Search Results

Search found 14878 results on 596 pages for 'mod security'.

Page 68/596 | < Previous Page | 64 65 66 67 68 69 70 71 72 73 74 75  | Next Page >

  • Managing accounts on a private website for a real-life community

    - by Smudge
    I'm looking at setting-up a walled-in website for a real-life community of people, and I was wondering if anyone has any experience with managing member accounts for this kind of thing. Some conditions that must be met: This community has a set list of real-life members, each of whom would be eligible for one account on the website. We don't expect or require that they all sign-up. It is purely opt-in, but we anticipate that many of them would be interested in the services we are setting up. Some of the community members emails are known, but some of them have fallen off the grid over the years, so ideally there would be a way for them to get back in touch with us through the public-facing side of the site. (And we'd want to manually verify the identity of anyone who does so). Their names are known, and for similar projects in the past we have assigned usernames derived from their real-life names. This time, however, we are open to other approaches, such as letting them specify their own username or getting rid of usernames entirely. The specific web technology we will use (e.g. Drupal, Joomla, etc) is not really our concern right now -- I am more interested in how this can be approached in the abstract. Our database already includes the full member roster, so we can email many of them generated links to a page where they can create an account. (And internally we can require that these accounts be paired with a known member). Should we have them specify their own usernames, or are we fine letting them use their registered email address to log-in? Are there any paradigms for walled-in community portals that help address security issues if, for example, one of their email accounts is compromised? We don't anticipate attempted break-ins being much of a threat, because nothing about this community is high-profile, but we do want to address security concerns. In addition, we want to make the sign-up process as painless for the members as possible, especially given the fact that we can't just make sign-ups open to anyone. I'm interested to hear your thoughts and suggestions! Thanks!

    Read the article

  • Using Dynamic LINQ to get a filter for my Web API

    - by Espo
    We are considering using the Dynamic.CS linq-sample included in the "Samples" directory of visual studio 2008 for our WebAPI project to allow clients to query our data. The interface would be something like this (In addition to the normal GET-methods): public HttpResponseMessage List(string filter = null); The plan is to use the dynamic library to parse the "filter"-variable and then execute the query agains the DB. Any thoughts if this is a good idea? Is it a security problem?

    Read the article

  • How can I tell if ZRTP is enabled in a Twinkle SIP call?

    - by komputes
    I recently attended a talk about GNU Telephony. I was informed that Twinkle supports ZRTP for encrypted SIP calls. I went into Edit User Profile Security and made sure that ZRTP was enables and that all boxes were checked. I asked a friend to do the same and then we called each other. There is no immediate indication that I can see that the call is secure. How can I tell if ZRTP is enabled in a Twinkle SIP call?

    Read the article

  • Windows Media Player Vulnerability, PCAnywhere Warning

    Windows Media Player Vulnerability Targeted by Drive-by-download Attack Security firm Trend Micro recently released details on malware that has been targeting the MIDI Remote Code Execution Vulnerability found in Microsoft's Windows Media Player. A post on Trend Micro's Malware Blog offered further insight into the malware that has been exploiting the CVE-2012-0003 vulnerability. The malware's authors have been successful in exploiting the vulnerability by tricking unsuspecting victims into opening a specially engineered MIDI file in Windows Media Player. This Web-based drive-by-download ...

    Read the article

  • What is the Best Practice for creating a secure login in a client - server appllication?

    - by Karamafrooz
    It's been a while I have been thinking on what could be the best scenario for creating a secure login in a client-server application running on internet or any other networks ! So I became with the idea to ask this question on programmers and I hope that this question will make awareness of new aspects of threads and security here by some kind of brain storming , I am really interested in good and new anseawres . Thanks in advance for your participation .

