cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Showing results for 
Search instead for 
Did you mean: 

Community Tip - When posting, your subject should be specific and summarize your question. Here are some additional tips on asking a great question. X

Security Labels rbinfo data type

rleir
17-Peridot

Security Labels rbinfo data type

Team

Who has tried to configure Security Labels?

 

The help page says that this rbinfo data type should be String:


WCTYPE|wt.access.SecurityLabeled~SCA|<SECURITY_LABEL>.dataType=java.lang.String

example:

WCTYPE|wt.access.SecurityLabeled~SCA|CORPORATE_PROPRIETARY.dataType=java.lang.String

 

https://support.ptc.com/help/wnc/r12.0.0.0/en/index.html#page/Windchill_Help_Center%2FSecurityLabelConfigSLDefine.html%23


The file in WC

src/wt/access/accessModelRB.rbInfo

contains this different type:
WCTYPE|wt.access.SecurityLabeled~SCA|ALL_SECURITY_LABELS.dataType=com.ptc.core.meta.common.AttributeTypeIdentifierSet

 

The help page says :

"Do not delete or alter the existing lines that begin with:
• WCTYPE|wt.access.SecurityLabeled~SCA|ALL_SECURITY_LABELS


Which type is correct?

 

I get an error in the log file:

8:22,232 ERROR [main] wt.access.configuration.SecurityLabelsHandler -
The SecurityLabelResourceKey 'WCTYPE|wt.access.SecurityLabeled~SCA|ALL_SECURITY_LABELS' is invalid. Please
verify that this value is of the form 'WCTYPE|wt.access.SecurityLabeled~SCA|ALL_SECURITY_LABELS',
and that this key is defined in the wt.access.accessModelRB resource bundle.

 

There is not much discussion of Security Labels here, I hope there is someone who can explain this problem.

thanks -- Rick

1 ACCEPTED SOLUTION

Accepted Solutions
avillanueva
22-Sapphire I
(To:rleir)

Team

Who has tried to configure Security Labels?

Domino: Everyone! Everyone on the helicopter! And everyone not on the helicopter!

 

There is an implementation guide for Security Labels.

Here are my files as an example

config/securityLabelsConfiguration.xml

 

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE SecurityLabelsConfiguration
  SYSTEM "securityLabelsConfiguration.dtd">
<SecurityLabelsConfiguration enabled="true">
    <SecurityLabel name="EXPORT_CONTROL" enabled="true">
        <SecurityLabelResourceKey>WCTYPE|wt.access.SecurityLabeled~SCA|EXPORT_CONTROL</SecurityLabelResourceKey>
        <SecurityLabelValueResourceClass>wt.access.configuration.SecurityLabel1</SecurityLabelValueResourceClass>
        <SecurityLabelValue name="NO LICENSE REQUIRED-EAR99" enabled="true">       
        </SecurityLabelValue>
        <SecurityLabelValue name="LICENSE REQUIRED-STATE(ITAR)" enabled="true">
        </SecurityLabelValue>
        <SecurityLabelValue name="LICENSE REQUIRED-COMMERCIAL(EAR)" enabled="true">
        </SecurityLabelValue>
        <SecurityLabelValue name="NO TECH DATA" enabled="true">
        </SecurityLabelValue>
        <SecurityLabelValue name="DO NOT EXPORT" enabled="false">
        </SecurityLabelValue>
        <!-- The SecurityLabelParameter element contains the parameter name used by other applications to map to this
             particular security label.  This element is optional. -->
        <SecurityLabelParameter>EXPORT_CONTROL</SecurityLabelParameter>
    </SecurityLabel>
</SecurityLabelsConfiguration>

 

LogicalAttributesSite.xml

 

<?xml version="1.0" standalone="no"?>
<!DOCTYPE LogicalAttributes SYSTEM "/com/ptc/core/meta/common/impl/LogicalAttributes.dtd" >
<!-- Site specific logical attributes. -->
<LogicalAttributes>
	<Class name="wt.access.SecurityLabeled">
		<Property>
	   		<LogicalForm>EXPORT_CONTROL</LogicalForm>
	    		<ExternalForm>SCA|EXPORT_CONTROL</ExternalForm>
		</Property>
    	</Class>
</LogicalAttributes>

