Search Results

Search found 14784 results on 592 pages for 'spring security'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 46/592 | < Previous Page | 42 43 44 45 46 47 48 49 50 51 52 53  | Next Page >

  • new ActiveXObject('Word.Application') creates new winword.exe process when IE security does not allo

    - by Mark Ott
    We are using MS Word as a spell checker for a few fields on a private company web site, and when IE security settings are correct it works well. (Zone for the site set to Trusted, and trusted zone modified to allow control to run without prompting.) The script we are using creates a word object and closes it afterward. While the object exists, a winword.exe process runs, but it is destroyed when the word object is closed. If our site is not set in the trusted zone (Internet zone with default security level) the call that creates the word object fails as expected, but the winword.exe process is still created. I do not have any way to interact with this process in the script, so the process stays around until the user logs off (users have no way to manually destroy the process, and it wouldn't be a good solution even if they did.) The call that attempts to create the object is... try { oWordApplication = new ActiveXObject('Word.Application'); } catch(error) { // irrelevant code removed, described in comments.. // notify user spell check cannot be used // disable spell check option } So every time the page is loaded this code may be run again, creating yet another orphan winword.exe process. oWordApplication is, of course, undefined in the catch block. I would like to be able to detect the browser security settings beforehand, but I have done some searching on this and do not think that it is possible. Management here is happy with it as it is. As long as IE security is set correctly it works, and it works well for our purposes. (We may eventually look at other options for spell check functionality, but this was quick, inexpensive, and does everything we need it to do.) This last problem bugs me and I'd like to do something about it, but I'm out of ideas and I have other things that are more in need of my attention. Before I put it aside, I thought I'd ask for suggestions here...

    Read the article

  • Understanding LinkDemand Security on a webserver

    - by robertpnl
    Hi, After deployment an ASP.Net application on a webserver, I get this error message by using code from a external assembly: "LinkDemand The type of the first permission that failed was: System.Security.PermissionSet The Zone of the assembly that failed was: MyComputer the error ". The assembly is include in the \bin folder and not in the GAC. I try to know what linkdemand exactly is and why this message will raised. But looking for more information, I don't get exactly the problem. I try also to add the PermissionSetAttribute on the class where the exception message happens: [System.Security.Permissions.PermissionSetAttribute(System.Security.Permissions.SecurityAction.LinkDemand, Name = "FullTrust")] Then the exception will be raised on another class of the assembly. And so on.. My questions ares: - what exactly is going wrong here? Is it true that I understand that .Net cannot check the code during Jit? - Is there maybe a security policy that block this (machine.config)? - Can I set the PermissionAttribute for all classes between a assembly? Thanks.

    Read the article

  • CakePHP 1.26: Bug in 'Security' component?

    - by Steve
    Okay, for those of you who may have read this earlier, I've done a little research and completely revamped my question. I've been having a problem where my form requests get blackholed by the Security component, although everything works fine when the Security component is disabled. I've traced it down to a single line in a form: <?php echo $form->create('Audition');?> <fieldset> <legend><?php __('Edit Audition');?></legend> <?php echo $form->input('ensemble'); echo $form->input('position'); echo $form->input('aud_date'); // The following line works fine... echo $form->input('owner'); // ...but the following line blackholes when Security included // and the form is submitted: // echo $form->input('owner', array('disabled'=>'disabled'); ?> </fieldset> <?php echo $form->end('Submit');?> (I've commented out the offending line for clarity) I think I'm following the rules by using the form helper; as far as I can tell, this is a bug in the Security component, but I'm too much of a CakePHP n00b to know for sure. I'd love to get some feedback, and if it's a real bug, I'll submit it to the CakePHP team. I'd also love to know if I'm just being dumb and missing something obvious here.

    Read the article

  • SOAP security in Salesforce

    - by Dean Barnes
    I am trying to change the wsdl2apex code for a web service call header that currently looks like this: <env:Header> <Security xmlns="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd"> <UsernameToken Id="UsernameToken-4"> <Username>test</Username> <Password>test</Password> </UsernameToken> </Security> </env:Header> to look like this: <soapenv:Header> <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"> <wsse:UsernameToken wsu:Id="UsernameToken-4" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"> <wsse:Username>Test</wsse:Username> <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">Test</wsse:Password> </wsse:UsernameToken> </wsse:Security> </soapenv:Header> One problem is that I can't work out how to change the namespaces for elements (or even if it matters what name they have). A secondary problem is putting the Type attribute onto the Password element. Can any provide any information that might help? Thanks

    Read the article

  • Automatically check for Security Updates on CentOS or Scientific Linux?

