HTTPS and APPLET

Similar Messages

• HTTPS and a Proxy server?

  Does the plugin-in still not work with HTTPS and a proxy server?
  From plug-in docs -
  "Java Plug-in supports http, ftp, gopher and SOCKS v4 protocols through the proxy server. Currently, Java Plug-in does not support https (SSL). "

  Hello
  I am making HTTPS calls from within my applet code and this works fine using the basic Java Plug-in support for HTTPS.
  This means my code basically does:
  URL url = new URL("https://myhost.com/servlet/Test");
  URLConnection conn = url.openConnection();
  etc..
  We are using Java 1.4.2. I've read in the "How HTTPS Works in Java Plug-in" for 1.3, that the plugin uses the browsers API for making HTTPS connections. Is this still the case for 1.4?
  My basic problem is that it all works fine if the browser is NOT configured to use a proxy server. If a proxy server is configured we get the following Exception in the client:
  java.io.IOException: Unable to tunnel through proxy. Proxy returns "HTTP/1.1 400 Bad Request ( The data is invalid. )"
  I have read that "Sun's Java Secure Socket Extension (JSSE) library allows you to access a secure Web server from behind a firewall via proxy tunnelling. However, JSSE expects the proxy's reply to the tunnelling request to begin with "HTTP 1.0"; otherwise, it throws an IOException" (http://www.javaworld.com/javatips/jw-javatip111_p.html)
  The article talks about using the JSSE library but it seems to be assuming the client is an application not an applet.
  How do I use JSSE from within an applet if all the proxy information I seem to need to set in the JSSE code is held by the browser?
  Will JSSE support proxies returning responses beginning HTTP 1.1 in the future?
  Any help on this would be greatly appreciated.
  Many thanks
  mark

• Help needed about HTTPS and policy files !!

  Hi everyone,
  my Web Start application crashes with a SSLPeerUnverifiedException when I
  try to connect to the server with HTTPClient :
  // proxy settings
  HTTPConnection.setProxyServer(ipProxy, portProxy);
  // connection
  HTTPConnection con = new HTTPConnection("https", serverName, -1);
  // Post (then there is a SSLPeerUnverifiedException....)
  HTTPResponse rsp = con.Post("/myurl.jsp, toSend, ct_hdr);
  My application runs in a secure environnement configured by the javaws.policy :
  grant codeBase "file:${jnlpx.home}/javaws.jar" {
  permission java.security.AllPermission;
  and the ${user.home}.java.policy (shared by another application, an applet I think) :
  keystore "file:${user.home}/xxxxxxxxxxxxxxxxxxxxx.p7c";
  grant codebase "https://xxxxxxxxxxxxxxx/-" signedby "xxxxxxxxxx" {
  permission java.lang.RuntimePermission "usePolicy";
  permission java.lang.RuntimePermission "accessDeclaredMembers";
  permission java.lang.RuntimePermission "setIO";
  permission java.lang.RuntimePermission "modifyThread";
  permission java.lang.RuntimePermission "stopThread";
  permission java.lang.RuntimePermission "accessClassInPackage.sun.security.provider";
  permission java.lang.RuntimePermission "loadLibrary.*";
  permission java.security.SecurityPermission "insertProvider.SUN";
  permission java.security.SecurityPermission "insertProvider.JCRYPTO";
  permission java.security.SecurityPermission "insertProvider.JCRYPTO_PKCS11";
  permission java.security.SecurityPermission "putProviderProperty.JCRYPTO";
  permission java.security.SecurityPermission "putProviderProperty.JCRYPTO_PKCS11";
  permission java.security.SecurityPermission "removeProviderProperty.JCRYPTO";
  permission java.security.SecurityPermission "removeProvider.JCRYPTO";
  permission java.security.SecurityPermission "removeProvider.JCRYPTO_PKCS11";
  permission java.security.SecurityPermission "removeProvider.SUN";
  permission java.util.PropertyPermission "*", "read,write";
  permission java.io.FilePermission "<<ALL FILES>>", "write,read,delete";
  permission java.net.NetPermission "specifyStreamHandler";
  permission java.net.SocketPermission "localhost:1024-", "listen";
  permission java.net.SocketPermission "*", "connect,accept,listen,resolve";
  permission java.awt.AWTPermission "accessClipboard";
  permission java.lang.RuntimePermission "queuePrintJob";
  permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
  permission java.awt.AWTPermission "showWindowWithoutWarningBanner";
  grant codebase "file:/myApplication/-" {
  permission java.security.AllPermission;
  In this file (.java.policy) when I replace "codebase "https://xxxxxxxxxxxxxxx/-""
  by "codebase "http://xxxxxxxxxxxxxxx/-"" everything works fine !! It's very very
  very very strange...
  my application is launched by Web Start 1.2 and use JRE 1.4.1
  Any ideas ? Please, I become crazy...

