I'm trying to launch ADF sample Session Management App that is provided in Oracle DOC.974949.1 , with EBS 12.2.6. I have done everything that is written in the Oracle doc. Still, session management is not working. When I start the EBS function responsible for launching sample app, I am redirected to EBS logon page. According to the use case from Oracle doc., it means that EBS user is not authenticated. I suspect that cookie which has session attributes cannot be correctly validated. Someone had that problem too? Could anyone suggest what should be done in order to launch the app?
Hard to know, but a couple things to check:
You need to be logged in via the standard EBS login
The EBS session cookies need to be scoped broadly enough to cover the new host
The DBC file associated with the Java SDK needs to be generated correctly
(see the Java SDK doc)
Related
What should we do if we have one tarantool instance (without Cartridge or VShard), then sometimes in the future we need to replicate it to another machine without downtime?
or if it's the easiest way is using cartridge, how to connect to tarantool cartridge from outside the cardridge? for example using golang (what's the username and password?):
taran, err = tarantool.Connect(cfg.Tarantool.Addr, tarantool.Opts{
User: cfg.Tarantool.User,
Pass: cfg.Tarantool.Pass,
Reconnect: 10 * time.Second,
MaxReconnects: 8640,
})
for example in other database only need to attach a new slave from the master (1 command line call) and wait for it to be sync (100% replicated).
Not sure I'll completely answer your question. But let's discuss every point separately.
Replication
You can use replication without vshard or cartridge. vshard is a module for sharding, if you don't need sharding you can use only replication feature.
Read about replication in documentation configuration - https://www.tarantool.io/en/doc/latest/book/replication/. Cartridge is just framework that simplifies cluster management and gives you huge amount of useful features.
User password
Also you ask about users/passwords. After you call box.cfg{listen=...} you could create some user, alter some rights for it and change its password. Please, read about user management in Tarantool in our documentation - https://www.tarantool.io/en/doc/latest/book/box/authentication/. After you create some user you can connect to Tarantool instance via connector, console (using tarantoolctl) or another Tarantool (using net.box module) under this user.
Talking about cartridge, it uses system user admin with cluster-cookie as a password.
You can set a org.springframework.jdbc.datasource.DriverManagerDataSource user name and password with:
dataSource.setUsername("johnsmith");
dataSource.setPassword("myplaintextpassword");
My question is - if I were to create an object this way, and then examine the memory of the machine this is running on, could I see the plaintext password?
If so, how can one securely create a database connection using a passed in password?
Sure. Create a complete heapdump of the process or JVM and you will be able to see it.
I don't know what operating system your application runs in or if it is standalone or run in container like Tomcat but exactly this is the reason why processes need to be separated.
You have to make sure that the file or JNDI configuration your password is stored in is only accessible by those processes / users that absolutely need access to them. And an additional layer of encryption will help too. There always will be someone (like root on Linux) who can read every process memory but your job is to keep the group of people being able to do this as small as possible.
Perhaps serverfault is a better place for asking or searching details about this. I am sure you can describe your environment (OS, container for your application, ...), try to get help for that setup.
I have developed few testing reports in my local machine. I came across few mechanisms called Snapshot and Caching. I am trying to implement those in my reports, every time when i try to create Caching mechanism it throws me an error "credentials need to be stored. "
Can we use caching and snapshot by using Windows credentials?. if so what is the approach.
My local machine details.
Serername-(loacl)
Authentication -- (Windows)
name and pwd-- gryed out
my reportserver URL: satish-pc/reportserver
DB-Adventure Works.
Scheduled snapshots or caching plans mean the report is being executed on an automated basis, and the results stored for easier/faster retrieval later. As the executions are autmoated and unattended, they need connections with stored credentials, as there is no user sitting at the computer at run-time to punch in credentials. So, in order to use snapshots or scheduled caches, you will need to create a data source that has credentials stored in it. In Report Manager, you can edit the Report's datasource in the Report Properties page, or the shared datasource's connection into on its own properties page.
I connect to a remote sqlserver database using the jdbc service. My apps script has my password and userid. Is there a security risk involved. I ask because javascript is open to inspection; are app-scripts open to users?
What is the best way to get that secure information into an app?
Even hard coded values don't show up in the javascript when rendered by the browser. That is because all the code that you write runs on the server side (except client handlers).
However, if you share a script or spreadsheet with the script with another user, the code is visible to the other user.
You can store your username and password in a spreadsheet that only you have access to and read from there during runtime. However, ensure that the script runs under your id (i.e only published as a web app).
Use the UserProperties service. It's values are only available to you and if you decide to make the application multi-user, you could even direct users to store their unique sql username/password in their own UserProperties.
From a Windows Service running on a Terminal Server (in global space), we would like to be able to start up a process running a windows application in a specific user's Terminal Server sessions.
How does one go about doing this?
The Scenerio: the windows service starts at boot time. After the user has logged into a Terminal Server user session, based on some criteria known only to the windows service, the windows service wants to start a process in the user's session running a windows application.
An example: We would like to display a 'Shutdown in 5 minutes' warning to the users. The windows service would detect this condition, and start up a process in each user session that starts the windows app that displays the warning. And, yes, I know there are other ways of displaying a warning dialog, this is the example, what we want to do is much more invasive.
You can use CreateProcessAsUser to do this - but it requires a bit of effort. I believe the following steps are the basic required procedure:
Get the user's session (WTSQuerySessionInformation).
Get a token for that user (WTSQueryUserToken).
Create a duplicate token for your use (DuplicateTokenEx).
Use the token to create an environment block (CreateEnvironmentBlock).
Launch the application with CreateProcessAsUser, using the block above.
You'll also want to make sure to clean up all of the appropriate handles, tokens, etc., after you've launched the process.
Really late reply but maybe somebody will find this helpful.
You can use PsExec to launch an application on a remote (or local) server inside a specified session by using the following command:
psexec \\COMPUTER_NAME -i SESSION_ID APPLICATION_NAME
Where SESSION_ID indicates the session id in which to launch the application.
You will need to know what sessions are active on the server and which session id maps to which user login. The following thread provides a nice code sample for this exact problem: How do you retrieve a list of logged-in/connected users in .NET?
Late reply but in the answer above DuplicateToken is not necessary since WTSQueryUserToken already returns a primary token.