Search Results

Search found 13454 results on 539 pages for 'ws security'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 1/539 | 1 2 3 4 5 6 7 8 9 10 11 12  | Next Page >

  • JAX-WS Consuming web service with WS-Security and WS-Addressing

    - by aurealus
    I'm trying to develop a standalone Java web service client with JAX-WS (Metro) that uses WS-Security with Username Token Authentication (Password digest, nonces and timestamp) and timestamp verification along with WS-Addressing over SSL. The WSDL I have to work with does not define any security policy information. I have been unable to figure out exactly how to add this header information (the correct way to do so) when the WSDL does not contain this information. Most examples I have found using Metro revolve around using Netbeans to automatically generate this from the WSDL which does not help me at all. I have looked into WSIT, XWSS, etc. without much clarity or direction. JBoss WS Metro looked promising not much luck yet there either. Anyone have experience doing this or have suggestions on how to accomplish this task? Even pointing me in the right direction would be helpful. I am not restricted to a specific technology other than it must be Java based.

    Read the article

  • Redirect output logs of javax.xml.ws and com.sun.xml.ws

    - by chrisnfoneur
    I am working on a SOAP based web service, with Sun's Metro. I am facing an annoying bug, each time I send a malformed SOAP object to my web service, sun's api spam the System.out with logs like this: javax.xml.ws.WebServiceException: com.sun.istack.XMLStreamException2: org.xml.sax.SAXParseException: cvc-complex-type.4: Attribute 'type' must appear on element 'object'. at com.sun.xml.ws.util.pipe.AbstractSchemaValidationTube.doProcess(AbstractSchemaValidationTube.java:206) at com.sun.xml.ws.util.pipe.AbstractSchemaValidationTube.processRequest(AbstractSchemaValidationTube.java:175) at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:595) at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:554) at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:539) at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:436) at com.sun.xml.ws.server.WSEndpointImpl$2.process(WSEndpointImpl.java:243) at com.sun.xml.ws.transport.http.HttpAdapter$HttpToolkit.handle(HttpAdapter.java:444) at com.sun.xml.ws.transport.http.HttpAdapter.handle(HttpAdapter.java:244) at com.sun.xml.ws.transport.http.server.WSHttpHandler.handleExchange(WSHttpHandler.java:106) at com.sun.xml.ws.transport.http.server.WSHttpHandler.handle(WSHttpHandler.java:91) at com.sun.net.httpserver.Filter$Chain.doFilter(Filter.java:65) at sun.net.httpserver.AuthFilter.doFilter(AuthFilter.java:54) at com.sun.net.httpserver.Filter$Chain.doFilter(Filter.java:68) at sun.net.httpserver.ServerImpl$Exchange$LinkHandler.handle(ServerImpl.java:555) at com.sun.net.httpserver.Filter$Chain.doFilter(Filter.java:65) at sun.net.httpserver.ServerImpl$Exchange.run(ServerImpl.java:527) at sun.net.httpserver.ServerImpl$DefaultExecutor.execute(ServerImpl.java:119) at sun.net.httpserver.ServerImpl$Dispatcher.handle(ServerImpl.java:349) at sun.net.httpserver.ServerImpl$Dispatcher.run(ServerImpl.java:321) at java.lang.Thread.run(Thread.java:619) Caused by: com.sun.istack.XMLStreamException2: org.xml.sax.SAXParseException: cvc-complex-type.4: Attribute 'type' must appear on element 'object'. at com.sun.xml.ws.util.xml.StAXSource$1.parse(StAXSource.java:185) at com.sun.xml.ws.util.xml.StAXSource$1.parse(StAXSource.java:170) at org.apache.xerces.jaxp.validation.ValidatorHandlerImpl.validate(Unknown Source) at org.apache.xerces.jaxp.validation.ValidatorImpl.validate(Unknown Source) at javax.xml.validation.Validator.validate(Validator.java:127) at com.sun.xml.ws.util.pipe.AbstractSchemaValidationTube.doProcess(AbstractSchemaValidationTube.java:204) ... 20 more I would like to switch off this log or redirect it to my error/warn/debug.log files used by log4j. I tried to add a rule in my log4j.xml file : <category name="javax.xml.ws"> <priority value="error" /> </category> It didn't worked. So I tried the following trick: java.util.logging.Logger.getLogger("javax.xml.ws.WebServiceException").setLevel( java.util.logging.Level.OFF); it didn't worked neither. Any ideas ? It is not a big issue but it makes my catalina.log getting bigger & bigger and it's not the appropriate place for this kind of log. Chris

    Read the article

  • sudo apt-get update errors

    - by Adrian Begi
    Here is what I get on my terminal when running sudo apt-get update errors. I dont know if the issue is from my sources.list or my proxy setup(have not made any changes to proxies). Thank you for any help in advanced. Ign http://security.ubuntu.com oneiric-security Release.gpg Ign http://security.ubuntu.com oneiric-security Release Ign http://security.ubuntu.com oneiric-security/main Sources/DiffIndex Ign http://security.ubuntu.com oneiric-security/restricted Sources/DiffIndex Ign http://security.ubuntu.com oneiric-security/universe Sources/DiffIndex Ign http://security.ubuntu.com oneiric-security/multiverse Sources/DiffIndex Ign http://security.ubuntu.com oneiric-security/main amd64 Packages/DiffIndex Ign http://security.ubuntu.com oneiric-security/restricted amd64 Packages/DiffIndex Ign http://security.ubuntu.com oneiric-security/universe amd64 Packages/DiffIndex Ign http://security.ubuntu.com oneiric-security/multiverse amd64 Packages/DiffIndex Ign http://security.ubuntu.com oneiric-security/main i386 Packages/DiffIndex Ign http://security.ubuntu.com oneiric-security/restricted i386 Packages/DiffIndex Ign http://security.ubuntu.com oneiric-security/universe i386 Packages/DiffIndex Ign http://security.ubuntu.com oneiric-security/multiverse i386 Packages/DiffIndex Ign http://security.ubuntu.com oneiric-security/main TranslationIndex Ign http://security.ubuntu.com oneiric-security/multiverse TranslationIndex Ign http://security.ubuntu.com oneiric-security/restricted TranslationIndex Ign http://security.ubuntu.com oneiric-security/universe TranslationIndex Err http://security.ubuntu.com oneiric-security/main Sources 404 Not Found [IP: 91.189.91.15 80] Err http://security.ubuntu.com oneiric-security/restricted Sources 404 Not Found [IP: 91.189.91.15 80] Err http://security.ubuntu.com oneiric-security/universe Sources 404 Not Found [IP: 91.189.91.15 80] Err http://security.ubuntu.com oneiric-security/multiverse Sources 404 Not Found [IP: 91.189.91.15 80] Err http://security.ubuntu.com oneiric-security/main amd64 Packages 404 Not Found [IP: 91.189.91.15 80] Err http://security.ubuntu.com oneiric-security/restricted amd64 Packages 404 Not Found [IP: 91.189.91.15 80] Err http://security.ubuntu.com oneiric-security/universe amd64 Packages 404 Not Found [IP: 91.189.91.15 80] Err http://security.ubuntu.com oneiric-security/multiverse amd64 Packages 404 Not Found [IP: 91.189.91.15 80] Err http://security.ubuntu.com oneiric-security/main i386 Packages 404 Not Found [IP: 91.189.91.15 80] Err http://security.ubuntu.com oneiric-security/restricted i386 Packages 404 Not Found [IP: 91.189.91.15 80] Err http://security.ubuntu.com oneiric-security/universe i386 Packages 404 Not Found [IP: 91.189.91.15 80] Err http://security.ubuntu.com oneiric-security/multiverse i386 Packages 404 Not Found [IP: 91.189.91.15 80] Ign http://security.ubuntu.com oneiric-security/main Translation-en_US Ign http://security.ubuntu.com oneiric-security/main Translation-en Ign http://security.ubuntu.com oneiric-security/multiverse Translation-en_US Ign http://security.ubuntu.com oneiric-security/multiverse Translation-en Ign http://security.ubuntu.com oneiric-security/restricted Translation-en_US Ign http://security.ubuntu.com oneiric-security/restricted Translation-en Ign http://security.ubuntu.com oneiric-security/universe Translation-en_US Ign http://security.ubuntu.com oneiric-security/universe Translation-en W: Failed to fetch http://security.ubuntu.com/ubuntu/dists/oneiric-security/main/source/Sources 404 Not Found [IP: 91.189.91.15 80] W: Failed to fetch http://security.ubuntu.com/ubuntu/dists/oneiric-security/restricted/source/Sources 404 Not Found [IP: 91.189.91.15 80] W: Failed to fetch http://security.ubuntu.com/ubuntu/dists/oneiric-security/universe/source/Sources 404 Not Found [IP: 91.189.91.15 80] W: Failed to fetch http://security.ubuntu.com/ubuntu/dists/oneiric-security/multiverse/source/Sources 404 Not Found [IP: 91.189.91.15 80] W: Failed to fetch http://security.ubuntu.com/ubuntu/dists/oneiric-security/main/binary-amd64/Packages 404 Not Found [IP: 91.189.91.15 80] W: Failed to fetch http://security.ubuntu.com/ubuntu/dists/oneiric-security/restricted/binary-amd64/Packages 404 Not Found [IP: 91.189.91.15 80] W: Failed to fetch http://security.ubuntu.com/ubuntu/dists/oneiric-security/universe/binary-amd64/Packages 404 Not Found [IP: 91.189.91.15 80] W: Failed to fetch http://security.ubuntu.com/ubuntu/dists/oneiric-security/multiverse/binary-amd64/Packages 404 Not Found [IP: 91.189.91.15 80] W: Failed to fetch http://security.ubuntu.com/ubuntu/dists/oneiric-security/main/binary-i386/Packages 404 Not Found [IP: 91.189.91.15 80] W: Failed to fetch http://security.ubuntu.com/ubuntu/dists/oneiric-security/restricted/binary-i386/Packages 404 Not Found [IP: 91.189.91.15 80] W: Failed to fetch http://security.ubuntu.com/ubuntu/dists/oneiric-security/universe/binary-i386/Packages 404 Not Found [IP: 91.189.91.15 80] W: Failed to fetch http://security.ubuntu.com/ubuntu/dists/oneiric-security/multiverse/binary-i386/Packages 404 Not Found [IP: 91.189.91.15 80] E: Some index files failed to download. They have been ignored, or old ones used instead. HERE IS MY SOURCES.LIST # # deb cdrom:[Ubuntu-Server 11.10 _Oneiric Ocelot_ - Release amd64 (20111011)]/ dists/oneiric/main/binary-i386/ # deb cdrom:[Ubuntu-Server 11.10 _Oneiric Ocelot_ - Release amd64 (20111011)]/ dists/oneiric/restricted/binary-i386/ # deb cdrom:[Ubuntu-Server 11.10 _Oneiric Ocelot_ - Release amd64 (20111011)]/ oneiric main restricted #deb cdrom:[Ubuntu-Server 11.10 _Oneiric Ocelot_ - Release amd64 (20111011)]/ dists/oneiric/main/binary-i386/ #deb cdrom:[Ubuntu-Server 11.10 _Oneiric Ocelot_ - Release amd64 (20111011)]/ dists/oneiric/restricted/binary-i386/ #deb cdrom:[Ubuntu-Server 11.10 _Oneiric Ocelot_ - Release amd64 (20111011)]/ oneiric main restricted # See http://help.ubuntu.com/community/UpgradeNotes for how to upgrade to # newer versions of the distribution. deb http://us.archive.ubuntu.com/ubuntu/ oneiric main restricted deb-src http://us.archive.ubuntu.com/ubuntu/ oneiric main restricted ## Major bug fix updates produced after the final release of the ## distribution. deb http://us.archive.ubuntu.com/ubuntu/ oneiric-updates main restricted deb-src http://us.archive.ubuntu.com/ubuntu/ oneiric-updates main restricted ## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu ## team. Also, please note that software in universe WILL NOT receive any ## review or updates from the Ubuntu security team. deb http://us.archive.ubuntu.com/ubuntu/ oneiric universe deb-src http://us.archive.ubuntu.com/ubuntu/ oneiric universe deb http://us.archive.ubuntu.com/ubuntu/ oneiric-updates universe deb-src http://us.archive.ubuntu.com/ubuntu/ oneiric-updates universe ## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu ## team, and may not be under a free licence. Please satisfy yourself as to ## your rights to use the software. Also, please note that software in ## multiverse WILL NOT receive any review or updates from the Ubuntu ## security team. deb http://us.archive.ubuntu.com/ubuntu/ oneiric multiverse deb-src http://us.archive.ubuntu.com/ubuntu/ oneiric multiverse deb http://us.archive.ubuntu.com/ubuntu/ oneiric-updates multiverse deb-src http://us.archive.ubuntu.com/ubuntu/ oneiric-updates multiverse ## N.B. software from this repository may not have been tested as ## extensively as that contained in the main release, although it includes ## newer versions of some applications which may provide useful features. ## Also, please note that software in backports WILL NOT receive any review ## or updates from the Ubuntu security team. deb http://us.archive.ubuntu.com/ubuntu/ oneiric-backports main restricted universe multiverse deb-src http://us.archive.ubuntu.com/ubuntu/ oneiric-backports main restricted universe multiverse deb http://security.ubuntu.com/ubuntu oneiric-security main restricted deb-src http://security.ubuntu.com/ubuntu oneiric-security main restricted deb http://security.ubuntu.com/ubuntu oneiric-security universe deb-src http://security.ubuntu.com/ubuntu oneiric-security universe deb http://security.ubuntu.com/ubuntu oneiric-security multiverse deb-src http://security.ubuntu.com/ubuntu oneiric-security multiverse ## Uncomment the following two lines to add software from Canonical's ## 'partner' repository. ## This software is not part of Ubuntu, but is offered by Canonical and the ## respective vendors as a service to Ubuntu users. # deb http://archive.canonical.com/ubuntu oneiric partner # deb-src http://archive.canonical.com/ubuntu oneiric partner ## Uncomment the following two lines to add software from Ubuntu's ## 'extras' repository. ## This software is not part of Ubuntu, but is offered by third-party ## developers who want to ship their latest software. # deb http://extras.ubuntu.com/ubuntu oneiric main # deb-src http://extras.ubuntu.com/ubuntu oneiric main

