http basic authentication - Page 253

How to setup certificate authentication for MS SQL server 2008 R2 ?

- by Stephane

Hello, I have to connect an (ADO) application running on a standalone Windows 2003 R2 server to a SQL 2008 R2 database that is a member of the domain. I have setup an SQL authentication account for this and hard-coded the password into the connection string but I wonder if it wouldn't be possible to use certificate-based authentication for this instead. I haven't been able to find any documentation regarding this apparently new functionality of SQL 2008 R2 anywhere. Could someone kindly point me at some good documentation ? Or at least a description of the functionality and whether it could be used in my case or not ? Thank you in advance

Read the article

Securing RDP access to Windows Server 2008 R2: is Network Level Authentication enough?

- by jamesfm

I am a dev with little admin expertise, administering a single dedicated web server remotely. A recent independent security audit of our site recommended that "RDP is not exposed to the Internet and that a robust management solution such as a VPN is considered for remote access. When used, RDP should be configured for Server Authentication to ensure that clients cannot be subjected to man-in-the-middle attacks." Having read around a bit, it seems like Network Level Authentication is a Good Thing so I have enabled the "Allow connections only from Remote Desktop with NLA" option on the server today. Is this acion enough to mitigate the risk of a Man-in-the-Middle attack? Or are there other essential steps I should be taking? If VPN is essential, how do I go about it?

Read the article

Are there any sFTP clients that support a proxy that uses NTLM authentication?

- by Iraklis

The title pretty much summarizes the question. We have deployed an sFTP server that needs to be accessed from our client's MS Windows Pc's that reside within a restricted local area network. The only way they can get out for their Intranet is to use an HTTP proxy that requires NTLM authentication. From what I understand all open-source sFTP clients (FilleZilla,WinSCP,etc) do NOT support NTLM authentication (Because of legal issues). I know that there are workarounds to this (installing a local proxy at the machine that understands NTLM) but this would break all sorts of security policies of our client. So my question is : Does anyone know of any sFTP client that supports a NTLM Proxy?

Read the article

Don't Miss A Session -- Check the Daily Updates!

- by Oracle OpenWorld Blog Team

With thousands of sessions during conference week, sometimes times and locations change. Be sure to check session updates daily so you won't miss a thing. Session updates can be found at the following URLs: Oracle OpenWorld: http://www.oracle.com/openworld/updates/monday/index.html?origref=http://www.oracle.com/openworld/index.html JavaOne: http://www.oracle.com/javaone/updates/monday/index.html?origref=http://www.oracle.com/javaone/index.html Oracle PartnerNetwork Exchange @ OpenWorld: http://www.oracle.com/opnexchange/updates/sunday/index.html?origref=http://www.oracle.com/opnexchange/index.html Customer Experience Summit @ OpenWorld: http://www.oracle.com/events/us/en/cxsummit/updates/wednesday/index.html?origref=http://www.oracle.com/events/us/en/cxsummit/index.html Java Embedded @ JavaOne: http://www.oracle.com/javaone/embedded/updates/wednesday/index.html?origref=http://www.oracle.com/javaone/embedded/index.html

Read the article

Apt-get take long time to update\upgrade

- by ShockwaveNN

On my work network any apt-get (or aptitude) commands take a very long time, it's look's like admins blocked some port for it (for unknown reason). For example sudo apt-get update take like 2 days and all I get - a very long list of responses like Get: 36 http://security.ubuntu.com precise-security/universe amd64 Packages [11.6 kB] Get: 37 http://security.ubuntu.com precise-security/universe amd64 Packages [11.6 kB] Get: 38 http://security.ubuntu.com precise-security/universe amd64 Packages [11.6 kB] Get: 39 http://security.ubuntu.com precise-security/universe amd64 Packages [11.6 kB] Get: 40 http://security.ubuntu.com precise-security/universe amd64 Packages [11.6 kB] Same situation then I try to download software Get:1 http://archive.ubuntu.com/ubuntu/ precise/main dash i386 0.5.7-2ubuntu2 [85.8 kB] Get:2 http://archive.ubuntu.com/ubuntu/ precise/main dash i386 0.5.7-2ubuntu2 [85.8 kB] Get:3 http://archive.ubuntu.com/ubuntu/ precise/main dash i386 0.5.7-2ubuntu2 [85.8 kB] Get:4 http://archive.ubuntu.com/ubuntu/ precise/main dash i386 0.5.7-2ubuntu2 [85.8 kB] Get:5 http://archive.ubuntu.com/ubuntu/ precise/main dash i386 0.5.7-2ubuntu2 [85.8 kB] Is there something I can do to change port for apt-get or something else

Read the article

fstab and cifs mounting, possible to store authentication information outside of fstab?

- by tj111

I am currently using cifs to mount some network shares (that require authentication) in /etc/fstab. It works excellently, but I would like to move the authentication details (username/pass) outside of fstab and be able to chmod it 600 (as fstab can have issues if I were to change its permissions). I was wondering if it is possible to do this (many-user system, don't want these permissions to be viewable by all users). from: //server/foo/bar /mnt/bar cifs username=user,password=pass,r 0 0 to: //server/foo/bar /mnt/bar cifs <link to permissions>,r 0 0 (or something analogous to this). Thanks.

Read the article

Which FTP Daemon should I use if I want to use MySQL for authentication?

- by wag2639

We want to set up a FTP Daemon on our Ubuntu 10.04 server that can use a simple (probably custom) built web interface for a FTP server using MySQL for authentication. It'll be public facing but only intended for use by a few customers or clients. I know vsftpd, ProFTPd, and Pure-FTPd but I'm not sure which is best for this application. Main features we would like: a. Very good MySQL authentication integration b. Able to specify a list folders/files (folder level is sufficient) each user has access to through MySQL Anything else would just be sprinkles on top.

Read the article

Le framework PHP Jelix disponible en version 1.4 : compatibilité PSR0, templates virtuels et gestion du cache HTTP à la une

Jelix 1.4 est disponible ! Compatibilité PSR0, templates virtuels et gestion du cache HTTP à la une du framework PHP Dans toute cette agitation de mise à jour de framework PHPn, on aurait presque oublié la sortie de Jelix. [IMG]http://idelways.developpez.com/news/images/jelix.png[/IMG] Jelix est et reste l'un des meilleurs frameworks PHP existants et cela par sa conception bien souvent en avance sur d'autres outils. Je pense à la modularité et à la gestion d'événements mises en place dans Jelix depuis de nombreuses années et qui font à peine leurs apparitions sur certains frameworks dits majeurs. Une nouvelle version majeure de Jelix ...

Read the article

How to track inbound HTTP traffic using Plesk 10.4.4?

- by hypercrypt

I am running Plesk 10.4.4 on a Debian 6.0 server. The outbound traffic is being tracked but the inbound http traffic seems to be 0 at all times, i.e. looking at the DomainsTraffic and ClientsTraffic the http_in column is always 0. Is this a setting that I have missed? I've had a look and cannot find anything. How do I get Plesk to track the inbound HTTP traffic? I have already made sure that Home Tools & Settings Server settings had 'Include in the traffic calculation' set to 'inbound and outbound traffic', yet this does not solve the problem. Apache allows inbound traffic to be logged using %I in the log format, is there a way to get Plesk to add the %I to the log and then use that in bandwidth calculations?

Read the article

gzip compression using varnish cache

- by Ali Raza

Im trying to provide gzip compression using varnish cache. But when I set content-encoding as gzip using my below mentioned configuration for varnish (default.vcl). Browser failed to download those content for which i set content-encoding as gzipped. Varnish configuration file: backend default { .host = "127.0.0.1"; .port = "9000"; } backend socketIO { .host = "127.0.0.1"; .port = "8083"; } acl purge { "127.0.0.1"; "192.168.15.0"/24; } sub vcl_fetch { /* If the request is for pictures, javascript, css, etc */ if (req.url ~ "^/public/" || req.url ~ "\.js"){ unset req.http.cookie; set beresp.http.Content-Encoding= "gzip"; set beresp.ttl = 86400s; set beresp.http.Cache-Control = "public, max-age=3600"; /*set the expires time to response header*/ set beresp.http.expires=beresp.ttl; /* marker for vcl_deliver to reset Age: */ set beresp.http.magicmarker = "1"; } if (!beresp.cacheable) { return (pass); } return (deliver); } sub vcl_deliver { if (resp.http.magicmarker) { /* Remove the magic marker */ unset resp.http.magicmarker; /* By definition we have a fresh object */ set resp.http.age = "0"; } if(obj.hits > 0) { set resp.http.X-Varnish-Cache = "HIT"; }else { set resp.http.X-Varnish-Cache = "MISS"; } return (deliver); } sub vcl_recv { if (req.http.x-forwarded-for) { set req.http.X-Forwarded-For = req.http.X-Forwarded-For ", " client.ip; } else { set req.http.X-Forwarded-For = client.ip; } if (req.request != "GET" && req.request != "HEAD" && req.request != "PUT" && req.request != "POST" && req.request != "TRACE" && req.request != "OPTIONS" && req.request != "DELETE") { /* Non-RFC2616 or CONNECT which is weird. */ return (pipe); } # Pass requests that are not GET or HEAD if (req.request != "GET" && req.request != "HEAD") { return(pass); } #pipe websocket connections directly to Node.js if (req.http.Upgrade ~ "(?i)websocket") { set req.backend = socketIO; return (pipe); } # Properly handle different encoding types if (req.http.Accept-Encoding) { if (req.url ~ "\.(jpg|png|gif|gz|tgz|bz2|tbz|mp3|ogg|js|css)$") { # No point in compressing these remove req.http.Accept-Encoding; } elsif (req.http.Accept-Encoding ~ "gzip") { set req.http.Accept-Encoding = "gzip"; } elsif (req.http.Accept-Encoding ~ "deflate") { set req.http.Accept-Encoding = "deflate"; } else { # unkown algorithm remove req.http.Accept-Encoding; } } # allow PURGE from localhost and 192.168.15... if (req.request == "PURGE") { if (!client.ip ~ purge) { error 405 "Not allowed."; } return (lookup); } return (lookup); } sub vcl_hit { if (req.request == "PURGE") { purge_url(req.url); error 200 "Purged."; } } sub vcl_miss { if (req.request == "PURGE") { purge_url(req.url); error 200 "Purged."; } } sub vcl_pipe { if (req.http.upgrade) { set bereq.http.upgrade = req.http.upgrade; } } Response Header: Cache-Control:public, max-age=3600 Connection:keep-alive Content-Encoding:gzip Content-Length:11520 Content-Type:application/javascript Date:Fri, 06 Apr 2012 04:53:41 GMT ETag:"1330493670000--987570445" Last-Modified:Wed, 29 Feb 2012 05:34:30 GMT Server:Play! Framework;1.2.x-localbuild;dev Via:1.1 varnish X-Varnish:118464579 118464571 X-Varnish-Cache:HIT age:0 expires:86400.000 Any suggestion on how to fix it and how to provide gzip compression using varnish.

