How to get the client certificate at server side
hi, this is ravikiran
I am working on a project which requires, receiving a signed file from the client side and verify whether the file is signed by a valid certificate that is there in the servers keystore.
I have no idea how to do this.
can anyone help me.
thanx in advance.
[sorry, deleted irrelevant wrong answer]
Similar Messages
-
How to get the publish method with server side actionscript?
We publish this way at client side:
ns.publish(name, howToPublish);
How to get this howToPublish at server side?
application.onPublish = function(){
//how to know whether the stream's publishing method(live,record,append) here?I am not sure whether you can know mode of publish via SSAS, best way would be to use Authorisation Plug-in which can intercept you publish request and get the information which you need - in this case mode of publishing.
-
How to get the client identity from the certificate at server side
hi, this is ravi kiran,
I am working on a project which requires, receiving a signed file from the client side and verify whether the file is signed by a valid certificate that is there in the servers keystore.
How can i get the client certificate at server side and check with the certificates already present in the servers keystore.
i have no idea how to do this
can any one help me
thanx in advanceHi Ravi, did you get any answer to your question ?
I'm also after a similar problem, please share your solution, if you have any. -
Can a pl sql cartridge get the client certificate through ssl in OAS
I am In a web publishing system project, I use SSL and client certificate to verify the user, the environment is OAS4.0.6 and Oracle 8i, and I use PL SQL cartridge to proceed the http request , Now the problem is how can I get the client certificate infomation in my pl sql scripts, I do not know where should i post this problem, So I post it here, If you have any experience in using SSL of OAS, pls help me!
tsailiang
[email protected]
thank you very much!Sorry wrong forum.....
This forum is for the Internet File Server (ifs) not the oracle application server (oas), sometimes known as iAS or Oracle9i Applicaiton Server.
null -
How to get the files in presentation server while uploading?
how to get the files in presentation server while uploading?
give me the function module nameHi,
PARAMETERS: P_FILE LIKE RLGRAP-FILENAME DEFAULT C_PRES. "Prsnt Srvr
AT SELECTION-SCREEN ON VALUE-REQUEST FOR P_FILE.
CALL FUNCTION 'WS_FILENAME_GET'
EXPORTING
DEF_PATH = P_FILE
MASK = ',..'
MODE = '0 '
TITLE = 'Choose File'
IMPORTING
FILENAME = P_FILE
EXCEPTIONS
INV_WINSYS = 1
NO_BATCH = 2
SELECTION_CANCEL = 3
SELECTION_ERROR = 4
OTHERS = 5. -
How to get the client date and time ?
Dear Sirs...
Using jdeveloper 10.1.2.0
How can i get the client date and time using the HttpServletRequest ?
thanks for any help in advance
best regardsIf your code is running on the client pc you can just create a new instance of the java.util.Date class. That class automatically defaults to the current time of the client machine. Otherwise if you're running the code on the server, you could insert/post the client date/time by adding its string representation as a parameter to the HTTP request object.
Ronald -
Getting the Client Certificate out of the HttpServletRequest object
I have an interesting issue with weblogic 5.1 SP6 and getting/obtaining Client
Certificates.
The issue is that the Client Certificate is not always in the HttpServletRequest
object depending on how the weblogic.properties are set. Here is my code to get
the Certificates.
// get the cert chain from the request
Object obj=request.getAttributs("javax.net.ssl.peer_certificates");
if (obj instanceof weblogic.security.X509[]) {
weblogic.security.X509[] wlogicCert = (weblogic.security.X509[]) obj;
try {
iaik.x509.X509Certificate iaikClientCert =
new iaik.x509.X509Certificate(wlogicCert[0].getBytes());
clientSDN = aiaikClientCert.getSubjectDN().getName();
clientCert = (Certificate)iaikClientCert;
The only time the certificate is present in the Request Object is when the following
weblogic.properties are set:
weblogic.security.enforceClientCert=true
weblogic.security.clientRootCA=CARoot.pem
If the properties are set to to this: no Certificate can be received from the
Request object.
weblogic.security.enforceClientCert=false
#weblogic.security.clientRootCA=CARoot.pem
Is there a way to have Weblogic always receive/get a Client Certificate if one
is provided by the client, but not have weblogic do any validation of the certificate?