    Read the article

  • Password Security: Short and Complex versus ‘Short or Lengthy’ and Less Complex

    - by Akemi Iwaya
    Creating secure passwords for our online accounts is a necessary evil due to the huge increase in database and account hacking that occurs these days. The problem though is that no two companies have a similar policy for complex and secure password creation, then factor in the continued creation of insecure passwords or multi-site use of the same password and trouble is just waiting to happen. Ars Technica decided to take a look at multiple password types, how users fared with them, and how well those password types held up to cracking attempts in their latest study. The password types that Ars Technica looked at were comprehensive8, basic8, and basic16. The comprehensive type required a variety of upper-case, lower-case, digits, and symbols with no dictionary words allowed. The only restriction on the two basic types was the number of characters used. Which type do you think was easier for users to adopt and did better in the two password cracking tests? You can learn more about how well users did with the three password types and the results of the tests by visiting the article linked below. What are your thoughts on the matter? Are shorter, more complex passwords better or worse than using short or long, but less complex passwords? What methods do you feel work best since most passwords are limited to approximately 16 characters in length? Perhaps you use a service like LastPass or keep a dedicated list/notebook to manage your passwords. Let us know in the comments!    

    Read the article

  • JAX-WS, webservices (Spring) issue

    - by vinay
    Hi All, I have written web services and configured with spring framework but I am getting exception when invoking services. Exceptions stack trace are given below - com.sun.xml.ws.server.sei.EndpointMethodHandler invoke SEVERE: object is not an instance of declaring class java.lang.IllegalArgumentException: object is not an instance of declaring class at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl. java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces sorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at org.jvnet.jax_ws_commons.spring.SpringService$1$1.invoke(SpringServic e.java:185) at com.sun.xml.ws.server.InvokerTube$2.invoke(InvokerTube.java:152) at com.sun.xml.ws.server.sei.EndpointMethodHandler.invoke(EndpointMethod Handler.java:264) at com.sun.xml.ws.server.sei.SEIInvokerTube.processRequest(SEIInvokerTub e.java:93) at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:604) at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:563) at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:548) at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:445) at com.sun.xml.ws.server.WSEndpointImpl$2.process(WSEndpointImpl.java:27 5) at com.sun.xml.ws.transport.http.HttpAdapter$HttpToolkit.handle(HttpAdap ter.java:454) at com.sun.xml.ws.transport.http.HttpAdapter.handle(HttpAdapter.java:250 ) at com.sun.xml.ws.transport.http.servlet.ServletAdapter.handle(ServletAd apter.java:140) at com.sun.xml.ws.transport.http.servlet.WSServletDelegate.doGet(WSServl etDelegate.java:129) at com.sun.xml.ws.transport.http.servlet.WSServletDelegate.doPost(WSServ letDelegate.java:160) at com.sun.xml.ws.transport.http.servlet.WSSpringServlet.doPost(WSSpring Servlet.java:52) at javax.servlet.http.HttpServlet.service(HttpServlet.java:727) at javax.servlet.http.HttpServlet.service(HttpServlet.java:820) at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run (StubSecurityHelper.java:227) at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecuri tyHelper.java:125) at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.jav a:292) at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.jav a:175) at weblogic.servlet.internal.WebAppServletContext$ServletInvocationActio n.run(WebAppServletContext.java:3594) at weblogic.security.acl.internal.AuthenticatedSubject.doAs(Authenticate dSubject.java:321) at weblogic.security.service.SecurityManager.runAs(SecurityManager.java: 121) at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppS ervletContext.java:2202) at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletC ontext.java:2108) at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.j ava:1432) at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201) at weblogic.work.ExecuteThread.run(ExecuteThread.java:173) Mar 31, 2010 3:47:20 PM com.sun.xml.ws.server.sei.EndpointMethodHandler invoke SEVERE: object is not an instance of declaring class java.lang.IllegalArgumentException: object is not an instance of declaring class at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl. java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces sorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at org.jvnet.jax_ws_commons.spring.SpringService$1$1.invoke(SpringServic e.java:185) at com.sun.xml.ws.server.InvokerTube$2.invoke(InvokerTube.java:152) at com.sun.xml.ws.server.sei.EndpointMethodHandler.invoke(EndpointMethod Handler.java:264) at com.sun.xml.ws.server.sei.SEIInvokerTube.processRequest(SEIInvokerTub e.java:93) at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:604) at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:563) at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:548) at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:445) at com.sun.xml.ws.server.WSEndpointImpl$2.process(WSEndpointImpl.java:27 5) at com.sun.xml.ws.transport.http.HttpAdapter$HttpToolkit.handle(HttpAdap ter.java:454) at com.sun.xml.ws.transport.http.HttpAdapter.handle(HttpAdapter.java:250 ) at com.sun.xml.ws.transport.http.servlet.ServletAdapter.handle(ServletAd apter.java:140) at com.sun.xml.ws.transport.http.servlet.WSServletDelegate.doGet(WSServl etDelegate.java:129) at com.sun.xml.ws.transport.http.servlet.WSServletDelegate.doPost(WSServ letDelegate.java:160) at com.sun.xml.ws.transport.http.servlet.WSSpringServlet.doPost(WSSpring Servlet.java:52) at javax.servlet.http.HttpServlet.service(HttpServlet.java:727) at javax.servlet.http.HttpServlet.service(HttpServlet.java:820) at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run (StubSecurityHelper.java:227) at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecuri tyHelper.java:125) at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.jav a:292) at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.jav a:175) at weblogic.servlet.internal.WebAppServletContext$ServletInvocationActio n.run(WebAppServletContext.java:3594) at weblogic.security.acl.internal.AuthenticatedSubject.doAs(Authenticate dSubject.java:321) at weblogic.security.service.SecurityManager.runAs(SecurityManager.java: 121) at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppS ervletContext.java:2202) at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletC ontext.java:2108) at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.j ava:1432) at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201) at weblogic.work.ExecuteThread.run(ExecuteThread.java:173) i am testing our services using SOAP UI and getting above mentioed exception. I think some how the object creation from the xml is not acceptable to webservices I am confused what is happening

    Read the article

  • Framework 4 Features: Summary of Security enhancements

    - by Anthony Shorten
    In the last log entry I mentioned one of the new security features in Oracle Utilities Application Framework 4.0.1. Security is one of the major "tent poles" (to borrow a phrase from Steve Jobs) in this release of the framework. There are a number of security related enhancements requested by customers and as a result of internal reviews that we have introduced. Here is a summary of some of the security enchancements we have added in this release: Security Cache Changes - Security authorization information is automatically cached on the server for performance reasons (security is checked for every single call the product makes for all modes of access). Prior to this release the cache auto-refreshed every 30 minutes (or so). This has beem made more nimble by supporting a cache refresh every minute (or so). This means authorization changes are reflected quicker than before. Business Level security - Business Services are configurable services that are based upon Application Services. Typically, the business service inherited its security profile from its parent service. Whilst this is sufficient for most needs, it is now required to further specify security on the Business Service definition itself. This will allow granular security and allow the same application service to be exposed as different Business Services with their own security. This is particularly useful when you base a Business Service on a query zone. User Propogation - As with other client server applications, the database connections are pooled and shared as needed. This means that a common database user is used to access the database from the pool to allow sharing. Unfortunently, this means that tracability at the database level is that much harder. In Oracle Utilities Application Framework V4 the end userid is now propogated to the database using the CLIENT_IDENTIFIER as part of the Oracle JDBC connection API. This not only means that the common database userid is still used but the end user is indentifiable for the duration of the database call. This can be used for monitoring or to hook into Oracle's database security products. This enhancement is only available to Oracle Database customers. Enhanced Security Definitions - Security Administrators use the product browser front end to control access rights of defined users. While this is sufficient for most sites, a new security portal has been introduced to speed up the maintenance of security information. Oracle Identity Manager Integration - With the popularity of Oracle's Identity Management Suite, the Framework now provides an integration adapter and Identity Manager Generic Transport Connector (GTC) to allow users and group membership to be provisioned to any Oracle Utilities Application Framework based product from Oracle's Identity Manager. This is also available for Oracle Utilties Application Framework V2.2 customers. Refer to My Oracle Support KBid 970785.1 - Oracle Identity Manager Integration Overview. Audit On Inquiry - Typically the configurable audit facility in the Oracle Utilities Application Framework is used to audit changes to records. In Oracle Utilities Application Framework the Business Services and Service Scripts could be configured to audit inquiries as well. Now it is possible to attach auditing capabilities to zones on the product (including base package ones). Time Zone Support - In some of the Oracle Utilities Application Framework based products, the timezone of the end user is a factor in the processing. The user object has been extended to allow the recording of time zone information for use in product functionality. JAAS Suport - Internally the Oracle Utilities Application Framework uses a number of techniques to validate and transmit security information across the architecture. These various methods have been reconciled into using Java Authentication and Authorization Services for standardized security. This is strictly an internal change with no direct on how security operates externally. JMX Based Cache Management - In the last bullet point, I mentioned extra security applied to cache management from the browser. Alternatively a JMX based interface is now provided to allow IT operations to control the cache without the browser interface. This JMX capability can be initiated from a JSR120 compliant JMX console or JMX browser. I will be writing another more detailed blog entry on the JMX enhancements as it is quite a change and an exciting direction for the product line. Data Patch Permissions - The database installer provided with the product required lower levels of security for some operations. At some sites they wanted the ability for non-DBA's to execute the utilities in a controlled fashion. The framework now allows feature configuration to allow delegation for patch execution. User Enable Support - At some sites, the use of temporary staff such as contractors is commonplace. In this scenario, temporary security setups were required and used. A potential issue has arisen when the contractor left the company. Typically the IT group would remove the contractor from the security repository to prevent login using that contractors userid but the userid could NOT be removed from the authorization model becuase of audit requirements (if any user in the product updates financials or key data their userid is recorded for audit purposes). It is now possible to effectively diable the user from the security model to prevent any use of the useridwhilst retaining audit information. These are a subset of the security changes in Oracle Utilities Application Framework. More details about the security capabilities of the product is contained in My Oracle Support KB Id 773473.1 - Oracle Utilities Application Framework Security Overview.