    Read the article

  • How to configure multiple WCF binding configurations for the same scheme

    - by Sandor Drieënhuizen
    I have a set of IIS7-hosted net.tcp WCF services that serve my ASP.NET MVC web application. The web application is accessed over the internet. WCF Services (IIS7) <--> ASP.NET MVC Application <--> Client Browser The services are username authenticated, the account that a client (of my web application) uses to logon ends up as the current principal on the host. I want one of the services to be authenticated differently, because it serves the view model for my logon view. When it's called, the client is obviously not logged on yet. I figure Windows authentication serves best or perhaps just certificate based security (which in fact I should use for the authenticated services as well) if the services are hosted on a machine that is not in the same domain as the web application. That's not the point here though. Using multiple TCP bindings is what's giving me trouble. I tried setting it up like this in my client configuration: <bindings> <netTcpBinding> <binding> <security mode="TransportWithMessageCredential"> <message clientCredentialType="UserName"/> </security> </binding> <binding name="public"> <security mode="Transport"> <message clientCredentialType="Windows"/> </security> </binding> </netTcpBinding> </bindings> <client> <endpoint contract="Server.IService1" binding="netTcpBinding" address="net.tcp://localhost:8081/Service1.svc"/> <endpoint contract="Server.IService2" binding="netTcpBinding" address="net.tcp://localhost:8081/Service2.svc"/> </client> The server configuration is this: <bindings> <netTcpBinding> <binding portSharingEnabled="true"> <security mode="TransportWithMessageCredential"> <message clientCredentialType="UserName"/> </security> </binding> <binding name="public"> <security mode="Transport"> <message clientCredentialType="Windows"/> </security> </binding> </netTcpBinding> </bindings> <services> <service name="Service1"> <endpoint contract="Server.IService1, Library" binding="netTcpBinding" address=""/> </service> <service name="Service2"> <endpoint contract="Server.IService2, Library" binding="netTcpBinding" address=""/> </service> </services> <serviceHostingEnvironment> <serviceActivations> <add relativeAddress="Service1.svc" service="Server.Service1"/> <add relativeAddress="Service2.svc" service="Server.Service2"/> </serviceActivations> </serviceHostingEnvironment> The thing is that both bindings don't seem to want live together in my host. When I remove either of them, all's fine but together they produce the following exception on the client: The requested upgrade is not supported by 'net.tcp://localhost:8081/Service2.svc'. This could be due to mismatched bindings (for example security enabled on the client and not on the server). In the server trace log, I find the following exception: Protocol Type application/negotiate was sent to a service that does not support that type of upgrade. Am I looking into the right direction or is there a better way to solve this?

    Read the article

  • Configuring multiple WCF binding configurations for the same scheme doesn't work

    - by Sandor Drieënhuizen
    I have a set of IIS7-hosted net.tcp WCF services that serve my ASP.NET MVC web application. The web application is accessed over the internet. WCF Services (IIS7) <--> ASP.NET MVC Application <--> Client Browser The services are username authenticated, the account that a client (of my web application) uses to logon ends up as the current principal on the host. I want one of the services to be authenticated differently, because it serves the view model for my logon view. When it's called, the client is obviously not logged on yet. I figure Windows authentication serves best or perhaps just certificate based security (which in fact I should use for the authenticated services as well) if the services are hosted on a machine that is not in the same domain as the web application. That's not the point here though. Using multiple TCP bindings is what's giving me trouble. I tried setting it up like this in my client configuration: <bindings> <netTcpBinding> <binding> <security mode="TransportWithMessageCredential"> <message clientCredentialType="UserName"/> </security> </binding> <binding name="public"> <security mode="Transport"> <message clientCredentialType="Windows"/> </security> </binding> </netTcpBinding> </bindings> <client> <endpoint contract="Server.IService1" binding="netTcpBinding" address="net.tcp://localhost:8081/Service1.svc"/> <endpoint contract="Server.IService2" binding="netTcpBinding" bindingConfiguration="public" address="net.tcp://localhost:8081/Service2.svc"/> </client> The server configuration is this: <bindings> <netTcpBinding> <binding portSharingEnabled="true"> <security mode="TransportWithMessageCredential"> <message clientCredentialType="UserName"/> </security> </binding> <binding name="public"> <security mode="Transport"> <message clientCredentialType="Windows"/> </security> </binding> </netTcpBinding> </bindings> <services> <service name="Service1"> <endpoint contract="Server.IService1, Library" binding="netTcpBinding" address=""/> </service> <service name="Service2"> <endpoint contract="Server.IService2, Library" binding="netTcpBinding" bindingConfiguration="public" address=""/> </service> </services> <serviceHostingEnvironment> <serviceActivations> <add relativeAddress="Service1.svc" service="Server.Service1"/> <add relativeAddress="Service2.svc" service="Server.Service2"/> </serviceActivations> </serviceHostingEnvironment> The thing is that both bindings don't seem to want live together in my host. When I remove either of them, all's fine but together they produce the following exception on the client: The requested upgrade is not supported by 'net.tcp://localhost:8081/Service2.svc'. This could be due to mismatched bindings (for example security enabled on the client and not on the server). In the server trace log, I find the following exception: Protocol Type application/negotiate was sent to a service that does not support that type of upgrade. Am I looking into the right direction or is there a better way to solve this?

