Our company has been required to integrate with a 3rd party vendor which requires 'client authentication' to their server using a Digital ID certificate (Class I). After purchasing our Digital ID from Verisign (which is installed in Firefox), we export the certificate to a PKCS12 format (which ...

My company is developing a licensing system that requires the generation of a unique system identifier. This would be used, for example, to restrict an application to run only on a particular machine.We already have a native library that generates these system IDs, but we want to implement a Java ...

Hi,Using JAAS login model is fine for my swing app. But now there is a requirement, such that we need to create a web, by which all logined user can be monitored, and even forced to logout.Can any one have idea, so1. how to know who logined?2. how to login user ...

If I ask for Certificates[] method JarEntity.getCertificates() returns null.How to get JarEntity certificates?JarInputStream jar = null;try {jar = new JarInputStream(new FileInputStream("e:/out/p1.jar"));JarEntry je = null;while ((je = jar.getNextJarEntry()) != null) ...

Is there anyone out there that is familiar with SSHExec.FileAttributes? All I want to do is set the mtime file attribute for a file I plan to ftp. The documentation for SSHExec.FileAttirbutes states that mtime requires an int.Ok, easy enough. But I want to pass it a timestamp that will the date as ...

Can anyone let me know how to read data from a web page that is protected by a certificate. I do have the certificate. So can anyone breakdown the process for me as to how should my program go about this task.I usually get data from password protected websites. And now I have this whole list of ...

<p>Hi everyone!</p><p>I'm trying to come up with a web based login module for a web based booking and ticketing system. Please anyone who has an idea please help me out. Please include your proposed code. your help will be highly appreciated</p>

hi all,first, i don't know if this question should be posted in this forum. If not, please let me know.i'm trying to find a solution for this issue. I've searched but couldn't find a clear answer about preventing from XSS in websphere 5.0.another question is if we use the filtering and encoding ...

Friends, I wish to create a Self signed certificate (CA ) and a server certificate using java . Can anybody please help me or guide me to a relevant document ? Thnaks in advance .regards,Dhiraj Shetty

I've implemented JAAS with Tomcat because I'd like to both authenticate as well as authorize users of the web app. Currently, I have created a jaas.conf file which is located in the conf directory of Tomcat. However, I'd like to be able to make the authentication/authorization process ...

Hi everyone,I have application where in i m connecting to DB at present i m hardcoding username n password to the DB.But recently i read abt JCE for encrpyting secure data i tired to implement it n it works fine but again the data tht has to b encrypted is present in the code....then i read abt ...

Hi,does anybody know whether the Sun fingerprint database is available for download (I mean the whole thing)? This would make analysis much easier!Bittorrent would be one way of distributing this data in an efficient way.Please mail me at jsp199 at gmx.de if you have further ...

hi,i have a jsf webapplication that runs fine now my task is to do the authorization of users through active directory. but first of all, i have to force the webapplication to show a login module. (best is to show users a standard Internet Explorer Login popup). but i have no idea how to write ...

Hi to all,I see this security post: http://www.frsirt.com/english/advisories/2007/2384"Sun Java Web Start Arbitrary File Overwrite and Command Execution Vulnerability"How can I understand if the JRE 1.5.12 fix this security bug?I have seen on the release notes but I have not seen any reference ...

I wonder why this is so:Given the following simple applet code running as untrusted:import java.applet.*;import java.awt.*;public class testVersion extends Applet { public void init() {try {this.add( new Label( "Version: "+System.getProperty( "java.runtime.version" ) ) );}catch ...

Hello,is there any way how I can use the the new XML DSig APIs in Java 6 to sign an XML document using an external key -- that is, a key that is not available as a Java PrivateKey object?What I am trying to do is to use a private key stored on a smart card to sign an XML document. The key being ...

My project requirement is like this:1.It contains 3 war files which are deployed on different servers.(Weblogic8.1sp3 and jdk1.4).2.First application has to forward the request to second application and second one will forward the request to third one.U ser can see the third application's home ...

Hi,Can we use javascript in Tomcat...If no,then is there any ways to use it in Tomcat?ThanksSantosh

Hi...Has anyone else noticed that 'requestPasswordAuthentication' gets called multiple times from HTTPURLConnection in JDK 6? If I create an HTTPURLConnection, and it returns successfully from 'openConnection', if I then do something simple like query for its contentType via ...

hi guys, i want to validate an account in windows 2000 to logon in a application that i'm developing in struts+spring+hibernate. is JAAS the best solution to it? i just need to validate if the account owner is really the guy that is loged on.i think i need to know a way to get the windows ...

Hi All,I am using org.apache.commons.httpclient.HttpClient and org.apache.commons.httpclient.methods.PostMethod to post a request to https site. my requirement is i need to read the url from property file, add some sensitive information in the HttpHeader and post the request to the URL read ...

I have primary keys etc stored in java key store and I have hard coded the password for keystore for now but I am thinking to store that password in text file in encrypted form. The architect of my team does not want to store password for keystore in database so now I need two way hashing algo. ...

I use spring framework acegi-security-0.9.0 vesrion and tomcat 5.5. I want use HTTPS for login page. my acegi configuration file contains following code :<bean id="rootChainProxy" class="net.sf.acegisecurity.util.FilterChainProxy"><property name="filterInvocationDefinitionSource"> ...

I need to find a way to duplicate java's CRC32 implementation for C# in Microsoft Visual Studio. Does anyone know of a way to do this? There are other CRC32 implementation out there but none that give the result that I need.

Hallo to all.I'm trying to sig an xml file (DOM using java apache xml security api. I'd like to perfom sign operation starting not from all document but just from loading SignedInfo with the digest value and sign it.Does anybody know if it's possible and how?I took a look at apache xml ...

