Please send me the forum link for Sun Access Manager

Hi,I get this error when i try to enable the security in WAS 5.0.I have LTPA as the authentication. I really dont know anything regarding the security or how to enable it. Please help.[15/03/07 17:58:34:490 GMT] 659c2c64 LTPAServerObj E SECJ0369E: Authentication failed when using LTPA. The ...

Hi,I need to sign a text with a certificate stored in Firefox keystore using an applet (online signature). Has someone achieved this before?Thanks in advance.

HiThank you for reading my post.Can some one tell me how to convert a pem file to a cer file using keytool ?Thanks

Hi i am trying to enable global security in WSAD5.0. as soon as i check the "Enable java Security" and click on apply it says "Validation failed for user WASAdmin. Please try again..."I have the following setting in the global security settings:EnabledtrueEnforce Java 2 SecurityfalseActive ...

Hi,I want to write security policy for my JMX MBeanServer and for other MBean related things. I wrote the code for granting permission in java.policy file. But I am not sure how much this policy file is reliable? If there is any possiblity that someone makes changes in this file, then the whole ...

I'm trying to setup a SecurityManager so I can check if the user running the application has the proper file acesses.System.setSecurityManager( new SecurityManager() );SecurityManager secMgr = System.getSecurityManager();if( secMgr !=null ) {try {secMgr.checkRead("/path/.archive");} ...

Hi,can anybody tell me how can distinguish the user name and role name when using access control api?currently, i can only get a set of principals that user principal and role principal mix togethersee below:java.security.AccessControlContext context = ...

Has anyone any links or experience with 2 way SSL for Server to Server? Web Server A to Web Server B for web services.The norm is Server to Client.Any help is appreciated. Thanks!

Hi,I have a security policy file. I am granting permissions to some files. Now even if I have given permissions explicitly it doesnt taking it and gives error. My code snippet is as follows:...grant codeBase "file:${jboss.server.home.dir}/deploy/jboss-ws4ee.sar/-"{permission ...

As an organisation we have been through a process of evaluating Java, primarily for the development of applets that will consume SOAP services so as to provide a very rich 'web' interface.There are however various 'security' concerns that we have no answer for at this time and so we would ...

Hi,I try to connect to IIS 5 and I've set the checkbox 'Integrated WIndows authentication'In my client I use:String credentials=new String("tester:tester");String auth=new String(credentials.getBytes());sconnection.setRequestProperty("Authorization", "Basic "+ auth);Generally in the ...

Helo.As a Java Security teacher, I'd like to know how a Java Developer can access the Microsoft public keys of other user through SunMSCAPI provider.Windows-MY --> own, logged in user private keysWindows-ROOT --> root ca'sBut ? other, public key certficates ?Thanks and kind ...

Hi Experts,I am new this concept of SSL.I have a ejb sitting in a weblogic. I dont have user based authentication. But only from certain hosts, my ejb should be accessible.I read lot of theoires about certificate, keystore, CA etc. But can any one please tell me how to do this practically.What ...

Keytool can export certificates, but they do not include the key pair entry. How can I extract a single private/public key pair and use it in a different keystore in another machine?

Hi,Application is having download file functionality. I want to make sure that files should be download from only form specific set of folders. Validating folders and path is tedious at application level. Is it possible to set only few folders, which should be used while downloading the file? ...

How would I grant all permissions to all the standard java api libraries but restrict permissions to my own resources? I tried using a grant block like the following:grant codeBase "file:${java.home}/lib/-" {permission java.security.AllPermission;};but it didn't work. Can anyone ...

Hi!!I want to make an app that expires after 45 days. It seems to be easy but how to avoid that the user changes the clock and use the app forever?Any ideas?Filipe

I guess the class loader wouln't let you use any package named the same as java core onesIs there a way I avoid the prohibited package name exception?I mean by using the java.policy file

I'm building a client/server app that will use SSL and client certs for authenticating the client to the server. I'd like for each user to be able to create a keypair and an associated self-signed cert that they can provide to the server through some other means, to be included in the ...

Jasypt (Java Simplified Encryption) is a library aimed at providing developers a simple way to add encryption capabilities to their projects including: password digesting, text/binary encryption, Hibernate transparent encryption and Spring Security (ACEGI) integration.What's new in 1.2: * ...

hi Friends Im creating a web based application where users of different rules can login into the application. nowProblem 1On their role i want to give them access to certain links. So here e.g. theres some jsps where there are 3 buttons. now user A with role R1 should access only button 1 & ...

Can anyone suggest methods besides obfuscation for securing a Jar file? Thanks.Cheers,Josh

Hi I need to import my X509 Certificate and thier RSA Private key in the key store.I have my certificate and my key in two pem files. I can import the certificate but when I'm trying to import the key I get an error.This is my certificate:--BEGIN ...

Hello All, In our application we have siteminder as our webserver par , for every request it hits the siteminder and then the control comes to the weblogic.The strange problem we are facing now is, it was all working fine in the development environment when the same EAR is deployed in our ...

Hello All, In our application , when the rquest is sent to the siteminder it is throwing following exception.[20/Apr/2007:20:09:59] failure ( 3322): for host 10.2.3.4 trying to GET /AB/siteMinderInterface, wl-proxy reports: exception occurred for backend host '10.2.3.201/9808': ...