    Read the article

  • How to configurie multiple distinct WCF binding configurations for the same scheme

    - by Sandor Drieënhuizen
    I have a set of IIS7-hosted net.tcp WCF services that serve my ASP.NET MVC web application. The web application is accessed over the internet. WCF Services (IIS7) <--> ASP.NET MVC Application <--> Client Browser The services are username authenticated, the account that a client (of my web application) uses to logon ends up as the current principal on the host. I want one of the services to be authenticated differently, because it serves the view model for my logon view. When it's called, the client is obviously not logged on yet. I figure Windows authentication serves best or perhaps just certificate based security (which in fact I should use for the authenticated services as well) if the services are hosted on a machine that is not in the same domain as the web application. That's not the point here though. Using multiple TCP bindings is what's giving me trouble. I tried setting it up like this in my client configuration: <bindings> <netTcpBinding> <binding> <security mode="TransportWithMessageCredential"> <message clientCredentialType="UserName"/> </security> </binding> <binding name="public"> <security mode="Transport"> <message clientCredentialType="Windows"/> </security> </binding> </netTcpBinding> </bindings> <client> <endpoint contract="Server.IService1" binding="netTcpBinding" address="net.tcp://localhost:8081/Service1.svc"/> <endpoint contract="Server.IService2" binding="netTcpBinding" address="net.tcp://localhost:8081/Service2.svc"/> </client> The server configuration is this: <bindings> <netTcpBinding> <binding portSharingEnabled="true"> <security mode="TransportWithMessageCredential"> <message clientCredentialType="UserName"/> </security> </binding> <binding name="public"> <security mode="Transport"> <message clientCredentialType="Windows"/> </security> </binding> </netTcpBinding> </bindings> <services> <service name="Service1"> <endpoint contract="Server.IService1, Library" binding="netTcpBinding" address=""/> </service> <service name="Service2"> <endpoint contract="Server.IService2, Library" binding="netTcpBinding" address=""/> </service> </services> <serviceHostingEnvironment> <serviceActivations> <add relativeAddress="Service1.svc" service="Server.Service1"/> <add relativeAddress="Service2.svc" service="Server.Service2"/> </serviceActivations> </serviceHostingEnvironment> The thing is that both bindings don't seem to want live together in my host. When I remove either of them, all's fine but together they produce the following exception on the client: The requested upgrade is not supported by 'net.tcp://localhost:8081/Service2.svc'. This could be due to mismatched bindings (for example security enabled on the client and not on the server). In the server trace log, I find the following exception: Protocol Type application/negotiate was sent to a service that does not support that type of upgrade. Am I looking into the right direction or is there a better way to solve this?

    Read the article

  • WCF tcp.net client/server connection failing "Stream Security is required"

    - by Tom W.
    I am trying to test a simple WCF tcp.net client/server app. The WCF service is being hosted on Windows 7 IIS. I have enabled TCP.net in IIS. I granted liberal security privileges to service app by configuring an app pool with admin rights and set the IIS service application to run in the context. I enabled tracing on the service app to troubleshoot. Whenever I run a simple method call against the service from the WCF client app, I get the following exception: "Stream Security is required at http://www.w3.org/2005/08/addressing/anonymous, but no security context was negotiated. This is likely caused by the remote endpoint missing a StreamSecurityBindingElement from its binding." Here is my client configuration: <bindings> <netTcpBinding> <binding name="InsecureTcp"> <security mode="None" /> </binding> </netTcpBinding> </bindings> Here is my service configuration: <bindings> <netTcpBinding> <binding name="InsecureTcp" > <security mode="None" /> </binding> </netTcpBinding> </bindings> <services> <service name="OrderService" behaviorConfiguration="debugServiceBehavior"> <endpoint address="" binding="netTcpBinding" bindingConfiguration="InsecureTcp" contract="ProtoBufWcfService.IOrder" /> </service> </services> <behaviors> <serviceBehaviors> <behavior name="debugServiceBehavior"> <serviceDebug includeExceptionDetailInFaults="true" /> </behavior> </serviceBehaviors> </behaviors>

