We have to authenticate users in our windows environment before giving access to one of the web apps. I want to know fi there are any examples of how to implement NTLM so I could get the user credentials from their windows login and then use that to authenticate it within our app.Any examples ...

I am trying to use RSA encryption in an Applet but am having a few issues.I have opted for the BouncyCastle provider. Is there any way that this can be used in an Applet that doesn't have BouncyCastle installed in their local Java installation. I heard somewhere that Java Extensions can be ...

hi, everybody. I practice security with JAAS, but i dont understand about kerberos machenism in windows 2000 very well. I dont know how to create realm, kdc or principal in kerberos; or to map principal to domain user. I i run JAAS tutorial in windows 2000 wordkstation, the jaasAnc.java, you ...

I'm trying to get my head around what JAAS is and if its the right thing for me to be using for an application I'm writing. Let me describe the situation:Its a client-server system. The client connects to the server and sends a username and password to authenticate itself. I want the server ...

I need a web resource where I can master use of the cryptography packages. Especially MD5, SHA1, DES, 3DES and AES.Thanks a lot.

We are using JAAS and a custom login module to authenticate users to our J2EE app. We are now required to share authentication with another J2EE app running on the same server (i.e. a user can go back and forth without having to re-authenticate). Is this even possible? We're running on Oracle ...

Hi,I implemented the example here http://www11.informatik.tu-muenchen.de/Java/j2sdkse/guide/security/jgss/single-signon.htmlfor Single Signon, but it requires that I supply the password for the user.What I want it to do is get the current logged in users credentials under which this program is ...

Hi!I齧 going to:1. Take a short textstring and use some hashfunction like MD-5 or MD-4 to generate a hashed text and then2. Take the hashed text and sign that with RSA.My question is:Do I need JCE to do this?

Hi,I want to implement SSO for an Intranet with Windows 2000 server.I manage to get Interenet Explorer to send me the SPNEGO token that contains the Kerberos token, I also now that it is Base64 encoded.When I decode it get the ASN.1 BLOB and this where I am stuck howe can I parse this to get ...

I set cross certificate between 2 CA completely. And now I have file that retrive from attribute "crosscertificatepair" in iPlanet Directory. I found that window can't read this file. I try to set this to X509certificate but java runtime report error. I check this file with program from IBM ...

Hello experts,I am looking for TACACS+ JAAS module. Although I have been searching internet for several days, I cannot find a good open source solution. Somebody has such experience on TACACS+ protocol and its implementation in JAAS?Thanks,WenBin

Hello Everyone !I've read lots of topics concerning the form based login. I tried the examples given and my own solutions, but it didn't work. I now used this but i always get an Internal server error 500. does anyone know what i might have forgotten ? I also changed the web.xml what do i ...

Hi All,I have purchased and external USB port hard disk. The problem with it is anyone just plug it to thier computers USB port and use it as we use our windows explorer to browse the filesystem. However whenever I plug to my computers USB port it should prompt me for a password and once ...

Hi!I am trying to write a documentation on java security for school. I've taken some sample-code from the java tutorial (WriteFile - example) and it works when I'm executing the program with the appletviewer. But when I trie to view the applet in HTML I don't get an error, but the file ...

Hi, I have successfully written a program that uses HttpURLConnection to talk to a server and send and receive data. Now I would like it to be able to call https pages. Does someone have a small sample?Does anyone have a small sample of using HttpsURLConnection to connect to a secure SSL server ...

I'm developing an application that requires the use of a signed message digest, so I'm using the java.security.Signature class to create and sign the digest. I'd also like to be able to extract the unencrypted message digest from the Signature object, but there doesn't appear to be any ...

Hi,I have a file on the http server that's protected by a username and password. So, when I try to access the file by typing the URL, it prompts me for a username and a password. I want to access this file in my java application. How would I go about doing this? What classes would be useful? A ...

Hi,I am creating a web application which will run on Linux-apache using jsp and oracle as database.This web application will show information about customers.I want to create role based authentication, which has read only access for cuatomers so they can seeonly there data, users having ...

I'm new to the JCE, so this may be a silly question, but I've created a public/private RSA keypair using the keytool and I'm trying to encrypt a block of data using the RSA cipher obtained by callingCipher cipher = Cipher.getInstance("RSA", provider); // provider is the IBM JCE ...

Hello,I am trying to get Authentice a user using Kerberos, JAAS on a Windows 2003 Server with Active Directory. Here is what I have tried so far.Kerberos config file contents[libdefaults]default_realm = corp.citistreet.orgdefault_checksum = rsa-md5[realms]corp.citistreet.org = {kdc = ...

Hi,I have created a client certificate (client.cer) for mutual authentication using keytool in linux. This client certificate will be stored at where the client application resides. Is client.cer portable? Can it be exported to a different platform eg. Windows, where the client application uses ...

I am trying to use GSSAPI mode of authentication and connect to Active Directory running on a Win 2003 server and in the process I am getting following error. Kerberos token is getting created correctly atleast as per the log messages but later getting an error that credential are not being ...

C:\perseus>keytool -list -keystore C:\jdk1.3.1_08\jre\lib\security\cacertsEnter keystore password: ?keytool error: java.io.IOException: Keystore was tampered with, or password was incorrectCan someone tell me what is the default password for this.I just wished to see the certificates ...

I am trying to convert a string s1 into a byteArray and then into a BigInteger and then do the process in reverse to get the same string back as s2. Can someone please help me with this? I am not getting the same string back for some reason.import java.io.*;import java.net.*;import java.math.*; ...