Read the article

AuthnRequest Settings in OIF / SP

- by Damien Carru

In this article, I will list the various OIF/SP settings that affect how an AuthnRequest message is created in OIF in a Federation SSO flow. The AuthnRequest message is used by an SP to start a Federation SSO operation and to indicate to the IdP how the operation should be executed: How the user should be challenged at the IdP Whether or not the user should be challenged at the IdP, even if a session already exists at the IdP for this user Which NameID format should be requested in the SAML Assertion Which binding (Artifact or HTTP-POST) should be requested from the IdP to send the Assertion Which profile should be used by OIF/SP to send the AuthnRequest message Enjoy the reading! Protocols The SAML 2.0, SAML 1.1 and OpenID 2.0 protocols define different message elements and rules that allow an administrator to influence the Federation SSO flows in different manners, when the SP triggers an SSO operation: SAML 2.0 allows extensive customization via the AuthnRequest message SAML 1.1 does not allow any customization, since the specifications do not define an authentication request message OpenID 2.0 allows for some customization, mainly via the OpenID 2.0 extensions such as PAPE or UI SAML 2.0 OIF/SP allows the customization of the SAML 2.0 AuthnRequest message for the following elements: ForceAuthn: Boolean indicating whether or not the IdP should force the user for re-authentication, even if the user has still a valid session By default set to false IsPassive Boolean indicating whether or not the IdP is allowed to interact with the user as part of the Federation SSO operation. If false, the Federation SSO operation might result in a failure with the NoPassive error code, because the IdP will not have been able to identify the user By default set to false RequestedAuthnContext Element indicating how the user should be challenged at the IdP If the SP requests a Federation Authentication Method unknown to the IdP or for which the IdP is not configured, then the Federation SSO flow will result in a failure with the NoAuthnContext error code By default missing NameIDPolicy Element indicating which NameID format the IdP should include in the SAML Assertion If the SP requests a NameID format unknown to the IdP or for which the IdP is not configured, then the Federation SSO flow will result in a failure with the InvalidNameIDPolicy error code If missing, the IdP will generally use the default NameID format configured for this SP partner at the IdP By default missing ProtocolBinding Element indicating which SAML binding should be used by the IdP to redirect the user to the SP with the SAML Assertion Set to Artifact or HTTP-POST By default set to HTTP-POST OIF/SP also allows the administrator to configure the server to: Set which binding should be used by OIF/SP to redirect the user to the IdP with the SAML 2.0 AuthnRequest message: Redirect or HTTP-POST By default set to Redirect Set which binding should be used by OIF/SP to redirect the user to the IdP during logout with SAML 2.0 Logout messages: Redirect or HTTP-POST By default set to Redirect SAML 1.1 The SAML 1.1 specifications do not define a message for the SP to send to the IdP when a Federation SSO operation is started. As such, there is no capability to configure OIF/SP on how to affect the start of the Federation SSO flow. OpenID 2.0 OpenID 2.0 defines several extensions that can be used by the SP/RP to affect how the Federation SSO operation will take place: OpenID request: mode: String indicating if the IdP/OP can visually interact with the user checkid_immediate does not allow the IdP/OP to interact with the user checkid_setup allows user interaction By default set to checkid_setup PAPE Extension: max_auth_age : Integer indicating in seconds the maximum amount of time since when the user authenticated at the IdP. If MaxAuthnAge is bigger that the time since when the user last authenticated at the IdP, then the user must be re-challenged. OIF/SP will set this attribute to 0 if the administrator configured ForceAuthn to true, otherwise this attribute won't be set Default missing preferred_auth_policies Contains a Federation Authentication Method Element indicating how the user should be challenged at the IdP By default missing Only specified in the OpenID request if the IdP/OP supports PAPE in XRDS, if OpenID discovery is used. UI Extension Popup mode Boolean indicating the popup mode is enabled for the Federation SSO By default missing Language Preference String containing the preferred language, set based on the browser's language preferences. By default missing Icon: Boolean indicating if the icon feature is enabled. In that case, the IdP/OP would look at the SP/RP XRDS to determine how to retrieve the icon By default missing Only specified in the OpenID request if the IdP/OP supports UI Extenstion in XRDS, if OpenID discovery is used. ForceAuthn and IsPassive WLST Command OIF/SP provides the WLST configureIdPAuthnRequest() command to set: ForceAuthn as a boolean: In a SAML 2.0 AuthnRequest, the ForceAuthn field will be set to true or false In an OpenID 2.0 request, if ForceAuthn in the configuration was set to true, then the max_auth_age field of the PAPE request will be set to 0, otherwise, max_auth_age won't be set IsPassive as a boolean: In a SAML 2.0 AuthnRequest, the IsPassive field will be set to true or false In an OpenID 2.0 request, if IsPassive in the configuration was set to true, then the mode field of the OpenID request will be set to checkid_immediate, otherwise set to checkid_setup Test In this test, OIF/SP is integrated with a remote SAML 2.0 IdP Partner, with the OOTB configuration. Based on this setup, when OIF/SP starts a Federation SSO flow, the following SAML 2.0 AuthnRequest would be generated: <samlp:AuthnRequest ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" ID="id-E4BOT7lwbYK56lO57dBaqGUFq01WJSjAHiSR60Q4" Version="2.0" IssueInstant="2014-04-01T21:39:14Z" Destination="https://acme.com/saml20/sso"> <saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">https://sp.com/oam/fed</saml:Issuer> <samlp:NameIDPolicy AllowCreate="true"/></samlp:AuthnRequest> Let's configure OIF/SP for that IdP Partner, so that the SP will require the IdP to re-challenge the user, even if the user is already authenticated: Enter the WLST environment by executing:$IAM_ORACLE_HOME/common/bin/wlst.sh Connect to the WLS Admin server:connect() Navigate to the Domain Runtime branch:domainRuntime() Execute the configureIdPAuthnRequest() command:configureIdPAuthnRequest(partner="AcmeIdP", forceAuthn="true") Exit the WLST environment:exit() After the changes, the following SAML 2.0 AuthnRequest would be generated: <samlp:AuthnRequest ForceAuthn="true" ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" ID="id-E4BOT7lwbYK56lO57dBaqGUFq01WJSjAHiSR60Q4" Version="2.0" IssueInstant="2014-04-01T21:39:14Z" Destination="https://acme.com/saml20/sso"> <saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">https://sp.com/oam/fed</saml:Issuer> <samlp:NameIDPolicy AllowCreate="true"/></samlp:AuthnRequest> To display or delete the ForceAuthn/IsPassive settings, perform the following operatons: Enter the WLST environment by executing:$IAM_ORACLE_HOME/common/bin/wlst.sh Connect to the WLS Admin server:connect() Navigate to the Domain Runtime branch:domainRuntime() Execute the configureIdPAuthnRequest() command: To display the ForceAuthn/IsPassive settings on the partnerconfigureIdPAuthnRequest(partner="AcmeIdP", displayOnly="true") To delete the ForceAuthn/IsPassive settings from the partnerconfigureIdPAuthnRequest(partner="AcmeIdP", delete="true") Exit the WLST environment:exit() Requested Fed Authn Method In my earlier "Fed Authentication Method Requests in OIF / SP" article, I discussed how OIF/SP could be configured to request a specific Federation Authentication Method from the IdP when starting a Federation SSO operation, by setting elements in the SSO request message. WLST Command The OIF WLST commands that can be used are: setIdPPartnerProfileRequestAuthnMethod() which will configure the requested Federation Authentication Method in a specific IdP Partner Profile, and accepts the following parameters: partnerProfile: name of the IdP Partner Profile authnMethod: the Federation Authentication Method to request displayOnly: an optional parameter indicating if the method should display the current requested Federation Authentication Method instead of setting it delete: an optional parameter indicating if the method should delete the current requested Federation Authentication Method instead of setting it setIdPPartnerRequestAuthnMethod() which will configure the specified IdP Partner entry with the requested Federation Authentication Method, and accepts the following parameters: partner: name of the IdP Partner authnMethod: the Federation Authentication Method to request displayOnly: an optional parameter indicating if the method should display the current requested Federation Authentication Method instead of setting it delete: an optional parameter indicating if the method should delete the current requested Federation Authentication Method instead of setting it This applies to SAML 2.0 and OpenID 2.0 protocols. See the "Fed Authentication Method Requests in OIF / SP" article for more information. Test In this test, OIF/SP is integrated with a remote SAML 2.0 IdP Partner, with the OOTB configuration. Based on this setup, when OIF/SP starts a Federation SSO flow, the following SAML 2.0 AuthnRequest would be generated: <samlp:AuthnRequest ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" ID="id-E4BOT7lwbYK56lO57dBaqGUFq01WJSjAHiSR60Q4" Version="2.0" IssueInstant="2014-04-01T21:39:14Z" Destination="https://acme.com/saml20/sso"> <saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">https://sp.com/oam/fed</saml:Issuer> <samlp:NameIDPolicy AllowCreate="true"/></samlp:AuthnRequest> Let's configure OIF/SP for that IdP Partner, so that the SP will request the IdP to use a mechanism mapped to the urn:oasis:names:tc:SAML:2.0:ac:classes:X509 Federation Authentication Method to authenticate the user: Enter the WLST environment by executing:$IAM_ORACLE_HOME/common/bin/wlst.sh Connect to the WLS Admin server:connect() Navigate to the Domain Runtime branch:domainRuntime() Execute the setIdPPartnerRequestAuthnMethod() command:setIdPPartnerRequestAuthnMethod("AcmeIdP", "urn:oasis:names:tc:SAML:2.0:ac:classes:X509") Exit the WLST environment:exit() After the changes, the following SAML 2.0 AuthnRequest would be generated: <samlp:AuthnRequest ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" ID="id-E4BOT7lwbYK56lO57dBaqGUFq01WJSjAHiSR60Q4" Version="2.0" IssueInstant="2014-04-01T21:39:14Z" Destination="https://acme.com/saml20/sso"> <saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">https://sp.com/oam/fed</saml:Issuer> <samlp:NameIDPolicy AllowCreate="true"/> <samlp:RequestedAuthnContext Comparison="minimum"> <saml:AuthnContextClassRef xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"> urn:oasis:names:tc:SAML:2.0:ac:classes:X509 </saml:AuthnContextClassRef> </samlp:RequestedAuthnContext></samlp:AuthnRequest> NameID Format The SAML 2.0 protocol allows for the SP to request from the IdP a specific NameID format to be used when the Assertion is issued by the IdP. Note: SAML 1.1 and OpenID 2.0 do not provide such a mechanism Configuring OIF The administrator can configure OIF/SP to request a NameID format in the SAML 2.0 AuthnRequest via: The OAM Administration Console, in the IdP Partner entry The OIF WLST setIdPPartnerNameIDFormat() command that will modify the IdP Partner configuration OAM Administration Console To configure the requested NameID format via the OAM Administration Console, perform the following steps: Go to the OAM Administration Console: http(s)://oam-admin-host:oam-admin-port/oamconsole Navigate to Identity Federation -> Service Provider Administration Open the IdP Partner you wish to modify In the Authentication Request NameID Format dropdown box with one of the values None The NameID format will be set Default Email Address The NameID format will be set urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress X.509 Subject The NameID format will be set urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName Windows Name Qualifier The NameID format will be set urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName Kerberos The NameID format will be set urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos Transient The NameID format will be set urn:oasis:names:tc:SAML:2.0:nameid-format:transient Unspecified The NameID format will be set urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified Custom In this case, a field would appear allowing the administrator to indicate the custom NameID format to use The NameID format will be set to the specified format Persistent The NameID format will be set urn:oasis:names:tc:SAML:2.0:nameid-format:persistent I selected Email Address in this example Save WLST Command To configure the requested NameID format via the OIF WLST setIdPPartnerNameIDFormat() command, perform the following steps: Enter the WLST environment by executing:$IAM_ORACLE_HOME/common/bin/wlst.sh Connect to the WLS Admin server:connect() Navigate to the Domain Runtime branch:domainRuntime() Execute the setIdPPartnerNameIDFormat() command:setIdPPartnerNameIDFormat("PARTNER", "FORMAT", customFormat="CUSTOM") Replace PARTNER with the IdP Partner name Replace FORMAT with one of the following: orafed-none The NameID format will be set Default orafed-emailaddress The NameID format will be set urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress orafed-x509 The NameID format will be set urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName orafed-windowsnamequalifier The NameID format will be set urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName orafed-kerberos The NameID format will be set urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos orafed-transient The NameID format will be set urn:oasis:names:tc:SAML:2.0:nameid-format:transient orafed-unspecified The NameID format will be set urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified orafed-custom In this case, a field would appear allowing the administrator to indicate the custom NameID format to use The NameID format will be set to the specified format orafed-persistent The NameID format will be set urn:oasis:names:tc:SAML:2.0:nameid-format:persistent customFormat will need to be set if the FORMAT is set to orafed-custom An example would be:setIdPPartnerNameIDFormat("AcmeIdP", "orafed-emailaddress") Exit the WLST environment:exit() Test In this test, OIF/SP is integrated with a remote SAML 2.0 IdP Partner, with the OOTB configuration. Based on this setup, when OIF/SP starts a Federation SSO flow, the following SAML 2.0 AuthnRequest would be generated: <samlp:AuthnRequest ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" ID="id-E4BOT7lwbYK56lO57dBaqGUFq01WJSjAHiSR60Q4" Version="2.0" IssueInstant="2014-04-01T21:39:14Z" Destination="https://acme.com/saml20/sso"> <saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">https://sp.com/oam/fed</saml:Issuer> <samlp:NameIDPolicy AllowCreate="true"/></samlp:AuthnRequest> After the changes performed either via the OAM Administration Console or via the OIF WLST setIdPPartnerNameIDFormat() command where Email Address would be requested as the NameID Format, the following SAML 2.0 AuthnRequest would be generated: <samlp:AuthnRequest ForceAuthn="false" IsPassive="false" ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" ID="id-E4BOT7lwbYK56lO57dBaqGUFq01WJSjAHiSR60Q4" Version="2.0" IssueInstant="2014-04-01T21:39:14Z" Destination="https://acme.com/saml20/sso"> <saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">https://sp.com/oam/fed</saml:Issuer> <samlp:NameIDPolicy Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress" AllowCreate="true"/></samlp:AuthnRequest> Protocol Binding The SAML 2.0 specifications define a way for the SP to request which binding should be used by the IdP to redirect the user to the SP with the SAML 2.0 Assertion: the ProtocolBinding attribute indicates the binding the IdP should use. It is set to: Either urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST for HTTP-POST Or urn:oasis:names:tc:SAML:2.0:bindings:Artifact for Artifact The SAML 2.0 specifications also define different ways to redirect the user from the SP to the IdP with the SAML 2.0 AuthnRequest message, as the SP can send the message: Either via HTTP Redirect Or HTTP POST (Other bindings can theoretically be used such as Artifact, but these are not used in practice) Configuring OIF OIF can be configured: Via the OAM Administration Console or the OIF WLST configureSAMLBinding() command to set the Assertion Response binding to be used Via the OIF WLST configureSAMLBinding() command to indicate how the SAML AuthnRequest message should be sent Note: the binding for sending the SAML 2.0 AuthnRequest message will also be used to send the SAML 2.0 LogoutRequest and LogoutResponse messages. OAM Administration Console To configure the SSO Response/Assertion Binding via the OAM Administration Console, perform the following steps: Go to the OAM Administration Console: http(s)://oam-admin-host:oam-admin-port/oamconsole Navigate to Identity Federation -> Service Provider Administration Open the IdP Partner you wish to modify Check the "HTTP POST SSO Response Binding" box to request the IdP to return the SSO Response via HTTP POST, otherwise uncheck it to request artifact Save WLST Command To configure the SSO Response/Assertion Binding as well as the AuthnRequest Binding via the OIF WLST configureSAMLBinding() command, perform the following steps: Enter the WLST environment by executing:$IAM_ORACLE_HOME/common/bin/wlst.sh Connect to the WLS Admin server:connect() Navigate to the Domain Runtime branch:domainRuntime() Execute the configureSAMLBinding() command:configureSAMLBinding("PARTNER", "PARTNER_TYPE", binding, ssoResponseBinding="httppost") Replace PARTNER with the Partner name Replace PARTNER_TYPE with the Partner type (idp or sp) Replace binding with the binding to be used to send the AuthnRequest and LogoutRequest/LogoutResponse messages (should be httpredirect in most case; default) httppost for HTTP-POST binding httpredirect for HTTP-Redirect binding Specify optionally ssoResponseBinding to indicate how the SSO Assertion should be sent back httppost for HTTP-POST binding artifactfor for Artifact binding An example would be:configureSAMLBinding("AcmeIdP", "idp", "httpredirect", ssoResponseBinding="httppost") Exit the WLST environment:exit() Test In this test, OIF/SP is integrated with a remote SAML 2.0 IdP Partner, with the OOTB configuration which requests HTTP-POST from the IdP to send the SSO Assertion. Based on this setup, when OIF/SP starts a Federation SSO flow, the following SAML 2.0 AuthnRequest would be generated: <samlp:AuthnRequest ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" ID="id-E4BOT7lwbYK56lO57dBaqGUFq01WJSjAHiSR60Q4" Version="2.0" IssueInstant="2014-04-01T21:39:14Z" Destination="https://acme.com/saml20/sso"> <saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">https://sp.com/oam/fed</saml:Issuer> <samlp:NameIDPolicy AllowCreate="true"/></samlp:AuthnRequest> In the next article, I will cover the various crypto configuration properties in OIF that are used to affect the Federation SSO exchanges.Cheers,Damien Carru

