hiI have a class loaded using a custom classloader. During load time i had given the class a set of permissions. Is it possible to change the permission of this class without reloading the class?thanks in advancesibi

I am attempting to use the JAAS Tutorial code to authenticate against a Windows 2000 domain controller. The code as is works against a domain controller that I set up, but when I attempt to authenticate against a client's domain, I receive an exception:Authentication failed: Pre-authentication ...

I am trying to connect to a secure web server using https and then send some data to a servlet. I do the following to connect and send data.HttpsURLConnection urlConn = "https://www.myserver.com";urlConn = (HttpsURLConnection)urlc.openConnection();// Send user id and passwordStringBuffer ...

To whom it may concern:We are developers working in java and we are experiencing a problem with the new Java plug-in (version 1.4.0) that are not able to solve ourselves:We have an applet that needs to read URL磗. When we run the applet locally, this URL ...

When I start Tomcat, I get the following error: "Starting service Tomcat-Standalone Apache Tomcat/4.0.3 Catalina.start: LifecycleException: Exception opening database connection: java.sql.SQLException: java.lang.UnsatisfiedLinkError: no db2jdbc in java.library.path LifecycleException: Exception ...

Anyone knows if JAAS can be use to implement ACF2 security? If so, could you provide links to white papers and/or technical docs?Thanks much.

I've started a simple client-server app and had communication working fine untill I tried to add encryption.Here's the faulty code with info on object initialization// init in and out cipheroutCipher = Cipher.getInstance(algorithm);outCipher.init(Cipher.ENCRYPT_MODE, key);inCipher = ...

Hi. I've tested the sample JAAS authentication code below and it works. I have two questions: 1) How do I modify this to authenticate a Windows 2000 user and 2) how do I get it to run as a Java Servlet? Thanks for any suggestions.Using:java -Djava.security.auth.login.config==jaas.config ...

The default Tomcat password storage file stores passwords in unencrypted, plain text.I need links to resources that show "how to" encrypt and store encrypted passwords. And how to "hide" the encryption key?thanks,/dj.

Hello,I try to make an URL connection to a secure site with JSSE 1.0.3. I get the exception 'DER Value conversion' printed below, when I connect to an IIS server with a Baltimore test servercertificate. Does someone know how to solve this problem?Thanks, ...

HeyIm trying to build af loginsystem to my schoolproject..I've some problems..I don't know how to see if the username and password is correct or incorrectIf the username and password is correct then it should open a new Frame..Can somebody help me..

I'm trying to implement some permissions and associate them with a given principal for my java app. I'm having problems associating my custom permissions (as well as other permissions, like java.io.FilePermission) to a given principal. The problem is that I can't seem to associate the ...

Hello Java FolksMy software acceses to a ms access database to get some data. This database is protected by one password.In the persistence layer of my software, I declared this password like that:private static final String PASSWORD = "Blabla";This simple solution is NOT secure. With any Java ...

Hi,I am trying to implement a standalone client application that is able to login to multiple JBoss 3.0 servers using JBossSX. The logins must be active concurrently and the desired scenario would be to create a LoginContext for each server prior to getting the InitialContext and to switch ...

Hello,I have a verisign certificate which I have imported on to my Windows 2000 client and was able to successful sign all my jar.Now, I need to move this certificate to HP-UX machine as this isour build machine. So, I did the following :1. On Windows client machine : keytool -export -alias ...

Hi,I'm having trouble assigning Java Permissions to Principals.Here is an example of my problem:<code>grant codebase "file:./actions.jar",principal example.MyUserPrincipal "capt.crunch" { permission example.MyPermission "polka", "execute";};</code>For this, I have a class outside ...

My study case is :A user, in a web application like intranet, should be able to fill a HTML form, "sign" it (as he would do on paper sheet) and submit it.What does it implies during the application development ?- do we need to program all the security stuff with JAAS, JSSE and so on ?..- do we ...

Hello dear All :-)Does anybody know where can I find x509 structure description and is there any difference between x509 implementation of Microsoft, Thawte, Versign, etc. ?

I have created an application I would like to distribute as freeware from my product website. I would like to enforce users of my application to continually upgrade to the next version of the application on expiry of a license key. Can anyone tell me how I can go about creating license keys for ...

Hi All,I am having a problem with Tomcat 4.0.4 Form Based Authentication using SQL Server with the microsoft JDBC driver.The error log shows that tomcats "j_security_check" servlet is managing to authenticate my user "admin", but the subsequent authentication on the user role fails due to the ...

Hello people !!!Do u have any information about compatibility of this class implementation and different CAs ?I mean what CA certificates are supported by this class (Microsoft, Thawte, etc...) ?Thanks in advance

I'm trying to grant the following permission to code being executed in my application, by the user identified by the principal.<code>grant principal example.MyUserPrincipal "realuser" {permission example.MyPermission "resource", "read";};</code>Before I execute the Privileged ...

Hi All I am new to java.I am trying to access data base SQL 7.0 thru an applet but its giving an error "java.security.AccessControlException:"Can any one help me plz!!!!Thx in advanceVipin

hi how do I create keystore file when my default keystore file(jks) does not exist?regardsneda

Hi,To start with I'd like to apologize if I've posted this question in the wrong forum. I wasn't quite sure where to post it.Ok, here goes. I've gotten a contract to design a database connected website for a government organization. One of the conditions of the contract is that I have to ...

