Need Help for role based authentication

Similar Messages

• Need Help about Certificate based Authentication

  Hi friends..
  Currently, i'm trying to develop an applet that using Certificate Based Authentication..
  i have looked at this thread : http://forums.sun.com/thread.jspa?threadID=5433603
  these is what Safarmer says about steps to generate CSR :
  0. Generate key pair on the card.
  1. Get public key from card
  2. Build CSR off card from the details you have, the CSR will not have a signature
  3. Decide on the signature you want to use (the rest assumes SHA1 with RSA Encryption)
  4. Generate a SHA1 hash of the CSR (without the signature section)
  5. Build a DigestInfo structure (BER encoded TLV that you can get from the PKCS#1 standard) that contains the message digest generated in the previous step
  6. Send DigestInfo to the card
  7. On the card, the matching private key to encrypt the DigestInfo
  8. Return the encrypted digest info to the host
  9. Insert the response into the CSR as the signature
  Sorry, i'm a little bit confused about those steps.. (Sorry i'm pretty new in X509Certificate)..
  on step 4,
  Generate a SHA1 hash of the CSR (without the signature section)
  Does it mean we have to "build" CSR looks like :
  Data:
  Version: 0 (0x0)
  Subject: C=US, ST=California, L=West Hollywood, O=ITDivision, OU=Mysys, CN=leonardo.office/[email protected]
  Subject Public Key Info:
  Public Key Algorithm: rsaEncryption
  RSA Public Key: (1024 bit)
  Modulus (1024 bit):
  00:be:a0:5e:35:99:1c:d3:49:ba:fb:2f:87:6f:d8:
  ed:e4:61:f2:ae:6e:87:d0:e2:c0:fd:c1:0f:ed:d7:
  84:04:b5:c5:66:cd:6b:f0:27:a2:cb:aa:3b:d7:ad:
  fa:f4:72:10:08:84:88:19:24:d0:b0:0b:a0:71:6d:
  23:5e:53:4f:1b:43:07:98:4d:d1:ea:00:d1:e2:29:
  ea:be:a9:c5:3e:78:f3:5e:30:1b:6c:98:16:60:ba:
  61:57:63:5e:6a:b5:99:17:1c:ae:a2:86:fb:5b:8b:
  24:46:59:3f:e9:84:06:e2:91:b9:2f:9f:98:04:01:
  db:38:2f:5b:1f:85:c1:20:eb
  Exponent: 65537 (0x10001)
  Attributes:
  a0:00
  on step 5, Build a DigestInfo structure (BER encoded TLV that you can get from the PKCS#1 standard) that contains the message digest generated in the previous step
  How DigestInfo structure (BER encoded TLV that you can get from the PKCS#1 standard) looks like?
  And what is the DigestInfo Contains, and what is TAG for DigestInfo?..
  Please help me regarding this..
  Thanks in advance..
  Leonardo Carreira

  Hi,
  Leonardo Carreira wrote:
  Sorry, Encode the Public Key is handled by On Card Application or Off Card Application?..
  I think its' easier to encode the public key by Off Card app..
  Could you guide me how to achieve this?, i think Bouncy Castle can do this, but sorry, i don't know how to write code for it.. :( All you need to do is extract the modulus and exponent of the public key. These will be in a byte array (response from your card) that you can use to create a public key object in your host application. You can then use this key to create a CSR with bouncycastle.
  I have several some questions :
  1. Does Javacard provide API to deal with DER data format?JC 2.2.1 does not buy JC 2.2.2 does, however I believe this is an optional package though. You can implement this in your applet though.
  2. Regarding the Certificate Based Authentication, what stuff that need to be stored in the Applet?..
  - I think Applet must holds :
  - its Private Key,
  - its Public Key Modulus and its Public Key Exponent,
  - its Certificate,
  - Host Certificate
  i think this requires too much EEPROM to store only the key..This depends on what you mean by Certificate Based Authentication. If you want your applet to validate certificates it is sent against a certificate authority (CA) then you need the public keys for each trust point to the root CA. To use the certificate for the card, you need the certificate and corresponding private key. You would not need to use the public key on the card so this is not needed. You definitely need the private key.
  Here is a rough estimate of data storage requirements for a 2048 bit key (this is done off the top of my head so is very rough):
  ~800 bytes for your private key
  ~260 bytes per public key for PKI hierarchy (CA trust points)
  ~1 - 4KB for the certificate. This depends on the amount of data you put in your cert
  3. What is the appropriate RSA key length that appropriate, because we have to take into account that the buffer, is only 255 bytes (assume i don't use Extended Length)..You should not base your key size on your card capabilities. You can always use APDU chaining to get more data onto the card. Your certificate is guaranteed to be larger than 256 bytes anyway. You should look at the NIST recommendations for key strengths. These are documented in NIST SP 800-57 [http://csrc.nist.gov/publications/PubsSPs.html]. You need to ensure that the key is strong enough to protect the data for a long enough period. If the key is a transport key, it needs to be stronger than the key you are transporting. As you can see there are a lot of factors to consider when deciding on key size. I would suggest you use the strongest key your card supports unless performance is not acceptable. Then you would need to analyse your key requirements to ensure your key is strong enough.
  Cheers,
  Shane

