Search Results

Search found 16101 results on 645 pages for 'owsm webservices ws security ws trust soa secuirty'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 41/645 | < Previous Page | 37 38 39 40 41 42 43 44 45 46 47 48  | Next Page >

  • Spring Security ACL: NotFoundException from JDBCMutableAclService.createAcl

    - by user340202
    Hello, I've been working on this task for too long to abandon the idea of using Spring Security to achieve it, but I wish that the community will provide with some support that will help reduce the regret that I have for choosing Spring Security. Enough ranting and now let's get to the point. I'm trying to create an ACL by using JDBCMutableAclService.createAcl as follows: [code] public void addPermission(IWFArtifact securedObject, Sid recipient, Permission permission, Class clazz) { ObjectIdentity oid = new ObjectIdentityImpl(clazz.getCanonicalName(), securedObject.getId()); this.addPermission(oid, recipient, permission); } @Override @Transactional(propagation = Propagation.REQUIRED, isolation = Isolation.READ_UNCOMMITTED, readOnly = false) public void addPermission(ObjectIdentity oid, Sid recipient, Permission permission) { SpringSecurityUtils.assureThreadLocalAuthSet(); MutableAcl acl; try { acl = this.mutableAclService.createAcl(oid); } catch (AlreadyExistsException e) { acl = (MutableAcl) this.mutableAclService.readAclById(oid); } // try { // acl = (MutableAcl) this.mutableAclService.readAclById(oid); // } catch (NotFoundException nfe) { // acl = this.mutableAclService.createAcl(oid); // } acl.insertAce(acl.getEntries().length, permission, recipient, true); this.mutableAclService.updateAcl(acl); } [/code] The call throws a NotFoundException from the line: [code] // Retrieve the ACL via superclass (ensures cache registration, proper retrieval etc) Acl acl = readAclById(objectIdentity); [/code] I believe this is caused by something related to Transactional, and that's why I have tested with many TransactionDefinition attributes. I have also doubted the annotation and tried with declarative transaction definition, but still with no luck. One important point is that I have used the statement used to insert the oid in the database earlier in the method directly on the database and it worked, and also threw a unique constraint exception at me when it tried to insert it in the method. I'm using Spring Security 2.0.8 and IceFaces 1.8 (which doesn't support spring 3.0 but definetely supprorts 2.0.x, specially when I keep caling SpringSecurityUtils.assureThreadLocalAuthSet()). My AppServer is Tomcat 6.0, and my DB Server is MySQL 6.0 I wish to get back a reply soon because I need to get this task off my way

    Read the article

  • problem in handling menu - submenu based on spring security

    - by Nirmal
    Hi All... I have configured spring security core plugin using requestmap table inside the database.. Now inside requestmap table I have all the possible urls and it's equivalent roles who can access that url... Now I want to generate menus and submenus based on the urls stored in requestmap table... So my requirement is to check the urls of menu & submenus against the logged in users privileges... And if logged in user has any one privilege then I need to display that main menu and the available submenus.... For e.g. I have a menu in my project called user which has a following submenus : **Users (main menu)** Manage Users (sub menu) Import Users (sub menu) Now inside my header.gsp I have successfully achieved the above requirement using if else condition, like : if ( privs.contains("/users/manageUsers") || privs.contains("/users/importUsers")) here privs are the list of urls from requestmap table for logged in user. But I want to achieve these using spring security tag lib, so for comparing urls I have find following tag from spring security core documentation : <sec:access url="/users/manageUsers"> But i am bit confuse that how I can replace or condition using tag library.. Is there any tag available which checks from multiple urls and evaluate it to true or false ? Of course I can do using sec:access tag with some flag logic, but is there any tags available which can fulfill my requirement directly ? Thanks in advance...

