Basic authentication without a secure connection

Hello!
I'm developing a Java, Struts, Tomcat application.
Authentication Screen-shot Dialog appears when I want to open page from another server via my application.
Is there any way to pass the username and password (attach it on link, or put it in the session/request) so it won't be necessary to fill the attached dialog? How?
Regards

The above answer is apt....
As an example u can use the following code:
final String login="XXXX";
          final String password="XXXX";
          try{
               Authenticator.setDefault(new Authenticator() {
protected PasswordAuthentication getPasswordAuthentication() {
return new PasswordAuthentication (login, password.toCharArray());
});

Similar Messages

Avoiding Weblogic basic authentication check

I want to use Acegi basic authentication filter with WLS 8.1. But weblogic doesn't allow requests which have Authorization header and no such user is configured in weblogic, although I haven't configured any security in weblogic for my web-app. How could I send username and password using basic authentication, without weblogic to check them?

You can comment out the security constraint and login config in the web.xml of your application.

-Faisal
http://www.weblogic-wonders.com

Outlook 2010 Basic Authentication Fails after Server Update

It appears that since updating our 2 DCs (Win 03 Enterprise SP2) with windows update released this week (March 10 - fully patched before), Outlook
users using Basic Authentication all failed to connect to our Ex 03 SP2 server.
Domain users connecting using NTLM has no problem. Our Ex server has also been updated ..
Can anyone suggest how to trouble shoot? Thanks a lot.

Hi,
How did those server use Basic Authentication Set-up? Was there any difference between Domain Users and users who use basic authentication?
Meanwhile we can start checking below items:
Ping your Exchange server address/DNS from the client machine which using basic authentication, see if the Exchange server was pingable.
NSlookup Exchange server address/DNS from the client machine which using basic authentication, see if the address/DNS of the Exchange server could be resolved from client.
Collecting Outlook log from client machine which using basic authentication, default location is: C:\Users\<user>\AppData\Local\Temp\outlook logging\<user email account>-<user>.ost.log
at current date time.
Send the log though mail to: [email protected]
Let me know the result about 1 and 2 here or along with mail. Thanks.

Secure connection from iMac Airport to PC netbook running XP

I am able to connect to my MAC via Airport wireless all the time without a secure connection. The PC netbook is running XP.
However when I try to put in either WEP or WPA password and make the link secure, it will not connect.
Is there something I'm missing

In my experience it does matter, but then you said it didn't work unencrypted either.
I think it would be prudent to ensure that you update to the lastest version of OS 9 (OS 9.2.2) which you can download for free here (link).
Are you able to access the Internet if you connect into an Ethernet port direct?
mrtotes

