I have a custom object having lookup to opportunity.

There are 2 records in this custom object for a given opportunity A.

My query on custom object is to select all fields with only codition that is based on opportunity id

Select ................. From .......... c where Opportunity__c =: oppId

The query does return 2 records, which is correct.

But what's confusing is, the 2 records returned by query are having SAME information, DESPITE that fact that in database both the records have same value.

Further confusing is the fact that when I print the list that I get from query, the Ids of records are different BUT values are same.

Is this Summer 12 bug?

Hi All,

Thanks for looking at this issue.

I am approving opportunities from a trigger as:

Approval.ProcessWorkitemRequest req = new Approval.ProcessWorkitemRequest();
req.setComments('Approving request using Trigger');
req.setAction('Approve');
ProcessInstanceWorkitem workItem = [Select p.Id from ProcessInstanceWorkitem p where p.ProcessInstance.TargetObjectId =: opp.Id];
Id workItemId = workItem.Id;
req.setWorkitemId(workItemId);
Approval.ProcessResult result1 =  Approval.process(req);

I have some final approval actions set on opportunity approval process.

But these actions are not executed whe opportunities are approved from triger.

Any thoughts?

Thanks,

Bakul

Hi,

SFDC security has found 2 issues in my managed package, where I need some inputs.

1. My first security issue is "Authentication Vulnerability", the webservice that is being called from SFDC is not authenticated. (External WebService does not require authentication). However, our managed package code does pass username and token which are authenticated in the .Net web service we have built. What other authentication is required?

2. "Insecure Storage of Sensitive Data Vulnerability". We store a lot of data in file that came from SFDC. Does that mean, we need to encrypt all those data? What if the data is to be consumed by user manually? As such, SFDC report talks about Storing Secrets, which means to me that it is asking about securing the storage of token that is authenticated. We are already creating hash of token and storing it in database. What else we should do?

Thanks for your comments.

Bakul

Hi,

My client has a professional edition of SFDC and they wanted a feature that needed apex development.

I developed that feature on my dev instance and would like to deploy to my client's instance. But it does not allow me to deploy. I understand the reason very well that PE and below do not allow Apex code.

Can somebody tell me what options I have to deploy the apex code into Professional edition of my client?

Thanks,

Bakul

Hi,

I have created a managed package and I am calling an external service from that managed package.

1. The external serivce is hosted on a dedicated server

2. Anybody installing my app will be calling that service on that dedicated server. Salesforce orgs installing my package won't have to buy server where they host the external serivce, because it is provided by us. So, every sfdc instance uses same server.

3. During security review SFDC says that there is no authentication when calling service.

4. My scenario is that I don't need authentication. Whoever installs my app, should be able to call our service.

Even though, if I have to implement authentication on my service, how do I authenticate sfdc users? Do I need to first ask them to become user in a database which would be used by external service to authenticate users? Is this how famous applications (like conga, echosign etc) authenticate users?

Thanks,

Bakul

Has anybody develoeped Chatter REST API client?

I am actually trying to understand how to get OAuth access token.

Do I need to have an HTTPS website in order to specify a redirect URL where I can get access token?

I am developing a client application that may be used by many different SFDC orgs, in that case I have to manually generate OAuth for every SFDC org and setup the access token in the application?

How can I automate the process of getting OAuth token?

My client applicaiton is headless (no GUI).

Thanks,

Bakul

From reading the documenation about chatter, I am understanding that every post on chatter is a record on FeedItem.

Does it mean the record feeds are also a record in FeedItem?

If yes, then what is the purpose of duplicating the data in FeedItem and record feed (like AccountFeed).

If no, then can somebody tell me which feeds would be available in FeedItem and which feeds would be available in record feed objects?

Thanks,

Bakul

Hi,

I would like to call a webserivce when my app is installed by anybody.

Is there any event that I can listen to in order to do this?

I also read following on AppExchange app guide:

If you register your app's package you'll receive a license record each time a customer installs your app.

Can I write some logic on this event? I mean when I recieve a license record when somebody installs my app?

Thanks,

Bakul

Hi,

I am creating an AccountShare object.

I am logged in as System Administrator while doing so.

But still I am getting following error : INSUFFICIENT_ACCESS_ON_CROSS_REFERENCE_ENTITY insufficient access rights on cross-reference id: []:

Any suggestion what might be wrong?

I am not able to see share object for my custom objects.

Am I missing any setting?

Hi,

I am writing a java client that downloads images from Saelsforce attachment object.

I see that the query is building correctly, but still the query results does not give me all attachments in result.

As an example, my query is : Select a.Name, a.ParentId, a.ContentType, a.Body From Attachment a where a.ParentId in ('001M0000002sV43IAE','001M0000002sV2OIAU') order by createddate asc

Here I get attachment only for the first id in query. It does not return me attachment object for 2nd id in query.

If I change the order to ids, I still get attachment associated with 1st id only.

Second id related attachment is always ignored and does not get downloaded as part of query result.

Has anybody faced this issue, is there any hint to solve this problem?

I have one more question.

Can we also store .swf files in attachment? Flash animations.

