How to retrieve the client IP address when Apache acts as a proxy for Tomca
Hello,
I am trying to retrieve the client IP address accessing the web
services. Because Apache is our proxy for all requests, when I try to
retrieve the client IP I always get the localhost IP: 127.0.0.1
The following code returns the localhost IP:
MessageContext msgContext = MessageContext.getCurrentContext();
if(msgContext != null) {
return msgContext.getProperty(Constants.MC_REMOTE_ADDR).toString();
return "Unknown";
From a servlet, obtaining the client IP address can be achieved using
this code.
String ipAddress = request.getHeader("x-forwarded-for");
if (ipAddress == null) {
ipAddress = request.getHeader("X_FORWARDED_FOR");
if (ipAddress == null){
ipAddress = request.getRemoteAddr();
return IPaddress ;
Any help is greatly appreciated.
Thank you very much
@ejp....
thanks buddy....
u made my world a better place to live.....
Similar Messages
-
UNABLE TO RETRIEVE THE CLIENT IP ADDRESS AND HOST NAME OF A PORTAL USER
I'm trying to retrive the client IP address and host name of a portal user
trying to access a portal page using APIs:
PortletRenderRequest portletRequest =
(PortletRenderRequest)request.getAttribute(HttpCommonConstants.PORTLET_RENDER_REQUEST);
HttpServletRequest servletRequest =
(HttpServletRequest)portletRequest.getAttribute(HttpCommonConstants.SERVLET_REQUEST);
String l_szClientIPAddress = servletRequest.getRemoteAddr();
String l_szClientHost = servletRequest.getRemoteHost();
but i found that for all portal users on different machines IP addresses, the
returned IP is the same for all which is Portal middle tier IP address.
So how can retrive the IP addess of a portal user trying to access a portal
page ?Brijesh,
Do you mean how to see hostname/ip address of client requests processed by the server? If yes, depending on what's your front ending component - Web Cache or OHS, you can configure the access log format to have this information recorded in either of these component's access log file.
For Web Cache access log file, refer this:
http://download.oracle.com/docs/cd/B14099_19/caching.1012/b14046/diagnostics.htm#sthref2090
For OHS access log file, refer this:
http://download.oracle.com/docs/cd/B14099_19/web.1012/b14007/servlog.htm#sthref439
By default, both Web Cache and OHS are configured to use Common Log Format (CLF) that does record hostname/ip address so if you haven't made any changes to log format, this info is already there for you. Look for $ORACLE_HOME/webcache/logs/access_log file for Web Cache and $ORACLE_HOME/Apache/Apache/logs/access_log file for OHS.
Thanks
Shail -
How to retrieve the server IP address
Hi Experts,
In my scenario, if some problem occur, then the XSLT mapping sends a mail to some one,subject is 'PRD', if we execute this from production or quality or development server.
But now i want to know this mail from which server, so i want to change the subject line as 'PRD' if it is only from production system otherwise 'OTH', how to achieve this ? No hard code allow at any where.
I have one thought, if we find the server ip address then we can recognize, but how to get the server IP address ? Is it possible ?
Thanks
RameshHi,
My source is some WSDL file, this is more than 15000 characters so i am unable to send the full file.