 

src/wt/access/accessModelRB.rbInfo (snippet at bottom, I just added this to the existing file from PTC)

 

WCTYPE|wt.access.SecurityLabeled~SCA|EXPORT_CONTROL.value=Export Control
WCTYPE|wt.access.SecurityLabeled~SCA|EXPORT_CONTROL.dataType=java.lang.String
WCTYPE|wt.access.SecurityLabeled~SCA|EXPORT_CONTROL.serverFunction=com.ptc.core.foundation.security.server.impl.SACFSecurityLabel
WCTYPE|wt.access.SecurityLabeled~SCA|EXPORT_CONTROL.serverFunction.arg1=PID{EXPORT_CONTROL}
WCTYPE|wt.access.SecurityLabeled~SCA|EXPORT_CONTROL.longDescription=The "Export Control" label indicates the object's level of export sensitivity.

 

  src/wt/access/configuration/SecurityLabel1RB.rbInfo

 

ResourceInfo.class=wt.tools.resource.EnumResourceInfo
ResourceInfo.customizable=true
ResourceInfo.deprecated=false


# Entry Format (values equal to default value are not included)
# <key>.value=
# <key>.category=
# <key>.comment=
# <key>.argComment<n>=
# <key>.constant=
# <key>.customizable=
# <key>.deprecated=
# <key>.abbreviatedDisplay=
# <key>.fullDisplay=
# <key>.shortDescription=
# <key>.longDescription=
# <key>.order=
# <key>.defaultValue=
# <key>.selectable=

# Entry Contents

NULL.value=Unknown
NULL.shortDescription=Jurisidiction Undefined
NULL.longDescription=Export status of the selected business object is not known. Treat as Do Not Export.

# New Entries 11/7/2013 - For production, use values below.

NO LICENSE REQUIRED-EAR99.value=No License Required (EAR99)
NO LICENSE REQUIRED-EAR99.shortDescription=EAR99
NO LICENSE REQUIRED-EAR99.longDescription=Export of the selected business object does not require a license. EAR99

LICENSE REQUIRED-COMMERCIAL(EAR).value=License Required - Commercial (EAR)
LICENSE REQUIRED-COMMERCIAL(EAR).shortDescription=EAR
LICENSE REQUIRED-COMMERCIAL(EAR).longDescription=Export of the selected business object may require a commecial export license.

LICENSE REQUIRED-STATE(ITAR).value=License Required - State (ITAR)
LICENSE REQUIRED-STATE(ITAR).shortDescription=ITAR
LICENSE REQUIRED-STATE(ITAR).longDescription=Export of the selected business object requires a state export license.

NO TECH DATA.value=No Technical Data
NO TECH DATA.shortDescription=No export controlled technical data
NO TECH DATA.longDescription=This object does not contain any export controlled technical data

DO NOT EXPORT.value=Do No Export
DO NOT EXPORT.shortDescription=Do No Export
DO NOT EXPORT.longDescription=Export of the selected business object is not allowed.
DO NOT EXPORT.selectable=false
DO NOT EXPORT.deprecated=true

 

 Finally, site.xconf setting:

 

<!--Security Label configuration - Required for Upgrade--><Property name="wt.services/svc/default/com.ptc.core.command.server.delegate.io.AbstractAttributeHandler/EXPORT_CONTROL/wt.access.SecurityLabeled/0"
overridable="true"
targetFile="codebase/com/ptc/core/foundation/FoundationAttributeHandler.properties"
value="com.ptc.core.command.server.delegate.io.SecurityLabelAttributeHandler/singleton"/>

 

View solution in original post

6 REPLIES 6
avillanueva
22-Sapphire I
(To:rleir)

Team

Who has tried to configure Security Labels?

Domino: Everyone! Everyone on the helicopter! And everyone not on the helicopter!

 

There is an implementation guide for Security Labels.