Read the article

Cannot install packages. "Warning: untrusted versions..." plus "method driver /usr/lib/apt/methods/http could not be found"

- by Steve Tjoa

Judging from Internet forums, these errors appear to be popular when attempting to install packages: steve:~$ sudo aptitude install examplepackage The following NEW packages will be installed: examplepackage examplepackage-common{a} 0 packages upgraded, 2 newly installed, 0 to remove and 0 not upgraded. Need to get 1,834 kB of archives. After unpacking 7,631 kB will be used. Do you want to continue? [Y/n/?] WARNING: untrusted versions of the following packages will be installed! Untrusted packages could compromise your system's security. You should only proceed with the installation if you are certain that this is what you want to do. examplepackage examplepackage-common Do you want to ignore this warning and proceed anyway? To continue, enter "Yes"; to abort, enter "No": Yes E: The method driver /usr/lib/apt/methods/http could not be found. E: The method driver /usr/lib/apt/methods/http could not be found. E: Internal error: couldn't generate list of packages to download I followed this post by uninstalling ubuntu-keyring. But I cannot reinstall ubuntu-keyring or ubuntu-minimal -- the above errors reappear. In fact, I don't even seem to have apt (I must have caused this along the way by trying a bad solution, or maybe a clean): steve:~$ sudo apt-get update sudo: apt-get: command not found Aptitude works, but I can't install apt: steve:~$ sudo aptitude install apt The following NEW packages will be installed: apt 0 packages upgraded, 1 newly installed, 0 to remove and 0 not upgraded. Need to get 1,046 kB of archives. After unpacking 3,441 kB will be used. E: The method driver /usr/lib/apt/methods/http could not be found. E: The method driver /usr/lib/apt/methods/http could not be found. E: Internal error: couldn't generate list of packages to download ...or update steve:~$ sudo aptitude update E: The method driver /usr/lib/apt/methods/http could not be found. E: The method driver /usr/lib/apt/methods/http could not be found. E: The method driver /usr/lib/apt/methods/http could not be found. I tried this post. Didn't help. To summarize, the main problem is that I cannot install anything. While attempting to fix the problem, the other aforementioned errors occurred. Can you help me fix this error? Feel free to ask if you need more information. Stats: steve:~$ lsb_release -a No LSB modules are available. Distributor ID: Ubuntu Description: Ubuntu 11.10 Release: 11.10 Codename: oneiric

Read the article

Writing Unit Tests for ASP.NET Web API Controller

- by shiju

In this blog post, I will write unit tests for a ASP.NET Web API controller in the EFMVC reference application. Let me introduce the EFMVC app, If you haven't heard about EFMVC. EFMVC is a simple app, developed as a reference implementation for demonstrating ASP.NET MVC, EF Code First, ASP.NET Web API, Domain-Driven Design (DDD), Test-Driven Development (DDD). The current version is built with ASP.NET MVC 4, EF Code First 5, ASP.NET Web API, Autofac, AutoMapper, Nunit and Moq. All unit tests were written with Nunit and Moq. You can download the latest version of the reference app from http://efmvc.codeplex.com/ Unit Test for HTTP Get Let’s write a unit test class for verifying the behaviour of a ASP.NET Web API controller named CategoryController. Let’s define mock implementation for Repository class, and a Command Bus that is used for executing write operations. [TestFixture] public class CategoryApiControllerTest { private Mock<ICategoryRepository> categoryRepository; private Mock<ICommandBus> commandBus; [SetUp] public void SetUp() { categoryRepository = new Mock<ICategoryRepository>(); commandBus = new Mock<ICommandBus>(); } The code block below provides the unit test for a HTTP Get operation. [Test] public void Get_All_Returns_AllCategory() { // Arrange IEnumerable<CategoryWithExpense> fakeCategories = GetCategories(); categoryRepository.Setup(x => x.GetCategoryWithExpenses()).Returns(fakeCategories); CategoryController controller = new CategoryController(commandBus.Object, categoryRepository.Object) { Request = new HttpRequestMessage() { Properties = { { HttpPropertyKeys.HttpConfigurationKey, new HttpConfiguration() } } } }; // Act var categories = controller.Get(); // Assert Assert.IsNotNull(categories, "Result is null"); Assert.IsInstanceOf(typeof(IEnumerable<CategoryWithExpense>),categories, "Wrong Model"); Assert.AreEqual(3, categories.Count(), "Got wrong number of Categories"); } The GetCategories method is provided below: private static IEnumerable<CategoryWithExpense> GetCategories() { IEnumerable<CategoryWithExpense> fakeCategories = new List<CategoryWithExpense> { new CategoryWithExpense {CategoryId=1, CategoryName = "Test1", Description="Test1Desc", TotalExpenses=1000}, new CategoryWithExpense {CategoryId=2, CategoryName = "Test2", Description="Test2Desc",TotalExpenses=2000}, new CategoryWithExpense { CategoryId=3, CategoryName = "Test3", Description="Test3Desc",TotalExpenses=3000} }.AsEnumerable(); return fakeCategories; } In the unit test method Get_All_Returns_AllCategory, we specify setup on the mocked type ICategoryrepository, for a call to GetCategoryWithExpenses method returns dummy data. We create an instance of the ApiController, where we have specified the Request property of the ApiController since the Request property is used to create a new HttpResponseMessage that will provide the appropriate HTTP status code along with response content data. Unit Tests are using for specifying the behaviour of components so that we have specified that Get operation will use the model type IEnumerable<CategoryWithExpense> for sending the Content data. The implementation of HTTP Get in the CategoryController is provided below: public IQueryable<CategoryWithExpense> Get() { var categories = categoryRepository.GetCategoryWithExpenses().AsQueryable(); return categories; } Unit Test for HTTP Post The following are the behaviours we are going to implement for the HTTP Post: A successful HTTP Post operation should return HTTP status code Created An empty Category should return HTTP status code BadRequest A successful HTTP Post operation should provide correct Location header information in the response for the newly created resource. Writing unit test for HTTP Post is required more information than we write for HTTP Get. In the HTTP Post implementation, we will call to Url.Link for specifying the header Location of Response as shown in below code block. var response = Request.CreateResponse(HttpStatusCode.Created, category); string uri = Url.Link("DefaultApi", new { id = category.CategoryId }); response.Headers.Location = new Uri(uri); return response; While we are executing Url.Link from unit tests, we have to specify HttpRouteData information from the unit test method. Otherwise, Url.Link will get a null value. The code block below shows the unit tests for specifying the behaviours for the HTTP Post operation. [Test] public void Post_Category_Returns_CreatedStatusCode() { // Arrange commandBus.Setup(c => c.Submit(It.IsAny<CreateOrUpdateCategoryCommand>())).Returns(new CommandResult(true)); Mapper.CreateMap<CategoryFormModel, CreateOrUpdateCategoryCommand>(); var httpConfiguration = new HttpConfiguration(); WebApiConfig.Register(httpConfiguration); var httpRouteData = new HttpRouteData(httpConfiguration.Routes["DefaultApi"], new HttpRouteValueDictionary { { "controller", "category" } }); var controller = new CategoryController(commandBus.Object, categoryRepository.Object) { Request = new HttpRequestMessage(HttpMethod.Post, "http://localhost/api/category/") { Properties = { { HttpPropertyKeys.HttpConfigurationKey, httpConfiguration }, { HttpPropertyKeys.HttpRouteDataKey, httpRouteData } } } }; // Act CategoryModel category = new CategoryModel(); category.CategoryId = 1; category.CategoryName = "Mock Category"; var response = controller.Post(category); // Assert Assert.AreEqual(HttpStatusCode.Created, response.StatusCode); var newCategory = JsonConvert.DeserializeObject<CategoryModel>(response.Content.ReadAsStringAsync().Result); Assert.AreEqual(string.Format("http://localhost/api/category/{0}", newCategory.CategoryId), response.Headers.Location.ToString()); } [Test] public void Post_EmptyCategory_Returns_BadRequestStatusCode() { // Arrange commandBus.Setup(c => c.Submit(It.IsAny<CreateOrUpdateCategoryCommand>())).Returns(new CommandResult(true)); Mapper.CreateMap<CategoryFormModel, CreateOrUpdateCategoryCommand>(); var httpConfiguration = new HttpConfiguration(); WebApiConfig.Register(httpConfiguration); var httpRouteData = new HttpRouteData(httpConfiguration.Routes["DefaultApi"], new HttpRouteValueDictionary { { "controller", "category" } }); var controller = new CategoryController(commandBus.Object, categoryRepository.Object) { Request = new HttpRequestMessage(HttpMethod.Post, "http://localhost/api/category/") { Properties = { { HttpPropertyKeys.HttpConfigurationKey, httpConfiguration }, { HttpPropertyKeys.HttpRouteDataKey, httpRouteData } } } }; // Act CategoryModel category = new CategoryModel(); category.CategoryId = 0; category.CategoryName = ""; // The ASP.NET pipeline doesn't run, so validation don't run. controller.ModelState.AddModelError("", "mock error message"); var response = controller.Post(category); // Assert Assert.AreEqual(HttpStatusCode.BadRequest, response.StatusCode); } In the above code block, we have written two unit methods, Post_Category_Returns_CreatedStatusCode and Post_EmptyCategory_Returns_BadRequestStatusCode. The unit test method Post_Category_Returns_CreatedStatusCode verifies the behaviour 1 and 3, that we have defined in the beginning of the section “Unit Test for HTTP Post”. The unit test method Post_EmptyCategory_Returns_BadRequestStatusCode verifies the behaviour 2. For extracting the data from response, we call Content.ReadAsStringAsync().Result of HttpResponseMessage object and deserializeit it with Json Convertor. The implementation of HTTP Post in the CategoryController is provided below: // POST /api/category public HttpResponseMessage Post(CategoryModel category) { if (ModelState.IsValid) { var command = new CreateOrUpdateCategoryCommand(category.CategoryId, category.CategoryName, category.Description); var result = commandBus.Submit(command); if (result.Success) { var response = Request.CreateResponse(HttpStatusCode.Created, category); string uri = Url.Link("DefaultApi", new { id = category.CategoryId }); response.Headers.Location = new Uri(uri); return response; } } else { return Request.CreateErrorResponse(HttpStatusCode.BadRequest, ModelState); } throw new HttpResponseException(HttpStatusCode.BadRequest); } The unit test implementation for HTTP Put and HTTP Delete are very similar to the unit test we have written for HTTP Get. The complete unit tests for the CategoryController is given below: [TestFixture] public class CategoryApiControllerTest { private Mock<ICategoryRepository> categoryRepository; private Mock<ICommandBus> commandBus; [SetUp] public void SetUp() { categoryRepository = new Mock<ICategoryRepository>(); commandBus = new Mock<ICommandBus>(); } [Test] public void Get_All_Returns_AllCategory() { // Arrange IEnumerable<CategoryWithExpense> fakeCategories = GetCategories(); categoryRepository.Setup(x => x.GetCategoryWithExpenses()).Returns(fakeCategories); CategoryController controller = new CategoryController(commandBus.Object, categoryRepository.Object) { Request = new HttpRequestMessage() { Properties = { { HttpPropertyKeys.HttpConfigurationKey, new HttpConfiguration() } } } }; // Act var categories = controller.Get(); // Assert Assert.IsNotNull(categories, "Result is null"); Assert.IsInstanceOf(typeof(IEnumerable<CategoryWithExpense>),categories, "Wrong Model"); Assert.AreEqual(3, categories.Count(), "Got wrong number of Categories"); } [Test] public void Get_CorrectCategoryId_Returns_Category() { // Arrange IEnumerable<CategoryWithExpense> fakeCategories = GetCategories(); categoryRepository.Setup(x => x.GetCategoryWithExpenses()).Returns(fakeCategories); CategoryController controller = new CategoryController(commandBus.Object, categoryRepository.Object) { Request = new HttpRequestMessage() { Properties = { { HttpPropertyKeys.HttpConfigurationKey, new HttpConfiguration() } } } }; // Act var response = controller.Get(1); // Assert Assert.AreEqual(HttpStatusCode.OK, response.StatusCode); var category = JsonConvert.DeserializeObject<CategoryWithExpense>(response.Content.ReadAsStringAsync().Result); Assert.AreEqual(1, category.CategoryId, "Got wrong number of Categories"); } [Test] public void Get_InValidCategoryId_Returns_NotFound() { // Arrange IEnumerable<CategoryWithExpense> fakeCategories = GetCategories(); categoryRepository.Setup(x => x.GetCategoryWithExpenses()).Returns(fakeCategories); CategoryController controller = new CategoryController(commandBus.Object, categoryRepository.Object) { Request = new HttpRequestMessage() { Properties = { { HttpPropertyKeys.HttpConfigurationKey, new HttpConfiguration() } } } }; // Act var response = controller.Get(5); // Assert Assert.AreEqual(HttpStatusCode.NotFound, response.StatusCode); } [Test] public void Post_Category_Returns_CreatedStatusCode() { // Arrange commandBus.Setup(c => c.Submit(It.IsAny<CreateOrUpdateCategoryCommand>())).Returns(new CommandResult(true)); Mapper.CreateMap<CategoryFormModel, CreateOrUpdateCategoryCommand>(); var httpConfiguration = new HttpConfiguration(); WebApiConfig.Register(httpConfiguration); var httpRouteData = new HttpRouteData(httpConfiguration.Routes["DefaultApi"], new HttpRouteValueDictionary { { "controller", "category" } }); var controller = new CategoryController(commandBus.Object, categoryRepository.Object) { Request = new HttpRequestMessage(HttpMethod.Post, "http://localhost/api/category/") { Properties = { { HttpPropertyKeys.HttpConfigurationKey, httpConfiguration }, { HttpPropertyKeys.HttpRouteDataKey, httpRouteData } } } }; // Act CategoryModel category = new CategoryModel(); category.CategoryId = 1; category.CategoryName = "Mock Category"; var response = controller.Post(category); // Assert Assert.AreEqual(HttpStatusCode.Created, response.StatusCode); var newCategory = JsonConvert.DeserializeObject<CategoryModel>(response.Content.ReadAsStringAsync().Result); Assert.AreEqual(string.Format("http://localhost/api/category/{0}", newCategory.CategoryId), response.Headers.Location.ToString()); } [Test] public void Post_EmptyCategory_Returns_BadRequestStatusCode() { // Arrange commandBus.Setup(c => c.Submit(It.IsAny<CreateOrUpdateCategoryCommand>())).Returns(new CommandResult(true)); Mapper.CreateMap<CategoryFormModel, CreateOrUpdateCategoryCommand>(); var httpConfiguration = new HttpConfiguration(); WebApiConfig.Register(httpConfiguration); var httpRouteData = new HttpRouteData(httpConfiguration.Routes["DefaultApi"], new HttpRouteValueDictionary { { "controller", "category" } }); var controller = new CategoryController(commandBus.Object, categoryRepository.Object) { Request = new HttpRequestMessage(HttpMethod.Post, "http://localhost/api/category/") { Properties = { { HttpPropertyKeys.HttpConfigurationKey, httpConfiguration }, { HttpPropertyKeys.HttpRouteDataKey, httpRouteData } } } }; // Act CategoryModel category = new CategoryModel(); category.CategoryId = 0; category.CategoryName = ""; // The ASP.NET pipeline doesn't run, so validation don't run. controller.ModelState.AddModelError("", "mock error message"); var response = controller.Post(category); // Assert Assert.AreEqual(HttpStatusCode.BadRequest, response.StatusCode); } [Test] public void Put_Category_Returns_OKStatusCode() { // Arrange commandBus.Setup(c => c.Submit(It.IsAny<CreateOrUpdateCategoryCommand>())).Returns(new CommandResult(true)); Mapper.CreateMap<CategoryFormModel, CreateOrUpdateCategoryCommand>(); CategoryController controller = new CategoryController(commandBus.Object, categoryRepository.Object) { Request = new HttpRequestMessage() { Properties = { { HttpPropertyKeys.HttpConfigurationKey, new HttpConfiguration() } } } }; // Act CategoryModel category = new CategoryModel(); category.CategoryId = 1; category.CategoryName = "Mock Category"; var response = controller.Put(category.CategoryId,category); // Assert Assert.AreEqual(HttpStatusCode.OK, response.StatusCode); } [Test] public void Delete_Category_Returns_NoContentStatusCode() { // Arrange commandBus.Setup(c => c.Submit(It.IsAny<DeleteCategoryCommand >())).Returns(new CommandResult(true)); CategoryController controller = new CategoryController(commandBus.Object, categoryRepository.Object) { Request = new HttpRequestMessage() { Properties = { { HttpPropertyKeys.HttpConfigurationKey, new HttpConfiguration() } } } }; // Act var response = controller.Delete(1); // Assert Assert.AreEqual(HttpStatusCode.NoContent, response.StatusCode); } private static IEnumerable<CategoryWithExpense> GetCategories() { IEnumerable<CategoryWithExpense> fakeCategories = new List<CategoryWithExpense> { new CategoryWithExpense {CategoryId=1, CategoryName = "Test1", Description="Test1Desc", TotalExpenses=1000}, new CategoryWithExpense {CategoryId=2, CategoryName = "Test2", Description="Test2Desc",TotalExpenses=2000}, new CategoryWithExpense { CategoryId=3, CategoryName = "Test3", Description="Test3Desc",TotalExpenses=3000} }.AsEnumerable(); return fakeCategories; } } The complete implementation for the Api Controller, CategoryController is given below: public class CategoryController : ApiController { private readonly ICommandBus commandBus; private readonly ICategoryRepository categoryRepository; public CategoryController(ICommandBus commandBus, ICategoryRepository categoryRepository) { this.commandBus = commandBus; this.categoryRepository = categoryRepository; } public IQueryable<CategoryWithExpense> Get() { var categories = categoryRepository.GetCategoryWithExpenses().AsQueryable(); return categories; } // GET /api/category/5 public HttpResponseMessage Get(int id) { var category = categoryRepository.GetCategoryWithExpenses().Where(c => c.CategoryId == id).SingleOrDefault(); if (category == null) { return Request.CreateResponse(HttpStatusCode.NotFound); } return Request.CreateResponse(HttpStatusCode.OK, category); } // POST /api/category public HttpResponseMessage Post(CategoryModel category) { if (ModelState.IsValid) { var command = new CreateOrUpdateCategoryCommand(category.CategoryId, category.CategoryName, category.Description); var result = commandBus.Submit(command); if (result.Success) { var response = Request.CreateResponse(HttpStatusCode.Created, category); string uri = Url.Link("DefaultApi", new { id = category.CategoryId }); response.Headers.Location = new Uri(uri); return response; } } else { return Request.CreateErrorResponse(HttpStatusCode.BadRequest, ModelState); } throw new HttpResponseException(HttpStatusCode.BadRequest); } // PUT /api/category/5 public HttpResponseMessage Put(int id, CategoryModel category) { if (ModelState.IsValid) { var command = new CreateOrUpdateCategoryCommand(category.CategoryId, category.CategoryName, category.Description); var result = commandBus.Submit(command); return Request.CreateResponse(HttpStatusCode.OK, category); } else { return Request.CreateErrorResponse(HttpStatusCode.BadRequest, ModelState); } throw new HttpResponseException(HttpStatusCode.BadRequest); } // DELETE /api/category/5 public HttpResponseMessage Delete(int id) { var command = new DeleteCategoryCommand { CategoryId = id }; var result = commandBus.Submit(command); if (result.Success) { return new HttpResponseMessage(HttpStatusCode.NoContent); } throw new HttpResponseException(HttpStatusCode.BadRequest); } } Source Code The EFMVC app can download from http://efmvc.codeplex.com/ . The unit test project can be found from the project EFMVC.Tests and Web API project can be found from EFMVC.Web.API.

