Can a pl sql cartridge get the client certificate through ssl in OAS
I am In a web publishing system project, I use SSL and client certificate to verify the user, the environment is OAS4.0.6 and Oracle 8i, and I use PL SQL cartridge to proceed the http request , Now the problem is how can I get the client certificate infomation in my pl sql scripts, I do not know where should i post this problem, So I post it here, If you have any experience in using SSL of OAS, pls help me!
tsailiang
[email protected]
thank you very much!
Sorry wrong forum.....
This forum is for the Internet File Server (ifs) not the oracle application server (oas), sometimes known as iAS or Oracle9i Applicaiton Server.
null
Similar Messages
-
Getting the Client Certificate out of the HttpServletRequest object
I have an interesting issue with weblogic 5.1 SP6 and getting/obtaining Client
Certificates.
The issue is that the Client Certificate is not always in the HttpServletRequest
object depending on how the weblogic.properties are set. Here is my code to get
the Certificates.
// get the cert chain from the request
Object obj=request.getAttributs("javax.net.ssl.peer_certificates");
if (obj instanceof weblogic.security.X509[]) {
weblogic.security.X509[] wlogicCert = (weblogic.security.X509[]) obj;
try {
iaik.x509.X509Certificate iaikClientCert =
new iaik.x509.X509Certificate(wlogicCert[0].getBytes());
clientSDN = aiaikClientCert.getSubjectDN().getName();
clientCert = (Certificate)iaikClientCert;
The only time the certificate is present in the Request Object is when the following
weblogic.properties are set:
weblogic.security.enforceClientCert=true
weblogic.security.clientRootCA=CARoot.pem
If the properties are set to to this: no Certificate can be received from the
Request object.
weblogic.security.enforceClientCert=false
#weblogic.security.clientRootCA=CARoot.pem
Is there a way to have Weblogic always receive/get a Client Certificate if one
is provided by the client, but not have weblogic do any validation of the certificate?
Any help would be appreciated!
Garyok i see.
although it should be able to get the underlying
outputStream handle since i have initialized
(associated) it on the previous line.
ThanksWell, you might be able to get the underlying stream. Look at the API docs. If there's a method there to do it, then you can. If not, then you can't.
If you can do it, then you have to look at the API docs for FileOutputStream and see if it lets you get the associated File or path. If such a method exists, then you can get it. If not, then you can't.
Even if both methods exist and you can utimately get the file, do you understand why this is not the same as "getting the file associated with a PrintStream"? -
How do I get the client certificate from the request
We are on Netweaver 2004 using the SAP webdispatcher (end-to-end). I need to do an OCSP validation, I have all of the code I need for the OCSP portion. What I need is the X509Certficate that came from the client. Is this stored in the request object, session? How do I get it?
Thanks.Hi Joseph,
I think the question is which component terminates the SSL connection. It could be an upfront load balancer or the WebAS itself. The former could write the certificate into a request header vairable, while the latter will create a J2EE standard request attribute: javax.servlet.request.X509Certificate
I never did it with the web dispatcher, but you can try the following:
X509Certificate[] certs = (X509Certificate[]) request.getAttribute("javax.servlet.request.X509Certificate");
HTH
Daniel -
How to get the client certificate at server side
hi, this is ravikiran
I am working on a project which requires, receiving a signed file from the client side and verify whether the file is signed by a valid certificate that is there in the servers keystore.
I have no idea how to do this.
can anyone help me.
thanx in advance.[sorry, deleted irrelevant wrong answer]
-
How to get the client identity from the certificate at server side
hi, this is ravi kiran,
I am working on a project which requires, receiving a signed file from the client side and verify whether the file is signed by a valid certificate that is there in the servers keystore.
How can i get the client certificate at server side and check with the certificates already present in the servers keystore.
i have no idea how to do this
can any one help me
thanx in advanceHi Ravi, did you get any answer to your question ?
I'm also after a similar problem, please share your solution, if you have any. -
How can I use applet to get the desktop image of client
hi,I have a question to ask u.
