Hello all,I have been wandering about an authentication issue for a long time now. For now, we have build Swing applications that connect for themselves to backend systems. The clients are JAAS enabled to login to those systems and to make the subject reusable when authentication is required.We ...

Hi, Does any of you guys know of a free Java tool/library which allows a Java client to obtain functionality similar to that of keytool (creating keystore files, exporting to a cer file ...)..(This tool should be used by my java client and not a command line tool)TIA. ...

Using Keyman on hp-unix. Wanted to create self-signed certificate.When I tried to create, it asked to create keys. I created them. Then I could select self-signed and create it. This is listed under private certificates. Now what to do? For somebody to trust this certificate, do I have to take ...

Hi everybodyI love Java but I think that people can decompile my class file to take my source code!Like this program http://kpdus.tripod.com/jad.htmlHow to protect our source code?Even you use Jar files, they can unzip them and decompile!Thanks in advance!

We have a web application that only works in Internet Explorer. It is a page that downloads the CAPICOM.dll and an ActiveX so we can read the Client certificates registered in Internet Explorer browser.But we want this web application to be accessible from Mozilla and Netscape. So in this case ...

I'm getting the below exception when i'm trying to use my JAAS login module developed by me. The application server is websphere.java.lang.ExceptionInInitializerError: java.util.MissingResourceException: Can't find bundle for base name com.sun.security.auth.Resources, locale en_USat ...

I need to encrypt a password to be sent between a web service client and server.I need to be able to distribute the keystore (I guess) or passphrase to clients looking to use the service.I have been unable to find a decent example that applies to my situation. All examples are either encrypting ...

Can I store username and password in System.setProperty(key,val) and still be secure? And does each user have a different "System" property space so there will be no overwriting?

Problems decrypting a RSA encrypted stringI can encrypt the string fineprotected RsaEncrypter(PublicKey publicKey) throws InvalidKeyException {try {ecipher = Cipher.getInstance("RSA");dcipher = Cipher.getInstance("RSA");ecipher.init(Cipher.ENCRYPT_MODE, ...

I want to protect my resources and I do so1. to protect my jsp's i write in web.xml ...

Hi,I think that these are 'keytool' questions, and hope that this is an appropriate forum. I was wondering if someone could tell me:1) How can I get a list all of the certificates in cacerts?2) How to import a CA certificate into cacerts (probably using keytool)? I can import it into ...

Hello,Is there any API or code sample that shows how to programatically verify the signature of a jar file. I dont want to use the jarsigner tool.Thanks in advance

Hi,I'm using Tomcat along with its JDBC Realm to authorise entry to my web app. Everything appears to work well during use, but after looking at the logs I'm not so sure. I'm developing on Netbeans 3.6 and connecting to an Ingres 2.6 database for the username/password/roles.Looking at the ...

Hi all!I am developing a web application where in I will be having an Applet downloaded at the client side and it will be prompting the uer to select the .PFX file which contains the key pair for the user and further will be using the Private Key to sign a random data to be send to the ...

Where are the passwords located while creating keys/keystore using keytool? I am guessing that there should be a password-file...Thanks

HelloActually, I work on the security of Java and I have a little problem to obtain new permissions.My policy file (auth.policy) is this :grantcodeBase " http://www.mywebsite.com"Principal com.securite.ldap.LdapPrincipal "toto" {permission com.securite.permission.URIPermission ...

I have a web application that can have 1 o more roles. This roles can be created dynamically from the App in a Database Table, and the roles can be granted to the user in a table dynamically too. When the user creates a new role, 鼿ow can I assign access to jsp to this role? 齀s possible have ...

i'm doing a password cracking tool using brute force. it is suppose to crack passwords from webservers but i don't know how can i tell the program to locate the username and password field.is it possible?

Hi all,i'm trying to export a certificate installed in Internet explorer basically needing to translate it in a .pem file to be used later by the stunnel application.somebody knows how to do that without using the IE options wizard? I need to do that possibly from javacode or command linePS: i ...

Hi,kinit (and Krb5LoginModule) in JDK1.5.0 (and 1.4.2) are not able to get the tgt for an principal when using the old (pre Windows 2000) login name.E.g.:In ActiveDirectory my user is holger.hartmann@MYCOMPANY.NET (ldap attribute userPrincipalName),the Pre-Win 2000 name is MYCOMPANY\hrhn (ldap ...

Hi all, We have an app that posts & gets to a site over https. I am using the HttpClient object from Apache. The posting and getting works fine most days but every now and then I get the following error (see below) with:sun.security.validator.ValidatorException: No trusted certificate ...

Hi,This may be a dumb question, but that's never stopped me before. :)Assume a Java program that uses its own P2P network protocol, such as Limewire, etc. Assume that the Java program file is distributed widely, and that the recipients have the programming expertise to modify it. Is it ...

Hi All,Actually curretly I am working in Banglore and planning to go for Java Sun Architect Exam. I am already a Sun Certified programmer.Can any one just guide me which centre in Banglore, India is have the authorization for the exam and also guide me with the study material, which I have to ...

Hi I like to automate web access to secured pages and proxies, which areproteced with a Basic Authenication scheme.The Basic Authentication within an Applet works really well, I get all theinformation I need when I attach theAuthorization: Basic base64encodeUID_PW to the request Header.orif I ...

Anybody tells me what API should be used to read a CA certificate and find the expiry date on it?Thanks

When I tried to use the "keytool" utility comes with j2sdk1.4.2_05-b04. The process will just hang at the end of the key creation process, after the tool has asked all the questions and need "yes" or "no" input. When put in "yes", the process never ends, just hang there. Is there some problem ...

