I my application I have two target. I need to communicate between the two target. So I register one app as server which has been given an identifier and server name.
I have tried to retrieve the proxy by using the following code. The identifier name has been set to second target. When I call the server object from the second target as under, i got deny mach-loop in the console.
id proxy = nil;
proxy = [[NSConnection rootProxyForConnectionWithRegisteredName:#"MYSERVER"
host:nil] retain];
The above proxy object I could get when I disabled the sandboxing. But, when i enabled the sandboxing i could not get the proxy object. What could be the reason behind this.
Regards,
The Distributed Objects connection being prevented by the sandbox.
It sounds like you need to read about how the sandbox works.
XPC might be a good alternative to Distributed Objects, depending on what you're trying to accomplish.
We can do so by using the entitlement property. We have to set the bundle identifier of one another app here is the link:
http://developer.apple.com/library/mac/#documentation/Miscellaneous/Reference/EntitlementKeyReference/Chapters/EnablingAppSandbox.html#//apple_ref/doc/uid/TP40011195-CH4-SW5
Related
I have a JBOSS server that allows another server to make API calls. However, I would like to limit to that particular server to access only, how can I do so using digital certificate?
please advise
Hello ~ for EAP 7:
It seems you would like to restrict the connections for a specific application.
This can be done configuring ip-access-control in your applications WEB-INF/undertow-handlers.conf:
ip-access-control(default-allow=false, acl={'127.0.0.1 allow', '127.0.0.2 allow'})
Otherwise, if you do not want to change the app side, you can create an expression filter directly on Undertow:
expression-filter name="ip-access-filter" expression="ip-access-control(default-allow=false, acl={'127.0.0.1 allow', '127.0.0.2 allow'})"/> ~~~
I'm configuring the keystone (as SP) for federation, and I have a question about the setup shibboleth [1]. I need edit the shibboleth2.xml file, and add the SP entity ID:
<ApplicationDefaults entityID="http://mysp.example.com/shibboleth">
In my case, would be:
<ApplicationDefaults entityID="http://10.7.49.47:5000/shibboleth">
I don't know if this is the right value. When I try access 10.7.49.47:5000/v3/OS-FEDERATION/identity_providers/myidp/protocols/mapped/auth, I receive the error:
Unable to locate metadata for 'http://10.7.49.47:5000/shibboleth'
I want understand better how the shibboleth work with keystone, and how get this Keystone SP entityID. I don't know if I need configure something to make '/shibboleth' works.
I need get this entityID to configure my IdP SimpleSamlPHP, and add the SP there [2].
[1] https://docs.openstack.org/developer/keystone/federation/shibboleth.html
[2] https://simplesamlphp.org/docs/1.5/simplesamlphp-idp#section_5
One I recommend you use HTTPS to connect with shibboleth. If it is you case then ignore.
Two entityId do not need to match with your host or IP. So if you want you can ignore port from entityId. You can use any string for that matter.
Now answer to your question, see my this answer to see steps to integrate shibooleth. Though this is java application steps but it is mostly done in apache http so it is relevant to anybody.
See the step 3 from that post, that is where your apache server knows that this location to protect.
P.S. The path your application listens is /Shibboleth.sso/ not /shibboleth
Worklight 5.0.6.1
We are having a specific requirement from our client about using a PCI Appliance from Intel (http://info.intel.com/rs/intel/images/Intel_Expressway_Tokenization_Broker.pdf) to avoid a PCI Audit for the application and server.
Therefore, the Adapter calls that have something to do with payment data would need to go through this hardware appliance before hitting the worklight server. All other adapter calls should go to the worklight server directly (to not overload the appliance).
The idea is to have two different URLs but the same worklight server in the background. It is assumed that the calls through the appliance will be transparent for the worklight server, so worklight functionality should not be impacted.
My questions around this would be:
a Worklight best-practice for having two different URLs for the same worklight server and alternating those URLs from the client for Adapter invocations (only; not direct update or anything else, since we assume this is executed native)?
is it possible to dynamically overwrite the worklight server URL that is used for an adapter invocation through JavaScript code in the client code? e.g. overwrite a specific JS function that gets/returns the worklight URL from somewhere before the WL.Client AJAX adapter invocation?
