Hi there,I am thinking about creating a Java project that requires some authentification routines.Users (which are given a unique user ID) are employing a client software (Java) that retrieves specific data from a webserver (available ressources HTML, SSI, PHP, .htaccess).A user should be able ...

I use -Djava.security.Manager when running the test app and then call:java.lang.SecurityManager sm = System.getSecurityManager();System.out.println(sm == null); It always prints true! Why? How do I make the SecurityManager not null? ...

Hi,We are using both ADO and JDBC to connect to an Oracle database and my job is to make sure that the connect password that travels to the Oracle database is encrypted and not traveling in clear text. How do I encrypt this password before sending to the Oracle database? I think Oracle looks in ...

Hi,I want to use j_security_check but i have a few problems. I have the following in my web.xml <security-constraint><web-resource-collection><web-resource-name>All JSP direct ...

I am having trouble using a keystore whose entries have passwords that are different from both each other, and the keystore itself. I have managed to get this (differing storepass, and keypass) working for the case of a single entry, but this case is pointless since it is the same as having a ...

Hello,I'm working on SOA application. It has couple of components using Web Services for communication. I use stateless EJB 3.0 with @WebService annotation.Now I have 2 problems with authorization:1, In order to provide authorization check I have to pack User ID (Subject of operation) into all WS ...

I wonder why this is so:Given the following simple applet code running as untrusted:import java.applet.*;import java.awt.*;public class testVersion extends Applet { public void init() {try {this.add( new Label( "Version: "+System.getProperty( "java.runtime.version" ) ) );}catch ...

I am trying to develop my first web application.For authentication and authorization, I choose JAAS and followed this guide http://www.mooreds.com/jaas.htmlI am also using Struts as my MVC. I am having trouble implementing authorization, though. As far as I've learned, the application can have ...

hi guys, i want to validate an account in windows 2000 to logon in a application that i'm developing in struts+spring+hibernate. is JAAS the best solution to it? i just need to validate if the account owner is really the guy that is loged on.i think i need to know a way to get the windows ...

Hi everyone:I use JOSSO to make my site "single sing-on"... I found there is some problem in my configuration:JOSSO_SESSIONID which is made by JOSSO gateway is has a scope "/passport" (passport is the context of my web application), the constructrue of my web is ...

Hello,I want to store a secret key generated like this for exampleKeyGenerator keyGenerator = KeyGenerator.getInstance("AES");keyGenerator.init(128);SecretKey myKey = keyGenerator.generateKey();KeyStore.SecretKeyEntry skey = new KeyStore.SecretKeyEntry(myKey);in a Java KeyStore. This key should ...

I think this is a simple question on grant statements and the default security manager, but I'm missing something obvious:1) If I have a class PrintHomepublic class PrintHome {public static void main(String[] argv) {System.out.println(System.getProperty("user.home"));}}residing in ...

I am using JAAS with JDK 1.4In my login page, if I enter a user name in East Asian characters, or other non-regular letters, like ? and when I debug my code:Callback[] callbacks = new Callback[] { new NameCallback("Username: "), new PasswordCallback("Password: ", false) ...

Hi everybody,is there any common way to retrieve authenticated user subject?For example, Tomcat/JBoss store it in "javax.security.auth.subject" session attribute after successful authentication, but WebSphere does not.Stricktly speaking LoginModule cannot access session or application context ...

Hi All,I require some information on creating self-signed certificate using java packages. The java.security.cert.* package allows you to read Certificates from an existing store or a file etc. but there is no way to generate one afresh. See CertificateFactory and Certificate classes. Even ...

I have written an applet that basically provides users to check stuff in and out of a library. I have created methods to log who checks in when, and their activity. These methods work fine running locally, but once I release them to the network, I run into security issues. I am not very ...

I am creating a policy file for JBOSS and I want to define a grant entry for a particular JAR file. However, we are deploying all our applications in WAR files, and JBOSS explodes them in its internal temporary directory strcture. So, I will not know the exact location of the JAR. Is there ...

i am developng a web application which will authenticate user by username & password which type of authentication i should use & where i will find more about this

One of our clients would like to Single Sign on into our domain application ( running on Tomcat 5.0 on Redhat Linux ). They seem to be having SUN ONE Identity Server or Access Manager on their side with SAML 1.1 compatibility. My questions are:1. What are the products we will have to install on ...

I'm tring to put my jaas.config file in my application's jar that is downloaded through webstart because I don't want to have the file on the server anymore.I keep getting a security exception saying it cannot locate the file. What is the correct syntax to specify that the jaas config file ...

Hi all!I have to develop an ssl client application which has only access to certificate files, so I would like to create a KeyStore dinamically and set this keystore as a truststore instead of setting the path of the file containing the keystore to the system property javax.net.ssl.trustStore, ...

Hi all,i need to get certificates from MSCertStore from JSP Application or Applet... thankz for answers...

There are two classes DesEncrypter.java This is used for encryption and decryption of data files.EncDecData.java This class contains main method and has two methods for encryption and decryption f file.The process is as follows:- I take the text file name as input (command line). I found the ...

We are designing a client server system, and we are running into a single sign on problem.Basically, a client's requests are served by many sockets, although the client doesn't know its requests are served by multiple sockets. For every socket, the user identity has to be authenticated via ...

