hi,I am trying to write simple kerberos code.does anybody know where can I find sample code.

Hi,Finally got my sasl/kerberos/openldap working on Linux (after quite some time).Next on the list was to get authentication working with W2k. I tried pointing my test app at our active directory machine and got this error when i call login():Attempting to log in....Using builtin default etypes ...

Hi, i'm new with this kind of encryptation and i need to encrypt a string to MD5 and then to 3DES, i am not sure how to do this, i hope you can offer me some help.Thanks.

Hi,After an ethereal capture I discovered my app had 'Encryption Types: des-cbc-md5 des-cdc-crc des3-cbc-sha1'.I get back error_code: KRB5KDC_ERR_ETYPE_NOSUPP from the server (W2K).Do I need to remove the des3-cbc-sha1encryption? If so, how do I do that?Ted.

i got a simple question,i used the sun.net.* package to realize a ftp connection, but the "get" statement takes such a long time, but why, can anyone tell me the reason.here a part of my code:public class FTP2 extends FtpClient {public FTP2(int pflag,String host,String pfad) throws ...

Hi,I have a typical requirement which asks me to have a security manager which applies to only a part of the code and not to the whole code. I will try to explain it.Lets say I have a class A which does something (may be it accesses files, open socket connections over network etc etc). This ...

I'm not really sure of what makes a certain cetificate different from a certificate that I create in my comupter... I mean, how can I validate that a certain certificate belongs to the entity it says it belongs to?Is my question clear enough?I hope someone can help me with ...

Hello,Is there any way to give a permission on an object (say, read from a specific local file) to all codebase. I mean, how can I set the permission for ANY CODE from ANY CODEBASE from the Internet. I know this might not be wise..still I want to do it.thx for ur ...

I am developing a application which is going to do some Single Sign-On authentication. This application is going to be a J2SE application for the desktop.For those who do not know what Single Sign-On is: For user who have multiple usernames and password for different web site, Single Sign-On ...

hi,I have one business issue try to solve. To simply put in english, I have two sepearate websphere servers and I need to pass a string between them. I would like to encrypt the string and then decrypt on the other side.I would like the keys to be only known to the servers but no body else. ...

Hi,I am planning to implement JASS autherization in my web application. 1. I want to restrict the role to access few certain jsp, servlet pages. What entry should i make in policy file, so that when the role tries to access that jsp file, it should automatically redirect user to some different ...

Hi... I wrote a DigitalSigDealer class that's suposed to perform 2 basic functions...1) Sign a document using a certificate and a keystore file.2) Validate a signed documentMy problem is that... my "sign" method signes the hole document... and I would like to be able to sign only a certain ...

Hi,I'm trying to access one SmartCard token in Java 1.5 using SunPKCS11 provider for crypt, decrypt and digital signature operations. I have 2 certificates stored on Token: - CertA;- CertB. There are also 2 PIN:- PIN1;- PIN2.I use: - PIN1 for logging into the token;- PIN1 for operation ...

Hi,After eventually getting all the bits to work (what a nightmare) I come smashing into yet another bulkhead at a rather unnecessary speed.I have a web app using jsp and servlets. I login, store the Subject in my session. I can retrieve this session and get a DirContext that only works for ...

Hi I have a web application running on Sun's App Server 8. I have configured to use the ldap Realm that comes with the PE Server but i am not sure how to access the Subject, as i want to display like the user first name and last name instead of the userid.. but there is NO DOCUMENTATION of the ...

I have a test program using UnixLoginModule and a callback handler. However, the callback handler is never called. I have debug set and it appears to always authenticate with my current logged on password.How do I get around this as it seems that this module breaks the whole idea of ...

Hi,I have just tried to run the JAAS Kerberos example, JaasAcn.java, and am getting an error which is not covered in the troubleshooting guide.Win2K Professional, Windows2k Server for ADS/KerberosJava 5 being used.>>>KRBError: sTime is Thu Apr 21 18:19:55 CEST 2005 1114100395000 suSec ...

