14 Eylül 2010

search for a text spawned to several lines of a file

omg awk is s.f.cool...



#!/usr/bin/ksh

cat source.log | awk 'BEGIN {x=0}
{
if ($0~"STARTINGMARK") {x=1}
if (x==1) {print $0}
if ($0~"ENDINGMARK") {x=0}
}' > output.log

14 Haziran 2010

Configuring kernel params before any Oracle installation

If the value of any kernel parameter is different from the recommended value, complete the following steps:

Using any text editor, create or edit the /etc/sysctl.conf file and add or edit lines similar to the following:


Note:
Include lines only for the kernel parameter values that you want to change. For the semaphore parameters (kernel.sem), you must specify all four values. However, if any of the current values are larger than the recommended value, specify the larger value.
kernel.shmall = 2097152
kernel.shmmax = 2147483648
kernel.shmmni = 4096
# semaphores: semmsl, semmns, semopm, semmni
kernel.sem = 256 32000 100 142
fs.file-max = 131072
net.ipv4.ip_local_port_range = 10000 65000
kernel.msgmni = 2878
kernel.msgmax = 8192
kernel.msgmnb = 65535

By specifying the values in the /etc/sysctl.conf file, they persist when you reboot the system.

Enter the following command to change the current values of the kernel parameters.

# /sbin/sysctl -p

Review the output from this command to verify that the values are correct. If the values are incorrect, edit the /etc/sysctl.conf file, then enter this command again.

On SUSE Linux Enterprise Server only, enter the following command to cause the system to read the /etc/sysctl.conf file when it reboots:

# chkconfig boot.sysctl on




To increase the shell limits:

Add the following lines to /etc/security/limits.conf file:

*        soft   nproc         2047
*        hard   nproc         16384
*        soft   nofile        2048
*        hard   nofile        65536

Add the following line to the /etc/pam.d/login file, if it does not already exist:

session    required     /lib/security/pam_limits.so

Depending on the oracle user's default shell, make the following changes to the default shell start-up file:

For the Bourne, Bash, or Korn shell, add the following lines to the /etc/profile file:

if [ $USER = "oracle" ]; then
        if [ $SHELL = "/bin/ksh" ]; then
              ulimit -p 16384
              ulimit -n 65536
        else
              ulimit -u 16384 -n 65536
        fi
fi

For the C or tcsh shell, add the following lines to the /etc/csh.login file:

if ( $USER == "oracle" ) then
        limit maxproc 16384
        limit descriptors 65536
endif

17 Mayıs 2010

Viewing Information About Database Users and Profiles

The following data dictionary views contain information about database users and profiles:
ViewDescription
DBA_USERS
ALL_USERS
USER_USERS
DBA view describes all users of the database. ALL view lists users visible to the current user, but does not describe them. USER view describes only the current user.
DBA_TS_QUOTAS
USER_TS_QUOTAS
Describes tablespace quotas for users.
USER_PASSWORD_LIMITS
Describes the password profile parameters that are assigned to the user.
USER_RESOURCE_LIMITS
Displays the resource limits for the current user.
DBA_PROFILES
Displays all profiles and their limits.
RESOURCE_COST
Lists the cost for each resource.
V$SESSION
Lists session information for each current session. Includes user name.
V$SESSTAT
Lists user session statistics.
V$STATNAME
Displays decoded statistic names for the statistics shown in the V$SESSTAT view.
PROXY_USERS
Describes users who can assume the identity of other users.

14 Mayıs 2010

SLCIAF: Searching files that includes a given text

today on _simple linux commands i always forget_ series :


Searching files that includes a given text. 


find . -exec grep -l “string to find” {} \;

16 Nisan 2010

Controlling Login by PhaseListener in JSF

I have learned a few things about jsf today.

First thing is to maintain login/logout account control using phase listener. From a number of options to ensure only loggedin users can access your pages, I think phaselistener is the most elegant solution.


It is so simple that you don’t need to alter all jsp pages to make it check user’s login status.

