Client Server Authentication

Hello Coders,
I've written a simple multi threaded client server application. I'm having a bit of a problem developing the application and continually run into a brick wall. The major problem/s I have
1. Is to get the client to register its IP address as a valid user along with the name of the user in order to join the service. I guess am try to implement logon/logoff etc.
2. The application is an online library service.......what "Do I need to check on to" be able to store a number of books and serve and implement requests from the clients?
I tried using the power of the web with no luck and failed to gained worthwhile educative direction. I kindly ask for your assistance. Thanks
By the way, I'm user ServerSocket and don't have any Graphical User Interface implemented

>
1. Is to get the client to register its IP address as a valid user along with the name of the user in order to join the service. I guess am try to implement logon/logoff etc.
>
I'd recommend username/password, because the user should be able to login from another client, shouldn't he?
>
2. The application is an online library service.......what "Do I need to check on to" be able to store a number of books and serve and implement requests from the clients?
>
You have to think about the communication between server and client. This could be everything,... This could be a standard like JMS or even HTTP. You also could, as I recommend for educational purpose, write your own 'protocol'. You could implement it with simple Readers in Writers, as you find in the java.io package. Back in my apprenticeship, our little chat system was using Object In- and OutputStreams.
If you have your technology for your protocol, you have to define it. If you use readers and writers, client could send something like "login username password" and the answer would be "login granted" or "login denied". Or using Object Streams you could send an object like "LoginIn" which holds user/pass and send back a LoginOut which holds something like a loginAccepted:boolean flag.
To store data in a backend, you should check the DAO pattern: http://java.sun.com/blueprints/corej2eepatterns/Patterns/DataAccessObject.html. You can store data in files as serialized objects, xml, etc. Or in a database, such as MySQL -> In this case, you should check sun's jdbc developer guide http://java.sun.com/javase/6/docs/technotes/guides/jdbc/ and hibernate (http://www.hibernate.org).
hope this helped...
regards
slowfly

Similar Messages

Which keys are used in Client/Server Authentication?

Hi.
I am trying to understand how SunX509 algorithm works in a TLS context. When Server or Client authentication is done, which keys of the keystore are used?
I mean, when you set up your KeyStore instance, it is loaded a whole KeyStore from the filesystem, which has a lot of keys to be used. Are they all tried in order to find the key that authenticates the Client/Server, and when a key that works is found means that Client/Server is authenticated? Or a concrete key with a specific alias is used?
Do you know a doc or something similar where i can see this explanation? I haven't found this matter in JSSE API User's Guide nor in JSSE Javadocs.
Thanks!

The alias that is chosen is arbitrary and depends upon the order in which the aliases are returned via a hashtable enumeration. If you want to make sure you're using a particular aliasn you must write your own key manager, take a look at the X509KeyManager interface with methods such chooseClientAlias(), chooseServerAlias(), ...

A client-server authentication application

Hello group,
I want to develop an application which after a client gives
username and password , the server will check about it if the
client is registered or not. I have already developed an
application which is stand alone and checks user validity using my
mysql database, but no server is yet there.I have done a lot search
in finding some tutorial about how to develop a client-server
applicaion in flash.......but i didn' get anything.
Pls. help me regarding this.
Nehal Sheth.

Ohh... so I'm not the only one with the same problem!! I'm also trying to do JMS + Wireless applications. I bet you've checked this: http://www.softwired-inc.com/people/maffeis/why_wjms.html . Have u? anyway, I'm trying to develop a small application in which you can subscribe and get notifications in your mobile whenever something related to your profile changes. Of course, using JMS, don't know where yet :-). Did you find out anything? i'd really appreciate if you can help me... where to start from...
thanks
andres

Unable to achieve client certificate authentication

I am trying to do mutual certificate authentication (client/server authentication), and getting following error.
Anybody has any clue?
SSL routines:SSL3_READ_BYTES:sslv3 alert certificate unknown
My code is below.
import com.sun.net.ssl.HttpsURLConnection;
import java.security.cert.*;
import javax.net.ssl.*;
import java.security.*;
import java.net.URL;
import java.io.*;
import java.util.Enumeration;
public class ClientCert {
private static SSLSocketFactory getSocketFactory() {
SSLSocketFactory theFactory = null;
try {
// set up key manager to do server authentication
SSLContext theContext;
KeyManagerFactory theKeyManagerFactory;
KeyStore theKeyStore;
char[] thePassword = "goldy123".toCharArray();
theContext = SSLContext.getInstance("TLS");
theKeyManagerFactory = KeyManagerFactory.getInstance("SunX509");
theKeyStore = KeyStore.getInstance("JKS");
theKeyStore.load(new FileInputStream("c:/castore"), thePassword);
//java.security.cert.Certificate certi[] = theKeyStore.getCertificateChain("ca");
// System.out.println("Certificate "+certi.length);
theKeyManagerFactory.init(theKeyStore, thePassword);
KeyManager managers[] = theKeyManagerFactory.getKeyManagers();
theContext.init(managers, null, null);
theFactory = theContext.getSocketFactory();
return theFactory;
} catch (Exception e) {
System.err.println("Failed to create a server socket factory...");
e.printStackTrace();
return null;
public static void main(String[] args) {
try {
System.setProperty("java.protocol.handler.pkgs","com.sun.net.ssl.internal.www.protocol");
java.security.Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
com.sun.net.ssl.HostnameVerifier hv=new com.sun.net.ssl.HostnameVerifier() {
public boolean verify(String urlHostname, String certHostname) {
return true;
HttpsURLConnection.setDefaultHostnameVerifier(hv);
URL mioUrl = new URL("https://viveksharma:9090/LoginPage.do?userName=root&password=password");
//URL mioUrl = new URL("https://www.verisign.com");
//SSLSocketFactory factory = getFactorySSLFromCert(mioCertFile ,mioCertPswd );
//HttpsURLConnection.setDefaultSSLSocketFactory(factory);
//System.setProperty("javax.net.ssl.keyStore","C:/castore");
//System.setProperty("javax.net.ssl.keyStorePassword","goldy123");
System.setProperty("javax.net.ssl.trustStore","C:/vivekstore");
System.setProperty("javax.net.ssl.trustStorePassword","goldy123");
HttpsURLConnection.setDefaultSSLSocketFactory(getSocketFactory());
HttpsURLConnection urlConn = (HttpsURLConnection)mioUrl.openConnection();
urlConn.connect();
//urlConn.setDoInput(true);
// urlConn.setUseCaches(false);
javax.security.cert.X509Certificate ch[] = urlConn.getServerCertificateChain();
System.out.println(ch[0]);
InputStreamReader streamIn = new InputStreamReader(urlConn.getInputStream());
BufferedReader in = new BufferedReader(streamIn);
String inputLine;
while ((inputLine = in.readLine()) != null)
System.out.println(inputLine);
in.close();
} catch (Exception e) {
e.printStackTrace();

