JDeveloper 11 g - WS based secure
Dear,
I used JDeveloper 11 g create restful WS.
I got also using policies GOSA.
Rest is now secure and no one can access it without using the user name and password.
The problem is:
Due to the number of users will be competing Portal o I will use HTML5 pages that call WS Restful call using Ajax.
Call Ajax can be traced using firebug and any end users can access code using firebug to get Restful WS URL and parameter sent using POST (username and password).
Is it possible to ensure my differently or calling to call RESTFull WS of HTML5 safely
I will use the user name as a parameter will be only sent to WS REST to database query with it but authentication relaxing WS will be to help specific user "admin for example.
If it's false, what do you recommend, and why it is causing the problem?
Well, you cannot share the same set of credentials between your users and expect that no abuse it
Must authenticate to the rest as a "real user" service, in order to achieve that you can use:
-the same user/pwd name used for your "main" application
-sort of a "token" issued to each user after logging in to the "claim".
-client certificates
- ...
Finally, it is a general question. What is the best practice to protect my WS URL based on a lot of hit where I'll call using HTML5 page ajex?
You can put 'something' in front of your server that will protect your service (this may be a module of software or a device of equipment, according to the degree of protection you want to achieve)
Dario
Tags: Java
Similar Questions
-
Security hierarchy based in OBIEE
Hello
I have a simple request, but will have a hard time trying to figure it out.
I have a dimension store with the following levels: store - city - country
I have a single measure in the fact table: sale
I want to be able to allow users a specific group access sales grouped by country, but not being able to go into the details by city or store.
Other users would be able to see the sales by country and city and no stores.
A third group of users would be abe to see sales of all three surveys.
How can I achieve this in the security model for RPD?
Thank you
Joao Moreira
Hi João,.
It is possible. check these items. Looks like useful for this.
A different look at the hierarchy based security in OBIEE | Carpediemconsulting blog
Thank you
AJ -
can I run secure money from Kaspersky 2016 on Fire Fox
10 showing orange attention, windows-based secure money off as an extension not signed. What should I do?
42 of Firefox would not disable a due extension this extension is not signed. [Currently scheduled to be implemented in Firefox 45.]
Firefox 39-plus provides a relative to the extension not be ' checked ' message and said to "act with caution". If it is not available or cannot be activated in the Addons Manager, or it does not, it may be not compatible for other reasons. -
How to install the update for CAPICOM (KB931906) Security Version 2.1.0.2
original title: implementation of security update for CAPICOM (KB931906) Version 2.1.0.2
How can I take care of this update for CAPICOM (KB931906) security Publisher Version 2.1.0.2 Http//support_microsoft.com?Kbid=931906
Hi FOTISmaheras,-What exactly is the problem you are having? Are you unable to install this update?-If Yes, are the other updates complete the installation successfully without any problem?CAPICOM is a component of Windows that provides services to programs that allow cryptography-based security. This includes the features of authentication which uses digital signatures for enveloping messages and to encrypt and decrypt data.Note This update requires Microsoft Windows Installer version 3.0 or a later version of Windows Installer.
For more information, click on the number below to view the article in the Microsoft Knowledge Base:292539 How to obtain the Windows Installer engineDownload the stand-alone update package and install it manually. -
Methods to secure PDF files against third party releasers
I have not tested their claims, but www.pdfunlock.com and www.guapdf.com both claim to be able to bypass any security Acrobat encryption up to 256-bit version 11. And I guess that any new version to come out.
(Acrobat can completely stop the ability to edit a PDF file, or do I have something like a) LockLizard, or b) a converter to my PDF file in a series of images, if I want to secure my data?
That's why Adobe gives a warning light when you set security this third-party tools it can not comply.
The problem is that the security of password is part of the published ISO standard which anyone can follow, and some programmers choose to ignore safety rules.
You might consider certificate-based security. This works if you did an exchange of certificates secured with the recipient. Only the recipient has the key to decrypt.
-
Security at the level of the object by creating groups of catalog in OBIEE - 10 G
Hi all
I have a requirement to display the dashboard based on the user login. Ex. Mike belongs to HR, Smith to accounts
When Mike connects, he should see only these three dashboards. View of CF, commune data1, data2 common. When Smith connects, he should see only these three dashboards. Display accounts, common data1, commondata2.
