Hello, I'm trying to get a service ticket with GSS and I find the subject error. I have a code that works fine when the credentials are obtained with a JAAS callback, but the same code fails when I try to use the ticketCache. The TGT obtained from the cache has to be different from the one get ...

All,I'm using Weblogic's login module weblogic.security.auth.login.UsernamePasswordLoginModule for authentication using JAAS. Is there any difference in authenticating a user using this module and using InitialContext for EJB lookups?In other words,1.LoginContext loginContext = new ...

Greetings,I could use some help with getting tomcat 5.5.12 to use Kerberos against Microsoft Active Directory.I have been using Ethereal to sniff the packets going back and forth from tomcat and I verified that with a normal server.xml entry (remove the authentication attribute keyword below), ...

Hei :)!!!I am using an https protocol in order to send in a safe way a contanance of a form which contains information like user credit card number, his details and etc.The problem is that when i am sending this form by HTTP protocol the form is being sent correctly, but when i am sending it by ...

hi,I am working on websphere 1.1 - and my ear contains the was.policy with the following permissions:grant codeBase "file:${application}" { permission java.security.AllPermission;};My application creates a directory under the "appServer" home and then try to copy some files to this location.I ...

I have W2K ADS and KDC in one machine[TURING] and weblogic 8.1 SP4 running in anther machine[weblogic]. Have configured ADS and followed all the steps as given in the WLS8.1 docs(Configuring Single Sign-On with Microsoft Clients). Also enabled the security debug flags in config.xml. set the ...

Does anyone know how I can get the subject or issuer name from a X509 certificate. I know it's simple to get it as Strings, but I want them as byte arrays or something like that, which is suitable for getting the SHA1 or MD5 hash of it.Any ideas?

hi, I have dealing the problem for long time and no response in bea forum.I feel very exhausted when checking mit's kerberos mailist and sun forum. Any try every method they provide but not success.first I generate the keytab using w2k's ktpassktpass -princ HTTP/weblogic.dlsvr.com@DLSVR.COM ...

Hi allllllllllllllllllllllllllllllllllllllll,i'm stuck in a quite small problem and need anyone's help.can anyone plz tell me how to set security parameters such as maximum no. of keepalive request and connection timeout under weblogic server(any version is ok)i need reply ASAP thanks for ...

Hello, I'm working on a web application and want to have a login for anyone that accesses the service. Is it possible to use the deployment descriptor to implement security but using my own authentication method? What I want to do is something like this; have my web.xml similar to ...

Hi everybody!I have "basic" (?) question concerning Java-Class-Files.As our company is currently developing an Web-Intranet-Solution, we have to give the source-Code (class-files, jsp-pages and the jar-files) tio the customer.But our problem is, that we do not want him to be able to read the ...

Hello,I just turned on SSL on my tomcat server and it seems to be working properly. However, I am able to hit my application with the http:// and https://.How do I disable the http:// url?Thanks

How shall i close the LDAP connection ? I am using Netscape directory server.

Hello, I'm a complete newbie in this regard. I would like to know how to generate a password with the System current time as a random value?Kindly plz help. A sample code will be greatly appreciated.thanks in advanceappu

Hello,I'm writing a client program and I'm trying to authenticate via HTTP negotiate. Server is SharePoint.I already acquire session ticket for KDC (TGT). I also have a session ticket for the server (Fabrikam1), but when I'm trying to authenticate on the server with SPNGO token and I always ...

Hi,I磎 tryingto send a message to a secure server using for this client certificate, apparently if I make a GET of "/" (server root) , everything works fine (authentication, and data received), from the moment that I try to ways send data to the "/pvtn " directory i obtain the following ...

I receive this error message when I try to a file called "searchresults.xsql".Any suggestion on how to reslove this?

Hi,I see following exception, when try to use BufferedReader to get the inputstream form the HttpsURLConnection object.Not sure if the handshanking is happening properly. The program is on jdk 1.5.0.Can anyone please help me figure out what is happening?java.net.ConnectException: Connection ...

Hi!I need to verify that the person who is filling and submiting a web form, is the real person who says it is in the login (and that way he can not reject a transaction with his signature). Well i've been searching and I think that digitally signing "something" before the submit could help, ...

Hi,The bellow line of code causing problems. ks.load(fis, keystorePass.toCharArray());This is throwing errors / exceptions are like this.###################################java.io.IOException: Integrity check failed java.lang.SecurityException: Failed PKCS12 integrity checkingat ...

Hi i need to verify a signature that was generated with java using openSSL under PHP.This is what I'm doing with no success: I'm generating a signature in Java with this code:Signature dsa = Signature.getInstance("SHA1withDSA", "SUN");dsa.initSign(priv);String cadena="string to sign";byte[] a ...

Hi all, I am trying to use the form based authentication in tomcat 5.5, but for some reason, the user never get authenticated (always redirected to the error login page). I suspect that it has something to do with the new changes in tomcat 5.5. Can anyone tell me if I miss something? Thanks in ...

I have a doubt about SMTP server connections. I use a SMTP server to send out emails from our office here. Theres a java program to do this. If I send out this programs class file to other people, will they be able to use the same smtp server connection? do they need to authenticate to the ...

Can anyone help me understand why I'm getting this message.I'm running Tomcat from the eclipse workbench when I get the message. If I use the command line and start Tomcat via the bat file I do not get this message.I've tried using both the JDK and JRE both give me the same message. The only ...