Hello guys!
I've had this problem twice (once with Tomcat server and once with OC4J -- Oracle 9iAS) and was able to resolve it.
First of, make sure that the certificate your client is passing is valid (I always use JKS format... i think its a must when using JSSE) and is in your server's truststore (and that you specify which truststore file for your server to look at in your config file).
Secondly, also import the root CA of your client cerficate (if it isn't there yet) to the cacert file in $JAVA_HOME/jre/lib/security.
Hope this helps.

Project Server 2010 Web services access with Client Certificate Authentication

We switched our SharePoint/Project Server 2010 farm to use client certificate authentication with Active Directory Federation Services (AD FS) 2.0, which is working without issue. We have some administrative Project Server Interface (PSI)
web service applications that no longer connect to server with the new authentication configuration. Our custom applications are using the WCF interface to access the public web services.
Please let us know if it is possible to authenticate with AD FS 2.0 and then call
Project Server web services. Any help or coding examples would be greatly appreciated.

what is the error occurred when the custom PSI app connects?
can you upload the ULS logs here for research?
What is the user account format you specified in the code for authentication?
For proper authorization, the “user logon account” in PWA for the user needs to be changed from domain\username to the claims token (e.g.
'I:0#.w|mybusinessdomain\ewmccarty').
It requires you to manually call the UpnLogon method of
“Claims to Windows Token Service”. if (Thread.CurrentPrincipal.Identity is ClaimsIdentity)
{ var identity = (ClaimsIdentity)Thread.CurrentPrincipal.Identity; }
if (Thread.CurrentPrincipal.Identity is ClaimsIdentity)
var identity = (ClaimsIdentity)Thread.CurrentPrincipal.Identity;
Than you need to extract UPN-Claim from the identity.
Upload the verbose log if possible.
Did you see this?
http://msdn.microsoft.com/en-us/library/ff181538(v=office.14).aspx
Cheers. Happy troubleshooting !!! Sriram E - MSFT Enterprise Project Management

Authentication in Client/Server form Application

Hi
My client/server application is not using oracle authentiacation, I have maintained user table from that user is authenticated, but any user logins in a application it uses same oracle username/PWD which I currently hardcoded in a forms 6i (C/S type on logon event) application.
My client is located in different geographicaly location, when I change oracle database password I need to compile client application and diployed it again.
Is there any way that I can avoid this. I don't want to give database Un/Pwd to any client user. He only have application username and password.
Thanks
Sudarshan

Hello,
While installing developer you can select components to
Install, Options listed are Forms runtime and Reports runtime.
and it will make your work done.
Adi