Connecting Using SSL Authentication Without Username and Password

Hi,
We're on RedHat Linux 4.0 using 10.2.0.3 (server/client). We're trying to figure out a way to connect to the database using instantclient and JDBC-OCI and SSL authentication without using a username or password. According to the documentation this should be possible but no sample code is given.
LD_LIBRARY_PATH is set /opt/app/oracle/product/10.2.0/db_1/lib:/usr/lib:/home/oracle/instantclient where the instantclient was installed from the 10.2.0.1 client software
and we are using JDK version 1.6.0_03.
We're also referencing the following paper:
http://www.oracle.com/technology/tech/java/sqlj_jdbc/pdf/wp-oracle-jdbc_thin_ssl_2007.pdf
We've got our client and server wallets configured and the sample code we tried looks like this:
import java.sql.*;
import java.sql.*;
import java.io.*;
import java.util.*;
import oracle.net.ns.*;
import oracle.net.ano.*;
import oracle.jdbc.*;
import oracle.jdbc.pool.*;
import java.security.*;
import oracle.jdbc.pool.OracleDataSource;
public static void main(String[] argv) throws Exception {
DriverManager.registerDriver(new oracle.jdbc.driver.OracleDriver());
Security.addProvider(new oracle.security.pki.OraclePKIProvider());
System.setProperty("oracle.net.tns_admin", "/opt/app/oracle/product/10.2.0/db_1/network/admin");
String url = "jdbc:oracle:thin:@orcl";
java.util.Properties props = new java.util.Properties();
props.setProperty("oracle.net.authentication_services","(TCPS)");
props.setProperty("javax.net.ssl.trustStore",
"/opt/app/oracle/product/10.2.0/db_1/admin/wallet/server/cwallet.sso");
props.setProperty("javax.net.ssl.trustStoreType","SSO");
props.setProperty("javax.net.ssl.keyStore", "/opt/app/oracle/product/10.2.0/db_1/admin/wallet/client/cwallet.sso");
props.setProperty("javax.net.ssl.keyStoreType","SSO");
props.put ("oracle.net.ssl_version","3.0");
props.put ("oracle.net.wallet_location", "(SOURCE=(METHOD=file)(METHOD_DATA=(DIRECTORY=/opt/app/oracle/product/10.2.0/db_1/admin/wallet/client)))");
System.out.println("At Here...");
OracleDataSource ods = new OracleDataSource();
//ods.setUser("scott");
//ods.setPassword("tiger");
ods.setURL(url);
ods.setConnectionProperties(props);
System.out.println("At Here1...");
Connection conn = ods.getConnection();
System.out.println("At Here2...");
Statement stmt = conn.createStatement();
ResultSet rset = stmt.executeQuery("select 'Hello Thin driver SSL "
+ "tester ' from dual");
while (rset.next())
System.out.println(rset.getString(1));
rset.close();
stmt.close();
conn.close();
When this code is compiled and run, the following error is thrown:
Exception in thread "main" java.sql.SQLException: invalid arguments in call
at oracle.jdbc.driver.DatabaseError.throwSqlException(DatabaseError.java:112)
If a username and password is supplied, the code works. So does anyone have a working of using SSL to authenticate without supplying username/password?
Thanks
mohammed

Hi,
I just solved this. I noticed from another thread that I was not using the OCI driver (see below):
String url = "jdbc:oracle:thin:@pki14";
Once I changed it to:
String url = "jdbc:oracle:oci:@pki14";
The code worked perfectly. One more setting that you'll have to do is to create the user you want to connect as externally:
create user scott identified externally as
'CN=acme, OU=development, O=acme, C=US';
grant connect,create session to scott;
Note that the DN should be the same as the SSL certificate that you created in your wallet.
hth
mohammed

Securing Web Applications by HTTP Basic Authentication

We are working on providing security for web applications in Webdynpro.We downloaded the material from net regarding this.In that it was mentioned to open the webdynpro project's web.xml file in the Netweaver Developer Studio.In the material,we are asked to click the General TAb and check "Login Configuration".But there is no such checkbox in our general tab screen.Also many tabs are missing like Context,Resources,mapping,Environment,EJB's,Web objects.How to enable/display these tabs?Is there any means of setting properties in the server to get these tabs?
regards,
J.Iswaryal
K.Brinda

Hi J.Iswaryal,
I guess two things based on your post.
1. You have created one wer service and you want to make secure this web service using HTTP basic authentication.
2. You have such wweb service and you want to consume this web service lets say in webdynpro application.
For, point one,
After creating web service goto webservice perspective in NWDS. there, choose your web service project.
Now, open Web service configuration file recided in your project.
Here, go under config1-> security and double click on it.
It will display security options for this web service.
Choose transport protocol as HTTP, Authentication mechanism as HTTP authentication and choose Basic radio button.
Now, save this, rebuild this and deploy on server.
For point 2,
Make model for your web service.
before calling your web service, set your username and password in code as shown below.
wdContext.current<web service model node>element().modelobject()._setusername(<username>);
wdContext.current<web service model node>element().modelobject()._setPassword(<password>);
Rehards,
Bhavik

The SMTP server requires a secure connection or the client was not authenticated. The server response was: 5.5.1 Authentication Required.