<wsdl:definitions xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">
<wsdl:types>
<xsd:schema xmlns:xsd="http://www.w3.org/2001/XMLSchema">
<xsd:import namespace="http://www.w3.org/XML/1998/namespace" schemaLocation="http://www.w3.org/2001/xml.xsd" />
<xsd:element name="Pip3A4PurchaseOrderRequest" type="Pip3A4PurchaseOrderRequest" />
<xsd:complexType name="Pip3A4PurchaseOrderRequest">
<xsd:sequence>
<xsd:element name="fromRole" type="fromRole" />
<xsd:element name="GlobalDocumentFunctionCode" type="xsd:string" />
<xsd:element name="PurchaseOrder" type="PurchaseOrder" />
<xsd:element name="thisDocumentGenerationDateTime" type="thisDocumentGenerationDateTime" />
<xsd:element name="thisDocumentIdentifier" type="thisDocumentIdentifier" />
<xsd:element name="toRole" type="toRole" />
</xsd:sequence>
</xsd:complexType>
<xsd:complexType name="fromRole">
<xsd:sequence>
<xsd:element name="PartnerRoleDescription" type="PartnerRoleDescription" />
</xsd:sequence>
</xsd:complexType>
<xsd:complexType name="PartnerRoleDescription">
<xsd:sequence>
<xsd:element name="ContactInformation" type="ContactInformation" minOccurs="0" />
<xsd:element name="GlobalPartnerRoleClassificationCode" type="xsd:string" />
<xsd:element name="PartnerDescription" type="PartnerDescription" />
</xsd:sequence>
</xsd:complexType>
<xsd:complexType name="ContactInformation">
<xsd:sequence>
<xsd:element name="contactName" type="contactName" minOccurs="0" />
<xsd:element name="EmailAddress" type="xsd:string" minOccurs="0" />
<xsd:element name="facsimileNumber" type="facsimileNumber" minOccurs="0" />
<xsd:element name="telephoneNumber" type="telephoneNumber" minOccurs="0" />
<xsd:element name="PhysicalAddress" type="PhysicalAddress" minOccurs="0" />
</xsd:sequence>
</xsd:complexType>
<xsd:complexType name="contactName">
<xsd:sequence>
<xsd:element name="FreeFormText" type="FreeFormText" />
</xsd:sequence>
</xsd:complexType>
<xsd:complexType name="FreeFormText">
<xsd:simpleContent>
<xsd:extension base="xsd:string">
<xsd:attribute ref="xml:lang" />
</xsd:extension>
</xsd:simpleContent>
</xsd:complexType>
<xsd:complexType name="facsimileNumber">
<xsd:sequence>
<xsd:element name="CommunicationsNumber" type="xsd:string" />
</xsd:sequence>
</xsd:complexType>
<xsd:complexType name="telephoneNumber">
<xsd:sequence>
<xsd:element name="CommunicationsNumber" type="xsd:string" />
</xsd:sequence>
</xsd:complexType>
<xsd:complexType name="PartnerDescription">
<xsd:sequence>
<xsd:element name="BusinessDescription" type="BusinessDescription" />
<xsd:element name="GlobalPartnerClassificationCode" type="xsd:string" minOccurs="0" />
<xsd:element name="PhysicalAddress" type="PhysicalAddress" minOccurs="0" />
<xsd:element name="ContactInformation" type="ContactInformation" minOccurs="0" />
</xsd:sequence>
</xsd:complexType>
<xsd:complexType name="BusinessDescription">
<xsd:sequence>
<xsd:element name="GlobalBusinessIdentifier" type="xsd:string" minOccurs="0" />
<xsd:element name="GlobalSupplyChainCode" type="xsd:string" minOccurs="0" />
<xsd:element name="businessName" type="businessName" minOccurs="0" />
<xsd:element name="NationalBusinessTaxIdentifier" type="NationalBusinessTaxIdentifier" minOccurs="0" />
</xsd:sequence>
</xsd:complexType>
<xsd:complexType name="PurchaseOrder">
<xsd:sequence>
<xsd:element name="AccountDescription" type="AccountDescription" minOccurs="0" />
<xsd:element name="comments" type="comments" minOccurs="0" />
<xsd:element name="ContractInformation" type="ContractInformation" minOccurs="0" maxOccurs="unbounded" />
<xsd:element name="DocumentReference" type="DocumentReference" minOccurs="0" maxOccurs="unbounded" />
<xsd:element name="FinancingTerms" type="FinancingTerms" minOccurs="0" maxOccurs="unbounded" />
<xsd:element name="generalServicesAdministrationNumber" type="generalServicesAdministrationNumber" minOccurs="0" />
<xsd:element name="GlobalGovernmentPriorityRatingCode" type="xsd:string" minOccurs="0" />
<xsd:element name="GlobalPurchaseOrderFillPriorityCode" type="xsd:string" minOccurs="0" />
<xsd:element name="GlobalPurchaseOrderTypeCode" type="xsd:string" maxOccurs="unbounded" />