It goes like this:

1. Create a class that implements the PhaseListener (sample code below)

package tr.oracle.consulting.oidss.utils;

import javax.faces.application.NavigationHandler;
import javax.faces.context.FacesContext;
import javax.faces.event.PhaseEvent;
import javax.faces.event.PhaseId;
import javax.faces.event.PhaseListener;
import tr.oracle.consulting.oidss.LoginBean;

public class LoggedInCheck implements PhaseListener {

    public PhaseId getPhaseId() {
        return PhaseId.RESTORE_VIEW;

    }

    public void beforePhase(PhaseEvent event) {
    }

    public void afterPhase(PhaseEvent event) {
        FacesContext fc = event.getFacesContext();

        boolean loginPage = fc.getViewRoot().getViewId().lastIndexOf("login") > -1 ? true : false;
        if (!loginPage && !loggedIn()) {
            NavigationHandler nh = fc.getApplication().getNavigationHandler();
            nh.handleNavigation(fc, null, "logout");
        }
    }

    private boolean loggedIn() {
        return LoginBean.isLoggedIn();

    }
}




2. Next, we register this class as the phase listener of our jsf application. This means, for every request sent to backbone, this class will be called.

Note that there must be isLoogedIn control that checks if we added the user information to session. I added to my LoginBean.

public static boolean isLoggedIn() {
    HttpSession session = (HttpSession)FacesContext.getCurrentInstance().getExternalContext().getSession(true);
    String isLog = (String)session.getAttribute("isLoggedIn");
    System.out.println("isLoggedIn: " + isLog);
    return (isLog != null && isLog.equals("yes"));
}


3. We are setting this session variable in oır LoginBean after checking the the user credentials.
Add this to your faces-config.xml file.



<lifecycle>
   <phase-listener>tr.oracle.consulting.oidss.utils.LoggedInCheck</phase-listener>
</lifecycle>



4. Note that in afterPhase method of our PhaseListener, we use the navigation handler where a “logout” response is handled. To do this, we need a navigation rule inside face-config.xml.



<navigation-rule>
            <from-view-id>/*</from-view-id>
            <navigation-case>
                  <from-outcome>logout</from-outcome>
                  <to-view-id>/pages/login.jsp</to-view-id>
                  <redirect/>
            </navigation-case>
</navigation-rule>



This means redirect to login.jsp page when you recieve “logout” (which is produced by our PhaseListener) regardless of which page you currently are in. (hence from-view-id is *)

dozens of ways to implement login/logout in JSF

This is one of the most fruitful forum threads in forums.sun.com. A lot of different ways to implement login/logout for JSF apps.

http://72.5.124.102/thread.jspa?threadID=613031&messageID=10430271

05 Nisan 2010

SLCIAF: Extracting cpio file

today on _simple linux commands i always forget_ series :

Extracting cpio zipped files:

cpio -idmv < filetoextract.cpio

26 Mart 2010

SSHA Encryption with Java

If you are not satisfied with LDAP bind to authenticate a user in your Java application, and you want to compare the password with the encrypted one in ldap, you can use the folowing great code which I've found in http://www.koders.com

All credits and omgyouarealifesavers should go to HERE



package net.sf.cookierevolver.encrypt;

import java.io.IOException;
import java.security.MessageDigest;

import sun.misc.BASE64Decoder;
import sun.misc.BASE64Encoder;

public class SSHA {
private static BASE64Encoder enc = new BASE64Encoder();
private static BASE64Decoder dec = new BASE64Decoder();

private boolean verbose = false;

private MessageDigest sha = null;

private static SSHA inst = new SSHA("SHA");

public static SSHA SHA1 = new SSHA("SHA");

public static SSHA SHA2 = new SSHA("SHA-256");

public static SSHA getInstance(){
return inst;
}

/**
* @param shaEnc
*/
public void setAlgorithm(String shaEnc) {
inst = new SSHA(shaEnc);
}

int size=20;

/**
* public constructor
*/
public SSHA(String alg) {
verbose = false;

if(alg.endsWith("256")){
size = 32;
}
if(alg.endsWith("512")){
size = 64;
}

try {
sha = MessageDigest.getInstance(alg);
} catch (java.security.NoSuchAlgorithmException e) {
System.out.println("Construction failed: " + e);
}
}