try
MailMessage mail = new MailMessage();
SmtpClient SmtpServer = new SmtpClient("smtp.gmail.com");
mail.From = new MailAddress("[email protected]");
mail.To.Add("[email protected]");
mail.Subject = "Test Mail..!!!!";
mail.Body = "mail with attachment";
System.Net.Mail.Attachment attachment;
attachment = new System.Net.Mail.Attachment(@"C:\Attachment.txt");
mail.Attachments.Add(attachment);
SmtpServer.Port = 587;
SmtpServer.UseDefaultCredentials = true;
SmtpServer.Credentials = new System.Net.NetworkCredential("userid", "Password");
SmtpServer.EnableSsl = true;
SmtpServer.Send(mail);
Catch(Exception exception)
When i m run this part of code it throw an Ecxeption
Given Below is the Error..
The SMTP server requires a secure connection or the client was not authenticated. The server response was: 5.5.1 Authentication Required.
Bikky Kumar

try
MailMessage mail = new MailMessage();
SmtpClient SmtpServer = new SmtpClient("smtp.gmail.com");
mail.From = new MailAddress("[email protected]");
mail.To.Add("[email protected]");
mail.Subject = "Test Mail..!!!!";
mail.Body = "mail with attachment";
System.Net.Mail.Attachment attachment;
attachment = new System.Net.Mail.Attachment(@"C:\Attachment.txt");
mail.Attachments.Add(attachment);
SmtpServer.Port = 587;
SmtpServer.UseDefaultCredentials = true; ///Set it to false, or remove this line
SmtpServer.Credentials = new System.Net.NetworkCredential("userid", "Password");
SmtpServer.EnableSsl = true;
SmtpServer.Send(mail);
Catch(Exception exception)
Given Below is the Error.. The SMTP server requires a secure connection or the client was not authenticated. The server response was: 5.5.1 Authentication Required.
Solution:
The error might occur due to following cases.
case 1: when the password is wrong
case 2: when you try to login from some App
case 3: when you try to login from the domain other than your time zone/domain/computer (This
is the case in most of scenarios when sending mail from code)
There is a solution for each
solution for case 1: Enter the correct password.
Recomended: solution for case 2: go to
security settings at the following link https://www.google.com/settings/security/lesssecureapps and
enable less secure apps . So that you will be able to login from all apps.
solution 1 for case 3: (This might be helpful) you need to review the activity. but reviewing the activity will not be helpful due to latest security
standards the link will not be useful. So try the below case.
solution 2 for case 3: If you have hosted your code somewhere on production server and if you have access to the production server, than take remote
desktop connection to the production server and try to login once from the browser of the production server. This will add exception for login to google and you will be allowed to login from code.
But what if you don't have access to the production server. try
the solution 3
solution 3 for case 3: You have to enable
login from other timezone / ip for your google account.
to do this follow the link https://g.co/allowaccess and
allow access by clicking the continue button.
And that's it. Here you go. Now you will be able to login from any of the computer and by any means of app to your google account.
Regards,
Nabeel Arif