<xsd:element name="governmentContractIdentifier" type="governmentContractIdentifier" minOccurs="0" />
<xsd:element name="installAt" type="installAt" minOccurs="0" />
<xsd:element name="isDropShip" type="isDropShip" />
<xsd:element name="OrderShippingInformation" type="OrderShippingInformation" minOccurs="0" />
<xsd:element name="ProductLineItem" type="ProductLineItem" maxOccurs="unbounded" />
<xsd:element name="proprietaryInformation" type="proprietaryInformation" minOccurs="0" />
<xsd:element name="requestedEvent" type="requestedEvent" minOccurs="0" />
<xsd:element name="requestedShipFrom" type="requestedShipFrom" minOccurs="0" maxOccurs="unbounded" />
<xsd:element name="SecondaryBuyer" type="SecondaryBuyer" minOccurs="0" />
<xsd:element name="shipTo" type="shipTo" minOccurs="0" />
<xsd:element name="TaxExemptStatus" type="TaxExemptStatus" minOccurs="0" />
<xsd:element name="totalAmount" type="totalAmount" minOccurs="0" />
</xsd:sequence>
</xsd:complexType>
<xsd:complexType name="AccountDescription">
<xsd:sequence>
<xsd:element name="accountName" type="accountName" />
<xsd:element name="AccountNumber" type="xsd:string" minOccurs="0" />
<xsd:element name="billTo" type="billTo" minOccurs="0" />
<xsd:element name="CreditCard" type="CreditCard" minOccurs="0" />
<xsd:element name="financedBy" type="financedBy" minOccurs="0" />
<xsd:element name="GlobalAccountClassificationCode" type="xsd:string" minOccurs="0" />
<xsd:element name="prePaymentCheckNumber" type="prePaymentCheckNumber" minOccurs="0" />
<xsd:element name="WireTransferIdentifier" type="xsd:string" minOccurs="0" />
</xsd:sequence>
</xsd:complexType>
<xsd:complexType name="accountName">
<xsd:sequence>
<xsd:element name="FreeFormText" type="FreeFormText" />
</xsd:sequence>
</xsd:complexType>
<xsd:complexType name="billTo">
<xsd:sequence>
<xsd:element name="PartnerRoleDescription" type="PartnerRoleDescription" />
</xsd:sequence>
</xsd:complexType>
<xsd:complexType name="PhysicalAddress">
<xsd:sequence>
<xsd:element name="addressLine1" type="addressLine1" minOccurs="0" />
<xsd:element name="addressLine2" type="addressLine2" minOccurs="0" />
<xsd:element name="addressLine3" type="addressLine3" minOccurs="0" />
<xsd:element name="cityName" type="cityName" minOccurs="0" />
<xsd:element name="GlobalCountryCode" type="xsd:string" minOccurs="0" />
<xsd:element name="GlobalLocationIdentifier" type="xsd:string" minOccurs="0" />
<xsd:element name="NationalPostalCode" type="xsd:string" minOccurs="0" />
<xsd:element name="postOfficeBoxIdentifier" type="postOfficeBoxIdentifier" minOccurs="0" />
<xsd:element name="regionName" type="regionName" minOccurs="0" />
</xsd:sequence>
</xsd:complexType>
<xsd:complexType name="addressLine1">
<xsd:sequence>
<xsd:element name="FreeFormText" type="FreeFormText" />
</xsd:sequence>
</xsd:complexType>
<xsd:complexType name="addressLine2">
<xsd:sequence>
<xsd:element name="FreeFormText" type="FreeFormText" />
</xsd:sequence>
</xsd:complexType>
<xsd:complexType name="addressLine3">
<xsd:sequence>
<xsd:element name="FreeFormText" type="FreeFormText" />
</xsd:sequence>
</xsd:complexType>
<xsd:complexType name="cityName">
<xsd:sequence>
<xsd:element name="FreeFormText" type="FreeFormText" />
</xsd:sequence>
</xsd:complexType>
<xsd:complexType name="postOfficeBoxIdentifier">
<xsd:sequence>
<xsd:element name="FreeFormText" type="FreeFormText" />
</xsd:sequence>
</xsd:complexType>
<xsd:complexType name="regionName">
<xsd:sequence>
<xsd:element name="FreeFormText" type="FreeFormText" />
</xsd:sequence>
</xsd:complexType>
<xsd:complexType name="businessName">
<xsd:sequence>
<xsd:element name="FreeFormText" type="FreeFormText" />
</xsd:sequence>
</xsd:complexType>
<xsd:complexType name="CreditCard">
<xsd:sequence>
<xsd:element name="cardHolderName" type="cardHolderName" />
<xsd:element name="creditCardIdentifier" type="creditCardIdentifier" />
<xsd:element name="expiryDate" type="expiryDate" />
<xsd:element name="GlobalCreditCardClassificationCode" type="xsd:string"> -
How to print the client ip address at the server side( reqd for logging )??
