I am trying to get the stack trace of the classes using getclasscontext method of security manager. Now once we get the class array is it possible to get the object information associated with each class.For example if the class in the class stack was of type Agent, I need to find out ...

Is it posible to modify the JVM's security policy so that applications that run on webstart(which runs on the JVM) will not present the warning(i.e. "This application has requested read/write access to a file on the local filesystem. Allowing this action will only give the application access ...

I want to make it so I can set my own implementation of SecurityManager to do a check before ALL method calls. This way, people can plug their apps into my system and not have to make sure they write in those security checks themselves.Then All they have to do is set up permissions for it.So my ...

Hello,Can we put permissions on particular methods of a class for different users?If so how? What type of entries in the policy file?How can i check for permissions on methods of the class?How JAAS can help me with this?regards,- Saira

Hi !I'm new to the java.security.*, so I need your help finding a class/function in the Java API useful to encrypt/decrypt some text.For example:Username: myTestPassword: myPasswordIn this case, "myPassword" is the string used by the user, but the database engine should never use the same ...

I have had a dream of locally caching a jar file for an applet so that all the code will be on the client machine after the first time the applet was loaded. Basically, I have a very thin applet composed of a jar class loader and a tiny applet which will check for a jar file on the client and ...

I've received a digitally signed certificate back from Thawte. I would like to automate the import of these using the security api. Is there a way to do this?I can import this using the keytool. I can even automate the process of import using keytool. However, for some odd reason, the when ...

Is there any documentation on SSLSocketFactory and why it takes so long to instantiate even though you use your own keystore and certificate instead of cacert? Sameer Jaffer

i m writing a client for EJBs which receives XML from EJB, parses it and then use the information. while parsing it gives the following exception.while the same parser is used in EJB deployed in WebLogic works well .... any one know please help me .... Parser: parseSchedule() ...

I am just into the area of "Kerberos" to achieve some meaningfull security to my authentication process.Can anyone please revert with detail information about what is kerboros and how to impliment it ?.

I've signed my jar file, created a policy file, point to it in java.security - but I still don't get the permissions that I've tried to grant myself... ? I'm trying to get this to work on a browser - do I have to use the RSA format? Any help would be GREATLY appreciated!!

Hi all, I bought a security smart card from a CA, as the CA announced, the private key was stored in the smart card as it was generated. I used the card to encrypt some sensitive information, after that I sorted the encrypted data in somewhere. So only the person who have the card and also ...

hi, it seems that signed appletsverifiable with cacerts get fullpermission overriding permissions given in {user.home}/.java.policy?also the deny option in the security windowdoesnt seem to work. i am working in linuxand use netscape4.7X.cud anyone clarify? ...

HiI've been trying to sign a jar-file with a certificate that I have created using openssl (I can not use keytool to generate private keys due to the pki infrastructure at my site).I have tried to use pkcs12 files with the option -storetype pkcs12 with jarsigner but I get the ...

Hello,I am working on an AIX box with ibm java 1.3 installed. I have an rmi application which attempts to access a local file. I ahve specified a java.policy file at run time. Surprisinlgy it gives me an accesscontrol exception whereas the same program with the same file works fine on an NT ...

Hi,I want only users with valid passwords can access my java application. But as java application is a combination of many class files, how do I secure class files not to be used from out side the application ?Please helpmortoza

I have a JSP that inputs a Password. To begin I cant figure out how to HIDE the text as you type it in. And Second I want to be able to spit it backout when the submit button is hit. I know i cant do this by making 'varPassword' a String cause then it wont take it as a password. Anyone now ...

I'm trying to use JAAS to authorize (no authentication) different users to read/write a file but it even denying write permission to a specific subject won't stop the client from writing to it.This are the security policy:grant codebase "file:F:/libs/jaas.jar"{permission ...

I am developping an application that uses RMI.So in the code i must declare the RMISecurityManager as the security manager. But if the user specify the standard security manager on the command line it dont works.I understand why, because my question is :How the user can ensure that my ...

HiIs it possible to do method level authorisation in java.I was under the impression you grant permission at the class level. Can you please inform as tohow we can grant permissions at method level.example : class A {method1();method2();};can I grant permissions to A.method1() to execute, ...

Hi all. I'm having a bit of a problem with policy files and granting different persmissions to different codebases. What I have at the moment is a server app that copies a class file from the client to a specified directory on the server, and then dynamically loads and runs that class. This ...

I'm running my Servlet/JSP application in Tomcat 3.2.3 on NT. Thinking about moving to Tomcat 4.0.I searched for information regarding setting up Tomcat with NT authentication and am really confused. There's no decent documentation.Can somebody please provide clear information?I want to know ...

I downloaded and installed the JAAS 1.0 jar. I then configured and ran the sample program and it worked fine. Then I changed the sample_jaas.config file to use com.sun.security.auth.module.NTLoginModule , and copyed the nt.dll to \gre\bin, replace the jaasmod.jar in gre\lib\ext using the WinNt ...

Hi all:I am now seeking a solution that can support NT authentication in web applications. I want users to key in their NT username and password and after authentication, I will keep the status in my java bean.After studing JAAS and checking forum for a while, I am wondering if there is anyone ...

Help!I'm creating a 2d game applet, and in the game i need to load a file to read in the map to the game. Now, i have some serious problems getting the applet to load the file in browsers like IE and netscape. In appletviever everything's ok, but in the browsers i get security exceptions. ...

