HiI saw about jguard ( http://jguard.sourceforge.net) in many places of this forum.But no downloads are available in the site ...can anyone suggest alternate url...

I want to make an applet that can access smart cards. I've been looking at the new PKCS11 functionality in JDK1.5 but it seems limited. It's poorly documented and I've not found any way to write something on the smart card, only am able to read from it. So now I'm looking at JSS - a java ...

HIIf i try to run my aplication I am getting the following exception - JavaRun -subString1.31.3........................1.3.1_07Exception occurred during event dispatching:java.lang.ExceptionInInitializerError: java.lang.SecurityException: Cannot set up certs for trusted CAsat ...

Hello,I have RMI client-server application where I'd like to use the JAAS to try it how it works. My application works so the client calls the login method of the server and if the login succeeds the server returns an object. So I would use the JAAS on server side to check if the login is ...

hey does anyone know an efficient way to write policies without using policy filesi have a server which must run user program which will be located on the serverthe server must have full permissions but the user code have nonealso (and painfully) the user code must be run in the same virtual ...

Hi guys,I need to develop an app to access security devices (tokens, smartcards) and I know that Sun included on Tiger this SunPCKS11 provider to access those devices through PKCS#11 interface.Well, I've read the "JavaTM PKCS#11 Reference Guide" and understood how it works and how to configure ...

I'm in a big problem after adding a new certificate to the keystore file of SJS Application Server 8.1_02The application server doesn't start anymorewith the followin errorException in thread "main" ...

We user HttpUrlConnection to download some data over HTTPS. We are also using SOAP over HTTPS. The problem is party public certifikace located in the .keystore. We found that we have to set following ...

Hi,i got an error, when my applet accessing some data from servlet. i am retieving data as stream, applet calls the servlet, servlet writes the data as stream , but applet is not able to get the data, it throwing an exceptionplease find the error below..ava.lang.ExceptionInInitializerError: ...

Hi,I'm working on a client/server application and I'm considering to use symmetric key cryptography to secure the communication channel between them. As both client and server will be distributed on the same machine there won't be a key exchange and therefore there is no need to adopt public ...

I've been bothered by this for a while, and I can't come up with a good answer.Why is the doAs() method of the Subject class static? It seems totally bizarre to be invoking a static method on that class, then passing a perfectly good instance of the Subject class as the first argument into ...

How to initialize smartcard's pin number using Sun PKCS#11 implementation ?How to personalize smartcard (generate keys and load certificate) using Sun PKCS#11 implementation ?

I am writing custom login module which using ejb to authenticate user. When I am trying to add principal to subject (in "confirm" method) I always have SecurityException. What wrong? (I deployng this module with EAR)Here some code & stack trace:public class ServiceLoginModule implements ...

Hello,I am building an application for fantasy football.So I wanted to find out if I should implement my own security or use JAAS and does JAAS fit what I am actually trying to do.Here it goes:There are really four roles within the application.1. Admin - That is all access to everything2. ...

I have custom LoginModule and some action with role="catalogManager". When I authenticate a user and trying to access this restricted acrion I always have 403 forbidden, but CustomPrincipal with name "catalogManager" already in Subject. What wrong here?There some code:public class ...

when my virus scan runs these show up and i remove them and they come back. This looks like a big problem to me don't know about you.Trojan horse Java\Classloader infected. Embedded objectVirus identified Java/ByteVerify Infected . Embedded object I don't know where these are coming from. I ...

All,I have a Struts/JAASRealm setup with with a FORM auth. method. and I get this error: Cannot retrieve mapping for action /j_security_check.. I've been lurking a lot of forums and can't find the solution. Do I miss something?some settings:--server.xml <Realm ...

When i looked at the ant 1.6.5 manual,i found some permission method to grant or revoke special permission for ant application(reference by http://ant.apache.org/manual/CoreTypes/permissions.html).So i wrote a sample ant build file to exam it!This build file is made to check whether it is ...

I have an Axis web service I've protected with SSL and basic HTTP auth. It's running (dev.) on my machine.When I try to access the service with a Java tool, I get an exception (below). I'm not sure what to do since the instructions I've found online talk about adding the certificate to my ...

I wrote a Java client app (e.g. command line app) that connects to a web site via http to download (get) a file. Works good for most situations until I tried to get a file that is protected usign form based authentication. I can't figure out how I'm supposed to deal with this. I was able to ...

I want my users can authenticate using cyrillic in thier names.I have JAASRealm ... and if i use BASIC authenticating it works very well. But when i use FORM-BASED authenticating it doesn't works with cyrillic while it works with latin.In tomcat's console i see "?" instead of ...

Hi all,Looking around for jaas integration with J2EE, i find it really difficult to find good documentation with working apps ..I personnaly would be interested to set up a login system with my application that could integrate easily with struts and hibernate. For the moment am just asking for ...

My web application uses tomcat 5.5.10. By using basic authentication, the application works fine. Buy using the form based authentication, if I submit a invalidate username/password, appication seems worked, a error.jsp was showed up. But if I submit a valid username/password, I got a "HTTP ...

Hi,My web application is running under a security policy and I don't know how to write a rule to allow the application to resolve all host names. Is it possible to write a policy rule like:grant codeBase "file:/usr/local/webapps/myapp/-" {permission java.net.SocketPermission "*", ...

I'm trying to figure out a way to let a java client application running on Windows to seamlessly connect to remote HTTP servers over a proxy server that uses NTLM. Most of the advice given on the list seems to be on enabling a server application to check the credentials given by other clients ...