Hi,I have a client server application, and I want to ensure that the login process is secure (i.e. use secure sockets). but I dont know how to switch back to a normal socket once that is done.So I am left thinking that i should just use SSL for my whole application, which can last pretty long. ...

Hi all, I'm trying to find the most elegant and simple way to restrict access to my web content and I'd like to have your opinion on how to make it better or how other solve similar tasks.The situation is:My web-site (Tomcat 5.5/JBoss) has 50% of pages with access restricted by declarative ...

Hi... I wrote a program that signs a document using a .cer file (X509Certificate) and a .pfx or .jks Keystore (JKS or PKCS12 keystore). I need both files in order to sign a document.When I validate... it tells me that my signature is ok (correct hash value), but my certificate has expired (It ...

I am having a problem with applets and an SQL server. Let me explain my situation:- I have an SQL Server on a machine in my network- My Applet is being developped on my machine- When connecting to the server through a browser using the machine name (ie: http://myserver/applet.html), it works ...

Hello I was trying to open a connection to secure URL and post content to it.I got the following exception:java.io.IOException: HTTPS hostname wrong: should be <165.112.121.195>at sun.net.www.protocol.https.HttpsClient.b(DashoA12275)Its apparantly because the connection is ...

Hello,I am using JSE1.5 on a Red Hat 9.0 system.If i use a JColorChooser component in an applet, I get the following compile time error.java.security.AccessControlException: access denied (java.lang.RuntimePermission modifyThreadGroup)I tried to resolve (temporarly) the problem, using the ...

Hi.. I'm in the process of developing a JSF application that will make use of JAAS. I'm trying to dig through the myraid of information out there to makes sense of things and now i find myself asking a simple question to make things clearer..Can we use the typical JAAS approach for ...

Hi everybodyI am planning to create a packet filter firewall in my project using java. Is there anybody who knows where I can get free java open source code for a firewall? I have searched for two days online trying to get a free java source code, but all the codes are made in C or C++. I have ...

Hi,I am trying to integrate my application authentication to a backend system with the ibm websphere form based authentication. Below is the scenario:1. when the user clicks on a protected url, the container will redirect the user to the login page.2. instead of displaying the login page, i ...

Hi,Has anyone ever seen a diagram which simply explains how this load of **** all works?I'm trying to get stuck into GSSAPI/SASL/KERBEROS/LDAP and it seems theres some kind of conspiracy out there to stop anyone from getting to grips with it all. All I can gather is that you have a security ...

Does any one know how to configure Java Plugin 1.5.0 to use the Firefox kesystore either in Windows or in Linux environments?I installed and configured 'JSS' based on the information available at http://java.sun.com/j2se/1.5.0/docs/guide/deployment/deployment-guide/keystores .html.but still ...

Hi,I would like to retrieve some user defined request parameters to j_security_check, besides the default request parameters j_username and j_password. Is it possible?When the url http://localhost:9080/XXX/login.jsp?userid=1234is invoked, it will automatically redirect to the login.jsp page. ...

Hello.I'm using Sun One LDAP server, and WSAD 5.1.2Trying to implement some security for proof of concept. I've been able to configure application server so that Authentication with LDAP works using form based login.I'm using information based on a tutorial found ...

I need to read certificates stored in the keystore https-%SERVER%-%ALIAS%-cert7.db. I don磘 know as it is the java provider for the "KeyStore.getInstance( ?)" or how read this.Can help me, thank

hi Can any one help me out to do upload of file by using sftp(Secure FTP) with java.I could be able to upload using ftp ,but the same thing i need to do with sftp also .

Hi ,I am new to clear trust .Today i gave an interview . Someone asked me a question :: Suppose there are two people , One in Carlifornia and another one is in Texas . There is one server . If they want to communicate with each other through that server using CLEAR TRUST How they will do that ...