Hi i need to manipulated the keys and certificates in a keystore.. Like generating keys, adding it to the keystore and generating certificates and importing certificates.. etc from a java program.. Can anyone pls help me with this .. Is there some pliece of sample code some where can you pls ...

hello everybody i have a doudt in modem connection via java programhow we get the properity of the modem through java program. because i want to connect my phone through java program can it possible? if you have any idea or code pls share with me thank you ...

Hi EVerybody,Can anyone tell me the exact steps involved in implementing SSL in a Web Application including any changes need to be incorporated in the HTML pages of the application.Thanks.Vishal

I have downloaded and installed JAAS 1.0. I can run the sample login program by changing the config to load the SolarisLoginModule.I need to use this piece of java code to validate user and password against the OS user and shadow password.How can I do this ?Even if I create a SolarisPrincipal ...

Anyone familiar with this package? I'm getting an exception in sun.security.util.ManifestEntryVerifier, but there are no JavaDocs on this in the JDK docs. I think I've got a problem referencing a certain .jar file, but not sure aobut much else.Shouldn't the package name start with "com"? Any ...

I tried the sample client/sample server in "doc/guide/security/jgss/tutorial" with krb5-1.2.2-4that came with RedHat 7.1. Everything worked fine until I changed"bcsLogin.conf" to...com.sun.security.jgss.accept { com.sun.security.auth.module.Krb5LoginModule required storeKey=true ...

Hi,I've been trying to get JAAS authentication working in a web based application and am running into some problems - I'm hoping that someone can clarify. Ideally, I would like to set up form-based authentication on the web app, authenticate the user ONCE, and the have the app server (servlet ...

We are developing a program that requires the user to be authorized to use it.Can I use the system property user.name to check the username to authorize the user?It seems to me that any user then may just make a copy of the startscript and use "-Duser.name=root" in that script to get root ...

Hi,I have a few classes that are in a protection domain, say A, with the necessary permissions to create (jdbc-odbc) database connections. Now I want classes that are not member another protection domain B (so classes outside of the protection domain A) to only be able to get database ...

Hi allSpecifically I am trying to talk from one jboss app server to another with different JAAS security identities in each, but I am having difficulties. In the simple case though I wonder if anyone has managed to perform 2 JAAS logins with diferent subjects to a server and use them ...

Does anyone out there know a way to have a user logout of a session, short of closing the browser, when they have been authenticated using Basic Authentication. In Jason Hunter's book Java Servlet Programming, he says basic authentication does not support any log out mechanism, but I am asking ...

Hi there -I'm trying to run one the tutorial on JAAS Authentication with thekrb5LoginModule on windows 2000. I'm trying to get the credentials fromthe ticket cache on windows. I get the following error - which lookslike it can't load a native library. Which library is it trying toload? My ...

Hello,I've run across a interesting problem. I'm using Java 1.3.1 with JAAS 1.0. I've written a LoginModule, Principal, and CallbackHandler that reside in one jar, authentication.jar. The class that use the authentication.jar is in another jar file, client.jar. When ever I run client.jar, I ...

HiI want to design user access policy wherein the application administrator could be able to allow or restrict in different GUI as well as it's functions. Any idea is appreciated.

I juz wanna if there's a way to get the window NT login Name in applet to view in IE or Netscape without granting any persmission.... thanks

I am using JSP to connect to a MS Access using jdbc:odbc. This part is alright. I want to implement a user access control for my website(under Windows NT server). Example i have a number of user and they have to logon in order to access into my website. I am thinking of using WIN NT user access ...

Hi All,I am developing a simple text based loginModule to authenticate the user to access my application. I have some problem... I got the jaas sample running and I modified that source code in such a way that to suit my requirement. I am reading the user name and password from a text file to ...

Hi everyone, I want to know to difference between java.security.Permission vs java.security.acl.Permission, can anyone tell me it In jdk doc it is said that the java.security.acl package has been superseded by classes in java.security package. I am developing a custom role management system, ...

Hi,I use an applet that connects via intranet to a database. I know about all the security issues related to that, but here's the problem:** it used to work: **- starting the applet from my local disk, it *did* work before in the browser (IE, security settings medium or low). starting it from ...

I have tried using JAAS to authenticate to MS Active Directory and keep getting "javax.security.auth.login.LoginException: Pre-Authentication Information was invalid" I have tried authenticating with multiple user accounts and on three different realms (Active Directory domains).How do I need ...

Hello,If I create a public/private keypair in a given keystore, how can export both keys for use in another application? As far as I understand it, keytool only allows public keys to be exported.If this isn't possible via keytool, how can I export the keypair programmatically, and how would ...

I have an applet which save web pages, but if I run this applet with Netscape appears an exception: "security.Couldn't connect to <web page> with origin from <localhost>.If I use Explorer the applet is all right. I did it with all net classes and I can't find a solution. ...

Hello.I've programmed an applet for my internet site. On the local machine it works and the compiler doesn't give any error messages. But when I loaded it up to my internet server and wanted to test it on my page, the textarea with the flying text isn't shown. The applet works with a timer ...

Could somebody please tell me as what version of kerberos is the right version. I assume it is Kerberos 5 Ver 1.2.2. And which implementation is widely being used, MIT's or someone elses?Also does anybody have any idea as to which version(vendor and version) JDK 1.4 supports or uses in his ...

I have to create a x509 certificate, but first i have to generate a pair of public and private key.How i can do?And also: how i can connect them?thanks