Search Results

Search found 13810 results on 553 pages for 'security roles'.

Page 430/553 | < Previous Page | 426 427 428 429 430 431 432 433 434 435 436 437 | Next Page >

Are there any e-commerce websites that use NoSQL databases

- by Saif Bechan

I have read a lot lately about 'NoSQL' databases such as CouchDB, MongoDB etc. Most of the websites I have seen using this are mainly text based websites such as The New York Times and Source forge. I was wondering if you could apply this to websites where payment is a huge issue. I am thinking of the following issues: How well can you secure the data Do these system provide an easy backup/restore machanism How are transactions handled commit/rollback I have read the following articles that cover some aspects: Can I do transactions and locks in CouchDB? Pros/Cons of document based database vs relational database In these posts the aspect of transactions if covered. However the questions of security and backups is not covered. Can someone shed some light on this subject? And if possible, does anyone know of some e-commerce websites that have successfully implemented the document based database.

Read the article
Templating Engine Pros and Cons with Zend Framework

- by manyxcxi

I am getting familiar with Zend Framework (and MVC with PHP in general) for a personal project. I have previous experience with Smarty and have no major gripes with it, but I would like to use this project as a good in-depth learning exercise. Those of you familiar with different templating engines and ZF: Do you believe there are better templating engines than Smarty in conjunction with ZF and why? I would like to apply what I learn to the real world and production environments. The personal project will be fairly robust. User management, sessions, security, database interaction, form input, jQuery, etc.

Read the article
Best practice for partial updates in a RESTful service

- by magiconair

I am writing a RESTful service for a customer management system and I am trying to find the best practice for updating records partially. For example, I want the caller to be able to read the full record with a GET request. But for updating it only certain operations on the record are allowed, like change the status from ENABLED to DISABLED. (I have more complex scenarios than this) I don't want the caller to submit the entire record with just the updated field for security reasons (it also feels like overkill). Is there a recommended way of constructing the URIs? Do I use GET, POST, PUT or is there no agreed way of doing these kind of things? When reading the REST books RPC style calls seem to be frowned upon. Thanks Frank

Read the article
How has test first development changed the way you write software?

- by Toran Billups

I've started to find that I can't write software without writing a test first. I ask this subjective question because I want to hear what others in the community think about the reasons I can't go back to writing production code without a test first. If you can't write a test for something you don't understand it Without a regression test you can't clean the code You are going to test it anyway, spend the time to do it right Evolutionary design is possible without fear You actually write less code yourself Fast feedback cycles save time and money Job security (less bugs makes your boss happy) It actually makes my work more enjoyable

Read the article
how to initialize spring bean from database

- by wavelet

hi,i use spring security and my config is in database: <sec:http auto-config="true" entry-point-ref="casProcessingFilterEntryPoint"> <sec:remember-me /> <sec:session-management> <sec:concurrency-control max-sessions="1" error-if-maximum-exceeded="true" /> </sec:session-management> <sec:logout logout-success-url="${host.url}/logout/" /> <sec:custom-filter ref="casAuthenticationFilter" after="CAS_FILTER" /> <sec:custom-filter ref="filterInvocationInterceptor" before="FILTER_SECURITY_INTERCEPTOR" /> </sec:http> like ${host.url} is in database how can i initialize ?

Read the article
Can I embed video on external sites while still using tokens to protect the content?

- by JKS

On our own website, it's easy to protect against direct links to our video content by grabbing a token through AJAX and verifying the token through PHP before the file download is started. However I'm also researching how I could provide an embed feature, like YouTube or vimeo etc., without compromising this security feature. The problem is that the embed code I want to provide should look something like <object>...<embed>...</embed></object> -- but I don't know how to grab and append the token to the filename. I mean, I guess I could attach a script that did some gnarly JNOP business, but that's too dirty. I'm using JW Player for the actual video container. Huge thanks to anyone who can help...

Read the article
Creating java executable using JNI ?