/**
* Create Digest for each entity values passed in
*
* @param salt
* String to set the base for the encryption
* @param entity
* string to be encrypted
* @return string representing the salted hash output of the encryption
* operation
*/
public String createDigest(String salt, String entity) {
return createDigest(salt.getBytes(),entity);
}

/**
* Create Digest for each entity values passed in
*
* @param salt
* byte array to set the base for the encryption
* @param entity
* string to be encrypted
* @return string representing the salted hash output of the encryption
* operation
*/
public String createDigest(byte[] salt, String entity) {
String label = "{SSHA}";

// Update digest object with byte array of the source clear text
// string and the salt
sha.reset();
sha.update(entity.getBytes());
sha.update(salt);

// Complete hash computation, this results in binary data
byte[] pwhash = sha.digest();

if (verbose) {
System.out.println("pwhash, binary represented as hex: "
+ toHex(pwhash) + " n");
System.out.println("Putting it all together: ");
System.out.println("binary digest of password plus binary salt: "
+ pwhash + salt);
System.out.println("Now we base64 encode what is respresented above this line ...");
}

return label + new String(enc.encode(concatenate(pwhash, salt)));
}

/**
* Create Digest for each entity values passed in. A random salt is used.
*
* @param entity
* string to be encrypted
* @return string representing the salted hash output of the encryption
* operation
*/
public String createDigest(String entity) {
return inst.createDigest(randSalt(),entity);
}

/**
* Check Digest against entity
*
* @param digest
* is digest to be checked against
* @param entity
* entity (string) to be checked
* @return TRUE if there is a match, FALSE otherwise
*/
public boolean checkDigest(String digest, String entity) {
return inst.checkDigest0(digest,entity);
}

/**
* Check Digest against entity
*
* @param digest
* is digest to be checked against
* @param entity
* entity (string) to be checked
* @return TRUE if there is a match, FALSE otherwise
*/
private boolean checkDigest0(String digest, String entity) {
boolean valid = true;

// ignore the {SSHA} hash ID
digest = digest.substring(6);

// extract the SHA hashed data into hs[0]
// extract salt into hs[1]
byte[][] hs=null;
try {
hs = split(dec.decodeBuffer(digest), size);
} catch (IOException e) {
e.printStackTrace();
}
byte[] hash = hs[0];
byte[] salt = hs[1];

// Update digest object with byte array of clear text string and salt
sha.reset();
sha.update(entity.getBytes());
sha.update(salt);

// Complete hash computation, this is now binary data
byte[] pwhash = sha.digest();

if (verbose) {
System.out.println("Salted Hash extracted (in hex): " + toHex(hash)
+ " " + "nSalt extracted (in hex): " + toHex(salt));
System.out.println("Hash length is: " + hash.length
+ " Salt length is: " + salt.length);
System.out.println("Salted Hash presented in hex: " + toHex(pwhash));
}

if (!MessageDigest.isEqual(hash, pwhash)) {
valid = false;
if(verbose) System.out.println("Hashes DON'T match: " + entity);
}

if (MessageDigest.isEqual(hash, pwhash)) {
valid = true;
if(verbose) System.out.println("Hashes match: " + entity);
}

return valid;
}

/**
* set the verbose flag
*/
public void setVerbose(boolean verbose) {
this.verbose = verbose;
}

/**
* Combine two byte arrays
*
* @param l
* first byte array
* @param r
* second byte array
* @return byte[] combined byte array
*/
private static byte[] concatenate(byte[] l, byte[] r) {
byte[] b = new byte[l.length + r.length];
System.arraycopy(l, 0, b, 0, l.length);
System.arraycopy(r, 0, b, l.length, r.length);
return b;
}

