OC4J: SSL & JAAS

I have this problem:
When an httpS session is started, How can I integrate JAAS and SSL ?
I use JAZNUserManager UserManager Provider.
How can I mapping user entry with CLient Certificate Authentication ?.
with method usrMgr.setSertificate (X509Certificate) it throw UnsupportedException...

If you want to implement SSL using self Ca
try this old post
http://forum.java.sun.com/thread.jsp?forum=2&thread=4240
U wrote that u got a free cert from Entrust did u get u'r self generated key in it ?(i.e via a Cert Request)
I have no idea OC4J SSL but basically the key should match(the public key in cert and u'r Privatekey )
1)May be cert u received is not placed in the expected place
2)Or U dont have the trusted CA cert in place
3)The key in the cert does not correspond to the priv key u have on u'r system
These are just some of the possible causes
Hope it helps
Cheers
Aviz

Similar Messages

Doest OC4J support JAAS ?

Hi everyone,
does OC4J support JAAS ? If so, how can I implement it ?
Thanks
null

<BLOCKQUOTE>quote:<HR>Originally posted by Andy ():
There is no official roll-out date yet. But by the end of the year is a good estimate.<HR></BLOCKQUOTE>
Thanks a lot Andy, and sorry for bothering again, but are there online resources about the next version ? I've only found a white paper (http://technet.oracle.com/tech/java/oc4j/pdf/OC4J_TWP.pdf) which describes what is possible as of now (JTA, JMS, JNDI etc.), but nothing about JAAS.
Best Regards
null

[HELP] CRL in standalone OC4J SSL and ws-security x.509 token profile?

Dear all,
i have a question about setting up the OC4J server to check against a cert revocation list (CRL) when:
1. SSL in standalone OC4J (no oracle http server) (i.e. using secured-web-site.xml)
2. ws-security x.509 token profile (authenticate user by cert)
***i can create a crl list, but i don't know how can i import this list into the keystore
***and setup the system to validate cert against the crl.
i can't find the information in oracle's manual/documentation.
could anyone give me the solution under the 2 situations??
thank you.
lsp
Message was edited by:
lsp

Hi,
i have a question about setting up the OC4J server to
check against a cert revocation list (CRL) when:
1. SSL in standalone OC4J (no oracle http server)Probably not supported.
2. ws-security x.509 token profile (authenticate user by cert)OC4J + WS_SECURITY doesn't support CRL-s, sorry.
Hubert M.

Calling EJB from an applet in 9iAS Release 2?

Hello!
In 9iAS Release 1 it is not so easy to call an EJB from an applet. First the applet needs special privileges and then the applet starts only once. The cause of problem is the implementation of ormi.
Will 9iAS Rel. 2 support Applets calling EJBs?