SAP Crystal Report using SQL Server Authentication and Windows Authenticati

I'm a SAP Crystal Report, version for Visual Studio 2010 Beginner
my ingredients are
1.windows 7 ultimate service pack1
2.sql server 2008 standard edition
3.visual studio 2010 pro
4.SAP Crystal Report, version for visual studio.net
I was created a report named customersByCity.rpt using OLE DB (ADO) -> Microsoft OLE DB Provider for SQL Server -> I'm supply Server, User ID, Password and Database. I assume me using SQL Server Authentication for my report
Then, my ASP.NET files as following
//ASP.NET
<%@ Page Language="C#" AutoEventWireup="true" CodeFile="viewCustomersByCity.aspx.cs" Inherits="viewCustomersByCity" %>
<%@ Register Assembly="CrystalDecisions.Web, Version=13.0.2000.0, Culture=neutral, PublicKeyToken=692fbea5521e1304"
    Namespace="CrystalDecisions.Web" TagPrefix="CR" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head runat="server">
    <title></title>
</head>
<body>
    <form id="form1" runat="server">
    <div><asp:Label ID="lblMsg" runat="server" BackColor="Yellow" ForeColor="Black"></asp:Label>
<CR:CrystalReportViewer ID="CrystalReportViewer1" runat="server" AutoDataBind="true"></CR:CrystalReportViewer>
    </div>
    </form>
</body>
</html>
//code-behind
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Collections;
using CrystalDecisions.CrystalReports.Engine;
using CrystalDecisions.Shared;
public partial class viewCustomersByCity : System.Web.UI.Page
    private const string PARAMETER_FIELD_NAME = "city";
    private ReportDocument customersByCityReport;
    private void ConfigureCrystalReports()
        ConnectionInfo connectionInfo = new ConnectionInfo();
        connectionInfo.ServerName = @"WKM1925-PCWKM1925";
        connectionInfo.DatabaseName = "Northwind";
        connectionInfo.UserID = "sa";
        connectionInfo.Password = "sysadmin25";
        SetDBLogonForReport(connectionInfo);
    private void SetDBLogonForReport(ConnectionInfo connectionInfo)
        TableLogOnInfos tableLogOnInfos = CrystalReportViewer1.LogOnInfo;
        foreach (TableLogOnInfo tableLogOnInfo in tableLogOnInfos)
            tableLogOnInfo.ConnectionInfo = connectionInfo;
    private void SetCurrentValuesForParameterField(ReportDocument reportDocument, ArrayList arrayList)
        ParameterValues currentParameterValues = new ParameterValues();
        foreach (object submittedValue in arrayList)
            ParameterDiscreteValue parameterDiscreteValue = new ParameterDiscreteValue();
            parameterDiscreteValue.Value = submittedValue.ToString();
            currentParameterValues.Add(parameterDiscreteValue);
        ParameterFieldDefinitions parameterFieldDefinitions = reportDocument.DataDefinition.ParameterFields;
        ParameterFieldDefinition parameterFieldDefinition = parameterFieldDefinitions[PARAMETER_FIELD_NAME];
        parameterFieldDefinition.ApplyCurrentValues(currentParameterValues);
    protected void Page_Load(object sender, EventArgs e)
        customersByCityReport = new ReportDocument();
        string reportPath = Server.MapPath("customersByCity.rpt");
        customersByCityReport.Load(reportPath);
        ConfigureCrystalReports();
        ArrayList arrayList = new ArrayList();
        arrayList.Add("paris");
        arrayList.Add("Madrid");
        arrayList.Add("Marseille");
        arrayList.Add("Buenos Aires");
        arrayList.Add("Sao Paulo");
        ParameterFields parameterFields = CrystalReportViewer1.ParameterFieldInfo;
        SetCurrentValuesForParameterField(customersByCityReport, arrayList);
        CrystalReportViewer1.ReportSource = customersByCityReport;
1st scenario
When in a runtime, it's keep appear a dialog box. This dialog box ask me to suppy Server, User ID, Password and Database. Once all information is supplied, my report display the data as expected
2nd scenario
I change my report using OLE DB (ADO) -> Microsoft OLE DB Provider for SQL Server -> checked on Integrated Security. I just choose Server, and Database. I assume me using Windows Authentication
When in a runtime, there's no dialog box as above. My report display the data as expected. really cool
Look's like, when report using SQL Server Authentication there's some problem. but, when report using Windows Authentication, it's fine.
I'm looking for comment. Please help me

Hello,
MS SQL Server 2008 requires you to install the MS Client Tools for 2008.
Once install then update all of your reports to use the SQL Native 10 as the OLE DB driver.
The try again, if it still fails search, lots of sample log on code in this forum.
Don

Client certificate authentication with custom authorization for J2EE roles?

We have a Java application deployed on Sun Java Web Server 7.0u2 where we would like to secure it with client certificates, and a custom mapping of subject DNs onto J2EE roles (e.g., "visitor", "registered-user", "admin"). If we our web.xml includes:
<login-config>
    <auth-method>CLIENT-CERT</auth-method>
    <realm-name>certificate</realm-name>
<login-config>that will enforce that only users with valid client certs can access our app, but I don't see any hook for mapping different roles. Is there one? Can anyone point to documentation, or an example?
On the other hand, if we wanted to create a custom realm, the only documentation I have found is the sample JDBCRealm, which includes extending IASPasswordLoginModule. In our case, we wouldn't want to prompt for a password, we would want to examine the client certificate, so we would want to extend some base class higher up the hierarchy. I'm not sure whether I can provide any class that implements javax.security.auth.spi.LoginModule, or whether the WebServer requires it to implement or extend something more specific. It would be ideal if there were an IASCertificateLoginModule that handled the certificate authentication, and allowed me to access the subject DN info from the certificate (e.g., thru a javax.security.auth.Subject) and cache group info to support a specialized IASRealm::getGroupNames(string user) method for authorization. In a case like that, I'm not sure whether the web.xml should be:
<login-config>
    <auth-method>CLIENT-CERT</auth-method>
    <realm-name>MyRealm</realm-name>
<login-config>or:
<login-config>
    <auth-method>MyRealm</auth-method>
<login-config>Anybody done anything like this before?
--Thanks