/**
* split a byte array in two
*
* @param src
* byte array to be split
* @param n
* element at which to split the byte array
* @return byte[][] two byte arrays that have been split
*/
private static byte[][] split(byte[] src, int n) {
byte[] l, r;
if (src == null || src.length <= n) {
l = src;
r = new byte[0];
} else {
l = new byte[n];
r = new byte[src.length - n];
System.arraycopy(src, 0, l, 0, n);
System.arraycopy(src, n, r, 0, r.length);
}
byte[][] lr = { l, r };
return lr;
}

private static String hexits = "0123456789abcdef";

/**
* Convert a byte array to a hex encoded string
*
* @param block
* byte array to convert to hexString
* @return String representation of byte array
*/
private static String toHex(byte[] block) {
StringBuffer buf = new StringBuffer();

for (int i = 0; i < block.length; ++i) {
buf.append(hexits.charAt((block[i] >>> 4) & 0xf));
buf.append(hexits.charAt(block[i] & 0xf));
}

return buf + "";
}

public byte[] randSalt(){
int saltLen = 8;
byte[] b = new byte[saltLen];
for(int i = 0;i byte bt = (byte)(((Math.random())*256)-128);
//System.out.println(bt);
b[i]=bt;
}
return b;
}

}

22 Mart 2010

If netca wouldn't like the OID schema

Last week, I was trying to setup EUS on 11.1.0.7 DB, with a fresh installed OID 11g.

Following the instructions in the EUS Admin Guide document, I run NETCA and came up with the following error:

=======
The directory has not been configured for this usage. It does not contain the required Oracle Schema, or the Oracle Schema version is not correct.

Select how you wan to proceed:
- I want to continue without using a directory service
- I want to verify directory service information and try again.

=======


I have searched for this in Oracle docs and apparently in OID 9, this wizard lets you to create the required schema, hence the documentation: http://download.oracle.com/docs/html/B10263_01/install.htm#1160409

For OID 11g however, this problem was related to out of the box configuration of OID in where "anonymous bind" is turned off by default

and guess what, Netca (and also netmgr) requires "anonymous bind" to be enabled.

The attribute is orclanonymousbindsflag, and default value is 2, changing it to 1 resolves this problem..

cn=OIDINSTANCENAME,cn=osdldapd,cn=subconfigsubentry


I misleadedly looked for this solution everywhere on the OID documentation, the solution was in one of the db documentations which is:
http://download.oracle.com/docs/cd/E11882_01/network.112/e10836/naming.htm#BABDHGIF

10 Mart 2010

ODIP bug with Custom plugin

If you are getting the following error while trying to run a beatiful custom plugin:

java.util.Vector cannot be cast to [B
at oracle.ldap.odip.web.DIPSyncBean.mapExecute(DIPSyncBean.java:1021)
at oracle.ldap.odip.web.DIPSyncBean.execMapping(DIPSyncBean.java:474)
at oracle.ldap.odip.web.DIPSyncBean.doOneIteration(DIPSyncBean.java:352)
at oracle.ldap.odip.web.DIPSync_2r3ocw_EOImpl.doOneIteration(DIPSync_2r3ocw_EOImpl.java:65)
at oracle.ldap.odip.web.SyncQuartzJobImpl.execute(SyncQuartzJobImpl.java:178)
at org.quartz.core.JobRunShell.run(JobRunShell.java:202)
at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:529)



please make sure that there is no space chars between attribute mapping parameters. it is a nasty odip bug


I got this error caused by the following disastrous configuration difference:

Does not work:
userPrincipalName: : :user:displayName: :inetorgperson: PLUGIN#MyPlugin(userPrincipalName)

and this works:
userPrincipalName: : :user:displayName: :inetorgperson:PLUGIN#MyPlugin(userPrincipalName)

Write Text to File with BufferedWriter

BufferedWriter bw = null;
try {
bw = new BufferedWriter(new FileWriter(PASSWORD_HISTORY_FILE,true));
bw.newLine();
bw.write(user);
}
catch(FileNotFoundException fnfe){
System.out.println("Can't open passwordHistory.txt");
}
catch(Exception e){
e.printStackTrace();
}finally {
//Close the BufferedWriter
try {
if (bw != null) {
bw.flush();
bw.close();
}
} catch (IOException ex) {
ex.printStackTrace();
}
}