- by Xinus

I am trying to create executable under windows platform for Java program using JNI ,C/C++ and invocation API, I have already created jar file for my program which includes all dependencies. I want to embed it in exe file, I was successful in running simple main class(present in file system) using JNI invocation API, I am planning to add jar file as resource in C/C++ program. But I don't know how do I run that jar file , One option is create temporary jar file on file system and run it using java, But I do not want to expose my jar file to everyone for security reasons, How can I run serialized jar file on the fly using JNI ?

Read the article
How to programaticaly gain root privileges ?

- by ereOn

I am writing a software (in C++, for Linux/Mac OSX) which runs as a non-privileged user and but needs root privileges at some point (to create a new virtual device). Running this program as root is not a option (mainly for security issues) and I need to know the identity (uid) of the "real" user. Is there a way to mimic the "sudo" command behavior (ask for user password) to temporarily gain root privileges and perform the particular task ? If so, which functions would I use ? Thank you very much for your help !

Read the article
Silverlight 3 and System.ServiceProcess - Doesn't allow the reference to be added.

- by Brad8118

I'm trying to write a program that can stop and start services using SilverLight 3 and VS2010. I can't add the reference to the System.ServiceProcess dll. C:\Windows\Microsoft.NET\Framework\v2.0.50727\System.ServiceProcess.dll 1st why? - It it just a security precaution? 2- Is there a work around? Does SilverLight have a different library that I can use to start and stop services. Also note that this is a desktop application and not a web app. It will be sitting on my desktop to toggle services on and off.

Read the article
How to parse JSON to receive a Date object in JavaScript?

- by Piotr Owsiak

I have a following piece of JSON: \/Date(1293034567877)\/ which is a result of this .NET code: var obj = DateTime.Now; var serializer = new System.Web.Script.Serialization.JavaScriptSerializer(); serializer.Serialize(obj).Dump(); Now the problem I am facing is how to create a Date object from this in JavaScript. All I could find was incredible regex solution (many containing bugs). It is hard to believe there is no elegant solution as this is all in JavaScrip, I mean JavaScript code trying to read JSON (JavaScript Object Notation) which is supposed to be a JavaScript code and at this moment it turns out it's not cause JavaScript cannot do a good job here. I've also seen some eval solutions which I could not make to work (besides being pointed out as security threat). Is there really no way to do it in an elegant way? Similar question with no real answer: How to parse ASP.NET JSON Date format with GWT