Thanks,

Bakul

Hi All,

Thanks for looking at this issue.

I am approving opportunities from a trigger as:

Approval.ProcessWorkitemRequest req = new Approval.ProcessWorkitemRequest();
req.setComments('Approving request using Trigger');
req.setAction('Approve');
ProcessInstanceWorkitem workItem = [Select p.Id from ProcessInstanceWorkitem p where p.ProcessInstance.TargetObjectId =: opp.Id];
Id workItemId = workItem.Id;
req.setWorkitemId(workItemId);
Approval.ProcessResult result1 =  Approval.process(req);

I have some final approval actions set on opportunity approval process.

But these actions are not executed whe opportunities are approved from triger.

Any thoughts?

Thanks,

Bakul

From reading the documenation about chatter, I am understanding that every post on chatter is a record on FeedItem.

Does it mean the record feeds are also a record in FeedItem?

If yes, then what is the purpose of duplicating the data in FeedItem and record feed (like AccountFeed).

If no, then can somebody tell me which feeds would be available in FeedItem and which feeds would be available in record feed objects?

Thanks,

Bakul

HI,

The requirement is authentication between webservice and salesforce. 

I have created webservice in .net which is import and export data in excel sheet.

i have built one page which has list of salesforce user in .net, it will display in salesforce(for that i used web tab).

if administrator select one of user from the list and save it.it will save userId,Username and new generated security token in sql server and update that security token in according user record in salesforce. 

when salesforce user request the webservice it will check with username and token.whether this user has permission or not and preceed further.

I am getting this issue, when i request webservice from salesforce.

Insecure Storage of Sensitive Data Vulnerability

If your application copies and stores sensitive data that originated at salesforce.com, you should take extra precaution. Salesforce.com takes threats to data that originated at their site very seriously, and a data breach or loss could jeopardize your relationship with salesforce.com if you are a partner.

If you must store passwords (including non-Salesforce passwords), note that storing them in plaintext or hashed (such as with the MD5 function) makes your application vulnerable to mass user exploitation if an attacker can get access (even just read-only access) to your database (such as through stealing a backup tape or SQL injection). Although a successful SQL injection or data exposure attack is a huge problem in itself, if the attacker can recover passwords from the data, they cantransparently compromise user accounts on a mass scale.

My question is,

if i convert username and token before saving into the sql server, it will solve my problem..?

i would like to inform that, i am using lead data in webservice..

This data also i want to convert it into the mdf before import or export in excel sheet..?

Please help me, to solved this issue.

Thanks & Regards,

Nilesh Badrakiya

Hi,

I have created a managed package and I am calling an external service from that managed package.

1. The external serivce is hosted on a dedicated server

2. Anybody installing my app will be calling that service on that dedicated server. Salesforce orgs installing my package won't have to buy server where they host the external serivce, because it is provided by us. So, every sfdc instance uses same server.

3. During security review SFDC says that there is no authentication when calling service.

4. My scenario is that I don't need authentication. Whoever installs my app, should be able to call our service.

Even though, if I have to implement authentication on my service, how do I authenticate sfdc users? Do I need to first ask them to become user in a database which would be used by external service to authenticate users? Is this how famous applications (like conga, echosign etc) authenticate users?

Thanks,

Bakul

Has anybody develoeped Chatter REST API client?

I am actually trying to understand how to get OAuth access token.

Do I need to have an HTTPS website in order to specify a redirect URL where I can get access token?

I am developing a client application that may be used by many different SFDC orgs, in that case I have to manually generate OAuth for every SFDC org and setup the access token in the application?

How can I automate the process of getting OAuth token?

My client applicaiton is headless (no GUI).

Thanks,

Bakul

From reading the documenation about chatter, I am understanding that every post on chatter is a record on FeedItem.

Does it mean the record feeds are also a record in FeedItem?

If yes, then what is the purpose of duplicating the data in FeedItem and record feed (like AccountFeed).

If no, then can somebody tell me which feeds would be available in FeedItem and which feeds would be available in record feed objects?

Thanks,

Bakul

Hi, I am trying to get the access token in Java and following the instructions on http://www.salesforce.com/us/developer/docs/chatterapi/index.htm
But I continuously get this error:

{"error":"unsupported_grant_type","error_description":"grant type not supported"}

My codes are here:

package admin;

import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;

import org.apache.http.HttpEntity;
import org.apache.http.HttpResponse;
import org.apache.http.client.ClientProtocolException;
import org.apache.http.client.HttpClient;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.impl.client.DefaultHttpClient;
import org.json.simple.JSONObject;
import org.json.simple.JSONValue;

import com.google.gson.Gson;

public class REST
{
String authURL = "https://login.salesforce.com/services/oauth2/authorize";
String tokenURL = "https://na14.salesforce.com/services/oauth2/token";
public static void main(String[] args) throws ClientProtocolException, IOException
{
REST rest = new REST();
}

public REST() throws ClientProtocolException, IOException
{
HttpClient httpclient = new DefaultHttpClient();
HttpPost post = new HttpPost(tokenURL);
post.getParams().setParameter("client_id", "3MVG9rFJvQRVOvk6sl7xMXtrbyQb2XUv2vprLKWv0uxBLKFzNqtHJG6cmzuemPYDB3hPwqXsBlw0BGQPkb81P");
post.getParams().setParameter("client_secret", "4864720658246552438");
post.getParams().setParameter("grant_type", "password");
post.getParams().setParameter("username", "XXXX");
post.getParams().setParameter("password", "XXXX");
post.getParams().setParameter("redirect_uri", "https://login.salesforce.com/services/oauth2/success");
HttpResponse response = httpclient.execute(post);
JSONObject json = (JSONObject) JSONValue.parse(new InputStreamReader (response.getEntity().getContent()));
System.out.println(json);
}
}