Does any one know what may be the problem here ?I am receiving a SPNEGO token from Windows 2000 through IIS (Starts with Negotiate)The I am decoding it as follows byte[] spnego = spnegoString.getBytes();byte[] gss = new String(spnego).substring(66).getBytes();GSSManager manager = ...

Hi,How secure is using a java keystore to store private keys. Does it depend on the strength of the password? Thanks in advance

We have web pages that are protected by the SiteMinder Agent. The user is required to present a certificate and also a password to access the web pages (basic + certificate authentication). Once the access is granted based on the authorization, a web page is loaded that runs an applet (in the ...

I'am making an application that stores data in mysql db. The information to be stored is sensitive and need to be kept secure. I use mysqls AES crypto, but what can I do about the key? There will be several users on the db and they all need access to the data wich means I can only use one ...

This is a cross-post - I'm sorry but they didn't seem to know in the JDBC forum.Hi,We're trying to design a somewhat secure way to connect to our database. I've heard that there should be possible to use Kerberos for database login(?).Today we authorize the system user by using Kerberos and ...

I've an applet that makes a JNI call to a windows dll. In the java.policy file, I've the URL requesting the permissions and it looks like this :grant codeBase "https://hostname/classes/*" { permission java.io.FilePermission "data.dll", "read"; permission java.lang.RuntimePermission ...

I need to pass a username between two separate J2EE apps running on the same server. Its important that the client is not able to modify this parameter. What is the best way to share this information? An encrypted cookie, encrypted request parameter? Basically one application sets the ...

<bold>The below code throws the following exceptionException in thread "main" java.lang.NullPointerExceptionat EncryptionProblem.crypt(EncryptionProblem.java:85)at EncryptionProblem.<init>(EncryptionProblem.java:37)at EncryptionProblem.main(EncryptionProblem.java:16) But runs fine ...

Hi, I am trying to encrypt a symmetric key with a public key and then store the result in a database. This works fine but when I read the ciphertext from the database and try to decrypt the key with the corresponding private key I get a padding exception. I also encode the cipher text base64 ...

I am getting "No LoginModules configured " after upgrading to WLS 8. My application can work under WLS 7 (AIX and NT) and WLS 8 ( NT only ). I have tried to force my own security policy but it still does not work. Attached with this email are all the related config files. When using a sample ...

Hi, i have a login page which when the session times out gets redisplayed within the frame of the html page where the session timed out , i have tried setting the session timeouts to be less than the other application so that the login page will timeout before the documentum application but ...

I am looking to use RetroGuard as an obfuscator for some code that I am writing. I went to retrologic.com and downloaded the latest version, along with the documentation that goes with it. I do not understand how to install it? Heres the instructions :::: 2. Installing RetroGuardRetroGuard is ...

hii am new to security and i want to create a website where users can login securely. I mean i want to send passwords when users login to server using ssl and then check the passwords against a jdbc database.i want to use jsp for building my web interface. I am currently using j2ee 1.4 ...

Hi,having an issue setting up a simple deployment descriptor for Tomcat 3.1. The following entries added in WEB.XML for my ...

I'm implementing custom Login Module and I have to create a CallbackHandler that will get all the information from the jsp page. Does anyone knows what's the best way to do this? What type of CallbackHandler should I use? and how to implement this?Thanks

Hi all,I need to print text in the client's printer, directly on LPT1. I know that I should have permissions to do that, but I dont know how to set up those permissions in the client's machine.I developed an html page with an embedded applet which tries to print but it throws ...

i am developping a security application that needs to access the web client certificate store to enable him once he choose to submit his form to select which cetificate to sign with; i need to know how to access in java the certificate store on the cient machine.thanks

Alot of Java security focuses on protecting the party operating the computer that is running the JVM from threats. When it comes to running a client Java application it is difficult to protect the application and content it holds from the party operating the computer and JVM.I need to be able ...

Hello,I'm new to SSL.From what could I start using SSL?In our system we have JDBC layer for connecting DB. How to organize secure connection to DB? Best Regards,Ljosika

Hi All, I am a jboss newbie and need to a simple username/password challenge to pop up when someone accesses my web app deployed on jboss. I was looking at UsersRolesLoginModule. I am using jboss-3.2.3 with jetty-4.2.14. All I did was the following 3 things. 1) ...

Has anybody ever implemented single on using JAAS? I refered to this article ( http://www.devx.com/Java/Article/7865/0/page/1 )on devx. For supporting single sign on it uses an option, 'Shared state ' map in login config file. this options isused for passing user security information between ...

Is there a way to include .java.login.config file within the applet.I've got a sign applet but I still need a LoginModule configuration file to be able to use LoginModule within the applet.

Hi,Generated the KeyStore using the keytool using Default KeyStrore Type & KeyStore = User, Password=password With keystore am able to retrieve the both Private & Public Keys by making use of KeyStore.getDefaultType())When i tried 2 encrypt the message using the params Cipher, ...

Hi,I need to do a Client Authentication with the server running on HTTPS (from a Java code).First, I thought of connecting and reading to a HTTPS server and try Client Authentication later.I failed in the first step itself. I could not connect to https://mail.yahoo.com . It throws an the ...

I have an application which used my self signed CA, e.g. CA0.We now going to have new external CA, e.g. CA1 has no relation to CA0.Do I need new certificates for existing users of CA0 ?If not, how would the users of CA0, would get validated by CA1 ?Do I need a certification path to be ...

Does anyone know the method for getting the OSUser name?