I'm looking to export a certificate fro my keystore in a format that can be used with IIS. The certificate is being shared on multiple ports, IIS environment running on 8081, and Tomcat App Server Environment running on 8080. Both app servers require SSL.Has anyone sucessfully done this ...

i m new to j2ee...deployed "AdviceApp" application successfully given in Head First EJB book to sun RI server...when i run the client which is a simple java application on the same m/c as RI server, i get following errorD:\technical\java\projects\advice>java -cp ...

hi, i have struck a problem where a SecurityException is thrown because two third party jars that are signed contain a class common to a package.Jar A: com.sun.xml.util.XmlCharsJar B: com.sun.xml.util.XmlChars com.sun.xml.util.MessageCatalog com.sun.xml.util.SomethingSomethingI can't touch ...

Hi,I am trying to write a client/server program using sockets and needs to send the digital certificate from the Server to the client. However, no matter what I did, when the client recieves and saves the digital certificate, I cannot open the file and recieves the following windows error:This ...

Hi all,I'm trying to access one USB token in Java 1.5.My documentation suport is: http://java.sun.com/j2se/1.5.0/docs/guide/security/p11guide.htmlMy 1st step was configuration. I add the line: security.provider.7=sun.security.pkcs11.SunPKCS11 ${java.home}/lib/security/pkcs11.cfgto ...

Is there a way to load a policy file (to grant file I/O permissions) into a SecurityManager by calling some method I dont know about?Here is what I am trying to accomplish:I am hosting a java applet that I wrote on my personal web domain. I want to grant access to read/write various files that ...

Hi all,I've done a bit of a search, and haven't had any luck finding anything on how, if at all possible, you can check for a certificate's expiry date.Basically, I'm wanting to write a small app that will parse a keystore and check for any certificates that will expire in X days. Is there ...

Hi ........please Let me know about Snmp cloud .............i know about what is snmp..............but i want to know that how to access Snmp Cloud through Programing.................................Can someone please help me with this? I have been trying to figure it out for the last 5 days ...

Hi AllWhen Execute the below code exception in jdk14CipherWithModeWithPadding()"java.security.NoSuchAlgorithmException" @ the commented lines (2, 3, 6, 7, 8, 10, 11, 14, 15, 16, 17, 18, 19, 22, 23)but in jdk14CipherProviders() there is no exception,Kindly suggest issues related these exceptions ...

I have been doing J2EE intranet web apps for some time and as a result I have not had anything to do with https. Can anyone shed any light or point me in the direction of any docs that might help me work out how easy it is to take a web app that uses http and port it to https.Thanks ...

I am wondering if it is possible to intercept the execution of j_security_check (form-based authentication).The requirement is to trace every login attempt into database. Installing a servlet-filter doesn't work becaus the filter gets never called. So, where can I implement post-login ...

I need to design a security mechanism that will enable access control. However it cannot rely on implementing it through an RDBMS, as there may or may not be a database in certain situations.I am completely new to Java security and would appreciate some 'simplistic' advice.

The web service uses the HTTP Digest Access authentication protocol to authenticate the calls made to the SOAP APIs.The Web Service server implements the server side of the protocol described in RFC 2617 ( http://www.ietf.org/rfc/rfc2617.txt). How can a java client access this service? What kind ...

I am using JAAS in a Tomcat web application. Here is a code snippet...try {_loginContext = new LoginContext("UseMySql", handler);_loginContext.login();setLoggedIn(true);} ...My jaas_.config file:UseMySql {com.security.LoginModuleMySql required debug="true";};I verify that the ...

Hello,sorry if this is allready posted here, I couldn't fing it.I'm using the Kerberos ver.5 Login Modul in JAAS to authenticate users (Java version is 1.4.2). I'm also using SSO mechanisms of Kerberos, so with kinit I make a ticket for myself into the ticket cache and I'm using it withou ...

Hi,I'm kind of new to setting up security the "right" way in J2EE applications. I was wondering if anyone could offer some help or point me towards some good resources.I am building a Struts J2EE application on my company's intranet.. I'm using Weblogic 7, on a Windows 2000 box. This ...

Hi I'd like to access my private credentials from some code. The code gets a login context, then when authenticated, tries to read the private credentials from the subject.My entry in my policy file looks like this:************grantcodebase "file:./JaasAzn.jar", Principal ...

As I can validate a user in Windows 2000 Advanced Server SP3 (ADS)somebody has an example with JSP or Servlet My Application Server is Tomcat 4.1.29 in Window 2000 Advanced ServerHelp me pleaseBest regards.Atte,Jose

What I need is the ability of web-application to authenticate user on its own (i.e. not using container authentication mechanisms). It is required because in the system I am designing each application has it's own small and completely independent set of users. Furthermore, this set is volatile ...

Hi all.How can I get the username and password of the user that logged in ?Best regard

Hi,My understanding in this subject is very limited.. but I need to do a fairly simple thing:Given a keystore file (mystore.ks), I need to display a list of the key aliases in that keystore.(something similar to the dialog you see on WTK when signing a MIDlet suite.I tried:FileInputStream fis = ...

Hi All,I have come up with this mechanism to exchange a 3DES key. The key is generated by one party and sent to the other who then uses it to encrypt information in a database. This process will be repeated every few months to re-encrypt the database. I cannot see any security holes in it but ...

HiDoes anyone know how to set the Kerberos encryption type for the GSS/JAAS tutorial? I've tried all the variations of des-cbc-crc (which I think is one supported by both my KDC (MIT) and JAAS) that I can think of. I'm trying to do this by editing C:\Winnt\krb5.conf - which is the config file ...