Hello everybody...
joined this forum recently.....
In RMI programming.... is there any way by which the server can know the the Client ip address or machine name.... i want to know this bcoz i need to create a log file as to who all had connected withe the server..
need a solution soon..... thanks in advance....@ejp....
thanks buddy....
u made my world a better place to live..... -
Pls help : How to get the client ip address in EJB
Hi experts,
I need to find the ip addr of the client which makes the remote call.
I tried using
java.rmi.server.RemoteServer.getClientHost()
But it throws ServerNotActiveException .
When I tried this in RMI it works fine perfectly.
If i am right EJB is just similar to RME and it should work in it too..
Can you please help me in finding out the ip address of the client which makes the ejb call.
Thanks & Regards,
MukuntHi Mukunt,
There is no portable way to do this in the Remote EJB programming model. The bean class
is written in a way that is agnostic to those kind of plumbing-related details of the caller.
--ken -
How to change the source ip address
hi all,
i got the problem that how to change the source ip address when i
get a website's page!
i mean i want to change the source ip address when i access the
remote website, sure i know when change the source ip, i can not get
the result correctly when changing the source ip address, but it is not
important to get the result i just want to send out a "click" event to the website by calling a post method in the site!
does anybody have some ideas?
Best Regards,
Eric GauHere's some code that connects to google and does a get:
import java.io.*;
import java.net.*;
public class HTTPTest {
private Socket sock;
private BufferedReader in;
private BufferedWriter out;
private boolean running = false;
HTTPTest() {
private void go(String site) {
try {
sock = new Socket(site, 80);
in = new BufferedReader(new InputStreamReader(sock.getInputStream()));
out = new BufferedWriter(new OutputStreamWriter(sock.getOutputStream()));
System.out.println("Connected");
out.write("GET / HTTP/1.1\r\n\r\n");
out.flush();
doRead();
} catch (IOException e) {
e.printStackTrace();
private void doRead() {
running = true;
String line;
System.out.println("Read started");
while (running) {
try {
line = in.readLine();
} catch (IOException e) {
e.printStackTrace();
line = null;
if (line == null) {
running = false;
} else {
System.out.println(line);
System.out.println("Socket closed");
public static void main(String [] args) {
String site;
if (args.length > 0) {
site = args[0];
} else {
site = "google.ca";
new HTTPTest().go(site);
} -
How to expand the hierarchy column automatically when delivery reports by a
Hi Experts,
In OBIEE 11.1.1.6.0,how to expand the hierarchy column automatically when delivery reports by agent?
For example:
In SampleLite RPD, when we drag "Time Hierarchy" and Sales column into the report , and sent it by agent ,it will only display "Total" sales, not show all level value,such as Year,Month,Day.So how to expand the hierarchy column automatically when delivery reports by agent?
If we expand all levels and save them, it will be ok, however, when we add new data, it will be collpased automatically and not show the lowest level data, requiring Users or Developer to modify this report for expanding the hierarchy. We think it is very trouble, is there any good suggestion or method for achieving our requirement?958054 wrote:
Hi Dpka,
Is it any difference? I look at the result is same.