• Configuring tomcat for form based authentication-help badly needed

  hi , i want to have form based or some other way of authentication for the users comming to my site , i have access only to web.xml , but in tomcat documentations its giveni need to change server.xml and tomcat-user.xml , can i make these changes on web.xml to implement it or please tell me way out of this please , i tried even jguard but it needs changes in jvm which also not into my access

  Hi,
  I'm a little confused. You wanted to know how to configure Tomcat for form based authentication, and I sent you an article on how to do that. Is there something more you need from me? You had offered 10 duke dollars for this post, and if there is more I can do I will help for the remaining amount, but I can't help you getting access to the Tomcat *.xml file.

• Manager password in tomcat for form based authentication

  Hi all,
  I have a jsp using form based authentication.I have set up the web.xml,server.xml and created my database with the various users and roles but when i try to deploy the application,it as for the manger username/password and when i enter what i have in the database it refuses to connect.
  Anyone has any idea what i might be doiing wrong?
  Thans in advance

  Hi,
  I'm a little confused. You wanted to know how to configure Tomcat for form based authentication, and I sent you an article on how to do that. Is there something more you need from me? You had offered 10 duke dollars for this post, and if there is more I can do I will help for the remaining amount, but I can't help you getting access to the Tomcat *.xml file.

• JSF/JAAS j_security_check for role-based login pages

  I'm looking for a way to take the login request after j_security_check is through and invoke logic in a backing bean somewhere to redirect the user (using Faces) to the appropriate view (via an outcome defined in the faces-config.xml, of course) based on the user's role. Is there a "JSF" (i.e. non-filter) way to do this that I'm missing? If not, I suppose I could try a filter if it will work.
  I've thought of just going to the same page and displaying different components, but I don't like that a lot, even using subviews. I thought about having two web apps, but find that to be a poor option. I really don't like trusting the user to remember/get a URL right beyond http://xyz.com or something similarly simple, as much to save them from frustration as anything else.
  Any ideas would be appreciated. I've scoured forums and Googled all day without much success, so I apologize if this is posted somewhere already. This seems like something that should be pretty simple and I may want to kick myself when I see the answer.

  Hi Brian,
  I do not believe it is j_security_check's job to check for blank
  passwords.
  In many security realms, it is "legal" for a user to have a blank
  password. j_security_check forwards whatever password was entered so that
  even users with blank passwords can be authenticated by the realm on the
  backend. For this reason I believe that j_security_check is "doing the
  right thing" by just forwarding whatever is presented to it, rather than
  having its own logic. It is best if j_security_check just acts as a very
  dumb middle man.
  If behavior was altered, it is true that your particular problem would be
  solved, but then many other people would have a problem with their users
  with blank passwords authenticating properly...
  Try looking into how to disable anonymous logins on the LDAP end of
  things. Hope this helps.
  Cheers,
  Joe Jerry
  brian wrote:
  I am using the LDAP Security Realm to authenticate against an iPlanet
  Directory Server. All works as expected when a user-id and password
  are entered for form-based authentication.
  However, when a userid is entered but no password, j_security_check
  logs the user in successfully. Aparently, this is correct LDAP
  behaviour as anonymous login to the LDAP server is permitted. It seems
  that the j_security_check servlet should check for blank passwords
  before trying to authenticate against the LDAP server and fail
  authentication if this is the case.
  Has anyone else experienced this problem?