    Read the article

  • JAX-WS errors when SOAP body contains UTF-8 BOM

    - by Vinny Carpenter
    I have developed a Web Service using JAX-WS (v2.1.3 - Sun JDK 1.6.0_05) deployed on WebLogic 10.3 that works just fine when I use a Java client or SoapUI or other Web Services testing tools. I need to consume this service using 2005 Microsoft SQL Server Reporting Services and I get the following error Couldn't create SOAP message due to exception: XML reader error: unexpected character content SEVERE: Couldn't create SOAP message due to exception: XML reader error: unexpected character content: "?" com.sun.xml.ws.protocol.soap.MessageCreationException: Couldn't create SOAP message due to exception: XML reader error: unexpected character content: "?" at com.sun.xml.ws.encoding.SOAPBindingCodec.decode(SOAPBindingCodec.java:292) at com.sun.xml.ws.transport.http.HttpAdapter.decodePacket(HttpAdapter.java:276) at com.sun.xml.ws.transport.http.HttpAdapter.access$500(HttpAdapter.java:93) at com.sun.xml.ws.transport.http.HttpAdapter$HttpToolkit.handle(HttpAdapter.java:432) at com.sun.xml.ws.transport.http.HttpAdapter.handle(HttpAdapter.java:244) at com.sun.xml.ws.transport.http.servlet.ServletAdapter.handle(ServletAdapter.java:134) at com.sun.xml.ws.transport.http.servlet.WSServletDelegate.doGet(WSServletDelegate.java:129) at com.sun.xml.ws.transport.http.servlet.WSServletDelegate.doPost(WSServletDelegate.java:160) at com.sun.xml.ws.transport.http.servlet.WSServlet.doPost(WSServlet.java:75) at javax.servlet.http.HttpServlet.service(HttpServlet.java:727) at javax.servlet.http.HttpServlet.service(HttpServlet.java:820) at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227) at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125) at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:292) at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:175) at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3498) at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321) at weblogic.security.service.SecurityManager.runAs(Unknown Source) at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2180) at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2086) at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1406) at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201) at weblogic.work.ExecuteThread.run(ExecuteThread.java:173) Caused by: com.sun.xml.ws.streaming.XMLStreamReaderException: XML reader error: unexpected character content: "?" at com.sun.xml.ws.streaming.XMLStreamReaderUtil.nextElementContent(XMLStreamReaderUtil.java:102) at com.sun.xml.ws.encoding.StreamSOAPCodec.decode(StreamSOAPCodec.java:174) at com.sun.xml.ws.encoding.StreamSOAPCodec.decode(StreamSOAPCodec.java:296) at com.sun.xml.ws.encoding.StreamSOAPCodec.decode(StreamSOAPCodec.java:128) at com.sun.xml.ws.encoding.SOAPBindingCodec.decode(SOAPBindingCodec.java:287) ... 22 more If I use a HTTP proxy to sniff out what SSRS is sending to JAX-WS, I see EF BB BF as the beginning of the post body and JAX-WS doesn't like that. If I remove the special characters and resubmit the request using Fiddler, then the web-service invocation works. Why does JAX-WS blow up with the standard UTF-8 BOM? Is there a workaround to get past this issue? Any suggestions would be greatly appreciated. Thanks --Vinny

    Read the article

  • The Importance of a Security Assessment - by Michael Terra, Oracle

    - by Darin Pendergraft
    Today's Blog was written by Michael Terra, who was the Subject Matter Expert for the recently announced Oracle Online Security Assessment. You can take the Online Assessment here: Take the Online Assessment Over the past decade, IT Security has become a recognized and respected Business discipline.  Several factors have contributed to IT Security becoming a core business and organizational enabler including, but not limited to, increased external threats and increased regulatory pressure. Security is also viewed as a key enabler for strategic corporate activities such as mergers and acquisitions.Now, the challenge for senior security professionals is to develop an ongoing dialogue within their organizations about the importance of information security and how it can impact their organization's strategic objectives/mission. The importance of conducting regular “Security Assessments” across the IT and physical infrastructure has become increasingly important. Security standards and frameworks, such as the international standard ISO 27001, are increasingly being adopted by organizations and their business partners as proof of their security posture and “Security Assessments” are a great way to ensure a continued alignment to these frameworks.Oracle offers a number of different security assessment covering a broad range of technologies. Some of these are short engagements conducted for free with our strategic customers and partners. Others are longer term paid engagements delivered by Oracle Consulting Services or one of our partners. The goal of a security assessment, (also known as a security audit or security review), is to ensure that necessary security controls are integrated into the design and implementation of a project, application or technology.  A properly completed security assessment should provide documentation outlining any security gaps that exist in an infrastructure and the associated risks for those gaps. With that knowledge, an organization can choose to either mitigate, transfer, avoid or accept the risk. One example of an Oracle offering is a Security Readiness Assessment:The Oracle Security Readiness Assessment is a practical security architecture review focused on aligning an organization’s enterprise security architecture to their business principals and strategic objectives. The service will establish a multi-phase security architecture roadmap focused on supporting new and existing business initiatives.Offering OverviewThe Security Readiness Assessment will: Define an organization’s current security posture and provide a roadmap to a desired future state architecture by mapping  security solutions to business goals Incorporate commonly accepted security architecture concepts to streamline an organization’s security vision from strategy to implementation Define the people, process and technology implications of the desired future state architecture The objective is to deliver cohesive, best practice security architectures spanning multiple domains that are unique and specific to the context of your organization. Offering DetailsThe Oracle Security Readiness Assessment is a multi-stage process with a dedicated Oracle Security team supporting your organization.  During the course of this free engagement, the team will focus on the following: Review your current business operating model and supporting IT security structures and processes Partner with your organization to establish a future state security architecture leveraging Oracle’s reference architectures, capability maps, and best practices Provide guidance and recommendations on governance practices for the rollout and adoption of your future state security architecture Create an initial business case for the adoption of the future state security architecture If you are interested in finding out more, ask your Sales Consultant or Account Manager for details.

    Read the article

  • What to sign when signing a message with ws-security

    - by Heavy Bytes
    I am adding security to my web service and chose to sign the Timestamp and Token. While reading docs I found a lot of examples where they sign the Body of the SOAP message. My question is: what is best to sign? From what I understand signing the Body could lead to performance issues if the Body is pretty large. Thanks.

    Read the article

  • Security as a Service (SecaaS) for Amazon EC2

    - by Dave
    I'm looking for a security as a service (SecaaS) provider or open source solution for Amazon EC2 instances, however I can't seem to find much on Google or elsewhere so was wondering if anyone knows where I could find this service? Ideally I'm looking for something that offers virtual firewalls, email and web security and virtual spam prevention. If anyone has any information on SecaaS i'd appreciate it, Thanks in advance

    Read the article

  • Consolidate Data in Private Clouds, But Consider Security and Regulatory Issues

    - by Troy Kitch
    The January 13 webcast Security and Compliance for Private Cloud Consolidation will provide attendees with an overview of private cloud computing based on Oracle's Maximum Availability Architecture and how security and regulatory compliance affects implementations. Many organizations are taking advantage of Oracle's Maximum Availability Architecture to drive down the cost of IT by deploying private cloud computing environments that can support downtime and utilization spikes without idle redundancy. With two-thirds of sensitive and regulated data in organizations' databases private cloud database consolidation means organizations must be more concerned than ever about protecting their information and addressing new regulatory challenges. Join us for this webcast to learn about greater risks and increased threats to private cloud data and how Oracle Database Security Solutions can assist in securely consolidating data and meet compliance requirements. Register Now.

    Read the article

  • Calling a .NET web service (WSE 3.0, WS-Security) from JAXWS-RI

    - by elduff
    I'm writing a JAXWS-RI client that must call a .NET Web Service that is using WS-Security. The service's WSDL does not contain any WS-Security info, but I have an example soap message from the service's authors and know that I must include wsse:Security headers, including X:509 tokens. I've been researching, and I've seen example of folks calling this type of web service from Axis and CXF (in conjunction with Rampart and/or WSS4J), but nothing about using plain JAXWS-RI itself. However, I'm (unfortunately) constrained to using JAXWS-RI by my gov't client. Does anyone have any examples/documentation of doing this from JAXWS-RI? I need to ultimately generate a SOAP header that looks something like the one below - this is a sample soap:header from a .NET client written by the service's authors. (Note: I've put the 'VALUE_HERE' string in places where I need to provide my own values) <soapenv:Envelope xmlns:iri="http://EOIR/IRIES" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"> <soapenv:Header xmlns:wsa="http://www.w3.org/2005/08/addressing"> <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401- wss-wssecurity-secext-1.0.xsd"> <xenc:EncryptedKey Id="VALUE_HERE"> <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"/> <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <wsse:SecurityTokenReference> <wsse:KeyIdentifier EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"> VALUE_HERE </wsse:KeyIdentifier> </wsse:SecurityTokenReference> </ds:KeyInfo> <xenc:CipherData> <xenc:CipherValue>VALUE_HERE</xenc:CipherValue> </xenc:CipherData> <xenc:ReferenceList> <xenc:DataReference URI="#EncDataId-8"/> </xenc:ReferenceList> </xenc:EncryptedKey> </wsse:Security>

    Read the article

  • Updated Security Baseline (7u45) impacts Java 7u40 and before with High Security settings

    - by costlow
    The Java Security Baseline has been increased from 7u25 to 7u45.  For versions of Java below 7u45, this means unsigned Java applets or Java applets that depend on Javascript LiveConnect calls will be blocked when using the High Security setting in the Java Control Panel. This issue only affects Applets and Web Start applications. It does not affect other types of Java applications. The Short Answer Users upgrading to Java 7 update 45 will automatically fix this and is strongly recommended. The More Detailed Answer There are two items involved as described on the deployment flowchart: The Security Baseline – a dynamically updated attribute that checks to see which Java version contains the most recent security patches. The Security Slider – the user-controlled setting of when to prompt/run/block applets. The Security Baseline Java clients periodically check in to understand what version contains the most recent security patches. Versions are released in-between that contain bug fixes. For example: 7u25 (July 2013) was the previous secure baseline. 7u40 contained bug fixes. Because this did not contain security patches, users were not required to upgrade and were welcome to remain on 7u25. When 7u45 was released (October, 2013), this critical patch update contained security patches and raised the secure baseline. Users are required to upgrade from earlier versions. For users that are not regularly connected to the internet, there is a built in Expiration Date. Because of the pre-established quarterly critical patch updates, we are able to determine an approximate date of the next version. A critical patch released in July will have its successor released, at latest, in July + 3 months: October. The Security Slider The security slider is located within the Java control panel and determines which Applets & Web Start applications will prompt, which will run, and which will be blocked. One of the questions used to determine prompt/run/block is, “At or Above the Security Baseline.” The Combination JavaScript calls made from LiveConnect do not reside within signed JAR files, so they are considered to be unsigned code. This is correct within networked systems even if the domain uses HTTPS because signed JAR files represent signed "data at rest" whereas TLS (often called SSL) literally stands for "Transport Level Security" and secures the communication channel, not the contents/code within the channel. The resulting flow of users who click "update later" is: Is the browser plug-in registered and allowed to run? Yes. Does a rule exist for this RIA? No rules apply. Does the RIA have a valid signature? Yes and not revoked. Which security prompt is needed? JRE is below the baseline. This is because 7u45 is the baseline and the user, clicked "upgrade later." Under the default High setting, Unsigned code is set to "Don’t Run" so users see: Additional Notes End Users can control their own security slider within the control panel. System Administrators can customize the security slider during automated installations. As a reminder, in the future, Java 7u51 (January 2014) will block unsigned and self-signed Applets & Web Start applications by default.

    Read the article

  • Latest Security Updates for Java are Available for Download

    - by Akemi Iwaya
    Oracle has released new updates that patch 40 security holes in their Java Runtime Environment software. Anyone who needs or actively uses the Java Runtime Environment for work or gaming should promptly update their Java installation as soon as possible. One thing to keep in mind is that there are limitations placed on updates for older versions of Java as shown in the following excerpt. If you are using an older version, then it is recommended that you update to the Java SE 7 release if possible (depending on your usage circumstances). From the The H Security blog post: Only the current version of Java, Java SE 7, will be updated for free; downloads of the new version, Java SE 7 Update 25, are available and existing installs should auto-update. Mac OS X users will get an updated Java SE 6 for their systems as an automatic update; Java SE 7 on Mac OS X is updated by Oracle. Users of other older versions of Java will only get updates if they have a maintenance contract with Oracle. Affected Product Releases and Versions: JDK and JRE 7 Update 21 and earlier JDK and JRE 6 Update 45 and earlier JDK and JRE 5.0 Update 45 and earlier JavaFX 2.2.21 and earlier Note: If you do not need Java on your system, we recommend uninstalling it entirely or disabling the browser plugin. You can download and read through the details about the latest Java updates by visiting the links shown below.    