    - by Stefan Lasiewski
    We have machines running RedHat-based distros such as CentOS or Scientific Linux. We want the systems to automatically notify us if there are any known vulnerabilities to the installed packages. FreeBSD does this with the ports-mgmt/portaudit port. RedHat provides yum-plugin-security, which can check for vulnerabilities by their Bugzilla ID, CVE ID or advisory ID. In addition, Fedora recently started to support yum-plugin-security. I believe this was added in Fedora 16. Scientific Linux 6 did not support yum-plugin-security as of late 2011. It does ship with /etc/cron.daily/yum-autoupdate, which updates RPMs daily. I don't think this handles Security Updates only, however. CentOS does not support yum-plugin-security. I monitor the CentOS and Scientific Linux mailinglists for updates, but this is tedious and I want something which can be automated. For those of us who maintain CentOS and SL systems, are there any tools which can: Automatically (Progamatically, via cron) inform us if there are known vulnerabilities with my current RPMs. Optionally, automatically install the minimum upgrade required to address a security vulnerability, which would probably be yum update-minimal --security on the commandline? I have considered using yum-plugin-changelog to print out the changelog for each package, and then parse the output for certain strings. Are there any tools which do this already?

    Read the article

  • Java JPA Hibernate Spring @EntityListeners throws org.springframework.dao.DataIntegrityViolationException

    - by user
    I am using Spring 3 with Hibernate 3. I would like to update the last modification date automatically when an entity is updated. Below is the sample code: HibernateConfig: @Configuration public class HibernateConfig { @Bean public DataSource dataSource() throws Exception { DriverManagerDataSource dataSource = new DriverManagerDataSource(); Properties properties = new Properties(); properties.load(ClassLoader.getSystemResourceAsStream(new String("hibernate.properties"))); dataSource.setUrl(properties.getProperty(new String("jdbc.url"))); dataSource.setUsername(properties.getProperty(new String("jdbc.username"))); dataSource.setPassword(properties.getProperty(new String("jdbc.password"))); dataSource.setDriverClassName(properties.getProperty(new String("jdbc.driverClassName"))); return dataSource; } @Bean public AnnotationSessionFactoryBean sessionFactory() throws Exception { AnnotationSessionFactoryBean sessionFactory = new AnnotationSessionFactoryBean(); Properties hibernateProperties = new Properties(); Properties properties = new Properties(); properties.load(ClassLoader.getSystemResourceAsStream(new String("hibernate.properties"))); // set the Hibernate Properties hibernateProperties.setProperty(new String("hibernate.dialect"), properties.getProperty(new String("hibernate.dialect"))); hibernateProperties.setProperty(new String("hibernate.show_sql"), properties.getProperty(new String("hibernate.show_sql"))); hibernateProperties.setProperty(new String("hibernate.hbm2ddl.auto"), properties.getProperty(new String("hibernate.hbm2ddl.auto"))); sessionFactory.setDataSource(dataSource()); sessionFactory.setHibernateProperties(hibernateProperties); sessionFactory.setAnnotatedClasses(new Class[]{Message.class}) return sessionFactory; } @Bean public HibernateTemplate hibernateTemplate() throws Exception { HibernateTemplate hibernateTemplate = new HibernateTemplate(); hibernateTemplate.setSessionFactory(sessionFactory().getObject()); return hibernateTemplate; } } DAOConfig: @Configuration public class DAOConfig { @Autowired private HibernateConfig hibernateConfig; @Bean public MessageDAO messageDAO() throws Exception { MessageDAO messageDAO = new MessageHibernateDAO(hibernateConfig.hibernateTemplate()); return messageDAO; } } Message: import java.util.Date; import javax.persistence.Column; import javax.persistence.Entity; import javax.persistence.EntityListeners; import javax.persistence.Table; import javax.persistence.Temporal; import javax.persistence.TemporalType; import java.io.Serializable; import javax.persistence.Column; import javax.persistence.GeneratedValue; import javax.persistence.GenerationType; import javax.persistence.Id; @Entity @Table @EntityListeners(value = MessageListener.class) public class Message implements Serializable { @Id @GeneratedValue(strategy = GenerationType.AUTO) @Column private int id; @Column(nullable = false) @Temporal(TemporalType.TIMESTAMP) private Date lastMod; public Message() { } public int getId() { return id; } public void setId(int id) { this.id = id; } public Date getLastMod() { return lastMod; } public void setLastMod(Date lastMod) { this.lastMod = lastMod; } } MessageListener: import java.util.Date; import javax.persistence.PrePersist; import javax.persistence.PreUpdate; import org.springframework.stereotype.Component; @Component public class MessageListener { @PrePersist @PreUpdate public void setLastMod(Message message) { message.setLastMod(new Date()); } } When running this the MessageListener is not being invoked. I use a DAO design pattern and when calling dao.update(Message) it throws the following Exception: org.springframework.dao.DataIntegrityViolationException: not-null property references a null or transient value: com.persistence.entities.MessageStatus.lastMod; nested exception is org.hibernate.PropertyValueException: not-null property references a null or transient value: com.persistence.entities.Message.lastMod at org.springframework.orm.hibernate3.SessionFactoryUtils.convertHibernateAccessException(SessionFactoryUtils.java:665) at org.springframework.orm.hibernate3.HibernateAccessor.convertHibernateAccessException(HibernateAccessor.java:412) at org.springframework.orm.hibernate3.HibernateTemplate.doExecute(HibernateTemplate.java:411) at org.springframework.orm.hibernate3.HibernateTemplate.executeWithNativeSession(HibernateTemplate.java:374) at org.springframework.orm.hibernate3.HibernateTemplate.save(HibernateTemplate.java:683) at com.persistence.dao.hibernate.GenericHibernateDAO.save(GenericHibernateDAO.java:38) Having looked at a number of websites there seems not to be a solution.