We have JDBCRealm.java and JDBCLoginModule.java in <ws-install-dir>/samples/java/webapps/security/jdbcrealm/src/samples/security/jdbcrealm. I think we need to tweak it to suite our needs :
$cat JDBCRealm.java
* JDBCRealm for supporting RDBMS authentication.
* <P>This login module provides a sample implementation of a custom realm.
* You may use this sample as a template for creating alternate custom
* authentication realm implementations to suit your applications needs.
* <P>In order to plug in a realm into the server you need to
* implement both a login module (see JDBCLoginModule for an example)
* which performs the authentication and a realm (as shown by this
* class) which is used to manage other realm operations.
* <P>A custom realm should implement the following methods:
* <ul>
* <li>init(props)
* <li>getAuthType()
* <li>getGroupNames(username)
* </ul>
* <P>IASRealm and other classes and fields referenced in the sample
* code should be treated as opaque undocumented interfaces.
final public class JDBCRealm extends IASRealm
    protected void init(Properties props)
        throws BadRealmException, NoSuchRealmException
    public java.util.Enumeration getGroupNames (String username)
        throws InvalidOperationException, NoSuchUserException
    public void setGroupNames(String username, String[] groups)
}and
$cat JDBCLoginModule.java
* JDBCRealm login module.
* <P>This login module provides a sample implementation of a custom realm.
* You may use this sample as a template for creating alternate custom
* authentication realm implementations to suit your applications needs.
* <P>In order to plug in a realm into the server you need to implement
* both a login module (as shown by this class) which performs the
* authentication and a realm (see JDBCRealm for an example) which is used
* to manage other realm operations.
* <P>The PasswordLoginModule class is a JAAS LoginModule and must be
* extended by this class. PasswordLoginModule provides internal
* implementations for all the LoginModule methods (such as login(),
* commit()). This class should not override these methods.
* <P>This class is only required to implement the authenticate() method as
* shown below. The following rules need to be followed in the implementation
* of this method:
* <ul>
* <li>Your code should obtain the user and password to authenticate from
*       _username and _password fields, respectively.
* <li>The authenticate method must finish with this call:
*      return commitAuthentication(_username, _password, _currentRealm,
*      grpList);
* <li>The grpList parameter is a String[] which can optionally be
*      populated to contain the list of groups this user belongs to
* </ul>
* <P>The PasswordLoginModule, AuthenticationStatus and other classes and
* fields referenced in the sample code should be treated as opaque
* undocumented interfaces.
* <P>Sample setting in server.xml for JDBCLoginModule
* <pre>
*    <auth-realm name="jdbc" classname="samples.security.jdbcrealm.JDBCRealm">
*      <property name="dbdrivername" value="com.pointbase.jdbc.jdbcUniversalDriver"/>
*       <property name="jaas-context" value="jdbcRealm"/>
*    </auth-realm>
* </pre>
public class JDBCLoginModule extends PasswordLoginModule
    protected AuthenticationStatus authenticate()
        throws LoginException
    private String[] authenticate(String username,String passwd)
    private Connection getConnection() throws SQLException
}One more article [http://developers.sun.com/appserver/reference/techart/as8_authentication/]
You can try to extend "com/iplanet/ias/security/auth/realm/certificate/CertificateRealm.java"
[http://fisheye5.cenqua.com/browse/glassfish/appserv-core/src/java/com/sun/enterprise/security/auth/realm/certificate/CertificateRealm.java?r=SJSAS_9_0]
$cat CertificateRealm.java
package com.iplanet.ias.security.auth.realm.certificate;
* Realm wrapper for supporting certificate authentication.
* <P>The certificate realm provides the security-service functionality
* needed to process a client-cert authentication. Since the SSL processing,
* and client certificate verification is done by NSS, no authentication
* is actually done by this realm. It only serves the purpose of being
* registered as the certificate handler realm and to service group
* membership requests during web container role checks.
* <P>There is no JAAS LoginModule corresponding to the certificate
* realm. The purpose of a JAAS LoginModule is to implement the actual
* authentication processing, which for the case of this certificate
* realm is already done by the time execution gets to Java.
* <P>The certificate realm needs the following properties in its
* configuration: None.
* <P>The following optional attributes can also be specified:
* <ul>
*   <li>assign-groups - A comma-separated list of group names which
*       will be assigned to all users who present a cryptographically
*       valid certificate. Since groups are otherwise not supported
*       by the cert realm, this allows grouping cert users
*       for convenience.
* </ul>
public class CertificateRealm extends IASRealm
   protected void init(Properties props)
     * Returns the name of all the groups that this user belongs to.
     * @param username Name of the user in this realm whose group listing
     *     is needed.
     * @return Enumeration of group names (strings).
     * @exception InvalidOperationException thrown if the realm does not
     *     support this operation - e.g. Certificate realm does not support
     *     this operation.
    public Enumeration getGroupNames(String username)
        throws NoSuchUserException, InvalidOperationException
     * Complete authentication of certificate user.
     * <P>As noted, the certificate realm does not do the actual
     * authentication (signature and cert chain validation) for
     * the user certificate, this is done earlier in NSS. This default
     * implementation does nothing. The call has been preserved from S1AS
     * as a placeholder for potential subclasses which may take some
     * action.
     * @param certs The array of certificates provided in the request.
    public void authenticate(X509Certificate certs[])
        throws LoginException
        // Set up SecurityContext, but that is not applicable to S1WS..
}Edited by: mv on Apr 24, 2009 7:04 AM

SOAP -Client Certificate Authentication in Receiver SOAP Adapter

Dear All,
We are working on the below scenario
SAP R/3 System -> XI/PI -> Proxy -> Customer
In this, SAP R/3 System sends a IDOC and XI should give that XML Payload of IDOC to Customer.
Cusomer gave us the WSDL file and also a Certificate for authentication.
Mapping - we are using XSLT mapping to send that XML payload as we need to capture the whole XML payload of IDOC into 1 field at the target end ( This was given in the WSDL).
Now, how can we achieve this Client Certificate authentication in the SOAP Receiver Adapter when we have Proxy server in between PI/XI and Customer system.
Require your inputs on Client Certificate authentication and Proxy server configuration.
Regards,
Srini

Hi
Look this blog
How to use Client Authentication with SOAP Adapter
http://help.sap.com/saphelp_nw04/helpdata/en/14/ef2940cbf2195de10000000a1550b0/content.htm
Also refer to "SAP Security Guide XI" at service market place.
ABAP Proxy configuration
How do you activate ABAP Proxies?