    Read the article

  • Web Applications Development: Security practices for Application design

    - by Shyam
    Hi, As I am creating more web applications that are targeted for multiple users, I figured out that I have to start thinking about user management and security. At a glance and in my ideal world, all users belong to a group. Permissions and access is thus defined per group (and inherited by the users of that group). Logically, I have my group of administrators, which are identified with a level "7" (integer) clearance. A group of webusers have for example level "1". This in generally all works great for me, but I need some kind of list that I have to keep in mind how I secure my system, and some general practices. I am not looking for a specific environment; I want to learn the why's and how's. An example is privilege escalation. If someone would be able to "push" themselves inside a group with higher privileges, for example the Administration, how can I prevent this, or what measures should I take to have some sort of precaution? I don't like in that case to walk into a caveat. My question is basically: where can I find a good resource, list, policy, book that explains the security of web applications, the why's, the how's and readable if you don't have any experience in the realm of advanced security? I prefer a free resource, as I believe I couldn't be the first one who thought about this. Thank you for your answers, comments and feedback.

    Read the article

  • What ORMs work in medium trust?

    - by rcravens
    Environment: C#, MySql, GoDaddy Shared Hosting (medium trust). Assuming the above environment, what ORMs will work in a medium trust environment? Also consider the following features: minimal code changes to the ORM library. minimal disabling of features to run in medium trust. Bonus feature: fluent interface There are a lot of ORMs to choose from. What would your selection be?

    Read the article

  • Silverlight 4 - elevated permission *inside* the browser

    - by Doug
    I know Silverlight 4 can handle elevated permissions outside the browser. Is there a way to accomplish this inside the browser? I need to make a folder/file upload manager that gives a better user experience than the standard , and I'd like to implement it in Silverlight. I know Java has an option to gain elevated permissions, but you have to attach a signed certificate to your app. Does Silverlight 4 have a similar option - to gain elevated permissions by attaching a signed certificate (after warning the user, of course)? -Doug

    Read the article

  • LocalReport (WebForms) and Partial Trust, for PDF Generation

    - by Peet Brits
    My goal is to generate a PDF for display in a web page, either as aspx or with a generic handler. (This will link from a Silverlight page, but this is irrelevant to the problem.) The problem is that LocalReport (Microsoft.Reporting.WebForms; Microsoft.ReportViewer.WebForms.dll) requires full trust, and our hosting server does not allow full trust. I am aware that ReportViewer has a remote mode that will allow it to run with partial trust, but for that I need a report server url which should probably have full trust as well, which does not solve anything. So how do I generate PDFs from WebForms in a partially trusted environment?

    Read the article

  • Rational Application Developer (RAD) 7.5+ and websphere runtime will not pick up jars from projects