BPEL to invoke Webservice secured with HTTP Basic authentication

Hi All,
Iam trying to call a Synchronous BPEL porcess from BPEL by passing HTTP basic authentication.I have done below steps to achieve this.
1) Created Target Synchronous process ex : B
2) Created Source Syncronous Process ex : A
Iam trying to call B(Target) from A(source).
3) Open Composite.xml of A(Source)
4) Right Click on External Refernce B(Target) parter link and click Configure WS policies
5) Under Security tab attach oracle/wss_username_token_client_policy
6) Login to em/console
7) Right click on A(Source) Composite and click Service/Refence Properties>>B(Target)
8) Enter username and password under HTTP Basic Authentication.
9)Test from em.console(when we are testing under security tab I have checked None radio button)
So this is the Error message which is throwing.
==================================
The selected operation process could not be invoked.
An exception occured while invoking the webservice operation. Please see logs for more details.
oracle.sysman.emSDK.webservices.wsdlapi.SoapTestException: SOAP must understand error:{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security, {http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security.
java.lang.Exception: oracle.sysman.emSDK.webservices.wsdlapi.SoapTestException: SOAP must understand error:{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security, {http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security. at oracle.sysman.emas.model.wsmgt.WSTestModel.invokeOperation(WSTestModel.java:570) at oracle.sysman.emas.view.wsmgt.WSView.invokeOperation(WSView.java:381) at oracle.sysman.emas.view.wsmgt.WSView.invokeOperation(WSView.java:298) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at com.sun.el.parser.AstValue.invoke(AstValue.java:157) at com.sun.el.MethodExpressionImpl.invoke(MethodExpressionImpl.java:283) at org.apache.myfaces.trinidadinternal.taglib.util.MethodExpressionMethodBinding.invoke(MethodExpressionMethodBinding.java:53) at org.apache.myfaces.trinidad.component.UIXComponentBase.broadcastToMethodBinding(UIXComponentBase.java:1245) at org.apache.myfaces.trinidad.component.UIXCommand.broadcast(UIXCommand.java:183) at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent$1.run(ContextSwitchingComponent.java:87) at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent._processPhase(ContextSwitchingComponent.java:298) at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent.broadcast(ContextSwitchingComponent.java:91) at oracle.adf.view.rich.component.fragment.UIXInclude.broadcast(UIXInclude.java:87) at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent$1.run(ContextSwitchingComponent.java:87) at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent._processPhase(ContextSwitchingComponent.java:298) at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent.broadcast(ContextSwitchingComponent.java:91) at oracle.adf.view.rich.component.fragment.UIXInclude.broadcast(UIXInclude.java:81) at javax.faces.component.UIViewRoot.broadcastEvents(UIViewRoot.java:475) at javax.faces.component.UIViewRoot.processApplication(UIViewRoot.java:756) at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl._invokeApplication(LifecycleImpl.java:673) at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl._executePhase(LifecycleImpl.java:273) at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:165) at javax.faces.webapp.FacesServlet.service(FacesServlet.java:265) at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227) at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125) at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:292) at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at oracle.adfinternal.view.faces.webapp.rich.RegistrationFilter.doFilter(RegistrationFilter.java:85) at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl$FilterListChain.doFilter(TrinidadFilterImpl.java:420) at oracle.adfinternal.view.faces.activedata.AdsFilter.doFilter(AdsFilter.java:54) at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl$FilterListChain.doFilter(TrinidadFilterImpl.java:420) at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl._doFilterImpl(TrinidadFilterImpl.java:247) at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl.doFilter(TrinidadFilterImpl.java:157) at org.apache.myfaces.trinidad.webapp.TrinidadFilter.doFilter(TrinidadFilter.java:92) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at oracle.help.web.rich.OHWFilter.doFilter(Unknown Source) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at oracle.sysman.emSDK.license.LicenseFilter.doFilter(LicenseFilter.java:101) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at oracle.adf.model.servlet.ADFBindingFilter.doFilter(ADFBindingFilter.java:191) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at oracle.sysman.emas.fwk.MASConnectionFilter.doFilter(MASConnectionFilter.java:41) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at oracle.adf.library.webapp.LibraryFilter.doFilter(LibraryFilter.java:159) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at oracle.sysman.eml.app.AuditServletFilter.doFilter(AuditServletFilter.java:179) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at oracle.sysman.eml.app.EMRepLoginFilter.doFilter(EMRepLoginFilter.java:203) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at oracle.sysman.core.app.perf.PerfFilter.doFilter(PerfFilter.java:141) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at oracle.sysman.eml.app.ContextInitFilter.doFilter(ContextInitFilter.java:527) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at oracle.dms.wls.DMSServletFilter.doFilter(DMSServletFilter.java:202) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at weblogic.servlet.internal.RequestEventsFilter.doFilter(RequestEventsFilter.java:27) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3588) at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321) at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:121) at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2200) at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2106) at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1428) at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201) at weblogic.work.ExecuteThread.run(ExecuteThread.java:173) Caused by: oracle.sysman.emSDK.webservices.wsdlapi.SoapTestException: SOAP must understand error:{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security, {http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security. at oracle.sysman.emas.model.wsmgt.PortName.invokeOperation(PortName.java:712) at oracle.sysman.emas.model.wsmgt.WSTestModel.invokeOperation(WSTestModel.java:564) ... 68 more Caused by: oracle.sysman.emSDK.webservices.wsdlapi.SoapTestException: SOAP must understand error:{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security, {http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security. at oracle.sysman.emSDK.webservices.wsdlapi.dispatch.DispatchUtil.invoke(DispatchUtil.java:260) at oracle.sysman.emSDK.webservices.wsdlparser.OperationInfoImpl.invokeWithDispatch(OperationInfoImpl.java:843) at oracle.sysman.emas.model.wsmgt.PortName.invokeOperation(PortName.java:664) ... 69 more Caused by: javax.xml.ws.soap.SOAPFaultException: SOAP must understand error:{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security, {http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security. at oracle.j2ee.ws.client.jaxws.DispatchImpl.throwJAXWSSoapFaultException(DispatchImpl.java:874) at oracle.j2ee.ws.client.jaxws.DispatchImpl.invoke(DispatchImpl.java:707) at oracle.j2ee.ws.client.jaxws.OracleDispatchImpl.synchronousInvocationWithRetry(OracleDispatchImpl.java:226) at oracle.j2ee.ws.client.jaxws.OracleDispatchImpl.invoke(OracleDispatchImpl.java:97) at oracle.sysman.emSDK.webservices.wsdlapi.dispatch.DispatchUtil.invoke(DispatchUtil.java:256) ... 71 more
=======================================
Please let me know if Iam missing any steps.
Thanks
SSV