Commondata1 and commondata2 dashboards has joint reports for all departments. Other dashboards is particular department with all the different reports. How can I implement this?
One of my previous posts, I was told to do by using the object-level security by creating groups of catalog. Can you please provide me with instructions to end-to-end on creating object groups of catalog-based security level.
Thanks for your time and your help.Hello
Mike to HR
Smit - accountYes, groups reach you by security at the object level by creating catalog
(1) create a catalog group and users partially RPD (Ex: Account_grp, HR_grp)
(2) assign user to this particular group (say Ex: Account_grp = Smith and HR_grp = Mike)(3) login (username Admin) dashboard and---> gale dashboard page layout--> add users to this particular
Dashboard users and save it then
try to connect to the user mike and smith, it will workyou see link below
http://www.rittmanmead.com/2010/01/OBIEE-10G-Web-catalog-best-practices/
http://www.rittmanmead.com/2007/05/OBIEE-and-row-level-security/
Thank you
Deva
-
SOLUTION: implementation of operating unit Org security without EBS integration
Hi all
Thank you for taking the time to read this post.
Environment
Applications of Oracle's BI 7.9.6 (financial and analytical project)
Oracle E-Business Suite 11.5.10
Question
I have implemented the BI Applications and uses LDAP (OID/MSAD) authentication to authenticate users of BI applications. It performs authentication successfully. Also, I need to implement the GROUP authorization and security OU_ORG, but as I do not implement integration EBS documented (as directed by Metalink Note ID 555254.1) I am looking at a custom solution.
To achieve this, I created a custom in the BAW database table that contains the information USER, GROUP, and OU_ORG. Then, I created separate initialization blocks for the security of the GROUP and the OU_ORG being triggered after the LDAP authentication. These SQL queries are inspired to return data to a Variable initialization. I'm lining up groups presentation OOTB GROUP values and I am able to get that block initialization to work as expected - the user has more privileges to see the links in dashboard and demand as I have it configured in the Web catalogue.
However, they can see all the data across all the orgs. Safety OU_ORG is back the correct org_ids in the horizontal variable, but I seem to be missing how OBIEE uses this to data security.
If you are able to help with a possible solution, that would be greatly appreciated. In addition, if it relates to a change in the level of the dashboard, responses or SPR, if you were able to include where precisely in these components that would also be very beneficial.
Thank you very much
Gary.I suppose that you created a variable called OU_ORG populated by your own custom block horizontal init. Now, you must create a security group (or use one that is called OR Org based security OTB on the). Open the group, and in one of the tabs, you can create data filters. Create filters on the appropriate facts you want by applying a filter on the dimension of the OU using the variable above. Then using the variable GROUP, you must ensure that your users who belong to this group (the variable should get assigned with exactly the same value as the name of the security group).
-
Develop an idstore custom AuthenticationProvider or credentials
Starting from the thread:
==========================================================
At work they asked to integrate an existing SSO cookie with the new ADF, Jdeveloper 11 g + WLS-based. After google for days and read a lot of blogs and official documentation, I made a custom LoginModule. I've done it's very simple, it's just an 'if' within the function login()) with the username, the username is 'john', I put the topic some school principals. My steps are:
1. create a new application based on the model of "Merge request".
2. make a new Taskflow ADF with just a point of view inside (the entry point of the taskflow). The jspx only contains a welcome message.
3 run the Security Assistant of the ADF, all the steps with the default option, I wouldn't change a thing.
4 put some users and roles in jazn-"Data.xml" and address to an application role. Can I grant permissions to the application role to view the previous workflow.
At this point, everything is ok. I run the taskflow and a basic connection popup prompts me to write my username and password. Now I try to delete all useless to me as idstore, credentials, anonymous, etc.. I want only a LoginModule who obtain the HttpRequest object, and passes to an already made class that returns a true or false depending if the cookie is correct or not, but, as I said previously, my LoginModule is so simple now and even does not try to do something more complicated than if. The steps I try are:
JPs-file config. XML
5. remove the idstore.xml and identification information.