    Read the article

  • Encoding problem using Spring MVC

    - by Makis Arvanitis
    Hi all, I have a demo web application that creates users. When I try to insert data in other languages (like french) the characters are not encoded correctly. The code on the controller is: @SuppressWarnings("unchecked") @RequestMapping(value = "/user/create.htm", params={"id"}, method = RequestMethod.GET) public String edit(@RequestParam("id") Long id, ModelMap model) { System.out.println("id is " + id); User user = userService.get(id); model.put("user", user); return "user/create"; } @RequestMapping(value = "/user/create.htm", method = RequestMethod.POST) public String save(@ModelAttribute("user") User user, BindingResult result) { System.out.println(user.getFirstName()); System.out.println(user.getLastName()); validator.validate(user, result); if(result.hasErrors()) { return "user/create"; } userService.save(user); return "redirect:list.htm"; } my web.xml is: ... <filter> <filter-name>encoding-filter</filter-name> <filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class> <init-param> <param-name>encoding</param-name> <param-value>UTF-8</param-value> </init-param> <init-param> <param-name>forceEncoding</param-name> <param-value>true</param-value> </init-param> </filter> <filter-mapping> <filter-name>encoding-filter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> ... and the page is: <%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%> <%@ taglib prefix="form" uri="http://www.springframework.org/tags/form" %> <%@ taglib prefix="spring" uri="http://www.springframework.org/tags" %> <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> ... <form:form method="post" commandName="user"> ... <form:input path="firstName" cssErrorClass="form-error-field"/> ... when I enter some french characters in the first name then the output from the system.out.println is ????+????? or something similar. I saw other people fixing this with the CharacterEncodingFilter but this doesn't seem to work. Thanks a lot. Edited the filter value.

    Read the article

  • Spring, Hibernate, Blob lazy loading

    - by Alexey Khudyakov
    Dear Sirs, I need help with lazy blob loading in Hibernate. I have in my web application these servers and frameworks: MySQL, Tomcat, Spring and Hibernate. The part of database config. <bean id="dataSource" class="com.mchange.v2.c3p0.ComboPooledDataSource" destroy-method="close"> <property name="user" value="${jdbc.username}"/> <property name="password" value="${jdbc.password}"/> <property name="driverClass" value="${jdbc.driverClassName}"/> <property name="jdbcUrl" value="${jdbc.url}"/> <property name="initialPoolSize"> <value>${jdbc.initialPoolSize}</value> </property> <property name="minPoolSize"> <value>${jdbc.minPoolSize}</value> </property> <property name="maxPoolSize"> <value>${jdbc.maxPoolSize}</value> </property> <property name="acquireRetryAttempts"> <value>${jdbc.acquireRetryAttempts}</value> </property> <property name="acquireIncrement"> <value>${jdbc.acquireIncrement}</value> </property> <property name="idleConnectionTestPeriod"> <value>${jdbc.idleConnectionTestPeriod}</value> </property> <property name="maxIdleTime"> <value>${jdbc.maxIdleTime}</value> </property> <property name="maxConnectionAge"> <value>${jdbc.maxConnectionAge}</value> </property> <property name="preferredTestQuery"> <value>${jdbc.preferredTestQuery}</value> </property> <property name="testConnectionOnCheckin"> <value>${jdbc.testConnectionOnCheckin}</value> </property> </bean> <bean id="lobHandler" class="org.springframework.jdbc.support.lob.DefaultLobHandler" /> <bean id="sessionFactory" class="org.springframework.orm.hibernate3.LocalSessionFactoryBean"> <property name="dataSource" ref="dataSource" /> <property name="configLocation" value="/WEB-INF/hibernate.cfg.xml" /> <property name="configurationClass" value="org.hibernate.cfg.AnnotationConfiguration" /> <property name="hibernateProperties"> <props> <prop key="hibernate.dialect">${hibernate.dialect}</prop> </props> </property> <property name="lobHandler" ref="lobHandler" /> </bean> <tx:annotation-driven transaction-manager="txManager" /> <bean id="txManager" class="org.springframework.orm.hibernate3.HibernateTransactionManager"> <property name="sessionFactory" ref="sessionFactory" /> </bean> The part of entity class @Lob @Basic(fetch=FetchType.LAZY) @Column(name = "BlobField", columnDefinition = "LONGBLOB") @Type(type = "org.springframework.orm.hibernate3.support.BlobByteArrayType") private byte[] blobField; The problem description. I'm trying to display on a web page database records related to files, which was saved in MySQL database. All works fine if a volume of data is small. But the volume of data is big I'm recieving an error "java.lang.OutOfMemoryError: Java heap space" I've tried to write in blobFields null values on each row of table. In this case, application works fine, memory doesn't go out of. I have a conclusion that the blob field which is marked as lazy (@Basic(fetch=FetchType.LAZY)) isn't lazy, actually! How can I solve the issie? Many thanks for advance.