Followed this post.......
This is avery good question
in 11g i have taken out the steps from my document which i created for one our customer
go to composite
Right click on the external reference service and select “Configure WS policies” :done
Under the security tab, click add button and select “oracle/ wss_username_token_client_policy :done
6. Now Open the property Inspector window and click the add button under “Binding properties” tab. :done
7. Include the “oracle.webservices.auth.username--> :done
value-->password :done
8. Include the “oracle.webservices.auth.password”-->name :done
value-->password :done
Thanks
SSV

Latest version of Firefox can't make a secure connection without disabling firewall, why?

''dupe of https://support.mozilla.org/en-US/questions/920138''
After upgrading to latest Firefox, can't made a secure connection. It spins and either times out or says connection refused. Running PC Tools Firewall and when I disable it, secure connections work. Tried one tip of removing Firefox from firewall list and then re-adding it, but it didn't help.

A possible cause is security software (firewall) that blocks or restricts Firefox or the plugin-container process without informing you, possibly after detecting changes (update) to the Firefox program.
Remove all rules for Firefox and the plugin-container from the permissions list in the firewall and let your firewall ask again for permission to get full unrestricted access to internet for Firefox and the plugin-container process and the updater process.
See:
*https://support.mozilla.org/kb/Server+not+found
*https://support.mozilla.org/kb/Firewalls

How to fix this problem? Secure Connection Failed, SSL received a record with an incorrect Message Authentication Code. (Error code: ssl_error_bad_mac_read)

Secure Connection Failed
SSL received a record with an incorrect Message Authentication Code. (Error code: ssl_error_bad_mac_read)
I have been receiving this error message recently when I tried to access school elearning websites and other school related websites, I have also tried on internet explorer and it shows page cannot be displayed. I have been trying the available solutions to solve it but none of them work. Is there alternative solutions available? Please advise. Thanks.

It works after I disabled IPv6 in Firefox. Thank you for your help :)

How do I protect my JNLP, my JARs etc. (with Basic Authentication)???