Any help would be appreciated!
Garyok i see.
although it should be able to get the underlying
outputStream handle since i have initialized
(associated) it on the previous line.
ThanksWell, you might be able to get the underlying stream. Look at the API docs. If there's a method there to do it, then you can. If not, then you can't.
If you can do it, then you have to look at the API docs for FileOutputStream and see if it lets you get the associated File or path. If such a method exists, then you can get it. If not, then you can't.
Even if both methods exist and you can utimately get the file, do you understand why this is not the same as "getting the file associated with a PrintStream"? -
GSS-API How to get the client-to-service ticket
In Kerberos when requesting services, the client sends the following two messages to the TGS: A composed message of the Ticket-Granting Ticket and the ID of the requested serviceand authenticator (which is composed of the client ID and the timestamp), all encrypted using the client/TGS session key.
Then upon receiving these messages the TGS sends the followings to the client:
A: Client-to-server ticket (which includes the client ID, client network address, validity period and Client/server session key) encrypted using the service's secret key.
B: Client/server session key encrypted with the client/TGS session key.
Now I'm wondering how to obtain A and B throught the kerberos login in GSS-API . I have the following code that I use to request a kerberized service but it returns only a KerberosTicket in PrivateCredentialsSet for the Subject. A sessionKey can also be obtained form this KerberosTicket ! Which session key is this ? the session key B described above? and Where to get the Client-to-server ticket (A) described above ?
Thanks for any help !
Alex
lc = new LoginContext("login-client", new TextCallbackHandler());
lc.login();
mysubject = lc.getSubject();
java.util.Set principals = lc.getSubject().getPrincipals();
java.util.Iterator iterador = principals.iterator();
if (iterador.hasNext()){
KerberosPrincipal principal = (KerberosPrincipal) iterador.next();
clientName =principal.getName();
PrivilegedAction generateServiceTicket = new ClientAction(clientName,"[email protected]");
Subject.doAs(mysubject, generateServiceTicket);
Set prvCredentials = lc.getSubject().getPrivateCredentials();
for (Iterator i = prvCredentials.iterator(); i.hasNext(); j++) {
KerberosTicket ticket = (KerberosTicket) i.next();
prvKrbCrds = (KerberosTicket[]) mysubject.getPrivateCredentials().toArray(new KerberosTicket[0]);
public Object run() {
try{
GSSManager manager = GSSManager.getInstance();
Oid krb5Mechanism = new Oid("1.2.840.113554.1.2.2");
Oid krb5PrincipalNameType = new Oid("1.2.840.113554.1.2.2.1");
GSSName userName = manager.createName(pn,GSSName.NT_USER_NAME);
GSSCredential cred = manager.createCredential(usr,
GSSCredential.DEFAULT_LIFETIME,
krb5Mechanism,
GSSCredential.INITIATE_ONLY);
GSSName peerName = manager.createName(servicename,
GSSName.NT_HOSTBASED_SERVICE, krb5Mechanism);
GSSContext setContext = manager.createContext(peerName, krb5Mechanism, cred,
GSSContext.DEFAULT_LIFETIME);
setContext.requestInteg(false);
setContext.requestConf(false);
byte[] inputBuf = new byte[0];
byte[] tkt = setContext.initSecContext(inputBuf, 0, 0);
}catch(GSSException gsse){
gsse.printStackTrace();
}In Kerberos when requesting services, the client sends the following two messages to the TGS: A composed message of the Ticket-Granting Ticket and the ID of the requested serviceand authenticator (which is composed of the client ID and the timestamp), all encrypted using the client/TGS session key.
Then upon receiving these messages the TGS sends the followings to the client:
A: Client-to-server ticket (which includes the client ID, client network address, validity period and Client/server session key) encrypted using the service's secret key.
B: Client/server session key encrypted with the client/TGS session key.