6. (tab loginmodule) make a new connection module and put my class here. The class is part of the ViewController project and JDeveloper navigate the heriarchy, and I so visibility. I put the flag REQUIRE, add all roles and debug mode.
7. in the context of security uncheck the idstore.loginmodule and mark myLoginModule. Also delete the anonymous security context.
Everything I've had so far is an error 500 (internal server - permission Exception error). Sometimes (right at the end I was never to do something) the browser ask me for the username/password but then only recognizes users who are already in WLS (idstore of previous tests), but NOT the user of "John" which is inside my custom LoginModule. Even more, if I run the WLS in JDeveloper 11 g in debug mode, execution never stops at the breakpoints inside my custom login module. It seems that my LoginModule is not deployed or I made some mistake address roles.
So, my questions are:
-I'm in the right direction? If I want an authentication cookie/httprequest,-based that I need to do a custom LoginModule? My goal is to make a reusable code and re - use code that did my co-workers. They have a class that, with only the HttpRequest object, determines if a user is logged on or not.
-If I'm in a good way... How can I put my LoginModule custom in the WLS? I tried to look for something in the Administration Panel (localhost:7101 / console) but I not find anything.
-In case I got the custom LoginModule works well in WLS... How can I get an HttpRequest from a LoginModule and avoid the name of username/password dialog box? I do a filter and pass it to the my LoginModule? If this is correct... How?
I do not post my code because it is so simple, it is based on DBTableLoginModule, but without all the database access code.
Thank you all!
P.D.: If this message is not in the right forum, I'm sorry. Feel free to move it.
P.D.2: Sorry my English, I'm Spanish. I know that I practice a lot :)
===========================================================
After a week of work in the problem that I have not solved. I managed to write an AuthenticationProvider, a LoginModule and a Principal of classes and I have put them in WLS, so "myAuthenticator" present in the drop-down list box ready to be used. But it does not work :( The server always shows me an exception (one last tells me that my class is not a valid JAAS authenticator, but the manufacturer of MBean does not complain). Is it possible to implement an authenticator that does not use the credentials, the idstore or reminders? For example, can I implement an AuthenticatorProvider which gives me managers only based on time of day, or a Boolean value returned by a custom, without interaction with the user class? It of really a must to create a user in the embedded weblogic LDAP or can read the username of a cookie, as in my case? Any advice will be very useful, or code would be great.
Another related question: why the Assistant Security ADF deploy with the on-board WLS? The wizard allows me to create a custom LoginModule and add it with the button "+", but it is not simply to deploy. Will be fixed in future releases or I do something wrong?
Thank you all.
Riveck.So, since the ADF application just uses the authentication of WLS, you're on the right track with the authentication provider.
What you need, however, is an IdentityAsserter. The identity asserter tells the container that you want to authenticate you, but you don't have a password, you have a token... in your case some foo HTTP header = john.
The good news is that there is already an asserter of identity that you can use to start with... the SimpleSampleIdentityAsserter.
[https://codesamples.samplecode.oracle.com/servlets/tracking?id=S224]
Here is the link to the examples.
I think what you want to do, is to set up your LoginModule that will be called when the IdentityAsserter is called... it can be done in the getAssertionModuleConfiguration() method. Return an AppConfigurationEntry which refers to your plug-in.
Once you have your configured identity asserter, what should happen is that when you access a page protected in the ADF, security JEE will be triggered and the IdentityAsserter must get called, if you configure the connection method in the Web.XML to CLIENT_CERT.
JB
-
Security on my network requires that the MAC address of the device must be registered on router or I can't connect to the internet. Does not use a password based security configuration. How to find MAC address before the introduction of Apple TV?
Contact your ISP
-
Questions: licenses and have the availability of the DSC module
Hello
I transferred to another PC development project. When I opened it, some of my shared network variables (NSV) have been marked with errors of functionality: "Initial value: not allowed or can not be changed outside of LabVIEW.". I found out it's because I didn't install the DSC Module on the newer machine. removal of the function 'initial value' made the error message disappear.
That the error itself was not a big deal, but it made me think and study. http://www.NI.com/white-paper/4679/en says:
If you want to use the LabVIEW DSC Module features, you must host variables shared on Windows. The LabVIEW DSC Module adds the following features to network-has published the shared variables:
· History by connecting to the database OR Citadel.