    Read the article

  • Computer Networks UNISA - Chap 12 &ndash; Networking Security

    - by MarkPearl
    After reading this section you should be able to Identify security risks in LANs and WANs and design security policies that minimize risks Explain how physical security contributes to network security Discuss hardware and design based security techniques Understand methods of encryption such as SSL and IPSec, that can secure data in storage and in transit Describe how popular authentication protocols such as RADIUS< TACACS,Kerberos, PAP, CHAP, and MS-CHAP function Use network operating system techniques to provide basic security Understand wireless security protocols such as WEP, WPA and 802.11i Security Audits Before spending time and money on network security, examine your networks security risks – rate and prioritize risks. Different organizations have different levels of network security requirements. Security Risks Not all security breaches result from a manipulation of network technology – there are human factors that can play a role as well. The following categories are areas of considerations… Risks associated with People Risks associated with Transmission and Hardware Risks associated with Protocols and Software Risks associated with Internet Access An effective security policy A security policy identifies your security goals, risks, levels of authority, designated security coordinator and team members, responsibilities for each team member, and responsibilities for each employee. In addition it specifies how to address security breaches. It should not state exactly which hardware, software, architecture, or protocols will be used to ensure security, nor how hardware or software will be installed and configured. A security policy must address an organizations specific risks. to understand your risks, you should conduct a security audit that identifies vulnerabilities and rates both the severity of each threat and its likelihood of occurring. Security Policy Content Security policy content should… Policies for each category of security Explain to users what they can and cannot do and how these measures protect the networks security Should define what confidential means to the organization Response Policy A security policy should provide for a planned response in the event of a security breach. The response policy should identify the members of a response team, all of whom should clearly understand the the security policy, risks, and measures in place. Some of the roles concerned could include… Dispatcher – the person on call who first notices the breach Manager – the person who coordinates the resources necessary to solve the problem Technical Support Specialist – the person who focuses on solving the problem Public relations specialist – the person who acts as the official spokesperson for the organization Physical Security An important element in network security is restricting physical access to its components. There are various techniques for this including locking doors, security people at access points etc. You should identify the following… Which rooms contain critical systems or data and must be secured Through what means might intruders gain access to these rooms How and to what extent are authorized personnel granted access to these rooms Are authentication methods such as ID cards easy to forge etc. Security in Network Design The optimal way to prevent external security breaches from affecting you LAN is not to connect your LAN to the outside world at all. The next best protection is to restrict access at every point where your LAN connects to the rest of the world. Router Access List – can be used to filter or decline access to a portion of a network for certain devices. Intrusion Detection and Prevention While denying someone access to a section of the network is good, it is better to be able to detect when an attempt has been made and notify security personnel. This can be done using IDS (intrusion detection system) software. One drawback of IDS software is it can detect false positives – i.e. an authorized person who has forgotten his password attempts to logon. Firewalls A firewall is a specialized device, or a computer installed with specialized software, that selectively filters or blocks traffic between networks. A firewall typically involves a combination of hardware and software and may reside between two interconnected private networks. The simplest form of a firewall is a packet filtering firewall, which is a router that examines the header of every packet of data it receives to determine whether that type of packet is authorized to continue to its destination or not. Firewalls can block traffic in and out of a LAN. NOS (Network Operating System) Security Regardless of the operating system, generally every network administrator can implement basic security by restricting what users are authorized to do on a network. Some of the restrictions include things related to Logons – place, time of day, total time logged in, etc Passwords – length, characters used, etc Encryption Encryption is the use of an algorithm to scramble data into a format that can be read only by reversing the algorithm. The purpose of encryption is to keep information private. Many forms of encryption exist and new ways of cracking encryption are continually being invented. The following are some categories of encryption… Key Encryption PGP (Pretty Good Privacy) SSL (Secure Sockets Layer) SSH (Secure Shell) SCP (Secure CoPy) SFTP (Secure File Transfer Protocol) IPSec (Internet Protocol Security) For a detailed explanation on each section refer to pages 596 to 604 of textbook Authentication Protocols Authentication protocols are the rules that computers follow to accomplish authentication. Several types exist and the following are some of the common authentication protocols… RADIUS and TACACS PAP (Password Authentication Protocol) CHAP and MS-CHAP EAP (Extensible Authentication Protocol) 802.1x (EAPoL) Kerberos Wireless Network Security Wireless transmissions are particularly susceptible to eavesdropping. The following are two wireless network security protocols WEP WPA

    Read the article

  • Programmable Home Security Alarm [closed]

    - by stej
    I don't ask for recommendation! (just wanted to say that; anyway it doesn't matter now as the question is closed) I've seen some advertisements about home alarms that notifies me that something is happening in my house. None of them mentioned programmability (with real programming language like e.g C, assembler, whatever). As a programmer I'd like to have a possibility to add some behaviour, that is not part of the alarm itself. This might be: take snapshots of all cameras in a house and send it to some email send email, twitter message, skype message to some predefined account send email to a police (silly, I know) start turning the lights on and off (scary, right?) etc. (would be veeery challenging with assembler, I know; but lets suppose I can use some more high level language) I don't expect that there is a alarm system capable of this stuff, that's why I'm looking for a programmable module. Question: Is it even possible? Is it good idea (my program could crash and cause instability of the system).

    Read the article

  • Software/IT security training and certificate

    - by 5YrsLaterDBA
    I am thinking about attending software security training and getting software security certificate. (or IT security in general.) I am in MA Boston area. I am new in software security field and need to know this field for current project and/or future job. Any suggestion about the training and certificate? thanks, EDIT: How about this course and certificate? http://scpd.stanford.edu/public/category/courseCategoryCertificateProfile.do?method=load&from=courseprofile&certificateId=3575647#searchResults

    Read the article

  • Try all available WSDL IPs with JAX-WS

    - by Asaf
    I'm using JAX-WS to open a service port. When the DNS exposes two IPs for the DNS entry (of the WSDL), the Service tries to use only the first - resulting in a "Failed to access the WSDL at: http://some.url.com/someDocument?wsdl. It failed with: Connection refused: connect" exception. I've found an issue filed against JAX-WS, but with no resolution. this is the comment that describes my problem best. The code is just a one-liner: Service service = Service.create("http://some.url.com/someDocument?wsdl", engineQName); the smarts is exposing those two A records on http://some.url.com/ at the DNS. Can anyone help? 10x,

    Read the article

  • WCF WS-Security and WSE Nonce Authentication

    - by Rick Strahl
    WCF makes it fairly easy to access WS-* Web Services, except when you run into a service format that it doesn't support. Even then WCF provides a huge amount of flexibility to make the service clients work, however finding the proper interfaces to make that happen is not easy to discover and for the most part undocumented unless you're lucky enough to run into a blog, forum or StackOverflow post on the matter. This is definitely true for the Password Nonce as part of the WS-Security/WSE protocol, which is not natively supported in WCF. Specifically I had a need to create a WCF message on the client that includes a WS-Security header that looks like this from their spec document:<soapenv:Header> <wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"> <wsse:UsernameToken wsu:Id="UsernameToken-8" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"> <wsse:Username>TeStUsErNaMe1</wsse:Username> <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText" >TeStPaSsWoRd1</wsse:Password> <wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" >f8nUe3YupTU5ISdCy3X9Gg==</wsse:Nonce> <wsu:Created>2011-05-04T19:01:40.981Z</wsu:Created> </wsse:UsernameToken> </wsse:Security> </soapenv:Header> Specifically, the Nonce and Created keys are what WCF doesn't create or have a built in formatting for. Why is there a nonce? My first thought here was WTF? The username and password are there in clear text, what does the Nonce accomplish? The Nonce and created keys are are part of WSE Security specification and are meant to allow the server to detect and prevent replay attacks. The hashed nonce should be unique per request which the server can store and check for before running another request thus ensuring that a request is not replayed with exactly the same values. Basic ServiceUtl Import - not much Luck The first thing I did when I imported this service with a service reference was to simply import it as a Service Reference. The Add Service Reference import automatically detects that WS-Security is required and appropariately adds the WS-Security to the basicHttpBinding in the config file:<?xml version="1.0" encoding="utf-8" ?> <configuration> <system.serviceModel> <bindings> <basicHttpBinding> <binding name="RealTimeOnlineSoapBinding"> <security mode="Transport" /> </binding> <binding name="RealTimeOnlineSoapBinding1" /> </basicHttpBinding> </bindings> <client> <endpoint address="https://notarealurl.com:443/services/RealTimeOnline" binding="basicHttpBinding" bindingConfiguration="RealTimeOnlineSoapBinding" contract="RealTimeOnline.RealTimeOnline" name="RealTimeOnline" /> </client> </system.serviceModel> </configuration> If if I run this as is using code like this:var client = new RealTimeOnlineClient(); client.ClientCredentials.UserName.UserName = "TheUsername"; client.ClientCredentials.UserName.Password = "ThePassword"; … I get nothing in terms of WS-Security headers. The request is sent, but the the binding expects transport level security to be applied, rather than message level security. To fix this so that a WS-Security message header is sent the security mode can be changed to: <security mode="TransportWithMessageCredential" /> Now if I re-run I at least get a WS-Security header which looks like this:<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"> <s:Header> <o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"> <u:Timestamp u:Id="_0"> <u:Created>2012-11-24T02:55:18.011Z</u:Created> <u:Expires>2012-11-24T03:00:18.011Z</u:Expires> </u:Timestamp> <o:UsernameToken u:Id="uuid-18c215d4-1106-40a5-8dd1-c81fdddf19d3-1"> <o:Username>TheUserName</o:Username> <o:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText" >ThePassword</o:Password> </o:UsernameToken> </o:Security> </s:Header> Closer! Now the WS-Security header is there along with a timestamp field (which might not be accepted by some WS-Security expecting services), but there's no Nonce or created timestamp as required by my original service. Using a CustomBinding instead My next try was to go with a CustomBinding instead of basicHttpBinding as it allows a bit more control over the protocol and transport configurations for the binding. Specifically I can explicitly specify the message protocol(s) used. Using configuration file settings here's what the config file looks like:<?xml version="1.0"?> <configuration> <system.serviceModel> <bindings> <customBinding> <binding name="CustomSoapBinding"> <security includeTimestamp="false" authenticationMode="UserNameOverTransport" defaultAlgorithmSuite="Basic256" requireDerivedKeys="false" messageSecurityVersion="WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10"> </security> <textMessageEncoding messageVersion="Soap11"></textMessageEncoding> <httpsTransport maxReceivedMessageSize="2000000000"/> </binding> </customBinding> </bindings> <client> <endpoint address="https://notrealurl.com:443/services/RealTimeOnline" binding="customBinding" bindingConfiguration="CustomSoapBinding" contract="RealTimeOnline.RealTimeOnline" name="RealTimeOnline" /> </client> </system.serviceModel> <startup> <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.0"/> </startup> </configuration> This ends up creating a cleaner header that's missing the timestamp field which can cause some services problems. The WS-Security header output generated with the above looks like this:<s:Header> <o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"> <o:UsernameToken u:Id="uuid-291622ca-4c11-460f-9886-ac1c78813b24-1"> <o:Username>TheUsername</o:Username> <o:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText" >ThePassword</o:Password> </o:UsernameToken> </o:Security> </s:Header> This is closer as it includes only the username and password. The key here is the protocol for WS-Security:messageSecurityVersion="WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10" which explicitly specifies the protocol version. There are several variants of this specification but none of them seem to support the nonce unfortunately. This protocol does allow for optional omission of the Nonce and created timestamp provided (which effectively makes those keys optional). With some services I tried that requested a Nonce just using this protocol actually worked where the default basicHttpBinding failed to connect, so this is a possible solution for access to some services. Unfortunately for my target service that was not an option. The nonce has to be there. Creating Custom ClientCredentials As it turns out WCF doesn't have support for the Digest Nonce as part of WS-Security, and so as far as I can tell there's no way to do it just with configuration settings. I did a bunch of research on this trying to find workarounds for this, and I did find a couple of entries on StackOverflow as well as on the MSDN forums. However, none of these are particularily clear and I ended up using bits and pieces of several of them to arrive at a working solution in the end. http://stackoverflow.com/questions/896901/wcf-adding-nonce-to-usernametoken http://social.msdn.microsoft.com/Forums/en-US/wcf/thread/4df3354f-0627-42d9-b5fb-6e880b60f8ee The latter forum message is the more useful of the two (the last message on the thread in particular) and it has most of the information required to make this work. But it took some experimentation for me to get this right so I'll recount the process here maybe a bit more comprehensively. In order for this to work a number of classes have to be overridden: ClientCredentials ClientCredentialsSecurityTokenManager WSSecurityTokenizer The idea is that we need to create a custom ClientCredential class to hold the custom properties so they can be set from the UI or via configuration settings. The TokenManager and Tokenizer are mainly required to allow the custom credentials class to flow through the WCF pipeline and eventually provide custom serialization. Here are the three classes required and their full implementations:public class CustomCredentials : ClientCredentials { public CustomCredentials() { } protected CustomCredentials(CustomCredentials cc) : base(cc) { } public override System.IdentityModel.Selectors.SecurityTokenManager CreateSecurityTokenManager() { return new CustomSecurityTokenManager(this); } protected override ClientCredentials CloneCore() { return new CustomCredentials(this); } } public class CustomSecurityTokenManager : ClientCredentialsSecurityTokenManager { public CustomSecurityTokenManager(CustomCredentials cred) : base(cred) { } public override System.IdentityModel.Selectors.SecurityTokenSerializer CreateSecurityTokenSerializer(System.IdentityModel.Selectors.SecurityTokenVersion version) { return new CustomTokenSerializer(System.ServiceModel.Security.SecurityVersion.WSSecurity11); } } public class CustomTokenSerializer : WSSecurityTokenSerializer { public CustomTokenSerializer(SecurityVersion sv) : base(sv) { } protected override void WriteTokenCore(System.Xml.XmlWriter writer, System.IdentityModel.Tokens.SecurityToken token) { UserNameSecurityToken userToken = token as UserNameSecurityToken; string tokennamespace = "o"; DateTime created = DateTime.Now; string createdStr = created.ToString("yyyy-MM-ddThh:mm:ss.fffZ"); // unique Nonce value - encode with SHA-1 for 'randomness' // in theory the nonce could just be the GUID by itself string phrase = Guid.NewGuid().ToString(); var nonce = GetSHA1String(phrase); // in this case password is plain text // for digest mode password needs to be encoded as: // PasswordAsDigest = Base64(SHA-1(Nonce + Created + Password)) // and profile needs to change to //string password = GetSHA1String(nonce + createdStr + userToken.Password); string password = userToken.Password; writer.WriteRaw(string.Format( "<{0}:UsernameToken u:Id=\"" + token.Id + "\" xmlns:u=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\">" + "<{0}:Username>" + userToken.UserName + "</{0}:Username>" + "<{0}:Password Type=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText\">" + password + "</{0}:Password>" + "<{0}:Nonce EncodingType=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary\">" + nonce + "</{0}:Nonce>" + "<u:Created>" + createdStr + "</u:Created></{0}:UsernameToken>", tokennamespace)); } protected string GetSHA1String(string phrase) { SHA1CryptoServiceProvider sha1Hasher = new SHA1CryptoServiceProvider(); byte[] hashedDataBytes = sha1Hasher.ComputeHash(Encoding.UTF8.GetBytes(phrase)); return Convert.ToBase64String(hashedDataBytes); } } Realistically only the CustomTokenSerializer has any significant code in. The code there deals with actually serializing the custom credentials using low level XML semantics by writing output into an XML writer. I can't take credit for this code - most of the code comes from the MSDN forum post mentioned earlier - I made a few adjustments to simplify the nonce generation and also added some notes to allow for PasswordDigest generation. Per spec the nonce is nothing more than a unique value that's supposed to be 'random'. I'm thinking that this value can be any string that's unique and a GUID on its own probably would have sufficed. Comments on other posts that GUIDs can be potentially guessed are highly exaggerated to say the least IMHO. To satisfy even that aspect though I added the SHA1 encryption and binary decoding to give a more random value that would be impossible to 'guess'. The original example from the forum post used another level of encoding and decoding to string in between - but that really didn't accomplish anything but extra overhead. The header output generated from this looks like this:<s:Header> <o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"> <o:UsernameToken u:Id="uuid-f43d8b0d-0ebb-482e-998d-f544401a3c91-1" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"> <o:Username>TheUsername</o:Username> <o:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">ThePassword</o:Password> <o:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" >PjVE24TC6HtdAnsf3U9c5WMsECY=</o:Nonce> <u:Created>2012-11-23T07:10:04.670Z</u:Created> </o:UsernameToken> </o:Security> </s:Header> which is exactly as it should be. Password Digest? In my case the password is passed in plain text over an SSL connection, so there's no digest required so I was done with the code above. Since I don't have a service handy that requires a password digest,  I had no way of testing the code for the digest implementation, but here is how this is likely to work. If you need to pass a digest encoded password things are a little bit trickier. The password type namespace needs to change to: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#Digest and then the password value needs to be encoded. The format for password digest encoding is this: Base64(SHA-1(Nonce + Created + Password)) and it can be handled in the code above with this code (that's commented in the snippet above): string password = GetSHA1String(nonce + createdStr + userToken.Password); The entire WriteTokenCore method for digest code looks like this:protected override void WriteTokenCore(System.Xml.XmlWriter writer, System.IdentityModel.Tokens.SecurityToken token) { UserNameSecurityToken userToken = token as UserNameSecurityToken; string tokennamespace = "o"; DateTime created = DateTime.Now; string createdStr = created.ToString("yyyy-MM-ddThh:mm:ss.fffZ"); // unique Nonce value - encode with SHA-1 for 'randomness' // in theory the nonce could just be the GUID by itself string phrase = Guid.NewGuid().ToString(); var nonce = GetSHA1String(phrase); string password = GetSHA1String(nonce + createdStr + userToken.Password); writer.WriteRaw(string.Format( "<{0}:UsernameToken u:Id=\"" + token.Id + "\" xmlns:u=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\">" + "<{0}:Username>" + userToken.UserName + "</{0}:Username>" + "<{0}:Password Type=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#Digest\">" + password + "</{0}:Password>" + "<{0}:Nonce EncodingType=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary\">" + nonce + "</{0}:Nonce>" + "<u:Created>" + createdStr + "</u:Created></{0}:UsernameToken>", tokennamespace)); } I had no service to connect to to try out Digest auth - if you end up needing it and get it to work please drop a comment… How to use the custom Credentials The easiest way to use the custom credentials is to create the client in code. Here's a factory method I use to create an instance of my service client:  public static RealTimeOnlineClient CreateRealTimeOnlineProxy(string url, string username, string password) { if (string.IsNullOrEmpty(url)) url = "https://notrealurl.com:443/cows/services/RealTimeOnline"; CustomBinding binding = new CustomBinding(); var security = TransportSecurityBindingElement.CreateUserNameOverTransportBindingElement(); security.IncludeTimestamp = false; security.DefaultAlgorithmSuite = SecurityAlgorithmSuite.Basic256; security.MessageSecurityVersion = MessageSecurityVersion.WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10; var encoding = new TextMessageEncodingBindingElement(); encoding.MessageVersion = MessageVersion.Soap11; var transport = new HttpsTransportBindingElement(); transport.MaxReceivedMessageSize = 20000000; // 20 megs binding.Elements.Add(security); binding.Elements.Add(encoding); binding.Elements.Add(transport); RealTimeOnlineClient client = new RealTimeOnlineClient(binding, new EndpointAddress(url)); // to use full client credential with Nonce uncomment this code: // it looks like this might not be required - the service seems to work without it client.ChannelFactory.Endpoint.Behaviors.Remove<System.ServiceModel.Description.ClientCredentials>(); client.ChannelFactory.Endpoint.Behaviors.Add(new CustomCredentials()); client.ClientCredentials.UserName.UserName = username; client.ClientCredentials.UserName.Password = password; return client; } This returns a service client that's ready to call other service methods. The key item in this code is the ChannelFactory endpoint behavior modification that that first removes the original ClientCredentials and then adds the new one. The ClientCredentials property on the client is read only and this is the way it has to be added.   Summary It's a bummer that WCF doesn't suport WSE Security authentication with nonce values out of the box. From reading the comments in posts/articles while I was trying to find a solution, I found that this feature was omitted by design as this protocol is considered unsecure. While I agree that plain text passwords are rarely a good idea even if they go over secured SSL connection as WSE Security does, there are unfortunately quite a few services (mosly Java services I suspect) that use this protocol. I've run into this twice now and trying to find a solution online I can see that this is not an isolated problem - many others seem to have struggled with this. It seems there are about a dozen questions about this on StackOverflow all with varying incomplete answers. Hopefully this post provides a little more coherent content in one place. Again I marvel at WCF and its breadth of support for protocol features it has in a single tool. And even when it can't handle something there are ways to get it working via extensibility. But at the same time I marvel at how freaking difficult it is to arrive at these solutions. I mean there's no way I could have ever figured this out on my own. It takes somebody working on the WCF team or at least being very, very intricately involved in the innards of WCF to figure out the interconnection of the various objects to do this from scratch. Luckily this is an older problem that has been discussed extensively online and I was able to cobble together a solution from the online content. I'm glad it worked out that way, but it feels dirty and incomplete in that there's a whole learning path that was omitted to get here… Man am I glad I'm not dealing with SOAP services much anymore. REST service security - even when using some sort of federation is a piece of cake by comparison :-) I'm sure once standards bodies gets involved we'll be right back in security standard hell…© Rick Strahl, West Wind Technologies, 2005-2012Posted in WCF  Web Services   Tweet !function(d,s,id){var js,fjs=d.getElementsByTagName(s)[0];if(!d.getElementById(id)){js=d.createElement(s);js.id=id;js.src="//platform.twitter.com/widgets.js";fjs.parentNode.insertBefore(js,fjs);}}(document,"script","twitter-wjs"); (function() { var po = document.createElement('script'); po.type = 'text/javascript'; po.async = true; po.src = 'https://apis.google.com/js/plusone.js'; var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(po, s); })();