Now I'm wondering how to obtain A and B throught the kerberos login in GSS-API . I have the following code that I use to request a kerberized service but it returns only a KerberosTicket in PrivateCredentialsSet for the Subject. A sessionKey can also be obtained form this KerberosTicket ! Which session key is this ? the session key B described above? and Where to get the Client-to-server ticket (A) described above ?
Thanks for any help !
Alex
lc = new LoginContext("login-client", new TextCallbackHandler());
lc.login();
mysubject = lc.getSubject();
java.util.Set principals = lc.getSubject().getPrincipals();
java.util.Iterator iterador = principals.iterator();
if (iterador.hasNext()){
KerberosPrincipal principal = (KerberosPrincipal) iterador.next();
clientName =principal.getName();
PrivilegedAction generateServiceTicket = new ClientAction(clientName,"[email protected]");
Subject.doAs(mysubject, generateServiceTicket);
Set prvCredentials = lc.getSubject().getPrivateCredentials();
for (Iterator i = prvCredentials.iterator(); i.hasNext(); j++) {
KerberosTicket ticket = (KerberosTicket) i.next();
prvKrbCrds = (KerberosTicket[]) mysubject.getPrivateCredentials().toArray(new KerberosTicket[0]);
public Object run() {
try{
GSSManager manager = GSSManager.getInstance();
Oid krb5Mechanism = new Oid("1.2.840.113554.1.2.2");
Oid krb5PrincipalNameType = new Oid("1.2.840.113554.1.2.2.1");
GSSName userName = manager.createName(pn,GSSName.NT_USER_NAME);
GSSCredential cred = manager.createCredential(usr,
GSSCredential.DEFAULT_LIFETIME,
krb5Mechanism,
GSSCredential.INITIATE_ONLY);
GSSName peerName = manager.createName(servicename,
GSSName.NT_HOSTBASED_SERVICE, krb5Mechanism);
GSSContext setContext = manager.createContext(peerName, krb5Mechanism, cred,
GSSContext.DEFAULT_LIFETIME);
setContext.requestInteg(false);
setContext.requestConf(false);
byte[] inputBuf = new byte[0];
byte[] tkt = setContext.initSecContext(inputBuf, 0, 0);
}catch(GSSException gsse){
gsse.printStackTrace();
} -
How to get the CLIENT OS USER NAME using Apex
Dear All,
I know there are many other posts (some of them are very old) discuss about this issue. But unfortunately most of the posts endup with NO PROPER ANSWER. But still I believe that tehre has to be some way to do this. So this is my requirement.
I am using custom authentication module and I want to get the CLIENT MACHINE OS USER NAME for that. But I do not want to do any authentication against the client user domain.
How can I get this?
* There are some other way to get this using VB Scripts. But thats not a real solution for this due to followings
01. User has to manually allow to run VB scripts. So if user dissable that then we canot get the required info
02. Its working only with specific browsers(Mainly in IE and also we can get that thing work after installing plugins to Firefox.). So this is also depends with the bvrowser and plugings.
What I want to do is to get this info using a common way which is not depends with the browser or any thirdparty plugins.
Thanks,
AlexIts good that you did some searching in the forums before you posted the question.
Most modern browsers would consider what you require as a security/privacy issue and prevents such information from being transmitted available(easily). IE might let you pull out this using a VB script or activex control. Browser specific addons/extension could work but they need some kind of installation to start with. Java could be a way to do it with all browsers, but the end user still has to grant access before it can do any such thing.
Lets say you were able to pull out such information from an end user, what would be next, get his mail id from outlook ? , access his browsing history, steal credit card information or read cookies?
Add to that , what if the end user accesses it using any other OS(linux,macintosh or even a smartphone) ? what about windows vista and windows 7 OS's , are you going to write code to handle all those cases too ?
