Search Results

Search found 12720 results on 509 pages for 'moss2007 security'.

Page 21/509 | < Previous Page | 17 18 19 20 21 22 23 24 25 26 27 28 | Next Page >

web.config + asp.net MVC + location > system.web > authorization + Integrated Security

- by vdh_ant

Hi guys I have an ASP.Net MVC app using Integrated Security that I need to be able grant open access to a specific route. The route in question is '~/Agreements/Upload' and the config I have setup looks like this: <configuration> ... <location path="~/Agreements/Upload"> <system.web> <authorization> <allow users="*"/> </authorization> </system.web> </location> ... </configuration> I have tried a few things and nothing has worked thus far. In IIS under Directory Security Authentication Methods I only have "Integrated Windows Authentication" selected. Now this could be part of my problem (as even though IIS allows the above IIS doesn't). But if that's the case how do I configure it so that Integrated Security works but allows people who aren't authenticated to access the given route. Cheers Anthony

Read the article
Spring Security ACL: NotFoundException from JDBCMutableAclService.createAcl

- by user340202

Hello, I've been working on this task for too long to abandon the idea of using Spring Security to achieve it, but I wish that the community will provide with some support that will help reduce the regret that I have for choosing Spring Security. Enough ranting and now let's get to the point. I'm trying to create an ACL by using JDBCMutableAclService.createAcl as follows: [code] public void addPermission(IWFArtifact securedObject, Sid recipient, Permission permission, Class clazz) { ObjectIdentity oid = new ObjectIdentityImpl(clazz.getCanonicalName(), securedObject.getId()); this.addPermission(oid, recipient, permission); } @Override @Transactional(propagation = Propagation.REQUIRED, isolation = Isolation.READ_UNCOMMITTED, readOnly = false) public void addPermission(ObjectIdentity oid, Sid recipient, Permission permission) { SpringSecurityUtils.assureThreadLocalAuthSet(); MutableAcl acl; try { acl = this.mutableAclService.createAcl(oid); } catch (AlreadyExistsException e) { acl = (MutableAcl) this.mutableAclService.readAclById(oid); } // try { // acl = (MutableAcl) this.mutableAclService.readAclById(oid); // } catch (NotFoundException nfe) { // acl = this.mutableAclService.createAcl(oid); // } acl.insertAce(acl.getEntries().length, permission, recipient, true); this.mutableAclService.updateAcl(acl); } [/code] The call throws a NotFoundException from the line: [code] // Retrieve the ACL via superclass (ensures cache registration, proper retrieval etc) Acl acl = readAclById(objectIdentity); [/code] I believe this is caused by something related to Transactional, and that's why I have tested with many TransactionDefinition attributes. I have also doubted the annotation and tried with declarative transaction definition, but still with no luck. One important point is that I have used the statement used to insert the oid in the database earlier in the method directly on the database and it worked, and also threw a unique constraint exception at me when it tried to insert it in the method. I'm using Spring Security 2.0.8 and IceFaces 1.8 (which doesn't support spring 3.0 but definetely supprorts 2.0.x, specially when I keep caling SpringSecurityUtils.assureThreadLocalAuthSet()). My AppServer is Tomcat 6.0, and my DB Server is MySQL 6.0 I wish to get back a reply soon because I need to get this task off my way

Read the article
problem in handling menu - submenu based on spring security

- by Nirmal

Hi All... I have configured spring security core plugin using requestmap table inside the database.. Now inside requestmap table I have all the possible urls and it's equivalent roles who can access that url... Now I want to generate menus and submenus based on the urls stored in requestmap table... So my requirement is to check the urls of menu & submenus against the logged in users privileges... And if logged in user has any one privilege then I need to display that main menu and the available submenus.... For e.g. I have a menu in my project called user which has a following submenus : **Users (main menu)** Manage Users (sub menu) Import Users (sub menu) Now inside my header.gsp I have successfully achieved the above requirement using if else condition, like : if ( privs.contains("/users/manageUsers") || privs.contains("/users/importUsers")) here privs are the list of urls from requestmap table for logged in user. But I want to achieve these using spring security tag lib, so for comparing urls I have find following tag from spring security core documentation : <sec:access url="/users/manageUsers"> But i am bit confuse that how I can replace or condition using tag library.. Is there any tag available which checks from multiple urls and evaluate it to true or false ? Of course I can do using sec:access tag with some flag logic, but is there any tags available which can fulfill my requirement directly ? Thanks in advance...

Read the article
Web Applications Development: Security practices for Application design

- by Shyam

Hi, As I am creating more web applications that are targeted for multiple users, I figured out that I have to start thinking about user management and security. At a glance and in my ideal world, all users belong to a group. Permissions and access is thus defined per group (and inherited by the users of that group). Logically, I have my group of administrators, which are identified with a level "7" (integer) clearance. A group of webusers have for example level "1". This in generally all works great for me, but I need some kind of list that I have to keep in mind how I secure my system, and some general practices. I am not looking for a specific environment; I want to learn the why's and how's. An example is privilege escalation. If someone would be able to "push" themselves inside a group with higher privileges, for example the Administration, how can I prevent this, or what measures should I take to have some sort of precaution? I don't like in that case to walk into a caveat. My question is basically: where can I find a good resource, list, policy, book that explains the security of web applications, the why's, the how's and readable if you don't have any experience in the realm of advanced security? I prefer a free resource, as I believe I couldn't be the first one who thought about this. Thank you for your answers, comments and feedback.

Read the article
Transport Security with Certificate Authentication

- by Brian T

I'm getting the following error when I access my webservice localhost/MyService/MyService.svc The SSL settings for the service 'SslRequireCert' does not match those of the IIS 'Ssl, SslNegotiateCert'. I've following the web.config examples as specified in http://msdn.microsoft.com/en-us/library/ms731074.aspx Here is my wcf server web.config: <?xml version="1.0" encoding="UTF-8"?> <configuration xmlns="http://schemas.microsoft.com/.NetConfiguration/v2.0"> <appSettings /> <system.web> <identity impersonate="false" /> <roleManager enabled="true" /> <authentication mode="Windows" /> <customErrors mode="Off" /> <webServices> <protocols> <add name="HttpGet" /> <add name="HttpPost" /> </protocols> </webServices> </system.web> <system.webServer> <directoryBrowse enabled="true" /> <validation validateIntegratedModeConfiguration="false" /> <security> <authorization> <remove users="*" roles="" verbs="" /> <add accessType="Allow" users="*" roles="" /> </authorization> </security> </system.webServer> <system.serviceModel> <services> <service name="AspNetSqlProviderService" behaviorConfiguration="MyServiceBehavior"> <endpoint binding="wsHttpBinding" contract="Interface1" bindingConfiguration="CertificateWithTransportWSHttpBinding" /> <endpoint binding="wsHttpBinding" contract="Interface2" bindingConfiguration="CertificateWithTransportWSHttpBinding" /> <endpoint address="mex" binding="wsHttpBinding" bindingConfiguration="CertificateWithTransportWSHttpBinding" name="Metadata_Exchange" contract="IMetadataExchange" /> </service> </services> <behaviors> <serviceBehaviors> <behavior name="MyServiceBehavior"> <serviceDebug includeExceptionDetailInFaults="True" /> <serviceMetadata /> <serviceCredentials> <clientCertificate> <authentication trustedStoreLocation="LocalMachine" revocationMode="Online"/> </clientCertificate> </serviceCredentials> </behavior> </serviceBehaviors> </behaviors> <bindings> <wsHttpBinding> <binding name="CertificateWithTransportWSHttpBinding"> <security mode="Transport"> <transport clientCredentialType="Certificate" /> </security> </binding> </wsHttpBinding> </bindings> </system.serviceModel> </configuration> I've configured IIS as follows: https binding added using self signed certificate Under SSL settings, require SSL and accept client certificates is checked The self signed certificate has been added to the Local Computer Trusted Root CA. I can browse and execute the .asmx service definition, but the .svc gives me the error described above.