CLIENT-CERT authentication in WL7

Hi,
I'm trying to enforce two-way authentication for clients (java applications) accessing
a web service running on WL7.
Web service is configured to accept requests over https only. With BASIC authentication
it works. When I
switch it to use CLIENT-CERT authentication I cannot connect to the web service.
I've set the
"javax.net.debug" directive to "ssl" and noticed that during the handshake procedure
the server doesn't
produce client certificate request. May it be the cause of the problem? If so,
how can I make the server to
generate client cert request?

Exactly, it was the reason. Thanks.
Marcin
On 14 Nov 2003 10:29:39 -0700, Pavel <[email protected]> wrote:
>
You must have been accessing the server over one-way SSL. Make sure the
two-way
ssl server attribute is set to: Client Certificate Enforced, or Client
Certificate
Requested But Not Enforced.
This should be all that is needed to make the server send the
certificate request.
With Client Certificate Enforced option you should be getting ssl
handshake failure
unless the client sends its certificate.
Pavel.
yazzva <[email protected]> wrote:
Yes, I have. If I had not done it, I couldn't have accessed the service
via https using basic authentication, and of course ssl debugging
information and server configuration show that ssl is configured
properly.
The problem is that WL7 doesn't generate client cert request. Thanks
for
an attempt to help.
Have you configured the server for two way ssl?
See
http://e-docs.bea.com/wls/docs70/security/SSL_client.html#1029705
http://e-docs.bea.com/wls/docs70/secmanage/ssl.html#1168174
for information on this.
Pavel.
"yazzva" <[email protected]> wrote:
Hi,
I'm trying to enforce two-way authentication for clients (java
applications)
accessing
a web service running on WL7.
Web service is configured to accept requests over https only. With
BASIC
authentication
it works. When I
switch it to use CLIENT-CERT authentication I cannot connect to theweb
service.
I've set the
"javax.net.debug" directive to "ssl" and noticed that during the
handshake
procedure
the server doesn't
produce client certificate request. May it be the cause of the
problem?
If so,
how can I make the server to
generate client cert request?--
Using M2, Opera's revolutionary e-mail client: http://www.opera.com/m2/

Applet socket problem in client-server, urgent!

Dear All:
I have implemented a client server teamwork environment. I have managered to get the server running fine. The server is responsible for passing messages between clients and accessing Oracle database using JDBC. The client is a Java Applet. The code is like the following. The problem is when I try to register the client, the socket connection get java.security.AccessControlException: access denied(java.net.SocketPermission mugca.its.monash.edu.
au resolve)
However, I have written a Java application with the same socket connection method to connect to the same server, it connects to the server without any problem. Is it because of the applet security problem? How should I solve it? Very appreciate for any ideas.
public class User extends java.applet.Applet implements ActionListener, ItemListener
public void init()
Authentication auth = new Authentication((Frame)anchorpoint);
if(auth.getConnectionStreams() != null) {
ConnectionStreams server_conn = auth.getConnectionStreams();
// Authenticates the user and establishes a connection to the server
class Authentication extends Dialog implements ActionListener, KeyListener {
// Object holding information relevant to the server connection
ConnectionStreams server_conn;
final static int port = 6012;
// Authenticates the user and establishes connection to the server
public Authentication(Frame parent) {
// call the class Dialog's constructor
super(parent, "User Authentication", true);
setLocation(parent.getSize().width/3, parent.getSize().height/2);
setupDialog();
// sets up the components of the dialog box
private void setupDialog() {
// create and set the layout manager
//Create a username text field here
//Create a password text field here
//Create a OK button here
public void actionPerformed(ActionEvent e) {
authenticateUser();
dispose();
// returns the ConnectionStreams object
public ConnectionStreams getConnectionStreams() {
return(server_conn);
// authenticates the user
private void authenticateUser() {
Socket socket;
InetAddress address;
try {
// open socket to server
System.out.println("Ready to connect to server on: " + port);
socket = new Socket("mugca.its.monash.edu.au", port);
address = socket.getInetAddress();
System.out.println("The hostname,address,hostaddress,localhost is:" + address.getHostName() + ";\n" +
address.getAddress() + ";\n" +
address.getHostAddress() + ";\n" +
address.getLocalHost());
catch(Exception e) {
displayMessage("Error occured. See console");
System.err.println(e);
e.printStackTrace();
}

Hi, there:
Thanks for the help. But I don't have to configure the security policy. Instead, inspired by a message in this forum, I simply upload the applet to the HTTP server (mugca.its.monash.edu.au) where my won server is running. Then the applet is download from the server and running fine in my local machine.
Dengsheng

Authetication problem in client/server app

I am presently developing a client/server program, and I'm wondering what will be the best form of authentication. I plan to develop a protocol for the programs, any deviation leading to socket closure. I thought about signatures, but I don't think any body's ready to vouch for me(ie I don't know how to go about signatures). Is there any help?