  In this file (.java.policy) when I replace "codebase
  "https://xxxxxxxxxxxxxxx/-""
  by "codebase "http://xxxxxxxxxxxxxxx/-"" everything
  works fine !! I am not so sure that a code source cares for whether the resource is downloaded with s-http or normal http. Is the distinction important for the policy file?
  You could go digging in the RFC that describes what a URL is (because that is what the code source is).
  Also you could switch on a nice flag in you server environment that output information if security things go wrong: -Djava.security.debug=failure
  In the output you should see from where your code is loaded. If it says http and not https, then that is what should appear in your policy file.

• When converting over to HTTPS and PKI for clients, not all actions are available in configuration manager cpl

  I'm not exactly sure which forum heading this should go under so if this isn't correct please let me know or move it on my behalf.  
  So I am trying to setup Internet Based Client Management in SCCM 2012 R2 and have come across a few articles on how to do so.   I think I have mostly gotten it to work but I seem to be having a client issue when deploying new machines.  My already
  deployed servers seem to have picked up the PKI setting no problem.  In the past when I would deploy a new windows client everything would be fine.  When i converted over to PKI in my test environment I am now having issues when I go to deploy a
  new windows client. I don't get all of the Actions listed in the Configuration Manager control panel.  All I have are Discovery Data Collection, Machine Policy Retrieval and Eval, User Policy Retrieval and Eval, and Windows Installer Source list Update
  Cycles, before all of them would populate no problem.  I have let this machine sit here for several hours and nothing has changed yet.  It does say PKI for client certificate.  Sometimes when I would deploy new machines it would say NONE for
  Client certificate.  In my production environment it says self-signed.  I have found if i uninstall the client and re-install the client it does populate all of the cycles but I don't understand why it is not working on deployment.
  Ok so maybe not all the time that when i reinstall the client it fixes it.  I just did an uninstall and reinstall on a test client and all it has under actions are machine and user policy cycles.
  Does anyone have any ideas?

  Hi,
  I think SCCM client installed before the GPO applied, so you don't a certificate available when it is required.
  You can export and import the certificate by using MDT integration, try this blog for PKI part:
  How To: Build and Capture in Configuration Manager 2012 using HTTPS
  And in addition, you can upload the log to your onedrive so you can share with us.
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected]

• Logging HTTP and/or SOAP packets in standalong OC4J v10.1.3.2

  I'm running OC4J standalone v10.1.3.2 on RH5 linux. I'd like to know how to turn on logging so that all incoming HTTP data can be viewed.
  I've basically got a Web Service which is failing to execute from some clients (but not all) due to a SOAP11 version mismatch problem. If I could see the incoming HTTP and/or SOAP request then I could determine where the inconsistency is coming from.
  Here's an extract of the returned SOAP error:
  <faultcode>env:VersionMismatch</faultcode>
  <faultstring>Version Mismatch</faultstring>
  <faultactor>http://schemas.xmlsoap.org/soap/actor/next</faultactor>
  I've tried editing j2ee-logging.xml and set the logging level to FINEST and TRACE but it's still not logging out the HTTP traffic.
  Any ideas welcomed,
  Thanks

  Andy,
  Which log files are you looking at? There is a server.log that will be impacted when you set the logging level to FINEST. Since you want to look at http requests, have you considered using Fiddler on the client side? It's pretty verbose but you can see all sorts of info including data posted to forms.
  -Michael
  PS
  URL:
  http://www.oracle.com/technology/tech/java/oc4j/htdocs/oc4j-logging-debugging-technote.htmlTake a look at the "Debug Options in OC4J" section. There are several HTTP debugging options listed.
  Edited by: Michael F. Hardy on Dec 17, 2008 9:40 AM