Firstly, you said it is 'Add member of ',
Now, you said it is 'Keep member of'
Could you please tell me which options I must select ? Thanks very much.Here is some notes from the documentation to make a better sense of how those two options would work:
•Selection steps — When you create selection steps, you can add a group or a calculated item in a step. Subsequent Keep Only or Remove steps might reference members that were included in the group or calculated item.
◦A group list is affected by members that are kept or removed in subsequent steps, but the group outline value remains the same. For example, suppose the MyNewYork group contains Albany and Buffalo and its value is 100. Suppose Albany is removed in a later step. The value of the MyNewYork group remains at 100, but Albany is no longer listed with the group.
◦A calculated item is not affected by members that are kept or removed in subsequent steps, because removals can affect the components of the formula.
•Groups and calculated items — A step can include a group or calculated item. Groups and calculated items can be used only with Add steps; they cannot be used in Keep Only or Remove steps. -
How can I get the client IP address correctly?
Hi,
I am having a problem with getting the client ip address correctly using jsp. I am currently using the method request.getRemoteAddr() (JSP)to get the remote client IP. This method works fine with intranet addresses.
However, when I am using a dial-up connection through a ISP (internet service provider), it could not detect the actual IP that is assigned to my client PC, but instead got another IP address.
Could anyone advise me on that? And could anyone advise me on how to obtain the correct client ip address correctly using any of the java technologies?
Thanks,
Damien>
I don't believe so. You can't establish aconnection
over the internet using a private IP. As far as I
know most, if not all routers, block them so itwon't
even move over the backbone.Well with port-mapping it is definately possible to
allow an external ip to "connect" to an internal ip, i
have done this very thing myself...Not the same.
You are addressing the external server with a public IP address. That is then translated into the internal connection.
That is not the same as using a private IP on the internet.
As I said, the backbone will not let a private IP through.
>
>
Yes, but my point is that at any given time, in the
world, many boxes might have one address. Even ifit
is a private IP is it still that IP for aparticular
box. So if you use java to get its IP that is theIP
that it gets. And that IP is useless for anything
unless that IP is meaningful for the othercomputer.
But all ips must be unique in a designated "internet"
be it an "intranet" or whatever, there cannot be a
situation where two identical ips in the same
"internet", such that an ip that is achieved from a
page-hit is valid and meangingful in order to send the
data it is requesting back to it, or find out more
about that computer, or log and report it if it is
doing something illegal; i don't think its that
meangingless is it?Yes it is. You can't use an IP to uniquely identify a box, and that is the sole criteria, when there might be two boxes with the same IP.
When you use java on a client box to get the IP of the box, it doesn't necessarily return an IP that it meaningful to the anyone outside the lan on which the box lives.
Because of this internet systems must do one of the following:
-Do not use the IP as an identifier.
-Require that the client has a public IP. This is often static. At least some security systems use this to validate users. -
How to remove the old email address that was hacked from my iCloud account when iCloud won't let me?
How to remove the old email address that was hacked from my iCloud account when iCloud won't let me?
Pretty much the the email that I used (but didn't verify) to create my iCloud account was hacked and now I can't remove it from my iCloud account due to the iCloud password also being changed by the same person and the fact I had "Find my iPhone" app on my phone also??? I had to change my iTunes email as well but that was far easier so yeah :S.
Please help. I live in NZ, out in the country, so reception is rare and so is getting into the nearest town that has an Apple Store.
ThanksIf you truly change your existing Apple ID's email address to a new email address, follow these instructions: iOS 7: If you're asked for the password to your previous Apple ID when signing out of iCloud
If you created a whole new Apple Account because you couldn't access the old one after being hacked, you will need to contact the Apple Account Security Team. Apple ID: Contacting Apple for help with Apple ID account security -
I'm using an Ace 4710 Appliance deployed in One-Armed mode, using Source NAT to loadbalance HTTP request to a couple of Proxy servers.