Learn about JAAS

802.1x for server authentication

Hello everybody,
this the first time I write on this forum, so please excuse me if I do something wrong.
My objective is to authenticate servers in my customer's server farm, so that none can put an unauthorised server in place.
I am thinking about using 802.1x machine authentication to reach my aim.
Does anybody has experience about similar situations?
The server platforms are:
- Windows 2k Server
- Windows 2k Advanced Server
- Linux Redhat
- IBM AIX
Which are the applicable EAP methods for each platform?
Has anybody experienced the use of 802.1x client such as Meetinghouse or Funk Odissey on the mentioned platforms?
Thank you in advance.
Kind regards,
Barbara

EAP, EAP-TLS, EAP-MS-CHAP v2, and PEAP authentication
The support that 802.1X provides for Extensible Authentication Protocol (EAP) types allows you to choose from several different authentication methods for wireless clients and servers.
EAP
802.1X uses EAP for message exchange during the authentication process. With EAP, an arbitrary authentication method, such as certificates, smart cards, or credentials, is used. EAP allows for an open-ended conversation between an EAP client (such as a wireless computer) and an EAP server (such as an Internet Authentication Service (IAS) server). The conversation consists of requests for authentication information by the server and responses by the client. In order for authentication to be successful, the client and the server must use the same authentication method.
EAP-TLS
EAP-Transport Layer Security (TLS) is an EAP type that is used in certificate-based security environments, and it provides the strongest authentication and key determination method. EAP-TLS provides mutual authentication, negotiation of the encryption method, and encrypted key determination between the client and the authenticating server. If you want to use certificates or smart cards for user and client computer authentication, you must use EAP-TLS or, for enhanced security, Protected EAP (PEAP) with EAP-TLS.
EAP-MS-CHAP v2
EAP-Microsoft Challenge Handshake Authentication Protocol version 2 (MS-CHAP v2) is a mutual authentication method that supports password-based user or computer authentication. During the EAP-MS-CHAP v2 authentication process, both the server and client must prove that they have knowledge of the user's password in order for authentication to succeed. With EAP-MS-CHAP v2, after successful authentication, users can change their passwords, and they are notified when their passwords expire.
EAP-MS-CHAP v2 is available only with PEAP.
PEAP
PEAP is an authentication method that uses TLS to enhance the security of other EAP authentication protocols. PEAP provides the following benefits: an encryption channel to protect EAP methods running within PEAP, dynamic keying material generated from TLS, fast reconnect (the ability to reconnect to a wireless access point by using cached session keys, which allows for quick roaming between wireless access points), and server authentication that can be used to protect against the deployment of unauthorized wireless access points.

Client/server RMI app using Command pattern: return values and exceptions

I'm developing a client/server java app via RMI. Actually I'm using the cajo framework overtop RMI (any cajo devs/users here?). Anyways, there is a lot of functionality the server needs to expose, all of which is split and encapsulated in manager-type classes that the server has access to. I get the feeling though that bad things will happen to me in my sleep if I just expose instances of the managers, and I really don't like the idea of writing 24682763845 methods that the server needs to individually expose, so instead I'm using the Command pattern (writing 24682763845 individual MyCommand classes is only slightly better). I haven't used the command pattern since school, so maybe I'm missing something, but I'm finding it to be messy. Here's the setup: I've got a public abstract Command which holds information about which user is attempting to execute the command, and when, and lots of public MyCommands extending Command, each with a mandatory execute() method which does the actual dirty work of talking to the model-functionality managers. The server has a command invoker executeCommand(Command cmd) which checks the authenticity of the user prior to executing the command.
What I'm interested in is return values and exceptions. I'm not sure if these things really fit in with a true command pattern in general, but it sure would be nice to have return values and exceptions, even if only for the sake of error detection.
First, return values. I'd like each Command to return a result, even if it's just boolean true if nothing went wrong, so in my Command class I have a private Object result with a protected setter, public getter. The idea is, in the execute() method, after doing what needs to be done, setResult(someResult) is called. The invoker on the server, after running acommand.execute() eventually returns acommand.getResult(), which of course is casted by the client into whatever it should be. I don't see a way to do this using generics though, because I don't see a way to have the invoker's return value as anything other than Object. Suggestions? All this means is, if the client were sending a GetUserCommand cmd I'd have to cast like User user = (User)server.executeCommand(cmd), or sending an AssignWidgetToGroup cmd I'd have to cast like Boolean result = (Boolean)server.executeCommand(cmd). I guess that's not too bad, but can this be done better?
Second, exceptions. I can have the Command's execute() method throw Exception, and the server's invoker method can in turn throw that Exception. Problem is, with a try/catch on the client side, using RMI (or is this just a product of cajo?) ensures that any exception thrown by a remote method will come back as a java.lang.reflect.InvocationTargetException. So for example, if in MyCommand.execute() I throw new MySpecialException, the server's command invoker method will in turn throw the same exception, however the try/catch on the client side will catch InvocationTargetException e. If I do e.getCause().printStackTrace(), THERE be my precious MySpecialException. But how do I catch it? Can it be caught? Nested try/catch won't work, because I can't re-throw the cause of the original exception. For now, instead of throwing exceptions the server is simply returning null if things don't go as planned, meaning on the client side I would do something like if ((result = server.executeCommand(cmd)) == null) { /* deal with it */ } else { /* process result, continue normally */ }.
So using the command pattern, although doing neat things for me like centralizing access to the server via one command-invoking method which avoids exposing a billion others, and making it easy to log who's running what and when, causes me null-checks, casting, and no obvious way of error-catching. I'd be grateful if anyone can share their thoughts/experiences on what I'm trying to do. I'll post some of my code tomorrow to give things more tangible perspective.