Read the article
Https in java ends up with strange results

- by Senne

I'm trying to illustrate to students how https is used in java. But i have the feeling my example is not really the best out there... The code works well on my windows 7: I start the server, go to https://localhost:8080/somefile.txt and i get asked to trust the certificate, and all goes well. When I try over http (before or after accepting the certificate) I just get a blank page, which is ok for me. BUT when I try the exact same thing on my windows XP: Same thing, all goes well. But then (after accepting the certificate first), I'm also able to get all the the files through http! (if I first try http before https followed by accepting the certificate, I get no answer..) I tried refreshing, hard refreshing a million times but this should not be working, right? Is there something wrong in my code? I'm not sure if I use the right approach to implement https here... package Security; import java.io.*; import java.net.*; import java.util.*; import java.util.concurrent.Executors; import java.security.*; import javax.net.ssl.*; import com.sun.net.httpserver.*; public class HTTPSServer { public static void main(String[] args) throws IOException { InetSocketAddress addr = new InetSocketAddress(8080); HttpsServer server = HttpsServer.create(addr, 0); try { System.out.println("\nInitializing context ...\n"); KeyStore ks = KeyStore.getInstance("JKS"); char[] password = "vwpolo".toCharArray(); ks.load(new FileInputStream("myKeys"), password); KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509"); kmf.init(ks, password); SSLContext sslContext = SSLContext.getInstance("TLS"); sslContext.init(kmf.getKeyManagers(), null, null); // a HTTPS server must have a configurator for the SSL connections. server.setHttpsConfigurator (new HttpsConfigurator(sslContext) { // override configure to change default configuration. public void configure (HttpsParameters params) { try { // get SSL context for this configurator SSLContext c = getSSLContext(); // get the default settings for this SSL context SSLParameters sslparams = c.getDefaultSSLParameters(); // set parameters for the HTTPS connection. params.setNeedClientAuth(true); params.setSSLParameters(sslparams); System.out.println("SSL context created ...\n"); } catch(Exception e2) { System.out.println("Invalid parameter ...\n"); e2.printStackTrace(); } } }); } catch(Exception e1) { e1.printStackTrace(); } server.createContext("/", new MyHandler1()); server.setExecutor(Executors.newCachedThreadPool()); server.start(); System.out.println("Server is listening on port 8080 ...\n"); } } class MyHandler implements HttpHandler { public void handle(HttpExchange exchange) throws IOException { String requestMethod = exchange.getRequestMethod(); if (requestMethod.equalsIgnoreCase("GET")) { Headers responseHeaders = exchange.getResponseHeaders(); responseHeaders.set("Content-Type", "text/plain"); exchange.sendResponseHeaders(200, 0); OutputStream responseBody = exchange.getResponseBody(); String response = "HTTP headers included in your request:\n\n"; responseBody.write(response.getBytes()); Headers requestHeaders = exchange.getRequestHeaders(); Set<String> keySet = requestHeaders.keySet(); Iterator<String> iter = keySet.iterator(); while (iter.hasNext()) { String key = iter.next(); List values = requestHeaders.get(key); response = key + " = " + values.toString() + "\n"; responseBody.write(response.getBytes()); System.out.print(response); } response = "\nHTTP request body: "; responseBody.write(response.getBytes()); InputStream requestBody = exchange.getRequestBody(); byte[] buffer = new byte[256]; if(requestBody.read(buffer) > 0) { responseBody.write(buffer); } else { responseBody.write("empty.".getBytes()); } URI requestURI = exchange.getRequestURI(); String file = requestURI.getPath().substring(1); response = "\n\nFile requested = " + file + "\n\n"; responseBody.write(response.getBytes()); responseBody.flush(); System.out.print(response); Scanner source = new Scanner(new File(file)); String text; while (source.hasNext()) { text = source.nextLine() + "\n"; responseBody.write(text.getBytes()); } source.close(); responseBody.close(); exchange.close(); } } }

Read the article
What goes between SQL Server and Client?

- by worlds-apart89

This question is an updated version of a previous question I have asked on here. I am new to client-server model with SQL Server as the relational database. I have read that public access to SQL Server is not secure. If direct access to the database is not a good practice, then what kind of layer should be placed between the server and the client? Note that I have a desktop application that will serve as the client and a remote SQL Server database that will provide data to the client. The client will input their username and password in order to see their data. I have heard of terms like VPN, ISA, TMG, Terminal Services, proxy server, and so on. I need a fast and secure n-tier architecture. P.S. I have heard of web services in front of the database. Can I use WCF to retrieve, update, insert data? Would it be a good approach in terms of security and performance?

Read the article
getRequestProperty("Authorization") always returns null

- by Thilo

I am trying to read the authorization header for an HTTP request (because I need to add something to it), but I always get null for the header value. Other headers work fine. public void testAuth() throws MalformedURLException, IOException{ URLConnection request = new URL("http://google.com").openConnection(); request.setRequestProperty("Authorization", "MyHeader"); request.setRequestProperty("Stackoverflow", "anotherHeader"); // works fine assertEquals("anotherHeader", request.getRequestProperty("Stackoverflow")); // Auth header returns null assertEquals("MyHeader", request.getRequestProperty("Authorization")); } Am I doing something wrong? Is this a "security" feature? Is there a way to make this work with URLConnection, or do I need to use another HTTP client library?

Read the article
What ASP.NET Web Config entries could limit certain file access by date and time?

- by Dr. Zim

What entries in a web.config could allow certain files to become publicly accessible after a certain date and time? Specifically, we have these files starting with AB_.jpg where the _ could be anything. We put them in a folder on April 27th for example, but they shouldn't be accessible until April 30th at 11:59:59 PM. I think the web.config in part works like Unix's FTP .htaccess file to define file security. For example, this web.config entry allows directory browsing: <?xml version="1.0" encoding="UTF-8"?> <configuration> <system.webServer> <directoryBrowse enabled="true" /> </system.webServer> </configuration>

Read the article
Does CAS Support Application Level Impersonation?