Read the article
Auszeichnung für Oracle beim Channel Marketing Award 2010: IT-Security Kampagne "Keine Aufregung" belegt 2. Platz

- by A&C Redaktion

Am 18. November wurde in Augsburg der Channel Marketing Award 2010 verliehen. Gesucht wurden die besten Kampagnen der IT-Branche, mit denen wirtschaftlich und kreativ herausragende Marketing-Aktivitäten rund um das Partner Business umgesetzt wurden. In der Kategorie With/Through Partner hat Oracle mit der IT-Security Kampagne www.keine-aufregung.de hinter Xerox den 2. Platz belegt! Damit verwies „Keine Aufregung", durchgeführt von Bozana Pistorius im Januar 2010, Kampagnen von IBM, Corel und E-Plus auf die Plätze. Bilder der Kampagnen sind hier zu finden. Die Berichterstattung zum CMA Award gibt es online bei IT-Business inklusive Video und Bildergalerie. V.l.n.r.: Alexander Woelke (Woelke von der Brüggen), Sarah Olbrich (Woelke von der Brüggen), Bozana Pistorius (Oracle), Claudine Petit (Cloudbridge Consulting) und Werner Nieberle (Vogel IT Medien)

Read the article
Is an 'if password == XXXXXXX' enough for minimum security?

- by Morgan Herlocker

If I create a login for an app that has middle to low security risk (in other words, its not a banking app or anything), is it acceptable for me to verify a password entered by the user by just saying something like: if(enteredPassword == verifiedPassword) SendToRestrictedArea(); else DisplayPasswordUnknownMessage(); It seems to easy to be effective, but I certainly would not mind if that was all that was required. Is a simple check on username/password combo enough? Update: The particular project happens to be a web service, the verification is entirely server side, and it is not open-source. Does the domain change how you would deal with this?

Read the article
What sort of security method is this called (if it has a name)?

- by loosebruce

I have thought of a way of securing access to an application interacting with another application. Using this method Application 1 - "What is the sum of 1+1?" Application 2 - "3" Application 1 - "Access granted" Is this method used a lot, does it have a classification in the programming world? The advantages for me of using this is that I do not have to spend more effort implementing security keys/certificates. Any unauthorized machine trying to interpret it would give the correct result and identify itself as untrusted. What sort of weaknesses are there to doing this?

Read the article
My very first serious project and I'm concerned about security.

- by ilhan

I'm making a small social networking web site for a specific university's students (where I study) and I'm concerned about security (access to the database). What should I do? What I have to check for last time until I went online? (Yeah, Facebook Facebook. Facebook don't have that community sense. You cannot find all your department mates on Facebook. You cannot see all foreign students on Facebook. You cannot hide your identity on Facebook while commenting, etc etc. Just please don't compare it with Facebook, we had a great local social network until it went public . * ))

Read the article
Is an 'if password == XXXXXXX' enough for minimum security?

- by Prof Plum

If I create a login for an app that has middle to low security risk (in other words, its not a banking app or anything), is it acceptable for me to verify a password entered by the user by just saying something like: if(enteredPassword == verifiedPassword) SendToRestrictedArea(); else DisplayPasswordUnknownMessage(); It seems to easy to be effective, but I certainly would not mind if that was all that was required. Is a simple check on username/password combo enough? Update: The particular project happens to be a web service, the verification is entirely server side, and it is not open-source. Does the domain change how you would deal with this?

Read the article
How can I set an account lockout policy for the administrator account on rdp?

- by reinier

I'm following this page on security tips for RDP (for my online server): http://www.mobydisk.com/techres/securing_remote_desktop.html Now I don't have a special user account for RDP access. Just the administrator can log on. However, I want to make sure that someone can't brute force the password. I've set the 'account lockout policy' to 3 attempts and a retry after 3 minutes. However, when I connect back with RDP I can still try 5 times before RDP breaks the connection. I can then immediately reconnect and try 5 more times. Any ideas if there is a lockout policy which also holds true fro the admin?

Read the article
Safe to use high port numbers? (re: obscuring web services)

- by sofakng

I have a small home network and I'm trying to balance the need for security versus convenience. The safest way to secure internal web servers is to only connect using VPNs but this seems overkill to protect a DVRs remote web interface (for example). As a compromise, would it be better to use very large ports numbers? (eg. five digits up to 65531) I've read that port scanners typically only scan the first 10,000 ports so using very high port numbers is a bit more secure. Is this true? Are there better ways to protect web servers? (ie. web guis for applications)

Read the article
Safe to use high port numbers? (re: obscuring web services)

- by sofakng

I have a small home network and I'm trying to balance the need for security versus convenience. The safest way to secure internal web servers is to only connect using VPNs but this seems overkill to protect a DVRs remote web interface (for example). As a compromise, would it be better to use very large ports numbers? (eg. five digits up to 65531) I've read that port scanners typically only scan the first 10,000 ports so using very high port numbers is a bit more secure. Is this true? Are there better ways to protect web servers? (ie. web guis for applications)