Read the article

Consuming a PHP SOAP WebService with ASP.NET

- by Jamie

I'm having some major issues trying to consume my PHP SOAP webservice using ASP.NET. The webservice in question is based on the PHP SOAP extension and is descibed by the following WSDL: <?xml version="1.0" encoding="UTF-8" ?> <definitions name="MyServices" targetNamespace="http://mydomain.com/api/soap/v11/services" xmlns:tns="http://mydomain.com/api/soap/v11/services" xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsd1="http://mydomain.com/api/soap/v11/services" xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/" xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/" xmlns="http://schemas.xmlsoap.org/wsdl/"> <types> <schema targetNamespace="http://mydomain.com/api/soap/v11/services" xmlns="http://www.w3.org/2001/XMLSchema"> <complexType name="ServiceType"> <all> <element name="id" type="xsd:int" minOccurs="1" maxOccurs="1" /> <element name="name" type="xsd:string" minOccurs="1" maxOccurs="1" /> <element name="cost" type="xsd:float" minOccurs="1" maxOccurs="1" /> </all> </complexType> <complexType name="ArrayOfServiceType"> <all> <element name="Services" type="ServiceType" minOccurs="0" maxOccurs="unbounded" /> </all> </complexType> </schema> </types> <message name="getServicesRequest"> <part name="postcode" type="xsd:string" /> </message> <message name="getServicesResponse"> <part name="Result" type="xsd1:ArrayOfServiceType"/> </message> <portType name="ServicesPortType"> <operation name="getServices"> <input message="tns:getServicesRequest"/> <output message="tns:getServicesResponse"/> </operation> </portType> <binding name="ServicesBinding" type="tns:ServicesPortType"> <soap:binding style="document" transport="http://schemas.xmlsoap.org/soap/http"/> <operation name="getServices"> <soap:operation soapAction="http://mydomain.com/api/soap/v11/services/getServices" /> <input> <soap:body use="encoded" namespace="urn:my:services" encodingStyle="http://schemas.xmlsoap.org/soap/encoding/" /> </input> <output> <soap:body use="encoded" namespace="urn:my:services" encodingStyle="http://schemas.xmlsoap.org/soap/encoding/" /> </output> </operation> </binding> <service name="MyServices"> <port name="ServicesPort" binding="tns:ServicesBinding"> <soap:address location="http://mydomain.com/api/soap/v11/services"/> </port> </service> </definitions> I can successfully generate a proxy class from this WSDL in Visual Studio, but upon trying to invoke the getServices method I am presented with an exception: System.Web.Services.Protocols.SoapHeaderException: Procedure 'string' not present After inspecting the raw post data at the SOAP server end, my PHP SOAP client is making requests like this: <?xml version="1.0" encoding="UTF-8"?> <SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:SOAP-ENC="http://schemas.xmlsoap.org/soap/encoding/" SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"> <SOAP-ENV:Body> <postcode xsi:type="xsd:string">ln4 4nq</postcode> </SOAP-ENV:Body> </SOAP-ENV:Envelope> Whereas the .Net proxy class is doing this: <?xml version="1.0" encoding="utf-8"?> <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/" xmlns:tns="http://mydomain.com/api/soap/v11/services" xmlns:types="http://mydomain.com/api/soap/v11/services/encodedTypes" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"> <soap:Body soap:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"> <xsd:string xsi:type="xsd:string">LN4 4NQ</xsd:string> </soap:Body> </soap:Envelope> I can only assume the difference in the way the postcode parameter is being sent is where the problem lies, but as primarily a PHP developer I'm at a loss as to what's occuring here. I have a feeling I'm simply missing something vital in my WSDL as I've seen countless examples of 'Consuming PHP SOAP WebServices with .Net' which appear to suggest that it 'just works'. Any suggestion as to where i've slipped up here would be greatly appreciated. I've currently spent almost an entire day on this now ;-) Thanks in advance, Jamie