hi all,
i know that there is a FAQ ( [see here|http://lopica.sourceforge.net/faq.html#obfuscate] ) answering a related question with "You can use an obfuscator...". ok, but is there really no other solution?
this is the simplified folder structure of my application on the server:
[application]
[etc]
 xyz.xml
[jars]
 myapp.jar
launch.jnlp
website.jsp
initial start and basic authentication:*
my first idea was to secure everything underneath "application" with basic authentication via my web.xml (yes, i'm aware of the security concerns). this means everybody can access my website (here: website.jsp) which contains a start button that links to "launch.jnlp". as soon as the user clicks on it, the browser opens its standard authentication dialog since launch.jsp is in a protected area. after entering the correct credentials the jnlp-file is downloaded and java web start takes over control. first of all it seems as it tries to access the same jnlp-file again (??? --> probably in order to check for changes in the jnlp file --> this is certainly not the case for the initial startup) and then wants to download the relevant jar (myapp.jar). because both resources are protected jws opens its own basic authentication dialog where i have to enter the same credentials the second time. as far as i know, there is no solution to pass the credentials between the browser and the jvm.
second start and basic authentication:*
if the user starts my application for the 2nd, 3rd, ... time via desktop-link (set in jnlp-file) there is no need for accessing my website with a browser. therefore only the authentication dialog of jws gets displayed. so far, so good!
and now the actual problem:*
during runtime my application (signed with verisign certificate and having all permissions) uses commons-vfs and commons-httpclient to access resources on the same server (e.g. etc/xyz.xml). since they're underneath the protected "application" directory as well, my application needs the same credentials the user already entered in the authentication dialog of jws. now i could retrieve these credentials by calling Authenticator.requestPasswordAuthentication() within my application and passing them to vfs and httpclient. however, doing so opens up jws' authentication dialog again. grrr!!! is there a way to prevent this?
related thougts:*
i know i could disable jws' default Authenticatior and set my own Authenticator which might be able to return already entered credentials without opening the dialog a second time. however, it seems that even with <property name="javaws.cfg.jauthenticator" value="none" /> jws still opens its own dialog when acessing the JNLP file and the relevant JARs during the startup/download phase. of course, who else if not jws could handle that phase? my application might not even be downloaded at this point. so i guess setting my own Authenticator would not be a solution either (at least not if i want to secure my jnlp and my jars, too). quite the contrary, it would have to open another dialog... :-(
my current solution:*
for the moment i use jws' default Authenticatior which allows me to easily protect all my stuff on the server side (jnlp, jar, etc). i can live with the two login dialogs at the initial startup. and instead of querying the credentials from jws' default Authenticatior at runtime, i set two system properties for username and password in the (protected) jnlp-file, query them at runtime and hand it to vfs and httpclient. this prevents the 2nd (or 3rd) dialog but is definitely not a great solution. most of all i'm not happy with the fact that this somehow "destroys" the container-based security advantage of easily configuring authorized users via a separate mechanism e.g. tomcat-users.xml. now there has to be one master-password that has to be set in the jnlp-file! grrr!
a possible alternative:*
i'm not sure but would it be better to secure everything with form-based authentication on the website, and dynamically generate username and password into the jnlp-file? but what happens when the admin changes the password on the server and the user starts its application via desktop-link??? in case of basic authentication i think jws would popup the login dialog again. however, if i use the old username and password generated into the jnlp it won't work. i think the user then has to access the website again. this is not good at all! :-(
the only real solution:*
should i write a small application which can be downloaded by everybody and on startup queries the user's credentials, validates them with the help of our server, and uses the javax.jnlp-api to download the secured JARs of my real application? this seems so much overkill! does anybody have experiences with this approach? how difficult is it to implement the whole download/update stuff with javax.jnlp?
WHAT HAVE I MISSED???
AM I COMPLETELY WRONG???
WHAT IS THE EASIEST WAY???
AND WHAT IS THE BEST WAY???
thank you so much,
stephan

Not sure, whether I understood correctly, what you wanna do - but up to now I can't see any problem.
if you have a structure like this:
/ctxroot/
 launch.jnlp
 /app/
 *.jar
 *.whateveryou may use in your web.xml:
 <servlet>
 <servlet-name>JnlpDownloadServlet</servlet-name>
 <servlet-class>jnlp.sample.servlet.JnlpDownloadServlet</servlet-class>
 </servlet>
 <servlet-mapping>
 <servlet-name>JnlpDownloadServlet</servlet-name>
 <url-pattern>*.jnlp</url-pattern>
 <url-pattern>/app/*</url-pattern>
 </servlet-mapping>
 <security-constraint>
 <web-resource-collection>
 <web-resource-name>Application</web-resource-name>
 <url-pattern>/app/*</url-pattern>
 <http-method>GET</http-method>
 <http-method>POST</http-method>
 </web-resource-collection>
 <auth-constraint>
 <role-name>bla</role-name>
 <role-name>fahsel</role-name>
 </auth-constraint>
 <user-data-constraint>
 <transport-guarantee>CONFIDENTIAL</transport-guarantee>
 </user-data-constraint>
 </security-constraint>
 <security-constraint>
 <web-resource-collection>
 <web-resource-name>Subscription</web-resource-name>
 <url-pattern>*.jnlp</url-pattern>
 </web-resource-collection>
 <user-data-constraint>
 <transport-guarantee>CONFIDENTIAL</transport-guarantee>
 </user-data-constraint>
 </security-constraint>
 <login-config>
 <auth-method>BASIC</auth-method>
 <realm-name>whatever-realm</realm-name>
 </login-config>
 <security-role><role-name>bla</role-name></security-role>
 <security-role><role-name>fahsel</role-name></security-role>
...Than you may use the Service stuff like:
 BasicService bs = (BasicService)ServiceManager.lookup("javax.jnlp.BasicService");
 URL codeBase = bs.getCodeBase();
 URL pu = new URL(codeBase.toString() + "whatever.bla");
 HttpURLConnection res = (HttpURLConnection) pu.openConnection();
 res.setInstanceFollowRedirects(true);
 res.setRequestMethod("GET");
 res.setConnectTimeout(10 * 60 * 1000);
 res.connect();
 String enc = res.getContentType();
...Where is the problem? If you wanna intercept certain "calls" to an app resource, just use a filter, which decides, whether to answer the request directly by itself or to pass it to the JnlpDownloadServlet ...