Read the article
the size of apt-get update lists is too big

- by dumb906

I ran a clean install to Ubuntu 12.04 and so far everything has been working well. I especially commend the Ubuntu team for this release. I only noticed that the size of repository update is now about ~13MB. Normally, it is about this size for the first time you run apt-get update after a clean install and then ~ 23kb - 1300kb for subsequent updates. The output from apt-get update is the same I get for previous versions of Ubuntu (its pretty normal). Its a bit too long but look at an example output I got from running apt-get update. Ign http://archive.canonical.com precise InRelease Ign http://dl.google.com stable InRelease Ign http://dl.google.com stable InRelease Ign http://ppa.launchpad.net precise InRelease Ign http://ppa.launchpad.net precise InRelease Ign http://ppa.launchpad.net precise InRelease Hit http://download.virtualbox.org precise InRelease Ign http://security.ubuntu.com precise-security InRelease Ign http://linux.dropbox.com precise InRelease Ign http://extras.ubuntu.com precise InRelease Ign http://download.skype.com stable InRelease Hit http://archive.canonical.com precise Release.gpg Get:1 http://dl.google.com stable Release.gpg [198 B] Ign http://ppa.launchpad.net precise InRelease Ign http://ppa.launchpad.net precise InRelease Ign http://ppa.launchpad.net precise InRelease Ign http://ppa.launchpad.net precise InRelease Ign http://ppa.launchpad.net precise InRelease Ign http://ppa.launchpad.net precise InRelease Ign http://ppa.launchpad.net precise InRelease Ign http://ppa.launchpad.net precise InRelease Ign http://ppa.launchpad.net oneiric InRelease Ign http://ppa.launchpad.net precise InRelease Get:2 http://security.ubuntu.com precise-security Release.gpg [198 B] Get:3 http://extras.ubuntu.com precise Release.gpg [72 B] Hit http://download.virtualbox.org precise/contrib i386 Packages Ign http://download.skype.com stable Release.gpg Hit http://linux.dropbox.com precise Release.gpg Ign http://us.archive.ubuntu.com precise InRelease Ign http://us.archive.ubuntu.com precise-updates InRelease Ign http://us.archive.ubuntu.com precise-backports InRelease Hit http://archive.canonical.com precise Release Get:4 http://dl.google.com stable Release.gpg [198 B] Ign http://ppa.launchpad.net oneiric InRelease Ign http://ppa.launchpad.net oneiric InRelease Ign http://ppa.launchpad.net precise InRelease Ign http://ppa.launchpad.net precise InRelease Ign http://ppa.launchpad.net precise InRelease Hit http://ppa.launchpad.net precise Release.gpg Hit http://ppa.launchpad.net precise Release.gpg Get:5 http://security.ubuntu.com precise-security Release [49.6 kB] Hit http://extras.ubuntu.com precise Release Ign http://download.skype.com stable Release Ign http://download.virtualbox.org precise/contrib TranslationIndex Get:6 http://us.archive.ubuntu.com precise Release.gpg [198 B] Hit http://archive.canonical.com precise/partner i386 Packages Hit http://linux.dropbox.com precise Release Get:7 http://ppa.launchpad.net precise Release.gpg [316 B] Hit http://ppa.launchpad.net precise Release.gpg Hit http://ppa.launchpad.net precise Release.gpg Hit http://extras.ubuntu.com precise/main Sources Get:8 http://ppa.launchpad.net precise Release.gpg [316 B] Hit http://ppa.launchpad.net precise Release.gpg Hit http://ppa.launchpad.net precise Release.gpg Hit http://ppa.launchpad.net precise Release.gpg Hit http://ppa.launchpad.net precise Release.gpg Get:9 http://us.archive.ubuntu.com precise-updates Release.gpg [198 B] Ign http://archive.canonical.com precise/partner TranslationIndex Ign http://download.skype.com stable/non-free i386 Packages/DiffIndex Get:10 http://dl.google.com stable Release [1,347 B] Hit http://linux.dropbox.com precise/main i386 Packages Hit http://ppa.launchpad.net precise Release.gpg Hit http://ppa.launchpad.net oneiric Release.gpg Hit http://extras.ubuntu.com precise/main i386 Packages Ign http://extras.ubuntu.com precise/main TranslationIndex Hit http://ppa.launchpad.net precise Release.gpg Hit http://ppa.launchpad.net oneiric Release.gpg Hit http://ppa.launchpad.net oneiric Release.gpg Hit http://ppa.launchpad.net precise Release.gpg Hit http://ppa.launchpad.net precise Release.gpg Get:11 http://us.archive.ubuntu.com precise-backports Release.gpg [198 B] Ign http://download.skype.com stable/non-free TranslationIndex Get:12 http://dl.google.com stable Release [1,347 B] Hit http://ppa.launchpad.net precise Release.gpg Hit http://ppa.launchpad.net precise Release Hit http://ppa.launchpad.net precise Release Ign http://linux.dropbox.com precise/main TranslationIndex Hit http://ppa.launchpad.net precise Release Ign http://ppa.launchpad.net precise Release Hit http://ppa.launchpad.net precise Release Hit http://ppa.launchpad.net precise Release Get:13 http://ppa.launchpad.net precise Release [11.9 kB] Get:14 http://us.archive.ubuntu.com precise Release [49.6 kB] Hit http://download.skype.com stable/non-free i386 Packages Get:15 http://dl.google.com stable/main i386 Packages [1,268 B] Ign http://dl.google.com stable/main TranslationIndex Hit http://ppa.launchpad.net precise Release Hit http://ppa.launchpad.net precise Release Hit http://ppa.launchpad.net precise Release Hit http://ppa.launchpad.net precise Release Hit http://ppa.launchpad.net precise Release Hit http://ppa.launchpad.net oneiric Release Hit http://ppa.launchpad.net precise Release Hit http://ppa.launchpad.net oneiric Release Get:16 http://security.ubuntu.com precise-security/main Sources [7,089 B] Hit http://ppa.launchpad.net oneiric Release Get:17 http://dl.google.com stable/main i386 Packages [769 B] Ign http://dl.google.com stable/main TranslationIndex Hit http://ppa.launchpad.net precise Release Hit http://ppa.launchpad.net precise Release Hit http://ppa.launchpad.net precise Release Hit http://ppa.launchpad.net precise/main Sources Hit http://ppa.launchpad.net precise/main i386 Packages Get:18 http://security.ubuntu.com precise-security/restricted Sources [14 B] Get:19 http://security.ubuntu.com precise-security/universe Sources [3,653 B] Get:20 http://security.ubuntu.com precise-security/multiverse Sources [696 B] Get:21 http://security.ubuntu.com precise-security/main i386 Packages [32.9 kB] Ign http://ppa.launchpad.net precise/main TranslationIndex Hit http://ppa.launchpad.net precise/main Sources Hit http://ppa.launchpad.net precise/main i386 Packages Ign http://ppa.launchpad.net precise/main TranslationIndex Get:22 http://us.archive.ubuntu.com precise-updates Release [49.6 kB] Ign http://ppa.launchpad.net precise/main Sources/DiffIndex Ign http://ppa.launchpad.net precise/main i386 Packages/DiffIndex Ign http://ppa.launchpad.net precise/main TranslationIndex Hit http://ppa.launchpad.net precise/main Sources Hit http://ppa.launchpad.net precise/main i386 Packages Get:23 http://security.ubuntu.com precise-security/restricted i386 Packages [14 B] Get:24 http://security.ubuntu.com precise-security/universe i386 Packages [8,594 B] Get:25 http://security.ubuntu.com precise-security/multiverse i386 Packages [1,393 B] Hit http://security.ubuntu.com precise-security/main TranslationIndex Hit http://security.ubuntu.com precise-security/multiverse TranslationIndex Hit http://security.ubuntu.com precise-security/restricted TranslationIndex Hit http://security.ubuntu.com precise-security/universe TranslationIndex Ign http://ppa.launchpad.net precise/main TranslationIndex Get:26 http://us.archive.ubuntu.com precise-backports Release [49.6 kB] Hit http://ppa.launchpad.net precise/main Sources Hit http://ppa.launchpad.net precise/main i386 Packages Ign http://ppa.launchpad.net precise/main TranslationIndex Get:27 http://ppa.launchpad.net precise/main i386 Packages [1,276 B] Ign http://ppa.launchpad.net precise/main TranslationIndex Hit http://ppa.launchpad.net precise/main Sources Hit http://ppa.launchpad.net precise/main i386 Packages Ign http://ppa.launchpad.net precise/main TranslationIndex Hit http://ppa.launchpad.net precise/main Sources Get:28 http://us.archive.ubuntu.com precise/main Sources [934 kB] Hit http://ppa.launchpad.net precise/main i386 Packages Ign http://ppa.launchpad.net precise/main TranslationIndex Hit http://ppa.launchpad.net precise/main Sources Hit http://ppa.launchpad.net precise/main i386 Packages Ign http://ppa.launchpad.net precise/main TranslationIndex