    Read the article

  • System.Web.Security.FormsAuthentication.Encrypt returns null

    - by Mustafakidd
    I'm trying to encrypt some userData to create my own custom IPrincipal and IIdentity objects using Forms authentication - I've serialized an object representing my logged in user to Json and created my FormsAuthentication ticket like so: string user_item = GetJsonOfLoggedinUser();/*get JSON representation of my logged in user*/ System.Web.Security.FormsAuthenticationTicket ticket = new System.Web.Security.FormsAuthenticationTicket(1, WAM.Utilities.SessionHelper.LoggedInEmployee.F_NAME + " " + WAM.Utilities.SessionHelper.LoggedInEmployee.L_NAME, DateTime.Now, DateTime.Now.AddMinutes(30), false, user_item); string encrypted_ticket = System.Web.Security.FormsAuthentication.Encrypt(ticket); HttpCookie auth_cookie = new HttpCookie( System.Web.Security.FormsAuthentication.FormsCookieName, encrypted_ticket); Response.Cookies.Add(auth_cookie); However, the string encrypted_ticket is always null. Is there a limit on the length of the user_item string? Thanks Mustafa

    Read the article

  • NHibernate WCF Rest IIS7 Fails with Security Exception

    - by RyanFetz
    Here is the error: System.TypeInitializationException: The type initializer for 'NHibernate.Cfg.Environment' threw an exception. --- System.Security.SecurityException: Request for ConfigurationPermission failed while attempting to access configuration section 'hibernate-configuration'. To allow all callers to access the data for this section, set section attribute 'requirePermission' equal 'false' in the configuration file where this section is declared. --- System.Security.SecurityException: Request for the permission of type 'System.Configuration.ConfigurationPermission, System.Configuration, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a' failed. at System.Security.CodeAccessSecurityEngine.Check(Object demand, StackCrawlMark& stackMark, Boolean isPermSet) at System.Security.CodeAccessPermission.Demand() at System.Configuration.BaseConfigurationRecord.CheckPermissionAllowed(String configKey, Boolean requirePermission, Boolean isTrustedWithoutAptca) We have the trust level set to Full. Note also that we also have a web site that runs the SAME Nhibernate code and has NO issues. Only the WCF REst Web Service Application has this error? Any Thoughts as to WHY this is a problem?

    Read the article

  • Bluepay Security Error

    - by Shima
    Hi all, I am trying to implement bluepay payment service in my PHP project,but I'm getting a return message of "Security Error". Here's the exact debug page results: Response: STATUS=E&MESSAGE=SECURITY%20ERROR Trans Id: Status: E AVS Resp: CVV2 Resp: Auth Code: Message: SECURITY ERROR Rebid: I'm using the correct merchant ID and Secret Key. Does anyone has any idea!!!! Please help me!

    Read the article

  • LINQ error when deployed - Security Exception - cannot create DataContext

    - by aximili
    The code below works locally, but when I deploy it to the server it gives the following error. Security Exception Description: The application attempted to perform an operation not allowed by the security policy. To grant this application the required permission please contact your system administrator or change the application's trust level in the configuration file. Exception Details: System.Security.SecurityException: Request for the permission of type 'System.Security.Permissions.FileIOPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed. The code is protected void Page_Load(object sender, EventArgs e) { DataContext context = new DataContext(Global.ConnectionString); // <-- throws the exception //Table<Group> _kindergartensTable = context.GetTable<Group>(); Response.Write("ok"); } I have set full write permissons on all files and folders on the server. Any suggestions how to solve this problem? Thanks in advance.

    Read the article

  • How to programmatically answer "Yes" to WebBrowser control security alert

    - by ih8ie8
    I am using WebBrowser control to programmatically access a single website, but whenever I login, I receive this certificate security alert: Since I trust that website and since I need to programmatically automate the login as well, this dialog box gets in the way. I searched SO for a solution and found a question similar to mine, but the accepted answer does not work! I defined a static member in the form that contains the WebControl: public static bool ValidateServerCertificate(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors) { return true; } In my form's constructor I added: ServicePointManager.ServerCertificateValidationCallback = new RemoteCertificateValidationCallback(ValidateServerCertificate); But that didn't get rid of the certificate security alert. Is there any way to get rid of this warning? Is there an IE equivalent to Firefox's Add Security Exception??? Note: The owner's certificate works perfectly fine (without exhibiting this security alert) with standalone browsers (IE, FF, Chrome, Safari). It only exhibits the problem with the WebBroswer control.