    Read the article

  • How to Modify Data Security in Fusion Applications

    - by Elie Wazen
    The reference implementation in Fusion Applications is designed with built-in data security on business objects that implement the most common business practices.  For example, the “Sales Representative” job has the following two data security rules implemented on an “Opportunity” to restrict the list of Opportunities that are visible to an Sales Representative: Can view all the Opportunities where they are a member of the Opportunity Team Can view all the Opportunities where they are a resource of a territory in the Opportunity territory team While the above conditions may represent the most common access requirements of an Opportunity, some customers may have additional access constraints. This blog post explains: How to discover the data security implemented in Fusion Applications. How to customize data security Illustrative example. a.) How to discover seeded data security definitions The Security Reference Manuals explain the Function and Data Security implemented on each job role.  Security Reference Manuals are available on Oracle Enterprise Repository for Oracle Fusion Applications. The following is a snap shot of the security documented for the “Sales Representative” Job. The two data security policies define the list of Opportunities a Sales Representative can view. Here is a sample of data security policies on an Opportunity. Business Object Policy Description Policy Store Implementation Opportunity A Sales Representative can view opportunity where they are a territory resource in the opportunity territory team Role: Opportunity Territory Resource Duty Privilege: View Opportunity (Data) Resource: Opportunity A Sales Representative can view opportunity where they are an opportunity sales team member with view, edit, or full access Role: Opportunity Sales Representative Duty Privilege: View Opportunity (Data) Resource: Opportunity Description of Columns Column Name Description Policy Description Explains the data filters that are implemented as a SQL Where Clause in a Data Security Grant Policy Store Implementation Provides the implementation details of the Data Security Grant for this policy. In this example the Opportunities listed for a “Sales Representative” job role are derived from a combination of two grants defined on two separate duty roles at are inherited by the Sales Representative job role. b.) How to customize data security Requirement 1: Opportunities should be viewed only by members of the opportunity team and not by all the members of all the territories on the opportunity. Solution: Remove the role “Opportunity Territory Resource Duty” from the hierarchy of the “Sales Representative” job role. Best Practice: Do not modify the seeded role hierarchy. Create a custom “Sales Representative” job role and build the role hierarchy with the seeded duty roles. Requirement 2: Opportunities must be more restrictive based on a custom attribute that identifies if a Opportunity is confidential or not. Confidential Opportunities must be visible only the owner of the Opportunity. Solution: Modify the (2) data security policy in the above example as follows: A Sales Representative can view opportunity where they are a territory resource in the opportunity territory team and the opportunity is not confidential. Implementation of this policy is more invasive. The seeded SQL where clause of the data security grant on “Opportunity Territory Resource Duty” has to be modified and the condition that checks for the confidential flag must be added. Best Practice: Do not modify the seeded grant. Create a new grant with the modified condition. End Date the seeded grant. c.) Illustrative Example (Implementing Requirement 2) A data security policy contains the following components: Role Object Instance Set Action Of the above four components, the Role and Instance Set are the only components that are customizable. Object and Actions for that object are seed data and cannot be modified. To customize a seeded policy, “A Sales Representative can view opportunity where they are a territory resource in the opportunity territory team”, Find the seeded policy Identify the Role, Object, Instance Set and Action components of the policy Create a new custom instance set based on the seeded instance set. End Date the seeded policies Create a new data security policy with custom instance set c-1: Find the seeded policy Step 1: 1. Find the Role 2. Open 3. Find Policies Step 2: Click on the Data Security Tab Sort by “Resource Name” Find all the policies with the “Condition” as “where they are a territory resource in the opportunity territory team” In this example, we can see there are 5 policies for “Opportunity Territory Resource Duty” on Opportunity object. Step 3: Now that we know the policy details, we need to create new instance set with the custom condition. All instance sets are linked to the object. Find the object using global search option. Open it and click on “condition” tab Sort by Display name Find the Instance set Edit the instance set and copy the “SQL Predicate” to a notepad. Create a new instance set with the modified SQL Predicate from above by clicking on the icon as shown below. Step 4: End date the seeded data security policies on the duty role and create new policies with your custom instance set. Repeat the navigation in step Edit each of the 5 policies and end date them 3. Create new custom policies with the same information as the seeded policies in the “General Information”, “Roles” and “Action” tabs. 4. In the “Rules” tab, please pick the new instance set that was created in Step 3.