Jeff,
I am also trying to make an applet client for an EJB deployed to OC4J.
I modified the java2.policy file as you suggested, but when I tried to run my applet, I
got the following error:
java.lang.ExceptionInInitializerError: java.security.AccessControlException: access denied (java.util.PropertyPermission tunneling.shortcut read)
 at java.security.AccessControlContext.checkPermission(Unknown Source)
 at java.security.AccessController.checkPermission(Unknown Source)
 at java.lang.SecurityManager.checkPermission(Unknown Source)
 at java.lang.SecurityManager.checkPropertyAccess(Unknown Source)
 at java.lang.System.getProperty(Unknown Source)
 at java.lang.Boolean.getBoolean(Unknown Source)
 at com.evermind.server.rmi.RMIInitialContextFactory.<clinit>(RMIInitialContextFactory.java:34)
 at java.lang.Class.forName0(Native Method)
 at java.lang.Class.forName(Unknown Source)
 at com.sun.naming.internal.VersionHelper12.loadClass(Unknown Source)
 at javax.naming.spi.NamingManager.getInitialContext(Unknown Source)
 at javax.naming.InitialContext.getDefaultInitCtx(Unknown Source)
 at javax.naming.InitialContext.init(Unknown Source)
 at javax.naming.InitialContext.<init>(Unknown Source)
 at its.fnd.ejb.EJBHomeFinder.getHomeObject(Unknown Source)
 at its.fnd.flight.ejb.EJBFlightFactory.<init>(Unknown Source)
 at its.fnd.flight.FlightFactory.<init>(FlightFactory.java:97)
 at EJBApplet.jbInit(EJBApplet.java:47)
 at EJBApplet.init(EJBApplet.java:36)
 at sun.applet.AppletPanel.run(Unknown Source)
 at java.lang.Thread.run(Unknown Source)
I am using OC4J (stand-alone) version 9.0.2.0.0 on Solaris 7 and Microsoft Internet Explorer
5.0 with the java 1.3.1 plug-in.
Here is the applet code that I use to lookup the EJB home interface:
Properties props = new Properties();
props.put(Context.INITIAL_CONTEXT_FACTORY,"com.evermind.server.rmi.RMIInitialContextFactory");
props.put(Context.PROVIDER_URL,"ormi://host:6666/app");
props.put(Context.SECURITY_PRINCIPAL,"admin");
props.put(Context.SECURITY_CREDENTIALS,"password");
Context ctxt = new InitialContext(props);
Object homeObj = ctxt.lookup("my_bean");
MyBeanHome home = PortableRemoteObject.narrow(homeObj, MyBeanHome.class);
The HTML page with the <applet> tag is a static HTML page that is part of OC4J's default
web application. The applet class file is located in a subdirectory of the default-web-app
directory. Here is the HTML page...
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=windows-1252">
<TITLE>
HTML Test Page
</TITLE>
</HEAD>
<BODY>
<object classid="clsid:8AD9C840-044E-11D1-B3E9-00805F499D93" width="580" height="450" name="EJBApplet" align="middle" alt="Loading EJBApplet ...">
<param name="java_code" value="EJBApplet">
<param name="java_codebase" value="/tests">
<param name="java_archive" value="xerces.jar,ejb.jar,oc4j.jar,jaas.jar"/>
<param name="java_type" value="application/x-java-applet;version=1.3">
<param name="java_scriptable" value="true">
<table cellpadding="1" bgcolor="#FFFFFF" width="580" height="450">
<tr><td>
This is a place for an APPLET. Your browser doesn't support the correct applet java plug-in. You can install the correct plug-in from here. <a target='_blank' onClick='javascript:self.window.close()' href="/classes/3rdparty/j2re-win-plug-in.exe">Click here to install plug-in.</a> Or if you have an Internet connection you can install the correct plug-in from here. <a target='_blank' onClick='javascript:self.window.close()' href="http://java.sun.com/products/plugin/1.3/plugin-install.html">Click here to install plug-in from Internet.</a> You can call your System Administrator for assistance.</td></tr>
</table>
</object>
</BODY>
</HTML>
I have searched the Internet, and the documentation, and tried several, different things,
but I can't get it to work.
Any and all help will be greatly appreciated.
Thanks,
Sofia.

Integration with JAZN

Hi!
I have implemented a contract-first web service using Spring-WS, and would like to authenticate towards the OC4J JAZN Jaas security provider.
Is it possible to integrate with JAZN by accessing the JAAS api directly? I have set up my own realm in the OC4J Instance security settings, and uses this realm name in my application code, but I cant succeed in authenticating with this setup at all. My orion-application.xml references the instance level xml configuration file.
Has anyone succeeded in integrating with JAZN in this way at all?
All feedback would be most welcome :)
Btw, I am using OC4J 10.1.3.
With regards,
Ketil Aasarød
Edited by: user525214 on Sep 3, 2008 3:13 AM
Edited by: user525214 on Sep 3, 2008 3:21 AM

Hi,
Thanks for your responce.
yes, you are right, we can achieve that by a new user JAZN and assign a role "BPMSSystemAdmin". But by doing so, we are giving the total control to the user. he can edit the data for the other instances also. i don't want to happen that.
my requirement is , the end user just able to edit the data and can continue, and also if he is not responded in the stipulated time auto esclation to the admin. he should not have privilage to chage the rule or edit the payload for other instances....
can it be possible?
please help me..,
if there is no such option, please tell me the ulternate way to achive this requirement...