Hit http://ppa.launchpad.net precise/main i386 Packages Hit http://security.ubuntu.com precise-security/main Translation-en Hit http://security.ubuntu.com precise-security/multiverse Translation-en Hit http://security.ubuntu.com precise-security/restricted Translation-en Ign http://ppa.launchpad.net precise/main TranslationIndex Hit http://ppa.launchpad.net precise/main i386 Packages Ign http://ppa.launchpad.net precise/main TranslationIndex Hit http://ppa.launchpad.net oneiric/main Sources Hit http://ppa.launchpad.net oneiric/main i386 Packages Ign http://ppa.launchpad.net oneiric/main TranslationIndex Hit http://ppa.launchpad.net precise/main i386 Packages Ign http://ppa.launchpad.net precise/main TranslationIndex Hit http://ppa.launchpad.net oneiric/main Sources Hit http://security.ubuntu.com precise-security/universe Translation-en Ign http://archive.canonical.com precise/partner Translation-en_US Hit http://ppa.launchpad.net oneiric/main i386 Packages Ign http://ppa.launchpad.net oneiric/main TranslationIndex Hit http://ppa.launchpad.net oneiric/main Sources Hit http://ppa.launchpad.net oneiric/main i386 Packages Ign http://ppa.launchpad.net oneiric/main TranslationIndex Hit http://ppa.launchpad.net precise/main Sources Ign http://extras.ubuntu.com precise/main Translation-en_US Ign http://download.virtualbox.org precise/contrib Translation-en_US Ign http://archive.canonical.com precise/partner Translation-en Hit http://ppa.launchpad.net precise/main i386 Packages Ign http://ppa.launchpad.net precise/main TranslationIndex Hit http://ppa.launchpad.net precise/main Sources Hit http://ppa.launchpad.net precise/main i386 Packages Ign http://ppa.launchpad.net precise/main TranslationIndex Ign http://extras.ubuntu.com precise/main Translation-en Ign http://download.virtualbox.org precise/contrib Translation-en Hit http://ppa.launchpad.net precise/main Sources Hit http://ppa.launchpad.net precise/main i386 Packages Ign http://ppa.launchpad.net precise/main TranslationIndex Hit http://ppa.launchpad.net precise/main Sources Ign http://linux.dropbox.com precise/main Translation-en_US Hit http://ppa.launchpad.net precise/main i386 Packages Ign http://download.skype.com stable/non-free Translation-en_US Ign http://linux.dropbox.com precise/main Translation-en Ign http://download.skype.com stable/non-free Translation-en Ign http://dl.google.com stable/main Translation-en_US Ign http://dl.google.com stable/main Translation-en Ign http://dl.google.com stable/main Translation-en_US Get:29 http://us.archive.ubuntu.com precise/restricted Sources [5,470 B] Get:30 http://us.archive.ubuntu.com precise/universe Sources [5,019 kB] Ign http://dl.google.com stable/main Translation-en Get:31 http://us.archive.ubuntu.com precise/multiverse Sources [155 kB] Get:32 http://us.archive.ubuntu.com precise/main i386 Packages [1,274 kB] Get:33 http://us.archive.ubuntu.com precise/restricted i386 Packages [8,431 B] Get:34 http://us.archive.ubuntu.com precise/universe i386 Packages [4,796 kB] Ign http://ppa.launchpad.net precise/main Translation-en_US Ign http://ppa.launchpad.net precise/main Translation-en Ign http://ppa.launchpad.net precise/main Translation-en_US Ign http://ppa.launchpad.net precise/main Translation-en Ign http://ppa.launchpad.net precise/main Translation-en_US Ign http://ppa.launchpad.net precise/main Translation-en Ign http://ppa.launchpad.net precise/main Translation-en_US Ign http://ppa.launchpad.net precise/main Translation-en Ign http://ppa.launchpad.net precise/main Translation-en_US Ign http://ppa.launchpad.net precise/main Translation-en Ign http://ppa.launchpad.net precise/main Translation-en_US Ign http://ppa.launchpad.net precise/main Translation-en Ign http://ppa.launchpad.net precise/main Translation-en_US Ign http://ppa.launchpad.net precise/main Translation-en Ign http://ppa.launchpad.net precise/main Translation-en_US Ign http://ppa.launchpad.net precise/main Translation-en Ign http://ppa.launchpad.net precise/main Translation-en_US Ign http://ppa.launchpad.net precise/main Translation-en Ign http://ppa.launchpad.net precise/main Translation-en_US Ign http://ppa.launchpad.net precise/main Translation-en Ign http://ppa.launchpad.net precise/main Translation-en_US Ign http://ppa.launchpad.net precise/main Translation-en Ign http://ppa.launchpad.net oneiric/main Translation-en_US Ign http://ppa.launchpad.net oneiric/main Translation-en Ign http://ppa.launchpad.net precise/main Translation-en_US Ign http://ppa.launchpad.net precise/main Translation-en Ign http://ppa.launchpad.net oneiric/main Translation-en_US Ign http://ppa.launchpad.net oneiric/main Translation-en Ign http://ppa.launchpad.net oneiric/main Translation-en_US Ign http://ppa.launchpad.net oneiric/main Translation-en Ign http://ppa.launchpad.net precise/main Translation-en_US Ign http://ppa.launchpad.net precise/main Translation-en Ign http://ppa.launchpad.net precise/main Translation-en_US Ign http://ppa.launchpad.net precise/main Translation-en Ign http://ppa.launchpad.net precise/main Translation-en_US Ign http://ppa.launchpad.net precise/main Translation-en Get:35 http://us.archive.ubuntu.com precise/multiverse i386 Packages [121 kB] Hit http://us.archive.ubuntu.com precise/main TranslationIndex Hit http://us.archive.ubuntu.com precise/multiverse TranslationIndex Hit http://us.archive.ubuntu.com precise/restricted TranslationIndex Hit http://us.archive.ubuntu.com precise/universe TranslationIndex Get:36 http://us.archive.ubuntu.com precise-updates/main Sources [31.2 kB] Get:37 http://us.archive.ubuntu.com precise-updates/restricted Sources [765 B] Get:38 http://us.archive.ubuntu.com precise-updates/universe Sources [10.1 kB] Get:39 http://us.archive.ubuntu.com precise-updates/multiverse Sources [696 B] Get:40 http://us.archive.ubuntu.com precise-updates/main i386 Packages [96.5 kB] Get:41 http://us.archive.ubuntu.com precise-updates/restricted i386 Packages [770 B] Get:42 http://us.archive.ubuntu.com precise-updates/universe i386 Packages [27.7 kB] Get:43 http://us.archive.ubuntu.com precise-updates/multiverse i386 Packages [1,393 B] Hit http://us.archive.ubuntu.com precise-updates/main TranslationIndex Hit http://us.archive.ubuntu.com precise-updates/multiverse TranslationIndex Hit http://us.archive.ubuntu.com precise-updates/restricted TranslationIndex Hit http://us.archive.ubuntu.com precise-updates/universe TranslationIndex Get:44 http://us.archive.ubuntu.com precise-backports/main Sources [700 B] Get:45 http://us.archive.ubuntu.com precise-backports/restricted Sources [14 B] Get:46 http://us.archive.ubuntu.com precise-backports/universe Sources [1,680 B] Get:47 http://us.archive.ubuntu.com precise-backports/multiverse Sources [14 B] Get:48 http://us.archive.ubuntu.com precise-backports/main i386 Packages [559 B] Get:49 http://us.archive.ubuntu.com precise-backports/restricted i386 Packages [14 B] Get:50 http://us.archive.ubuntu.com precise-backports/universe i386 Packages [1,391 B] Get:51 http://us.archive.ubuntu.com precise-backports/multiverse i386 Packages [14 B] Hit http://us.archive.ubuntu.com precise-backports/main TranslationIndex Hit http://us.archive.ubuntu.com precise-backports/multiverse TranslationIndex Hit http://us.archive.ubuntu.com precise-backports/restricted TranslationIndex Hit http://us.archive.ubuntu.com precise-backports/universe TranslationIndex Hit http://us.archive.ubuntu.com precise/main Translation-en Hit http://us.archive.ubuntu.com precise/multiverse Translation-en Hit http://us.archive.ubuntu.com precise/restricted Translation-en Hit http://us.archive.ubuntu.com precise/universe Translation-en Hit http://us.archive.ubuntu.com precise-updates/main Translation-en Hit http://us.archive.ubuntu.com precise-updates/multiverse Translation-en Hit http://us.archive.ubuntu.com precise-updates/restricted Translation-en Hit http://us.archive.ubuntu.com precise-updates/universe Translation-en Hit http://us.archive.ubuntu.com precise-backports/main Translation-en Hit http://us.archive.ubuntu.com precise-backports/multiverse Translation-en Hit http://us.archive.ubuntu.com precise-backports/restricted Translation-en Hit http://us.archive.ubuntu.com precise-backports/universe Translation-en Fetched 12.8 MB in 1min 33s (137 kB/s) Is this a new feature in 12.04? Or, if it is unintended, is there a way I can fix this? Thanks.