Read the article

How-to configure Spring Social via XML

- by Matthias Steiner

I spend a few hours trying to get Twitter integration to work with Spring Social using the XML configuration approach. All the examples I could find on the web (and on stackoverflow) always use the @Config approach as shown in the samples For whatever reason the bean definition to get an instance to the twitter API throws an AOP exception: Caused by: java.lang.IllegalStateException: Cannot create scoped proxy for bean 'scopedTarget.twitter': Target type could not be determined at the time of proxy creation. Here's the complete config file I have: <?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:jaxrs="http://cxf.apache.org/jaxrs" xmlns:context="http://www.springframework.org/schema/context" xmlns:util="http://www.springframework.org/schema/util" xmlns:cxf="http://cxf.apache.org/core" xmlns:aop="http://www.springframework.org/schema/aop" xmlns:jee="http://www.springframework.org/schema/jee" xmlns:mvc="http://www.springframework.org/schema/mvc" xmlns:jdbc="http://www.springframework.org/schema/jdbc" xsi:schemaLocation=" http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd http://cxf.apache.org/jaxrs http://cxf.apache.org/schemas/jaxrs.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-3.1.xsd http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.1.xsd http://www.springframework.org/schema/jee http://www.springframework.org/schema/jee/spring-jee-3.1.xsd http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-3.1.xsd http://www.springframework.org/schema/jdbc http://www.springframework.org/schema/jdbc/spring-jdbc-3.1.xsd"> <import resource="classpath:META-INF/cxf/cxf.xml" /> <import resource="classpath:META-INF/cxf/cxf-servlet.xml" /> <jee:jndi-lookup id="dataSource" jndi-name="java:comp/env/jdbc/DefaultDB" />  <jdbc:initialize-database data-source="dataSource" ignore-failures="ALL"> <jdbc:script location="classpath:/org/springframework/social/connect/jdbc/JdbcUsersConnectionRepository.sql"/> </jdbc:initialize-database> <bean id="connectionFactoryLocator" class="org.springframework.social.connect.support.ConnectionFactoryRegistry"> <property name="connectionFactories"> <list> <ref bean="twitterConnectFactory" /> </list> </property> </bean> <bean id="twitterConnectFactory" class="org.springframework.social.twitter.connect.TwitterConnectionFactory"> <constructor-arg value="xyz" /> <constructor-arg value="xzy" /> </bean> <bean id="usersConnectionRepository" class="org.springframework.social.connect.jdbc.JdbcUsersConnectionRepository"> <constructor-arg ref="dataSource" /> <constructor-arg ref="connectionFactoryLocator" /> <constructor-arg ref="textEncryptor" /> </bean> <bean id="connectionRepository" factory-method="createConnectionRepository" factory-bean="usersConnectionRepository" scope="request"> <constructor-arg value="#{request.userPrincipal.name}" /> <aop:scoped-proxy proxy-target-class="false" /> </bean> <bean id="twitter" factory-method="?ndPrimaryConnection" factory-bean="connectionRepository" scope="request" depends-on="connectionRepository"> <constructor-arg value="org.springframework.social.twitter.api.Twitter" /> <aop:scoped-proxy proxy-target-class="false" /> </bean> <bean id="textEncryptor" class="org.springframework.security.crypto.encrypt.Encryptors" factory-method="noOpText" /> <bean id="connectController" class="org.springframework.social.connect.web.ConnectController"> <constructor-arg ref="connectionFactoryLocator"/> <constructor-arg ref="connectionRepository"/> <property name="applicationUrl" value="https://socialscn.int.netweaver.ondemand.com/socialspringdemo" /> </bean> <bean id="signInAdapter" class="com.sap.netweaver.cloud.demo.social.SimpleSignInAdapter" /> </beans> What puzzles me is that the connectionRepositoryinstantiation works perfectly fine (I commented-out the twitter bean and tested the code!) ?!? It uses the same features: request scope and interface AOP proxy and works, but the twitter bean instantiation fails ?!? The spring social config code looks as follows (I can not see any differences, can you?): @Configuration public class SocialConfig { @Inject private Environment environment; @Inject private DataSource dataSource; @Bean @Scope(value="singleton", proxyMode=ScopedProxyMode.INTERFACES) public ConnectionFactoryLocator connectionFactoryLocator() { ConnectionFactoryRegistry registry = new ConnectionFactoryRegistry(); registry.addConnectionFactory(new TwitterConnectionFactory(environment.getProperty("twitter.consumerKey"), environment.getProperty("twitter.consumerSecret"))); return registry; } @Bean @Scope(value="singleton", proxyMode=ScopedProxyMode.INTERFACES) public UsersConnectionRepository usersConnectionRepository() { return new JdbcUsersConnectionRepository(dataSource, connectionFactoryLocator(), Encryptors.noOpText()); } @Bean @Scope(value="request", proxyMode=ScopedProxyMode.INTERFACES) public ConnectionRepository connectionRepository() { Authentication authentication = SecurityContextHolder.getContext().getAuthentication(); if (authentication == null) { throw new IllegalStateException("Unable to get a ConnectionRepository: no user signed in"); } return usersConnectionRepository().createConnectionRepository(authentication.getName()); } @Bean @Scope(value="request", proxyMode=ScopedProxyMode.INTERFACES) public Twitter twitter() { Connection<Twitter> twitter = connectionRepository().findPrimaryConnection(Twitter.class); return twitter != null ? twitter.getApi() : new TwitterTemplate(); } @Bean public ConnectController connectController() { ConnectController connectController = new ConnectController(connectionFactoryLocator(), connectionRepository()); connectController.addInterceptor(new PostToWallAfterConnectInterceptor()); connectController.addInterceptor(new TweetAfterConnectInterceptor()); return connectController; } @Bean public ProviderSignInController providerSignInController(RequestCache requestCache) { return new ProviderSignInController(connectionFactoryLocator(), usersConnectionRepository(), new SimpleSignInAdapter(requestCache)); } } Any help/pointers would be appreciated!!! Cheers, Matthias

Read the article

Sorting list of URLs by length in Jython

- by Eef

Hi, I am writing a Jython script to sort a list of URLs. I have a list that looks like this: http://www.domain.com/folder1/folder2/|,1 http://www.domain.com/folder1/|,1 http://www.domain.com/folder1/folder2/folder3/|,1 http://www.domain.com/folder1/|,1 http://www.domain.com/folder1/folder2/|,1 http://www.domain.com/folder1/folder2/|,1 http://www.domain.com/folder1/folder2/folder3/|,1 The pipe and the comma separates the path from the amount of files that are under that path. Is it possible some how use Jython to order the URLs by length, so it would end up look like the below list: http://www.domain.com/folder1/|,1 http://www.domain.com/folder1/|,1 http://www.domain.com/folder1/folder2/|,1 http://www.domain.com/folder1/folder2/|,1 http://www.domain.com/folder1/folder2/|,1 http://www.domain.com/folder1/folder2/folder3/|,1 http://www.domain.com/folder1/folder2/folder3/|,1 Hope you guys get what I mean, any help would be appreciated. Cheers

Read the article

HTTP Builder/Groovy - get source text _and_ XmlSlurper output?

- by Misha Koshelev

Dear All: I am reading here: http://groovy.codehaus.org/modules/http-builder/doc/get.html I seem to be able to get i) XMLSlurper output as parsed by NekoHTML using: def http = new HTTPBuilder('http://www.google.com') def html = http.get( path : '/search', query : [q:'Groovy'] ) ii) Raw text using: http.get( path : '/search', contentType : TEXT, query : [q:'Groovy'] ) { resp, reader -> println "response status: ${resp.statusLine}" println 'Headers: -----------' resp.headers.each { h -> println " ${h.name} : ${h.value}" } println 'Response data: -----' System.out << reader println '\n--------------------' } I am having some trouble and would like to get BOTH (i) and (ii) to debug my XmlSlurper code on the actual html I am getting. Any suggestions how I might go about doing this? I can easily instantiate an XmlSlurper object with the relevant string using the parseString(string) method or the parse(reader) method, but I cannot seem to get the Neko processing step correct. Any hints? Thank you! Misha

Read the article

Why would a WebService return nulls when the actual service returns data?

- by Jerry

I have a webservice (out of my control) that I have to talk to. I also have a packet-sniffer on the line, and (SURPRISE!!!) the developers of the webservice aren't lying. They are actually sending back all of the data that I requested. But the web-service code that is auto-generated from the WSDL file is giving me "null" as a value. I used their WSDL file to generate my Web Reference. I checked my data types with the datatypes that the WSDL file has declared. And I used the code as listed below to perform the calls: DT_MaterialMaster_LookupRequest req = new DT_MaterialMaster_LookupRequest(); req.MaterialNumber = "101*"; req.DocumentNo = ""; req.Description = "Pipe*"; req.Plant = "0000"; MI_MaterialMaster_Lookup_OBService srv = new MI_MaterialMaster_Lookup_OBService(); DT_MaterialMaster_Response resp = srv.MI_MaterialMaster_Lookup_OB(new DT_MaterialMaster_LookupRequest[] { req }); // Note that the response here is ALWAYS null!! Console.WriteLine(resp.Status); The resp object is an actual object. It was generated properly. However, the Status and MaterialData fields are always null. When I call the web service, I've placed a packet-sniffer on the line, and I can see that I've sent the following (linebreaks and indentions for my own sanity): <?xml version="1.0" encoding="utf-8"?> <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"> <soap:Body> <MT_MaterialMaster_Lookup xmlns="http://MyCompany.com/SomeCompany/mm/MaterialMasterSearch"> <Request xmlns=""> <MaterialNumber>101*</MaterialNumber> <Description>Pipe*</Description> <DocumentNo /> <Plant>0000</Plant> </Request> </MT_MaterialMaster_Lookup> </soap:Body> </soap:Envelope> The response that they send back SEEMS to be a valid response (linebreaks and indentions for my own sanity): <SOAP:Envelope xmlns:SOAP='http://schemas.xmlsoap.org/soap/envelope/'> <SOAP:Header /> <SOAP:Body> <n0:MT_MaterialMaster_Response xmlns:n0='http://MyCompany.com/SomeCompany/mm/MaterialMasterSearch' xmlns:prx='urn:SomeCompany.com:proxy:BRD:/1SAI/TAS4FE14A2DE960D61219AE:701:2009/02/10'> <Response> <Status>No Rows Found</Status> <MaterialData /> </Response> </n0:MT_MaterialMaster_Response> </SOAP:Body> </SOAP:Envelope> The status shows that it actually received data... but the resp.Status and resp.MaterialData fields are always null. What have I done wrong? UPDATE: The WSDL file is defined as: <?xml version="1.0" encoding="utf-8"?> <wsdl:definitions xmlns:p1="http://MyCompany.com/SomeCompany/mm/MaterialMasterSearch" name="MI_MaterialMaster_Lookup_AutoCAD_OB" targetNamespace="http://MyCompany.com/SomeCompany/mm/MaterialMasterSearch" xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/"> <wsdl:types> <xsd:schema xmlns="http://MyCompany.com/SomeCompany/mm/MaterialMasterSearch" targetNamespace="http://MyCompany.com/SomeCompany/mm/MaterialMasterSearch" xmlns:xsd="http://www.w3.org/2001/XMLSchema"> <xsd:element name="MT_MaterialMaster_Response" type="p1:DT_MaterialMaster_Response" /> <xsd:element name="MT_MaterialMaster_Lookup" type="p1:DT_MaterialMaster_Lookup" /> <xsd:complexType name="DT_MaterialMaster_Response"> <xsd:sequence> <xsd:element name="Status" type="xsd:string"> <xsd:annotation> <xsd:appinfo source="http://SomeCompany.com/xi/TextID">d48d03b040af11df99e300145eccb24e</xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element maxOccurs="unbounded" name="MaterialData"> <xsd:annotation> <xsd:appinfo source="http://SomeCompany.com/xi/TextID">64908aa040a511df843700145eccb24e</xsd:appinfo> </xsd:annotation> <xsd:complexType> <xsd:sequence> <xsd:element name="MaterialNumber" type="xsd:string"> <xsd:annotation> <xsd:appinfo source="http://SomeCompany.com/xi/TextID">64908aa140a511df848500145eccb24e</xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element minOccurs="0" name="Description" type="xsd:string"> <xsd:annotation> <xsd:appinfo source="http://SomeCompany.com/xi/TextID">64908aa240a511df95bf00145eccb24e</xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element minOccurs="0" name="DocumentNo" type="xsd:string"> <xsd:annotation> <xsd:appinfo source="http://SomeCompany.com/xi/TextID">64908aa340a511dfb23700145eccb24e</xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element minOccurs="0" name="UOM" type="xsd:string"> <xsd:annotation> <xsd:appinfo source="http://SomeCompany.com/xi/TextID">3b5f14c040a611df9fbe00145eccb24e</xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element minOccurs="0" name="Hierarchy" type="xsd:string"> <xsd:annotation> <xsd:appinfo source="http://SomeCompany.com/xi/TextID">64908aa440a511dfc65b00145eccb24e</xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element minOccurs="0" name="Plant" type="xsd:string"> <xsd:annotation> <xsd:appinfo source="http://SomeCompany.com/xi/TextID">d48d03b140af11dfb78e00145eccb24e</xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element minOccurs="0" name="Procurement" type="xsd:string"> <xsd:annotation> <xsd:appinfo source="http://SomeCompany.com/xi/TextID">d48d03b240af11dfb87b00145eccb24e</xsd:appinfo> </xsd:annotation> </xsd:element> </xsd:sequence> </xsd:complexType> </xsd:element> </xsd:sequence> </xsd:complexType> <xsd:complexType name="DT_MaterialMaster_Lookup"> <xsd:sequence> <xsd:element maxOccurs="unbounded" name="Request"> <xsd:annotation> <xsd:appinfo source="http://SomeCompany.com/xi/TextID">64908aa040a511df843700145eccb24e</xsd:appinfo> </xsd:annotation> <xsd:complexType> <xsd:sequence> <xsd:element minOccurs="0" name="MaterialNumber" type="xsd:string"> <xsd:annotation> <xsd:appinfo source="http://SomeCompany.com/xi/TextID">64908aa140a511df848500145eccb24e</xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element minOccurs="0" name="Description" type="xsd:string"> <xsd:annotation> <xsd:appinfo source="http://SomeCompany.com/xi/TextID">64908aa240a511df95bf00145eccb24e</xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element minOccurs="0" name="DocumentNo" type="xsd:string"> <xsd:annotation> <xsd:appinfo source="http://SomeCompany.com/xi/TextID">64908aa340a511dfb23700145eccb24e</xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element minOccurs="0" name="Plant" type="xsd:string"> <xsd:annotation> <xsd:appinfo source="http://SomeCompany.com/xi/TextID">64908aa440a511dfc65b00145eccb24e</xsd:appinfo> </xsd:annotation> </xsd:element> </xsd:sequence> </xsd:complexType> </xsd:element> </xsd:sequence> </xsd:complexType> </xsd:schema> </wsdl:types> <wsdl:message name="MT_MaterialMaster_Lookup"> <wsdl:part name="MT_MaterialMaster_Lookup" element="p1:MT_MaterialMaster_Lookup" /> </wsdl:message> <wsdl:message name="MT_MaterialMaster_Response"> <wsdl:part name="MT_MaterialMaster_Response" element="p1:MT_MaterialMaster_Response" /> </wsdl:message> <wsdl:portType name="MI_MaterialMaster_Lookup_AutoCAD_OB"> <wsdl:operation name="MI_MaterialMaster_Lookup_AutoCAD_OB"> <wsdl:input message="p1:MT_MaterialMaster_Lookup" /> <wsdl:output message="p1:MT_MaterialMaster_Response" /> </wsdl:operation> </wsdl:portType> <wsdl:binding name="MI_MaterialMaster_Lookup_AutoCAD_OBBinding" type="p1:MI_MaterialMaster_Lookup_AutoCAD_OB"> <binding transport="http://schemas.xmlsoap.org/soap/http" xmlns="http://schemas.xmlsoap.org/wsdl/soap/" /> <wsdl:operation name="MI_MaterialMaster_Lookup_AutoCAD_OB"> <operation soapAction="http://SomeCompany.com/xi/WebService/soap1.1" xmlns="http://schemas.xmlsoap.org/wsdl/soap/" /> <wsdl:input> <body use="literal" xmlns="http://schemas.xmlsoap.org/wsdl/soap/" /> </wsdl:input> <wsdl:output> <body use="literal" xmlns="http://schemas.xmlsoap.org/wsdl/soap/" /> </wsdl:output> </wsdl:operation> </wsdl:binding> <wsdl:service name="MI_MaterialMaster_Lookup_AutoCAD_OBService"> <wsdl:port name="MI_MaterialMaster_Lookup_AutoCAD_OBPort" binding="p1:MI_MaterialMaster_Lookup_AutoCAD_OBBinding"> <address location="http://bxdwas.MyCompany.com/XISOAPAdapter/MessageServlet?channel=:AutoCAD:SOAP_SND_Material_Lookup" xmlns="http://schemas.xmlsoap.org/wsdl/soap/" /> </wsdl:port> </wsdl:service> </wsdl:definitions>