- by Rob Wilkerson

I have a PHP application that is successfully authenticating against a CAS server. One of the features supported by the application is impersonation; a user with the appropriate privileges can impersonate another of the application. Generally, this isn't a problem because the app itself can keep track of who the user is impersonating and manage privileges (which are based on username). A new requirement has come up, though, that requires the original app to include, via an iframe, content from a second PHP app that is also CAS-enabled. Somehow, I need for the second app to know whether impersonation is happening in the first. I don't want to pass usernames around for security reasons, so I'm wondering whether I can offload the responsibility for handling impersonation to the CAS server which is shared by both apps. Thanks.

Read the article
RewriteCond to change displayed host, but not server

- by coneybeare

Typing out the title to this leads me to believe this might not be possible due to security concerns, but I will ask anyway. I have shortcode support running on my server, lets call it xx.yy I want it so when a user sends a request to xx.yy, it just changes the displayed host to another valid domain running on the same box. I have this so far (lets the server know to accept requests from xx.yy): RewriteCond %{HTTP_HOST} ^.*xx.yy [NC] RewriteRule ^/(.*)$ http://127.0.0.1:<PORT_OMITTED>%{REQUEST_URI} [P,QSA,L] RewriteCond %{HTTP_HOST} ^.*mysite.com [NC] RewriteRule ^/(.*)$ http://127.0.0.1:<PORT_OMITTED>%{REQUEST_URI} [P,QSA,L] It works, and it directs the traffic into my app, but the url says http://xx.yy when I would rather it say http://mysite.com I know i could redirect to http://mysite.com instead of 127.0.0.1, but I have 4 parallel boxes of mysite.com and going back out to DNS to maybe go to another box seems like a waste when I am already here. Also, I am not sure how POST requests would work like that. What can I do?

Read the article
Any foundation to administrate an Android open source application?

- by Nicolas Raoul

Our open source application is quite popular, and we are many developers. The app uses my Android Market account, and I shared the keys with a developer. But if both of us disappear, the application's Market account will be lost, and all users trapped. Giving the keys to all developers is not a solution either, for security reasons. Is there a foundation (like in Mozilla Foundation or Apache Foundation) that could accept to hold our Android Market account and release new versions in accordance with their own guidelines and our community consensus? There are quite a lot of Open Source foundations, but I could not find any that tackles this particular aspect of Android applications.

Read the article
JCarousellite not working in IE8

- by eclipse31

I have a user who's having issues running the JCarousellite plug-in in IE8. Not just on my own site, but also on the jcarousellite homepage (http://www.gmarwaha.com/jquery/jcarousellite/) It runs fine on my own machine and all his IE Security settings/levels are the same as my own (Secruity is at "Medium-High" and Privacy at "Medium"). JQuery also seems to be working for him as other aspects controlled by jquery on the site are functioning correctly. I use Firefox normally, so am not aware of every feature IE8 offers, but am thinking he has some setting/option set incorrectly. Anyone experienced something similar or have any suggestions for settings I could look at changing? Thanks

Read the article
MSDTC Distributed Transaction Coordinator Enabling

- by Curtis White

I've a web server and a separate SQL server. I'm trying to use transaction scope to ensure that SQL queries are completed with my linq queries. I wrap everything with this using (TransactionScope scope = new TransactionScope()) I want to know where I need to install DTC. Do I need to install it on the IIS 7.5 box AND the SQL server? Do I need to unblock some ports? Are there any security risk in doing so? I've setup this up once before but don't remember how. If I can't get access to DTC then is there any other way to ensure a lINQ and sql query is atomic?

Read the article
How to use SQLite3 with Java

- by Bruce

I am trying to build a simple java program which creates a db file, then a table and inserts dummy values in the table. I found this page http://www.zentus.com/sqlitejdbc/index.html and tried out the example given on the page but I am getting the following error - Exception in thread "main" java.lang.NoClassDefFoundError: Test Caused by: java.lang.ClassNotFoundException: Test at java.net.URLClassLoader$1.run(Unknown Source) at java.security.AccessController.doPrivileged(Native Method) at java.net.URLClassLoader.findClass(Unknown Source) at java.lang.ClassLoader.loadClass(Unknown Source) at sun.misc.Launcher$AppClassLoader.loadClass(Unknown Source) at java.lang.ClassLoader.loadClass(Unknown Source) Could not find the main class: Test. Program will exit.

