Community Tip - Have a PTC product question you need answered fast? Chances are someone has asked it before. Learn about the community search. X
Team
Who has tried to configure Security Labels?
The help page says that this rbinfo data type should be String:
WCTYPE|wt.access.SecurityLabeled~SCA|<SECURITY_LABEL>.dataType=java.lang.String
example:
WCTYPE|wt.access.SecurityLabeled~SCA|CORPORATE_PROPRIETARY.dataType=java.lang.String
The file in WC
src/wt/access/accessModelRB.rbInfo
contains this different type:
WCTYPE|wt.access.SecurityLabeled~SCA|ALL_SECURITY_LABELS.dataType=com.ptc.core.meta.common.AttributeTypeIdentifierSet
The help page says :
"Do not delete or alter the existing lines that begin with:
• WCTYPE|wt.access.SecurityLabeled~SCA|ALL_SECURITY_LABELS
Which type is correct?
I get an error in the log file:
8:22,232 ERROR [main] wt.access.configuration.SecurityLabelsHandler -
The SecurityLabelResourceKey 'WCTYPE|wt.access.SecurityLabeled~SCA|ALL_SECURITY_LABELS' is invalid. Please
verify that this value is of the form 'WCTYPE|wt.access.SecurityLabeled~SCA|ALL_SECURITY_LABELS',
and that this key is defined in the wt.access.accessModelRB resource bundle.
There is not much discussion of Security Labels here, I hope there is someone who can explain this problem.
thanks -- Rick
Solved! Go to Solution.
Team
Who has tried to configure Security Labels?
Domino: Everyone! Everyone on the helicopter! And everyone not on the helicopter!
There is an implementation guide for Security Labels.
Here are my files as an example
config/securityLabelsConfiguration.xml
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE SecurityLabelsConfiguration
SYSTEM "securityLabelsConfiguration.dtd">
<SecurityLabelsConfiguration enabled="true">
<SecurityLabel name="EXPORT_CONTROL" enabled="true">
<SecurityLabelResourceKey>WCTYPE|wt.access.SecurityLabeled~SCA|EXPORT_CONTROL</SecurityLabelResourceKey>
<SecurityLabelValueResourceClass>wt.access.configuration.SecurityLabel1</SecurityLabelValueResourceClass>
<SecurityLabelValue name="NO LICENSE REQUIRED-EAR99" enabled="true">
</SecurityLabelValue>
<SecurityLabelValue name="LICENSE REQUIRED-STATE(ITAR)" enabled="true">
</SecurityLabelValue>
<SecurityLabelValue name="LICENSE REQUIRED-COMMERCIAL(EAR)" enabled="true">
</SecurityLabelValue>
<SecurityLabelValue name="NO TECH DATA" enabled="true">
</SecurityLabelValue>
<SecurityLabelValue name="DO NOT EXPORT" enabled="false">
</SecurityLabelValue>
<!-- The SecurityLabelParameter element contains the parameter name used by other applications to map to this
particular security label. This element is optional. -->
<SecurityLabelParameter>EXPORT_CONTROL</SecurityLabelParameter>
</SecurityLabel>
</SecurityLabelsConfiguration>
LogicalAttributesSite.xml
<?xml version="1.0" standalone="no"?>
<!DOCTYPE LogicalAttributes SYSTEM "/com/ptc/core/meta/common/impl/LogicalAttributes.dtd" >
<!-- Site specific logical attributes. -->
<LogicalAttributes>
<Class name="wt.access.SecurityLabeled">
<Property>
<LogicalForm>EXPORT_CONTROL</LogicalForm>
<ExternalForm>SCA|EXPORT_CONTROL</ExternalForm>
</Property>
</Class>
</LogicalAttributes>
src/wt/access/accessModelRB.rbInfo (snippet at bottom, I just added this to the existing file from PTC)
WCTYPE|wt.access.SecurityLabeled~SCA|EXPORT_CONTROL.value=Export Control
WCTYPE|wt.access.SecurityLabeled~SCA|EXPORT_CONTROL.dataType=java.lang.String
WCTYPE|wt.access.SecurityLabeled~SCA|EXPORT_CONTROL.serverFunction=com.ptc.core.foundation.security.server.impl.SACFSecurityLabel
WCTYPE|wt.access.SecurityLabeled~SCA|EXPORT_CONTROL.serverFunction.arg1=PID{EXPORT_CONTROL}
WCTYPE|wt.access.SecurityLabeled~SCA|EXPORT_CONTROL.longDescription=The "Export Control" label indicates the object's level of export sensitivity.
src/wt/access/configuration/SecurityLabel1RB.rbInfo
ResourceInfo.class=wt.tools.resource.EnumResourceInfo
ResourceInfo.customizable=true
ResourceInfo.deprecated=false
# Entry Format (values equal to default value are not included)
# <key>.value=
# <key>.category=
# <key>.comment=
# <key>.argComment<n>=
# <key>.constant=
# <key>.customizable=
# <key>.deprecated=
# <key>.abbreviatedDisplay=
# <key>.fullDisplay=
# <key>.shortDescription=
# <key>.longDescription=
# <key>.order=
# <key>.defaultValue=
# <key>.selectable=
# Entry Contents
NULL.value=Unknown
NULL.shortDescription=Jurisidiction Undefined
NULL.longDescription=Export status of the selected business object is not known. Treat as Do Not Export.