Read the article

DWR and Spring Security - User is deauthenticated in few seconds

- by Vojtech

I am trying to implement user authentication via DWR as follows: public class PublicRemote { @Autowired @Qualifier("authenticationManager") private AuthenticationManager authenticationManager; public Map<String, Object> userLogin(String username, String password, boolean stay) { Map<String, Object> map = new HashMap<>(); UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken(username, password); try { Authentication authentication = authenticationManager.authenticate(authRequest); SecurityContextHolder.getContext().setAuthentication(authentication); map.put("success", "true"); } catch (Exception e) { map.put("success", "false"); } return map; } public Map<String, Object> getUserState() { Map<String, Object> map = new HashMap<>(); Authentication authentication = SecurityContextHolder.getContext().getAuthentication(); boolean authenticated = authentication != null && authentication.isAuthenticated(); map.put("authenticated", authenticated); if (authenticated) { map.put("authorities", authentication.getAuthorities()); } return map; } } The authentication works correctly and by calling getUserState() I can see that the user is successfully logged in. The problem is that this state will stay only for few seconds. In probably 5 seconds, the getAuthentication() starts returning null. Is there some problem with session in DWR or is it some misconfiguration of Spring Security?

Read the article

BRE (Business Rules Engine) Data Services is out...!!!

- by Vishal

A few months ago we at Tellago had open sourced the BizTalk Data Services. We were meanwhile working on other artifacts which comes along with BizTalk Server like the “Business Rules Engine”. We are happy to announce the first version of BRE Data Services. BRE Data Services is a same concept which we covered through BTS Data Services, providing a RESTFul OData – based API to interact with the Business Rules Engine via HTTP using ATOM Publishing Protocol or JSON as the encoding mechanism. In the first version release, we mainly focused on the browsing, querying and searching BRE artifacts via a RESTFul interface. Also along with that we provide the functionality to execute Business Rules by inserting the Facts for policies via the IUpdatable implementation of WCF Data Services. The BRE Data Services API provides a lightweight interface for managing Business Rules Engine artifacts such as Policies, Rules, Vocabularies, Conditions, Actions, Facts etc. The following are some examples which details some of the available features in the current version of the API. Basic Querying: Querying BRE Policies http://localhost/BREDataServices/BREMananagementService.svc/Policies Querying BRE Rules http://localhost/BREDataServices/BREMananagementService.svc/Rules Querying BRE Vocabularies http://localhost/BREDataServices/BREMananagementService.svc/Vocabularies Navigation: The BRE Data Services API also leverages WCF Data Services to enable navigation across related different BRE objects. Querying a specific Policy http://localhost/BREDataServices/BREMananagementService.svc/Policies(‘PolicyName’) Querying a specific Rule http://localhost/BREDataServices/BREMananagementService.svc/Rules(‘RuleName’) Querying all Rules under a Policy http://localhost/BREDataServices/BREMananagementService.svc/Policies('PolicyName')/Rules Querying all Facts under a Policy http://localhost/BREDataServices/BREMananagementService.svc/Policies('PolicyName')/Facts Querying all Actions for a specific Rule http://localhost/BREDataServices/BREMananagementService.svc/Rules('RuleName')/Actions Querying all Conditions for a specific Rule http://localhost/BREDataServices/BREMananagementService.svc/Rules('RuleName')/Actions Querying a specific Vocabulary: http://localhost/BREDataServices/BREMananagementService.svc/Vocabularies('VocabName') Implementation: With the BRE Data Services, we also provide the functionality of executing a particular policy via HTTP. There are couple of ways you can do that though the API. Ø First is though Service Operations feature of WCF Data Services in which you can execute the Facts by passing them in the URL itself. This is a very simple implementations of the executing the policies due to the limitations & restrictions (only primitive types of input parameters which can be passed) currently of the Service Operations of the WCF Data Services. Below is a code sample. Below is a traced Request/Response message. Ø Second is through the IUpdatable Interface of WCF Data Services. In this method, you can first query the rule which you want to execute and then inserts Facts for that particular Rules and finally when you perform the SaveChanges() call for the IUpdatable Interface API, it executes the policy with the facts which you inserted at runtime. Below is a sample of client side code. Due to the limitations of current version of WCF Data Services where there is no way you can return back the updates happening on the service side back to the client via the SaveChanges() method. Here we are executing the rule passing a serialized XML as Facts and there is no changes made to any data where we can query back to fetch the changes. This is overcome though the first way to executing the policies which is by executing it as a Service Operation call. This actually generates a AtomPub message shown as below: POST /Tellago.BRE.REST.ServiceHost/BREMananagementService.svc/$batch HTTP/1.1 User-Agent: Microsoft ADO.NET Data Services DataServiceVersion: 1.0;NetFx MaxDataServiceVersion: 2.0;NetFx Accept: application/atom+xml,application/xml Accept-Charset: UTF-8 Content-Type: multipart/mixed; boundary=batch_6b9a5ced-5ecb-4585-940a-9d5e704c28c7 Host: localhost:8080 Content-Length: 1481 Expect: 100-continue --batch_6b9a5ced-5ecb-4585-940a-9d5e704c28c7 Content-Type: multipart/mixed; boundary=changeset_184a8c59-a714-4ba9-bb3d-889a88fe24bf --changeset_184a8c59-a714-4ba9-bb3d-889a88fe24bf Content-Type: application/http Content-Transfer-Encoding: binary MERGE http://localhost:8080/Tellago.BRE.REST.ServiceHost/BREMananagementService.svc/Facts('TestPolicy') HTTP/1.1 Content-ID: 4 Content-Type: application/atom+xml;type=entry Content-Length: 927 <?xml version="1.0" encoding="utf-8" standalone="yes"?> <entry xmlns:d="http://schemas.microsoft.com/ado/2007/08/dataservices" xmlns:m="http://schemas.microsoft.com/ado/2007/08/dataservices/metadata" font-size: x-small"http://www.w3.org/2005/Atom"> <category scheme="http://schemas.microsoft.com/ado/2007/08/dataservices/scheme" term="Tellago.BRE.REST.Resources.Fact" /> <title /> <author> <name /> </author> <updated>2011-01-31T20:09:15.0023982Z</updated> <id>http://localhost:8080/Tellago.BRE.REST.ServiceHost/BREMananagementService.svc/Facts('TestPolicy')</id> <content type="application/xml"> <m:properties> <d:FactInstance><ns0:LoanStatus xmlns:ns0="http://tellago.com"><Age>10</Age><Status>true</Status></ns0:LoanStatus></d:FactInstance> <d:FactType>TestSchema</d:FactType> <d:ID>TestPolicy</d:ID> </m:properties> </content> </entry> --changeset_184a8c59-a714-4ba9-bb3d-889a88fe24bf-- --batch_6b9a5ced-5ecb-4585-940a-9d5e704c28c7— Installation: The installation of the BRE Data Services is pretty straight forward. · Create a new IIS website say BREDataServices. · Download the SourceCode from TellagoCodeplex and copy the content from Tellago.BRE.REST.ServiceHost to the physical location of the above created website. · The appPool account running the website should have admin access to the BizTalkRuleEngineDb database. · TheRight click the BREManagementService.svc in the IIS ContentView for the website and wala.. Conclusion: The BRE Data Services API is an experiment intended to bring the capabilities of RESTful/OData based services to the Traditional BTS/BRE Solutions. The future releases will target on technologies like BAM, ESB Toolkit. This version has been tested with various version of BizTalk Server and we have uploaded the source code to our Tellago's DevLabs workspace at Codeplex. I hope you guys enjoy this release. Keep an eye on our new releases @ Tellago Codeplex. We are working on various other Biztalk Artifacts like BAM, ESB Toolkit. Till than happy BizzRuling…!!! Thanks, Vishal Mody

Read the article

HTG Explains: How Internet Explorer Saves Your Passwords and How to Manage Them

- by Taylor Gibb

Privacy is very important when it comes to the digital world, but do you know exactly how your browser saves your passwords ? Read on to find out what goes on behind the scenes. When it comes to web applications, there are many different types of authentication. One of the types is called basic authentication, which is when you navigate to website and a dialog box opens to ask for a username and password. This also happens to be the authentication mechanism defined in the RFC for HTTP. You can see in the screen shot above that there is a check box that you can use to remember your credentials, but what does that do ? You might also ask yourself what happens if you are not using Basic authentication. There is another type of authentication called Form authentication, this is when the authentication is built right into the web application, like the How-To Geek website. This allows the Developer to control the look and feel of the form that we use to log in. How To Delete, Move, or Rename Locked Files in Windows HTG Explains: Why Screen Savers Are No Longer Necessary 6 Ways Windows 8 Is More Secure Than Windows 7

Read the article

Software Center does not load

- by eim

I'm having problems with opening my Software center and it just shuts off after loading a few seconds. I can't even get it to the main page of the Software Center. I did try to follow these commands but of no avail: sudo apt-get purge software-center sudo apt-get update sudo apt-get install software-center Instead, I get an error after entering the first command: eim@eim-VAIO:~$ sudo apt-get purge software-cente Reading package lists... Error! E: Encountered a section with no Package: header E: **Problem with MergeList** /var/lib/apt/lists/security.ubuntu.com_ubuntu_dists_precise-security_universe_i18n_Translation-en E: The package lists or status file could not be parsed or opened. I tried doing this aswell: Run : cd ~/.cache; rm -r software-center (nothing happened) And this: Add /usr/lib/policykit-1-gnome/polkit-gnome-authentication-agent-1 to the Startup applications error message: eim@eim-VAIO:~$ /usr/lib/policykit-1-gnome/polkit-gnome-authentication-agent-1 Gtk-Message: Not loading module "atk-bridge": The functionality is provided by GTK natively. Please try to not load it. ** (polkit-gnome-authentication-agent-1:3563): WARNING **: Unable to register authentication agent: GDBus.Error:org.freedesktop.PolicyKit1.Error.Failed: An authentication agent already exists for the given subject Cannot register authentication agent: GDBus.Error:org.freedesktop.PolicyKit1.Error.Failed: An authentication agent already exists for the given subject I think I've done all the possible fix to this problem as suggested on my research. But I can't seem to get this work. Can someone please help? NOTE: Okay... Guess I just found the solution to my problem. I'll just post the answer here since I can't answer my own question yet. Open terminal: sudo rm /var/lib/apt/lists/* -vf sudo apt-get update Now I can open my Software Center! I found the answer here: How do I fix a "Problem with MergeList" error when trying to do an update?