How to access SOAP web service with authentication, HTTP basic Authentication

Dear All
i use Flash Builder 4.5, flex 4..1, i am developing a flex client to soap webservices hosted over Glassfish 2 Java server, the web services is protected by HTTP Basic Authentication, everythime i run my code , the prombt for username and password show up, i need to pass user name and password through action script, i followed the flollowing (but was for http web service, not soap) but really did not work.
http://stackoverflow.com/questions/490806/http-basic-authentication-wi th-httpservice-objects-in-adobe-flex-air
http://forums.adobe.com/message/4262868
private function authAndSend(service:HTTPService):void
        var encoder:Base64Encoder = new Base64Encoder();
        encoder.insertNewLines = false; // see below for why you need to do this
        encoder.encode("someusername:somepassword");
        service.headers = {Authorization:"Basic " +encoder.toString()};
        service.send();
Also i noticed in debug mode, always that WARNNING raised up
Warning: Ignoring 'secure' attribute in policy file from http://fpdownload.adobe.com/pub/swz/crossdomain.xml. The 'secure' attribute is only permitted in HTTPS and socket policy files. See http://www.adobe.com/go/strict_policy_files for details.
any idea ?

Hello,
I don't know if this could help.
Another way to connect to a web service by SOAP and WSDL is to click on the Data/Services panel, then click on "Connect to Data/Services" and then select the "Web Service" (WSDL) icon. This could help as well.

Cant establish secure connection

when I try to login to my google email, or login to Youtub via Chrome I get this message:
SSL connection error
Unable to make a secure connection to the server. This may be a problem with the server, or it may be requiring a client authentication certificate that you don't have.
Error 107 (net::ERR_SSL_PROTOCOL_ERROR): SSL protocol error.
when I try either one using safari I get this message:
Safari can't open the page "https://accounts.google.com/serviceLogin?..........because safari can't establish a secure connection to the server "accounts.google.com"
When I open iTunes and try to connect to iTunes store it says:
Itunes could not connect to the iTunes store. Make sure your network connection is active and try again.
Any idea what settings I need to modify so that my iMac is able to have secure connections?

First, delete Onyx. Like all so-called "utilities," it's worse than useless. All it does is to make it easy for you to wreck your system, and it does nothing to help you repair the damage.
The process by which OS X checks the validity of root SSL certificates doesn't currently work behind the authenticating SOCKS proxies used on some enterprise networks. If applicable, contact your network administrator. The proxy server may need to have its settings changed.
Disable the built-in application firewall, if it's in use. If you're running a third-party firewall such as “LittleSnitch” or “Hands Off,” disable that. Test.
In some versions of OS X, Parental Controls has a bug that prevents loading of secure websites. Turn it off.
Are the current date (including the year) and time shown on your system clock? If not, correct them and test.
Otherwise, launch the Activity Monitor application in any of the following ways:
☞ Enter the first few letters of its name into a Spotlight search. Select it in the results (it should be at the top.)
☞ In the Finder, select Go ▹ Utilities from the menu bar, or press the key combination shift-command-U. The application is in the folder that opens.
☞ Open LaunchPad. Click Utilities, then Activity Monitor in the icon grid.
Select All Processes from the menu in the toolbar of the Activity Monitor window, if not already selected. Enter "ocspd" (without the quotes) in the "Filter" text field. Is a process with that name listed?
If not, select Go ▹ Go to Folder from the Finder menu bar. Into the text box that opens, copy the following line of text:
/var/db/crls
From the folder that opens, move these two files to the Trash:
crlcache.db
ocspcache.db
You’ll be prompted for your administrator password when you do this. Then reboot, empty the Trash, and try again.