    Read the article

  • Character-encoding problem spring

    - by aelshereay
    Hi All, I am stuck in a big problem with encoding in my website! I use spring 3, tomcat 6, and mysql db. I want to support German and Czech along with English in my website, I created all the JSPs as UTF-8 files, and in each jsp I include the following: <%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> I created messages.properties (the default which is Czech), messages_de.properties, and messages_en.properties. And all of them are saved as UTF-8 files. I added the following to web.xml: <filter> <filter-name>encodingFilter</filter-name> <filterclass> org.springframework.web.filter.CharacterEncodingFilter</filterclass> <init-param> <param-name>encoding</param-name> <param-value>UTF-8</param-value> </init-param> <init-param> <param-name>forceEncoding</param-name> <param-value>true</param-value> </init-param> </filter> <locale-encoding-mapping-list> <locale-encoding-mapping> <locale>en</locale> <encoding>UTF-8</encoding> </locale-encoding-mapping> <locale-encoding-mapping> <locale>cz</locale> <encoding>UTF-8</encoding> </locale-encoding-mapping> <locale-encoding-mapping> <locale>de</locale> <encoding>UTF-8</encoding> </locale-encoding-mapping> </locale-encoding-mapping-list> <filter-mapping> <filter-name>encodingFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> And add the following to my applicationContext.xml: <bean id="messageSource" class="org.springframework.context.support.ResourceBundleMessageSource" p:basenames="messages"/> <!-- Declare the Interceptor --> <mvc:interceptors> <bean class="org.springframework.web.servlet.i18n.LocaleChangeInterceptor" p:paramName="locale" /> </mvc:interceptors> <!-- Declare the Resolver --> <bean id="localeResolver" class="org.springframework.web.servlet.i18n.SessionLocaleResolver" /> I set the useBodyEncodingForURI attribute to true in the element of server.xml under: %CATALINA_HOME%/conf, also another time tried to add URIEncoding="UTF-8" instead. I created all the tables and fields with charset [utf8] and collection [utf8_general_ci] The encoding in my browser is UTF-8 (BTW, I have IE8 and Firefox 3.6.3) When I open the MYSQL Query browser and insert manually Czech or German data, it's being inserted correctly, and displayed correctly in my app as well. So, here's the list of problems I have: By default the messages.properties (Czech) should load, instead the messages_en.properties loads by default. In the web form, when I enter Czech data, then click submit, in the Controller I print out the data in the console before to save it to db, what's being printed is not correct having strange chars, and this is the exact data that saves to db. I don't know where's the mistake! Why can't I get it working although I did what people did and worked for them! don't know.. Please help me, I am stuck in this crappy problem since days, and it drives me crazy! Thank you in advance.