Everything is working fine, but the thing is that I can't see the Clients IP addresses on Proxy's logs, so I can't keep track of them.
The Interfaces and Nat configs are:
interface vlan 200
description Server-Side-VLAN
bridge-group 5
nat-pool 5 10.1.1.5 10.1.1.5 netmask 255.255.255.0 pat
service-policy input VIPS
interface vlan 300
description Client-Side-VLAN
bridge-group 5
interface bvi 5
ip address 10.1.1.3 255.255.248.0
description Client-Server-Virtual-Interface
ip route 0.0.0.0 0.0.0.0 10.1.1.1
and the policy map looks like this
policy-map multi-match VIPS
class Port80
loadbalance vip inservice
loadbalance policy Port80
nat dynamic 5 vlan 200
Resource assignment:
sticky ip-netmask 255.255.255.255 address both RESOURCE-CLASS
timeout 5
serverfarm Service80
Any suggestions will be appreciated,
ThanksHi Kanwal,
Thanks for your quick reply,
I've already tried this but it didn't work. The problem is that I don't manage the proxy servers so I rely on their skills to see the logs.
The Proxies are Squid. Do you know if they need to do something else on the servers to see that field of the HTTP header?
But I'll try again tomorrow and let you know how it goes.
Thank you again. -
My email won't send as when it was set up an extra letter was accidentally inserted in the address. I need to know how to remove the entire email address and start a fresh.
Launch Mail.app, select Mail > Preferences... > Accounts and select the account you need to edit in the left column.
The receiving information will be displayed for the selected Account, with a pop-up selector for the Outgoing Mail Server (SMTP) toward the bottom. That selector shows which mail server will be used with this account; to send mail.
Click and hold on that selector, and scroll down (holding the mouse or trackpad clicked) to Edit Mail Server List... and you'll get a sheet dropping down with the mail servers listed.
Select the problematic mail server, and edit it using the Account Information and Advanced items on that sheet. -
How to get the client's IP address from within Java Studio Creator JSP/Java
Hi there.
I just started using the Java Studio Creator 2 and now I need to get hold of the client IP address - this should be part of the request, but I cannot fint the right way to get hold of that information. I want to be able to access this information from within the Java-code in a JSP/JSPF-page.
Is there a new way of doing:
request.getRemoteAddr();
This is the way I remember it from the JSP/Servlet-days...
Sincerely,
- Oystein Saebo -javax.servlet.http.HttpServletRequest req = (javax.servlet.http.HttpServletRequest) getExternalContext().getRequest();
req.getRemoteAddr(); -
I would like to ask how to retrieve Sever/Host IP address.
Hello,
I would like to ask how to retrieve Sever/Host IP address.
sys_context('USERENV', 'IP_ADDRESS') returns client's IP address only, but what I want to acquire is Host/Server IP address
Thank youThis is why it is generally useful to mention the version of Oracle you are using, particularly if you are using a version 4 releases old...
That said, you can probably still use the UTL_INADDR package
SQL> select utl_inaddr.get_host_name( null ) from dual;
UTL_INADDR.GET_HOST_NAME(NULL)
DDBCJC01
SQL> select utl_inaddr.get_host_address( null ) from dual;
UTL_INADDR.GET_HOST_ADDRESS(NULL)
192.168.1.107Justin
Edited by: Justin Cave on Sep 29, 2008 10:54 PM -
How to make VPN client auto timeout when it still idle?
How to make VPN client auto disconnect when it still idle?
Hi,I found some user still connected the VPN evenif they dose not use the VPN resouse.
I try to set a "idle timeout" for the VPN configuration.
We use PIX515 8.0.3 and CISCO ACS 4.2 for the VPN's connection and authentication,and the user use cisco vpn client for the connection.
I have tried many methods,but all failured.
First,I configed "vpn-idel-timeout 5" on PIX.It can not worked.
so,I add Radius(CISCO VPN 3000/ASA/PIX 7.0+) attribute "[026/3076/050] Authenticated-User-Idle-Timeout" on CISCO ACS,It still not worked.
