Hi,I am trying to configure ssl on tomcat web server.The versions i'm using are... Apache Tomcat 5.5, jdk1.5.0_02 on windowsNT platform.i'm using self signed certificate...i could generate a certificate with my name.although i followed all the steps provided in the tomcat docs n various ...

We all know that if I have some protocol that's based on TCP, it is simple to secure it by using an SSL socket instead of a TCP socket. What if my protocol is based on UDP? Is there some standard way of tunneling UDP over SSL to also make it secure? I realize that this adds a lot of overhead ...

Hi, i'm building an application that verifies digital signatures placed on a document. I can obtain all info about the certificate chain (valid, revoked, expired, and such).But now i'm wondering if it is possible to sign a document with an expired signature. (one way or another) because if it ...

Brief run down on the environment:Requests to the web site occur via IISIIS is in the DMZIIS implements SSL IIS routes request to a cluster of weblogic serversQuestion:If we set up IIS to require client certificates, will the cert credentials be available in the request object when it comes to ...

hii have problem with Reading the property file at Runtime of projectits work with compile time using resourseBundle please help Shrinath

Hi,I'm trying to test my custom Login Module to see if it is passing all the personalization parameters correctly to the client. I need to write a JSP from within which I can access the Subject and the Principal from within the Subject. If anyone knows how to do this, your help will be ...

hi,I getting this message with tomcat.I am using j_security check.the full message is:HTTP Status 408 - The time allowed for the login process has been exceeded. If you wish to continue you must either click back twice and re-click the link you requested or close and re-open your browser--type ...

HiAnyone knows how i can secure files that reside on removable cards, like a Multi-Media Card, or a Flash Memory Card so that they can be accessed only if the user knows some password, or has a license or a key?Thank you,Mihai

Hi,I want to use j_security_check but i have a few problems. I have the following in my web.xml <security-constraint><web-resource-collection><web-resource-name>All JSP direct ...

Hi all, I'm developing a little test program that required eCert, and the program like this:-public class TestHadh {private String str;public static void main(String[] args) {// TODO Auto-generated method stubtry {// soultion 1CertificateFactory cf = ...

Hello,I'm chasing my tail and hoping someone can help out?Client sends me a .p7b (PKCS#7) file which includes key, the issuing CA, and the Root CA to be used Java code on my end. Next, client is sending me two things:1) Signature data2) Encrypted dataI need to verify the signature and then ...

Hi,ALLI use LDAP to access Windows 2003 server active directory.It works pretty good.However, since some reason, I have reinstalled windows 2003 server.and my LDAP can not pass authencation.Error:LDAP: error code 49 - 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data ...

Hi,I am using JSR 105 XML Digital Signature 1.0.1 (JavaTM Web Services Developer Pack 2.0) for signing only the specific element in the XML file and then put the XML signature element back to the specific element in the same XML file using enveloped signing.The issue is I am able to pass the ...

i am developng a web application which will authenticate user by username & password which type of authentication i should use & where i will find more about this

How do you store your key when you exit your program? Don't wanna store it in a file as plain text. Don't think that\s a secure option

Hi,So I'm just setting up some BASIC authentication in my web application which hasn't been too painful. I am however a little stuck with a good strategy for my use case which I assume many people come across. Most of the examples of security for web apps I come across just try and protect a ...

I am using JAAS form-based authentication to prevent unauthorized page access. Once logged in the user's roles remain in effect untilt he session expires. Users are demanding a "remember me" check box. That requires programmatic login in addition to, not in place of, the form-based intercept. ...

What advantages does Java provide to the crypto applications developer in comparision with say C++?What disadvantages does Java introduce?

We are trying to make a web service call to Microsoft share point portal server. This share point portal run on top of Microsoft IIS server and my client in javaSo I get a error like (401)Unauthorized when ever I try to call the web service.This problem is because IIS server use windows ...

Hello,this may sound rather weird and unusual, but before I can consider using SSLEngine + NIO I should have an answer for that :)I want to have an application where two entities e1 and e2 can communicate via a SSL-secured stream. The SSL packets may come from different sources ...

Help I got 8 virus on my computer. I'm using SBC virus scan and got 8 virus hits and it said it on java/Byteverifyexploit, java/Byte Verify!exploit, Java/shinwow.AK, Java/Byte Verify!exploit, and then Win32/SillyDI.YUWin32/SillyDI.TFso does anybody know what to do

I am building a GUI for a Bioinformatics application. I need to be able to allow users to login and out of the program. Is there a reason I should use the JAAS or should I just use the Jpassword field? I am currently planning on using Jpassword to create my own login component. Is this just as ...

Hi everybody:I'm developing an Applet that parse an ontology make a representation of it in a JTree. My applet have the following package structure:appletui|tree|utils|__ config|__ icons|__ libappletui have the applet's class (MenuApplet.class)tree have the classes to represent the tree of ...

I'm trying to call keytool inside a java program with Runtime.exec(). I want to call keytool to add a certificate to keystore. I can do it manually but when I do, it requires a password prompt. I'm using the command$ keytool -import -file myCert.crt -trustcacerts -alias ldap-keystore ...

Im attempting to build a client side app that creates a sslsocket connection. I have similiar client code running in Perl utilizing Net::SSLeay and Socket and I do not have any issues using this code w/o certificates. Here is my code using javax.net.ssl.*TrustManager[] trustAllCerts = new ...

We抮e having an issue with HttpURLConnection when executing from a servlet, initially reached through a Proxy server. A little background of our environment and overall processing taking place:We have a typical multi-tier extranet architecture with firewalls between our Web, App and Data layers. ...