    Read the article

  • Spring App error: java.lang.NoClassDefFoundError: org/springframework/security/core/SpringSecurityCoreVersion

    - by Shades88
    I am writing a simple spring mvc login form example. I am getting below error in netbeans 05-Jun-2014 02:11:51.055 SEVERE [http-nio-8084-exec-1] org.apache.catalina.core.StandardContext.listenerStart Exception sending context initialized event to listener instance of class org.springframework.web.context.ContextLoaderListener org.springframework.beans.factory.BeanDefinitionStoreException: Unexpected exception parsing XML document from ServletContext resource [/WEB-INF/SpringSecurity.xml]; nested exception is org.springframework.beans.BeanInstantiationException: Could not instantiate bean class [org.springframework.security.config.SecurityNamespaceHandler]: Constructor threw exception; nested exception is java.lang.NoClassDefFoundError: org/springframework/security/core/SpringSecurityCoreVersion at org.springframework.beans.factory.xml.XmlBeanDefinitionReader.doLoadBeanDefinitions(XmlBeanDefinitionReader.java:413) at org.springframework.beans.factory.xml.XmlBeanDefinitionReader.loadBeanDefinitions(XmlBeanDefinitionReader.java:335) at org.springframework.beans.factory.xml.XmlBeanDefinitionReader.loadBeanDefinitions(XmlBeanDefinitionReader.java:303) at org.springframework.beans.factory.support.AbstractBeanDefinitionReader.loadBeanDefinitions(AbstractBeanDefinitionReader.java:180) at org.springframework.beans.factory.support.AbstractBeanDefinitionReader.loadBeanDefinitions(AbstractBeanDefinitionReader.java:216) at org.springframework.beans.factory.support.AbstractBeanDefinitionReader.loadBeanDefinitions(AbstractBeanDefinitionReader.java:187) at org.springframework.web.context.support.XmlWebApplicationContext.loadBeanDefinitions(XmlWebApplicationContext.java:125) at org.springframework.web.context.support.XmlWebApplicationContext.loadBeanDefinitions(XmlWebApplicationContext.java:94) at org.springframework.context.support.AbstractRefreshableApplicationContext.refreshBeanFactory(AbstractRefreshableApplicationContext.java:129) at org.springframework.context.support.AbstractApplicationContext.obtainFreshBeanFactory(AbstractApplicationContext.java:540) at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:454) at org.springframework.web.context.ContextLoader.configureAndRefreshWebApplicationContext(ContextLoader.java:403) at org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:306) at org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:106) at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:4738) at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5158) at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150) at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:726) at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:702) at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:697) at org.apache.catalina.startup.HostConfig.deployDescriptor(HostConfig.java:579) at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:455) at org.apache.catalina.startup.HostConfig.check(HostConfig.java:1554) at sun.reflect.GeneratedMethodAccessor53.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:606) at org.apache.tomcat.util.modeler.BaseModelMBean.invoke(BaseModelMBean.java:300) at com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.invoke(DefaultMBeanServerInterceptor.java:819) at com.sun.jmx.mbeanserver.JmxMBeanServer.invoke(JmxMBeanServer.java:801) at org.apache.catalina.manager.ManagerServlet.check(ManagerServlet.java:1428) at org.apache.catalina.manager.ManagerServlet.deploy(ManagerServlet.java:885) at org.apache.catalina.manager.ManagerServlet.doGet(ManagerServlet.java:343) at javax.servlet.http.HttpServlet.service(HttpServlet.java:618) at javax.servlet.http.HttpServlet.service(HttpServlet.java:725) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:301) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.netbeans.modules.web.monitor.server.MonitorFilter.doFilter(MonitorFilter.java:393) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.apache.catalina.filters.SetCharacterEncodingFilter.doFilter(SetCharacterEncodingFilter.java:108) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:219) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:106) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:615) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:136) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:74) at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:610) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:88) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:516) at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1015) at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:652) at org.apache.coyote.http11.Http11NioProtocol$Http11ConnectionHandler.process(Http11NioProtocol.java:222) at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1575) at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1533) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) at java.lang.Thread.run(Thread.java:744) Caused by: org.springframework.beans.BeanInstantiationException: Could not instantiate bean class [org.springframework.security.config.SecurityNamespaceHandler]: Constructor threw exception; nested exception is java.lang.NoClassDefFoundError: org/springframework/security/core/SpringSecurityCoreVersion at org.springframework.beans.BeanUtils.instantiateClass(BeanUtils.java:164) at org.springframework.beans.BeanUtils.instantiateClass(BeanUtils.java:105) at org.springframework.beans.factory.xml.DefaultNamespaceHandlerResolver.resolve(DefaultNamespaceHandlerResolver.java:130) at org.springframework.beans.factory.xml.BeanDefinitionParserDelegate.parseCustomElement(BeanDefinitionParserDelegate.java:1419) at org.springframework.beans.factory.xml.BeanDefinitionParserDelegate.parseCustomElement(BeanDefinitionParserDelegate.java:1414) at org.springframework.beans.factory.xml.DefaultBeanDefinitionDocumentReader.parseBeanDefinitions(DefaultBeanDefinitionDocumentReader.java:187) at org.springframework.beans.factory.xml.DefaultBeanDefinitionDocumentReader.doRegisterBeanDefinitions(DefaultBeanDefinitionDocumentReader.java:141) at org.springframework.beans.factory.xml.DefaultBeanDefinitionDocumentReader.registerBeanDefinitions(DefaultBeanDefinitionDocumentReader.java:110) at org.springframework.beans.factory.xml.XmlBeanDefinitionReader.registerBeanDefinitions(XmlBeanDefinitionReader.java:508) at org.springframework.beans.factory.xml.XmlBeanDefinitionReader.doLoadBeanDefinitions(XmlBeanDefinitionReader.java:391) ... 60 more Caused by: java.lang.NoClassDefFoundError: org/springframework/security/core/SpringSecurityCoreVersion at org.springframework.security.config.SecurityNamespaceHandler.<init>(SecurityNamespaceHandler.java:65) at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:57) at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) at java.lang.reflect.Constructor.newInstance(Constructor.java:526) at org.springframework.beans.BeanUtils.instantiateClass(BeanUtils.java:148) ... 69 more Caused by: java.lang.ClassNotFoundException: org.springframework.security.core.SpringSecurityCoreVersion at org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1284) at org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1132) ... 75 more I am using spring 3.2.7. It was not having spring security jar. So I got it downloaded using maven. It's version is 3.2.4. What is this error? There's no error in code. What must have gone wrong? For last 3 hours I have been trying to run a simple example, but totally hammered by this error. Please help