Here are my files as an example

config/securityLabelsConfiguration.xml

 

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE SecurityLabelsConfiguration
  SYSTEM "securityLabelsConfiguration.dtd">
<SecurityLabelsConfiguration enabled="true">
    <SecurityLabel name="EXPORT_CONTROL" enabled="true">
        <SecurityLabelResourceKey>WCTYPE|wt.access.SecurityLabeled~SCA|EXPORT_CONTROL</SecurityLabelResourceKey>
        <SecurityLabelValueResourceClass>wt.access.configuration.SecurityLabel1</SecurityLabelValueResourceClass>
        <SecurityLabelValue name="NO LICENSE REQUIRED-EAR99" enabled="true">       
        </SecurityLabelValue>
        <SecurityLabelValue name="LICENSE REQUIRED-STATE(ITAR)" enabled="true">
        </SecurityLabelValue>
        <SecurityLabelValue name="LICENSE REQUIRED-COMMERCIAL(EAR)" enabled="true">
        </SecurityLabelValue>
        <SecurityLabelValue name="NO TECH DATA" enabled="true">
        </SecurityLabelValue>
        <SecurityLabelValue name="DO NOT EXPORT" enabled="false">
        </SecurityLabelValue>
        <!-- The SecurityLabelParameter element contains the parameter name used by other applications to map to this
             particular security label.  This element is optional. -->
        <SecurityLabelParameter>EXPORT_CONTROL</SecurityLabelParameter>
    </SecurityLabel>
</SecurityLabelsConfiguration>

 

LogicalAttributesSite.xml

 

<?xml version="1.0" standalone="no"?>
<!DOCTYPE LogicalAttributes SYSTEM "/com/ptc/core/meta/common/impl/LogicalAttributes.dtd" >
<!-- Site specific logical attributes. -->
<LogicalAttributes>
	<Class name="wt.access.SecurityLabeled">
		<Property>
	   		<LogicalForm>EXPORT_CONTROL</LogicalForm>
	    		<ExternalForm>SCA|EXPORT_CONTROL</ExternalForm>
		</Property>
    	</Class>
</LogicalAttributes>

 

src/wt/access/accessModelRB.rbInfo (snippet at bottom, I just added this to the existing file from PTC)

 

WCTYPE|wt.access.SecurityLabeled~SCA|EXPORT_CONTROL.value=Export Control
WCTYPE|wt.access.SecurityLabeled~SCA|EXPORT_CONTROL.dataType=java.lang.String
WCTYPE|wt.access.SecurityLabeled~SCA|EXPORT_CONTROL.serverFunction=com.ptc.core.foundation.security.server.impl.SACFSecurityLabel
WCTYPE|wt.access.SecurityLabeled~SCA|EXPORT_CONTROL.serverFunction.arg1=PID{EXPORT_CONTROL}
WCTYPE|wt.access.SecurityLabeled~SCA|EXPORT_CONTROL.longDescription=The "Export Control" label indicates the object's level of export sensitivity.

 

  src/wt/access/configuration/SecurityLabel1RB.rbInfo

 

ResourceInfo.class=wt.tools.resource.EnumResourceInfo
ResourceInfo.customizable=true
ResourceInfo.deprecated=false


# Entry Format (values equal to default value are not included)
# <key>.value=
# <key>.category=
# <key>.comment=
# <key>.argComment<n>=
# <key>.constant=
# <key>.customizable=
# <key>.deprecated=
# <key>.abbreviatedDisplay=
# <key>.fullDisplay=
# <key>.shortDescription=
# <key>.longDescription=
# <key>.order=
# <key>.defaultValue=
# <key>.selectable=

# Entry Contents

NULL.value=Unknown
NULL.shortDescription=Jurisidiction Undefined
NULL.longDescription=Export status of the selected business object is not known. Treat as Do Not Export.

# New Entries 11/7/2013 - For production, use values below.

NO LICENSE REQUIRED-EAR99.value=No License Required (EAR99)
NO LICENSE REQUIRED-EAR99.shortDescription=EAR99
NO LICENSE REQUIRED-EAR99.longDescription=Export of the selected business object does not require a license. EAR99

LICENSE REQUIRED-COMMERCIAL(EAR).value=License Required - Commercial (EAR)
LICENSE REQUIRED-COMMERCIAL(EAR).shortDescription=EAR
LICENSE REQUIRED-COMMERCIAL(EAR).longDescription=Export of the selected business object may require a commecial export license.