If any one knows is it possible to retrieve a serial number from a hardware piece in JAVA ? I need to use it for security issues in my stand alone application, Thanx

When i looked at the ant 1.6.5 manual,i found some permission method to grant or revoke special permission for ant application(reference by http://ant.apache.org/manual/CoreTypes/permissions.html).So i wrote a sample ant build file to exam it!This build file is made to check whether it is ...

Any bady know the internal structure of a file, in what byte begin the digital sign?How I can know where begin a digital sign into a file(talk about bytes)....Thanks...

I have been banging my head on my desk for a few days now, trying to understand what is needed in order to implement Kerberos authentication from a JAAS LoginModule to ActiveDirectory. I can't use the Krb5LoginModule, so I've started writing my own LoginModule. I've got a basic JNDI lookup ...

I'm trying to design a client-server system in where some of the business critical calculations needs to be done by the client. The problem is: How can the server trust the client to use the correct calculation? The code is meant to be open source, so it would easy to recompile it. One ...

I'm using the JAAS package, and have used the NTSystem class to get the current domain and user that is running my application. What I would like to do is determine if that user belongs to a specifically named windows group (i.e. Administrators, Users, Guests, oneIMadeUp). Using the JAAS ...

Hi,Was unable to find the right person to send across this scenario which I am facing. Hence shooting this email to you.There are 3 systems in our scenario.Server:-Using JDK 1.4 and listening on SSL sockets. Client 1:- Using JDK 1.4 and successfully connecting to server on SSL sockets.Client 2 ...

Hello everyone.I couldn't find it via google so maybe you can help me.I'm looking for Java build-in/standard functions for web security.I'm mean to check on te server side if posted data is valid (e.g. no SQL code included) and if email is correct.No java script, pure java code ;))Please ...

I have a signed applet which needs to access a local resource. If I put the access code in the applet constructor or the init() method it works just fine. If I put the code in another method and call it from JavaScript on the hosting html page it fails. See the code below.Any ideas as to why ...

Hi, I have become interested in developing an application that uses a thumbprint reader and I was wondering if there is an Api or set of java classes that I can use to develop this application in java.Any directions would help.

Hello Friends,We are currently in the coding stage of a screen scraping application.But we are facing a serious problem,that might cause us to abandon this project altogather.We are supposed to screen scrape Oracle 9iAS based Oracle Forms,precisely speaking we have to trace the Msgboxes and ...

I have a test case that, among other things calls the following snippet:Subject.getSubject(AccessController.getContext());I run this test case under a security manager, so that my java.policy file is evaluated for permissions.WIthout any modification to the policy file, the Java security system ...

hi , i want to have form based or some other way of authentication for the users comming to my site , i have access only to web.xml , but in tomcat documentations its giveni need to change server.xml and tomcat-user.xml , can i make these changes on web.xml to implement it or please tell me way ...

My application runs fine on windows. When I move it to Solaris , I get a KRBError code 68 -- and I can't find any infor on what that means. The root cause is "Identifier doesn't match expected value (906) " but I'm running the same login info that works on windows. Any guidance on what I'm ...

Hi,im making an servlet/jsp application and was wodering if replacing only ' , < , > if enough to prevent sql and script insertion, i have to present this in front of the class and almost certainly they will ask about security ...here is my code, if you see any flaws, please let me ...

I am trying to import a self-signed cert using the keytool. I am running j2re1.4.2_02 om windows 2000.When prompted with the password I enter "changeit" like I have been doing with previous Java release. It seems as though the keystore default password has changed. Because I keep getting the ...

Hi, When I start my program which is using JAAS to login I keep getting this error message which is not making any sense to me.java.security.policy: error parsing file:/S:/dogfood/server/jaas.config:line 4: expected [;], found [bla]java.security.policy: error parsing ...

I'm trying to get an applet to access an AS/400s system status. The applet needs to connect to the AS/400 to get the system status measures...When I try to connect to the AS/400 through the main method of an application program everything works fine, however the applet fails and sas that ...

HI Iam getting the following error while running a sample RDBMS JAAS Login ModuleError creating LoginContext. Login Failure: all modules ignoredjavax.security.auth.login.LoginException: Login Failure: all modules ignoredPlease clarify this issue.Thanks in ...

hi how do I create keystore file when my default keystore file(jks) does not exist?regardsneda

I have created an application I would like to distribute as freeware from my product website. I would like to enforce users of my application to continually upgrade to the next version of the application on expiry of a license key. Can anyone tell me how I can go about creating license keys for ...

In the "Security in Java 2 SDK 1.2" trail on exchanging files( http://java.sun.com/docs/books/tutorial/security1.2/toolfilex/index.html )I get "jar is unsigned. (signatures missing or not parsable)" when I try toverify the .jar file signature. Will some nice person help me get the ...

test post: please ignore

Can someone explain me, how i can run the JAAS-Example from SUN with Tomcat.Please so that i can understand it, step by step.Thanks for your help and understand !!!

This may be covered in a previous discussion, but I have a need to authenticate against NT (no Active Directory or LDAP) from an application server running on Solaris. I see that there are login modules for NT and Solaris, but it's not clear to me that the two modules allow me to do what I ...

I'm a novice java programming with very little formal programming training. I've pieced together enough knowledge to do what I've wanted to do so far...However, I've been unable to figure out how to read and write to a text file from an Applet (I can do it from a normal java program just ...