Read the article
Other SecurityManager implementations available?

- by mhaller

Is there any other implementation (e.g. in an OSS project) of a Java SecurityManager available which has more features than the one in the JDK? I'm looking for features like configurable at runtime policies updateable at runtime, read from other data sources than a security.policy file Thread-aware, e.g. different policies per Thread Higher-level policies, e.g. "Disable network functions, but allow JDBC traffic" Common predefined policies, e.g. "Allow read-access to usual system properties like file.encoding or line.separator, but disallow read-access to user.home" Monitoring and audit trace logging, e.g. "Log all file access, log all network access going NOT to knownhost.example.org" Blocking jobs "requesting" a permission until an administrator grants permission, letting the thread/job continue ... I'm pretty sure that application servers (at least the commercial ones) have their own SecurityManager implementation or at least their own policy configuration. I'm wondering if there is any free project with similar requirements.

Read the article
Need an Asp.net MVC Application solution

- by Daoming Yang

I have implemented a small ordering and stock control system (for internal using) with the MVC 2 framework. Now my friends, they want to have a website to present the existing products for their customers. I know, I know they will ask me to do this one day. So in the beginning, I have made the controller name to start with "Admin". But now I am not sure the best way to implement their requirements. Could you advise me? 1.For the security reason, I did not allowed anonymous user to access the website a part from the CSS and image files. My question is the controllers' name are not folders' name, how could I set this up? 2.I'm planning to put the admin section into an "area" and will it be a good way to go? Can anyone provide me some suggestions. Many thanks.

Read the article
Issue in configuring JPA with Spring 3 in Jboss 4.2.2 server.