Is JAAS scalabale robust .... how easy is the maintainability of JAAS application

Hi all!How can I save an X509Certificate in p7b format?With best regards,Paul Vassiliev

Hello.I'm facing problem during client connection throungth proxy. The error messagge is:java.io.IOException: Unable to tunnel through proxy. Proxy returns "HTTP/1.1 302 Moved Temporarily"at sun.net.www.protocol.http.HttpURLConnection.doTunneling(HttpURLConnection.java:923)at ...

Hello all,I think this is a common problem, but I cannot find the right way how to do it. This is my problem:I've created an online game which writes scores to a database. It all works on my own laptop (local: windows) but when I upload it to my server (linux?/unix?) I get an ...

Hi, I have a Websphere App Server 5.02 installation.Presently, any user can access my admin console and settings.I want to set an appropriate login for my Administration level settings.Can someone please let me know how to go about it.Thanks,Dhiraj Asrani. ...

I am attempting to develope a webapp that requires client authentication. I have generated keys using keytool IAW the j2ee tutorial found here at Sun as well as in wrox, "Java Security" book. I am successfull at getting the server authentication set up, but cannot get the client side to work. ...

Hi Alls,How can i link my custom LoginModule with my web application that form based authorization will use this LoginModule in WebSphere 5.1?Thank's

Over the past two weeks an existing system (live 6+ months) has started showing problems with the JCIFS authentication. It claims a failed authentication of the user provided credentials when none should have happened. Repeated attempts produce the same affect for a seemingly random interval ...

Hi Does anyone know how to use JAAS from an applet? I need to pass in the name of the login config file - normally done via -Djava.security.auth.login.configin an application. How is this done with an applet?Thanks

Hello I am new into cryptography, and I am trying to encrypt a block with RSA but I get this message : NoSuchAlgorithmException: cannot find any provider supporting RSA. Any ideas of what should I do? or which provider to use? This is my code: public static String encryptASYM(PublicKey key, ...

Hello all,I have an web application that conect with https and request a client certification.i get the client certificate from the request:X509Certificate[] certs = (X509Certificate[])request.getAttribute("javax.servlet.request.X509Certificate");X509Certificate cert = certs[0];String dn = ...

User login into his PC(NT domain) . Now if he/she visits the Intranet site, I want to get that user information. Intranet site is a web application running on resin. Can I do this using JAAS or some how? Any help is appreciated

Hi,I am using JDK 1.4.2 and bouncy castle as a provider for RSA.It worked fine until recently when my company asked me to compile and build the jar from the source code from bouncy castle, instead of using the binary version provided in their website.But I only have a certificate obtained from ...

I have been reading information about single sign-on (SSO).This is our situation : we want to implement SSO for our intranet struts applications running on a websphere application server.I was first thinking about JAAS, but I don't really know how to deal with the callbackhandler, since all ...

I am trying to pass the username and password to a URL protected using basic authentication programatically. I have a JSP that has a valid username and password. I construct the Authorization header and redirect to the protected URL as follows :BASE64Encoder encoder = new BASE64Encoder();String ...

We are trying to connect application running on JDK1.2.1 to application in JDK 1.4.1. Both applications are in Oracle 9ias application server but with different JDK and different physical machines. We are getting following error while trying to access to application on JDK ...

We're using a custom JAAS login module within the Web container to perform authentication in a fashion similar to what was suggested by Dan Brown's article on TSS ( http://www.theserverside.com/articles/article.tss?l=JAAS). In other words, not using the J2EE 1.3 provided authentication ...

Hi,I have been writting lan based web apps for 4 years and have never needed to use SSL. The need has arisen, but to be honest I am unsure what steps need to be taken to implement it.What I want to do for starters is to just create a simple web app that takes in a username and password and then ...

Have anyone written such a beast? I mean, the IE has build in SPNEGO support. Mozilla can do the same, but not using the windows credentials.Im thinking of an applet that can fetch the TGT from windows an issued a service ticket for some site and wrap this into SPNEGO which can be verified on ...

HiI have setup a Kerberos server on windows 2000, now i want to write code in java to authenticate and authorize user using Kerberos , I know I have to use JAAS, JGSS, is there a how to document to setup a client machine, like setup krb4.ini file and other security files so i can use java to ...

I can't quite figure out whether JAAS is just a standard authentication mechanism or if it provides a way for a program to run code under a different identity than it was started with. In other words, is there any way to execute the code Runtime.getRuntime().exec("whoami"); so that it returns ...

Does anyone have any idea what this exception indicates ? I can find nothing elaborating on it.This is in my home brewed exercise to authenticate via the GSS-API to a server. As far as I can tell, the initial token exchange has completed successfully, then the server bombs out while trying to ...

Hi, I wonder whether some of you have an idea about how can I call a method in JAVA 2 from a C program. The situation that we have is that wue have integrated Arbor/BP application with other applications. Arbor/BP API's are in C and we have some programs in C that called those API's in order ...

Hi,I am trying to implement Principal based file access and using JAAS' authentication/authorization framework. This is the policy file : grant codebase "file:./*" { permission javax.security.auth.AuthPermission "createLoginContext"; permission javax.security.auth.AuthPermission ...

Hi The tutorials mentioning GSS-API create a secure context and once established start passing tokens between each other based on a proprietary protocol (a knock-knock joke if I remember...).Can this protocol be HTTP? I want to bolt the GSS mechanism onto an existing web application so all my ...

Hi to all,i'm working on system that needs communication with PHP.PHP must redirect to page in my server. Here must make a trip and go back to PHP pages. After that the php must check some state from my server. This communication must be secured. What is the best practice, or must question on ...

Hello,I am working on a project which allows authenicated comminication between a j2me client and a j2se server. To athenticate both server and client have certificates signed by a trusted party. Signing is done using simple RSA with SHA1. The problem arises when the j2se server attempts to ...