Hello! I have spent the night looking for a solution and I can't find it =/ I have a serverprogram that will generate a Public/Privet keypair for clientconnections, and then when the client connects i want it to send the public key to the host so that you can login in a secure way.... I can't ...

A general authentication system:1- User Id and Password request2- Access to resourcesExtended authentication system:1- User Id and Password request2- Access to extended authentication2- Extended authentication3- Access to resourcesI have to develop the Java components for the extended ...

Hi,I have just started developing my first application using jaas.However, when I run my program I get an exception telling me that the config file was not found:> java.lang.SecurityException: Anmeldekonfiguration kann nicht gefunden werden.As I have no experience with jaas I wonder what I ...

Hi,Is there some property which we can pass with -D argument to JVM to specify a custom java.security file, similar to the way we can specify a custom policy file using "java -Djava.security.policy".My actual requirement is to insert a new Provider which I do not want to do by adding ...

I read many topics relatives to these problem. Here's my case :I configured a file for the provider (pkcs.cfg) and used a dll openSc-pkcs11.dllI installed the provider.sunPkcs11 as described on the Sun guide.Installing the provider even from program code is succesful.I tested it , with the ...

instead of doing hundred of permission check, I want to have the list of permission allowed for a an authenticated user and deal with it . How may I do that? Is it possible?I started from this piece of code and whatever I tried, I never get the principal permission. I got some default ...

Hi,I am quite new to web services. I am trying to implement a web service using soap. What are things that I should learn to make my web service secure. How can I make sure that only authenticated people have access to my wb service.

Hi,I have a problem with secure tunneling of SOAP through a HTTP proxy. The proxyrequires authentication and SOAP simply does not provide the auth credentials ifit is also using SSL.This is an example of the communication between SOAP client and proxy server.The client sends this:CONNECT ...

HI! I'm trying to use basic authentication in a j2ee application. But I have a big problem: my security-constraint seems to be ignored if the url-pattern isn't "/*"! If I write (in the web.xml of the war ...

I had a program that worked in Java 1.4. The idea was that it obtained a Krb5 ticket and then used those credentials to perform an authenticated LDAP search using a different authorization ID. The code:Hashtable env = new Hashtable();env.put(Context.SECURITY_AUTHENTICATION, ...

Does java.net.Authenticator handle DIGEST authentication? Im not getting it to work when i contact my TOMCAT 5.0.28 Server. Has anyone seen this work?

Hi, I'm trying to write a java client that will achieve the same as the following curl command:/usr/bin/curl -k --cert /tmp/x509up_u10002 https://mysecure_serverThe cert specified is obtained from a myproxy server ( http://grid.ncsa.uiuc.edu/myproxy/)I have written a java client that works fine ...

Hi!!I am trying to read PEM file in J2ME with BouncyCastle package for J2ME.I have the PEM file and the password of the file, and I want to retrieve the private key that is encrypted inside the file.Any idea of how to do this?Thanks!!!

An applet using HttpURLConnection within a Java Applet. The Connection is formulated as follows:HttpURLConnection urlConn = (HttpURLConnection)destURL .openConnection( );urlConn.setDoOutput( true );urlConn.setDoInput( true );urlConn.setUseCaches( false );urlConn.setAllowUserInteraction( false ...

HiI am trying to post information from a Secure server (SSL) to another secure box outside the fire wall .. do i need to encrypt the data I would be sending ?Van

I have developed an application for receiving OCSP requests and generating relevant responses. I am unable to find a way to test this application.OpenValidation.org facilitates testing of OCSP clients and not responders.Thanks,Shardul Bhatt

Hi,I'm developing an application that is supposed to sign digital invoices in XML format. That's not a big deal using XML DSIG and Apache Security library.Problem cames up when I need to generate a timestamp for the XML document using XAdES. I can't find any Java implementacion that makes ...

Hi,I need to specify the keystore password and key password in my .Net application configuration file. Is there anyway I can generate an encrypted form of the keystore password?I do not want to store my keystore password and key password in clear.Thanks!

Hi I'm working on a web app based on Sun's App Server 8. I am implementing security using a Jaas LoginModule. I cant figure out how i can specify the config file because if i make the change in the java.security file the server throws all sorts of exceptions....... i'm not sure how i can go ...

I am running an app on a Linux box where I am already logged in. I want to spawn a process that needs to run as root. I have tried to use UnixLoginModule to login as root :Subject subject = new Subject();subject.getPrincipals().add(new UnixPrincipal("root"));LoginContext loginContext = new ...

hi!i got a problem with the signature...first a signature is created with php (OpenSSL)then it磗 send to a java application...i got the problem that i can磘 decrypt the encrypted signature right(but i know that iam using the right key)...here is the php code:$fp = fopen("sec\\key.pem", ...

Hi,I have Report Application Server (RAS) installed n Windows 2000 m/c. I have working Java code to call RAS APIs to generate reports.I want to use the same code from Solaris, but problems have come up.What I want to know is whether it is possible to call Java APIs of a service on Windows from ...

I get the following Exception:---Exception in thread mainjava.net.SocketException: Default SSL context init failed: DerInputStream.getLength(): lengthTag=109, too big.at javax.net.ssl.DefaultSSLSocketFactory.createSocket(DashoA6275)at ...

I have an intranet web application from which I am trying to access files on a windows network share. I have a domain userid and password of an account that has access to the files, but I do not wish to permanenty map a drive to the location of the files, I "merely" wish to provide the ...