• Http and ftp protocol extremely slow (pop working well though)

  Hello. Starting today, on one of my macs, http and ftp protocol are extremely slow (page load 90 sec. instead of 2) (pop working well though). Provider finds nothing, on second mac all is fine (same cable, same settings … ). Cable connection, checked both sockets, changed cable, no change. Since pop3 protocol seems to work fine, this does look like a software problem to me. (Repaired permissions, no other tests or means. All used software up to date (OSX10.6.8 etc.))
  I'd be thankful for any idea.

  Not at all. Then I turned on NetBarrier, for testing and to avoid any damage (piece of software I don't employ in vain), and all slowed down again, but not quite as badly as before. Restarted, and now it seems back to normal with all extensions loaded. (I had done that before, obviously, and with no outcome, so it can't very well have been just that. But what?)
  I'll watch and learn, and report back; unless you have any further suggestions for the moment. Either way, thankyou very much so far.

• How do i get that bar to appear on the screen for http and web pages?

  How do i get that bar to appear on top of the screen for http and web pages?

  Yes im using safari version  5.1.2 (6534.52.7)  I have tried clicking show toolbar  from the view menu but i still can't see it.  It's the bar where you type in a website link or http:// that I can find - any other suggestions much appreciated

• When trying to verify my sync acct e-mail I get an error message that the URL is invalid. When I check the link, all that shows up is http// and nothing el

  When I check the link all that shows is http// and nothing else. It does this repeatedly. I am using Outlook for Windows 8.1. I haven't tried any other embedded e-mail links to see if this is a universal problem or just isolated to this particular e-mail.

  Hi dscraper,
  Thank you for posting your question. At this time there is a known issue that we are working on a fix for. The Outlook link is not working for Outlook 2013 email addresses.

• Sender communication channel for  HTTP and IDOC

  Why the sender communication channel is not necessary for HTTP and IDOC

  Hi,
  Because they lie on ABAP stack ie on Integration Engine...so that they can process directly but other adapter lies on Adapter engine.
  Regards
  Hemant

• PORTAL ACCESS  THROUGH HTTP and HTTPS BOTH

  Hi,
  Is it possible to make the portal listen on both http and https ports at the same time? What is the required configuration for the same?
  Please let me know for any other details.
  Any input is highly appreciated.
  regards,
  Chandra

  Hello Chandra,
  you can activate SSL in the J2EE engine and then you have both Protocolls avaliable. The documentaiton can be found at <a href="http://help.sap.com/saphelp_nw04/helpdata/en/f1/2de3be0382df45a398d3f9fb86a36a/frameset.htm">Configuring the Use of SSL on the SAP J2EE Engine</a>.
  Regards
  Gregor

• IMP: When will go HTTP and When we will go for SOAP????

  Hey Experts,
  Here i have requirement like that, I want to syn the date from SAP to external applications eg.., dot net So here which adapter i need to use here ,Either HTTP or SOAP??
  When we will go for Http and when we will go SOAP ? and which suits for dot net applications and which suits for java kind of applications ...
  Can you explain me what is the difference between this two adapter and which is the best one???
  Thanks in Advance
  Regards
  JS

  Sarathy,
  So here which adapter i need to use here ,Either HTTP or SOAP??
  It completely depends on the receiving system. I prefer web services, so if they can receive web services, then go for SOAP.
  When we will go for Http and when we will go SOAP ? and which suits for dot net applications and which suits for java kind of applications ...
  It completely depends on the scenario. In system integration, you first identify the scenario, and then choose the adapter which best suits the scenario.
  On .NET applications, it's easier to create / maintain web services.
  Can you explain me what is the difference between this two adapter and which is the best one???
  Please do a search on SDN / SAP Help, you will find plenty of blogs / forum postings on this topic.
  Regards,
  Neetesh