Read the article

Unable to apt-get upgrade in ubuntu 11.10

- by blackhole

These are the errors shows by different client Update Manager: Traceback (most recent call last): File "/usr/lib/python2.7/dist-packages/aptdaemon/worker.py", line 968, in simulate trans.unauthenticated = self._simulate_helper(trans) File "/usr/lib/python2.7/dist-packages/aptdaemon/worker.py", line 1092, in _simulate_helper return depends, self._cache.required_download, \ File "/usr/lib/python2.7/dist-packages/apt/cache.py", line 235, in required_download pm.get_archives(fetcher, self._list, self._records) SystemError: E:Method has died unexpectedly!, E:Sub-process returned an error code (100), E:Method /usr/lib/apt/methods/ did not start correctly Synaptic package Manager E: Method has died unexpectedly! E: Sub-process returned an error code (100) E: Method /usr/lib/apt/methods/ did not start correctly E: Unable to lock the download directory Command: sudo apt-get upgrade Reading package lists... Done Building dependency tree Reading state information... Done The following packages will be upgraded: libfreetype6 libfreetype6-dev 2 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. Failed to exec method /usr/lib/apt/methods/ E: Method has died unexpectedly! E: Sub-process returned an error code (100) E: Method /usr/lib/apt/methods/ did not start correctly Can anyone one tell me how to resolve these issues ? I have no volatile packages or anything so i am even posting the preview of my sources.list file. # deb cdrom:[Ubuntu 10.10 _Maverick Meerkat_ - Release i386 (20101007)]/ maverick main restricted # See http://help.ubuntu.com/community/UpgradeNotes for how to upgrade to # newer versions of the distribution. deb http://in.archive.ubuntu.com/ubuntu/ oneiric main restricted ## Major bug fix updates produced after the final release of the ## distribution. deb http://in.archive.ubuntu.com/ubuntu/ oneiric-updates main restricted ## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu ## team. Also, please note that software in universe WILL NOT receive any ## review or updates from the Ubuntu security team. deb http://in.archive.ubuntu.com/ubuntu/ oneiric universe deb http://in.archive.ubuntu.com/ubuntu/ oneiric-updates universe ## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu ## team, and may not be under a free licence. Please satisfy yourself as to ## your rights to use the software. Also, please note that software in ## multiverse WILL NOT receive any review or updates from the Ubuntu ## security team. deb http://in.archive.ubuntu.com/ubuntu/ oneiric multiverse deb http://in.archive.ubuntu.com/ubuntu/ oneiric-updates multiverse ## Uncomment the following two lines to add software from the 'backports' ## repository. ## N.B. software from this repository may not have been tested as ## extensively as that contained in the main release, although it includes ## newer versions of some applications which may provide useful features. ## Also, please note that software in backports WILL NOT receive any review ## or updates from the Ubuntu security team. # deb http://in.archive.ubuntu.com/ubuntu/ maverick-backports main restricted universe multiverse # deb-src http://in.archive.ubuntu.com/ubuntu/ maverick-backports main restricted universe multiverse ## Uncomment the following two lines to add software from Canonical's ## 'partner' repository. ## This software is not part of Ubuntu, but is offered by Canonical and the ## respective vendors as a service to Ubuntu users. deb http://archive.canonical.com/ubuntu oneiric partner deb-src http://archive.canonical.com/ubuntu oneiric partner ## This software is not part of Ubuntu, but is offered by third-party ## developers who want to ship their latest software. deb http://extras.ubuntu.com/ubuntu oneiric main deb-src http://extras.ubuntu.com/ubuntu oneiric main deb http://in.archive.ubuntu.com/ubuntu/ oneiric-security main restricted deb http://in.archive.ubuntu.com/ubuntu/ oneiric-security universe deb http://in.archive.ubuntu.com/ubuntu/ oneiric-security multiverse # deb http://archive.canonical.com/ lucid partner Here is the preview of my sources.list file