First of all, thanks for taking the time to read, I know it's long.
Secondly, pardon me, but I don't see how you've understood that I wasn't going to or didn't want to use exceptions, considering half my post is regarding how I can use exceptions in my situation. My love for exception handling transcends time and space, I assure you, that's why I made this thread.
Also, you've essentially told me "use exceptions", "use exceptions", and "you can't really use exceptions". Having a nested try/catch anytime I want to catch the real exception does indeed sound terribly weak. Just so I'm on the same page though, how can I catch an exception, and throw the cause?
try {
catch (Exception e) {
Throwable t = e.getCause();
// now what?
}Actually, nested try/catches everywhere is not happening, which means I'm probably going to ditch cajo unless there's some way to really throw the proper exception. I must say however that cajo has done everything I've needed up until now.
Anyways, what I'd like to know is...what's really The Right Way (tm) of putting together this kind of client/server app? I've been thinking that perhaps RMI is not the way to go, and I'm wondering if I should be looking into more of a cross-language RPC solution. I definitely do want to neatly decouple the client from server, and the command pattern did seem to do that, but maybe it's not the best solution.
Thanks again for your response, ejp, and as always any comments and/or suggestions would be greatly appreciated.

Is server authentication mandatory for using SSL?

Is server authentication mandatory for using SSL sockets, or is there a way around it?
In other words, how can I take advantage of SSL sockets without dealing with any kind of certificates? Do I have any other options?