Hello is there a way to determine the IP of the Webserver from inside the Applet.(I dont want to provide the ip via parameter)Once the applet is loaded, i want to connect to a service on the webserver.

I have some code which we use to generate digital signatures.We are looking to migrate JDK from 1.2.2 to 1.3.1. We are limited to these versions because we are using Oracle's JVM. I am getting different results when I run the same code under these different JDKs.Has anyone got any ideas why ...

I'm trying to design a client-server system in where some of the business critical calculations needs to be done by the client. The problem is: How can the server trust the client to use the correct calculation? The code is meant to be open source, so it would easy to recompile it. One ...

Hello,To secure a distributed application, we use a ClassLoader to apply our security policy to restrict access only to some files.I can't execute the application yet so I'm wondering about another point concerning socket communications.For example, whith the code ...

I have been banging my head on my desk for a few days now, trying to understand what is needed in order to implement Kerberos authentication from a JAAS LoginModule to ActiveDirectory. I can't use the Krb5LoginModule, so I've started writing my own LoginModule. I've got a basic JNDI lookup ...

I am developing a JAAS module and have some questions about how authorization is done. 1) If I use the default security manager (run the code with -Djava.security.manager), what will be checked automatically? I mean without calling any of the SecurityManager's check...() methods? Is it only ...

Has anyone tried using Acegi framework without spring framework? Rightnow i'm working on selecting a security framework for a new project - Acegi has all the required features, but from the website documentation I find that there is no direct way to use it without Spring. It seems that we have ...

I need to be able to use wildcards in some principal names in the policy file. I tried to solve it with the equal() method in my Principal class, but it does not work. Where is the principal names (values) in the policy file compared to the names of the principals of the same type in the ...

I would like to create a tool to provide an encrypted, binary license file to limit my customers to only the features and instances that they are licensed for. I was thinking something along the lines of this:1. A simple Web Application on my side to create the license file with inputs of ...

Has anybody ever implemented a call to a Microsoft COM component using JNI ? I need to call the microsoft CAPICOM.dllfile usingJNI and do not know how to do that. This component makes Digital Signature checking in any PKCS#7 document.I need to know how to invoke methods within the CAPICOM.dll ...

Hi everyone,I hope this is the appropriate forum to post this, I need to find out about swat.ReturnCode and swat.cwa and the whole API. Any hint or resources would be very much appriciated.Thanks inadvance

I am using basic authentication in JAAS to authenticate users for JSF web resources. My web.xml is configured as follows:...<login-config><auth-method>BASIC</auth-method><realm-name>eccgroup</realm-name></login-config>...How can I get hold of the LoginContext ...

Hi!I'm trying to configure single signon using Weblogic-IIS and ActiveDirectory.I have configured each and everything as it's written, and enabled every possible debug option. The following is the result.Could anyone help me? <06-Jul-2005 16:34:50 o'clock CEST> <Debug> ...

Just quick question: is there free library for downloading files over FTPS/SFTP?Thank youJan

I'm trying to build an Authenticator object that will respond to http 401-Unauthorized response by authenticating with hard-coded credentials. As far as I can tell I've built it exactly as the Javadoc instructs, and it's quite simple, but the relevant method just never gets called.I created ...

Hii all,I like to know how to record all keystrokes typed in any application window & to maintain a log file of it. Im a beginner in java so plz It would be helpful if someone help me reg. this.

does anyone knows how to create a user (from a java application) in a LDAP repository of SunOne?

I am in a situation where I need to retrieve user name from the Subject that is populated when user logs in. I have the active Subject and I do following to get the principals in the subject and iterate through them:Set principals = subject.getPrincipals();Iterator ite = ...

Hello,I want to implement an Authentification-service for an Application. I need Authentification for an user-to-password where this info have to be hold in a database.This could be realized with JAAS, where a LoginModule have to be implemented for a database.What is the advantage of using JAAS ...

I am not a programmer or anything like that. I don't know exactly where to post this, so i'm posting this here. the problem i was having is, i go to this website http://www.auditmypc.com/ to do security checks. it tells me it can see my internal ip addy, this is after i installed java, i ...

How protect my application against ******* ?Serial numbers are very poor protection ;) Have someone any idea ?

Hi, I am trying to do signing and encryption at our side and try to decrypt and verify the sign at destination side. Here i succeeded with signing, encryption and decryption. but failing at verification part. Can any body help me finding what mistake iam doing ? it will be greatful if i get any ...

Hi all,I have an applet with no problem it works ok but i face problem when i posted the same on web server.Web Server - APACHE 1.3.31(UNIX)with conf file settings for authentication AuthType BasicAuthName MySiteAuthUserFile /home/all/.htpasswdRequire valid-userThe problem is whenever this ...

I'm writing an gss server/client application with mutual auth and credential delegate support but I can't get credential delegation to work. I base my code mainly on the SampleClient.java/SampleServer.java in the GSS tutorial and I get the mutual auth to work without any problems. I'm using ...

i have a web application with a role "manager" defined.I have an index.jsp page from which i post to a servlet.I login as a user assigned the role of manager.In the index.jsp request.isUserInRole("manager") returns true but after i post to the servlet the same method returns false.What may be ...

Hello there!!I have a huge problem and I hope somebody can help me because I really need it.Anyway,I have created a login page that verifies the username and password with an existing Access Database. What I want to do is when a user logs in, I want them to start a new session and save his or ...