lookin for info

Hi all,Does anybody know of a custom, container-independent and non-hack way to authenticate users in a web/ejb application and still use container managed (web.xml/ejb-jar.xml) authorisation?My current setup uses JBoss's DatabaseServerLoginModule and j_security_check to authenticate users ...

Hi,I am pretty new to java security. I created a keystore called vivekstore and as per my understanding it has priv/public keys in them. I need to make use of the keys in the key store to sign a data. I am getting a exception called "Caught11 exception java.lang.ClassCastException: ...

Hi all,unfortunately I've got a big problem with the ClientServer JGSS tutorial.After doing everything like the HTML file said, I firt started the server and then the client.The client then produces this exception:Kerberos username [stnt1]: myNameKerberos password for benni: ...

Hi.I have an applet which accesses several local notepad.txt files. They are all on the same logical volumn and directory i.e. the html, the applet and the notepad.txt files.The question is : do I really need a signed applet to access the text files, seeing how they are all in the same ...

I have some more java questions:1. How can I cast a String to a SecretKey? I generate the secret keycorrectly, and I have to store it as a string in the database. So ,when Iretrieve it need to cast it back to SecretKey object. However, I recieve ajava.land.classCastException. line of code that ...

When I try 2 upload a file using Fileupload framework, I am getting error "java.security.AccessControlException : access denied (java.io.FilePermission/home/virtual/site50/fst/var/www/html/tmp/upload_00000012.tmp delete)". I host my site in Tomcat Server which is running on Redhat Linux.In my ...

Hi folks,This is a newbie question for light relief.How hard would it be, in your estimate, to trojan a JVM? The trojan would need to affect the behavior of a specific applet, and only that applet, in a very specific way.I ask because I wonder if an applet product like an encrypting payment ...

I am using sun's security as my default security provider. With IBM JDK 141 these classes have been removed from their jdk. I was wondering is there a standalone jar from sun which contains these classes so I can include them in my classpath and stop getting a 'provider not found ...

Has any one succeeded in getting a SSO to a J2EE application using the above combination? I.e. a Windows XP client retrieving local credentials from LSA and making an authorised call to a J2EE EJB and correctly securing this call. If so please could you post your configuration.I have found the ...

Hello everybodyi need to get the ntfs file permissions of folders on my hard disk. How can i get it?can anybody help me with that?Thanks, niklb

Just a heads up for anyone running into trouble with signing/encryption today. The root cert in the JRE expired yesterday (January 7th, 2004): http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F57436Mike

I'm stumped. Just started working with an MIT KDC v5 1.3.1 running on Linux and trying to get the IBM sample apps (GSSClient and GSSServer) working. The apps are here: http://www-106.ibm.com/developerworks/java/library/j-gss-sso/I have two principals set up using defaults: one for the client ...

Hi there,I had a discussion with a collegue who mentioned he can't use java on his secured linux server because he is using PaX for protecting the stack and heap and such. PaX just kills the JVM when you start it.This is because all programs to run on an environment with PaX need to be ...

Hi everybody,I'm trying to develop an application using JAAS for authentication and authorization, but I don't want to depend on the text files for configuration.This application is going to be distributed using Webstart, so I don't know which configuration the user will have.Is there anyway ...

Hi,I am using JDK1.4.1. I had a problem while opening connections secure URLs. It was throwing "java.security.cert.CertificateException: could not find trusted certificate". So, I figured, from the forums, that i need to use a Trust All code. I implemented the following code and it worked ...

I am trying to perform an authentication using the NTLoginModule and the DialogCallbackHandler, but the issues I run into are:1. The DialogCallbackHandler when instantiated doesnot pop the Dialog box2. The LoginContext's login method returns the info of the currently logged in user.If any one ...

hi,i have created an applet program which needs a java.policy file to work. i want to run this applet from my webserver. so if my client runs the applet from his machine, he gives the url ( http://192.144.1.45:8080/examples/applet/myapplet.html)the applet downloads well in the client machine, ...

Hi,I have an application that needs to maintain user accounts , it needs to store their usernames and passwords somewhere securely, i looked for ways to accomplish that and found that i need to hash and add a salt to the passwords before storing them ..all this is fine, the problem i have now ...

I thought applet are safe except on unpathed MS windows by exploiting the cache.How true is the following statement"Applets and attachments are the usual means by which worms and other malware are delivered. " by Dave Chappelle on 18 January, 2004 in " 2004: year of the worm " published in ...

HiI'm using DES in java. I've put the key in the code. I need to use keystore or something like that to take my security to another level. Can anyone give me an example of how to use keystore in java. Please give me a code-example. (If you want my code just let me know.)

Is it possible to use JAAS to request a renewable kerberos ticket? I've tried all kinds of settings and options but nothing seems to work.Thanks in advance,David Robison

Hello, I am using Struts Menus, which print out menu and menu items based on user's roles, retrieved by request.UserInRole(). I am using Jboss as my app server and I am using LDAPModule for Security but I can't seem to get it to work. I get a j_security_check not found at log in.What I have ...

How do I do authorization with JAAS and JDK1.3 as JDK1.3 policy file does not support the principal in the grant subject. How can I assign the permissions to the principle in policy file under jdk1.3?any helpRegardsSachin

Hi all, I am running two web servers on the same Linux machine.1) is running Apache 1.3.19 and,2) Jakarta-Tomcat-4.0.5. I have been able to successfully import and configure a DigitalCertificate from Verisign into the Apache web server. When I attempt to import the Digital Certificate into the ...