I am in a situation needing help on https://site access from Java program.I need to access an https:// site. That site gives me a client certificate which I put in IE browser. I can now browse the site with IE browser without any problem.Since there is one file in that site I have to download ...

Hi folk! Where can I find (and download) a java network client for https and cookies support?I would like to implement application that is able to connect to my bank (by https protocol and cookies support) with jdk1.4.1..Thank you in advance for the answer.Ivan ...

Hello1. Cert field, named SIGNATURE is the hash code, generated by passing some data through the specified sig. algorithm. WHAT is the DATA ?2. How do I verify that the cert is really issued by specified CA ? Probably it should be encoded with CA's private key, so I (as a user) can decode it ...

Hi,As part of a project I plan to build a Windows filter firewall similar to ZoneAlarm.Unfortunately I have no idea how to lock the TCP/UDP ports so that no application can make a TCP connection without my program's consent.If anyone can help me with this I would be most ...

I implemented a servlet running on Tomcat 1.4 that manages academic seminar information. Currently, anyone can post / edit / delete data. I want to add some security features so that only authorized members can sign in. I am a real novice in security. Could anyone point me some directions on ...

Hi, allI am newbie to java security. I am updating a application. The application was running on JDK1.1. Now I updated the application codes and compiled them. When i run it. I found a problem in MessageDigest call, it returen different result from previous version. The diff occurs in the ...

Hi,I use Java Plugin 1.3.1_04 for running my applet. If the client computer does not have the correct version of the Java Plugin, the applet downloads and installs it and starts running.But there is one problem. My applet should read and write from the client machine. For this to happen, I need ...

Hi,I'd like to know which software owns java.security? Is it owned by JVM runtime env.?I have an aix box where I can find so many instances of this file on. E.g. one under /usr/jdk_base/lib/security/ and another one under /usr/WebSphere/AppServer/java/jre/lib/security/.Is it a correct ...

Yesterday, I started a project to do (a very small, very simplified) IRC-client as applet. I just wanted to learn some basics.But almost instantly I encountered a problem when trying to form a socket to the server.I'm really not well aware of applet's security restrictions, so I was hoping ...

Hi all,I have developeed an application and I want it to be protected from the decompilers. The problem that I am facing now is that the .class files can be ripped by using the decompiling softwares.It will be great if any body cvan bail me out of

HelloDoes anybody know how to extract public key from a cert in NON-encoded form. I'm beating around x509Certificate class and PublicKey (Key) interface without any success :-(( The only possibility (even if I generate keys by myself) is getting an ENCODED form

Today is my first day with JAAS, and i am getting confused while i reading about JAAS ( some topics on javaworld.com ), what is Kerberos and is this neccessary to use Kerberos with JAAS or its just good to use with JAAS.Any help or any good tutorial/URL, i would appriciate, as i told today is ...

Is there someone who knows how to reinitialise the java policy file at runtime?My signed applet writes a policy file to the users home directory, but that file is only used after closing the browser and surfing back to our page. It should immediatly use that new file.Someone who got some ...

Hi All,Tried to get this info over the web , but found none.We have web application bundled in a war file which is distributed to our clients. But we dont want anybody to alter our war file , like add/delete contents from that. So we thought of jar signing.... here are the questions which I am ...

PLEASE, URGENT!!!I'm trying to retrieve the belonging group of a user logged in from a servlet.My web application is deployed on Weblogic 7.0.Could anybody give me some hint, please?Thanks,Enrico

Is somebody aware of Java based bioAPI(www.bioapi.org) reference implementation. Where can I find more information on Java based access to biometric devices (fingerprint) for user authentication.

Hi All, I have 2 classes GmoDesEncrypter and RunGMOEncrypter.In GmoDesEncrypter i am Encrypting one file. The code is as follow:String strKey="My key";Cipher desCipher=Cipher.getInstance("DES");SecretKeyFactory secretKeyFactory = SecretKeyFactory.getInstance("DES");DESKeySpec desKeySpec = new ...

Sorry for my English.How I can guess login and password strings of an user, from error page (JSP)using "Form Based Authentication of Tomcat"?I need know it to lock the count each 3 error tries (if login is ok butpassword is bad, insteed).Methods 'getRemoteUser', 'isUserInRole' and ...

My problem is that, following the sample implementation in RFC2617, the genrated hash is never like the expected one mentioned by the sample! And I've been trying all possible combinations (as far as I know) while running my tests! The essential parts of the code I've written looks ...

I spend a lot of time yesterday evening on Subject.doAs method. It seems that this method does not work correctly(at least, as it's described in some JAAS examples). So, I have the following:public static void main(String[] args){get the Subject instance with the correct Principal ...

Hello All,Client:Client is having his own Private key and the public key of the Server.Server:Server is having his own Private key and the public keys of all the clients.When a client wants to send a document to the server with both encryption and signed,then he will encrypt the document with ...

Hi All,I'm writing an applet which uses Socket to connect with a serverapplication.My problem is that I have to modify the java.policy file to avoid thefollowing exception:java.security.AccessControlException: access denied (...)Does anyone know how to use Socket in an applet without the need ...

Hi All,I'm writing an applet which uses Socket to connect with a serverapplication.My problem is that I have to modify the java.policy file to avoid thefollowing exception:java.security.AccessControlException: access denied (...)Does anyone know how to use Socket in an applet without the need ...

My application server is Weblogic

HiI will like to create an application that authenticates using jaas and can grant or revoke privileges to the users in thee directory repository. Is there a way in JAAS to get a list of users?