    Read the article

  • The Most Common and Least Used 4-Digit PIN Numbers [Security Analysis Report]

    - by Asian Angel
    How ‘secure’ is your 4-digit PIN number? Is your PIN number a far too common one or is it a bit more unique in comparison to others? The folks over at the Data Genetics blog have put together an interesting analysis report that looks at the most common and least used 4-digit PIN numbers chosen by people. Numerically based (0-9) 4-digit PIN numbers only allow for a total of 10,000 possible combinations, so it stands to reason that some combinations are going to be far more common than others. The question is whether or not your personal PIN number choices are among the commonly used ones or ‘stand out’ as being more unique. Note 1: Data Genetics used data condensed from released, exposed, & discovered password tables and security breaches to generate the analysis report. Note 2: The updates section at the bottom has some interesting tidbits concerning peoples’ use of dates and certain words for PIN number generation. The analysis makes for very interesting reading, so browse on over to get an idea of where you stand with regards to your personal PIN number choices. 8 Deadly Commands You Should Never Run on Linux 14 Special Google Searches That Show Instant Answers How To Create a Customized Windows 7 Installation Disc With Integrated Updates

    Read the article

  • How can I setup dependencies for Axis2 / Axiom on Maven2

    - by ronaldocpontes
    I've tried the following settings on pom.xml to use Axis2 wsdl2code: <dependencies> <dependency> <groupId>org.apache.axis2</groupId> <artifactId>axis2</artifactId> <version>1.5.1</version> </dependency> </dependencies> ... <build> <plugins> <plugin> <groupId>org.apache.axis2</groupId> <artifactId>axis2-wsdl2code-maven-plugin</artifactId> <version>1.5.1</version> <executions> <execution> <goals> <goal>wsdl2code</goal> </goals> <configuration> <packageName>com.site.package</packageName> <wsdlFile>http://www.site.com/api/v2_soap?wsdl=1</wsdlFile> <databindingName>xmlbeans</databindingName> </configuration> </execution> </executions> </plugin> ... </plugins> ... </build> Whenever I run mvn clean, I get the following warnings with a ClassNotFoundException showing no signs of org.apache.axiom. [WARNING] POM for 'commons-io:commons-io:pom:1.4:runtime' is invalid. It will be ignored for artifact resolution. Reason: Not a v4.0.0 POM. for project commons-io:commons-io at C:\Users\Ronaldo.m2\repository\commons-io\commons-io\1.4\commons-io-1.4.pom [WARNING] POM for 'org.apache.ws.commons.axiom:axiom-api:pom:1.2.8:runtime' is invalid. It will be ignored for artifact resolution. Reason: Not a v4.0.0 POM. for project org.apache.ws.commons.axiom:axiom-api at C:\Users\Ronaldo.m2\repository\org\apache\ws\commons\axiom\axiom-api\1.2.8\axiom-api-1.2.8.pom [WARNING] POM for 'org.apache.ws.commons.axiom:axiom-impl:pom:1.2.8:runtime' is invalid. It will be ignored for artifact resolution. Reason: Not a v4.0.0 POM. for project org.apache.ws.commons.axiom:axiom-impl at C:\Users\Ronaldo.m2\repository\org\apache\ws\commons\axiom\axiom-impl\1.2.8\axiom-impl-1.2.8.pom [WARNING] POM for 'org.apache.ws.commons.axiom:axiom-dom:pom:1.2.8:runtime' is invalid. It will be ignored for artifact resolution. Reason: Not a v4.0.0 POM. for project org.apache.ws.commons.axiom:axiom-dom at C:\Users\Ronaldo.m2\repository\org\apache\ws\commons\axiom\axiom-dom\1.2.8\axiom-dom-1.2.8.pom [WARNING] POM for 'javax.mail:mail:pom:1.4:runtime' is invalid. It will be ignored for artifact resolution. Reason: Not a v4.0.0 POM. for project javax.mail:mail at C:\Users\Ronaldo.m2\repository\javax\mail\mail\1.4\mail-1.4.pom [WARNING] POM for 'xalan:xalan:pom:2.7.0:runtime' is invalid. It will be ignored for artifact resolution. Reason: Not a v4.0.0 POM. for project xalan:xalan at C:\Users\Ronaldo.m2\repository\xalan\xalan\2.7.0\xalan-2.7.0.pom [WARNING] POM for 'org.apache.geronimo.specs:geronimo-stax-api_1.0_spec:pom:1.0.1:runtime' is invalid. It will be ignored for artifact resolution. Reason: Not a v4.0.0 POM. for project org.apache.geronimo.specs:geronimo-stax-api_1.0_spec at C:\Users\Ronaldo.m2\repository\org\apache\geronimo\specs\geronimo-stax-api_1.0_spec\1.0.1\geronimo-stax-api_1.0_spec-1.0.1.pom [WARNING] POM for 'commons-io:commons-io:pom:1.4:runtime' is invalid. It will be ignored for artifact resolution. Reason: Not a v4.0.0 POM. for project commons-io:commons-io at C:\Users\Ronaldo.m2\repository\commons-io\commons-io\1.4\commons-io-1.4.pom [WARNING] POM for 'xalan:xalan:pom:2.7.0:runtime' is invalid. It will be ignored for artifact resolution. Reason: Not a v4.0.0 POM. for project xalan:xalan at C:\Users\Ronaldo.m2\repository\xalan\xalan\2.7.0\xalan-2.7.0.pom [WARNING] POM for 'org.apache.ws.commons.axiom:axiom-api:pom:1.2.8:runtime' is invalid. It will be ignored for artifact resolution. Reason: Not a v4.0.0 POM. for project org.apache.ws.commons.axiom:axiom-api at C:\Users\Ronaldo.m2\repository\org\apache\ws\commons\axiom\axiom-api\1.2.8\axiom-api-1.2.8.pom [WARNING] POM for 'org.apache.ws.commons.axiom:axiom-impl:pom:1.2.8:runtime' is invalid. It will be ignored for artifact resolution. Reason: Not a v4.0.0 POM. for project org.apache.ws.commons.axiom:axiom-impl at C:\Users\Ronaldo.m2\repository\org\apache\ws\commons\axiom\axiom-impl\1.2.8\axiom-impl-1.2.8.pom [WARNING] POM for 'org.apache.ws.commons.axiom:axiom-dom:pom:1.2.8:runtime' is invalid. It will be ignored for artifact resolution. Reason: Not a v4.0.0 POM. for project org.apache.ws.commons.axiom:axiom-dom at C:\Users\Ronaldo.m2\repository\org\apache\ws\commons\axiom\axiom-dom\1.2.8\axiom-dom-1.2.8.pom [WARNING] POM for 'javax.mail:mail:pom:1.4:runtime' is invalid. It will be ignored for artifact resolution. Reason: Not a v4.0.0 POM. for project javax.mail:mail at C:\Users\Ronaldo.m2\repository\javax\mail\mail\1.4\mail-1.4.pom [WARNING] POM for 'xalan:xalan:pom:2.7.0:runtime' is invalid. It will be ignored for artifact resolution. Reason: Not a v4.0.0 POM. for project xalan:xalan at C:\Users\Ronaldo.m2\repository\xalan\xalan\2.7.0\xalan-2.7.0.pom [WARNING] POM for 'org.apache.geronimo.specs:geronimo-stax-api_1.0_spec:pom:1.0.1:runtime' is invalid. It will be ignored for artifact resolution. Reason: Not a v4.0.0 POM. for project org.apache.geronimo.specs:geronimo-stax-api_1.0_spec at C:\Users\Ronaldo.m2\repository\org\apache\geronimo\specs\geronimo-stax-api_1.0_spec\1.0.1\geronimo-stax-api_1.0_spec-1.0.1.pom [WARNING] POM for 'commons-io:commons-io:pom:1.4:runtime' is invalid. It will be ignored for artifact resolution. Reason: Not a v4.0.0 POM. for project commons-io:commons-io at C:\Users\Ronaldo.m2\repository\commons-io\commons-io\1.4\commons-io-1.4.pom [WARNING] POM for 'org.codehaus.plexus:plexus-utils:pom:1.4.9:runtime' is invalid. It will be ignored for artifact resolution. Reason: Not a v4.0.0 POM. for project org.codehaus.plexus:plexus-utils at C:\Users\Ronaldo.m2\repository\org\codehaus\plexus\plexus-utils\1.4.9\plexus-utils-1.4.9.pom [WARNING] POM for 'org.apache.ws.commons.axiom:axiom-api:pom:1.2.8:runtime' is invalid. It will be ignored for artifact resolution. Reason: Not a v4.0.0 POM. for project org.apache.ws.commons.axiom:axiom-api at C:\Users\Ronaldo.m2\repository\org\apache\ws\commons\axiom\axiom-api\1.2.8\axiom-api-1.2.8.pom [WARNING] POM for 'org.apache.ws.commons.axiom:axiom-impl:pom:1.2.8:runtime' is invalid. It will be ignored for artifact resolution. Reason: Not a v4.0.0 POM. for project org.apache.ws.commons.axiom:axiom-impl at C:\Users\Ronaldo.m2\repository\org\apache\ws\commons\axiom\axiom-impl\1.2.8\axiom-impl-1.2.8.pom [WARNING] POM for 'org.apache.ws.commons.axiom:axiom-dom:pom:1.2.8:runtime' is invalid. It will be ignored for artifact resolution. Reason: Not a v4.0.0 POM. for project org.apache.ws.commons.axiom:axiom-dom at C:\Users\Ronaldo.m2\repository\org\apache\ws\commons\axiom\axiom-dom\1.2.8\axiom-dom-1.2.8.pom [WARNING] POM for 'javax.mail:mail:pom:1.4:runtime' is invalid. It will be ignored for artifact resolution. Reason: Not a v4.0.0 POM. for project javax.mail:mail at C:\Users\Ronaldo.m2\repository\javax\mail\mail\1.4\mail-1.4.pom [WARNING] POM for 'xalan:xalan:pom:2.7.0:runtime' is invalid. It will be ignored for artifact resolution. Reason: Not a v4.0.0 POM. for project xalan:xalan at C:\Users\Ronaldo.m2\repository\xalan\xalan\2.7.0\xalan-2.7.0.pom [WARNING] POM for 'org.apache.geronimo.specs:geronimo-stax-api_1.0_spec:pom:1.0.1:runtime' is invalid. It will be ignored for artifact resolution. Reason: Not a v4.0.0 POM. for project org.apache.geronimo.specs:geronimo-stax-api_1.0_spec at C:\Users\Ronaldo.m2\repository\org\apache\geronimo\specs\geronimo-stax-api_1.0_spec\1.0.1\geronimo-stax-api_1.0_spec-1.0.1.pom [WARNING] POM for 'commons-io:commons-io:pom:1.4:runtime' is invalid. It will be ignored for artifact resolution. Reason: Not a v4.0.0 POM. for project commons-io:commons-io at C:\Users\Ronaldo.m2\repository\commons-io\commons-io\1.4\commons-io-1.4.pom [WARNING] POM for 'org.apache.maven:maven-plugin-api:pom:2.0.7:runtime' is invalid. It will be ignored for artifact resolution. Reason: Not a v4.0.0 POM. for project org.apache.maven:maven-plugin-api at C:\Users\Ronaldo.m2\repository\org\apache\maven\maven-plugin-api\2.0.7\maven-plugin-api-2.0.7.pom [WARNING] POM for 'org.apache.maven:maven-artifact:pom:2.0.8:runtime' is invalid. It will be ignored for artifact resolution. Reason: Not a v4.0.0 POM. for project org.apache.maven:maven-artifact at C:\Users\Ronaldo.m2\repository\org\apache\maven\maven-artifact\2.0.8\maven-artifact-2.0.8.pom [WARNING] POM for 'org.apache.maven:maven-project:pom:2.0.7:runtime' is invalid. It will be ignored for artifact resolution. Reason: Not a v4.0.0 POM. for project org.apache.maven:maven-project at C:\Users\Ronaldo.m2\repository\org\apache\maven\maven-project\2.0.7\maven-project-2.0.7.pom [WARNING] POM for 'org.apache.ws.commons.axiom:axiom-api:pom:1.2.8:runtime' is invalid. It will be ignored for artifact resolution. Reason: Not a v4.0.0 POM. for project org.apache.ws.commons.axiom:axiom-api at C:\Users\Ronaldo.m2\repository\org\apache\ws\commons\axiom\axiom-api\1.2.8\axiom-api-1.2.8.pom [WARNING] POM for 'org.apache.ws.commons.axiom:axiom-impl:pom:1.2.8:runtime' is invalid. It will be