How can I use applet to get the desktop image of client? Now I develop a web application and want user in the client to get his current image of the screen.And then save as a picture of jpeg format ,then upload it to the server?
I have done an application to get the screen image and do upload file to server in a servlet with the http protocal.Since the desktop image is on the client's local hard drive, you'll need to look at trusted applets first.
-
How can I get the client IP address correctly?
Hi,
I am having a problem with getting the client ip address correctly using jsp. I am currently using the method request.getRemoteAddr() (JSP)to get the remote client IP. This method works fine with intranet addresses.
However, when I am using a dial-up connection through a ISP (internet service provider), it could not detect the actual IP that is assigned to my client PC, but instead got another IP address.
Could anyone advise me on that? And could anyone advise me on how to obtain the correct client ip address correctly using any of the java technologies?
Thanks,
Damien>
I don't believe so. You can't establish aconnection
over the internet using a private IP. As far as I
know most, if not all routers, block them so itwon't
even move over the backbone.Well with port-mapping it is definately possible to
allow an external ip to "connect" to an internal ip, i
have done this very thing myself...Not the same.
You are addressing the external server with a public IP address. That is then translated into the internal connection.
That is not the same as using a private IP on the internet.
As I said, the backbone will not let a private IP through.
>
>
Yes, but my point is that at any given time, in the
world, many boxes might have one address. Even ifit
is a private IP is it still that IP for aparticular
box. So if you use java to get its IP that is theIP
that it gets. And that IP is useless for anything
unless that IP is meaningful for the othercomputer.
But all ips must be unique in a designated "internet"
be it an "intranet" or whatever, there cannot be a
situation where two identical ips in the same
"internet", such that an ip that is achieved from a
page-hit is valid and meangingful in order to send the
data it is requesting back to it, or find out more
about that computer, or log and report it if it is
doing something illegal; i don't think its that
meangingless is it?Yes it is. You can't use an IP to uniquely identify a box, and that is the sole criteria, when there might be two boxes with the same IP.
When you use java on a client box to get the IP of the box, it doesn't necessarily return an IP that it meaningful to the anyone outside the lan on which the box lives.
Because of this internet systems must do one of the following:
-Do not use the IP as an identifier.
-Require that the client has a public IP. This is often static. At least some security systems use this to validate users. -
Want to get the Client Machine name from Oracle Forms
Hi,
I want to get the Client machine name from the Oracle Forms.
I have attached web_util.pll.
I use user_name := webutil_clientinfo.get_host_name;
but i am getting following error - WebUtil Error:WUC-015: Your form must contain the following Bean for this function to be available: oracle.forms.webutil.clientinfo.GetClientInfo.
Can any one help me in this!
Thanks & Regards,
Avinash Bhamare.
Pune.Hi,
I have written the code on when-button-pressed trigger of a push button -
DECLARE
user_name VARCHAR2(50);
BEGIN
user_name := client_win_api_environment.get_computer_name;
message('user_name is :'||user_name);
message('user_name is :'||user_name);
END;
And on clicking on this button i am getting error -
frm-40734:Internal Error:PL/SQL error occurred
Can any one help in this asap please!
Thanks & Regards,
Avinash. -
Generating SQL in a PL/SQL progam ( getting the values of a value)
Hi,
We're using Oracle 11.1.
I want to generate sql to do the following
something like
fld_pos(i) = 'MPI';Where fld_pos is part of a varray.
The basic procedire is below.