Read the article
how to enable WCF Session with wsHttpBidning with Transport only Security

- by Mubashar Ahmad

Dear Devs I have a WCF Service currently deployed with basicHttpBindings and SSL enabled. But now i need to enable wcf sessions(not asp sessions) so i moved service to wsHttpBidnings but sessions are not enabled I have set [ServiceBehavior(InstanceContextMode = InstanceContextMode.PerSession)] But when i set SessionMode=SessionMode.Required on service contract it says Contract requires Session, but Binding 'WSHttpBinding' doesn't support it or isn't configured properly to support it. following is the definition of WSHttpBinding <wsHttpBinding> <binding name="wsHttpBinding"> <readerQuotas maxStringContentLength="10240" /> <reliableSession enabled="false" /> <security mode="Transport"> <transport clientCredentialType="None"> <extendedProtectionPolicy policyEnforcement="Never" /> </transport> </security> </binding> </wsHttpBinding> please help me with this

Read the article
Spring 3 Security Authentication Success Handler

- by Eqbal

I am using form-login for security and I am trying to implement an authentication success handler, but I am not sure how to go back to the resource that was initially requested before the login process. By default I think it implements a SimpleUrlAuthenticationSuccessHandler and I tried to mirror that class implementation. But it sets a setDefaultTargetUrl(defaultTargetUrl) and perhaps thats where the magic happens that it remembers the resource to go back to after the login process. Any help is greatly appreciated. Below is my spring security <form-login/> element <form-login login-page="/login.jsp" login-processing-url="/b2broe_login" authentication-success-handler-ref="passwordExpiredHandler" authentication-failure-url="/login.jsp?loginfailed=true" />