• Maintaining Sessions between http and https

  I have a web application in which I want my users to view the login page over SSL and send the login request via SSL also, but then I want to revert back to http://
  My problem is, and i've seen this problem on loads of boards with no real resolution, during the login I set some objects with in the session that are used to display information in other parts of the site... but the session object is being lost!!!
  I am using Tomcat as my web server, I saw an article on JavaWorld titled "mix protocols transparently in web applications", and apparently to over come this problem if you are using WebLogic 6.1 there is a parameter in the weblogic.xml file that must be configured, but I cant find a similar one on Tomcat!!!
  Thanks in advance

  Thanks a million for the answer, I have got it working now, but I had to do something a little different for any one else who experiances this problem I'll go through it... I set an attribute in the context which was named the the value of the current session id and contianed the session object. Then when leaving the login handeling in my dispatcher servlet I apended the session id to the url of the next jsp called. In this jsp then I retrived the "secure session" object from the context, this so far is what you suggested.
  But then I had to loop through "non secure session" object's attributes and set them in the "non secure session" object, that is I was not just able to reset the "non secure session" object equal to the "secure session" object as when I went on to the next page it was reset to the "non secure session" object again!
  The fact that the session object is changed when moving between http and https is (according to Tomcat buglist) a bug of Tomcat 4.1 and did not occur in tomcat 3.2

• Differnce betwwen http and https

  pls. tell me how to explain http and https

  The https: URI scheme is a URI scheme which is equivalent and syntactically identical to the http: scheme normally used for accessing resources using HTTP. Using an https: URL indicates that HTTP is to be used, but with additional security measures applied to the transactions. This system was invented by Netscape Communications Corporation to provide authentication and encrypted communication and is widely used on the Web for security-sensitive communication, such as payment transactions.

• How to protect both access (http and https) with a Policy Agent

  Hi,
  During the installation of a web Policy Agent (i.e. Policy Agent for IIS) we have to choose the protocol (and port) of the web server we want to protect.
  If we have an IIS with secure (https) and non secure (http) applications, how we manage this scenario with the policy agent?
  Regards,

  Hi,
  Finally, i have installed the agent in IIS5 in the non secure port (http) and in fact it detects both access (http and https) fine.
  The problem now is that if i try to access to a non secure url ( http://mynonsecureapp.com ) all works fine, the agent redirects to https://myaccessmanager.com:443/amserver/UI/Login?goto=http://mynonsecureapp.com but when i try to access to a secure url ( https://mysecureapp.com ) the agent try to redirects me to: https://myaccessmanager.com:443/amserver/UI/Login?goto=http://mysecureapp.com (notice that the agent removes the 's' in the url).
  The amAgent log file shows:
  +2008-07-17 09:44:08.296MaxDebug 656:d8f6b0 PolicyAgent: am_web_is_notification(), https://sigcit.agp.gva.es:443/fullcitriweb is not notification url http://sigcit.agp.gva.es:80/amagent/UpdateAgentCacheServlet?shortcircuit=false.+
  +2008-07-17 09:44:08.296 Warning 656:d8f6b0 PolicyAgent: OnPreprocHeaders(): Access Manager Cookie not found.+
  +2008-07-17 09:44:08.296 Debug 656:d8f6b0 PolicyAgent: am_web_is_access_allowed(): url 'https://sigcit.agp.gva.es:443/fullcitriweb' path_info ''.+
  +2008-07-17 09:44:08.296MaxDebug 656:d8f6b0 PolicyAgent: am_web_is_access_allowed(): processing url http://sigcit.agp.gva.es:80/fullcitriweb.+
  +2008-07-17 09:44:08.296 Debug 656:d8f6b0 PolicyAgent: am_web_is_access_allowed(): client_ip 172.27.65.62 not found in client ip not enforced list+
  Any ideas?
  Regards,
  Edited by: idm_oceanic on Jul 17, 2008 1:33 AM

• JSF / Switch between HTTP and HTTPS

  Hello!
  I want to switch between HTTP and HTTPS using JSF.
  Under Apache Struts framework I can use struts extension "sslext.jar" to configure switching between http and https in one web application.
  e.g. Login-jsp should be secured, all other jsp's should run unsecured.
  Any ideas?
  regards
  Harald.