PROCEDURE get_oldest_mpi (
pin_fld0 VARCHAR2
, pin_fld1 VARCHAR2
, pin_fld2 VARCHAR2
, pin_fld3 VARCHAR2
, pin_fld4 VARCHAR2
, pin_fld5 VARCHAR2
, pin_fld6 VARCHAR2
, pin_fld7 VARCHAR2
, pin_fld8 VARCHAR2
, pin_fld9 VARCHAR2
, pin_fld10 VARCHAR2
, pin_fld11 VARCHAR2
, pin_fld12 VARCHAR2
, pin_fld13 VARCHAR2
IS
TYPE fld IS VARRAY(14) OF VARCHAR2(50);
fld_pos fld;
v_sql_stmt VARCHAR2(1000);
mpi_pos number;
BEGIN
--load the pin_fld vars into an array so they can be processed in a loop
FOR i IN 1..fld_pos.COUNT
LOOP
fld_pos(i) := 'pin_fld'||i;
END LOOP;
--see if the variable pin_fld'x' = the word 'MPI'
FOR i IN 1..fld_pos.COUNT
LOOP
IF fld_pos(i) = 'MPI' then -- I know this statement is wrong. This is where I need help.
mpi_pos :=i;
END IF;
END LOOP;
.I know that 'fld_pos(i)' equals 'pin_fld||i .
So how do I get to the value in the value for this? How can generate the SQL to get the expression I need?
Thanks,Hi,
It's still an awkward procedure, but
CREATE OR REPLACE PROCEDURE get_oldest_mpi (
pin_fld0 VARCHAR2,
pin_fld1 VARCHAR2,
pin_fld2 VARCHAR2,
pin_fld3 VARCHAR2,
pin_fld4 VARCHAR2,
pin_fld5 VARCHAR2,
pin_fld6 VARCHAR2,
pin_fld7 VARCHAR2,
pin_fld8 VARCHAR2,
pin_fld9 VARCHAR2,
pin_fld10 VARCHAR2,
pin_fld11 VARCHAR2,
pin_fld12 VARCHAR2,
pin_fld13 VARCHAR2
) IS
TYPE fld IS VARRAY (14) OF VARCHAR2 (50);
fld_pos fld
:= fld (pin_fld0,
pin_fld1,
pin_fld2,
pin_fld3,
pin_fld4,
pin_fld5,
pin_fld6,
pin_fld7,
pin_fld8,
pin_fld9,
pin_fld10,
pin_fld11,
pin_fld12,
pin_fld13
v_sql_stmt VARCHAR2 (1000);
mpi_pos NUMBER;
BEGIN
--see if the variable pin_fld'x' = the word 'MPI'
FOR i IN 1 .. fld_pos.COUNT LOOP
IF fld_pos (i) = 'MPI' THEN
mpi_pos := i;
END IF;
END LOOP;
END;
/Regards
Peter -
How to get the client date and time ?
Dear Sirs...
Using jdeveloper 10.1.2.0
How can i get the client date and time using the HttpServletRequest ?
thanks for any help in advance
best regardsIf your code is running on the client pc you can just create a new instance of the java.util.Date class. That class automatically defaults to the current time of the client machine. Otherwise if you're running the code on the server, you could insert/post the client date/time by adding its string representation as a parameter to the HTTP request object.
Ronald -
How to get the CLIENT OS USER NAME using Apex
Dear All,
I know there are many other posts (some of them are very old) discuss about this issue. But unfortunately most of the posts endup with NO PROPER ANSWER. But still I believe that tehre has to be some way to do this. So this is my requirement.
I am using custom authentication module and I want to get the CLIENT MACHINE OS USER NAME for that. But I do not want to do any authentication against the client user domain.
How can I get this?
* There are some other way to get this using VB Scripts. But thats not a real solution for this due to followings
01. User has to manually allow to run VB scripts. So if user dissable that then we canot get the required info
02. Its working only with specific browsers(Mainly in IE and also we can get that thing work after installing plugins to Firefox.). So this is also depends with the bvrowser and plugings.
What I want to do is to get this info using a common way which is not depends with the browser or any thirdparty plugins.
Thanks,
AlexIts good that you did some searching in the forums before you posted the question.
Most modern browsers would consider what you require as a security/privacy issue and prevents such information from being transmitted available(easily). IE might let you pull out this using a VB script or activex control. Browser specific addons/extension could work but they need some kind of installation to start with. Java could be a way to do it with all browsers, but the end user still has to grant access before it can do any such thing.