• Need help for flash builder

  i need help for flash builder 4 and papervison 3d. I need to create a slider with it ranges of value from 10 to 50 to adjust the camera values for the camera.fov and also need to create it for the yaw of the object from 0 to 360. I try to look for any slider event and classes in this program but cant find any, btw, i need to use the AS only project file.
  here is my codes:
  can you please tell me how i should modify the codes?
  package
      import flash.display.BitmapData;
      import flash.display.Sprite;
      import flash.events.Event;
      import org.papervision3d.materials.BitmapFileMaterial;
      import org.papervision3d.materials.BitmapMaterial;
      import org.papervision3d.objects.primitives.Sphere;
      import org.papervision3d.view.BasicView;
      [SWF (width="800", height="600", backgroundColor="0x000000",frameRate="30")]
      public class EarthBitmap extends BasicView
          private var sphere:Sphere;
          public function EarthBitmap()
              super(800 , 600);
              var earthmaterial:BitmapFileMaterial = new BitmapFileMaterial("../assets/Earth.jpg");
              sphere = new Sphere(earthmaterial,100,20,18);
              camera.fov = 25;
              scene.addChild(sphere);
              addEventListener(Event.ENTER_FRAME,rotateSphere);
          public function rotateSphere(evt:Event):void
              sphere.yaw(0.2);
              singleRender();

  Turn the click handler into a full on separate function. Then store all the views in an array and use Math.rand() to randomly choose one.
  Something like this:
  <fx:Script>
       <![CDATA[
            var questionsArray:Array = {question2,question3,question5,questionRed,questionGeography};
            function buttonClickHandler(event:MouseEvent){
                 var randomProblem:int = Math.floor(Math.random()*(questionsArray.length));     //generates a random integer between 0 and the total number of questions in the array (arrays are 0-based)
                 navigator.pushView(questionsArray[randomProblem]);
       ]]>
  </fx:Script>
  <s:Button id="randomProblemButton" label="Next Problem" click="buttonClickHandler(event)" />
  Haven't tested that, but something along that line should work

• Need help for access list problem

  Cisco 2901 ISR
  I need help for my configuration.... although it is working fine but it is not secured cause everybody can access the internet
  I want to deny this IP range and permit only TMG server to have internet connection. My DHCP server is the 4500 switch.
  Anybody can help?
           DENY       10.25.0.1 – 10.25.0.255
                            10.25.1.1 – 10.25.1.255
  Permit only 1 host for Internet
                  10.25.7.136  255.255.255.192 ------ TMG Server
  Using access-list.
  ( Current configuration  )
  object-group network IP
  description Block_IP
  range 10.25.0.2 10.25.0.255
  range 10.25.1.2 10.25.1.255
  interface GigabitEthernet0/0
  ip address 192.168.2.3 255.255.255.0
  ip nat inside
  ip virtual-reassembly in max-fragments 64 max-reassemblies 256
  duplex auto
  speed auto
  interface GigabitEthernet0/1
  description ### ADSL WAN Interface ###
  no ip address
  pppoe enable group global
  pppoe-client dial-pool-number 1
  interface ATM0/0/0
  no ip address
  no atm ilmi-keepalive
  interface Dialer1
  description ### ADSL WAN Dialer ###
  ip address negotiated
  ip mtu 1492
  ip nat outside
  no ip virtual-reassembly in
  encapsulation ppp
  dialer pool 1
  dialer-group 1
  ppp authentication pap callin
  ppp pap sent-username xxxxxxx password 7 xxxxxxxxx
  ip nat inside source list 101 interface Dialer1 overload
  ip route 0.0.0.0 0.0.0.0 Dialer1
  ip route 10.25.0.0 255.255.0.0 192.168.2.1
  access-list 101 permit ip 10.25.0.0 0.0.255.255 any
  access-list 105 deny   ip object-group IP any
  From the 4500 Catalyst switch
  ( Current Configuration )
  interface GigabitEthernet0/48
  no switchport
  ip address 192.168.2.1 255.255.255.0 interface GigabitEthernet2/42
  ip route 0.0.0.0 0.0.0.0 192.168.2.3