    - by Berlin Brown
    With RAD Version: 7.5.3, Java 1.5. I have a couple of different projects. I needed to break out the java code and turn the *.class files into a jar. So basically, same *.class files I just removed the code and then jarred the class files into a jar. I broke the classes into a jar and then included the jar in the project. And I also did an order/export on the jar so that other projects can see the jar. At this point, ideally my project should not have changed because I am using class files in a jar instead of the java code. When I visit my web application in websphere, I get class not found errors on the classes that are now in the jar. Project Structure: A. Project earApp -- will need the webapp B. Project webapp -- will need the project (no jar files or *.java files are found in this project) C. Project javasrc -- the java source and the NEW JAR file are found here. I don't think websphere is acknowledging the jar. Here is the error: java.lang.NoClassDefFoundError: com.MyApp at java.lang.ClassLoader.defineClassImpl(Native Method) at java.lang.ClassLoader.defineClass(ClassLoader.java:258) at java.security.SecureClassLoader.defineClass(SecureClassLoader.java:151) at com.ibm.ws.classloader.CompoundClassLoader._defineClass(CompoundClassLoader.java:675) at com.ibm.ws.classloader.CompoundClassLoader.findClass(CompoundClassLoader.java:614) at com.ibm.ws.classloader.CompoundClassLoader.loadClass(CompoundClassLoader.java:431) at java.lang.ClassLoader.loadClass(ClassLoader.java:597) at java.lang.Class.getDeclaredMethodsImpl(Native Method) at java.lang.Class.getDeclaredMethods(Class.java:664) at com.ibm.ws.webcontainer.annotation.data.ScannedAnnotationData.collectMethodAnnotations(ScannedAnnotationData.java:130) at com.ibm.ws.webcontainer.annotation.data.ScannedAnnotationData.<init>(ScannedAnnotationData.java:47) at com.ibm.ws.webcontainer.annotation.AnnotationScanner.scanClass(AnnotationScanner.java:61) at com.ibm.ws.wswebcontainer.webapp.WebApp.processRuntimeAnnotationHelpers(WebApp.java:711) at com.ibm.ws.wswebcontainer.webapp.WebApp.populateJavaNameSpace(WebApp.java:624) at com.ibm.ws.wswebcontainer.webapp.WebApp.initialize(WebApp.java:289) at com.ibm.ws.wswebcontainer.webapp.WebGroup.addWebApplication(WebGroup.java:93) at com.ibm.ws.wswebcontainer.VirtualHost.addWebApplication(VirtualHost.java:162) at com.ibm.ws.wswebcontainer.WebContainer.addWebApp(WebContainer.java:671) at com.ibm.ws.wswebcontainer.WebContainer.addWebApplication(WebContainer.java:624) at com.ibm.ws.webcontainer.component.WebContainerImpl.install(WebContainerImpl.java:395) at com.ibm.ws.webcontainer.component.WebContainerImpl.start(WebContainerImpl.java:611) at com.ibm.ws.runtime.component.ApplicationMgrImpl.start(ApplicationMgrImpl.java:1274) at com.ibm.ws.runtime.component.DeployedApplicationImpl.fireDeployedObjectStart(DeployedApplicationImpl.java:1165) at com.ibm.ws.runtime.component.DeployedModuleImpl.start(DeployedModuleImpl.java:587) at com.ibm.ws.runtime.component.DeployedApplicationImpl.start(DeployedApplicationImpl.java:832) at com.ibm.ws.runtime.component.ApplicationMgrImpl.startApplication(ApplicationMgrImpl.java:921) at com.ibm.ws.runtime.component.ApplicationMgrImpl$AppInitializer.run(ApplicationMgrImpl.java:2124) at com.ibm.wsspi.runtime.component.WsComponentImpl$_AsynchInitializer.run(WsComponentImpl.java:342) at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:1497) What do you think I need to do?

    Read the article

  • How to give you website customers a secure feeling

    - by Saif Bechan
    I was wondering how you can give your website customers the confidence that you are not tinkering with the database values. I am planning on running a website which falls in the realm of an online game. There is some kind of credit system involved that people have to pay for. Now I was wondering how sites like this ensure there customers that there is no foul play in the database itself. As I am the database admin i can pretty much change all the values from within without anyone knowing i did. Hence letting someone win that does not rightfully is the winner. Is it maybe an option to decrypt en encrypt the credits people have so i can't change them. Or is there maybe a company i can hire that checks my company for foul play.