Lets say you were able to pull out such information from an end user, what would be next, get his mail id from outlook ? , access his browsing history, steal credit card information or read cookies?
Add to that , what if the end user accesses it using any other OS(linux,macintosh or even a smartphone) ? what about windows vista and windows 7 OS's , are you going to write code to handle all those cases too ?
Here's a blog posting which explains using NTLM authentication with Apex(it still needs configuration from the end user)
What I want to do is to get this info using a common way which is not depends with the browser or any thirdparty plugins.I guess if this is the question, then the answer would have to be no. I don't think you will be able to find a method that passes this information from the client side without any modification/configuration at their side -
Hello everybody, I'm a student new with java, I'm developing a little server application - running standalone, and I'm trying to get the client Ip address, have a look on my code snippet:
InetAddress fromcli;
while(true){
welcomeSKT.accept()
fromcli = welcomeSKT.getInetAddress();
System.out.println("The client Ip Address is: " + fromcli.getHostAddress() + '\n');
The sysout println returns the 0.0.0.0 that is the server address, mapped to more than one interface eg:(loopback and eth0) - But if with the getInetAddress() method I get the server address where is the difference with the getLocalHost()? - By the way, anyone has a suggestion to print out the client remote address.
Thank you in advance....
Jeppojeps
Edited by: jeppojeps on Mar 24, 2008 3:36 AMOh, sorry of course welcomeSKT is a ServerSocket, actually the snippet that I put is a part of the code, here below I put the complete program, in order to clarify my question, however I would like to know if it's possible to understand from the server side the client IP address, and if yes how...
Thank you in advance...
* THIS simple TCP server receives some numbers in input by the client and give back the sum - actually the exceptions are managed in a uncomplete way....but this is my first java program...be patient with me...
* @jeppojeps
* @0.1
import java.io.*;
import java.net.*;
public class ServerTCP
// instance variables - replace the example below with your own
public static void main(String[] args) throws Exception
String clientSentence;
String capitalized;
InetAddress fromcli;
String clientIp;
String portIp;
int z=0;
int port=0;
if (args.length == 0 ){
System.out.println("Usage: ServerTCP lport" + '\n');
System.exit(-1);
else
port = Integer.parseInt(args[0]);
if(port <= 1024) {
System.out.println("Remember dude, only root can use a portnumber < 1024" + '\n');
else{
ServerSocket welcomeSKT = new ServerSocket(port);
System.out.println("Server instance started:" + '\n');
while(true){
Socket connectionSocket = welcomeSKT.accept();
BufferedReader InfromClient = new BufferedReader (new
InputStreamReader(connectionSocket.getInputStream()));
DataOutputStream outToClient =
new DataOutputStream(connectionSocket.getOutputStream());
outToClient.writeBytes("Hello give me some numbers and I'll give you the sum" + '\n');
fromcli = welcomeSKT.getInetAddress();
System.out.println("The client Ip Address is: " + fromcli.getHostAddress() + '\n');
clientSentence = InfromClient.readLine();
for(int i = 0 ; i < clientSentence.length() ; i++) {
try {
Character c = new Character(clientSentence.charAt(i));
capitalized = c.toString();
int x = Integer.parseInt(capitalized);
System.out.println("Number digited from the client: " + x + '\n');
z+=x;
catch(NumberFormatException nfe) {
System.out.println("Text: " + clientSentence.charAt(i));
capitalized = Integer.toString(z);
outToClient.writeBytes("The sum of the given number is: " + capitalized + '\n');
welcomeSKT.close();
} -
Get the client (caller) IP in a RESTFul web service resource
Hello,
How i can get the client (caller) IP inside a RESTFul web service resource?
Something like for SOAP Web Services
MessageContext msgCtxt = wsCtxt.getMessageContext();
HttpServletRequest req = (HttpServletRequest) msgCtxt.get(MessageContext.SERVLET_REQUEST);
String clientIP = req.getRemoteAddr();
Thank You1) Are you trying to create a RESTful web service in LabVIEW?
or
2) Are you wondering about creating a thin client to consume the web service?