Read the article
Java installation problem

- by Zxy

I cannot install java on my ubuntu 12.04: zero@ghostrider:~$ sudo apt-get purge openjdk* [sudo] password for zero: Reading package lists... Done Building dependency tree Reading state information... Done Note, selecting 'openjdk-6-demo' for regex 'openjdk*' Note, selecting 'openjdk-7-jre-headless' for regex 'openjdk*' Note, selecting 'uwsgi-plugin-jwsgi-openjdk-6' for regex 'openjdk*' Note, selecting 'openjdk-jre' for regex 'openjdk*' Note, selecting 'openjdk-7-source' for regex 'openjdk*' Note, selecting 'openjdk-6-dbg' for regex 'openjdk*' Note, selecting 'openjdk7-jdk' for regex 'openjdk*' Note, selecting 'openjdk-6-doc' for regex 'openjdk*' Note, selecting 'openjdk-7-jre-zero' for regex 'openjdk*' Note, selecting 'openjdk-7-demo' for regex 'openjdk*' Note, selecting 'openjdk-6-jre-headless' for regex 'openjdk*' Note, selecting 'openjdk-6-jdk' for regex 'openjdk*' Note, selecting 'openjdk-6-jre' for regex 'openjdk*' Note, selecting 'openjdk-6-jre-lib' for regex 'openjdk*' Note, selecting 'openjdk-6-jre-zero' for regex 'openjdk*' Note, selecting 'openjdk-7-dbg' for regex 'openjdk*' Note, selecting 'openjdk-7-doc' for regex 'openjdk*' Note, selecting 'openjdk-7-jdk' for regex 'openjdk*' Note, selecting 'openjdk-7-jre' for regex 'openjdk*' Note, selecting 'openjdk-6-source' for regex 'openjdk*' Note, selecting 'openjdk-7-jre-lib' for regex 'openjdk*' Note, selecting 'uwsgi-plugin-jvm-openjdk-6' for regex 'openjdk*' Package uwsgi-plugin-jvm-openjdk-6 is not installed, so not removed Package uwsgi-plugin-jwsgi-openjdk-6 is not installed, so not removed Package openjdk-6-dbg is not installed, so not removed Package openjdk-6-demo is not installed, so not removed Package openjdk-6-doc is not installed, so not removed Package openjdk-6-jdk is not installed, so not removed Package openjdk-6-jre is not installed, so not removed Package openjdk-6-jre-headless is not installed, so not removed Package openjdk-6-jre-lib is not installed, so not removed Package openjdk-6-source is not installed, so not removed Package openjdk-6-jre-zero is not installed, so not removed Package openjdk-7-dbg is not installed, so not removed Package openjdk-7-demo is not installed, so not removed Package openjdk-7-doc is not installed, so not removed Package openjdk-7-jdk is not installed, so not removed Package openjdk-7-jre is not installed, so not removed Package openjdk-7-jre-headless is not installed, so not removed Package openjdk-7-jre-lib is not installed, so not removed Package openjdk-7-jre-zero is not installed, so not removed Package openjdk-7-source is not installed, so not removed 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 1 not fully installed or removed. After this operation, 0 B of additional disk space will be used. Setting up oracle-java7-installer (7u3-0~eugenesan~precise4) ... Downloading... --2012-06-11 23:56:42-- http://download.oracle.com/otn-pub/java/jdk/7u3-b04/jdk- 7u3-linux-i586.tar.gz Resolving download.oracle.com (download.oracle.com)... 64.209.77.18 Connecting to download.oracle.com (download.oracle.com)|64.209.77.18|:80... connected. HTTP request sent, awaiting response... 302 Moved Temporarily Location: https://edelivery.oracle.com/otn-pub/java/jdk/7u3-b04/jdk-7u3-linux-i586.tar.gz [following] --2012-06-11 23:56:42-- https://edelivery.oracle.com/otn-pub/java/jdk/7u3-b04/jdk-7u3-linux-i586.tar.gz Resolving edelivery.oracle.com (edelivery.oracle.com)... 95.101.122.174 Connecting to edelivery.oracle.com (edelivery.oracle.com)|95.101.122.174|:443... connected. HTTP request sent, awaiting response... 302 Moved Temporarily Location: http://download.oracle.com/errors/download-fail-1505220.html [following] --2012-06-11 23:56:44-- http://download.oracle.com/errors/download-fail-1505220.html Connecting to download.oracle.com (download.oracle.com)|64.209.77.18|:80... connected. HTTP request sent, awaiting response... 200 OK Length: 5307 (5.2K) [text/html] Saving to: `./jdk-7u3-linux-i586.tar.gz' 0K ..... 100% 1007K=0.005s 2012-06-11 23:56:44 (1007 KB/s) - `./jdk-7u3-linux-i586.tar.gz' saved [5307/5307] Download done. sha256sum mismatch jdk-7u3-linux-i586.tar.gz Oracle JDK 7 is NOT installed. dpkg: error processing oracle-java7-installer (--configure): subprocess installed post-installation script returned error exit status 1 No apport report written because MaxReports is reached already Errors were encountered while processing: oracle-java7-installer E: Sub-process /usr/bin/dpkg returned an error code (1) zero@ghostrider:~$ sudo add-apt-repository ppa:eugenesan/java You are about to add the following PPA to your system: More info: https://launchpad.net/~eugenesan/+archive/java Press [ENTER] to continue or ctrl-c to cancel adding it Executing: gpg --ignore-time-conflict --no-options --no-default-keyring --secret- keyring /tmp/tmp.uGcZHfsoNF --trustdb-name /etc/apt/trustdb.gpg --keyring /etc/apt/trusted.gpg --primary-keyring /etc/apt/trusted.gpg --keyserver hkp://keyserver.ubuntu.com:80/ --recv 4346FBB158F4022C896164EEE61380B28313A596 gpg: requesting key 8313A596 from hkp server keyserver.ubuntu.com gpg: key 8313A596: "Launchpad synergy+" not changed gpg: Total number processed: 1 gpg: unchanged: 1 zero@ghostrider:~$ sudo apt-get update Ign http://tr.archive.ubuntu.com precise InRelease Ign http://tr.archive.ubuntu.com precise-updates InRelease Ign http://tr.archive.ubuntu.com precise-backports InRelease Hit http://tr.archive.ubuntu.com precise Release.gpg Hit http://tr.archive.ubuntu.com precise-updates Release.gpg Hit http://tr.archive.ubuntu.com precise-backports Release.gpg Hit http://tr.archive.ubuntu.com precise Release Ign http://extras.ubuntu.com precise InRelease Ign http://security.ubuntu.com precise-security InRelease Hit http://tr.archive.ubuntu.com precise-updates Release Ign http://ppa.launchpad.net precise InRelease Hit http://tr.archive.ubuntu.com precise-backports Release Hit http://tr.archive.ubuntu.com precise/main Sources Hit http://tr.archive.ubuntu.com precise/restricted Sources Hit http://tr.archive.ubuntu.com precise/universe Sources Hit http://tr.archive.ubuntu.com precise/multiverse Sources Hit http://tr.archive.ubuntu.com precise/main i386 Packages Hit http://tr.archive.ubuntu.com precise/restricted i386 Packages Hit http://tr.archive.ubuntu.com precise/universe i386 Packages Hit http://extras.ubuntu.com precise Release.gpg Hit http://ppa.launchpad.net precise Release.gpg Hit http://security.ubuntu.com precise-security Release.gpg Hit http://tr.archive.ubuntu.com precise/multiverse i386 Packages Hit http://tr.archive.ubuntu.com precise/main TranslationIndex Hit http://tr.archive.ubuntu.com precise/multiverse TranslationIndex