Here's a blog posting which explains using NTLM authentication with Apex(it still needs configuration from the end user)
What I want to do is to get this info using a common way which is not depends with the browser or any thirdparty plugins.I guess if this is the question, then the answer would have to be no. I don't think you will be able to find a method that passes this information from the client side without any modification/configuration at their side -
How to get the user input while server is waiting for client's message
I have a server/client program (using sockets)
I used a thread to let a server always waiting for client's request, but how should I found that
there is no message pass to server from client.
public void run(){
while (true){
Socket server = serverP.accept();
ObjectInputStream inFromClient = new ObjectInputStream(server.getInputStream());
inMessage = (Message)inFromClient.readObject();
System.out.println("Deadlock may occurred, please enter your command: ");
BufferedReader inFromUser = new BufferedReader(new InputStreamReader(System.in));
String command = inFromUser.readLine();
The server is waiting for the inMessage that is passed from multiple clients. But if the server
received no message after some time, it will assume something is wrong (eg, there is a
deadlock), then it will ask the user to input the command to execute the method.
If I put
"System.out.println("Do you want to take Snapshot: ");
BufferedReader inFromUser = new BufferedReader(new InputStreamReader(System.in));
String command = inFromUser.readLine();"
inside the while loop, it will keep asking user to enter the input when every time the client
connect to the server. But I want to ask the user to enter the command only when the server
can't get the response from clients.
How should I do?
Please help.Your statement:
Socket server = serverP.accept();
it will block until Server receive connect request from client.
So, what u can do is, create a seperate Thread which check if server is idle (no client connect to it) for a certain time.
public class xxxxx extends Thread {
public void run(){
(new WatcherThread()).start()
while (true){
Socket server = serverP.accept();
WatcherThread.acceptFlag();
ObjectInputStream inFromClient = new ObjectInputStream(server.getInputStream());
inMessage = (Message)inFromClient.readObject();
Do something with client request ...
I suggest you to create a WorkerThread for
each client request.
For example:
new (WorkerThread(inMessage)).start();
This way, your server thread will immediately serve
the next client request ASAP.
public class WatcherThread extends Thread {
private static accept = false;
public static void acceptFlag() {
flag = true;
public void run() {
while(true) {
try { sleep(10000); } catch (Exception ex) { }
if (!accept) { // never accepted after 10000 msecs
... do your System.in here ...
flag=false;
}The idea is, your server notify WatcherThread if a client connect. WathcerThread runs at seperate thread. It waits for 10000 msecs and check if Server ever gets connect request from server. If it doesn't then you can do your System.in, otherwise, it will wait for 10000 again..
FYI, next time, please use [ code ] and [ / code ] to format your code. It discourage me to read plain whole-left-aligned code like yours.
See: http://forum.java.sun.com/features.jsp#Formatting
rgds,
Alex -
How do I get the client certificate from the request
We are on Netweaver 2004 using the SAP webdispatcher (end-to-end). I need to do an OCSP validation, I have all of the code I need for the OCSP portion. What I need is the X509Certficate that came from the client. Is this stored in the request object, session? How do I get it?
Thanks.Hi Joseph,
I think the question is which component terminates the SSL connection. It could be an upfront load balancer or the WebAS itself. The former could write the certificate into a request header vairable, while the latter will create a J2EE standard request attribute: javax.servlet.request.X509Certificate
I never did it with the web dispatcher, but you can try the following:
X509Certificate[] certs = (X509Certificate[]) request.getAttribute("javax.servlet.request.X509Certificate");
HTH
Daniel -
How to get the ssl-certificate trusted on lion-server
I'm in the process of setting up lion server to create a small (international) research group collaborating on a project.
So I want to use the server to exchange data, use a common calendar, address-book etc.
To do so you need to get a SSL-certiifcate (unless you do everything on VPN).
So I selected the server in server.app (Hardware) and selected SSL certificate edit
created a certificate signing request that I exported and saved on my computer
I received a ssl.crt that I also saved and dragged into the window and replace the original certificate with the signed one
and also imported the certificate in to the keychain
All following the steps described in:
Managing iOS deviceswith OS X Lion Server by Arek Dryer
the book describes that the certiifcate should now be trusted and valid. However, I keep the message "This certificate was signed by an unkown authority"
So I somehow did something wrong.