A1) Web Services in LabVIEW
A2) LabVIEW WebUI Builder You can create a VI to act as a client for your web services, but not a thin client (i.e. running in the browser)
Chris
Certified LabVIEW Architect
Certified TestStand Architect -
GSS-API How to get the client-to-service ticket
In Kerberos when requesting services, the client sends the following two messages to the TGS: A composed message of the Ticket-Granting Ticket and the ID of the requested serviceand authenticator (which is composed of the client ID and the timestamp), all encrypted using the client/TGS session key.
Then upon receiving these messages the TGS sends the followings to the client:
A: Client-to-server ticket (which includes the client ID, client network address, validity period and Client/server session key) encrypted using the service's secret key.
B: Client/server session key encrypted with the client/TGS session key.
Now I'm wondering how to obtain A and B throught the kerberos login in GSS-API . I have the following code that I use to request a kerberized service but it returns only a KerberosTicket in PrivateCredentialsSet for the Subject. A sessionKey can also be obtained form this KerberosTicket ! Which session key is this ? the session key B described above? and Where to get the Client-to-server ticket (A) described above ?
Thanks for any help !
Alex
lc = new LoginContext("login-client", new TextCallbackHandler());
lc.login();
mysubject = lc.getSubject();
java.util.Set principals = lc.getSubject().getPrincipals();
java.util.Iterator iterador = principals.iterator();
if (iterador.hasNext()){
KerberosPrincipal principal = (KerberosPrincipal) iterador.next();
clientName =principal.getName();
PrivilegedAction generateServiceTicket = new ClientAction(clientName,"[email protected]");
Subject.doAs(mysubject, generateServiceTicket);
Set prvCredentials = lc.getSubject().getPrivateCredentials();
for (Iterator i = prvCredentials.iterator(); i.hasNext(); j++) {
KerberosTicket ticket = (KerberosTicket) i.next();
prvKrbCrds = (KerberosTicket[]) mysubject.getPrivateCredentials().toArray(new KerberosTicket[0]);
public Object run() {
try{
GSSManager manager = GSSManager.getInstance();
Oid krb5Mechanism = new Oid("1.2.840.113554.1.2.2");
Oid krb5PrincipalNameType = new Oid("1.2.840.113554.1.2.2.1");
GSSName userName = manager.createName(pn,GSSName.NT_USER_NAME);
GSSCredential cred = manager.createCredential(usr,
GSSCredential.DEFAULT_LIFETIME,
krb5Mechanism,
GSSCredential.INITIATE_ONLY);
GSSName peerName = manager.createName(servicename,
GSSName.NT_HOSTBASED_SERVICE, krb5Mechanism);
GSSContext setContext = manager.createContext(peerName, krb5Mechanism, cred,
GSSContext.DEFAULT_LIFETIME);
setContext.requestInteg(false);
setContext.requestConf(false);
byte[] inputBuf = new byte[0];
byte[] tkt = setContext.initSecContext(inputBuf, 0, 0);
}catch(GSSException gsse){
gsse.printStackTrace();
}In Kerberos when requesting services, the client sends the following two messages to the TGS: A composed message of the Ticket-Granting Ticket and the ID of the requested serviceand authenticator (which is composed of the client ID and the timestamp), all encrypted using the client/TGS session key.
Then upon receiving these messages the TGS sends the followings to the client:
A: Client-to-server ticket (which includes the client ID, client network address, validity period and Client/server session key) encrypted using the service's secret key.
B: Client/server session key encrypted with the client/TGS session key.
Now I'm wondering how to obtain A and B throught the kerberos login in GSS-API . I have the following code that I use to request a kerberized service but it returns only a KerberosTicket in PrivateCredentialsSet for the Subject. A sessionKey can also be obtained form this KerberosTicket ! Which session key is this ? the session key B described above? and Where to get the Client-to-server ticket (A) described above ?