    Read the article

  • Spring hibernate ehcache setup

    - by Johan Sjöberg
    I have some problems getting the hibernate second level cache to work for caching domain objects. According to the ehcache documentation it shouldn't be too complicated to add caching to my existing working application. I have the following setup (only relevant snippets are outlined): @Entity @Cache(usage = CacheConcurrencyStrategy.NONSTRICT_READ_WRITE public void Entity { // ... } ehcache-entity.xml <cache name="com.company.Entity" eternal="false" maxElementsInMemory="10000" overflowToDisk="true" diskPersistent="false" timeToIdleSeconds="0" timeToLiveSeconds="300" memoryStoreEvictionPolicy="LRU" /> ApplicationContext.xml <bean class="org.springframework.orm.hibernate3.annotation.AnnotationSessionFactoryBean"> <property name="dataSource" ref="ds" /> <property name="annotatedClasses"> <list> <value>com.company.Entity</value> </list> </property> <property name="hibernateProperties"> <props> <prop key="hibernate.generate_statistics">true</prop> <prop key="hibernate.cache.use_second_level_cache">true</prop> <prop key="net.sf.ehcache.configurationResourceName">/ehcache-entity.xml</prop> <prop key="hibernate.cache.region.factory_class">net.sf.ehcache.hibernate.SingletonEhCacheRegionFactory</prop> .... </property> </bean> Maven dependencies <dependency> <groupId>org.hibernate</groupId> <artifactId>hibernate-annotations</artifactId> <version>3.4.0.GA</version> </dependency> <dependency> <groupId>org.springframework</groupId> <artifactId>spring-hibernate3</artifactId> <version>2.0.8</version> <exclusions> <exclusion> <artifactId>hibernate</artifactId> <groupId>org.hibernate</groupId> </exclusion> </exclusions> </dependency> <dependency> <groupId>net.sf.ehcache</groupId> <artifactId>ehcache-core</artifactId> <version>2.3.2</version> </dependency> A test class is used which enables cache statistics: Cache cache = cacheManager.getCache("com.company.Entity"); cache.setStatisticsAccuracy(Statistics.STATISTICS_ACCURACY_GUARANTEED); cache.setStatisticsEnabled(true); // store, read etc ... cache.getStatistics().getMemoryStoreObjectCount(); // returns 0 No operation seems to trigger any cache changes. What am I missing? Currently I'm using HibernateTemplate in the DAO, perhaps that has some impact. [EDIT] The only ehcache log output when set to DEBUG is: SettingsFactory: Cache region factory : net.sf.ehcache.hibernate.SingletonEhCacheRegionFactory

    Read the article

  • Migrate Spring JPA DAO unit testing to google app engine

    - by twingocerise
    I'm trying to put together a simple environment where I can get Spring, Maven, JPA, Google App Engine and DAO unit testing working happily all together. The goal is to be able to run a simple DAO unit test creating an entity and then load it again with a simple find to check it's been created properly - all of this from my maven build. My dao is making use of the JPA entity manager (query(), persist(), etc.) I've got it working no problem with hsqldb and a datasource, etc. but I'm struggling to get it working with appengine. My questions are: 1) I'm using an entity manager, injecting my persistence unit as followed. Is it OK? Is there any need for a datasource or something special? I thought not but correct me if I'm wrong. applicationContext.xml <bean id='entityManagerFactory' class='org.springframework.orm.jpa.LocalContainerEntityManagerFactoryBean'> <property name="persistenceUnitName" value="transactions-optional" /> </bean> Persistence.xml <persistence-unit name="transactions-optional"> <provider>org.datanucleus.store.appengine.jpa.DatastorePersistenceProvider</provider> <properties> <property name="datanucleus.NontransactionalRead" value="true"/> <property name="datanucleus.NontransactionalWrite" value="true"/> <property name="datanucleus.ConnectionURL" value="appengine"/> </properties> </persistence-unit> 2) what are the dependencies I need to add to my pom file to be able to run the unit test making use of the entityManager? What about versions ? I found loads of things about appengine-api-labs/stubs/testing but none them got it working i.e. I'm getting jdo dependency missing while I'm using JPA... I also get loads of conflicts when I try to add some jars (datanucleus and stuff). So far I'm trying appengine-api-1.0-sdk v1.7.0 - ASM-all v3.3 - datanucleus core/api-jpa/enhancer v3.1.0 - datanucleus-appengine v2.0.1.1 and all the gae testing jars v1.7.0 3) Is there anything I need to add to my surefire plugin (test runner) to make sure it picks up all the dependencies? I'm getting an exhausting ClassNotFound on DatastorePersistenceProvider while it is in my classpath (I checked the jars and the mvn dependency:tree) I had a look at this but it doesn't seem to be working at all: http://www.vertigrated.com/blog/2011/02/working-maven-3-google-app-engine-plugin-with-gwt-support/ 4) Do I need to use any sot of localhelper to test my DAOs? Ideally I'd want to test my dao layer "as is" with the entity manager... what's your opinion ? Has anyone managed to run a unit test using JPA on google app engine ? 5) Do I need to set up any sort of gae.home somewhere in my pom file? Would anyone make use of it (a plugin or something) ? 6) Is the gwt-maven plugin any helpful if I don't use gwt - I'm writing a simple webservice making use of appengine, not a GWT app... Any help would be much appreciated as I've been struggling for 2 days now... Cheers, V.