Hit http://tr.archive.ubuntu.com precise/restricted TranslationIndex Hit http://tr.archive.ubuntu.com precise/universe TranslationIndex Hit http://tr.archive.ubuntu.com precise-updates/main Sources Hit http://tr.archive.ubuntu.com precise-updates/restricted Sources Hit http://tr.archive.ubuntu.com precise-updates/universe Sources Hit http://tr.archive.ubuntu.com precise-updates/multiverse Sources Hit http://tr.archive.ubuntu.com precise-updates/main i386 Packages Hit http://extras.ubuntu.com precise Release Hit http://ppa.launchpad.net precise Release Hit http://security.ubuntu.com precise-security Release Hit http://tr.archive.ubuntu.com precise-updates/restricted i386 Packages Hit http://tr.archive.ubuntu.com precise-updates/universe i386 Packages Hit http://tr.archive.ubuntu.com precise-updates/multiverse i386 Packages Hit http://tr.archive.ubuntu.com precise-updates/main TranslationIndex Hit http://tr.archive.ubuntu.com precise-updates/multiverse TranslationIndex Hit http://tr.archive.ubuntu.com precise-updates/restricted TranslationIndex Hit http://tr.archive.ubuntu.com precise-updates/universe TranslationIndex Hit http://tr.archive.ubuntu.com precise-backports/main Sources Hit http://tr.archive.ubuntu.com precise-backports/restricted Sources Hit http://tr.archive.ubuntu.com precise-backports/universe Sources Hit http://tr.archive.ubuntu.com precise-backports/multiverse Sources Hit http://tr.archive.ubuntu.com precise-backports/main i386 Packages Hit http://tr.archive.ubuntu.com precise-backports/restricted i386 Packages Hit http://tr.archive.ubuntu.com precise-backports/universe i386 Packages Hit http://tr.archive.ubuntu.com precise-backports/multiverse i386 Packages Hit http://tr.archive.ubuntu.com precise-backports/main TranslationIndex Hit http://extras.ubuntu.com precise/main Sources Hit http://ppa.launchpad.net precise/main Sources Hit http://security.ubuntu.com precise-security/main Sources Hit http://tr.archive.ubuntu.com precise-backports/multiverse TranslationIndex Hit http://tr.archive.ubuntu.com precise-backports/restricted TranslationIndex Hit http://tr.archive.ubuntu.com precise-backports/universe TranslationIndex Hit http://tr.archive.ubuntu.com precise/main Translation-en Hit http://tr.archive.ubuntu.com precise/multiverse Translation-en Hit http://extras.ubuntu.com precise/main i386 Packages Ign http://extras.ubuntu.com precise/main TranslationIndex Hit http://tr.archive.ubuntu.com precise/restricted Translation-en Hit http://tr.archive.ubuntu.com precise/universe Translation-en Hit http://tr.archive.ubuntu.com precise-updates/main Translation-en Hit http://tr.archive.ubuntu.com precise-updates/multiverse Translation-en Hit http://tr.archive.ubuntu.com precise-updates/restricted Translation-en Hit http://ppa.launchpad.net precise/main i386 Packages Ign http://ppa.launchpad.net precise/main TranslationIndex Hit http://security.ubuntu.com precise-security/restricted Sources Hit http://security.ubuntu.com precise-security/universe Sources Hit http://security.ubuntu.com precise-security/multiverse Sources Hit http://security.ubuntu.com precise-security/main i386 Packages Hit http://security.ubuntu.com precise-security/restricted i386 Packages Hit http://tr.archive.ubuntu.com precise-updates/universe Translation-en Hit http://tr.archive.ubuntu.com precise-backports/main Translation-en Hit http://tr.archive.ubuntu.com precise-backports/multiverse Translation-en Hit http://tr.archive.ubuntu.com precise-backports/restricted Translation-en Hit http://tr.archive.ubuntu.com precise-backports/universe Translation-en Hit http://security.ubuntu.com precise-security/universe i386 Packages Hit http://security.ubuntu.com precise-security/multiverse i386 Packages Hit http://security.ubuntu.com precise-security/main TranslationIndex Hit http://security.ubuntu.com precise-security/multiverse TranslationIndex Hit http://security.ubuntu.com precise-security/restricted TranslationIndex Hit http://security.ubuntu.com precise-security/universe TranslationIndex Hit http://security.ubuntu.com precise-security/main Translation-en Hit http://security.ubuntu.com precise-security/multiverse Translation-en Hit http://security.ubuntu.com precise-security/restricted Translation-en Hit http://security.ubuntu.com precise-security/universe Translation-en Ign http://ppa.launchpad.net precise/main Translation-en_US Ign http://extras.ubuntu.com precise/main Translation-en_US Ign http://ppa.launchpad.net precise/main Translation-en Ign http://extras.ubuntu.com precise/main Translation-en Reading package lists... Done zero@ghostrider:~$ sudo apt-get install oracle-java7-installer Reading package lists... Done Building dependency tree Reading state information... Done oracle-java7-installer is already the newest version. 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 1 not fully installed or removed. After this operation, 0 B of additional disk space will be used. Do you want to continue [Y/n]? Y Setting up oracle-java7-installer (7u3-0~eugenesan~precise4) ... Downloading... --2012-06-11 23:57:11-- http://download.oracle.com/otn-pub/java/jdk/7u3-b04/jdk- 7u3-linux-i586.tar.gz Resolving download.oracle.com (download.oracle.com)... 64.209.77.18 Connecting to download.oracle.com (download.oracle.com)|64.209.77.18|:80... connected. HTTP request sent, awaiting response... 302 Moved Temporarily Location: https://edelivery.oracle.com/otn-pub/java/jdk/7u3-b04/jdk-7u3-linux-i586.tar.gz [following] --2012-06-11 23:57:11-- https://edelivery.oracle.com/otn-pub/java/jdk/7u3-b04/jdk-7u3-linux-i586.tar.gz Resolving edelivery.oracle.com (edelivery.oracle.com)... 95.101.122.174 Connecting to edelivery.oracle.com (edelivery.oracle.com)|95.101.122.174|:443... connected. HTTP request sent, awaiting response... 302 Moved Temporarily Location: http://download.oracle.com/errors/download-fail-1505220.html [following] --2012-06-11 23:57:12-- http://download.oracle.com/errors/download-fail-1505220.html Connecting to download.oracle.com (download.oracle.com)|64.209.77.18|:80... connected. HTTP request sent, awaiting response... 200 OK Length: 5307 (5.2K) [text/html] Saving to: `./jdk-7u3-linux-i586.tar.gz' 0K ..... 100% 976K=0.005s 2012-06-11 23:57:12 (976 KB/s) - `./jdk-7u3-linux-i586.tar.gz' saved [5307/5307] Download done. sha256sum mismatch jdk-7u3-linux-i586.tar.gz Oracle JDK 7 is NOT installed. dpkg: error processing oracle-java7-installer (--configure): subprocess installed post-installation script returned error exit status 1 No apport report written because MaxReports is reached already Errors were encountered while processing: oracle-java7-installer E: Sub-process /usr/bin/dpkg returned an error code (1) zero@ghostrider:~$