  Thanks,
  I made the necessary enhancement for the second phase, password confirmation required when return to SSL zone after leaving it after a succesful login.
  I did the following:
  1) create a class in the application scope and/or singleton class with the servlet paths that require SSL
  2) create a plugin that reads ActionConfigs from the ModuleConfig
  3) create a filter that sets a request scope flag that says that password must re-entered.
  Code Extracts:
  1) MainshopContainer application level parameter singleton class:
  private static HashMap sslZoneMap = new HashMap(50); // key = servlet path of request, example /login.do
  public boolean isInSSLZone(String servletPath)
  return this.sslZoneMap.containsKey(servletPath);
  public void addToSSLZone(String servletPath)
  this.sslZoneMap.put(servletPath,null);
  public int getNumberOfActionsInSSLZone()
  return this.sslZoneMap.size();
  2) Struts plugin
  add a call to loadSSLZoneMap in plugin init method:
  loadSSLZoneMap(config, mainshopContainer);
  private void loadSSLZoneMap(ModuleConfig config, MainshopContainer mainshopContainer)
  throws ServletException
  try {       
  ActionConfig[] actionConfigs = config.findActionConfigs();
  for (int i = 0; i < actionConfigs.length; i++)
  if (actionConfigs.getParameter().indexOf("/jsp/account/") < 0) // /account/* = URL path for SSL zone
  // not found = not ssl zone
  System.out.println("loadSSLZoneMap, following actionConfigs excluded from SSL Zone: "+actionConfigs[i].getPath());
  else
  // found = ssl zone
  String servletPath = actionConfigs[i].getPath()+".do";
  mainshopContainer.addToSSLZone(servletPath);
  System.out.println("loadSSLZoneMap, following servletPath added to SSL Zone: "+servletPath);
  System.out.println("loadSSLZoneMap, number of actions in SSL Zone: "+mainshopContainer.getNumberOfActionsInSSLZone());
  catch (Exception ex)
  ex.printStackTrace();
  throw new ServletException("Exception caught in loadSSLZoneMap: "+ex.toString()+" Initialization aborted.",ex);
  3)
  public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
  throws IOException, ServletException {
  HttpServletRequest req = (HttpServletRequest) request;
  HttpServletResponse res = (HttpServletResponse) response;
  String servletPath = req.getServletPath();
  boolean secure= this.mainshopContainer.isInSSLZone(servletPath);
  The wole picture:
  The filter adds a RequestDTO object that includes all request parameters, one of them is the secure flag.
  I have a session scope class UserContainer that includes all the session parameters, one of them is the lastRequestDTO.(last made request)
  At the end of all my jsp's I set the lastRequestDTO variable.
  In that method I set the passwordConfirmationRequired flag if needed:
  public void setLastRequestDTO(RequestDTO _lastRequestDTO)
  if (this.lastRequestDTO != null && this.lastRequestDTO.isSecure() != _lastRequestDTO.isSecure())
  this.setPasswordConfirmationRequired(true);
  this.lastRequestDTO = _lastRequestDTO;
  I read the passwordConfirmationRequired in all my jsp's in the SSL zone that allow editing or deleting and if that flag is true, a valid password must be re-entered in order to make the updates.
  When the password is OK I reset the passwordConfirmationRequired to false.
  I need some help for the first phase, that is SSL setup for all actions related to jsp's with url path /account/*
  I tought I could define it in the web.xml:
  <security-constraint>
  <web-resource-collection>
  <web-resource-name>All Account Related Pages</web-resource-name>
  <url-pattern>/account/*</url-pattern>
  </web-resource-collection>
  <user-data-constraint>
  <transport-guarantee>CONFIDENTIAL</transport-guarantee>
  </user-data-constraint>
  </security-constraint>
  but that doesn't work and finnaly understood why:
  Example: /WEB-INF/jsp/account/login.jsp corresponds to /login.do
  The url pattern /account/* at the container level is never encountered.
  Is it allowed to declare the following action path: /account/login instead of /login?
  If yes I could add following prefix /account to all my action paths and forward paths and this could resolve my problem.
  What's your opinion?
  If no, would your library resolve this?
  Will all the Struts/JSP/JSTL url generating tags pick-up the required protocol (http/https) according to your configuration file?
  Regards
  Fred