We are also looking into having a load-balancer switch the route based on a regex of the AdapterName that is being invoked or so. But it is not sure right now if that is possible and what the performance impact is.
Though possible, this is not something supported by WL. You will not be able to get help from support in case something goes wrong (and it will). You have to keep in mind that all server cookies (e.g. session id) are per domain. Therefore when you're dynamically changing server URL you will loose them. Therefore WL server will treat your request as a new session, unrelated to an old (existing) one. This is not something specific to WL, this is how HTTP works.
WL keeps server URLs in two global properties - WL.AppProp.WORKLIGHT_ROOT_URL and WL.AppProp.APP_SERVICES_URL. You can override them thus changing server URLs.
First one is used for all requests triggered by developer (init, connect, login etc). Second one is used for miscellaneous internal functionality (e.g. encrypted cache).
Once again - this is a hack, definitely not a solution. Use with caution if at all:)
How About this,if we define our own function that will call some static properties and update them ?
function changeServerUrl(serverURL) {
WL.StaticAppProps.APP_SERVICES_URL = serverURL + WL.StaticAppProps.POSTFIX_APP_SERVICES_URL;
WL.StaticAppProps.WORKLIGHT_ROOT_URL = serverURL + WL.StaticAppProps.POSTFIX_WORKLIGHT_ROOT_URL;
WL.StaticAppProps.WORKLIGHT_BASE_URL = serverURL;
}
and call it
chnageServerUrl("http://"+yourServerIP+":"+PORT);
if you dig into the worklight.js file there is a function "setWLUrl(url)" that can be use to change the serevr URL.
call it like this and its done
setWLUrl("http://"+yourServerIP+":PORT");
its kind a hack but i think it should not have anny issue since its a function within there api.
Good Luck
I'm trying to call Apache ActiveMQ NMS Version 1.6.0 from my code ('IntPub') that must run in a sandbox in a .NET 4.0 environment for security reasons. The program that creates the sandbox makes my code 'partially trusted' and therefore 'security-transparent' which seems to mean that it can't create a ConnectionFactory (see error log below) because NMS seems to be 'security-critical'. Here's the code that's causing this error:
connecturi = new Uri("tcp://my.server.com:61616");
var connectionFactory = new ConnectionFactory(connecturi);
I also tried this instead with similar results:
connecturi = new Uri("activemq:tcp://my.server.com:61616");
var connectionFactory = NMSConnectionFactory.CreateConnectionFactory(connecturi);
Since I can't change the security level of my assembly (the sandbox prevents it) is there a way to make NMS run as 'safe-critical' so it can be called by 'security-transparent' code? Would I have to recompile it to do so, or does NMS do some operation that would never be considered 'safe-critical?
I appreciate any help or suggestions...
Assembly 'IntPub, Version=1.0.0.0, Culture=neutral, PublicKeyToken=6fa620743b8dc60a' is partially trusted, which causes the CLR to make it entirely security transparent regardless of any transparency annotations in the assembly itself. In order to access security critical code, this assembly must be fully trusted.Detail:
<OrganizationServiceFault xmlns:i="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://schemas.microsoft.com/xrm/2011/Contracts">
<ErrorCode>-2147220956</ErrorCode>
<ErrorDetails xmlns:d2p1="http://schemas.datacontract.org/2004/07/System.Collections.Generic" />
<Message>Unexpected exception from plug-in (Execute): Test.Client: System.MethodAccessException: Attempt by security transparent method 'Test.Client.Execute(System.IServiceProvider)' to access security critical method 'Apache.NMS.ActiveMQ.ConnectionFactory..ctor(System.Uri)' failed.
From the error message attributes, it looks like you're running a Dynamics CRM 2011 plugin in sandbox mode, which has some very specific rules about what you can and can't do. In particular, you're only allowed to make network connections via HTTP and HTTPS, so attempting raw TCP sockets will definitely fail.