I am following the guidelines from the Chatter guide and somehow I can't get the OAuth to work. 

It's not working from Java or curl.   Here is what I am doing:

mike$ curl --form client_id=3MVG9yZ.WNe6bxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxu5AjB4oT9kxi8SEhY --form client_secret=26542xxxxxxxxxxx78  --form grant_type=password --form username=xxxxxxxx@gmail.com --form password=xxxxxxx https://na11.salesforce.com/services/oauth2/token

What I am getting is:

{"error":"invalid_grant","error_description":"authentication failure - Invalid Password"}

I double checked and I am getting into na11 with the right password.  Is there anything else I need to do?

Here are the settings in my remote access:







No user approval required for users in this organization

I have a interface Z with two methods, Class A and class B implements that interface Z,

I have one more class C which instantiates objects of class A and class B

Also, in class A and B there is a future callout respectively

Now in trigger T, I create an object of class C and an instance of interface Z. where it calls a method of class C and also pass instance of interface Z as a parameter of that method.

Now when compiling all of them together, i get 'Dependent class is invalid and needs recompilation'. so in outbound change set,

I have to explicitly sequence them and deploy accordingly.

Like say, I created 4 outbound change set, one for Z,  other for A and B, another for C and another for Z, to avoid the above error

Is this the correct approach.

Is it that the dependant files need to go in different outbound change set, so that they can be compiled separately, and there is no dependency issue.

In the sandbox environment, the code works as expected.

We want to add some custom screens into the standard AppExchange app installation process and modify some existing ones. Is there a way to do this ? Please shed some light on this..

Thanks,

-Aditya

Hi,

I am creating an AccountShare object.

I am logged in as System Administrator while doing so.

But still I am getting following error : INSUFFICIENT_ACCESS_ON_CROSS_REFERENCE_ENTITY insufficient access rights on cross-reference id: []:

Any suggestion what might be wrong?

Hi,

I am writing a java client that downloads images from Saelsforce attachment object.

I see that the query is building correctly, but still the query results does not give me all attachments in result.

As an example, my query is : Select a.Name, a.ParentId, a.ContentType, a.Body From Attachment a where a.ParentId in ('001M0000002sV43IAE','001M0000002sV2OIAU') order by createddate asc

Here I get attachment only for the first id in query. It does not return me attachment object for 2nd id in query.

If I change the order to ids, I still get attachment associated with 1st id only.

Second id related attachment is always ignored and does not get downloaded as part of query result.

Has anybody faced this issue, is there any hint to solve this problem?

I have one more question.

Can we also store .swf files in attachment? Flash animations.

Thanks,

Bakul

public class BusTicketExtension { private final BusTicket__c BusTicket; public BusTicketExtension (ApexPages.StandardController stdController) { this.BusTicket = (BusTicket__c)stdController.getRecord(); } public PageReference save() { insert(BusTicket); PageReference p = Page.NewSystemTicket; p.getParameters().put('msg','Thank you for submitting your ticket, someone will get back to you soon.'); p.setRedirect(true); return p; } public static testMethod void testBusTicketExtension() { PageReference pageRef = Page.NewSystemTicket; Test.setCurrentPage(pageRef); BusTicket__c bt = new BusTicket__c(system__c='Salesforce.com',category__c='access',title__c='MyTest'); ApexPages.StandardController btc = new ApexPages.Standardcontroller(bt); BusTicketExtension controller = new BusTicketExtension(btc); String nextPage = controller.save().getUrl(); System.assertEquals('/apex/newsystemticket?msg=Thank+you+for+submitting+your+ticket%2C+someone+will+get+back+to+you+soon.',nextPage); BusTicket__c t=[SELECT system__c FROM BusTicket__c WHERE createdDate = TODAY and title__c = 'MyTest' ]; System.assertEquals('Salesforce.com',t.system__c); } }

 I'm not really worried about the validity of the test, since the only reason I wrote the code was to support public submission to the custom object.  I've also written a VF page that's referenced in the above controller, so I can just ship them back to the input page with a message thanking them for their submission.

I have tried every different way I know of to deploy this code from a sandbox to production.  In my IDE AND in the sandbox org, running tests on the class pass with 100% test coverage.

I've tried running Deploy to server in the IDE

I've tried creating a Change Set.

Thanks in advance if anyone sees anything I'm missing.

Barry