    Read the article

  • Java EE javax.xml.bind.MarshalException

    - by sandeep
    Hi, I am getting javax.xml.bind.MarshalException error. I am sending List from my webservice to the backingbean and I have this error. WARNING: invocation error on ejb endpoint Login_webservice at /Login_webserviceService/Login_webservice : javax.xml.bind.MarshalException - with linked exception: [javax.xml.bind.JAXBException: class JPA.Cantable nor any of its super class is known to this context.] javax.xml.ws.WebServiceException: javax.xml.bind.MarshalException - with linked exception: [javax.xml.bind.JAXBException: class JPA.Cantable nor any of its super class is known to this context.] at com.sun.xml.ws.message.jaxb.JAXBMessage.writePayloadTo(JAXBMessage.java:325) at com.sun.xml.ws.message.AbstractMessageImpl.writeTo(AbstractMessageImpl.java:142) at com.sun.xml.ws.encoding.StreamSOAPCodec.encode(StreamSOAPCodec.java:109) at com.sun.xml.ws.encoding.SOAPBindingCodec.encode(SOAPBindingCodec.java:278) at com.sun.xml.ws.transport.http.HttpAdapter.encodePacket(HttpAdapter.java:380) at com.sun.xml.ws.transport.http.HttpAdapter.access$100(HttpAdapter.java:92) at com.sun.xml.ws.transport.http.HttpAdapter$HttpToolkit.handle(HttpAdapter.java:525) at com.sun.xml.ws.transport.http.HttpAdapter.handle(HttpAdapter.java:285) at com.sun.xml.ws.transport.http.servlet.ServletAdapter.handle(ServletAdapter.java:143) at org.glassfish.webservices.Ejb3MessageDispatcher.handlePost(Ejb3MessageDispatcher.java:116) at org.glassfish.webservices.Ejb3MessageDispatcher.invoke(Ejb3MessageDispatcher.java:87) at org.glassfish.webservices.EjbWebServiceServlet.dispatchToEjbEndpoint(EjbWebServiceServlet.java:196) at org.glassfish.webservices.EjbWebServiceServlet.service(EjbWebServiceServlet.java:127) at javax.servlet.http.HttpServlet.service(HttpServlet.java:847) Here is my code: Backing bean @WebServiceRef(wsdlLocation = "http://localhost:26565/Login_webserviceService/Login_webservice?WSDL") public String login() { System.out.println("Login Phase entered"); int result = 0; List list; List finalList = null; try { Weblogin.LoginWebserviceService service = new Weblogin.LoginWebserviceService(); Weblogin.LoginWebservice port = service.getLoginWebservicePort(); result = port.login(voterID, password); Weblogin.LoginWebservice port1 = service.getLoginWebservicePort(); list = port1.candDetails(1); finalList = list; this.setList(finalList); } catch (Exception e) { e.printStackTrace(); } if (result == 1) return "polling"; else return "login"; } Webservice public List candDetails(int pollEvent) { List resultList = null; List finalList = null; try { if (pollEvent == 1) { resultList = em.createNamedQuery("Cantable.findAll").getResultList(); finalList = resultList; } } catch (Exception e) { e.printStackTrace(); } return resultList; }

    Read the article

  • Does NInject work in medium trust hosting?

    - by Gabriel
    I'm doing shared hosting with GoDaddy and I developed a sample ASP.NET MVC app using Castle Windsor and unfortunately, it didn't work in a medium trust setting. Specifically, I got this error: "[SecurityException: That assembly does not allow partially trusted callers"... etc. GoDaddy is sadly not flexible in their trust policy. I'm not tied to Windsor and would like to try another one that will work under Medium Trust. I'd actually like to use NInject, but I've read people having mixed success. The only one I've read that works with no problem is Microsoft's Unity. My question is, does NInject work in medium trust? If not, what are my options?

    Read the article

  • Transport Security with Certificate Authentication

    - by Brian T
    I'm getting the following error when I access my webservice localhost/MyService/MyService.svc The SSL settings for the service 'SslRequireCert' does not match those of the IIS 'Ssl, SslNegotiateCert'. I've following the web.config examples as specified in http://msdn.microsoft.com/en-us/library/ms731074.aspx Here is my wcf server web.config: <?xml version="1.0" encoding="UTF-8"?> <configuration xmlns="http://schemas.microsoft.com/.NetConfiguration/v2.0"> <appSettings /> <system.web> <identity impersonate="false" /> <roleManager enabled="true" /> <authentication mode="Windows" /> <customErrors mode="Off" /> <webServices> <protocols> <add name="HttpGet" /> <add name="HttpPost" /> </protocols> </webServices> </system.web> <system.webServer> <directoryBrowse enabled="true" /> <validation validateIntegratedModeConfiguration="false" /> <security> <authorization> <remove users="*" roles="" verbs="" /> <add accessType="Allow" users="*" roles="" /> </authorization> </security> </system.webServer> <system.serviceModel> <services> <service name="AspNetSqlProviderService" behaviorConfiguration="MyServiceBehavior"> <endpoint binding="wsHttpBinding" contract="Interface1" bindingConfiguration="CertificateWithTransportWSHttpBinding" /> <endpoint binding="wsHttpBinding" contract="Interface2" bindingConfiguration="CertificateWithTransportWSHttpBinding" /> <endpoint address="mex" binding="wsHttpBinding" bindingConfiguration="CertificateWithTransportWSHttpBinding" name="Metadata_Exchange" contract="IMetadataExchange" /> </service> </services> <behaviors> <serviceBehaviors> <behavior name="MyServiceBehavior"> <serviceDebug includeExceptionDetailInFaults="True" /> <serviceMetadata /> <serviceCredentials> <clientCertificate> <authentication trustedStoreLocation="LocalMachine" revocationMode="Online"/> </clientCertificate> </serviceCredentials> </behavior> </serviceBehaviors> </behaviors> <bindings> <wsHttpBinding> <binding name="CertificateWithTransportWSHttpBinding"> <security mode="Transport"> <transport clientCredentialType="Certificate" /> </security> </binding> </wsHttpBinding> </bindings> </system.serviceModel> </configuration> I've configured IIS as follows: https binding added using self signed certificate Under SSL settings, require SSL and accept client certificates is checked The self signed certificate has been added to the Local Computer Trusted Root CA. I can browse and execute the .asmx service definition, but the .svc gives me the error described above.