Any suggestions what I should do?ok let me add some info in the hope I will get some guidance:
using the site http://www.sslshopper.com/ssl-checker.html
I was able to check on the status of the certificate:
The certificate is not trusted in all web browsers. You may need to install an Intermediate/chain certificate to link it to a trusted root certificate. Learn more about this error. The fastest way to fix this problem is to contact your SSL provider.
since it is a non-commercial server I used a 'free?' SSL-certificate provider that will charge you when you contact them, so you have to figure it out by yourselve
I guess I would be helped if there is a step by step manual how to install a root certificate -
Pls help : How to get the client ip address in EJB
Hi experts,
I need to find the ip addr of the client which makes the remote call.
I tried using
java.rmi.server.RemoteServer.getClientHost()
But it throws ServerNotActiveException .
When I tried this in RMI it works fine perfectly.
If i am right EJB is just similar to RME and it should work in it too..
Can you please help me in finding out the ip address of the client which makes the ejb call.
Thanks & Regards,
MukuntHi Mukunt,
There is no portable way to do this in the Remote EJB programming model. The bean class
is written in a way that is agnostic to those kind of plumbing-related details of the caller.
--ken -
How to get the client's IP address from within Java Studio Creator JSP/Java
Hi there.
I just started using the Java Studio Creator 2 and now I need to get hold of the client IP address - this should be part of the request, but I cannot fint the right way to get hold of that information. I want to be able to access this information from within the Java-code in a JSP/JSPF-page.
Is there a new way of doing:
request.getRemoteAddr();
This is the way I remember it from the JSP/Servlet-days...
Sincerely,
- Oystein Saebo -javax.servlet.http.HttpServletRequest req = (javax.servlet.http.HttpServletRequest) getExternalContext().getRequest();
req.getRemoteAddr(); -
How to get session.maintain property on server side?
Is there a way to trap javax.xml.rpc.session.maintain property on the server side in JAX-RPC compliant web service implementation? I would like to know if the client has enabled session.maintain property to true (which false by default). If not, can I specify the web service to be of "Application" or "Session" scope during deployment time? It used to be the case for Apache SOAP processor. I do not see any mention of that in the JAX-RPC spec.
Thanks for any pointers.
-Anirban.When I first started to work with JAXRPC I had questions about how web services maintained session across multiple calls and also if it was
possible to maintain session across multiple web services. I downloaded
the JAXRPC runtime implementation source code and tell you what I found.
There is a HttpClientTransport class that handles the actual HttpConnection to the server. It checks to see if maintain session is
set to true or false. If it is set to true it appends the JSESSIONID to the header variables of the request.
The very first call gets a response back with header variable
Set-Cookie: JSESSIONID=blahblahblah
The HttpClientTransport looks for it and if it finds it takes the cookie and stores it somewhere. Every call after that will check to see if session maintain is true or false. If true, it will send
the header:
Cookie: JSESSIONID=blahblahblah
Hope that helps.
Mike
Maybe you are looking for
-
Premiere Pro CC2014 on Mac Pro 2013 using Bootcamp. Good idea?
I'm thinking of getting a Mac Pro (late 2013 'trashcan' model with 6 core processor) due to it's portability vs a regular desktop and due to it's over original purchase price resale value if re-sold in Brazil. Since the Mac version of Premiere seems
-
Hello, I had a hard drive crash on a Lenove U400, i changed the hard disk drive. I then reinstall Windwos 7 Home prmium 64 on the laptop. A standard windows 7 home. The I installed the AMD Catalyst driver, from the lenovo driver web page. AMD Graphi
-
Here's my code: <cfquery name="setNote" datasource="#DS#" dbtype="ODBC" username="#DSUsername#" password="#DSPassword#" > update Notes set note = 'test' where noteid = 1 </cfquery> Seems simple enough, but I get this: [Macromedia][SequeLink JDBC Driv
-
Been with Verizon 3 weeks - misrepresentation, fraud and poor customer service
I was excited to find out that my company had a corporate discount for all employees: 22% discount of primary line, 22% off any data plan greater than $29.99/month and $75 credit on first month's bill. Great! I decided to port over my line from Tmo
-
Invalid URL for application received as gift
I sent the WhatsApp application as gift to a friend using the Iphone 4G, when my friend clicks the link in the Email to redeem the gift, he receives a message "invalid url" What are the prerequisites to download gifted applications (need to do it via