Read the article
can you customize adobe acrobat reader "security warning"

- by akaphenom

We need to insert a web beacon (i know taboo) in to adobe PDFs to know when they are opened, as one of our clients is moving to a model of "giving" their documents away and following up repeat viewers for subscriptions. Its not enough to be able to provide a download, they want to attach the PDF to an email and "blast" to directed recipients (double-opt-in etc). Adding the javascript to the pdf is easy enough: (iText) and the "openAction" event. However the security box pops up and displays: "Security Warning" "Document is trying to connect to 'xxxx.yyy.com' if you trusty the site choose Allow. If do not trust the site choose Block" [help] [allow] [block] I don't think we need to completley overhaul the dialogue box, I just think we need to change the middle text to be more descriptive of why we are doing it. Of course our client would love us to remove this completely... Thank you in advance for any feed back you can provide, Todd

Read the article
WCF - Windows authentication - Security settings require Anonymous...

- by Rashack

Hi, I am struggling hard with getting WCF service running on IIS on our server. After deployment I end up with an error message: Security settings for this service require 'Anonymous' Authentication but it is not enabled for the IIS application that hosts this service. I want to use Windows authentication and thus I have Anonymous access disabled. Also note that there is aspNetCompatibilityEnabled (if that makes any difference). Here's my web.config: <system.serviceModel> <serviceHostingEnvironment aspNetCompatibilityEnabled="true" /> <bindings> <webHttpBinding> <binding name="default"> <security mode="TransportCredentialOnly"> <transport clientCredentialType="Windows" proxyCredentialType="Windows"/> </security> </binding> </webHttpBinding> </bindings> <behaviors> <endpointBehaviors> <behavior name="AspNetAjaxBehavior"> <enableWebScript /> <webHttp /> </behavior> </endpointBehaviors> <serviceBehaviors> <behavior name="defaultServiceBehavior"> <serviceMetadata httpGetEnabled="true" httpsGetEnabled="false" /> <serviceDebug includeExceptionDetailInFaults="true" /> <serviceAuthorization principalPermissionMode="UseWindowsGroups" /> </behavior> </serviceBehaviors> </behaviors> <services> <service name="xxx.Web.Services.RequestService" behaviorConfiguration="defaultServiceBehavior"> <endpoint behaviorConfiguration="AspNetAjaxBehavior" binding="webHttpBinding" contract="xxx.Web.Services.IRequestService" bindingConfiguration="default"> </endpoint> <endpoint address="mex" binding="mexHttpBinding" name="mex" contract="IMetadataExchange"></endpoint> </service> </services> </system.serviceModel> I have searched all over the internet with no luck. Any clues are greatly appreciated.

Read the article
WS-Security on iphone, is it possible?

- by emmanuel.aquino

Hello, I'm new here and I'm facing a problem. I need to know if it is possible to implement the WS-Security protocol with X.509 certificates on a native iPhone application. I haven't found much information on the web, except this information from Apple about security services. I just want to ask, is it possible? has it been made before?. If it is posbile, can you point me in the right direction?. Thanks in advance.

Read the article
JAX-WS Consuming web service with WS-Security and WS-Addressing

- by aurealus

I'm trying to develop a standalone Java web service client with JAX-WS (Metro) that uses WS-Security with Username Token Authentication (Password digest, nonces and timestamp) and timestamp verification along with WS-Addressing over SSL. The WSDL I have to work with does not define any security policy information. I have been unable to figure out exactly how to add this header information (the correct way to do so) when the WSDL does not contain this information. Most examples I have found using Metro revolve around using Netbeans to automatically generate this from the WSDL which does not help me at all. I have looked into WSIT, XWSS, etc. without much clarity or direction. JBoss WS Metro looked promising not much luck yet there either. Anyone have experience doing this or have suggestions on how to accomplish this task? Even pointing me in the right direction would be helpful. I am not restricted to a specific technology other than it must be Java based.

Read the article
Infinite loop using Spring Security - Login page is protected even though it should allow anonymous

- by Tai Squared

I have a Spring application (Spring version 2.5.6.SEC01, Spring Security version 2.0.5) with the following setup: web.xml <welcome-file-list> <welcome-file> index.jsp </welcome-file> </welcome-file-list> The index.jsp page is in the WebContent directory and simply contains a redirect: <c:redirect url="/login.htm"/> In the appname-servlet.xml, there is a view resolver to point to the jsp pages in WEB-INF/jsp <bean id="viewResolver" class="org.springframework.web.servlet.view.InternalResourceViewResolver"> <property name="viewClass" value="org.springframework.web.servlet.view.JstlView" /> <property name="prefix" value="/WEB-INF/jsp/" /> <property name="suffix" value=".jsp" /> </bean> In the security-config.xml file, I have the following configuration: <http>  <intercept-url pattern="/WEB-INF/jsp/login.jsp*" access="ROLE_ANONYMOUS" /> <intercept-url pattern="/WEB-INF/jsp/header.jsp*" access="ROLE_ANONYMOUS" /> <intercept-url pattern="/WEB-INF/jsp/footer.jsp*" access="ROLE_ANONYMOUS" /> <intercept-url pattern="/login*" access="ROLE_ANONYMOUS" /> <intercept-url pattern="/index.jsp" access="ROLE_ANONYMOUS" /> <intercept-url pattern="/logoutSuccess*" access="ROLE_ANONYMOUS" /> <intercept-url pattern="/css/**" filters="none" /> <intercept-url pattern="/images/**" filters="none" /> <intercept-url pattern="/**" access="ROLE_ANONYMOUS" /> <form-login login-page="/login.jsp"/> </http> <authentication-provider> <jdbc-user-service data-source-ref="dataSource" /> </authentication-provider> However, I can't even navigate to the login page and get the following error in the log: WARNING: The login page is being protected by the filter chain, but you don't appear to have anonymous authentication enabled. This is almost certainly an error. I've tried changing the ROLE_ANONYMOUS to IS_AUTHENTICATED_ANONYMOUSLY, changing the login-page to index.jsp, login.htm, and adding different intercept-url values, but I can't get it so the login page is accesible and security applies to the other pages. What do I have to change to avoid this loop?

Read the article
Silverlight WCF with two-way SSL security certificates

- by dlang

Dear All! I would like to implement a server - client software with the following security requirements: WCF-Services need to be secured with SSL and Certificates for both, the server and the client Client certificates need to be generated programmatically upon user registration Client-certificates are deployed via a an automatically generated installer-package Altough the client-certificates are self-signed (no authorized CA for the generation server) the end-user must not add the server-certificate to the trusted certificates in the local Certificate Store My problems: I cannot find any information regarding establishing such a two-way ssl-security for wcf, while the server-certificate is not signed by an authorized CA and instead is created programmatically with "makecert"... My question: Is it technically possible to implement this requirements? If yes - could you provide some hints how to get started? Thank you!

Read the article
Code Access Security - Basics and Example

- by jobless-spt

I was going through this link to understand CodeAccessSecurity: http://www.codeproject.com/KB/security/UB_CAS_NET.aspx It's a great article but it left me with following questions: If you can demand and get whatever permissions you want, then any executable can get Full_Trust on machine. If permissions are already there, then why do we need to demand those? Code is executing on Server, so the permissions are on server not on client machine? Article takes an example of removing write permissions from an assembly to show security exception. Though in real world, System.IO assembly (or related classes) will take care of these permissions. So is there a real scenario where we will need CAS?

Read the article
WCF - Disabling security in nettcpbinding (c#)

- by daniel-lacayo

Hello everyone. I'm trying to make a self hosted WCF app that uses nettcpbinding but works in an environment without a domain. It's just two regular windows pc's, one is the server and the other one will be the client. The problem with this is that when I try to get the client to connect it's rejected because of the security settings. Can you please point me in the right direction as to how I can get this scenario to work? Should I (if possible) disable security? Is there another (hopefully simple) way to accomplish this? Regards, Daniel

Read the article

Search Results

Search found 12720 results on 509 pages for 'moss2007 security'.

Page 21/509 | < Previous Page | 17 18 19 20 21 22 23 24 25 26 27 28 | Next Page >

- by vdh_ant

- by user340202

- by Nirmal

- by Shyam

- by Brian T

- by A&C Redaktion

- by Morgan Herlocker

- by loosebruce

- by ilhan

- by Prof Plum

- by reinier

- by sofakng

- by sofakng

- by dumb906

- by Mubashar Ahmad

- by Eqbal

- by Zxy

- by akaphenom

- by Rashack

- by emmanuel.aquino

- by aurealus

- by Tai Squared

- by dlang

- by jobless-spt

- by daniel-lacayo

< Previous Page | 17 18 19 20 21 22 23 24 25 26 27 28 | Next Page >