JAAS ,SSO and OC4J

Hi ,
Earlier , We were connecting our application as partner applications in portal for SSO authentication. We used SSO sdk for diverting requests to SSO. I was reading some literature and it seems oracle is supporting connecting to SSO from JAAS provider. Can i get a documentation for 10G JAAS (With details on how to connect to SSO).
questions
1. Is JAAS just replacement of SSO sdk and we still need to define partner applications?
2.Do I need to configure mod_osso ? and then JAAS will give user details . (I don't need to define partner application.)
thanks
Simar

I do believe there is a logout URL that you need to set. When the user logs out of the application, they also need to be redirected to the logout URL. This is covered in the Oracle Application Server Single Sign-On Application Developer's Guide
From the doc:
Security Issues: Single Sign-Off and Application Logout
If you build custom applications using OracleAS release 9.0.4, note the following: when global logout, or single sign-off, is invoked, only the single sign-on and mod_osso cookies are cleared. This means that an OracleAS application must be coded to store single sign-on user and realm names in either the OC4J session or in the application session. The application must then compare these values to those passed by mod_osso. If a match occurs, the application must show personalized content. If no match occurs, which means that the mod_osso cookie is absent, the application must clear the application session and force the user to log in.
They also have a code example:
Application Logout: Recommended Code
Most applications that authenticate users have a logout link. In a single-sign-on-enabled application, the user invokes the dynamic directive for logout in addition to other code in the logout handler of the application. Invoking the logout directive initiates single sign-off, or global logout. The example that follows shows what single sign-off code should look like in Java.
// Clear application session, if any
String l_return_url := return url to your application e.g. home page
response.setHeader( "Osso-Return-Url", l_return_url);
response.sendError( 470, "Oracle SSO" );

How can i set up SSL in OC4J

How can i set up SSL in OC4J ?.
I have success fully installed oc4j and applications were deployed in it , it works perfectly , what should i add more to make the server SSL enabled ? , after these i have to make access of EJB from client Aplet/Application through SSL , how can i make it , I expect links to documentations, i searched in the forum but i couldnt find , plz help me
Renjith

It's not recommended to setup OC4J to use SSL since the OC4J container should be dedicated to J2EE services. In a production deployment environment, OC4J should be used behind the Oracle HTTP Server (based on Apache), so you should setup SSL for Apache instead. Please see 9iAS documentation at http://otn.oracle.com/docs/products/ias/doc_library/1022doc_otn/index.htm, look for mod_ssl and OpenSSL).
However, if you do want to play around with SSL in OC4J standalone mode, you could setup SSL following the following instructions (note this is not supported):
http://www.orionsupport.com/articles/ssl-howto.html

SSL error happened while calling a web service on a managed oc4j instance

While calling a webservice, I got SSL Error: Unrecognized SSL message, plaintext connection? The webservice is deployed on a managed oc4j which is created on a 10.1.3.4 oracle application server. We have SSL certificate installed for http server.
Any ideas?
Thanks!

Hello,
The error is stating there isn't a descriptor for the Agent class the app is trying to execute a query on. This could be due to improper mappings, but assuming Agent is mapped, is more likely due to a classloader issue. TopLink uses the classloader at login to initialize the descriptors and hash them on the Class objects. If the application uses a different classloader, descriptors will not be found for classes loaded from the new classloader. How are you obtaining sessions, and where is the session being used?
Best Regards,
Chris