# New Entries 11/7/2013 - For production, use values below.
NO LICENSE REQUIRED-EAR99.value=No License Required (EAR99)
NO LICENSE REQUIRED-EAR99.shortDescription=EAR99
NO LICENSE REQUIRED-EAR99.longDescription=Export of the selected business object does not require a license. EAR99
LICENSE REQUIRED-COMMERCIAL(EAR).value=License Required - Commercial (EAR)
LICENSE REQUIRED-COMMERCIAL(EAR).shortDescription=EAR
LICENSE REQUIRED-COMMERCIAL(EAR).longDescription=Export of the selected business object may require a commecial export license.
LICENSE REQUIRED-STATE(ITAR).value=License Required - State (ITAR)
LICENSE REQUIRED-STATE(ITAR).shortDescription=ITAR
LICENSE REQUIRED-STATE(ITAR).longDescription=Export of the selected business object requires a state export license.
NO TECH DATA.value=No Technical Data
NO TECH DATA.shortDescription=No export controlled technical data
NO TECH DATA.longDescription=This object does not contain any export controlled technical data
DO NOT EXPORT.value=Do No Export
DO NOT EXPORT.shortDescription=Do No Export
DO NOT EXPORT.longDescription=Export of the selected business object is not allowed.
DO NOT EXPORT.selectable=false
DO NOT EXPORT.deprecated=true
Finally, site.xconf setting:
<!--Security Label configuration - Required for Upgrade--><Property name="wt.services/svc/default/com.ptc.core.command.server.delegate.io.AbstractAttributeHandler/EXPORT_CONTROL/wt.access.SecurityLabeled/0"
overridable="true"
targetFile="codebase/com/ptc/core/foundation/FoundationAttributeHandler.properties"
value="com.ptc.core.command.server.delegate.io.SecurityLabelAttributeHandler/singleton"/>
Team
Who has tried to configure Security Labels?
Domino: Everyone! Everyone on the helicopter! And everyone not on the helicopter!
There is an implementation guide for Security Labels.
Here are my files as an example
config/securityLabelsConfiguration.xml
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE SecurityLabelsConfiguration
SYSTEM "securityLabelsConfiguration.dtd">
<SecurityLabelsConfiguration enabled="true">
<SecurityLabel name="EXPORT_CONTROL" enabled="true">
<SecurityLabelResourceKey>WCTYPE|wt.access.SecurityLabeled~SCA|EXPORT_CONTROL</SecurityLabelResourceKey>
<SecurityLabelValueResourceClass>wt.access.configuration.SecurityLabel1</SecurityLabelValueResourceClass>
<SecurityLabelValue name="NO LICENSE REQUIRED-EAR99" enabled="true">
</SecurityLabelValue>
<SecurityLabelValue name="LICENSE REQUIRED-STATE(ITAR)" enabled="true">
</SecurityLabelValue>
<SecurityLabelValue name="LICENSE REQUIRED-COMMERCIAL(EAR)" enabled="true">
</SecurityLabelValue>
<SecurityLabelValue name="NO TECH DATA" enabled="true">
</SecurityLabelValue>
<SecurityLabelValue name="DO NOT EXPORT" enabled="false">
</SecurityLabelValue>
<!-- The SecurityLabelParameter element contains the parameter name used by other applications to map to this
particular security label. This element is optional. -->
<SecurityLabelParameter>EXPORT_CONTROL</SecurityLabelParameter>
</SecurityLabel>
</SecurityLabelsConfiguration>
LogicalAttributesSite.xml
<?xml version="1.0" standalone="no"?>
<!DOCTYPE LogicalAttributes SYSTEM "/com/ptc/core/meta/common/impl/LogicalAttributes.dtd" >
<!-- Site specific logical attributes. -->
<LogicalAttributes>
<Class name="wt.access.SecurityLabeled">
<Property>
<LogicalForm>EXPORT_CONTROL</LogicalForm>
<ExternalForm>SCA|EXPORT_CONTROL</ExternalForm>
</Property>
</Class>
</LogicalAttributes>
src/wt/access/accessModelRB.rbInfo (snippet at bottom, I just added this to the existing file from PTC)
WCTYPE|wt.access.SecurityLabeled~SCA|EXPORT_CONTROL.value=Export Control
WCTYPE|wt.access.SecurityLabeled~SCA|EXPORT_CONTROL.dataType=java.lang.String
WCTYPE|wt.access.SecurityLabeled~SCA|EXPORT_CONTROL.serverFunction=com.ptc.core.foundation.security.server.impl.SACFSecurityLabel
WCTYPE|wt.access.SecurityLabeled~SCA|EXPORT_CONTROL.serverFunction.arg1=PID{EXPORT_CONTROL}
WCTYPE|wt.access.SecurityLabeled~SCA|EXPORT_CONTROL.longDescription=The "Export Control" label indicates the object's level of export sensitivity.