Hi,I have to store a userccert.pem (public key) files sitting in the user home dir into a MySQL DB. Since I believe a pem file is ascii character so I read the usercert.pem as a String. I have tried to get the credential out as a String, and it is printing out the credential. But it is not ...

One reporting page in our SSL application will generate an Excel spreadsheet. User will be prompted to either Save it to harddrive or Open it within the IE. If user chooses to Open it inside IE, then go "File --> Save as", this "Choose a digital certificate" dialog box will pop up, but ...

Hello All,What is content level security? how is it different from role/access based security?Please clarify.ThanksRam

I have to create a dynamic (changeable at runtime) security environment, so I have extended Policy class and overridden implies method. I need to make decisions based on subject. How can find it from within this method?Is there already any Policy implementation that can do this(dynamic ...

I'm getting the following error on Apache Tomcat/4.1.24 (Java version is 1.4.2_11-b06). Can anyone shed some light on what may be the cause of this error?2007-05-01 12:20:11 StandardWrapperValve[default]: Servlet.service() for servlet default threw exceptionjavax.net.ssl.SSLException: ...

Hi All. I've read a chapter on this in a book I have and in the book when you submit the form and the j_security_check action is performed tomcat looks up the tomcat-users.xml file for the users there and authenticates against those. I would like to use this security mechanism but not store ...

Hello All,I've a problem in my code. I have two web applications deployed in JBoss.I wrote the next code in two differentes methods (one in application A and other in application B):String providerName = System.getProperty("jsr105Provider", ...

I m looking for solution to protect Web application from piracy. I want my application run on web server for which it is built, & it musn't run on any other web server. how can i protect my web application from piracy?.Our .Net applications we protect using Hardware ID binding , How can i ...

When for example a webbrowser like firefox connects to a https page it automatically optains the public key of the server and uses it for encryption with e.g. SSL. How can java do this (can java do this). Up to now I have to manually insert the public key of the server in the keystore of the ...

How can I change policy permissions at runtime?For example giving write permission for a file to a subject and some time latter removing this permission, all at the same runtime?

Hello,I have JRE 1.5.0_11 installed, and one application launched using Java Webstart. The *.JAR files of that application are signed with an X.509 certificate provided by a CA.The root certificate of the CA who signed my certificate is configured in my browser (IExplorer 6) in "Trusted root ...

Hi all,I'm trying to access MS Windows keystore from JAVA. It works with the new JAVA 6 SunMSCAPI support. But: I have three certificates in the MS store - all with the same 'alias'. The KeyStore.aliases() Enumeration gives me these three identical Strings, but afterwards I can not access a ...

helloanybody know if unsigned applet can connect to servers from same domain?Let say applet is loaded from onesite.com and I want to have connection from applet to server1.onesite.com, server2.onesite.com...thanks

Hi,I've sucessfully set up a JDBCRealm to accept users and there log in details but the passwords are currently cleartext. I need to encrypt them with MD5. I've followed the instructions here: http://tomcat.apache.org/tomcat-3.3-doc/JDBCRealm-howto.htmlso I've added digest="MD5" to the Realm ...

I need to sign an XML document in an applet, using JavaTM XML Digital Signature API Specification (JSR 105) using an individual's X509 certificate.All the example code I have seen generate a key pair on the fly or pull one from a keystore. I need to sign using the private key from the ...

I have implemented the login flow for user using standard authorization configuration in web.xml.However, I cannot find a way to logout so that user can login again using the another user account.I am using tomcat 6.0 and cannot find related information for logout process from tomcat doc. Can ...

I am trying to create Salt fo my passwords. This is my functionpublic byte[] generateSalt() throws Exception{random = SecureRandom.getInstance(SECURE_RANDOM_ALGORITHM);random.setSeed(System.currentTimeMillis());byte[] salt = new byte[8];random.nextBytes(salt);return salt;}I called this function ...

Hi,I want to use an existing JAAS loginmodule in Tomcat. I don't want to use the built in JAASRealm functionality of Tomcat. In a JSF managed bean (called AuthenticationBean) I create a LoginContext and call it's login method. When the user logs out, the invalidate method of the HttpSession ...

I am writing a login method that will authencticate user and return token for web services. Next time user will send is token and we will validate the token but requirement is that we donot wnat to keep any state of token at server.What does it mean that when we receive token, we should be able ...

How to Provide authorization for Jsp Pages in a web Application

I can not simply make sense of this KeySTore Class.I have private and public key and I simply want to use them in KeyStore to use later.KeyPairGenerator keyGen = KeyPairGenerator.getInstance("DSA"); SecureRandom random = SecureRandom.getInstance("SHA1PRNG", "SUN"); ...

Hi. I have just read the tutorial abut securing web applications. I saw you can use j_security_check and let the application server do the authentication. But in the tutorial, it said to define users using the AdminConsole.But i want to be able to register user, so i must use a a database where ...

Is it possible to do it? I got a hosting where i cant get to the server.xml, so i would need to set my JDBC Realm using the Admin tool.Thanks Batsup

Hello ,We have a web application in which the browser performs user authentication. The authentication window prompts for User Name and Password. The User enters his user name in "Domain/User Name" format. Is there any way to tweak the browser/browser variables so that it prompts for User Name, ...