LICENSE REQUIRED-STATE(ITAR).value=License Required - State (ITAR)
LICENSE REQUIRED-STATE(ITAR).shortDescription=ITAR
LICENSE REQUIRED-STATE(ITAR).longDescription=Export of the selected business object requires a state export license.

NO TECH DATA.value=No Technical Data
NO TECH DATA.shortDescription=No export controlled technical data
NO TECH DATA.longDescription=This object does not contain any export controlled technical data

DO NOT EXPORT.value=Do No Export
DO NOT EXPORT.shortDescription=Do No Export
DO NOT EXPORT.longDescription=Export of the selected business object is not allowed.
DO NOT EXPORT.selectable=false
DO NOT EXPORT.deprecated=true

 

 Finally, site.xconf setting:

 

<!--Security Label configuration - Required for Upgrade--><Property name="wt.services/svc/default/com.ptc.core.command.server.delegate.io.AbstractAttributeHandler/EXPORT_CONTROL/wt.access.SecurityLabeled/0"
overridable="true"
targetFile="codebase/com/ptc/core/foundation/FoundationAttributeHandler.properties"
value="com.ptc.core.command.server.delegate.io.SecurityLabelAttributeHandler/singleton"/>

 

rleir
17-Peridot
(To:avillanueva)

Thanks A.

Did you need to config  codebase/com/ptc/core/security/access.dataUtilities.properties.xconf by any chance? 

WC version 12.0.2.7

I am still having trouble with src/wt/access/accessModelRB.rbInfo

I configured it as you said.

On restart, the MethodServer log gives me:

 

2022-11-11 08:28:12,435 ERROR [main] wt.access.configuration.SecurityLabelsHandler - The SecurityLabelResourceKey 'WCTYPE|wt.access.SecurityLabeled~SCA|ALL_SECURITY_LABELS' is invalid. Please verify that this value is of the form 'WCTYPE|wt.access.SecurityLabeled~SCA|ALL_SECURITY_LABELS', and that this key is defined in the wt.access.accessModelRB resource bundle.
2022-11-11 08:28:12,439 ERROR [main] wt.access.configuration.SecurityLabelsHandler - The SecurityLabelResourceKey 'WCTYPE|wt.access.SecurityLabeled~SCA|ALL_STANDARD_SECURITY_LABELS' is invalid. Please verify that this value is of the form 'WCTYPE|wt.access.SecurityLabeled~SCA|ALL_STANDARD_SECURITY_LABELS', and that this key is defined in the wt.access.accessModelRB resource bundle.
2022-11-11 08:28:12,441 ERROR [main] wt.access.configuration.SecurityLabelsHandler - The SecurityLabelResourceKey 'WCTYPE|wt.access.SecurityLabeled~SCA|ALL_CUSTOM_SECURITY_LABELS' is invalid. Please verify that this value is of the form 'WCTYPE|wt.access.SecurityLabeled~SCA|ALL_CUSTOM_SECURITY_LABELS', and that this key is defined in the wt.access.accessModelRB resource bundle.

 

 

a few lines down in the log, the Method Server dies with stack traces

 

wt.util.WTInvalidParameterException: There are fatal syntax errors in the security labels configuration file.  Please refer to the Method Server log file for details.
        at wt.access.configuration.SecurityLabelsHandler.endDocument(SecurityLabelsHandler.java:797)
        at org.apache.xerces.parsers.AbstractSAXParser.endDocument(Unknown Source)
        at org.apache.xerces.impl.dtd.XMLDTDValidator.endDocument(Unknown Source)
        at org.apache.xerces.impl.XMLDocumentScannerImpl.endEntity(Unknown Source)
        at org.apache.xerces.impl.XMLEntityManager.endEntity(Unknown Source)
 

 

 

 

avillanueva
22-Sapphire I
(To:rleir)

My extract was for 11 but I made no changes in 12 in my testing. Sounds as if you might have a type in your accessModelRB file. Care to share?  You might want to rebuild from the source PTC files to remove any typos.  You did rebuild resource bundles after you pushed into codebase right?

rleir
17-Peridot
(To:avillanueva)

Hi A

You fixed my problem! 

