, select that, and hit ok However, I don't have a System.Web entry at that location.

    Read the article

  • Blackberry Menu from native blackberry application

    - by chrishawn
    I have an application that inserts an ApplicationMenuItem into the native blackberry contacts menu. I can get this to work just fine. Now my question is how would I change or remove that ApplicationMenuItem based on the contact that i am highlighted on? Would I need to use a GlobalEventListener? I assume overriding makeMenu can only be done for menus on my own screens and not the native contacts screen?

    Read the article

  • Changing startup object of console application at runtime

    - by MicMit
    Assuming I've got several unrelated classes in separate files with a main method in each. Currently project is a console application and I just change a startup object in IDE to run respective main which instantiates respective class from IDE. Out of curiosity would it be possible to change the startup object dynamically at runtime somehow before launching this exe as an alternative of having this project as a class library and repeating code which I have in main(s) somewhere else.

    Read the article

  • Input event loop in a console application

    - by Álvaro
    Hi, I'm trying to make a little console application that is able to deal with keystrokes as events. What I need is mostly the ability to get the keystrokes and be able to do something with them without dealing with the typical stdin reading functions. I tried to check the code of programs like mplayer, which implement this (for stopping the play, for example), but I can't get to the core of this with such a big code base. Thanks

    Read the article

  • Relative connection string to AzMan XML store when using security application block

    - by David Hall
    Is it possible to specify a relative connection string for an AzMan XML store? My current connection string is connectionString="msxml://c:/azman.xml" but I really need to make that relative so other developers and automated builds can get the latest authorization store. MS documentation seems to suggest that connectionString="msxml://azman.xml" should work but that throws a The request is not supported error. EDIT: I realised that the fact I'm using AzMan through the Enterprise Library Security Application Block was important to the question.

    Read the article

  • ClickOnce Application Files dialog filename problem

    - by Ted N
    In the ClickOnce "Application Files" files dialog, most of the entries for files are listed with the name "C". I have seen this on a colleague's machine for a different project as well. Has anyone else seen this and is there a way to get the correct filename inserted? We are both using VS 2008.

    Read the article

  • Mobile Safari 5mb HTML5 application cache limit?

    - by JFH
    It's becoming evident in my testing that there's a 5mb size limit on Mobile Safari's implementation of HTML5's application cache. Does anyone know how to circumvent or raise this? Is there some unexposed meta tag that I should know about? I have to cache some video content for an offline app and 5mb is not going to be enough.

    Read the article

  • Windows application data directory

    - by Stefan
    With the environment variable %allusersprofile% I can get the directory where common settings are stored. But most programs store their settings in the sub-folder "anwendungsdaten" (German, application data). Is there a way to get the direct path to this folder? The problem is that its name is language dependent. Thanks.

    Read the article

  • asp.net application + single sign on

    - by pratik
    Hello, I want to implement single sign on in my asp.net web application. Scenario is something like below: user will get registered / sign up at "account.example.com" there will a link to "professional.example.com" when user goes to this link (step 2), they must remain logged in over here. Please suggest me the best solution for this. Regards, Pratik

    Read the article

  • N-Tiered application design tool

    - by Ben V
    I'm beginning the design of a medium-sized web application. I usually like to design from the top down, i.e., start at the highest level and design my way down. I am planning to have the following layers: Presentation (PHP/Ajax) Business Logic Data Access Database Now I'd like to start sketching out the major objects in each layer and the interaction between layers. Is there a tool more specific to this purpose than just using a graphics/diagramming tool like Visio?

    Read the article

  • facebook quote application error

    - by fusion
    how do i code a facebook quote application taking its data from php/mysql page generating quotes randomely? i've already developed one, but it's using jquery which fbml doesn't support and since i'd like the profile tab i'd rather go for fbml instead of iframe. anyone have any ideas on how to do this without jquery or using fbjs? thanks!

    Read the article

< Previous Page | 17 18 19 20 21 22 23 24 25 26 27 28  | Next Page >