    Read the article

  • java.security.AccessControlException: access denied using Java Web Start

    - by killiancomputers
    I am having some issues with accessing files using JWS (Java Web Start). The program adds a new label and image. The program runs fine on my local computer but gives me pages of errors when I run the program on my remote server using JWS. Here's a sample of the error: Exception in thread "AWT-EventQueue-0" java.security.AccessControlException: access denied (java.io.FilePermission add2.png read) at java.security.AccessControlContext.checkPermission(Unknown Source) at java.security.AccessController.checkPermission(Unknown Source) at java.lang.SecurityManager.checkPermission(Unknown Source) This occurs even after making sure the images have read access. Ideas?

    Read the article

  • .NET Code Access Security: Useful or just overcomplicated?

    - by routeNpingme
    see also Is “Code Access Security” of any real world use? I want to get some other opinions on this... I like the idea of Code Access Security for desktop applications. But in the lifetime of .NET I have to admit I've never actually had a situation where CAS has actually blocked something to my benefit. I have, however, had many times where something as simple as sharing a quick .NET application across a mapped drive becomes an enterprise code access nightmare. Having to break out caspol.exe to create trusted path rules and having no clear way of knowing why something failed makes it seem like CAS adds way more frustration to the development and deployment process than it offers in security. I'd like to hear either some situations where CAS has actually helped more than hurt, or if there are other people out there frustrated with its current implementation and defaults.

    Read the article

  • "java.security.AccessControlException: access denied" executing a signet Java Applet

    - by logoff
    I have a little Java Applet and I have an annoying issue. I have signed my JAR with my own keystore using jarsigner tool (following these instructions). The Java Applet downloads a signed JAR and tries to launch it with an extended class of URLClassLoader. This JAR tries to execute this line of code: ClassLoader.getSystemClassLoader().getResource("aResource"); It fails with a large stack trace finished by: Caused by: java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "getClassLoader") at java.security.AccessControlContext.checkPermission(AccessControlContext.java:366) at java.security.AccessController.checkPermission(AccessController.java:555) at java.lang.SecurityManager.checkPermission(SecurityManager.java:549) at java.lang.Thread.getContextClassLoader(Thread.java:1451) ... 21 more When the Java Applet is launched, the user is prompted to accept the certificate if he/she trusts the publisher: Even if I accept it, the exception occurred. Even if I install the certificate, and the prompt message is automatically accepted, the exception occurred. Any help would be appreciated!

    Read the article

  • Certificate Information from WCF Service using Transport security mode

    - by Langdon
    Is there any way to pull information about which client certificate was used inside of my web service method when using <security mode="Transport>? I sifted through OperationContext.Current but couldn't find anything obvious. My server configuration is as follows: <basicHttpBinding> <binding name="SecuredBasicBindingCert"> <security mode="Transport"> <message clientCredentialType="Certificate" /> </security> </binding> </basicHttpBinding> I'm working with a third party pub/sub system who is unfortunately using DataPower for authentication. It seems like if I'm using WCF with this configuration, then I'm unable to glean any information about the caller (since no credentials are actually sent). I somehow need to be able to figure out whose making calls to my service without changing my configuration or asking them to change their payload.

    Read the article

  • Careers in Computer Security? [closed]

    - by Joey Green
    I have the opportunity to go back for MSCS and the closest college's main research is in computer security and forensics. I've always been interested in computer networks and security but I have no interest whatsoever to run cables or add users to the network( which is what the network people do where I currently work ). I wanted to know how may I find out the types of day to day task a computer security expert does? I don't mean the jobs you find on dice or indeed. I'm talking about the type of careers that start out at the NSA or DIA. Also, I'm wondering what the pay is like for these types of fields? Thanks to all that reply.

    Read the article

  • How to make Spring accept fluent (non-void) setters?

    - by Chris
    Hi, I have an API which I am turning into an internal DSL. As such, most methods in my PoJos return a reference to this so that I can chain methods together declaratively as such (syntactic sugar). myComponent .setID("MyId") .setProperty("One") .setProperty2("Two") .setAssociation(anotherComponent) .execute(); My API does not depend on Spring but I wish to make it 'Spring-Friendly' by being PoJo friendly with zero argument constructors, getters and setters. The problem is that Spring seems to not detect my setter methods when I have a non-void return type. The return type of this is very convenient when chaining together my commands so I don't want to destroy my programmatic API just be to compatible with Spring injection. Is there a setting in Spring to allow me to use non-void setters? Chris

    Read the article

  • security roles in grails portlets

    - by srinath
    Hi, How to include security roles in grails portlets for liferay ? After deploying war in tomcat i added manually these lines for roles liferay-portlet.xml : <role-mapper> <role-name>administrator</role-name> <role-link>Administrator</role-link> </role-mapper> portlet.xml : <security-role-ref> <role-name>administrator</role-name> </security-role-ref> But How to add these roles settings in grails app before creating war ?? Please suggest me . thanks in advance sri..