  Hello,
  Host will can't get internet connection
  I remove this configuration......         access-list 101 permit ip 10.25.0.0 0.0.255.255 any
  and change the configuration ....      ip access-list extended 101
                                                              5 permit ip host 10.25.7.136 any
  In this case I will allow only host 10.25.7.136 but it isn't work.
  No internet connection from the TMG Server.

• Server (Tomcat) Managed "Role-Based" Authentication (isUerInRole)

  I am using the Tomcat 5.0.27. In order to use server managed "role-based" authentication, we supply the server with two tables. One of the tables containes userID and password, and the other tables contains userID and userRole (a person can have more than one role). (We must map each user to his/her role somewhere, and it is in the $TOMCAT/conf/server.xml file)
  My difficulty stems from the tables are structured in my database. I do have a table that contains userID and password; however, I do not have a table that contains userID and userRole. In order to know a person's role, I have to navigate from one table to another using foreign key and primary key.
  Is there a way to tell the server to navigate from one table to another to find a person's role? Or we "must" create a table that contains userID and userRole for us to use the isUserInRole() method for security check?

  check out the tomcat docs
  http://jakarta.apache.org/tomcat/tomcat-5.0-doc/realm-howto.html#JDBCRealm
  according to docs you have to create these tables
  create table users (
  user_name varchar(15) not null primary key,
  user_pass varchar(15) not null
  create table user_roles (
  user_name varchar(15) not null,
  role_name varchar(15) not null,
  primary key (user_name, role_name)

• I have problem with buying in games , I got the massage that the purchased can not be completed , please contact iTunes support.. I need help for my case please

  I have problem with buying in games , I got the massage that the purchased can not be completed , please contact iTunes support.. I need help for my case please

  http://www.apple.com/support/itunes/contact/

• Need help for Format HD

  Hi I need Help for Formating HD so Wat Key need hold on start up for format HD I apprciated you Help

  Jesus:
  Formatting, Partitioning Erasing a Hard Disk Drive
  Warning! This procedure will destroy all data on your Hard Disk Drive. Be sure you have an up-to-date, tested backup of at least your Users folder and any third party applications you do not want to re-install before attempting this procedure.
  • With computer shut down insert install disk in optical drive.
  • Hit Power button and immediately after chime hold down the "C" key.
  • Select language
  • Go to the Utilities menu (Tiger) Installer menu (Panther & earlier) and launch Disk Utility.
  • Select your HDD (manufacturer ID) in left side bar.
  • Select Partition tab in main panel. (You are about to create a single partition volume.)
  • _Where available_ +Click on Options button+
  +• Select Apple Partition Map (PPC Macs) or GUID Partition Table (Intel Macs)+
  +• Click OK+
  • Select number of partitions in pull-down menu above Volume diagram.
  (Note 1: One partition is normally preferable for an internal HDD.)
  • Type in name in Name field (usually Macintosh HD)
  • Select Volume Format as Mac OS Extended (Journaled)
  • Click Partition button at bottom of panel.
  • Select Erase tab
  • Select the sub-volume (indented) under Manufacturer ID (usually Macintosh HD).
  • Check to be sure your Volume Name and Volume Format are correct.
  • Click Erase button
  • Quit Disk Utility.
  cornelius

• Need help for my requirement...