 

Same as you, I copied PTC's .rbinfo file into wtCustom then added a few lines for 'CORPORATE_PROPRIETARY' on the end.  We also have accessModelRB_fr.rbInfo, created in the same way.

 

The error message was strange, showing the value which is clearly a duplicate of the expected value:

 

 ERROR [main] wt.access.configuration.SecurityLabelsHandler  - The SecurityLabelResourceKey 'WCTYPE|wt.access.SecurityLabeled~SCA|ALL_SECURITY_LABELS' is invalid.  Please verify that this value is of the form 'WCTYPE|wt.access.SecurityLabeled~SCA|ALL_SECURITY_LABELS', and that this key is defined in the wt.access.accessModelRB resource bundle.

The xml config file seemed to be as simple as possible:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE SecurityLabelsConfiguration
  SYSTEM "securityLabelsConfiguration.dtd">
<SecurityLabelsConfiguration enabled="true">
   <SecurityLabel name="ALL_SECURITY_LABELS" enabled="true">
      <SecurityLabelResourceKey>WCTYPE|wt.access.SecurityLabeled~SCA|ALL_SECURITY_LABELS</SecurityLabelResourceKey>
      <SecurityLabelValueResourceClass>wt.access.configuration.SecurityLabel1</SecurityLabelValueResourceClass>
      <SecurityLabelValue name="LNS" enabled="true" >
      </SecurityLabelValue>
   </SecurityLabel>

   <SecurityLabel name="ALL_STANDARD_SECURITY_LABELS" enabled="true">
      <SecurityLabelResourceKey>WCTYPE|wt.access.SecurityLabeled~SCA|ALL_STANDARD_SECURITY_LABELS</SecurityLabelResourceKey>
      <SecurityLabelValueResourceClass>wt.access.configuration.SecurityLabel2</SecurityLabelValueResourceClass>
      <SecurityLabelValue name="LNS" enabled="true" >
      </SecurityLabelValue>
   </SecurityLabel>

   <SecurityLabel name="ALL_CUSTOM_SECURITY_LABELS" enabled="true">
      <SecurityLabelResourceKey>WCTYPE|wt.access.SecurityLabeled~SCA|ALL_CUSTOM_SECURITY_LABELS</SecurityLabelResourceKey>
      <SecurityLabelValueResourceClass>wt.access.configuration.SecurityLabel3</SecurityLabelValueResourceClass>
      <SecurityLabelValue name="LNS" enabled="true" >
      </SecurityLabelValue>
   </SecurityLabel>

   <SecurityLabel name="CORPORATE_PROPRIETARY" enabled="true">
      <SecurityLabelResourceKey>WCTYPE|wt.access.SecurityLabeled~SCA|CORPORATE_PROPRIETARY</SecurityLabelResourceKey>
      <SecurityLabelValueResourceClass>wt.access.configuration.SecurityLabel4</SecurityLabelValueResourceClass>
      <SecurityLabelValue name="LNS" enabled="true" >
      </SecurityLabelValue>
   </SecurityLabel>
</SecurityLabelsConfiguration>

But your xml is simpler, and it works! I removed all but the 'CORPORATE_PROPRIETARY' and now the Method Server does not crash on startup.

Thanks -- Rick

 

avillanueva
22-Sapphire I
(To:rleir)

Glad I can help. Check out NASA presentation from PTC User. They implemented CUI with security labels.

One thing of note (that we ran into) in using files configured in 11.2, and we just reused all of the conf files in WC 12.  When propagating from wtCustom, the files need to be newer than the files in the standard WC codebase, otherwise Windchill won't propagate from wtCustom.

 

We had to touch each of the rbinfo files  to make the date newer.  Not a huge deal, but I was racking my brain for a day on why it wasn't working in Windchill 12 🙂

 

Most issues I came across were spelling/syntax and order of operations related.  The guide is pretty complete though (surprising for PTC documentation 🙂 ).

 

 

Top Tags