I understand the logic that when a communication takes place both parties pass their public keys to each other which is used to encrypt all messages. Once the party receives the messages the private key is used to decrypt them however I'm wondering how a private key is generated from a public ...

Hi !! I am new to security aspect of java and I am interested in knowing about the same.It would be great if someone could me clarify my doubts :-) 1) Supposing I am having a webpage, what kind of security can java security provide. Aprt from user name and password could it provide a additional ...

Where can I get the source code for the JGSS API of sun (sun.security.jgss)?It isn't included in the standard JDK src.zip.It would be really helpful, because then you could fully debug into it.Greetings,Klaus.

Hy!I'm quite new to PKCS#11 and try to work with Keys on Aladdin eTokens. In the Java PKCS#11 Reference Guide ( http://java.sun.com/j2se/1.5.0/docs/guide/security/p11guide.html) i found the following example and explanation:KeyStore ks = builder.getKeyStore();Key key = ks.get(alias, null);The ...

My environment:Websphere 5.1J2EE 1.3JCA 1.0 (CICS ECI)J2EE security using local OS as user registry.I have an EJB running under J2EE security, so when it runs I already have credentials from a user who is logged in my application. This EJB invokes ConnectionFactory.getConnection() method to ...

Hi all,i need to get certificates from MSCertStore from JSP Application or Applet... thankz for answers...

I'm writing a Java applet which will communicate with a remote host over an encrypted connection. We want to implement a feature similar to the 'STARTTLS' command in SMTP, where a cleartext socket can be upgraded to a secure socket.I'm having trouble establishing the secure connection ...

I have implemented the form based ldap authentication in SUN Application Server 8, which seems to be working. But, after the form accepts my password I then get a page that says: Access to resource is denied. I know that I am missing something with roles but I can not find it.I added the role ...

Hi!,There is some possibility to insert a /folder/*.extension in a url-pattern?

Can I capture any error or exception in a error page with the j_security_check?For example, when the login, the pass or the role are failed.Thanks!!

I have a client server application that sends "messages" (serialized objects) back and forth to each other. I want to ensure that the messages sent have not been tampered. I would like to use SHA-1 with digestinputstream/digestoutputstream. 1) Does this work? I've seen examples of using ...

I normally handle site logout with a JSP that executes <% session.invalidate(); %> then redirects to the home page. Now I am running on WebSphere Application Server 5.1 authenticating against a Novell eDirectory LDAP server using LTPA and a SSL Certificate. Session.invalidate() does not ...

Hi, this is urgent: I'm having a few problems getting BASIC authentication working with 2 user groups. I want to restrict /admin/ to administrators and /profile/ to users and administrators:The problem is: I login with an admin account (inside the /admin/ dir) but i cant login into /profile/ ...

Hi All,I am writing some encrypt-decrypt application and I want to know what is the proper way of obfuscating key for encryption-decryption in Java.Because of theintermediate byte code, it is simple to decompile the code and get the required key. Please let me know as soon as ...

I tried google on the above question, and the most recent thing I found was 7 years old. replacing the phrase used generates a lot of hits with a very poor signal to noise ratio.I have OpenSSL (in the cygwin distribution), which is quite recent, but frankly its documentation leaves just about ...

I am trying to install and run Aglet but I am getting a message that keystore cannot be found. help me please.Java.io.FileNotFoundException: C:\Documents and Settings\Nene Kalu\.keystore <The system cannot find the file specified>

cani use a java program to copyshared data (files)from LANis there any class /method can someone help

HIThanks to all for view and reply on my problem. This problem is really urgent for me.I m using verisign trial digital certificate for weblogic6.1.I have mildd1150-key.der as private keyAnd mildd1150-cer.pem certificate from verisignI have downloaded root-ca.cer from verisign and installed it ...

Hello!Is there any JCE clean room implementations out there that doesn't do verification of signatures like SUN's jce ? I need to test write a provider and I do not believe it is possible for our company to get a sign certificate for our code directly from SUN. I have found out that bouncy ...

Can any one provide me a good tutorial on java security.It should be in pdf format.Thanx in advanc.

Right now I am trying to convert our application server from webLogic 8.1 to Sun Application Server 8.1. One of our ways of doing things in the past was to have an application.properties file that we read and loaded into System properties. It worked great on Weblogic.When trying to access the ...

Hi,OverviewMy request is part of a user registration implementation that I'm undertaking. When a user registers at the website, he/she is sent a secure link via email. Once this link is clicked, the account is activated.QueryHow do I generate unique secure links for each user, which once ...

i am using sip communicator.to run it i ve installed ant and jdk1.4 .also set the path.then i run the bat file of sip communicator and configure it also.bt i cnt established the call.thr is some errors.again i am using my sip server.its domain name is bangla.net.in the sip-communicator.xml file ...

I am setting a PC to be a serve with firewall turn on.I can I allow other PCs to access the applet in the server through the server's firewall?Thx...

Hi,I want to use the JAAS mechanism in 2 applications: one of them is a swing application and the other is a web application.I would like to use the same interface for both applications.I implemented it in the "swing way": using my own callbackHandler, LoginModule & principals.I am using ...

Hi,how to show Certificate Content Window from IE. I dont like to write it by myself;).Does anybody know if its posible?Regards