Read the article

FreeBSD performance tuning. Sysctls, loader.conf, kernel

- by SaveTheRbtz

I wanted to share knowledge of tuning FreeBSD via sysctl.conf/loader.conf/KENCONF. It was initially based on Igor Sysoev's (author of nginx) presentation about FreeBSD tuning up to 100,000-200,000 active connections. Tunings are for FreeBSD-CURRENT. Since 7.2 amd64 some of them are tuned well by default. Prior 7.0 some of them are boot only (set via /boot/loader.conf) or does not exist at all. sysctl.conf: # No zero mapping feature # May break wine # (There are also reports about broken samba3) #security.bsd.map_at_zero=0 # If you have really busy webserver with apache13 you may run out of processes #kern.maxproc=10000 # Same for servers with apache2 / Pound #kern.threads.max_threads_per_proc=4096 # Max. backlog size kern.ipc.somaxconn=4096 # Shared memory // 7.2+ can use shared memory > 2Gb kern.ipc.shmmax=2147483648 # Sockets kern.ipc.maxsockets=204800 # Can cause this on older kernels: # http://old.nabble.com/Significant-performance-regression-for-increased-maxsockbuf-on-8.0-RELEASE-tt26745981.html#a26745981 ) kern.ipc.maxsockbuf=10485760 # Mbuf 2k clusters (on amd64 7.2+ 25600 is default) # For such high value vm.kmem_size must be increased to 3G kern.ipc.nmbclusters=262144 # Jumbo pagesize(_SC_PAGESIZE) clusters # Used as general packet storage for jumbo frames # can be monitored via `netstat -m` #kern.ipc.nmbjumbop=262144 # Jumbo 9k/16k clusters # If you are using them #kern.ipc.nmbjumbo9=65536 #kern.ipc.nmbjumbo16=32768 # For lower latency you can decrease scheduler's maximum time slice # default: stathz/10 (~ 13) #kern.sched.slice=1 # Increase max command-line length showed in `ps` (e.g for Tomcat/Java) # Default is PAGE_SIZE / 16 or 256 on x86 # This avoids commands to be presented as [executable] in `ps` # For more info see: http://www.freebsd.org/cgi/query-pr.cgi?pr=120749 kern.ps_arg_cache_limit=4096 # Every socket is a file, so increase them kern.maxfiles=204800 kern.maxfilesperproc=200000 kern.maxvnodes=200000 # On some systems HPET is almost 2 times faster than default ACPI-fast # Useful on systems with lots of clock_gettime / gettimeofday calls # See http://old.nabble.com/ACPI-fast-default-timecounter,-but-HPET-83--faster-td23248172.html # After revision 222222 HPET became default: http://svnweb.freebsd.org/base?view=revision&revision=222222 kern.timecounter.hardware=HPET # Small receive space, only usable on http-server, on file server this # should be increased to 65535 or even more #net.inet.tcp.recvspace=8192 # This is useful on Fat-Long-Pipes #net.inet.tcp.recvbuf_max=10485760 #net.inet.tcp.recvbuf_inc=65535 # Small send space is useful for http servers that serve small files # Autotuned since 7.x net.inet.tcp.sendspace=16384 # This is useful on Fat-Long-Pipes #net.inet.tcp.sendbuf_max=10485760 #net.inet.tcp.sendbuf_inc=65535 # Turn off receive autotuning # You can play with it. #net.inet.tcp.recvbuf_auto=0 #net.inet.tcp.sendbuf_auto=0 # This should be enabled if you going to use big spaces (>64k) # Also timestamp field is useful when using syncookies net.inet.tcp.rfc1323=1 # Turn this off on high-speed, lossless connections (LAN 1Gbit+) # If you set it there is no need in TCP_NODELAY sockopt (see man tcp) net.inet.tcp.delayed_ack=0 # This feature is useful if you are serving data over modems, Gigabit Ethernet, # or even high speed WAN links (or any other link with a high bandwidth delay product), # especially if you are also using window scaling or have configured a large send window. # Automatically disables on small RTT ( http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/netinet/tcp_subr.c?#rev1.237 ) # This sysctl was removed in 10-CURRENT: # See: http://www.mail-archive.com/[email protected]/msg06178.html #net.inet.tcp.inflight.enable=0 # TCP slowstart algorithm tunings # We assuming we have very fast clients #net.inet.tcp.slowstart_flightsize=100 #net.inet.tcp.local_slowstart_flightsize=100 # Disable randomizing of ports to avoid false RST # Before usage check SA here www.bsdcan.org/2006/papers/ImprovingTCPIP.pdf # (it's also says that port randomization auto-disables at some conn.rates, but I didn't checked it thou) #net.inet.ip.portrange.randomized=0 # Increase portrange # For outgoing connections only. Good for seed-boxes and ftp servers. net.inet.ip.portrange.first=1024 net.inet.ip.portrange.last=65535 # # stops route cache degregation during a high-bandwidth flood # http://www.freebsd.org/doc/en/books/handbook/securing-freebsd.html #net.inet.ip.rtexpire=2 net.inet.ip.rtminexpire=2 net.inet.ip.rtmaxcache=1024 # Security net.inet.ip.redirect=0 net.inet.ip.sourceroute=0 net.inet.ip.accept_sourceroute=0 net.inet.icmp.maskrepl=0 net.inet.icmp.log_redirect=0 net.inet.icmp.drop_redirect=1 net.inet.tcp.drop_synfin=1 # # There is also good example of sysctl.conf with comments: # http://www.thern.org/projects/sysctl.conf # # icmp may NOT rst, helpful for those pesky spoofed # icmp/udp floods that end up taking up your outgoing # bandwidth/ifqueue due to all that outgoing RST traffic. # #net.inet.tcp.icmp_may_rst=0 # Security net.inet.udp.blackhole=1 net.inet.tcp.blackhole=2 # IPv6 Security # For more info see http://www.fosslc.org/drupal/content/security-implications-ipv6 # Disable Node info replies # To see this vulnerability in action run `ping6 -a sglAac ::1` or `ping6 -w ::1` on unprotected node net.inet6.icmp6.nodeinfo=0 # Turn on IPv6 privacy extensions # For more info see proposal http://unix.derkeiler.com/Mailing-Lists/FreeBSD/net/2008-06/msg00103.html net.inet6.ip6.use_tempaddr=1 net.inet6.ip6.prefer_tempaddr=1 # Disable ICMP redirect net.inet6.icmp6.rediraccept=0 # Disable acceptation of RA and auto linklocal generation if you don't use them #net.inet6.ip6.accept_rtadv=0 #net.inet6.ip6.auto_linklocal=0 # Increases default TTL, sometimes useful # Default is 64 net.inet.ip.ttl=128 # Lessen max segment life to conserve resources # ACK waiting time in miliseconds # (default: 30000. RFC from 1979 recommends 120000) net.inet.tcp.msl=5000 # Max bumber of timewait sockets net.inet.tcp.maxtcptw=200000 # Don't use tw on local connections # As of 15 Apr 2009. Igor Sysoev says that nolocaltimewait has some buggy realization. # So disable it or now till get fixed #net.inet.tcp.nolocaltimewait=1 # FIN_WAIT_2 state fast recycle net.inet.tcp.fast_finwait2_recycle=1 # Time before tcp keepalive probe is sent # default is 2 hours (7200000) #net.inet.tcp.keepidle=60000 # Should be increased until net.inet.ip.intr_queue_drops is zero net.inet.ip.intr_queue_maxlen=4096 # Interrupt handling via multiple CPU, but with context switch. # You can play with it. Default is 1; #net.isr.direct=0 # This is for routers only #net.inet.ip.forwarding=1 #net.inet.ip.fastforwarding=1 # This speed ups dummynet when channel isn't saturated net.inet.ip.dummynet.io_fast=1 # Increase dummynet(4) hash #net.inet.ip.dummynet.hash_size=2048 #net.inet.ip.dummynet.max_chain_len # Should be increased when you have A LOT of files on server # (Increase until vfs.ufs.dirhash_mem becomes lower) vfs.ufs.dirhash_maxmem=67108864 # Note from commit http://svn.freebsd.org/base/head@211031 : # For systems with RAID volumes and/or virtualization envirnments, where # read performance is very important, increasing this sysctl tunable to 32 # or even more will demonstratively yield additional performance benefits. vfs.read_max=32 # Explicit Congestion Notification (see http://en.wikipedia.org/wiki/Explicit_Congestion_Notification) net.inet.tcp.ecn.enable=1 # Flowtable - flow caching mechanism # Useful for routers #net.inet.flowtable.enable=1 #net.inet.flowtable.nmbflows=65535 # Extreme polling tuning #kern.polling.burst_max=1000 #kern.polling.each_burst=1000 #kern.polling.reg_frac=100 #kern.polling.user_frac=1 #kern.polling.idle_poll=0 # IPFW dynamic rules and timeouts tuning # Increase dyn_buckets till net.inet.ip.fw.curr_dyn_buckets is lower net.inet.ip.fw.dyn_buckets=65536 net.inet.ip.fw.dyn_max=65536 net.inet.ip.fw.dyn_ack_lifetime=120 net.inet.ip.fw.dyn_syn_lifetime=10 net.inet.ip.fw.dyn_fin_lifetime=2 net.inet.ip.fw.dyn_short_lifetime=10 # Make packets pass firewall only once when using dummynet # i.e. packets going thru pipe are passing out from firewall with accept #net.inet.ip.fw.one_pass=1 # shm_use_phys Wires all shared pages, making them unswappable # Use this to lessen Virtual Memory Manager's work when using Shared Mem. # Useful for databases #kern.ipc.shm_use_phys=1 # ZFS # Enable prefetch. Useful for sequential load type i.e fileserver. # FreeBSD sets vfs.zfs.prefetch_disable to 1 on any i386 systems and # on any amd64 systems with less than 4GB of avaiable memory # For additional info check this nabble thread http://old.nabble.com/Samba-read-speed-performance-tuning-td27964534.html #vfs.zfs.prefetch_disable=0 # On highload servers you may notice following message in dmesg: # "Approaching the limit on PV entries, consider increasing either the # vm.pmap.shpgperproc or the vm.pmap.pv_entry_max tunable" vm.pmap.shpgperproc=2048 loader.conf: # Accept filters for data, http and DNS requests # Useful when your software uses select() instead of kevent/kqueue or when you under DDoS # DNS accf available on 8.0+ accf_data_load="YES" accf_http_load="YES" accf_dns_load="YES" # Async IO system calls aio_load="YES" # Linux specific devices in /dev # As for 8.1 it only /dev/full #lindev_load="YES" # Adds NCQ support in FreeBSD # WARNING! all ad[0-9]+ devices will be renamed to ada[0-9]+ # 8.0+ only #ahci_load="YES" #siis_load="YES" # FreeBSD 8.2+ # New Congestion Control for FreeBSD # http://caia.swin.edu.au/urp/newtcp/tools/cc_chd-readme-0.1.txt # http://www.ietf.org/proceedings/78/slides/iccrg-5.pdf # Initial merge commit message http://www.mail-archive.com/[email protected]/msg31410.html #cc_chd_load="YES" # Increase kernel memory size to 3G. # # Use ONLY if you have KVA_PAGES in kernel configuration, and you have more than 3G RAM # Otherwise panic will happen on next reboot! # # It's required for high buffer sizes: kern.ipc.nmbjumbop, kern.ipc.nmbclusters, etc # Useful on highload stateful firewalls, proxies or ZFS fileservers # (FreeBSD 7.2+ amd64 users: Check that current value is lower!) #vm.kmem_size="3G" # If your server has lots of swap (>4Gb) you should increase following value # according to http://lists.freebsd.org/pipermail/freebsd-hackers/2009-October/029616.html # Otherwise you'll be getting errors # "kernel: swap zone exhausted, increase kern.maxswzone" # kern.maxswzone="256M" # Older versions of FreeBSD can't tune maxfiles on the fly #kern.maxfiles="200000" # Useful for databases # Sets maximum data size to 1G # (FreeBSD 7.2+ amd64 users: Check that current value is lower!) #kern.maxdsiz="1G" # Maximum buffer size(vfs.maxbufspace) # You can check current one via vfs.bufspace # Should be lowered/upped depending on server's load-type # Usually decreased to preserve kmem # (default is 10% of mem) #kern.maxbcache="512M" # Sendfile buffers # For i386 only #kern.ipc.nsfbufs=10240 # FreeBSD 9+ # HPET "legacy route" support. It should allow HPET to work per-CPU # See http://www.mail-archive.com/[email protected]/msg03603.html #hint.atrtc.0.clock=0 #hint.attimer.0.clock=0 #hint.hpet.0.legacy_route=1 # syncache Hash table tuning net.inet.tcp.syncache.hashsize=1024 net.inet.tcp.syncache.bucketlimit=512 net.inet.tcp.syncache.cachelimit=65536 # Increased hostcache # Later host cache can be viewed via net.inet.tcp.hostcache.list hidden sysctl # Very useful for it's RTT RTTVAR # Must be power of two net.inet.tcp.hostcache.hashsize=65536 # hashsize * bucketlimit (which is 30 by default) # It allocates 255Mb (1966080*136) of RAM net.inet.tcp.hostcache.cachelimit=1966080 # TCP control-block Hash table tuning net.inet.tcp.tcbhashsize=4096 # Disable ipfw deny all # Should be uncommented when there is a chance that # kernel and ipfw binary may be out-of sync on next reboot #net.inet.ip.fw.default_to_accept=1 # # SIFTR (Statistical Information For TCP Research) is a kernel module that # logs a range of statistics on active TCP connections to a log file. # See prerelease notes http://groups.google.com/group/mailing.freebsd.current/browse_thread/thread/b4c18be6cdce76e4 # and man 4 sitfr #siftr_load="YES" # Enable superpages, for 7.2+ only # Also read http://lists.freebsd.org/pipermail/freebsd-hackers/2009-November/030094.html vm.pmap.pg_ps_enabled=1 # Usefull if you are using Intel-Gigabit NIC #hw.em.rxd=4096 #hw.em.txd=4096 #hw.em.rx_process_limit="-1" # Also if you have ALOT interrupts on NIC - play with following parameters # NOTE: You should set them for every NIC #dev.em.0.rx_int_delay: 250 #dev.em.0.tx_int_delay: 250 #dev.em.0.rx_abs_int_delay: 250 #dev.em.0.tx_abs_int_delay: 250 # There is also multithreaded version of em/igb drivers can be found here: # http://people.yandex-team.ru/~wawa/ # # for additional em monitoring and statistics use # sysctl dev.em.0.stats=1 ; dmesg # sysctl dev.em.0.debug=1 ; dmesg # Also after r209242 (-CURRENT) there is a separate sysctl for each stat variable; # Same tunings for igb #hw.igb.rxd=4096 #hw.igb.txd=4096 #hw.igb.rx_process_limit=100 # Some useful netisr tunables. See sysctl net.isr #net.isr.maxthreads=4 #net.isr.defaultqlimit=4096 #net.isr.maxqlimit: 10240 # Bind netisr threads to CPUs #net.isr.bindthreads=1 # # FreeBSD 9.x+ # Increase interface send queue length # See commit message http://svn.freebsd.org/viewvc/base?view=revision&revision=207554 #net.link.ifqmaxlen=1024 # Nicer boot logo =) loader_logo="beastie" And finally here is KERNCONF: # Just some of them, see also # cat /sys/{i386,amd64,}/conf/NOTES # This one useful only on i386 #options KVA_PAGES=512 # You can play with HZ in environments with high interrupt rate (default is 1000) # 100 is for my notebook to prolong it's battery life #options HZ=100 # Polling is goot on network loads with high packet rates and low-end NICs # NB! Do not enable it if you want more than one netisr thread #options DEVICE_POLLING # Eliminate datacopy on socket read-write # To take advantage with zero copy sockets you should have an MTU >= 4k # This req. is only for receiving data. # Read more in man zero_copy_sockets # Also this epic thread on kernel trap: # http://kerneltrap.org/node/6506 # Here Linus says that "anybody that does it that way (FreeBSD) is totally incompetent" #options ZERO_COPY_SOCKETS # Support TCP sign. Used for IPSec options TCP_SIGNATURE # There was stackoverflow found in KAME IPSec stack: # See http://secunia.com/advisories/43995/ # For quick workaround you can use `ipfw add deny proto ipcomp` options IPSEC # This ones can be loaded as modules. They described in loader.conf section #options ACCEPT_FILTER_DATA #options ACCEPT_FILTER_HTTP # Adding ipfw, also can be loaded as modules options IPFIREWALL # On 8.1+ you can disable verbose to see blocked packets on ipfw0 interface. # Also there is no point in compiling verbose into the kernel, because # now there is net.inet.ip.fw.verbose tunable. #options IPFIREWALL_VERBOSE #options IPFIREWALL_VERBOSE_LIMIT=10 options IPFIREWALL_FORWARD # Adding kernel NAT options IPFIREWALL_NAT options LIBALIAS # Traffic shaping options DUMMYNET # Divert, i.e. for userspace NAT options IPDIVERT # This is for OpenBSD's pf firewall device pf device pflog # pf's QoS - ALTQ options ALTQ options ALTQ_CBQ # Class Bases Queuing (CBQ) options ALTQ_RED # Random Early Detection (RED) options ALTQ_RIO # RED In/Out options ALTQ_HFSC # Hierarchical Packet Scheduler (HFSC) options ALTQ_PRIQ # Priority Queuing (PRIQ) options ALTQ_NOPCC # Required for SMP build # Pretty console # Manual can be found here http://forums.freebsd.org/showthread.php?t=6134 #options VESA #options SC_PIXEL_MODE # Disable reboot on Ctrl Alt Del #options SC_DISABLE_REBOOT # Change normal|kernel messages color options SC_NORM_ATTR=(FG_GREEN|BG_BLACK) options SC_KERNEL_CONS_ATTR=(FG_YELLOW|BG_BLACK) # More scroll space options SC_HISTORY_SIZE=8192 # Adding hardware crypto device device crypto device cryptodev # Useful network interfaces device vlan device tap #Virtual Ethernet driver device gre #IP over IP tunneling device if_bridge #Bridge interface device pfsync #synchronization interface for PF device carp #Common Address Redundancy Protocol device enc #IPsec interface device lagg #Link aggregation interface device stf #IPv4-IPv6 port # Also for my notebook, but may be used with Opteron device amdtemp # Same for Intel processors device coretemp # man 4 cpuctl device cpuctl # CPU control pseudo-device # Support for ECMP. More than one route for destination # Works even with default route so one can use it as LB for two ISP # For now code is unstable and panics (panic: rtfree 2) on route deletions. #options RADIX_MPATH # Multicast routing #options MROUTING #options PIM # Debug & DTrace options KDB # Kernel debugger related code options KDB_TRACE # Print a stack trace for a panic options KDTRACE_FRAME # amd64-only(?) options KDTRACE_HOOKS # all architectures - enable general DTrace hooks #options DDB #options DDB_CTF # all architectures - kernel ELF linker loads CTF data # Adaptive spining in lockmgr (8.x+) # See http://www.mail-archive.com/[email protected]/msg10782.html options ADAPTIVE_LOCKMGRS # UTF-8 in console (8.x+) #options TEKEN_UTF8 # FreeBSD 8.1+ # Deadlock resolver thread # For additional information see http://www.mail-archive.com/[email protected]/msg18124.html # (FYI: "resolution" is panic so use with caution) #options DEADLKRES # Increase maximum size of Raw I/O and sendfile(2) readahead #options MAXPHYS=(1024*1024) #options MAXBSIZE=(1024*1024) # For scheduler debug enable following option. # Debug will be available via `kern.sched.stats` sysctl # For more information see http://svnweb.freebsd.org/base/head/sys/conf/NOTES?view=markup #options SCHED_STATS If you are tuning network for maximum performance you may wish to play with ifconfig options like: # You can list all capabilities via `ifconfig -m` ifconfig [-]rxcsum [-]txcsum [-]tso [-]lro mtu In case you've enabled DDB in kernel config, you should edit your /etc/ddb.conf and add something like this to enable automatic reboot (and textdump as bonus): script kdb.enter.panic=textdump set; capture on; show pcpu; bt; ps; alltrace; capture off; call doadump; reset script kdb.enter.default=textdump set; capture on; bt; ps; capture off; call doadump; reset And do not forget to add ddb_enable="YES" to /etc/rc.conf Since FreeBSD 9 you can select to enable/disable flowcontrol on your NIC: # See http://en.wikipedia.org/wiki/Ethernet_flow_control and # http://www.mail-archive.com/[email protected]/msg07927.html for additional info ifconfig bge0 media auto mediaopt flowcontrol PS. Also most of FreeBSD's limits can be monitored by # vmstat -z and # limits PPS. variety of network counters can be monitored via # netstat -s In FreeBSD-9 netstat's -Q option appeared, try following command to display netisr stats # netstat -Q PPPS. also see # man 7 tuning PPPPS. I wanted to thank FreeBSD community, especially author of nginx - Igor Sysoev, nginx-ru@ and FreeBSD-performance@ mailing lists for providing useful information about FreeBSD tuning. FreeBSD WIP * Whats cooking for FreeBSD 7? * Whats cooking for FreeBSD 8? * Whats cooking for FreeBSD 9? So here is the question: What tunings are you using on yours FreeBSD servers? You can also post your /etc/sysctl.conf, /boot/loader.conf, kernel options, etc with description of its' meaning (do not copy-paste from sysctl -d). Don't forget to specify server type (web, smb, gateway, etc) Let's share experience!

Read the article

HTTP SSL VPN Client? (alternative to Cisco's AnyConnect VPN)

- by Ian Boyd

Is there any free HTTP SSL VPN clients around, one that can act as an alternative to Cisco's own HTTP SSL VPN client (called AnyConnect)? The Cisco AnyConnect client has acknowledged problems, with no forthcoming solutions. Which is why I'm hoping for an alternative. Note: I'm only talking about the HTTP SSL VPN Client, not the HTTP SSL VPN Server. (If it were up to me they wouldn't be using Cisco at all, but it's not up to me.) Note: OpenVPN is a client that talks to their servers once you sign up for their service. It's not a generic VPN client. Note: ShrewSoft VPN is a client that uses IPsec and pre-shared keys, and was a good replacement for Cisco's old client - but not the new AnyConnect SSL VPN client. Note: Windows 7's VPN client fails to negotiate when presented with an SSL VPN connection. Note: I am looking for Windows clients only.

Search Results

Search found 62215 results on 2489 pages for 'http basic authentication'.

Page 253/2489 | < Previous Page | 249 250 251 252 253 254 255 256 257 258 259 260 | Next Page >

- by Stephane

- by jamesfm

- by Iraklis

- by Oracle OpenWorld Blog Team

- by ShockwaveNN

- by tj111

- by wag2639

- by hypercrypt

- by Ali Raza

- by Damien Carru

- by Steve Tjoa

- by shiju

- by Jamie

- by Matthias Steiner

- by Eef

- by Misha Koshelev

- by Jerry

- by Vojtech

- by Vishal

- by Taylor Gibb

- by eim

- by blackhole

- by SaveTheRbtz

- by Ian Boyd

< Previous Page | 249 250 251 252 253 254 255 256 257 258 259 260 | Next Page >