And I also add IETF RADIUS Attributes "[028] Idle-Timeout" on group setting on ACS,it always not worked.
i found in vpn client's statistics,it always has some byte sended or received, i thought it maybe IPsec keepalive message or Radius message.
This maybe the reason because the PIX or ACS think the vpn user is keep working.
Can someone tell me how to make a "idle time out"?
best regard.
Rogerhere is the configuration on PIX,
group-policy DfltGrpPolicy attributes
wins-server value 10.0.0.67 10.0.0.68
dns-server value 10.0.0.67 10.0.0.68
vpn-simultaneous-logins 20
vpn-idle-timeout 5
split-tunnel-policy tunnelspecified
split-tunnel-network-list value vpn-acl
default-domain value mydomain.com
address-pools value vpnpool group-policy DfltGrpPolicy attributes
wins-server value 10.0.0.67 10.0.0.68
dns-server value 10.0.0.67 10.0.0.68
vpn-simultaneous-logins 20
vpn-idle-timeout 5
split-tunnel-policy tunnelspecified
split-tunnel-network-list value vpn-acl
default-domain value want-want.com
address-pools value vpnpool -
GSS-API How to get the client-to-service ticket
In Kerberos when requesting services, the client sends the following two messages to the TGS: A composed message of the Ticket-Granting Ticket and the ID of the requested serviceand authenticator (which is composed of the client ID and the timestamp), all encrypted using the client/TGS session key.
Then upon receiving these messages the TGS sends the followings to the client:
A: Client-to-server ticket (which includes the client ID, client network address, validity period and Client/server session key) encrypted using the service's secret key.
B: Client/server session key encrypted with the client/TGS session key.
Now I'm wondering how to obtain A and B throught the kerberos login in GSS-API . I have the following code that I use to request a kerberized service but it returns only a KerberosTicket in PrivateCredentialsSet for the Subject. A sessionKey can also be obtained form this KerberosTicket ! Which session key is this ? the session key B described above? and Where to get the Client-to-server ticket (A) described above ?
Thanks for any help !
Alex
lc = new LoginContext("login-client", new TextCallbackHandler());
lc.login();
mysubject = lc.getSubject();
java.util.Set principals = lc.getSubject().getPrincipals();
java.util.Iterator iterador = principals.iterator();
if (iterador.hasNext()){
KerberosPrincipal principal = (KerberosPrincipal) iterador.next();
clientName =principal.getName();
PrivilegedAction generateServiceTicket = new ClientAction(clientName,"[email protected]");
Subject.doAs(mysubject, generateServiceTicket);
Set prvCredentials = lc.getSubject().getPrivateCredentials();
for (Iterator i = prvCredentials.iterator(); i.hasNext(); j++) {
KerberosTicket ticket = (KerberosTicket) i.next();
prvKrbCrds = (KerberosTicket[]) mysubject.getPrivateCredentials().toArray(new KerberosTicket[0]);
public Object run() {
try{
GSSManager manager = GSSManager.getInstance();
Oid krb5Mechanism = new Oid("1.2.840.113554.1.2.2");
Oid krb5PrincipalNameType = new Oid("1.2.840.113554.1.2.2.1");
GSSName userName = manager.createName(pn,GSSName.NT_USER_NAME);
GSSCredential cred = manager.createCredential(usr,
GSSCredential.DEFAULT_LIFETIME,
krb5Mechanism,
GSSCredential.INITIATE_ONLY);
GSSName peerName = manager.createName(servicename,
GSSName.NT_HOSTBASED_SERVICE, krb5Mechanism);
GSSContext setContext = manager.createContext(peerName, krb5Mechanism, cred,
GSSContext.DEFAULT_LIFETIME);
setContext.requestInteg(false);
setContext.requestConf(false);
byte[] inputBuf = new byte[0];
byte[] tkt = setContext.initSecContext(inputBuf, 0, 0);
}catch(GSSException gsse){
gsse.printStackTrace();
}In Kerberos when requesting services, the client sends the following two messages to the TGS: A composed message of the Ticket-Granting Ticket and the ID of the requested serviceand authenticator (which is composed of the client ID and the timestamp), all encrypted using the client/TGS session key.