The connection was reset + Secure connection failed

Hello, I am using firefox on the web and I keep encountering the same error message that the connection was reset when I try to access webpages. Following the article at https://support.mozilla.org/en-US/questions/1024256 did not solve the problem as it only fixed it for google.com and no other website, however when I hold down shift and reload the page it will reload, sometimes in basic html. Operating in safe mode will bring up these pages in basic text without graphics.
Sometimes, it will instead show the message Secure Connection Failed for trusted websites such as news agencies.
I have disabled my themes and add-ons but the problem still persists.
I woud like some guidance on how to go about fixing this problem. Thanks! :)

Check the date and time and time zone in the clock on your computer: (double) click the clock icon on the Windows Taskbar.
Check out why the site is untrusted and click "Technical Details" to expand this section.
If the certificate is not trusted because no issuer chain was provided (sec_error_unknown_issuer) then see if you can install this intermediate certificate from another source.
You can retrieve the certificate and check details like who issued certificates and expiration dates of certificates.
*Click the link at the bottom of the error page: "I Understand the Risks"
Let Firefox retrieve the certificate: "Add Exception" -> "Get Certificate".
*Click the "View..." button and inspect the certificate and check who is the issuer of the certificate.
You can see more Details like intermediate certificates that are used in the Details pane.
If "I Understand the Risks" is missing then this page may be opened in an (i)frame and in that case try the right-click context menu and use "This Frame: Open Frame in New Tab".
*Note that some firewalls monitor (secure) connections and that programs like Sendori or FiddlerRoot can intercept connections and send their own certificate instead of the website's certificate.
*Note that it is not recommended to add a permanent exception in cases like this, so only use it to inspect the certificate.
Boot the computer in Windows Safe mode with network support (press F8 on the boot screen) as a test to see if that helps.
*http://www.bleepingcomputer.com/tutorials/how-to-start-windows-in-safe-mode/

Basic authentication not working for portal application

HI All,
i have a portal application where I have a servlet. i want to use basic authentication for this servlet.
to archive this i have followed http://docs.oracle.com/cd/E14571_01/web.1111/b31974/adding_security.htm
and configured basic authentication, also add web-resource in web.xml for the url to access the servlet.
my web.xml look like (copied is only security section from web.xml)
<security-constraint>
 <web-resource-collection>
 <web-resource-name>adfAuthentication</web-resource-name>
 <url-pattern>/adfAuthentication</url-pattern>
 </web-resource-collection>
 <web-resource-collection>
 <web-resource-name>All</web-resource-name>
 <url-pattern>/faces/Auto-connect</url-pattern>
 </web-resource-collection>
 <auth-constraint>
 <role-name>valid-users</role-name>
 </auth-constraint>
</security-constraint>
<login-config>
 <auth-method>BASIC</auth-method>
</login-config>
<security-role>
 <role-name>valid-users</role-name>
</security-role>
this works when in run the application in JDeveloper i.e. when i try to access http://localhost:7101/MyApp/faces/Auto-connect it ask for basic authentication (the popup) and when i access http://localhost:7101/MyApp/ it takes me to home page for login , but doesn't work when i deploy the application in weblogic 11g.(deployment done using Enterprise Manager console (EM console) (for both URL no popup).
i tried Google around it but didn't get any solution please provide your input and guide me.
thanks
-somesh

Hi,
Before deploying, have you changed:
Application properties -> Deployment
Remove the selection from "Auto Generate and Syncronize weblogic-jdc.xml ....."
Kind Regards

Basic authentication without a secure connection

Similar Messages

Maybe you are looking for