- by KVMKReddy

Hi, I am facing issues in configuring JPA with Spring 3 in JBoss 4.2.2 server. Please find the below file of persistence.xml. <?xml version="1.0" encoding="UTF-8"?> <persistence xmlns="http://java.sun.com/xml/ns/persistence" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/persistence http://java.sun.com/xml/ns/persistence/persistence_1_0.xsd" version="1.0"> <persistence-unit name="TestPU"> <provider>org.hibernate.ejb.HibernatePersistence</provider> <jta-data-source>java:/TestDS</jta-data-source> <properties> <property name="hibernate.dialect" value="org.hibernate.dialect.Oracle10gDialect"/> <property name="hibernate.show_sql" value="true"/> </properties> </persistence-unit> </persistence> My spring-beans.xml is as below <bean id="MyAdvise" class=".......Aspect"> <property name="persister"> <bean id="dbPersister" class="..............DataBasePersister"> </bean> </property> </bean> <bean id="localContainerEntityManagerFactory" class="org.springframework.orm.jpa.LocalContainerEntityManagerFactoryBean"> <property name="jpaVendorAdapter"> <bean class="org.springframework.orm.jpa.vendor.HibernateJpaVendorAdapter"> <property name="showSql" value="true"/> <property name="database" value="ORACLE"/> </bean> </property> <property name="jpaProperties"> <props> <prop key="hibernate.transaction.manager_lookup_class">org.hibernate.transaction.JBossTransactionManagerLookup</prop> </props> </property> </bean> <bean id="myTxManager" class="org.springframework.orm.jpa.JpaTransactionManager"> <property name="entityManagerFactory" ref="localContainerEntityManagerFactory"/> </bean> <tx:annotation-driven transaction-manager="myTxManager" /> My persister bean is as follows. public class DataBasePersister implements IPersister { private static Logger log = Logger.getLogger(DataBasePersister.class); // The Entity Manager @PersistenceContext protected EntityManager entityManager; @Transactional(readOnly = false) public void persist(Object data) { log.info("IN persist() call. Is the data can castable to MethodStats -->:"+(data instanceof MethodStats)); log.info("Entity Manager instance -->:"+(entityManager)); ---------------------- ---------------------- ---------------------- } } I am getting the following exception when the spring container creating my persister bean org.springframework.transaction.CannotCreateTransactionException: Could not open JPA EntityManager for transaction; nested exception is java.lang.IllegalStateException: JTA EntityManager cannot access a transactions at org.springframework.orm.jpa.JpaTransactionManager.doBegin(JpaTransactionManager.java:382) at org.springframework.transaction.support.AbstractPlatformTransactionManager.getTransaction(AbstractPlatformTransactionManager.java:371) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:585) at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:309) at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:183) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:150) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:166) at org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:89) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172) at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:202) at $Proxy147.getTransaction(Unknown Source) at org.springframework.transaction.interceptor.TransactionAspectSupport.createTransactionIfNecessary(TransactionAspectSupport.java:335) at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:105) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172) at org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:89) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172) at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:202) at $Proxy141.persist(Unknown Source) at com.adp.sbs.aop.aspectj.SBSMethodStatsCollectorAspect.doAround(SBSMethodStatsCollectorAspect.java:63) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:585) at org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethodWithGivenArgs(AbstractAspectJAdvice.java:621) at org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethod(AbstractAspectJAdvice.java:610) at org.springframework.aop.aspectj.AspectJAroundAdvice.invoke(AspectJAroundAdvice.java:65) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:161) at org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:89) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172) at org.springframework.aop.framework.Cglib2AopProxy$DynamicAdvisedInterceptor.intercept(Cglib2AopProxy.java:621) at com.adp.sbs.aop.test.TestMethodLevelAnnotationStats$$EnhancerByCGLIB$$efbc78a8.MethodWithOneParamsAndReturnTypeAsString(<generated>) at com.adp.sbs.aop.test.SimpleTestServlet.testMethodAnnotations(SimpleTestServlet.java:46) at com.adp.sbs.aop.test.SimpleTestServlet.doPost(SimpleTestServlet.java:40) at com.adp.sbs.aop.test.SimpleTestServlet.doGet(SimpleTestServlet.java:33) at javax.servlet.http.HttpServlet.service(HttpServlet.java:690) at javax.servlet.http.HttpServlet.service(HttpServlet.java:803) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175) at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:179) at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:84) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:157) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:262) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844) at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583) at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:446) at java.lang.Thread.run(Thread.java:595) Caused by: java.lang.IllegalStateException: JTA EntityManager cannot access a transactions at org.hibernate.ejb.AbstractEntityManagerImpl.getTransaction(AbstractEntityManagerImpl.java:316) at org.springframework.orm.jpa.DefaultJpaDialect.beginTransaction(DefaultJpaDialect.java:70) at org.springframework.orm.jpa.vendor.HibernateJpaDialect.beginTransaction(HibernateJpaDialect.java:57) at org.springframework.orm.jpa.JpaTransactionManager.doBegin(JpaTransactionManager.java:332) Can you somebody please suggest me how to resolve this.

Read the article
How do I sign a HTTP request with a X.509 certificate in Java?

- by Rune

How do I perform an HTTP request and sign it with a X.509 certificate using Java? I usually program in C#. Now, what I would like to do is something similar to the following, only in Java: private HttpWebRequest CreateRequest(Uri uri, X509Certificate2 cert) { HttpWebRequest request = (HttpWebRequest)HttpWebRequest.Create(uri); request.ClientCertificates.Add(cert); /* ... */ return request; } In Java I have created a java.security.cert.X509Certificate instance but I cannot figure out how to associate it to a HTTP request. I can create a HTTP request using a java.net.URL instance, but I don't seem to be able to associate my certificate with that instance (and I'm not sure whether using java.net.URL is even appropriate).

Read the article
Sanitize HTML before storing in the DB or before rendering? (AntiXSS library in ASP.NET)

- by user102533

I have an editor that lets users add HTML that is stored in the database and rendered on a web page. Since this is untrusted input, I plan to use Microsoft.Security.Application.AntiXsSS.GetSafeHtmlFragment to sanitize the HTML. Should I santiize before saving to the database or before rendering the untrusted input into the webpage? Is there an advantage in including the AntiXSS source code in my project instead of just the DLL? (Maybe I can customize the white list?) Which class file should I look in for actual implementation of the GetSafeHtmlFragment

Read the article

< Previous Page | 426 427 428 429 430 431 432 433 434 435 436 437 | Next Page >