Then upon receiving these messages the TGS sends the followings to the client:
A: Client-to-server ticket (which includes the client ID, client network address, validity period and Client/server session key) encrypted using the service's secret key.
B: Client/server session key encrypted with the client/TGS session key.
Now I'm wondering how to obtain A and B throught the kerberos login in GSS-API . I have the following code that I use to request a kerberized service but it returns only a KerberosTicket in PrivateCredentialsSet for the Subject. A sessionKey can also be obtained form this KerberosTicket ! Which session key is this ? the session key B described above? and Where to get the Client-to-server ticket (A) described above ?
Thanks for any help !
Alex
lc = new LoginContext("login-client", new TextCallbackHandler());
lc.login();
mysubject = lc.getSubject();
java.util.Set principals = lc.getSubject().getPrincipals();
java.util.Iterator iterador = principals.iterator();
if (iterador.hasNext()){
KerberosPrincipal principal = (KerberosPrincipal) iterador.next();
clientName =principal.getName();
PrivilegedAction generateServiceTicket = new ClientAction(clientName,"[email protected]");
Subject.doAs(mysubject, generateServiceTicket);
Set prvCredentials = lc.getSubject().getPrivateCredentials();
for (Iterator i = prvCredentials.iterator(); i.hasNext(); j++) {
KerberosTicket ticket = (KerberosTicket) i.next();
prvKrbCrds = (KerberosTicket[]) mysubject.getPrivateCredentials().toArray(new KerberosTicket[0]);
public Object run() {
try{
GSSManager manager = GSSManager.getInstance();
Oid krb5Mechanism = new Oid("1.2.840.113554.1.2.2");
Oid krb5PrincipalNameType = new Oid("1.2.840.113554.1.2.2.1");
GSSName userName = manager.createName(pn,GSSName.NT_USER_NAME);
GSSCredential cred = manager.createCredential(usr,
GSSCredential.DEFAULT_LIFETIME,
krb5Mechanism,
GSSCredential.INITIATE_ONLY);
GSSName peerName = manager.createName(servicename,
GSSName.NT_HOSTBASED_SERVICE, krb5Mechanism);
GSSContext setContext = manager.createContext(peerName, krb5Mechanism, cred,
GSSContext.DEFAULT_LIFETIME);
setContext.requestInteg(false);
setContext.requestConf(false);
byte[] inputBuf = new byte[0];
byte[] tkt = setContext.initSecContext(inputBuf, 0, 0);
}catch(GSSException gsse){
gsse.printStackTrace();
}
Maybe you are looking for
-
Problem with Set_Item_Instance_Property and set_item_property
I have used these many times but on one form I do the following: Set_Item_Instance_Property( 'QUO', CURRENT_RECORD, UPDATE_ALLOWED,PROPERTY_FALSE); Set_Item_Instance_Property( 'CPN', CURRENT_RECORD, UPDATE_ALLOWED,PROPERTY_FALSE); Set_Item_Instance_P
-
RoboHelp not able to generate PDF document properly
Hello, I have RoboHelp for Word V9.0.2 and when I want to generate a PDF file, I've got many topics named 'No Data', and some of the parts only of my document has been computed. What am I supposed to do to have a clean source file in order for the PD
-
All my files have disappeared!
Hi! So the situation is pretty simple. Just really bizarre. I was using my iMac for a few hours then started doing something else nearby for a an hour or two then when I got back to my mac I noticed there wasn't anything on my desktop anymore. Nor in
-
I record interviews on GarageBand. Is there a way to transfer audio to text?
I am a writer and conduct telephone interviews, recording them with GarageBand. Is there some software, or a way to transfer the audio I record directly to text?
-
Hi experts, We have service scenario in crm system. service order contains item level service product(service item) as well as service material(return material). we have ecc integration with crm. Once we create service order in crm. should it replica