  Need help for my requirement...
  Hello Experts,
  I have report where users can input the company, housebank, account ID and posting date.
  Now in one column of my report named 'Cash in Bank', I need to get all postings from cash
  accounts with GL code ending in '0'. Now, I know that I can get the amounts in BSIS/BSAS
  but how do I link it with the proper bank and account?
  For example:
                     Cash in Bank
  Bank A
    Account ID 1     1,000,000
    Account ID 2     25,000,000
  Hope you can help me guys. Thank you and take care!

  hi Viraylab,
  each house bank you can find in table T012, in T012K you'll find the bank accounts to the housebank, the G/L account will be in T012K-HKONT.
  hope this helps
  ec

• Need help for importing oracle 10G dump into 9i database

  hi, Someone help me to import oracle 10G dump into 9i database. I'm studying oracle . Im using oracle 10G developer suite(downloaded from oracle) and oracle 9i database. I saw some threads tat we can't import the higher version dumps into lower version database. But i'm badly need help for importing the dump...
  or
  someone please tell me the site to download oracle 9i Developer suite as i can't find it in oracle site...

  I didnt testet it to import a dump out of a 10g instance into a 9i instance if this export has been done using a 10g environment.
  But it is possible to perform an export with a 9i environment against a 10g instance.
  I am just testing this with a 9.2.0.8 environment against a 10.2.0.4.0 instance and is working so far.
  The system raises an EXP-00008 / ORA-37002 error after exporting the data segments (exporting post-schema procedural objects and actions).
  I am not sure if it is possible to perform an import to a 9i instance with this dump but maybe worth to give it a try.
  It should potentially be possible to export at least 9i compatible objects/segments with this approach.
  However, I have my doubts if this stunt is supported by oracle ...
  Message was edited by:
  user434854

• Need Help for Nokia 6500 slide

  Hi all I'm A new Guy here ,
  But I do really need help for hard reset my phone
  I already try *#7073# But It doesn't work ,
  If Anybody know to make a hard reset please help

  rwss wrote:
  I'v got te same problem with my 6500 Slide, is there a button combination that we have to press
  to hard reset the 6500 Slide?!
  How does the 6500 slide hard reset?
  That's simple.
  All you have to do is:
  From MENU goto SETTINGS, When there scroll down and select 'Restore Factory Setting'.
  There are two options in there:
  "Restore Settings only"
  and
  "Restore all"
  Select "Restore All"
  When done the phone will delete every thing on the Phone memory(C:\)(contacts,picture,messages etc)
  and also restore phone to its original settings and will restart.
  This proceedure is mostly common on S40 phone.
  Hope this explain and solve the problem.

• Need help for publishing web intelligence document (universe) into InfoView

  Post Author: mirage
  CA Forum: Publishing
  Hello all,
  I need help for publishing web intelligence document (universe) into InfoView.
  can't find this information in Business Objects Designer's Guide and in Business Objects Administrator Guide.
  Can somebody give short instructions how can I do it?
  Regards, Slava

  If the change between the 2 types of data has to happen dynamically during run time them
  1. Use 2 dataproviders
       a. Current
       b. Historic
  2. Merge the 2 dimensions
  3. Use Webi variable to switch between the measure of the current and historic universe
  Ex  if [year] < 2010 then historic.[expense] else current.[expense]
  Hope this helps,
  Divya

• Need help for cenvat reversal

  Hi Friends,
  Need help for cenvat reversal.
  Reversed MIRO by MR8M & MIGO by 102 movement but not able to post & cancel cenvat by J1IEX.
  In table J_1IEXCHDR status = "P" and J1I5 does not update for document of 102 movement because reversal document of MIGO, i.e. material document with 102 movement type does not have excise tab. MBSM-Cancelled Material Documents, does not show any of the material documents.
  Want to reverse the cenvat credit, please help.
  --Anil Bhamere

  Hi,
  If I select Cancellation in MIGO then there is only Material Document option.
  In MIGO Purchase Order option shows for Goods Receipt, Goods Issue and Subsequet Adj.
  In this case I have been selected Goods Receipt option followed by purchase order number by which original goods receipt MIGO was created, selected 102 movement type and from line item respective MIGO document. The reversal document created successfully where as original MIGO document does not show in cancelled document list. When post option selected from J1IEX and entered vendor excise number then message appeared as No Part I exists for availing credit in excise invoice xxxxx.
  If Cancel option selected from J1IEX and entered vendor excise number then message appeared as Excise invoice xxxx has already been posted for vendor xxxxx.
  Please help.
  Regards,
  Anil Bhamere