· Network alarms and alarm logging.
· Scaling.
· The user-based security.
· Initial value.
· The ability to create custom I/O servers.
· Integration of the LabVIEW event structure with the shared variable.
· LabVIEW VIs for programmatically control all aspects of the shared variables and the shared variable engine.
Question 1
I didn't know that the initial value function was part of the DSC Module. If I use it in a project, means that my client needs to buy a DSC run-time license? (I don't use another function DSC)
Question 2
In my project, the NSV in question was hosted on a target of cRIO, yet my prototype (which had an initial value enabled) was happily running without problems. This contradicts the above documentation that says «you must host variables shared on Windows» Should it?
Question 3
I created a new NSV on my new machine (which has not installed a DSC). I saw the option of "Graduation". Is scaling part of the DSC module or not?
Question 4
Initial value and the scale are generic features, not related to the control of monitoring/recording of data. Why are they in the DSC Module? They do not in the motor base of the OAS?
Hello
1 Yes, whole generation using DSC features require a run-time license.
2. This is a recommendation for more reliable operations.
3. No, it's a native capacity of LabVIEW. DSC module adds just more features related to communication protocols, alarming, etc.
4 development, Yes. Scaling, no I think is for easy access. Old school method is shown in here to the section 'initialize Variables shared your»
Visit this pagefor more information on DSC.
-
Windows 7 - error Code: 80070570 (cannot install KB979688, KB2296011 & KB2378111)
cannot update win 7 x 64 based security systems
(1) KB979688KB2296011 2)
KB2378111 3)
0 X 80070570 - ERROR_FILE_CORRUPT
I recommend you:
Go to a command prompt:
Start, all programs, accessories, command prompt.
Right click on command prompt and select "Run as Administrator"http://windows.microsoft.com/en-US/windows7/How-do-I-run-an-application-once-with-a-full-administrator-access-token > and runsfc/scannow http://support.microsoft.com/kb/929833>
Type exit (to close the elevated command prompt window)
See if that solves the problem.
If not, run the update http://support.microsoft.com/kb/947821system tool >
-
Is the system restore wiped XP Recovery disk space?
I definitely OE deleted messages, and then wipe the hard drive. I need to do a restore of the system because of an annoying popup Windows start happened after deleting some files after you uninstall an HP printer. A system restore will cancel the changes on the hard disk, allowing thus the recovery of these messages permanently deleted using Recuva or another program recovery? That I don't want to happen as I am to get rid of the computer (I bought a new).
If you you debarrassez of your PC anyway, why not simply wipe the hard drive with a program of format-based security (Google can help)? Even if the system restore does not return emails, there is still a lot of information on this computer, so that you can not someone else access using a different type of deleted file recovery program. Never made a purchase online? Access your bank account? May make changes to your social security account or 401k? It's all there somewhere.
If this a brand like HP or Dell PC, you should have a recovery or disk partition which will allow you to restore the first day. Which will be enough to thwart the average snooper a little better than average.
If it's not, and you have the OS disk, you can wipe it off yourself and do a clean install.SC Tom
-
Hello
I use OME in my company. For the credentials of OME, it is synchronized with our AD account.
However, I do not want the domain user to access OME while the domain administrator only to access the OME.
I could put this rule in OME?
Thank you.
Hello
Thanks for the post. OME has role-based security that manages the OME access for specific groups in the tree view of the devices. Other than one, any user with access to the OME must be part of the Group OmeAdministrator, or OMEPowerUsers or OMEUsers. You can't manage users from inside the HOME, but if you do not want users from the domain to access the OME, you can remove the domain users group in the three groups of users required for OME. That should help him.
-
Can I use Radius AAA on an ASA 5505 to block outbound access by user name of users in a group? Thank you
Hello
I think you might be interested on the verification of the new feature of 8,4 ASA: Firewall identity
Identity of firewall
Generally, a firewall is not aware of the identity of the user and, therefore, impossible to implement identity-based security policies.
The identity of the ASA firewall provides more granular control of access based on the identity of users. You can configure access rules and security policies based on the user and groups rather than name names by source IP addresses. The ASA applies security policies based on an association of IP addresses to the Windows Active Directory connection information and reports on the events based on the names of mapped instead of IP addresses of network users.