Hey I'm new to Java and was wondering if anyone could help me figure out how to DL the Java API's such as Java.util and Java.io and such off the site? I obviously need them but i cant figure out how to dl the content

Hi again!Sorry that I ask again, however I read the jaas-docs but they are written in a very complex manner and for non-native-english guys really hard to read.What I want to do is the following:I have a java-application that interacts with my application-server. The users that uses the ...

Hi everyone,my Web Start application crashes with a SSLPeerUnverifiedException when Itry to connect to the server with HTTPClient :// proxy settingsHTTPConnection.setProxyServer(ipProxy, portProxy);// connectionHTTPConnection con = new HTTPConnection("https", serverName, -1);// Post (then there ...

I'm a newbie here. Just need to know which library or package to use to:1. load cert file2. validate cert against trusted CA's3. extract public key from cert4. use public key to encrypt data (asym and sym encryption)Also need to do hashing/signing... I've looked at J2SE doc and I found a ...

i want to my servlet start automatically when tomcat start . Need i configure the web.xml? how to make it?

hello everyone,I am new to this forum, and this is my first forum in this site, please help me,My problem is, I have done an applet application which uses the SSL sockets, and it is working fine if i use the appletviewer tool, with the arguments of policy and URL, when i run this command ...

Hi Everyone,I have been trying to get a solution for this from last few days but in vain.Ok,I want to authenticate myself as a client to a secured site.The server people have given us a *.p12 certificate.I exported it into a pfx format with the private key.Now how can I get this into a private ...

Hi! I've created this class to unzip files but it doesn't unzip images, actually it unzip them but they will be empty inside.. And I need a compression tag for ziped filesimport java.io.File;import java.util.zip.ZipFile;import java.util.zip.ZipEntry;import java.io.InputStream;import ...

Java web applications protect resources using their own security authentication and authorization management mechanism or using the application container's provided authentication and authorization support according JSP specification.Using the application container's support for ...

Hi allI have a java application that accesses EJBs on a JBoss application server. My application requires the user to log in, providing username and password. After successful authentication, the user can access the application.I would now like to be able to extract the users credentials ...

hi,i need to test whether the SSL in tomcat is secure or not. i need to show some evidence to my supervisor that SSL did encrypt data during transmission. therefore, my plan is to sniff out some packet from SSL to show the encrypted data to my supervisor. but i do not know which is the best ...

Hi.I'm using a JSP page to connect to a file on the same domain: http://mydomain/rootOfTheSite/xmlResponse.jsp This JSP page uses a java bean:WEB-INF/classes/myBean.classto create a connection with an xml file: http://mydomain/rootOfTheSite/aFolder/myXML.xmlI developed this first on my ...

Hi;I would like to realize a web application with a extern access (via Internet). My question : which is the best solution to secure the access users ? For example to use JAAS + LDAP, etc...Regards;

hi,iam using sun server for my application..iam calling an applet in a jsp page..when this applet loads it displays values which r retreived from other server using servlets..in applet init method iam calling a method called getDocClassDesc which is in applettoservet.java..in this method i will ...

Hi,Can you someone throw light on my problem. Here is the problem description:we are using AXIS infrastructure to place SOAP calls over the HTTPS tunnel and we did not have any problem until 22 Sep 2004. That day onwards we are getting below exception because of JVM up gradation to 1.4. Prior ...

I am using Active Directiory in Win 2000 Server and Kerboros protocol. I can authenticate an user whose info is in that Active directory by Jaas api. Now i want to check whether a user is in a specific group or not. For example let i have 2 users 'user1' and 'user2' and a group 'mygroup' ...

Hey everybody!I just compiled what I think is a bug report for Java. Take a look at it.BUG REPORT FOR JAVA- Running Debian Linux on KDE- Processor is Pentium III- 128 MB RAM- 7 GB of Space on Hard DriveFrancoisSoft:~/Desktop/Toolbox/Paint# java -jar JDraw.jarXlib: connection to ":0.0" refused ...

Can someone please try to compile these two classes under JDK 1.5.. the same exact code compiles under 1.4.x...import javax.security.auth.spi.LoginModule;import javax.security.auth.Subject;import javax.security.auth.login.LoginException;import javax.security.auth.callback.CallbackHandler;import ...

Hi,I've used keytool and openssl to create a .der file. I've also configured Tomcat to perform Client Authentication on my https port. I've used windows Certificate Import tool to import my certificate. When I try to tell it to put it in the personal certificate folder, it says it imported ...

Hi I am developing a secure HR application, connecting across the internet using TLS, this is project for my degree with the Open University, UK.I do not have a trusted Certificate and want to import my own, I can see how to do it using CLI but want to incorporate it into the GUI based ...

Hi,I am developing an authentication framework which needs to interact with multiple systems to authenticate a user. JAAS makes sense here so that each interactions with these boundary systems can be divided in its' own login modules. The problem is If the first system gives me a PID from ...

Hi,Can anyone tell me how to get IP address of own pc? That means when i run an application, it will automatically check IP address for verification. Thanks.Regards,marcalena

I need to support programmatic SSH interface in my Java application.Does anyone have a recommendation on better SSH package?I also need some heads up as to where to start in supporting SSH?

I'm trying to implement RSA encription algorithm by myself. I'd like to rebuild exactly the algorithm as it is in the JCE JDK 1. 5 . My problem is that i haven 't found a resource that explains me how to encode a string and convert it into a BigInteger as JCE does.Is there anyone who can ...