Take a look at this MSDN page on Plug-in Isolation, Trusts, and Statistics. It looks like there may be a way to relax the network restrictions by modifying a system registry entry to include tcp, etc, in the regex value. Below is an excerpt from the page. Note: I have not done this myself, so can't say for sure it'll work.
Sandboxed plug-ins and custom workflow activities can access the
network through the HTTP and HTTPS protocols. This capability provides
support for accessing popular web resources like social sites, news
feeds, web services, and more. The following web access restrictions
apply to this sandbox capability.
Only the HTTP and HTTPS protocols are allowed.
Access to localhost (loopback) is not permitted.
IP addresses cannot be used. You must use a named web address that requires DNS name resolution.
Anonymous authentication is supported and recommended. There is no provision for prompting the logged on user for credentials or saving those credentials.
These default web access restrictions are defined in a registry key on
the server that is running the Microsoft.Crm.Sandbox.HostService.exe
process. The value of the registry key can be changed by the System
Administrator according to business and security needs. The registry
key path on the server is:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSCRM\SandboxWorkerOutboundUriPattern
The key value is a regular expression string that defines the web access restrictions.
The default key value is:
"^http[s]?://(?!((localhost[:/])|([.])|([0-9]+[:/])|(0x[0-9a-f]+[:/])|(((([0-9]+)|(0x[0-9A-F]+)).){3}(([0-9]+)|(0x[0-9A-F]+))[:/]))).+";*
By changing this registry key value, you can change the web access for sandboxed plug-ins.
I have a silverlight project that calls into a wcf service. Everything works fine on my local machine.
However when I deploy to a virtual machine, with the exact same query the wcf service returns, but the result is empty.
I've tried debugging, but have not been able to get it to break in the wcf service.
Any ideas what the problem could be, or how I could go about debugging it?
Thanks
I figured out what the problem is, but am not sure what the solution is.
In my silverlight project the wcf service I am referencing is http://localhost/.../SilverlightApiService.svc
I used fiddler on my vm to see the request that was made and instead of trying to contact the above service, it was trying to contact:
http:///.../SilverlightApiService.svc
So, for some reason my machine name is getting inserted in there instead of localhost. Any thoughts on this would be appreciated.
I had this exact problem when deploying to amazon ec2 - The machine name for the service was being returned in the wsdl rather than the dns.
There were a couple solutions (one involved creating static wsdl - yuck!)
But the other was creating a sort of factory pattern for the service
This thread (you can read it all, but the answers are at the bottom.)
http://social.msdn.microsoft.com/Forums/en-US/wcf/thread/c7fd51a2-773e-41d4-95a0-244e925597fe/
The slight downfall with this is that although it works - if you change the location of the server, you will need to remember to update your config - Which although isn't hard, it's easy to forget to do.
Can you give us a bit more information? What kind of binding are you using? What does the service config and the client config look like? Where do you get your data from that gets returned? Could it be the service on the VM just doesn't get any data? (e.g. queries a database that just doesn't have the data requested?)
Marc
I have had that happen before. I would try this. Set you start page as the web service file and run the app. Then set the start page back to your default page. Then update all the server references in your SL project. Recompile everything and republish. This has helped me a bunch of times in the past.
I figured it out.
Basically my machine name was hard coded in my ServiceReferences.ClientConfig file in my silverlight project.
What I had to do was specify programmatically what url to use for the service reference when instantiating my service client:
System.ServiceModel.EndpointAddress address = new System.ServiceModel.EndpointAddress(new Uri
(Application.Current.Host.Source, "../WebServices/SilverlightService.svc"));
ServiceClient serviceClient = new ServiceClient("BasicHttpBinding_IService", address);
I figured out what the problem is, but am not sure what the solution is.
In my silverlight project the wcf service I am referencing is http://localhost/.../SilverlightService.svc
I used fiddler on my vm to see the request that was made and instead of trying to contact the above service, it was trying to contact:
http:///.../SilverlightService.svc
So, for some reason my machine name is getting inserted in there instead of localhost. Any thoughts on this would be appreciated.