src/wt/access/configuration/SecurityLabel1RB.rbInfo
ResourceInfo.class=wt.tools.resource.EnumResourceInfo
ResourceInfo.customizable=true
ResourceInfo.deprecated=false
# Entry Format (values equal to default value are not included)
# <key>.value=
# <key>.category=
# <key>.comment=
# <key>.argComment<n>=
# <key>.constant=
# <key>.customizable=
# <key>.deprecated=
# <key>.abbreviatedDisplay=
# <key>.fullDisplay=
# <key>.shortDescription=
# <key>.longDescription=
# <key>.order=
# <key>.defaultValue=
# <key>.selectable=
# Entry Contents
NULL.value=Unknown
NULL.shortDescription=Jurisidiction Undefined
NULL.longDescription=Export status of the selected business object is not known. Treat as Do Not Export.
# New Entries 11/7/2013 - For production, use values below.
NO LICENSE REQUIRED-EAR99.value=No License Required (EAR99)
NO LICENSE REQUIRED-EAR99.shortDescription=EAR99
NO LICENSE REQUIRED-EAR99.longDescription=Export of the selected business object does not require a license. EAR99
LICENSE REQUIRED-COMMERCIAL(EAR).value=License Required - Commercial (EAR)
LICENSE REQUIRED-COMMERCIAL(EAR).shortDescription=EAR
LICENSE REQUIRED-COMMERCIAL(EAR).longDescription=Export of the selected business object may require a commecial export license.
LICENSE REQUIRED-STATE(ITAR).value=License Required - State (ITAR)
LICENSE REQUIRED-STATE(ITAR).shortDescription=ITAR
LICENSE REQUIRED-STATE(ITAR).longDescription=Export of the selected business object requires a state export license.
NO TECH DATA.value=No Technical Data
NO TECH DATA.shortDescription=No export controlled technical data
NO TECH DATA.longDescription=This object does not contain any export controlled technical data
DO NOT EXPORT.value=Do No Export
DO NOT EXPORT.shortDescription=Do No Export
DO NOT EXPORT.longDescription=Export of the selected business object is not allowed.
DO NOT EXPORT.selectable=false
DO NOT EXPORT.deprecated=true
Finally, site.xconf setting:
<!--Security Label configuration - Required for Upgrade--><Property name="wt.services/svc/default/com.ptc.core.command.server.delegate.io.AbstractAttributeHandler/EXPORT_CONTROL/wt.access.SecurityLabeled/0"
overridable="true"
targetFile="codebase/com/ptc/core/foundation/FoundationAttributeHandler.properties"
value="com.ptc.core.command.server.delegate.io.SecurityLabelAttributeHandler/singleton"/>
Thanks A.
Did you need to config codebase/com/ptc/core/security/access.dataUtilities.properties.xconf by any chance?
WC version 12.0.2.7
I am still having trouble with src/wt/access/accessModelRB.rbInfo
I configured it as you said.
On restart, the MethodServer log gives me:
2022-11-11 08:28:12,435 ERROR [main] wt.access.configuration.SecurityLabelsHandler - The SecurityLabelResourceKey 'WCTYPE|wt.access.SecurityLabeled~SCA|ALL_SECURITY_LABELS' is invalid. Please verify that this value is of the form 'WCTYPE|wt.access.SecurityLabeled~SCA|ALL_SECURITY_LABELS', and that this key is defined in the wt.access.accessModelRB resource bundle.
2022-11-11 08:28:12,439 ERROR [main] wt.access.configuration.SecurityLabelsHandler - The SecurityLabelResourceKey 'WCTYPE|wt.access.SecurityLabeled~SCA|ALL_STANDARD_SECURITY_LABELS' is invalid. Please verify that this value is of the form 'WCTYPE|wt.access.SecurityLabeled~SCA|ALL_STANDARD_SECURITY_LABELS', and that this key is defined in the wt.access.accessModelRB resource bundle.