    Read the article

  • Auszeichnung für Oracle beim Channel Marketing Award 2010: IT-Security Kampagne "Keine Aufregung" belegt 2. Platz

    - by A&C Redaktion
    Am 18. November wurde in Augsburg der Channel Marketing Award 2010 verliehen. Gesucht wurden die besten Kampagnen der IT-Branche, mit denen wirtschaftlich und kreativ herausragende Marketing-Aktivitäten rund um das Partner Business umgesetzt wurden. In der Kategorie With/Through Partner hat Oracle mit der IT-Security Kampagne www.keine-aufregung.de hinter Xerox den 2. Platz belegt! Damit verwies „Keine Aufregung", durchgeführt von Bozana Pistorius im Januar 2010, Kampagnen von IBM, Corel und E-Plus auf die Plätze. Bilder der Kampagnen sind hier zu finden. Die Berichterstattung zum CMA Award gibt es online bei IT-Business inklusive Video und Bildergalerie.   V.l.n.r.: Alexander Woelke (Woelke von der Brüggen), Sarah Olbrich (Woelke von der Brüggen), Bozana Pistorius (Oracle), Claudine Petit (Cloudbridge Consulting) und Werner Nieberle (Vogel IT Medien)

    Read the article

  • Is an 'if password == XXXXXXX' enough for minimum security?

    - by Morgan Herlocker
    If I create a login for an app that has middle to low security risk (in other words, its not a banking app or anything), is it acceptable for me to verify a password entered by the user by just saying something like: if(enteredPassword == verifiedPassword) SendToRestrictedArea(); else DisplayPasswordUnknownMessage(); It seems to easy to be effective, but I certainly would not mind if that was all that was required. Is a simple check on username/password combo enough? Update: The particular project happens to be a web service, the verification is entirely server side, and it is not open-source. Does the domain change how you would deal with this?

    Read the article

  • What sort of security method is this called (if it has a name)?

    - by loosebruce
    I have thought of a way of securing access to an application interacting with another application. Using this method Application 1 - "What is the sum of 1+1?" Application 2 - "3" Application 1 - "Access granted" Is this method used a lot, does it have a classification in the programming world? The advantages for me of using this is that I do not have to spend more effort implementing security keys/certificates. Any unauthorized machine trying to interpret it would give the correct result and identify itself as untrusted. What sort of weaknesses are there to doing this?

    Read the article

  • NameServer SOA records misconfigured

    - by Khoa Bui
    This is my config of NS. hostingdk.com. SOA zone1.hostingdk.com admin.hostingdk.com 2010051905; 43100; 7200; 2419100; 86400; hostingdk.com. NS zone1.hostingdk.com. hostingdk.com. NS zone2.hostingdk.com. zone1.hostingdk.com. A 96.30.49.11 zone2.hostingdk.com. A 96.30.46.238 Both zone1 & zone2 have registered name server in Enom domain control panel. My problem is, one domain .lv cant not change DNS to my NS. They said: Error : Nameserver zone1.hostingdk.com cannot be queried for SOA Error : Nameserver zone2.hostingdk.com cannot be queried for SOA Please help me, how to fix it ?