Hello there! I'm using a classical j_security_check security authentication approach. I've created a LoginModule (extends Jboss' UserNamePasswordLoginModule) and so far things have been workin fine. Well now I need to have a more complex control, so I decided to not use j_security_check. ...

I am working on integrating JAAS into my program and would like to start by using LDAP as the backend source for authentication data. After googling for a while, I have only found one class, JndiLoginModule, that provides me with any support. My LDAP server supports only user binds and cannot ...

Hello; I have an implementation of a java.security.Policy object that I've been using in a standalone application for a while.I would now like to notionally move this to the web. So I need a way of making this Policy implementation work on a webapp-by-webapp basis.Assume for the moment that I ...

i am currently in a java class where i am required to make a game/program using applets i am not familiar with any of the exceptions so i do not kno how to fix this runtime error. the oblect of this program is to let users import their own images into the applet and let them paint on it.I need ...

Hi, I am having a problem writing to a file from an applet.I get the error:java.security.AccessControlException: access denied (java.io.FilePermission <filename> write)Can anyone please help me?Here is my code:import java.io.*;import java.util.*;import javax.swing.JOptionPane;// GUI ...

Hello,I would like to know if it is possible to restrict file access permissions to certains files, defined inside my program. I can't modify the user's java.policy file. Thanks

Hi, I'm a beginner of Java. I executed a shell script from an applet. Its not raising any error while compiling. But while running the applet, the script is not at all executing. While searching the forum, I found that the security policy has to be changed in order to execute a command. What ...

I wanna know the level of protection provided by the jarsigner i.e. can it prevent reverse engineering or render classes useless if the classes which are inside the jar file are extracted and a new jar formed by creating a new jar file containing the very same classes (after creating a new ...

I need to use an encryption/decryption algorithm that run on J2ME (CLDC/MIDP) and J2SE/J2EE. The algorithm must use a random key and a private key (bluetooth device id? imei?)... what is the best choice to implement? and the best that java offer in its API?

Hi,I'm currently deveoping a reusable component for WINNT authentication and authorization. I'm through with the authentication part through JCIFS authentication. But for authorization, I'm baffled about the way I must proceed. I have two basic questions:1. How can I generalize the concept ...

Hello,How to get the list of certificates or anything public information in a smartcard without entering the pincode ? I know it is possible with smartcard(PKCS11) but not with soft certificate(PKCS12).I remember to have seen an applet which displaying a welcome message with the first name and ...

I have a signed applet which needs to access a local resource. If I put the access code in the applet constructor or the init() method it works just fine. If I put the code in another method and call it from JavaScript on the hosting html page it fails. See the code below.Any ideas as to why ...

I have this servlet that calls this session bean that is located on a different machine. I know that the call is an RMI call. Does anyone know if the call is encrypted. when I call the session bean method and I pass it an object, can someone, somehow, look into that data. The servlet actually ...

Hello everyone.I couldn't find it via google so maybe you can help me.I'm looking for Java build-in/standard functions for web security.I'm mean to check on te server side if posted data is valid (e.g. no SQL code included) and if email is correct.No java script, pure java code ;))Please ...

When I run a classical sample code using Kerberos authentication the application exits abnormaly without throwing any exception or error but with the following lines on the console:Error calling function Protocol status : 1312FormatMessage failed with 1815The code runs with error on a win XP PC ...

am trying to open a SSL connection to OID but getting Thread-0, WRITE: TLSv1 Handshake, length = 73Thread-0, WRITE: SSLv2 client hello message, length = 98Thread-0, received EOFException: errorThread-0, handling exception: javax.net.ssl.SSLHandshakeException: Remote host closed connection ...

I'm writing a program using Java Security APIs and other third party APIs, such as IBM's XSS4J.The client program do the digital signature on a XML file using a java keytool generated self signed "private DSA key". The server side program receives the XML and then tries to verify the the ...