I am doing a project which involves users logging onto an online system. However, I can not write code for the following to happen:If they try to access a page when they are not logged in, they will be forced back to the login page.(or if they have bookmarked a page).Any help in relation to ...

Hi!We have permission based access control built into our business logic. It's comparable to the java.security.Permission, Policy, Guard and AccessController concepts, so I thought I'd rewrite it to use those standard API-s.I am currently calling Policy.setPolicy() from the web application. ...

Hello,I have a web service client and it works perfect when I set the next system properties:System.setProperty("http.proxySet", "true");System.setProperty("http.proxyHost", proxyHost);System.setProperty("http.proxyPort", proxyPort);System.setProperty("http.proxyUser", ...

Hi,I am trying to import reply for request certification, but i have the following exception:"Cannot overwrite own certificate"The code to create the keystore is as follow :--keyStore = KeyStore.getInstance(keyStoreType, provider);keyStore.load(null, null);gen = ...

Hi all,I'm building an application that will have some security in it in terms of users, groups and permissions. I wonder if such GUI (already exists) that the end user (root/admin) could use it to create groups, permissions and to establish their association/relation.thanks for any ...

i am trying to validate a certificate using ldap certstore.first i am trying to take out the cert from the ldap server store. then i will take the cert chain and crl to validate the cert.i am creating the ldapcertstoeparameters by giving the host name of ldap server and prot no. then create the ...

i want to execute commands, but while executing commands authenticate users via the windows username,password with thier rights to execute the command...pls help me

I am using the com.sun.security.auth.module.NTSystem to obtain information on the current user logged into the NT System. This class gives me the user name, all the group SIDs associated with the current user and also the current user's primary group SID.But I am not able to retrieve the group ...

I am trying to create a new certificate using the keytool. However, I have lost my password and have no access to the keystore. How do I reset the password or start a new store. I don't mind loosing all the certificates in the keystore.

I am trying to embed an browser applet in a html and use politytool to grant access to this applet, so it can open "http" protocol or visit file in other directories, but the policy file does not work. Please give me a hand, thank you!!code in HTML(Policy.class is the applet)<html> this ...

I want to distibute an application that contains signed jar files and a native launcher written in C. (This is a double-clickable application for both Windows and Mac OS X, not an applet.) How can the native C code verify the signed jar files?

This is a very strange problem and I am unsure if this is the correct forum.I have a java program that uses Runtime.getRuntime().exec("<command>") in order to launch another program.On Solaris 8 it works fine. In our Solaris 10 production environment it doesn抰 work. However, in a ...

I've never used JAAS for authentication or authorization in a Java app before. Can somebody that has (or at least has some experience and knowledge about JAAS) please answer the following couple of basic questions about it? (I know I could probably answer these myself with a few hours of ...

Hello guys..Does anyone know tools like Enterprise Library on .NET?Thank's...

Hello all,I am very new to Java Platform Security. This is the first time I am using this platform. Sorry, if these questions may be repetitive but can someone explain what this platform does and what it is used for? There is correctly a keystore available but can't find the password. What are ...

Hello all,I have problem with Jar File On Java Lenguage.I has created the Program with Java and i has compile to Jar File.but i have problem about this package.i can extract the JAR file with winrar, and i found my class.so i open my class file with java editor i get the .java file again.why ...

Hi all,I have to implement a Java web application (runing on IIS) with Windows Authentication's feature as follow:1. If the client's Windows user has logged into a specified domain (example: AAA) then using the Intergrated Windows Authentication and user's information is retrieved for later ...

Hi, I got this problem with my server, latest 2 weeks it sporadicaly crashes, mostly at 19.00 or about 19.00 it crashes or shuts down, I cant find the reason yet, dont know maybe it is hacked, cause I cant find any normal info in logs, in lastlog see only 2 lines and in everyline difernt IP, ...

I have search this forum for some good advice on how I can recover from an error where I deleted my .keystore without using the proper protocol. Now, when I try to re-create the keystore, I get the error message that a keystore already exist using the same alias.I followed one recommendation to ...

I'm using ACEGI and it works well. However, if you enter certain 'bad' characters for your password, it will set the password no problem, but you can never authenticate against it. So if your password is test(oo), that will work. But test!oo! will fail at login time. I'm trying to figure ...

Hello everyone. I am attempting to develop and applet that is going to be run on MacOSX (it is being developed on a PC however).I am trying to preform a simple operation of reading a persons certs from their keychain store and reading it back out to them on a webpage. However, I've been ...

I wrote a JSP webpage that takes data from a registration form and adds it to a CSV spreadsheet. The permissions for the CSV file are set to 666.My question is: can users make arbitrary changes to the CSV? My JSP prevents unauthorized data from getting through into the file, but if the user can ...

HelloWe have a webapplication running a java applet. The webapplication is running on a IIS 6 with basic authentication for the clients.Our applet ist embedded in a asp-page (<APPLET>).Our clients mainly connect via IE, JRE 1.5.0_10 (other JRE-version don't work neither).Our clients are ...

Hi:I have a problem creating a key entry in a smart card using PKCS11. I use a PKCS12 file as my input which is correctly loaded, I can parse the certificate chain. Then I try to load the key onto the card, but this fails in the C_CreateObject native method:java.security.KeyStoreException: ...

Hello, we have developed an applet for Java 1.6.0 and we do need it to run under later versions. Is it possible (legal) to include the reference implementation in our app? http://jcp.org/aboutJava/communityprocess/final/jsr105/index.htmlThe RI is available as part of the Java(TM) Web Services ...

hi, this is ravikiranI am working on a project which requires, receiving a signed file from the client side and verify whether the file is signed by a valid certificate that is there in the servers keystore.I have no idea how to do this.can anyone help me.thanx in ...