    Read the article

  • Why don't stacks grow upwards (for security)?

    - by AshleysBrain
    This is related to the question 'Why do stacks typically grow downwards?', but more from a security point of view. I'm generally referring to x86. It strikes me as odd that the stack would grow downwards, when buffers are usually written to upwards in memory. For example a typical C++ string has its end at a higher memory address than the beginning. This means that if there's a buffer overflow you're overwriting further up the call stack, which I understand is a security risk, since it opens the possibility of changing return addresses and local variable contents. If the stack grew upwards in memory, wouldn't buffer overflows simply run in to dead memory? Would this improve security? If so, why hasn't it been done? What about x64, do those stacks grow upwards and if not why not?

    Read the article

  • Historical security flaws of popular PHP CMS's?

    - by VirtuosiMedia
    I'm creating a PHP CMS, one that I hope will be used by the public. Security is a major concern and I'd like to learn from some of the popular PHP CMS's like Wordpress, Joomla, Drupal, etc. What are some security flaws or vulnerabilities that they have they had in the past that I can avoid in my application and what strategies can I use to avoid them? What are other issues that I need to be concerned with that they perhaps didn't face as a vulnerability because they handled it correctly from the start? What additional security features or measures would you include? Please be as specific as possible. I'm generally aware of most of the usual attack vectors, but I want to make sure that all the bases are covered, so don't be afraid to mention the obvious as well. Assume PHP 5.2+.

    Read the article

  • Large ResultSet on postgresql query

    - by tuler
    I'm running a query against a table in a postgresql database. The database is on a remote machine. The table has around 30 sub-tables using postgresql partitioning capability. The query will return a large result set, something around 1.8 million rows. In my code I use spring jdbc support, method JdbcTemplate.query, but my RowCallbackHandler is not being called. My best guess is that the postgresql jdbc driver (I use version 8.3-603.jdbc4) is accumulating the result in memory before calling my code. I thought the fetchSize configuration could control this, but I tried it and nothing changes. I did this as postgresql manual recomended. This query worked fine when I used Oracle XE. But I'm trying to migrate to postgresql because of the partitioning feature, which is not available in Oracle XE. My environment: Postgresql 8.3 Windows Server 2008 Enterprise 64-bit JRE 1.6 64-bit Spring 2.5.6 Postgresql JDBC Driver 8.3-603

    Read the article

  • Spring constructor injection error

    - by Jeune
    I am getting the following error for a bean in my application context: Related cause: org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'businessLogicContext' d efined in class path resource [activemq-jms-consumer.xml]: Unsatisfied dependency expressed through constructor argument with index 0 of type [java.lang.String]: Could not convert constructor argument value of type [java.util.ArrayList] to required type [java.lang.String]: Failed to convert value of type [java.util.ArrayList] to required type [java.lang.Stri ng]; nested exception is java.lang.IllegalArgumentException: Cannot convert value of type [java.util.ArrayList] to requi red type [java.lang.String]: no matching editors or conversion strategy found at org.springframework.beans.factory.support.ConstructorResolver.createArgumentArray(ConstructorResolver.java:53 4) at org.springframework.beans.factory.support.ConstructorResolver.autowireConstructor(ConstructorResolver.java:18 6) at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.autowireConstructor(AbstractAuto wireCapableBeanFactory.java:855) at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutow ireCapableBeanFactory.java:765) at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCap ableBeanFactory.java:412) at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory$1.run(AbstractAutowireCapableBea nFactory.java:383) at java.security.AccessController.doPrivileged(Native Method) at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapab leBeanFactory.java:353) at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:245) at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegis try.java:169) at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:242) at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:164) at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListable BeanFactory.java:400) at org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplic ationContext.java:736) at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:369) at org.springframework.context.support.ClassPathXmlApplicationContext.<init>(ClassPathXmlApplicationContext.java :123) at org.springframework.context.support.ClassPathXmlApplicationContext.<init>(ClassPathXmlApplicationContext.java :66) Here is my bean: <bean id="businessLogicContext" class="org.springframework.context.support.ClassPathXmlApplicationContext" depends-on="resolveProperty"> <constructor-arg index="0"> <list> <value>jms-applicationContext.xml</value> <value>jms-managerBeanContext.xml</value> <value>jms-daoContext.xml</value> <value>jms-serviceContext.xml</value> </list> </constructor-arg> </bean> I don't know what's wrong, I have googled how to inject a string array via constructor injection and the way I do it above seems okay.