2022-11-11 08:28:12,441 ERROR [main] wt.access.configuration.SecurityLabelsHandler - The SecurityLabelResourceKey 'WCTYPE|wt.access.SecurityLabeled~SCA|ALL_CUSTOM_SECURITY_LABELS' is invalid. Please verify that this value is of the form 'WCTYPE|wt.access.SecurityLabeled~SCA|ALL_CUSTOM_SECURITY_LABELS', and that this key is defined in the wt.access.accessModelRB resource bundle.
a few lines down in the log, the Method Server dies with stack traces
wt.util.WTInvalidParameterException: There are fatal syntax errors in the security labels configuration file. Please refer to the Method Server log file for details.
at wt.access.configuration.SecurityLabelsHandler.endDocument(SecurityLabelsHandler.java:797)
at org.apache.xerces.parsers.AbstractSAXParser.endDocument(Unknown Source)
at org.apache.xerces.impl.dtd.XMLDTDValidator.endDocument(Unknown Source)
at org.apache.xerces.impl.XMLDocumentScannerImpl.endEntity(Unknown Source)
at org.apache.xerces.impl.XMLEntityManager.endEntity(Unknown Source)
My extract was for 11 but I made no changes in 12 in my testing. Sounds as if you might have a type in your accessModelRB file. Care to share? You might want to rebuild from the source PTC files to remove any typos. You did rebuild resource bundles after you pushed into codebase right?
Hi A
You fixed my problem!
Same as you, I copied PTC's .rbinfo file into wtCustom then added a few lines for 'CORPORATE_PROPRIETARY' on the end. We also have accessModelRB_fr.rbInfo, created in the same way.
The error message was strange, showing the value which is clearly a duplicate of the expected value:
ERROR [main] wt.access.configuration.SecurityLabelsHandler - The SecurityLabelResourceKey 'WCTYPE|wt.access.SecurityLabeled~SCA|ALL_SECURITY_LABELS' is invalid. Please verify that this value is of the form 'WCTYPE|wt.access.SecurityLabeled~SCA|ALL_SECURITY_LABELS', and that this key is defined in the wt.access.accessModelRB resource bundle.
The xml config file seemed to be as simple as possible:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE SecurityLabelsConfiguration
SYSTEM "securityLabelsConfiguration.dtd">
<SecurityLabelsConfiguration enabled="true">
<SecurityLabel name="ALL_SECURITY_LABELS" enabled="true">
<SecurityLabelResourceKey>WCTYPE|wt.access.SecurityLabeled~SCA|ALL_SECURITY_LABELS</SecurityLabelResourceKey>
<SecurityLabelValueResourceClass>wt.access.configuration.SecurityLabel1</SecurityLabelValueResourceClass>
<SecurityLabelValue name="LNS" enabled="true" >
</SecurityLabelValue>
</SecurityLabel>
<SecurityLabel name="ALL_STANDARD_SECURITY_LABELS" enabled="true">
<SecurityLabelResourceKey>WCTYPE|wt.access.SecurityLabeled~SCA|ALL_STANDARD_SECURITY_LABELS</SecurityLabelResourceKey>
<SecurityLabelValueResourceClass>wt.access.configuration.SecurityLabel2</SecurityLabelValueResourceClass>
<SecurityLabelValue name="LNS" enabled="true" >
</SecurityLabelValue>
</SecurityLabel>
<SecurityLabel name="ALL_CUSTOM_SECURITY_LABELS" enabled="true">
<SecurityLabelResourceKey>WCTYPE|wt.access.SecurityLabeled~SCA|ALL_CUSTOM_SECURITY_LABELS</SecurityLabelResourceKey>
<SecurityLabelValueResourceClass>wt.access.configuration.SecurityLabel3</SecurityLabelValueResourceClass>
<SecurityLabelValue name="LNS" enabled="true" >
</SecurityLabelValue>
</SecurityLabel>
<SecurityLabel name="CORPORATE_PROPRIETARY" enabled="true">
<SecurityLabelResourceKey>WCTYPE|wt.access.SecurityLabeled~SCA|CORPORATE_PROPRIETARY</SecurityLabelResourceKey>
<SecurityLabelValueResourceClass>wt.access.configuration.SecurityLabel4</SecurityLabelValueResourceClass>
<SecurityLabelValue name="LNS" enabled="true" >
</SecurityLabelValue>
</SecurityLabel>
</SecurityLabelsConfiguration>
But your xml is simpler, and it works! I removed all but the 'CORPORATE_PROPRIETARY' and now the Method Server does not crash on startup.
Thanks -- Rick
One thing of note (that we ran into) in using files configured in 11.2, and we just reused all of the conf files in WC 12. When propagating from wtCustom, the files need to be newer than the files in the standard WC codebase, otherwise Windchill won't propagate from wtCustom.
We had to touch each of the rbinfo files to make the date newer. Not a huge deal, but I was racking my brain for a day on why it wasn't working in Windchill 12 🙂
Most issues I came across were spelling/syntax and order of operations related. The guide is pretty complete though (surprising for PTC documentation 🙂 ).