ignored for artifact resolution. Reason: Not a v4.0.0 POM. for project org.apache.ws.commons.axiom:axiom-impl at C:\Users\Ronaldo.m2\repository\org\apache\ws\commons\axiom\axiom-impl\1.2.8\axiom-impl-1.2.8.pom [WARNING] POM for 'org.apache.ws.commons.axiom:axiom-dom:pom:1.2.8:runtime' is invalid. It will be ignored for artifact resolution. Reason: Not a v4.0.0 POM. for project org.apache.ws.commons.axiom:axiom-dom at C:\Users\Ronaldo.m2\repository\org\apache\ws\commons\axiom\axiom-dom\1.2.8\axiom-dom-1.2.8.pom [WARNING] POM for 'javax.mail:mail:pom:1.4:runtime' is invalid. It will be ignored for artifact resolution. Reason: Not a v4.0.0 POM. for project javax.mail:mail at C:\Users\Ronaldo.m2\repository\javax\mail\mail\1.4\mail-1.4.pom [WARNING] POM for 'xalan:xalan:pom:2.7.0:runtime' is invalid. It will be ignored for artifact resolution. Reason: Not a v4.0.0 POM. for project xalan:xalan at C:\Users\Ronaldo.m2\repository\xalan\xalan\2.7.0\xalan-2.7.0.pom [WARNING] POM for 'org.apache.geronimo.specs:geronimo-stax-api_1.0_spec:pom:1.0.1:runtime' is invalid. It will be ignored for artifact resolution. Reason: Not a v4.0.0 POM. for project org.apache.geronimo.specs:geronimo-stax-api_1.0_spec at C:\Users\Ronaldo.m2\repository\org\apache\geronimo\specs\geronimo-stax-api_1.0_spec\1.0.1\geronimo-stax-api_1.0_spec-1.0.1.pom [WARNING] POM for 'commons-io:commons-io:pom:1.4:runtime' is invalid. It will be ignored for artifact resolution. Reason: Not a v4.0.0 POM. for project commons-io:commons-io at C:\Users\Ronaldo.m2\repository\commons-io\commons-io\1.4\commons-io-1.4.pom [WARNING] POM for 'org.apache.ws.commons.axiom:axiom-api:pom:1.2.8:runtime' is invalid. It will be ignored for artifact resolution. Reason: Not a v4.0.0 POM. for project org.apache.ws.commons.axiom:axiom-api at C:\Users\Ronaldo.m2\repository\org\apache\ws\commons\axiom\axiom-api\1.2.8\axiom-api-1.2.8.pom [WARNING] POM for 'org.apache.ws.commons.axiom:axiom-impl:pom:1.2.8:runtime' is invalid. It will be ignored for artifact resolution. Reason: Not a v4.0.0 POM. for project org.apache.ws.commons.axiom:axiom-impl at C:\Users\Ronaldo.m2\repository\org\apache\ws\commons\axiom\axiom-impl\1.2.8\axiom-impl-1.2.8.pom [WARNING] POM for 'org.apache.ws.commons.axiom:axiom-dom:pom:1.2.8:runtime' is invalid. It will be ignored for artifact resolution. Reason: Not a v4.0.0 POM. for project org.apache.ws.commons.axiom:axiom-dom at C:\Users\Ronaldo.m2\repository\org\apache\ws\commons\axiom\axiom-dom\1.2.8\axiom-dom-1.2.8.pom [WARNING] POM for 'javax.mail:mail:pom:1.4:runtime' is invalid. It will be ignored for artifact resolution. Reason: Not a v4.0.0 POM. for project javax.mail:mail at C:\Users\Ronaldo.m2\repository\javax\mail\mail\1.4\mail-1.4.pom [WARNING] POM for 'xalan:xalan:pom:2.7.0:runtime' is invalid. It will be ignored for artifact resolution. Reason: Not a v4.0.0 POM. for project xalan:xalan at C:\Users\Ronaldo.m2\repository\xalan\xalan\2.7.0\xalan-2.7.0.pom [WARNING] POM for 'org.apache.geronimo.specs:geronimo-stax-api_1.0_spec:pom:1.0.1:runtime' is invalid. It will be ignored for artifact resolution. Reason: Not a v4.0.0 POM. for project org.apache.geronimo.specs:geronimo-stax-api_1.0_spec at C:\Users\Ronaldo.m2\repository\org\apache\geronimo\specs\geronimo-stax-api_1.0_spec\1.0.1\geronimo-stax-api_1.0_spec-1.0.1.pom [WARNING] POM for 'commons-io:commons-io:pom:1.4:runtime' is invalid. It will be ignored for artifact resolution. Reason: Not a v4.0.0 POM. for project commons-io:commons-io at C:\Users\Ronaldo.m2\repository\commons-io\commons-io\1.4\commons-io-1.4.pom [WARNING] POM for 'org.apache.ws.commons.axiom:axiom-api:pom:1.2.8:runtime' is invalid. It will be ignored for artifact resolution. Reason: Not a v4.0.0 POM. for project org.apache.ws.commons.axiom:axiom-api at C:\Users\Ronaldo.m2\repository\org\apache\ws\commons\axiom\axiom-api\1.2.8\axiom-api-1.2.8.pom [WARNING] POM for 'org.apache.ws.commons.axiom:axiom-impl:pom:1.2.8:runtime' is invalid. It will be ignored for artifact resolution. Reason: Not a v4.0.0 POM. for project org.apache.ws.commons.axiom:axiom-impl at C:\Users\Ronaldo.m2\repository\org\apache\ws\commons\axiom\axiom-impl\1.2.8\axiom-impl-1.2.8.pom [WARNING] POM for 'org.apache.ws.commons.axiom:axiom-api:pom:1.2.8:runtime' is invalid. It will be ignored for artifact resolution. Reason: Not a v4.0.0 POM. for project org.apache.ws.commons.axiom:axiom-api at C:\Users\Ronaldo.m2\repository\org\apache\ws\commons\axiom\axiom-api\1.2.8\axiom-api-1.2.8.pom [WARNING] POM for 'org.apache.ws.commons.axiom:axiom-impl:pom:1.2.8:runtime' is invalid. It will be ignored for artifact resolution. Reason: Not a v4.0.0 POM. for project org.apache.ws.commons.axiom:axiom-impl at C:\Users\Ronaldo.m2\repository\org\apache\ws\commons\axiom\axiom-impl\1.2.8\axiom-impl-1.2.8.pom [WARNING] POM for 'org.apache.ws.commons.axiom:axiom-api:pom:1.2.8:runtime' is invalid. It will be ignored for artifact resolution. Reason: Not a v4.0.0 POM. for project org.apache.ws.commons.axiom:axiom-api at C:\Users\Ronaldo.m2\repository\org\apache\ws\commons\axiom\axiom-api\1.2.8\axiom-api-1.2.8.pom [WARNING] POM for 'org.apache.ws.commons.axiom:axiom-impl:pom:1.2.8:runtime' is invalid. It will be ignored for artifact resolution. Reason: Not a v4.0.0 POM. for project org.apache.ws.commons.axiom:axiom-impl at C:\Users\Ronaldo.m2\repository\org\apache\ws\commons\axiom\axiom-impl\1.2.8\axiom-impl-1.2.8.pom [WARNING] POM for 'org.apache.ws.commons.axiom:axiom-api:pom:1.2.8:runtime' is invalid. It will be ignored for artifact resolution. Reason: Not a v4.0.0 POM. for project org.apache.ws.commons.axiom:axiom-api at C:\Users\Ronaldo.m2\repository\org\apache\ws\commons\axiom\axiom-api\1.2.8\axiom-api-1.2.8.pom [WARNING] POM for 'org.apache.ws.commons.axiom:axiom-impl:pom:1.2.8:runtime' is invalid. It will be ignored for artifact resolution. Reason: Not a v4.0.0 POM. for project org.apache.ws.commons.axiom:axiom-impl at C:\Users\Ronaldo.m2\repository\org\apache\ws\commons\axiom\axiom-impl\1.2.8\axiom-impl-1.2.8.pom [WARNING] POM for 'org.apache.ws.commons.axiom:axiom-dom:pom:1.2.8:runtime' is invalid. It will be ignored for artifact resolution. Reason: Not a v4.0.0 POM. for project org.apache.ws.commons.axiom:axiom-dom at C:\Users\Ronaldo.m2\repository\org\apache\ws\commons\axiom\axiom-dom\1.2.8\axiom-dom-1.2.8.pom [WARNING] POM for 'javax.mail:mail:pom:1.4:runtime' is invalid. It will be ignored for artifact resolution. Reason: Not a v4.0.0 POM. for project javax.mail:mail at C:\Users\Ronaldo.m2\repository\javax\mail\mail\1.4\mail-1.4.pom [WARNING] POM for 'xalan:xalan:pom:2.7.0:runtime' is invalid. It will be ignored for artifact resolution. Reason: Not a v4.0.0 POM. for project xalan:xalan at C:\Users\Ronaldo.m2\repository\xalan\xalan\2.7.0\xalan-2.7.0.pom [WARNING] POM for 'org.apache.geronimo.specs:geronimo-stax-api_1.0_spec:pom:1.0.1:runtime' is invalid. It will be ignored for artifact resolution. Reason: Not a v4.0.0 POM. for project org.apache.geronimo.specs:geronimo-stax-api_1.0_spec at C:\Users\Ronaldo.m2\repository\org\apache\geronimo\specs\geronimo-stax-api_1.0_spec\1.0.1\geronimo-stax-api_1.0_spec-1.0.1.pom [WARNING] POM for 'commons-io:commons-io:pom:1.4:runtime' is invalid. It will be ignored for artifact resolution. Reason: Not a v4.0.0 POM. for project commons-io:commons-io at C:\Users\Ronaldo.m2\repository\commons-io\commons-io\1.4\commons-io-1.4.pom [WARNING] POM for 'org.apache.ws.commons.axiom:axiom-api:pom:1.2.8:runtime' is invalid. It will be ignored for artifact resolution. Reason: Not a v4.0.0 POM. for project org.apache.ws.commons.axiom:axiom-api at C:\Users\Ronaldo.m2\repository\org\apache\ws\commons\axiom\axiom-api\1.2.8\axiom-api-1.2.8.pom [WARNING] POM for 'org.apache.ws.commons.axiom:axiom-impl:pom:1.2.8:runtime' is invalid. It will be ignored for artifact resolution. Reason: Not a v4.0.0 POM. for project org.apache.ws.commons.axiom:axiom-impl at C:\Users\Ronaldo.m2\repository\org\apache\ws\commons\axiom\axiom-impl\1.2.8\axiom-impl-1.2.8.pom [WARNING] POM for 'org.apache.ws.commons.axiom:axiom-dom:pom:1.2.8:runtime' is invalid. It will be ignored for artifact resolution. Reason: Not a v4.0.0 POM. for project org.apache.ws.commons.axiom:axiom-dom at C:\Users\Ronaldo.m2\repository\org\apache\ws\commons\axiom\axiom-dom\1.2.8\axiom-dom-1.2.8.pom [WARNING] POM for 'javax.mail:mail:pom:1.4:runtime' is invalid. It will be ignored for artifact resolution. Reason: Not a v4.0.0 POM. for project javax.mail:mail at C:\Users\Ronaldo.m2\repository\javax\mail\mail\1.4\mail-1.4.pom [WARNING] POM for 'xalan:xalan:pom:2.7.0:runtime' is invalid. It will be ignored for artifact resolution. Reason: Not a v4.0.0 POM. for project xalan:xalan at C:\Users\Ronaldo.m2\repository\xalan\xalan\2.7.0\xalan-2.7.0.pom [WARNING] POM for 'org.apache.geronimo.specs:geronimo-stax-api_1.0_spec:pom:1.0.1:runtime' is invalid. It will be ignored for artifact resolution. Reason: Not a v4.0.0 POM. for project org.apache.geronimo.specs:geronimo-stax-api_1.0_spec at C:\Users\Ronaldo.m2\repository\org\apache\geronimo\specs\geronimo-stax-api_1.0_spec\1.0.1\geronimo-stax-api_1.0_spec-1.0.1.pom [WARNING] POM for 'commons-io:commons-io:pom:1.4:runtime' is invalid. It will be ignored for artifact resolution. Reason: Not a v4.0.0 POM. for project commons-io:commons-io at C:\Users\Ronaldo.m2\repository\commons-io\commons-io\1.4\commons-io-1.4.pom [WARNING] POM for 'org.apache.ws.commons.axiom:axiom-api:pom:1.2.8:runtime' is invalid. It will be ignored for artifact resolution. Reason: Not a v4.0.0 POM. for project org.apache.ws.commons.axiom:axiom-api at C:\Users\Ronaldo.m2\repository\org\apache\ws\commons\axiom\axiom-api\1.2.8\axiom-api-1.2.8.pom [WARNING] POM for 'org.apache.ws.commons.axiom:axiom-impl:pom:1.2.8:runtime' is invalid. It will be ignored for artifact resolution. Reason: Not a v4.0.0 POM. for project org.apache.ws.commons.axiom:axiom-impl at C:\Users\Ronaldo.m2\repository\org\apache\ws\commons\axiom\axiom-impl\1.2.8\axiom-impl-1.2.8.pom [WARNING] POM for 'org.apache.ws.commons.axiom:axiom-api:pom:1.2.8:runtime' is invalid. It will be ignored for artifact resolution. Reason: Not a v4.0.0 POM. for project org.apache.ws.commons.axiom:axiom-api at C:\Users\Ronaldo.m2\repository\org\apache\ws\commons\axiom\axiom-api\1.2.8\axiom-api-1.2.8.pom [WARNING] POM for 'org.apache.ws.commons.axiom:axiom-impl:pom:1.2.8:runtime' is invalid. It will be ignored for artifact resolution. Reason: Not a v4.0.0 POM. for project org.apache.ws.commons.axiom:axiom-impl at C:\Users\Ronaldo.m2\repository\org\apache\ws\commons\axiom\axiom-impl\1.2.8\axiom-impl-1.2.8.pom [WARNING] POM for 'org.apache.ws.commons.axiom:axiom-api:pom:1.2.8:runtime' is invalid. It will be ignored for artifact resolution. Reason: Not a v4.0.0 POM. for project org.apache.ws.commons.axiom:axiom-api at C:\Users\Ronaldo.m2\repository\org\apache\ws\commons\axiom\axiom-api\1.2.8\axiom-api-1.2.8.pom [WARNING] POM for 'org.apache.ws.commons.axiom:axiom-impl:pom:1.2.8:runtime' is invalid. It will be ignored for artifact resolution. Reason: Not a v4.0.0 POM. for project org.apache.ws.commons.axiom:axiom-impl at C:\Users\Ronaldo.m2\repository\org\apache\ws\commons\axiom\axiom-impl\1.2.8\axiom-impl-1.2.8.pom [WARNING] POM for 'org.apache.ws.commons.axiom:axiom-api:pom:1.2.8:runtime' is invalid. It will be ignored for artifact resolution. Reason: Not a v4.0.0 POM. for project org.apache.ws.commons.axiom:axiom-api at C:\Users\Ronaldo.m2\repository\org\apache\ws\commons\axiom\axiom-api\1.2.8\axiom-api-1.2.8.pom [WARNING] POM for 'org.apache.ws.commons.axiom:axiom-impl:pom:1.2.8:runtime' is invalid. It will be ignored for artifact resolution. Reason: Not a v4.0.0 POM. for project org.apache.ws.commons.axiom:axiom-impl at C:\Users\Ronaldo.m2\repository\org\apache\ws\commons\axiom\axiom-impl\1.2.8\axiom-impl-1.2.8.pom [WARNING] POM for 'org.apache.ws.commons.axiom:axiom-dom:pom:1.2.8:runtime' is invalid. It will be ignored for artifact resolution. Reason: Not a v4.0.0 POM. for project org.apache.ws.commons.axiom:axiom-dom at C:\Users\Ronaldo.m2\repository\org\apache\ws\commons\axiom\axiom-dom\1.2.8\axiom-dom-1.2.8.pom [WARNING] POM for 'javax.mail:mail:pom:1.4:runtime' is invalid. It will be ignored for artifact resolution. Reason: Not a v4.0.0 POM. for project javax.mail:mail at C:\Users\Ronaldo.m2\repository\javax\mail\mail\1.4\mail-1.4.pom [WARNING] POM for 'xalan:xalan:pom:2.7.0:runtime' is invalid. It will be ignored for artifact resolution. Reason: Not a v4.0.0 POM. for project xalan:xalan at C:\Users\Ronaldo.m2\repository\xalan\xalan\2.7.0\xalan-2.7.0.pom [WARNING] POM for 'org.apache.geronimo.specs:geronimo-stax-api_1.0_spec:pom:1.0.1:runtime' is invalid. It will be ignored for artifact resolution. Reason: Not a v4.0.0 POM. for project org.apache.geronimo.specs:geronimo-stax-api_1.0_spec at C:\Users\Ronaldo.m2\repository\org\apache\geronimo\specs\geronimo-stax-api_1.0_spec\1.0.1\geronimo-stax-api_1.0_spec-1.0.1.pom [WARNING] POM for 'commons-io:commons-io:pom:1.4:runtime' is invalid. It will be ignored for artifact resolution. Reason: Not a v4.0.0 POM. for project commons-io:commons-io at C:\Users\Ronaldo.m2\repository\commons-io\commons-io\1.4\commons-io-1.4.pom [WARNING] POM for 'org.apache.ws.commons.axiom:axiom-api:pom:1.2.8:runtime' is invalid. It will be ignored for artifact resolution. Reason: Not a v4.0.0 POM. for project org.apache.ws.commons.axiom:axiom-api at C:\Users\Ronaldo.m2\repository\org\apache\ws\commons\axiom\axiom-api\1.2.8\axiom-api-1.2.8.pom [WARNING] POM for 'org.apache.ws.commons.axiom:axiom-impl:pom:1.2.8:runtime' is invalid. It will be ignored for artifact resolution. Reason: Not a v4.0.0 POM. for project org.apache.ws.commons.axiom:axiom-impl at C:\Users\Ronaldo.m2\repository\org\apache\ws\commons\axiom\axiom-impl\1.2.8\axiom-impl-1.2.8.pom [WARNING] POM for 'org.apache.ws.commons.axiom:axiom-dom:pom:1.2.8:runtime' is invalid. It will be ignored for artifact resolution. Reason: Not a v4.0.0 POM. for project org.apache.ws.commons.axiom:axiom-dom at C:\Users\Ronaldo.m2\repository\org\apache\ws\commons\axiom\axiom-dom\1.2.8\axiom-dom-1.2.8.pom [WARNING] POM for 'javax.mail:mail:pom:1.4:runtime' is invalid. It will be ignored for artifact resolution. Reason: Not a v4.0.0 POM. for project javax.mail:mail at C:\Users\Ronaldo.m2\repository\javax\mail\mail\1.4\mail-1.4.pom [WARNING] POM for 'xalan:xalan:pom:2.7.0:runtime' is invalid. It will be ignored for artifact resolution. Reason: Not a v4.0.0 POM. for project xalan:xalan at C:\Users\Ronaldo.m2\repository\xalan\xalan\2.7.0\xalan-2.7.0.pom [WARNING] POM for 'org.apache.geronimo.specs:geronimo-stax-api_1.0_spec:pom:1.0.1:runtime' is invalid. It will be ignored for artifact resolution. Reason: Not a v4.0.0 POM. for project org.apache.geronimo.specs:geronimo-stax-api_1.0_spec at C:\Users\Ronaldo.m2\repository\org\apache\geronimo\specs\geronimo-stax-api_1.0_spec\1.0.1\geronimo-stax-api_1.0_spec-1.0.1.pom [WARNING] POM for 'commons-io:commons-io:pom:1.4:runtime' is invalid. It will be ignored for artifact resolution. Reason: Not a v4.0.0 POM. for project commons-io:commons-io at C:\Users\Ronaldo.m2\repository\commons-io\commons-io\1.4\commons-io-1.4.pom [WARNING] POM for 'org.apache.ws.commons.axiom:axiom-api:pom:1.2.8:runtime' is invalid. It will be ignored for artifact resolution. Reason: Not a v4.0.0 POM. for project org.apache.ws.commons.axiom:axiom-api at C:\Users\Ronaldo.m2\repository\org\apache\ws\commons\axiom\axiom-api\1.2.8\axiom-api-1.2.8.pom [WARNING] POM for 'org.apache.ws.commons.axiom:axiom-impl:pom:1.2.8:runtime' is invalid. It will be ignored for artifact resolution. Reason: Not a v4.0.0 POM. for project org.apache.ws.commons.axiom:axiom-impl at C:\Users\Ronaldo.m2\repository\org\apache\ws\commons\axiom\axiom-impl\1.2.8\axiom-impl-1.2.8.pom [WARNING] POM for 'org.apache.ws.commons.axiom:axiom-dom:pom:1.2.8:runtime' is invalid. It will be ignored for artifact resolution. Reason: Not a v4.0.0 POM. for project org.apache.ws.commons.axiom:axiom-dom at C:\Users\Ronaldo.m2\repository\org\apache\ws\commons\axiom\axiom-dom\1.2.8\axiom-dom-1.2.8.pom [WARNING] POM for 'javax.mail:mail:pom:1.4:runtime' is invalid. It will be ignored for artifact resolution. Reason: Not a v4.0.0 POM. for project javax.mail:mail at C:\Users\Ronaldo.m2\repository\javax\mail\mail\1.4\mail-1.4.pom [WARNING] POM for 'org.apache.geronimo.specs:geronimo-stax-api_1.0_spec:pom:1.0.1:runtime' is invalid. It will be ignored for artifact resolution. Reason: Not a v4.0.0 POM. for project org.apache.geronimo.specs:geronimo-stax-api_1.0_spec at C:\Users\Ronaldo.m2\repository\org\apache\geronimo\specs\geronimo-stax-api_1.0_spec\1.0.1\geronimo-stax-api_1.0_spec-1.0.1.pom [WARNING] POM for 'commons-io:commons-io:pom:1.4:runtime' is invalid. It will be ignored for artifact resolution. Reason: Not a v4.0.0 POM. for project commons-io:commons-io at C:\Users\Ronaldo.m2\repository\commons-io\commons-io\1.4\commons-io-1.4.pom [WARNING] POM for 'org.apache.ws.commons.axiom:axiom-api:pom:1.2.8:runtime' is invalid. It will be ignored for artifact resolution. Reason: Not a v4.0.0 POM. for project org.apache.ws.commons.axiom:axiom-api at C:\Users\Ronaldo.m2\repository\org\apache\ws\commons\axiom\axiom-api\1.2.8\axiom-api-1.2.8.pom [WARNING] POM for 'org.apache.ws.commons.axiom:axiom-impl:pom:1.2.8:runtime' is invalid. It will be ignored for artifact resolution. Reason: Not a v4.0.0 POM. for project org.apache.ws.commons.axiom:axiom-impl at C:\Users\Ronaldo.m2\repository\org\apache\ws\commons\axiom\axiom-impl\1.2.8\axiom-impl-1.2.8.pom [WARNING] POM for 'org.apache.ws.commons.axiom:axiom-dom:pom:1.2.8:runtime' is invalid. It will be ignored for artifact resolution. Reason: Not a v4.0.0 POM. for project org.apache.ws.commons.axiom:axiom-dom at C:\Users\Ronaldo.m2\repository\org\apache\ws\commons\axiom\axiom-dom\1.2.8\axiom-dom-1.2.8.pom [WARNING] POM for 'javax.mail:mail:pom:1.4:runtime' is invalid. It will be ignored for artifact resolution. Reason: Not a v4.0.0 POM. for project javax.mail:mail at C:\Users\Ronaldo.m2\repository\javax\mail\mail\1.4\mail-1.4.pom [WARNING] POM for 'xalan:xalan:pom:2.7.0:runtime' is invalid. It will be ignored for artifact resolution. Reason: Not a v4.0.0 POM. for project xalan:xalan at C:\Users\Ronaldo.m2\repository\xalan\xalan\2.7.0\xalan-2.7.0.pom [WARNING] POM for 'org.apache.geronimo.specs:geronimo-stax-api_1.0_spec:pom:1.0.1:runtime' is invalid. It will be ignored for artifact resolution. Reason: Not a v4.0.0 POM. for project org.apache.geronimo.specs:geronimo-stax-api_1.0_spec at C:\Users\Ronaldo.m2\repository\org\apache\geronimo\specs\geronimo-stax-api_1.0_spec\1.0.1\geronimo-stax-api_1.0_spec-1.0.1.pom [WARNING] POM for 'commons-io:commons-io:pom:1.4:runtime' is invalid. It will be ignored for artifact resolution. Reason: Not a v4.0.0 POM. for project commons-io:commons-io at C:\Users\Ronaldo.m2\repository\commons-io\commons-io\1.4\commons-io-1.4.pom [WARNING] POM for 'org.apache.ws.commons.axiom:axiom-api:pom:1.2.8:runtime' is invalid. It will be ignored for artifact resolution. Reason: Not a v4.0.0 POM. for project org.apache.ws.commons.axiom:axiom-api at C:\Users\Ronaldo.m2\repository\org\apache\ws\commons\axiom\axiom-api\1.2.8\axiom-api-1.2.8.pom [WARNING] POM for 'org.apache.ws.commons.axiom:axiom-impl:pom:1.2.8:runtime' is invalid. It will be ignored for artifact resolution. Reason: Not a v4.0.0 POM. for project org.apache.ws.commons.axiom:axiom-impl at C:\Users\Ronaldo.m2\repository\org\apache\ws\commons\axiom\axiom-impl\1.2.8\axiom-impl-1.2.8.pom [WARNING] POM for 'org.apache.ws.commons.axiom:axiom-dom:pom:1.2.8:runtime' is invalid. It will be ignored for artifact resolution. Reason: Not a v4.0.0 POM. for project org.apache.ws.commons.axiom:axiom-dom at C:\Users\Ronaldo.m2\repository\org\apache\ws\commons\axiom\axiom-dom\1.2.8\axiom-dom-1.2.8.pom [WARNING] POM for 'javax.mail:mail:pom:1.4:runtime' is invalid. It will be ignored for artifact resolution. Reason: Not a v4.0.0 POM. for project javax.mail:mail at C:\Users\Ronaldo.m2\repository\javax\mail\mail\1.4\mail-1.4.pom [WARNING] POM for 'xalan:xalan:pom:2.7.0:runtime' is invalid. It will be ignored for artifact resolution. Reason: Not a v4.0.0 POM. for project xalan:xalan at C:\Users\Ronaldo.m2\repository\xalan\xalan\2.7.0\xalan-2.7.0.pom [WARNING] POM for 'org.apache.geronimo.specs:geronimo-stax-api_1.0_spec:pom:1.0.1:runtime' is invalid. It will be ignored for artifact resolution. Reason: Not a v4.0.0 POM. for project org.apache

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

1 2 3 4 5 6 7 8 9 10 11 12  | Next Page >