Hi all,I am building a system with java servlet on Tomcat. To implement Windows Integrated Authentication and Basic Authentication I have to use IIS with ISAPI connector. In the first case, when Windows Integrated Authentication is done, the user information is retrieved by decoding (Base64 - ...

Hi all,This seems like a basic question, yet i have been unable to find the answer in a day or so of web searching.I have a security sensitive application. I have signed my jar files using a certificate. I am concerned that someone could take one of my jars, remove my signature, modify a file ...

how to secure our java source code by creating our source code into packages or class files in standalone application development like we are doing in vb source code by making as a dll file that dll cant be decompiled to get original code and if we converted the source code into some other ...

Hi all,i am calling a java class from javascript through (dwr library). the javascript call initiates the right class but during the processings. the follow error messages comes. java.security.AccessControlException: access denied (java.lang.RuntimePermission modifyThread)although i have ...

Hi,I was wondering if it is possible to execute a program on serverside. I'm currently developing a webapp which I would like to execute a program such as an .so file on linux or .exe on w32, through a servlet or class invoked by a client action or even by a trhead that must perform the job ...

hi i am facing problem in loading jaas.configi tried the following step1. System.setProperty("javax.security.auth.login.config","c:\\eclipseWorkpace\\JAAS\\jaas.config");2.System.setProperty("javax.security.auth.login.config",new ...

Good day to allI'm developing a Provider based on IAIK Wrapper but the main problem that i have had is with the signature service creation.I register the Signature Class on privider constructorputService(new Servico(this,"Signature","RSA","my.provider.RSASignature"));but when a try to ...

hi i have some problem with the JAAS client that i haveimport java.util.Iterator;import java.security.PrivilegedAction;import javax.security.auth.Subject;import javax.security.auth.login.LoginContext;public class JAASClient { public static void main(String [] args) {try ...

Hi,when trying to connect using https browser displays page cannot be displayed messageI've created a self-signed certificate using the keytool program. I've uncommented the connecter element for port 8443 in the server.xml file. I'm using jdk1.6 and tomcat 5.5.please help as to what i might ...

Hi,I've created a self signed certificate using keytool. I've also uncommented the connecter element in server.xml. But when rying to connect using https page I get Page cannot be displayed message. I'm using the default port 8443.I'm using jdk1.6 and tomcat5.5please help me. what can be ...

Hello,I 've been trynig to create CertificateChain without Key value at KeyStore for almost 8 hours.I am not still getting the solution, If anyone knows the way, please Help me!Thanks in advance.

Hi all,Can someone point me to the right direction on this subject? I'd like to use JAAS' NTLoginModule to get a user's credentials, then use those credentials to authenticate the user into something that requires a basic http authentication... specifically, a domino web service. (I don't ...

We would like to protect our Tomcat server using DoD CAC cards, but cannot decide how this should be done.Should we install a Sun ONE Identity Server or is there a way to configure Tomcat to authenticate clients directly from the CAC card reader software? It is certainly easy enough to turn on ...

We are working on a CAC smart card problem. Our server is Tomcat 5.5 and the browser is IE 6.0. I set the clientAuth attributes to true in the Connector element in the server.xml file.When the user tries to access our Tomcat site, IE puts up the client cert form, but it is not populated with ...

Hi All,I want know how I can protect my JSP pages to be viewed without authentication?Let me expain it in detail: I am having one web Application where home page is login.jsp.From login.jsp if anybody enters valid username and password then he will be forwarded to Welcome.jsp page. Now in ...

I encountered the following problem in smart card support that is incorporated in the latest Java version:I have a card with T=0 protocol. If I send a known command APDU to the smart card (using the CardChannel.transmit method), the card responds with 6E 00.I traced the problem by monitoring ...

Hello,I wasn't sure where to post this - so I am trying this forum first.I am working on a document managment system which will handle hundreds of thousands of documents varrying in size from 20K to 2MB. There is strong potential for duplicate documents to be put into the system so what I need ...

Hey all,i am trying to find a function to get a password from the user using the command prompt in a hidden way... e.g. i want the function to take the password from the user but simultaneously apear * on the screen..?is any function doing that ?thx a lot!

I am attempting to run my program with a security manager, however, it seems to exit as soon as it starts. There are no exceptions thrown.Here is the Main class. It works if I don't set a security manager:package kassam.noorez.initalizers;import kassam.noorez.gui.windows.MainWindow;import ...

I need to build a database application where some actions can only be performed by certain users. However, I found that using a policy file with principal entries can be insecure, because anyone user could go in and edit their prinicpal entries and give themselves AllPermissions. So, is it ...

Hi, I hope im in the right forum, how can i forward a authenticated user to the same login page if the user is not authorized. If the user is not valid, there is a error message shown in my login.jsp, but how can I do it if the user is valid but not authorized, and not throw a HTTP 403 ...

Hello everyone. I need help. I am trying to add a PKCS11 provider, but the dll file for this provider needto be inside of the jar file. I looked for how to find a file inside the jar, its path. That part of theprogram seems to work, becasuse when I print on screen the path, it seems correct. ...

HiThank you for reading my post.is it possible for us to fulfil all of our requirement to test SSL stuff using keytool?for now what i can do is:create a keyimport/export it into cert / csr (pem)Why we need to provide the csr to a CA to sign it for us?Does it really required to send a CSR to a ...

Hello,I want to store a secret key generated like this for exampleKeyGenerator keyGenerator = KeyGenerator.getInstance("AES");keyGenerator.init(128);SecretKey myKey = keyGenerator.generateKey();KeyStore.SecretKeyEntry skey = new KeyStore.SecretKeyEntry(myKey);in a Java KeyStore. This key should ...