    Read the article

  • javax.security.auth.login.LoginException: Login failed

    - by abdeslam
    I'm trying to run a hadoop job (version 18.3) on my windows machine but I get the following error: Caused by: javax.security.auth.login.LoginException: Login failed: CreateProcess: bash -c groups error=2 at org.apache.hadoop.security.UnixUserGroupInformation.login(UnixUserGroupInformation.java:250) at org.apache.hadoop.security.UnixUserGroupInformation.login(UnixUserGroupInformation.java:275) at org.apache.hadoop.mapred.JobClient.configureCommandLineOptions(JobClient.java:557) ... 3 more The same job works fine in an another windows machine. Do I have may be something wrong in the settings variabls? How can I fix this problem?

    Read the article

  • How to handle a Security Alert Pop Up on IE by VBScript

    - by eightants
    I need to create a VBScript (WSH) to automatically open Internet Explorer and navigate a security web page. However, it always pops up a security alert before displaying that website. Can anyone provide a solution for either disables the pop up function (security certification) in IE or accepts the pop-up by the script? Here is my script: Dim objIE Set objIE = CreateObject("InternetExplorer.Application") objIE.Visible = True objIE.Navigate "https://10.10.10.101:9000/Portal" ???? Set objIE = Nothing Thanks a lot.

    Read the article

  • IBM WESB/WAS JCA security configuration

    - by user594883
    I'm working with IBM tools. I have a Websphere ESB (WESB) and a CICS transaction gateway (CTG). The basic set-up is as follows: A SOAP service needs data from CICS. The SOAP-service is connecting to service bus (WESB) to handle data and protocol transformation and then WESB calls the CTG which in turn calls CICS and the reply is handled vice verse (synchronously). WESB calls the CTG using Resource Adapter and JCA connector (or CICS adapter as it is called in WESB). Now, I have all the pieces in place and working. My question is about the security, and even though I'm working with WESB, the answer is probably the same as in Websphere Application Server (WAS). The Resource Adaper is secured using JAAS - J2C authentication data. I have configured the security using J2C authentication data entry, so basically I have a reference in the application I'm running and at runtime the application does a lookup for the security attributes from the server. So basically I'm always accessing the CICS adapter with the same security reference. My problem is that I need to access the resource in more dynamic way in the future. The security cannot be welded into the application anymore but instead given as a parameter. Could some WESB or WAS guru help me out, how this could be done in WESB/WAS exactly?