How do i create or is it possible for me to create a Pluggable Authentication Module (PAM) in java for freeradius.Thanks in Advance

Hello,I'm trying to migrate from J2SE 1.4.2_05 to J2SE 1.5.0_04.My problem is with SSO to an Active Directory server.The following code runs perfectly if I am using the J2SE 1.4.2_05, but does only throw KrbException with message: KDC has no support for encryption type (14) if I run it with ...

Hi I need to know how I can send to a server a client certificate.I磎 trying to access an API of Telefonica (in which I have to send an xml file and telefonica server response with another xml file), I can do it via web with Internet Explorer in which I have installed a certificate (it磗 a ...

I have jre-1_5_0_04-windows-i586-p.exe on my computer.I like it and it works good BUT this happend the other day and I want to know to avoid this problem. I disabled MS VM in explorer and have permissions set to ask or denyDate 08/31/2005 Time 04:09IEXPLORE caused a general protection faultin ...

Hi all,I have a huuuuuge problem. I ' ve searched the last 2 days for a solution but found... nothing that works. I want to download videos from a https location with my java app. To download these files a p12 certificate is required.What I have done so far:I have imported the p12 cert into my ...

To all, I've come acrossed using e-certificates in a web application, but I have no idea just how the things should be done; should I use Applets to handle signing issues or use just a JSP to include the related logics or any other better suggestions?by the way, any tutorials or concepts on ...

I'm pretty new to the java security model, but this doesn't look right. It seems as though ProtectionDomains with static permissions have symantically different functionality than those that are constructed with the "variant" constructor(CodeSource, PermissionCollection, ClassLoader, ...

I need to download new classes into my applet to be dynamically loaded at runtime.Issue is of course that the URLClassLoader and the sandbox prohibit this for obvious reasons. However, since the code to be downloaded would and does NOT violate any default policies provided on a standard java ...

I have a server program which authenticates to a kerberos server using the GSSAPI Mechanisem. When I connect to my LDAP server using GSSAPI, it uses it's own credential by default. But what I want is to use a different GSSCredential, forwarded by the client to the server.I have tried creating ...

I wanted to try and add some sort of password authentication to some code I have but im not sure how the user name and password is requested. There is a PasswordAuthentication class that holds a user name as a string and a password as a character array. Now the Authenticator class has some ...

When learning Professional Java SecurityThen try to make a programme come up against a problem/***Source code*****************************************************import java.security.*;import javax.crypto.*;import java.awt.*;import java.awt.event.*;import java.io.*;class mi extends Frame ...

Hi everyone,Would anyone out there happen to know where I could learn a little about the security implications of caching database data as Java objects in the server memory.My concern is that if some of the cached data contains sensitive data then there might be some way that someone could ...

HiHow to use des/3des encryption for servlet.i m using Http protocol and form authentication, how to implement des/3des encryption.venadesh

Hi all,I'm writing some software which uses the cryptographic API to read and write encrypted data. Obviously, we require all data to be nulled after it's used, and so the JPasswordField has a getPassword() method to this effect.However, there is one minor problem... That appears to be the ...

Hi, I am trying to authenticate a user using JAAS against LDAP. I am able to hit LDAP, but failing when it comes to authentication. Yes, I have made sure the user and password are right. Here is my code and error message. Would really appreciate if someone can tell me what am I doing wrong ...

Hi ,I am new to SSL programmingI have the following codeand getting the error======================================================IO Exception java.io.FileNotFoundException: certs (The system cannot find the file specified)Unable to listen on 443.java.security.KeyStoreException: Uninitialized ...

If any one knows is it possible to retrieve a serial number from a hardware piece in JAVA ? I need to use it for security issues in my stand alone application, Thanx

I am trying out JAAS for the first time and i am trying to runa java file com.jaas.TestJaas.I cant seem to set the system property javax.security.auth.login.confg=jass.config.I run the file with the following command java -Djavax.security.auth.login.config=jass.config ...

Hello,is there a way to check if an X.509 certificate matches a private key? Maybe this could be done by encrypting some text and trying to decrypt with the private key.Is there an existing method in the Java API to perform this check.Thank you for any replies/ help.Kind ...

In document " http://java.sun.com/j2se/1.5.0/docs/guide/management/agent.html"there's the sentence in the last line:"If your application runs a security manager, then additional permissions are required in the security permissions file."So, which permissions are required?Especially - I'm ...

Hi all,I'm developing an application that have to bypass a proxy server. I'm using the classes URL and URLConnection. I have been serching how to do this and found many examples showing it by setting the system properties, like in System.setProperty("http.proxyHost", ...

Hi everyoneI am running on Linux and I setup the UnixLoginModule. When I login, I get a NullPointerException. I am using the JDK 1.4.2 and I got this stacktrace.Login exception authenticating username user1javax.security.auth.login.LoginException: java.lang.NullPointerExceptionat ...

I seem to have a very bizarre problem with keytool. I'm using Java toautomatically generate a new key using keytool, by using runtime.exec().There is a major problem, though, since it throws an exception that thekeystore file does not exist. Which is perfectly true, as I'm trying togenerate ...

All,I have the following scenario. I have been writing a custom security Policy. The implies method performs the following action:public boolean implies(ProtectionDomain protectionDomain, Permission permission){Principal[] principals = protectionDomain.getPrincipals();PermissionCollection perms ...

I have to change java.policy in WebSphere. Do I have to restart all the servers running on that node (all Java Processes using that JRE) for the policy changes to take effect?This will force me to restart all the other applications running on different WAS server instances. Is there a way to ...