Ok folks, I found my answer.Here�s the deal.
Here are some helpful sites: I hope they will also help you understand this topic better and make your life little easier.
//====================================
http://www.onjava.com/pub/a/onjava/2001/05/03/java_security.html
http://www-105.ibm.com/developerworks/education.nsf/java-onlinecourse-bytitle/96B42A25DD270CA886256BAA006351B4?OpenDocument
http://www.ddj.com/documents/s=870/ddj0102a/rl1
//====================================
Neither Server nor Client authentication is mandatory. However, if you don�t use proper ciphersuite (that doesn�t require any authentication), the connection will die so to avoid this problem, you need to enable those ciphersuites manually. Read on.
In most modes, SSL encrypts data being sent between client and server and also provides (optional) peer authentication.
These kinds of protection are specified by a "cipher suite", which is a combination of cryptographic algorithms used by a given SSL connection. During the negotiation process, the two endpoints must agree on a ciphersuite that is available in both environments. If there is no such suite in common, no SSL connection can be established, and no data can be exchanged.
The cipher suite used is established by a negotiation process called "handshaking".
There are two groups of cipher suites which you will need to know about when managing cipher suites:
�     Supported cipher suites: all the suites which are supported by the SSL implementation. This list is reported using getSupportedCipherSuites.
�     Enabled cipher suites, which may be fewer than the full set of supported suites.
This group is set using the setEnabledCipherSuites method, and queried using the getEnabledCipherSuites method. Initially, a default set of cipher suites will be enabled on a new socket that represents the minimum suggested configuration.
Implementation defaults require that only cipher suites which authenticate servers and provide confidentiality be enabled by default. Only if both sides explicitly agree to unauthenticated and/or non-private (unencrypted) communications will such a ciphersuite be selected.
When SSLSockets are first created, no handshaking is done so that applications may first set their communication preferences: what cipher suites to use, whether the socket should be in client or server mode, etc. However, security is always provided by the time that application data is sent over the connection.
The suite is chosen based upon the credentials that each side possesses and suites that each side supports. For example, a server can�t support an RSA cipher suite unless it has an available RSA private key.
The client and server must support at least one common cipher suite in order to communicate; if they both support multiple ciphers, the strongest available suite will be chosen.
The strings are part of the SSL specification and are defined as:
SSL_<key exchange algorithm>with<encryption algorithm>_<hash algorithm>
When a number appears in the encryption algorithm, it refers to the key strength of the encryption: higher numbers are more secure.
setEnabledCipherSuites(String[] suites) method controls which particular cipher suites are enabled for use on this connection.
�     The cipher suites must have been listed by getSupportedCipherSuites() as being supported.
�     Even if a suite has been enabled, it might never be used if no peer supports it, or the requisite certificates (and private keys) are not available.
getSupportedProtocols(): Returns the names of the protocols which could be enabled for use on an SSL connection.
setEnabledCipherSuites(String[] suites): Controls which particular cipher suites are enabled for use on this connection.
Let me give you some code that will help you understand little better.
One is Client.java for the client and the other one is Server.java for the server.
Compile and run them in two separate consoles.
( By the way, I assume that you have properly installed JSSE on your system.)
//===== Client.java: ===================================================
import java.io.*;
import java.net.*;
import javax.net.ssl.*;
public class Client
     public static void main(String[] args)
          (new Client()).doIt();
     }//end main
     private void doIt()
          int port = 3333;
          String host = "localhost";
/*          String[] enable = {"SSL_DH_anon_WITH_RC4_128_MD5",
                    "SSL_DH_anon_WITH_DES_CBC_SHA",
                    "SSL_DH_anon_WITH_3DES_EDE_CBC_SHA",
                    "SSL_DH_anon_EXPORT_WITH_RC4_40_MD5",
                    "SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA"};
*/          try
          SSLSocketFactory sslFact =
          (SSLSocketFactory)SSLSocketFactory.getDefault();
          SSLSocket s =
          (SSLSocket)sslFact.createSocket(host, port);
               //String[] suites;
               //Get all the default CipherSuites
               System.out.println("\n*** Default CipherSuites ***\n");
               String [] defaultSuites=sslFact.getDefaultCipherSuites();
               for(int i = 0; i<defaultSuites.length; i++)
                    System.out.println("["+i+"] Default CipherSuite ="+defaultSuites);
               //Get all the supported CipherSuites
               System.out.println("*** ================= ***");
               System.out.println("\n*** CipherSuites Enabled by default ***\n");
               String [] enabledSuites=s.getEnabledCipherSuites();
               for(int i = 0; i<enabledSuites.length; i++)
                    System.out.println("["+i+"] Enabled CipherSuite="+enabledSuites[i]);
               System.out.println("*** ================= ***\n");
               System.out.println("***\n Supported CipherSuites ***\n");
               String [] supportedSuites=sslFact.getSupportedCipherSuites();
               for(int i = 0; i<supportedSuites.length; i++)
                    System.out.println("["+i+"]Enabled Supported CipherSuite ="+supportedSuites[i]);
               //Get all enabled CipherSuites
               System.out.println("*** ================= ***\n");
               System.out.println("\n*** Old and Newly enabled Anonymous CipherSuites ***\n");
               //s.setEnabledCipherSuites(enable);
               //Enable all supported CipherSuites
               s.setEnabledCipherSuites(supportedSuites);
               String [] suites=s.getEnabledCipherSuites();
               for(int i = 0; i<suites.length; i++)
                    System.out.println("["+i+"] Newly enabled Anonymous CipherSuites="+suites[i]);
               System.out.println("*** ================= ***\n");
               System.out.println(" The strongest available CipherSuite is chosen by the System.");
               System.out.println(" But it has to be enabled first, otherwise it ignores it. ");
               System.out.println("Currently Selected CipherSuite = "+s.getSession().getCipherSuite()+"\n");
               System.out.println("*** ================= ***");
               // Send messages to the server through
          // the OutputStream
          // Receive messages from the server
          // through the InputStream
          OutputStream out = s.getOutputStream();
          InputStream in = s.getInputStream();
               PrintWriter p = new PrintWriter(out);
               p.println("Hi Buddy!");
               p.println("Wanna have a beer?");
               p.println("All right, let's have some.");
               p.flush();
               out.close();
     in.close();
     s.close();
          catch (IOException e)
               System.out.println(""+e);
}//end class
//===== Here's Server.java ==============================================
import java.io.*;
import java.net.*;
import javax.net.ssl.*;
public class Server
     public static void main(String[] args)
          (new Server()).doIt();
     }//end main
     private void doIt()
          int port = 3333;
          SSLServerSocket ss;
          String[] enable = {"SSL_DH_anon_WITH_RC4_128_MD5",
                    "SSL_DH_anon_WITH_DES_CBC_SHA",
                    "SSL_DH_anon_WITH_3DES_EDE_CBC_SHA",
                    "SSL_DH_anon_EXPORT_WITH_RC4_40_MD5",
                    "SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA"};
          try
          SSLServerSocketFactory sslSrvFact =
          (SSLServerSocketFactory)
          SSLServerSocketFactory.getDefault();
               //Get all the default CipherSuites
               String [] suites=sslSrvFact.getDefaultCipherSuites();
               for(int i = 0; i<suites.length; i++)
                    System.out.println(""+i+". DEFAULT CIPHER SUITE="+suites[i]);
               suites=sslSrvFact.getSupportedCipherSuites();
               for(int i = 0; i<suites.length; i++)
                    System.out.println(""+i+". SUPPORTED CIPHER SUITE="+suites[i]);
               System.out.println("*** ================= ***");
          ss =(SSLServerSocket)sslSrvFact.createServerSocket(port);
               suites=ss.getEnabledCipherSuites();
               for(int i = 0; i<suites.length; i++)
                    System.out.println(""+i+". ENABLED CIPHER SUITE="+suites[i]);
               ss.setEnabledCipherSuites(enable);
               suites=ss.getEnabledCipherSuites();
               for(int i = 0; i<suites.length; i++)
                    System.out.println(""+i+". NEW ENABLED CIPHER SUITE="+suites[i]);
               System.out.println("*** ================= ***");
          SSLSocket c = (SSLSocket)ss.accept();
//          ServerSocket ss = new ServerSocket(port);
//          Socket c = ss.accept();
          OutputStream out = c.getOutputStream();
          InputStream in = c.getInputStream();
               BufferedReader br = new BufferedReader(new InputStreamReader(in));
          // Send messages to the client through
          // the OutputStream
          // Receive messages from the client
          // through the InputStream
          while(true)
//               int i = in.read();
                    String inputString = br.readLine();
                    if(inputString != null)
                    System.out.println(inputString);
               else
                    out.close();
                    in.close();
                    c.close();
               ss.close();
          catch (IOException e)
               System.out.println(""+e);
}//end class
//========= Good Luck! ===================

Client Server Authentication

Similar Messages

Maybe you are looking for