    Read the article

  • Security Policy not working, as3

    - by VideoDnd
    How to I get my security policy working? My parent swf parses an XML doc and loads 2 children. It throws a 2148 security error, and only works in the Flash IDE. PARENT SWF flash.system.Security.loadPolicyFile("crossdomain.xml"); I've referenced my security file from my swf. I Also published my parent swf as 'network only' and put all the crossdomain.xml and everything else in the same folder. I need to click on the animations and have them place from a local computer at a kiosk. Any suggestions? POLICY FILE <?xml version=\"1.0\"?> <!DOCTYPE cross-domain-policy SYSTEM \"/xml/dtds/cross-domain-policy.dtd\"> <cross-domain-policy> <site-control permitted-cross-domain-policies=\"master-only\"/> <allow-access-from domain=\"*\" to-ports=\"*\" secure=\"false\" /> </cross-domain-policy>"

    Read the article

  • Web service security not working. Java

    - by Nitesh Panchal
    Hello, I have a ejb module which contains my ejbs as well as web services. I am using Netbeans 6.8 and Glassfish V3 I right clicked on my web service and clicked "edit web service attributes" and then checked "secure service" and then selected keystore of my server. This is my sun-ejb-jar.xml file :- <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE sun-ejb-jar PUBLIC "-//Sun Microsystems, Inc.//DTD Application Server 9.0 Servlet 2.5//EN" "http://www.sun.com/software/appserver/dtds/sun-web-app_2_5-0.dtd"> <sun-ejb-jar> <security-role-mapping> <role-name>Admin</role-name> <group-name>Admin</group-name> </security-role-mapping> <security-role-mapping> <role-name>General</role-name> <group-name>General</group-name> </security-role-mapping> <security-role-mapping> <role-name>Member</role-name> <group-name>Member</group-name> </security-role-mapping> <enterprise-beans> <ejb> <ejb-name>MemberBean</ejb-name> <webservice-endpoint> <port-component-name>wsMember</port-component-name> <login-config> <auth-method>BASIC</auth-method> <realm>file</realm> </login-config> </webservice-endpoint> </ejb> </enterprise-beans> </sun-ejb-jar> Here MemberBean is my ejb and wsMember is my webservice. Then i made another project and added web service client and again right clicked on "edit web service attributes" and gave password as test and test. This username and password (test) is in Glassfish server in file realm. But when i try to invoke my webservice i always get SEC5046: Audit: Authentication refused for [test]. SEC1201: Login failed for user: test What am i doing wrong? Am i missing something?

    Read the article

  • MSDN Remark regards Security Descriptors

    - by Doori Bar
    I'm trying to extract and restore a Security Descriptor of a NTFS file, via Windows API - XP SP3, I'm trying to understand which functions are actually able to do it properly, but I simply fail. I found this Remark over MSDN: http://msdn.microsoft.com/en-us/library/aa379573%28VS.85%29.aspx "Some SECURITY_INFORMATION members work only with the SetNamedSecurityInfo function. These members are not returned in the structure returned by other security functions such as GetNamedSecurityInfo..." "Some members..." Which members? Why? "Other Security functions such as..." Which functions? Why? Anybody have any experience with extracting and restoring a security descriptor of a NTFS file? Thanks in advance, Doori Bar

    Read the article

  • Web Service Security java

    - by WhoAmI
    My web service was created some time back using IBM JAX-RPC. As a part of enhancement, I need to provide some security to the existing service. One way is to provide a handler, all the request and response will pass through that handler only. In the request I can implement some authentication rules for each and every application/user accessing it. Other than this, What are the possible ways for securing it? I have heard someting called wsse security for web service. Is it possible to implement it for the JAX-RPC? Or it can be implemented only for JAX-WS? Need some helpful inputs on the wsse security so that i can jump learning it. Other than handler and wsse security, any other possible way to make a service secure? Please help.

    Read the article

< Previous Page | 64 65 66 67 68 69 70 71 72 73 74 75  | Next Page >