    Read the article

  • Server-side application configuration security. Best practices

    - by Andrew Florko
    We publish server-side application to our customer workstation and customer's security guys are concerned about configuration connection strings safety. Connection strings are stored as plain text right now, but as configuration file is not in the public/shared folder we supposed that workstation security itself is enough. What are the ways to improve connection strings security further? It is a big step forward to encrypt password and keep a decryption key on the same workstation? What are the steps we can take to keep connection strings (and alike) information more and more securable? Thank you in advance!

    Read the article

  • spring mvc forward to jsp

    - by jerluc
    I currently have my web.xml configured to catch 404s and send them to my spring controller which will perform a search given the original URL request. The functionality is all there as far as the catch and search go, however the trouble begins to arise when I try to return a view. <bean class="org.springframework.web.servlet.view.ContentNegotiatingViewResolver" p:order="1"> <property name="mediaTypes"> <map> <entry key="json" value="application/json" /> <entry key="jsp" value="text/html" /> </map> </property> <property name="defaultContentType" value="application/json" /> <property name="favorPathExtension" value="true" /> <property name="viewResolvers"> <list> <bean class="org.springframework.web.servlet.view.BeanNameViewResolver" /> <bean id="viewResolver" class="org.springframework.web.servlet.view.InternalResourceViewResolver"> <property name="prefix" value="/WEB-INF/jsp/" /> <property name="suffix" value="" /> </bean> </list> </property> <property name="defaultViews"> <list> <bean class="org.springframework.web.servlet.view.json.MappingJacksonJsonView" /> </list> </property> <property name="ignoreAcceptHeader" value="true" /> </bean> This is a snippet from my MVC config file. The problem lies in resolving the view's path to the /WEB-INF/jsp/ directory. Using a logger in my JBoss setup, I can see that when I test this search controller by going to a non-existent page, the following occurs: Server can't find the request Request is sent to 404 error page (in this case my search controller) Search controller performs search Search controller returns view name (for this illustration, we'll assume test.jsp is returned) Based off of server logger, I can see that org.springframework.web.servlet.view.JstlView is initialized once my search controller returns the view name (so I can assume it is being picked up correctly by the InternalResourceViewResolver) Server attempts to return content to browser resulting in a 404! A couple things confuse me about this: I'm not 100% sure why this isn't resolving when test.jsp clearly exists under the /WEB-INF/jsp/ directory. Even if there was some other problem, why would this result in a 404? Shouldn't a 404 error page that results in another 404 theoretically create an infinite loop? Thanks for any help or pointers! Controller class [incomplete]: @Controller public class SiteMapController { //-------------------------------------------------------------------------------------- @Autowired(required=true) private SearchService search; @Autowired(required=true) private CatalogService catalog; //-------------------------------------------------------------------------------------- @RequestMapping(value = "/sitemap", method = RequestMethod.GET) public String sitemap (HttpServletRequest request, HttpServletResponse response) { String forwardPath = ""; try { long startTime = System.nanoTime() / 1000000; String pathQuery = (String) request.getAttribute("javax.servlet.error.request_uri"); Scanner pathScanner = new Scanner(pathQuery).useDelimiter("\\/"); String context = pathScanner.next(); List<ProductLightDTO> results = new ArrayList<ProductLightDTO>(); StringBuilder query = new StringBuilder(); String currentValue; while (pathScanner.hasNext()) { currentValue = pathScanner.next().toLowerCase(); System.out.println(currentValue); if (query.length() > 0) query.append(" AND "); if (currentValue.contains("-")) { query.append("\""); query.append(currentValue.replace("-", " ")); query.append("\""); } else { query.append(currentValue + "*"); } } //results.addAll(this.doSearch(query.toString())); System.out.println("Request: " + pathQuery); System.out.println("Built Query:" + query.toString()); //System.out.println("Result size: " + results.size()); long totalTime = (System.nanoTime() / 1000000) - startTime; System.out.println("Total TTP: " + totalTime + "ms"); if (results == null || results.size() == 0) { forwardPath = "home.jsp"; } else if (results.size() == 1) { forwardPath = "product.jsp"; } else { forwardPath = "category.jsp"; } } catch (Exception ex) { System.err.println(ex); } System.out.println("Returning view: " + forwardPath); return forwardPath; } }

    Read the article

  • How to define RequestMapping prioritization

    - by James Skidmore
    I have a situation where I need the following RequestMapping: @RequestMapping(value={"/{section}"}) ...method implementation here... @RequestMapping(value={"/support"}) ...method implementation here... There is an obvious conflict. My hope was that Spring would resolve this automatically and map /support to the second method, and everything else to the first, but it instead maps /support to the first method. How can I tell Spring to allow an explicit RequestMapping to override a RequestMapping with a PathVariable in the same place? (Edit - this is simplified, I know that having those two RequestMapping alone wouldn't make much sense)

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 42 43 44 45 46 47 48 49 50 51 52 53  | Next Page >