I use a USPS web-based label software. When the java applet tries to print the label. A Security popup comes up with the question " this applet is trying to access the printer". A check-box to allow the access appears but 9 times out of 10 the software hangs up at this point. I can not place ...

Hi,I got the exception when using CertPathValidator cpv = CertPathValidator.getInstance("PKIX");PKIXCertPathValidatorResult cpv_result =(PKIXCertPathValidatorResult) cpv.validate(cp, params);java.security.cert.CertPathValidatorException: Path does not chain with any of the trust anchors at ...

Hi...,We have an application where the user can clink on "Forgot My password" link to retrieve his/her password. Right now we do ask a security question as set by the user when the user enters the user id. But going forward we want to send an email to the user with a link , so that the user can ...

I've got my login page working perfectly, but I want to be able to have users change their passwords.I've tried changing the conf/tomcat-users.xml file directly, but it seems that the user file must be loaded once when Tomcat is started, since any changes after that have no effect (eg. I ...

Hi all,I'd like to perform a Digital Signature (sign) of an existing digest value pre calculated . Does anybody could please tell me some more about it?Looking at specicctions (apis) the signature is performed in one operation, within by given "object" to be signed, the method calculate the ...

Hi all..I'm having this problem while trying to "sign" a jar.. I think the problem is in the manifest file, i'ts all on one lineManifest-Version: 1.0Main-Class: tchn.login.UpdateManagerClass-Path: DMtchn/DMlib/RMtotdSgn.jar DMtchn/DMlib/RMl2fprod-common-totdSgn.jar ...

I have a daemon that is not running as root but needs to run several restricted commands. The daemon is spawned via the cron table of a normal user. Most of the documentation I've seen discusses role based access which assumes a logged in user using 'su' and entering a password. I cannot get ...

I am trying to do what is now a privileged operation on Windows Vista (modify the local hosts file) from an applet. Can anyone tell me what I need to do to get the rights I need? I am currently getting a java.security.PrivilegedActionException when I attempt to modify the hosts ...

I use putty/ssh from my PC desktop. On a solaris9 system I cannot log in directly with root but I can with my Solaris10 boxes. What setting and/or configuration controls this remote login access?Note: all the machines are on the same domain.tksJG

Is there a way to force j_security_check to redirect a user to a specific page every time, rather than wherever it came from?If someone goes directly to my login page and logs in using the login form, they get a 404 error since there is no page to be sent to.I would like to bounce everyone to a ...

Hi,I'm new in java security. I'm trying to grant "java.security.AllPermission" to my program but getting AccessControlException. Here is the program:package t;public class MyApp {public static void main(String[] arg) throws Exception{FileWriter writer = new FileWriter( new File("c:/a.txt") ...

The following link says that the public key that corresponds to the private key used to sign the JAR is placed in the JAR, along with its certificate. http://java.sun.com/docs/books/tutorial/deployment/jar/intro.htmlI have a couple of questions: are both the public key and certificate in the DSA ...

Hello everyone, Do you take care of studying the josso-gateway-config.xml and find the Credential Stroe block is lacking of a way to store the username/passport pairs by DataSource? this is the josso-gateway-config.xml listed as below:<?xml version="1.0" encoding="ISO-8859-1" ?><!-- ...

Hello,May I know what is the SJSAS equivalent for the Tomcat's version of the following server.xl configuration:<Realm className="org.apache.catalina.realm.JDBCRealm" debug="99"driverName="oracle.jdbc.driver.OracleDriver" connectionURL="jdbc:oracle:thin:@{IP ...

Hello,I would like to know if it is possible to have a web application running on AIX authenticating the users using the windows id. The scenario:windows networkweb application running on AIXThanks for any help,Carlos Ferreira

Hello,what is the reason for acquiring certificates from a certificate authority like VeriSign. Why not just install your own certificate?If one creates a keystore by himself with the keytool, will that be a secure certificate?RegardsRen?

Hello,How can I use pure Java 5 classes to get the X509Certificate valid date (from date and to date) ?Can you give me a simple example?Best regards,Eric

Is it possible to use my own Policy implementation along side the default one? For an application I have permissions that have more properties then the "name" and "actions". But for the other permissions, I would like to use the default policy file implementation. Is there a way to do

Hello ,We have a web application in which the browser performs user authentication. The authentication window prompts for User Name and Password. The User enters his user name in "Domain/User Name" format. Is there any way to tweak the browser/browser variables so that it prompts for User Name, ...

Is it possible to do it? I got a hosting where i cant get to the server.xml, so i would need to set my JDBC Realm using the Admin tool.Thanks Batsup

Hi. I have just read the tutorial abut securing web applications. I saw you can use j_security_check and let the application server do the authentication. But in the tutorial, it said to define users using the AdminConsole.But i want to be able to register user, so i must use a a database where ...

I can not simply make sense of this KeySTore Class.I have private and public key and I simply want to use them in KeyStore to use later.KeyPairGenerator keyGen = KeyPairGenerator.getInstance("DSA"); SecureRandom random = SecureRandom.getInstance("SHA1PRNG", "SUN"); ...

How to Provide authorization for Jsp Pages in a web Application

I am writing a login method that will authencticate user and return token for web services. Next time user will send is token and we will validate the token but requirement is that we donot wnat to keep any state of token at server.What does it mean that when we receive token, we should be able ...

Hi,I want to use an existing JAAS loginmodule in Tomcat. I don't want to use the built in JAASRealm functionality of Tomcat. In a JSF managed bean (called AuthenticationBean) I create a LoginContext and call it's login method. When the user logs out, the invalidate method of the HttpSession ...