Identity firewall integrates with the Active Directory window in conjunction with an external Agent of Active Directory (AD) that provides the mapping of the real identity. The ASA uses Windows Active Directory as a source to retrieve the identity information of the current user for specific IP addresses.
In a company, some users log on the network using other authentication mechanisms, such as authentication with a web portal (passage of proxy) or by using a VPN. You can configure the firewall of identity to allow these types of identity-based authentication under access policies.
We introduced or modified the following commands: user-identity enable user-default-domain identity, user-identity domain, logout-probe user-identity, user-identity inactive-user-timer, user-identity poll-import-user-group-timer, user-identity netbios-response-fail action, user-identity user-not-found, user-identity ad-agent-down action, user-identity action mac-address-mismatch, user-identity domain-controller-down action, user-identity ad-agent active-user-database, user-identity ad-agent hello-timer, user-identity ad-aaa-server agent, user-identity update user import-, user-identity static user, ad-agent-mode, dns domain-lookup, dns poll-timer , dns expire-entry-timer, user of the object-group, show the identity of the user, see the dns, Configure clear - user identity, clear dns, debug the identity of the user agent test ad-aaa-Server.
Please find the Configuration Guide Chapter referring to the firewall attached identity.
Hope that does you in the right direction.
Kind regards.
-
Publish with installing Windows Update KB2862966 and receive error 800b0100 code.
Original title: to fix the error in the WINDOWS update installation
I have WINDOWS 8 in my laptop HP, bought in October 2013. I do WINDOWS update & install. Now I get a report, when I do update and install, this "update for WINDOWS 8 for x 64 - based security systems (KB2862966), installation-error found code 800 b 0100. Where to go get help WINDOW for SOUNDCARDS update error 800b0100 X 0, RUN the DISM tool on "research-order invites, click Run as Administrator: command WINDOW prompt & so on." When I choose "command prompt" in my system, there is no administrator WINDOW command-line prompt to support on the key after each command DISM.exe/online/clean-up-image/scan & DISM.exe health / online / clean up-restore health, close the administrator, out & enter. Please help me, how can I resolve the found error and restore the update and install successfully, to the great ever.
UMACHANDRAN VISWANTHAN.
Hello Umachandran,
Try to put your system at startup mode minimum state helps determine if third-party applications or startup items are causing the problem. You must follow the steps in the article mentioned below to perform a clean boot. See the link to perform the clean boot.
How to perform a clean boot in Windows
http://support.Microsoft.com/kb/929135
Note: See "How do I reset the computer to start normally after a boot minimum troubleshooting" to prepare the computer to start as usual after a repair .
After putting the computer clean start State and install the update from the link below and see if that helps.
Update security for Windows 8 (KB2862966)
http://www.Microsoft.com/en-US/Download/details.aspx?ID=39896
I hope this helps. Otherwise, feel free to write us back for assistance.
Thank you
Maybe you are looking for
-
I can't export my address book. I tried tools/export/csv, but it is empty.
I am trying to export my address book in excel. I'm going to address book/tools/export. I chose the csv, the name of the file and click Save. The result is a file with the address book titles, but no data. Can you help me?Thank you!Nancy
-
How to disable the 'AutoComplete' boring window in IE?
Hi, did anyone know how to get rid of the annoying 'auto complete' window in Internet Explorer. All the full functionality of the car are already extinct in 'options' but this pop up keeps asking me if I want to turn auto complete on!There must be a
-
ThinkStation D20 - RAID configuration
I read a lot of posts about the RAID configuration and again I am not having success. Current configuration Windows 7 Ultimate 64 bit 1 TB WD SATA drive c. optical port (can boot from this drive / everything works) 2 c. WD 500 GB SATA in RAID 1 & 2 P
-
my driver audio realtak is installing application... How can I install it?
my driver audio realtak is installing application... How can I install it?
-
Where are the games in Windows 7 Professional?
Former title: Microsoft Games I bought Windows 7 Professional 64 Bit & he came with all Microsoft Free Cell and Spider Solitaire games. How can I get these titles form Microsoft?