    Read the article

  • My very first serious project and I'm concerned about security.

    - by ilhan
    I'm making a small social networking web site for a specific university's students (where I study) and I'm concerned about security (access to the database). What should I do? What I have to check for last time until I went online? (Yeah, Facebook Facebook. Facebook don't have that community sense. You cannot find all your department mates on Facebook. You cannot see all foreign students on Facebook. You cannot hide your identity on Facebook while commenting, etc etc. Just please don't compare it with Facebook, we had a great local social network until it went public . * ))

    Read the article

  • Is an 'if password == XXXXXXX' enough for minimum security?

    - by Prof Plum
    If I create a login for an app that has middle to low security risk (in other words, its not a banking app or anything), is it acceptable for me to verify a password entered by the user by just saying something like: if(enteredPassword == verifiedPassword) SendToRestrictedArea(); else DisplayPasswordUnknownMessage(); It seems to easy to be effective, but I certainly would not mind if that was all that was required. Is a simple check on username/password combo enough? Update: The particular project happens to be a web service, the verification is entirely server side, and it is not open-source. Does the domain change how you would deal with this?

    Read the article

  • SOA 11g ??????????·?????? OracleDB 11g ??????

    - by katsumii
    ??????????????????????? Fusion Middleware ? DB11g ???????????????????????????????????Oracle Fusion Middleware MAA Best PracticesOracle Fusion Middleware SOA 11g Release 1: Using Secure Files??????????????????DB11g??????SecureFiles ????????????????????PDF?????????SOA?????????????????????????????·???????????????????? Enterprise Manager 12c ?????1???????????????????????SOA Suite????????SOA??????????????????????????????  

    Read the article

  • What makes you trust that a piece of open source software is not malicious?

    - by Daniel DiPaolo
    We developers are in a unique position when it comes to the ability to not only be skeptical about the capabilities provided by open source software, but to actively analyze the code since it is freely available. In fact, one may even argue that open source software developers have a social responsibility to do so to contribute to the community. But at what point do you as a developer say, "I better take a look at what this is doing before I trust using it" for any given thing? Is it a matter of trusting code with your personal information? Does it depend on the source you're getting it from? What spurred this question on was a post on Hacker News to a javascript bookmarklet that supposedly tells you how "exposed" your information on Facebook is as well as recommending some fixes. I thought for a second "I'd rather not start blindly running this code over all my (fairly locked down) Facebook information so let me check it out". The bookmarklet is simple enough, but it calls another javascript function which at the time (but not anymore) was highly compressed and undecipherable. That's when I said "nope, not gonna do it". So even though I could have verified the original uncompressed javascript from the Github site and even saved a local copy to verify and then run without hitting their server, I wasn't going to. It's several thousand lines and I'm not a total javascript guru to begin with. Yet, folks are using it anyway. Even (supposedly) bright developers. What makes them trust the script? Did they all scrutinize it line by line? Do they know the guy personally and trust him not to do anything bad? Do they just take his word? What makes you trust that a piece of open source software is not malicious?

    Read the article

  • SOAPUI: Document Type Webservices Testing.

    - by Neal Johnson
    Hi , I am new to SOAP UI usage. I would like to test one of the webservices generated using weblogic 8.1 SP 6. The webservice is a document type webservice. Is there any way to test this webservice using SOAP UI ?? Or is there any tool which helps to test document type webservices?? Thanks in advance.

    Read the article

  • Testing REST webservices

    - by anjanb
    HI There, My organization is working on building RESTful webservices on JBoss appserver. The QA team is used to testing SOAP webservices so far using SoapUI. SoapUI has a new version that has REST capabilities. We're considering using that. 1) Are there any publicly available RESTful services available on the net for free that someone could test ? 2) What tools are available(and used) for testing RESTful web services ? Thank you in Advance, BR, ~A

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 37 38 39 40 41 42 43 44 45 46 47 48  | Next Page >