Thanks for any help !
Alex
lc = new LoginContext("login-client", new TextCallbackHandler());
lc.login();
mysubject = lc.getSubject();
java.util.Set principals = lc.getSubject().getPrincipals();
java.util.Iterator iterador = principals.iterator();
if (iterador.hasNext()){
KerberosPrincipal principal = (KerberosPrincipal) iterador.next();
clientName =principal.getName();
PrivilegedAction generateServiceTicket = new ClientAction(clientName,"[email protected]");
Subject.doAs(mysubject, generateServiceTicket);
Set prvCredentials = lc.getSubject().getPrivateCredentials();
for (Iterator i = prvCredentials.iterator(); i.hasNext(); j++) {
KerberosTicket ticket = (KerberosTicket) i.next();
prvKrbCrds = (KerberosTicket[]) mysubject.getPrivateCredentials().toArray(new KerberosTicket[0]);
public Object run() {
try{
GSSManager manager = GSSManager.getInstance();
Oid krb5Mechanism = new Oid("1.2.840.113554.1.2.2");
Oid krb5PrincipalNameType = new Oid("1.2.840.113554.1.2.2.1");
GSSName userName = manager.createName(pn,GSSName.NT_USER_NAME);
GSSCredential cred = manager.createCredential(usr,
GSSCredential.DEFAULT_LIFETIME,
krb5Mechanism,
GSSCredential.INITIATE_ONLY);
GSSName peerName = manager.createName(servicename,
GSSName.NT_HOSTBASED_SERVICE, krb5Mechanism);
GSSContext setContext = manager.createContext(peerName, krb5Mechanism, cred,
GSSContext.DEFAULT_LIFETIME);
setContext.requestInteg(false);
setContext.requestConf(false);
byte[] inputBuf = new byte[0];
byte[] tkt = setContext.initSecContext(inputBuf, 0, 0);
}catch(GSSException gsse){
gsse.printStackTrace();
} -
Hello there,I delete my scruff application on the 8/05/13. Receipt N: 184052577343. And I was charged ammount of £ 16.99on the 15/05/13. I t's a Subscription Renewal. How can I stop it and get the refund of this ammount back on my account? Thank you!!
There are instructions on this page for managing and stopping auto-renewing subscriptions (deleting an app won't stop it) : http://support.apple.com/kb/HT4098
In terms of a refund, what does it say on the app's description page in the store (a lot say that refunds aren't given) ? But you can try contacting iTunes Support and see if they will refund or credit you : http://www.apple.com/support/itunes/contact/ - click on Contact iTunes Store Support on the right-hand side of the page, then Purchases, Billing & Redemption
Maybe you are looking for
-
How can I prevent songs from being duplicated when adding them to my iPod?
One feature I really like about iTunes is that if you have a song on a playlist, iTunes will notify you if you are adding a duplicate song to that playlist. I am looking for the same help managing my iPod. For example if I have a playlist in iTunes c
-
Some icons are not shown correctly in Gnome tray
The image should tell everything. In the tray there should be icons from Guake, Dropbox and Skype. However only Skype is visible. Does anyone know where could be the problem? I noticed that Synergy icon behaves also wrongly. thanks Jan
-
My ipod after trying to erase it, will not load after 3 days on the same screen
I was trying to erase all my data off my iPod 5th Gen, after I start the process it all starts well until the very last step (I think) will just not complete the job it's just stuck on the same screen it has been for the last 3 days ind the only thin
-
This issue happens to me randomly at times. I'll be using Firefox when I try to minimize something, this causes any tabs or multiple pages of Firefox I have up to automatically freeze and won't even respond. They don't even turn a faint color and tel
-
EDI FI Invoice and One-time vendors
Hello all, I'm trying to integrate an FI Idoc ( INVOIC02 ) on a one-time vendor and I get this error : <i>No batch input data for screen SAPLFCPD 0100</i> I has a look at IDOC_INPUT_INVOIC_FI and the interface creates a batch input to create the invo