I receive that secuirity error when I load a applet on Internet Explorer. The error doesn't occur when I load it in JCreator. The error occurs when I try to access a .txt file. Any advice on how to solve these problems would greatly be appreciated, thank-you.

hi,i developed a web application..now i want to develope configuration wizards,which configures my product at client side.it should take care of available modules in my product.it should add selected modules,and if need it should add plug-ins too......any tools available to develope such a ...

I studied all the samples and forum posts to success in accessing my Win2003 based Active Directory from my WinXP client, but nothing helped:Login using ticket cache works well, but LDAP complains about GSSAPI not beeing able to find a ticket. So what to do? Where's my fault?Please help, I am ...

Hello all, I have a small query. Suppose you have a very secured site. Now after the user has logged in, the user copies the URL from the address bar of the browser. Then in the same browser window user opens another site (google.com). Now the user pastes the copied URL in the address bar. Here ...

Hello,I've made a program, in which I use a file to calculate some stuff.This file is a txt. - file.My problem is, that this file may not be readable by any user. And in fact, they can open it in some kind op spreadsheet like WordPad, and change it if they want to.So I was wondering if it was ...

We have an application that uses JAAS for security. Until now the JAAS config file was in a folder (conf/) and the application just ran fine. To prepare for the deployment of the application with Webstart I packed the folder with the config file in the application's JAR. Now JAAS can't seem ...

HelloSimply want to read the email of a certificate (X.509) attached to a digital signature of pdf files.I am using BouncyCastleProvider as scurtiy provider, and profit to obtain certificates, but I cannot obtain the email.IssueDN: C=ES,O=FNMT,OU=FNMT Clase 2 CASubjectDN returns: C=ES, o=fnmt, ...

Hi,I m stucked in a security authentication/authorization issue, which I hope you have some advice for me.In simple words, I want to use the Web container security (for authorization) together with my own JAAS implementation (for authentication).How to achieve this ?I don't want to use the ...

Please help. Its been 14 hours of no sleep and I cant find the answer.Can someone please tell me why when using the keytool to create my keystore the "keystore password" and the "key password" must be the same?When these values are the same, I can hit my Tomcat server over the https call?So, ...

hello i'm doing my senior project on this subject so if anyone can help and tell me from where can i get the biobex software?

Hi Guys,I am expected to work on SAML to implement SSO. I am working on weblogic 8.1 whic doesnt have any built in support. Are there any standard apis available for SAML? I found one on apache - wss4j.I believe there are 2 independent SAML standards, I have to implement the one proposed by ...

I try to integrate JAAS with Tomcat 5.028 and JSFI read a lot of FAQs BUT i have a pb for authorization.My web.xml seems OKThe Login module seems OKI always have a HTTP 403 error for bad authorization.I launch Tomcat with 2 JVM options:-Djava.security.auth.policy=<path to ...

Hi, we are developing a distributed application (with standard java library) and our application has more than 20 sub-system/service. some services need another services to accomplish their tasks. in the other hand there are some method in one service that may calling another mothod in the ...

please see this post for details: http://forum.java.sun.com/thread.jspa?threadID=731429TIA

Hi,My application is swing based, rmi application for the distributed database. I am doing JAAS based secure development for it. I want to acheive method and role based security from it. The methods are generally the methods to communicate with the database.I have done the JAAS authentication ...

HiI am sending a certificate over a socket connection.I am having a problem on the receiving end recognising when the certificates have been sent.Currently X509Certificate cert = (X509Certificate)cf.generateCertificate( in);is blocking until the output stream is closed. Since I want to continue ...

Hi,While using JAAS framework for the rmi application for distributed database communication in secure way i have following problem. I have done each login user as Subject and its related roles as principles. Now every principle (role) will give permissions to some methods.The code ...

I need to write a JAAS module that will validate passwords against an RSA RADIUS Server (via RSA's Authentication Manager).I'm not seeing the sort of api's I saw when I did a similar module for Siteminder, so a couple of questions:- Is there a Java API for RSA Authentication Manager? (I'm ...

Hi.I have written my own SecurityManager which asks if the user wants to allow the action before denying it. It also offers to write the whole permission into the current policy file.The problem I have is that I can't get the securitymanager to handle privileged code. At the moment I get the ...

I developed a web application which allows users to upload files to server machine. It worked fine on my localhost with no errors.Now I have migrated the site to a server. When I try to upload files to the server, I got the following:org.apache.jasper.JasperException: access denied ...

I have enabled Tomcat two-way SSL by creating server cert, creating client cert, importing server's cert into the client's truststore, and importing client's cert into the server's truststore. In my client program, I need to insert codes like System.setProperty("javax.net.ssl.keyStore", ...

Hi all,This issue has been driving me crazy for a few days now...any help at all is greatly appreciated.System : Win XP Pro - jdk1.5 - jwsdp2.0 - apache xml Security 1.3For some reason, when i hit this line of code : XMLSignature sig = sigFactory.newXMLSignature(signedInfo, keyInfo);I get this ...

Does anyone know what this JAX-RPC (WS-Security) error message is trying to tell me?error: Message does not conform to configured policy [ AuthenticationTokenPolicy(S) ]: No Security Header foundjavax.xml.rpc.soap.SOAPFaultException: Message does not conform to configured policy [ ...

Hello,i'm playing around a bit with connecting to a Microsoft Active Directory using JAAS and the Kerberos module.I created a config file like this:LoginJaas { com.sun.security.auth.module.Krb5LoginModule required debug=true useTicketCache=true; };My test code looks like this:URL url = ...