Hi,I am developing a J2EE application with a Swing client.For authentication, I plan to use JAAS. what I want to know is where will the LoginModule reside?Is it on the server?If so will the LoginContext be created on the server?In that case some resource on the server has to be contacted for ...

I checked the /opt/java1.3/jre/lib/security/java.security, the two new entries are there.. any ...

Is there a way to request but not require a client certificate? Not all of our users have digital certificates, so I can not enforce the client-cert method.Is there a way to request a client cert after ssl has been established?Any ideas would be appreciated.Mark

Is there a way to add a password to an existing certificate? Or, do I have to go through Verisign to do this?

Hi,I'm new to Java so please forgive me if this is a stupid question.I'm investigating options for putting security into a Java program, and was wondering what you think is the best approach. I''ve looked at the JAAS stuff, with LoginModule and we could implement this to give a user login ...

I Sign a string and send it to a Web Service write in Axis, I want verify this Signature with a String in Web Service but the Signature isn't verify. If I resign the string of the Web Service the string is equal to the Signature that I have send. What is the problem? thank you

There can be secure communication between the server and the application on cleint in java ?I am new to java so do not know much about itThank You

First time post:, I have been needing to do secure logins to Active Directory LDAP servers, with password authentication. I have gotten it to work in principle but have run into a few nuances that seem to be a pain. My understanding is that kerberos is the only encrypted means (no clear text ...

I am trying to implement the JAAS in my application .. but the problem is if my client adds a new login module later, which requires a seperate username and password then how will my single sign on solution work. Is it possible to take single username and password at the time of login and ...

From our company's website we have a link that launches a program to connect to our application server that is housed else where using telnet. If we try to do it now with java it does not attach and we get a security error. Supposedly we can modify the configuration of java to allow this type ...

Hi,If I generated a self-signed certificate, and later on I need to put this key to a web server, say IIS, how can I export my private key?

Hi Experts,I am new to this JAAS I hope you guys would help me out here reagrding the problem that i faced.Alrigth my boss wants me to create a function whereby i could extract out the client machine information such as their username and password.I used JNI to extract it and all it could give ...

Hi,I'm currently developing a system that should be run on M$ Windows 2000 and Sun Solaris 9. We're trying to find a solution for a SSO on both platforms.But, we got some requirements that must be fulfilled:1. After the user have logged onto the OS and starts the system - the user shouldn't ...

I understand that a digest is a one-way process, that a message digest is a "fingerprint" of the original message but that there is no way to recover the original (I think Ronald Rivest's document says it is "conjectured to be computationally infeasible" to do so). So far so good.But I also ...

Hi,I've recently heard about you could use GSS-API to implement SSO for use in both Windos. I'd like my system to retreiev kerberos key from local cache to use as credentials. I don't want the user to explicitly have to provide cerdentials as in the use of i.e. TextCallbackHandler.I read ...

Our java application resides under a folder called Classes in D:\Folder1\Folder2. Under folder2, we have another folder called Html which has lot of subfolders and html files. We want our code to have read access on this folder. What I need to do in the policy file for this?I have defined ...

Is it secure to reuse Permisson object for checks likeif (System.getSecurityManager() != null) { System.getSecurityManager().checkPermission(MyPermission.CONST_PERM_OBJ);}All code I've seen regarding this topic, creates a new Permission for every ...

How do I give read access to all the files under the system in a policy file? I gave something like: permission java.io.FilePermission "D:${/}*", "read"; permission java.io.FilePermission "C:${/}*", "read";But it gave the exception java.security.AccessControlException: access denied ...

Hi All,Is this possible to implement jaas(including configurations) in an application server independent manner , as i`ve to run my application on multiple application servers (weblogic, jboss, sunone) and if not then what should be the best approach to minimize the dependency on app ...

Hi all,I am working on a standalone application that has the ability to download plug-ins from the Internet and run them.Of course, I would like to ensure the users of my application that theplug-ins don't do anything harmful to their computers.So I use my own ClassLoader (which extends ...

Is there a way to get the NT login name of a user? We want to authenticate a user belongs to a group before giving him access to a site so the first thing in the begin method will be to get his login name and then we have another module which validates the user belongs to a particular group. ...

Hello friends. I am trying without success to get a process running on Tomcat 5 to communicate with BEA using JMS. Unfortunately, on Tomcat startup I get a series of exceptions that lead me to believe I need to modify my java.policy file to provide the weblogic codebase access. (does that even ...

Following the instructions provided in the Sun Alert Notification #57436 http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F57436When I run the process, it appears that the certificate was properly installed. But when I view the Class 3 certificate through the Java Plugin, it still shows ...

I am trying to access communication port from a Servlet using java communications api's.But Following exception was thrownCaught java.lang.NullPointerException:name can't be null while loading driver com.sun.comm.Win32Driver The SecurityManager do not allow that opeartion.java.security ...

how to set permissions to methods of my own class?should i write my own permissionClass (which extends java.security.Permision)?is there any class i can use? (is it java.lang.reflect.ReflectPermission? - but i can't get how to use it)