Read Text from File with BufferedReader

StringBuffer dataline=new StringBuffer();
try {
BufferedReader br = new BufferedReader(new FileReader(FILE_PATH));

while(br.ready()) {
dataline.append(br.readLine()+";");
}
}
catch(FileNotFoundException fnfe){
System.out.println("Can't open file");
}
catch(Exception e){
e.printStackTrace();
}
String doc=new String(dataline);

08 Mart 2010

SLCIAF: Show Disk Usage of each folder in Linux

today on _simple linux commands i always forget_ series : 


Show Disk Usage of each folder in Linux

du -sh *


(I always forget this useful sob)

23 Şubat 2010

OID Password Policy

OID 10G is storing two default password policies.

1. Realm Specific:
cn=default,cn=pwdPolicies,cn=Common,cn=Products,cn=OracleContext,dc=example,dc=com

2. More general:
cn=default,cn=pwdPolicies,cn=Common,cn=Products,cn=OracleContext

22 Şubat 2010

Changing case with turkish locale

nls_initcap('YALÇIN','NLS_SORT = XTurkish')

16 Şubat 2010

Weblogic boot.properties

To avoid weblogic asking username-password for every server boot, create file boot.properties in /middleware/user_projects/domains/YourDomain/servers/YourServer/security

boot.properties file is like:

username=weblogic
password=weblogicpassword

15 Şubat 2010

Apache Directory Studio fails to show OID objects

If you suddenly start getting following error while browsing OID with ADS:

Error while reading entry
[LDAP: error code 53 - Attribute orclrevpwd can be searched only over a mutually authenticated SSL session.

and you did not mess with the "orclrevpwd" attribute at all, (or did not set orcldataprivacymode to 1) ;

try disabling "Show operational attributes" of Apache at:
Window > Preferences > Entry Editor.

01 Şubat 2010

FMW System Requirements and Specifications 11g

http://www.oracle.com/technology/software/products/ias/files/fusion_requirements.htm

26 Ocak 2010

ODIP Debug Levels

I was looking for the debug levels of Oracle Directory Integration Platform. Apparently it is not documented for 11G at integration guide, found it on 10G's.

add respective values and store in orclodipprofiledebuglevel attribute of the sync. profile

From Oracle® Identity Management Integration Guide 10g (10.1.4.2):
Table 4-3 Server Debugging Levels

Debugging Event Type __________________________ Numeric Value
Starting and stopping threads ............................. 1
Refreshing profiles ....................................... 2
Initialization, execution, and end details of connectors .. 4
Details during connector execution ........................ 8
Change record of the connector ............................ 16
Mapping details of the connector .......................... 32
Execution time details of the connector ................... 64

21 Ocak 2010

Where does OID store ODIP synchronization profiles

here:
cn=subscriber profile,cn=changelog subscriber,cn=oracle internet directory

not ın any fıle, on the directory itself. those sample property files (the ones in $ORACLE_HOME/ldap/odi/conf) are to export into this particular node - with manageSyncProfiles utility.

15 Ocak 2010

OIM Design Console fails to open up.

Had a rough week, my winxp crashed badly. Recovered all my tools back except the OIM design console. There was this stupid error made me to install DConsole several times. Apparently the reason was just about my regional settings. Get it to English and all resolved.


com.thortech.xl.dataaccess.tcDataSetException: Column 'W¦N_TYPE' not found
at com.thortech.xl.dataaccess.tcDataSet.getColumnIndex(Unknown Source)
at com.thortech.xl.dataaccess.tcDataSet.getString(Unknown Source)
at com.thortech.xl.client.base.tcfrmCarrierBase.LoadExplorer(Unknown Source)
at com.thortech.xl.client.base.tcfrmCarrierBase.attach(Unknown Source)
at com.thortech.xl.client.base.tcAppWindow.jbInit(Unknown Source)
at com.thortech.xl.client.base.tcAppWindow.(Unknown Source)
at com.thortech.xl.client.base.tcAppWindow.main(Unknown Source)