Using a JAAS compliant LoginModule in OC4j

Hi.
I'm trying to set up an application to use a custom LoginModule in OC4J. The OC4J security FAQ states that this can be done by adding ... to the jazn-data.xml file as it is done with the oracle.security.jazn.tools.Admintool. The only users I seem to be able to authenticate with is the ones defined in the <jazn-realm> section of jazn-data.xml. If I try to remove this or parts of this section, the application fails to start.
If I deliberately misspells the classname of the login module, no error message is displayed.
Do I have to enable the use of custom login modules in any way other then adding them to the jazn-data.xml file? I not, can anyone tell me why I cant get it to work, and what I can do to get it to work?
I am using a SampleLoginModule from sun.
The classfiles for the login module is placed in a jar file in <j2ee-home>\lib directory
The OC4J is version 9.0.3.0.0
(standalone)
The login module data in jazn-data.xml:
<jazn-loginconfig>
<application>
<name>jazntest</name>
<login-modules>
<login-module>
<class>sample.module.SampleLoginModule</class>
<control-flag>required</control-flag>
<options>
<option>
<name>debug</name>
<value>true</value>
</option>
</options>
</login-module>
</login-modules>
<application>
I am wondering about the name tag in application. What name is this?
The name of the app IS jazntest.
Both in server.xml:
<application name="jazntest" path="../applications/jazntest.ear" auto-start="true" />
and in http-web-site.xml:
<web-app application="jazn-test" name="jazntest" root="/jazntest" />
Any help appreciated.
Ole

Ole, Anders,
A custom LoginModule can indeed be setup with JAZN if it's JAAS-compliant. In order to setup this up, you'll need to do the following:
1. Define the custom LoginModule in the global jazn-data.xml file (i.e. in the j2ee/home/config directory). The name-value tags are for optional parameters. Most LoginModules have a debug mode but this is optional (see the LoginModule specific documentation).
2. Put all the LoginModule files in the lib/ext directory of whichever JRE you are using (e.g. $oracle_home/jdk/jre/lib/ext). You may also need to place a copy of the "jaas.jar" file in that same directory.
3. For the actual application, you want to make sure that you do not use the container's security and authentication constraints defined in the application's web.xml file. Note: unlike the default JAZN RealmLoginModule, custom LoginModules are not integrated with these container security constraints. This means that with the custom LoginModule, you need to programmatically create a LoginContext and explicitly do a "login()" (as described in most JAAS tutorials). You may also need to restart the OC4J instance for some of these changes to take affect.
Regards,
-Lee

Urgent : Problem with Client when OC4J has been setup in 2 way SSL mode

This is the output that is generated in the JDeveloper console on running the example from b14429.pdf. Examle :
====================================================
import HTTPClient.HTTPConnection;
import HTTPClient.HTTPResponse;
import javax.security.cert.X509Certificate;
import oracle.security.ssl.OracleSSLCredential;
import java.io.IOException;
import javax.net.ssl.SSLPeerUnverifiedException;
public class SSLSocketClientWithClientAuth {
public static void main(String[] args) {
if (args.length < 4) {
System.out.println("Usage: java HTTPSConnectionTest [host] [port] " +
"[wallet] [password]");
System.exit(-1);
String hostname = args[0].toLowerCase();
int port = Integer.decode(args[1]).intValue();
String walletPath = args[2];
String password = args[3];
HTTPConnection httpsConnection = null;
OracleSSLCredential credential = null;
try {
httpsConnection = new HTTPConnection("https", hostname, port);
} catch (IOException e) {
System.out.println("HTTPS Protocol not supported");
System.exit(-1);
try {
credential = new OracleSSLCredential();
credential.setWallet(walletPath, password);
} catch (IOException e) {
System.out.println("Could not open wallet");
System.exit(-1);
httpsConnection.setSSLEnabledCipherSuites(new String[]{"SSL_RSA_WITH_3DES_EDE_CBC_SHA"});
httpsConnection.setSSLCredential(credential);
try {
httpsConnection.connect();
} catch (IOException e) {
System.out.println("Could not establish connection");
e.printStackTrace();
System.exit(-1);
// X509Certificate x509 = new X509Certificate();
//javax.servlet.request.
X509Certificate[] peerCerts = null;
try {
peerCerts =
(httpsConnection.getSSLSession()).getPeerCertificateChain();
} catch (javax.net.ssl.SSLPeerUnverifiedException e) {
System.err.println("Unable to obtain peer credentials");
e.printStackTrace();
System.exit(-1);
String peerCertDN =
peerCerts[peerCerts.length - 1].getSubjectDN().getName();
peerCertDN = peerCertDN.toLowerCase();
if (peerCertDN.lastIndexOf("cn=" + hostname) == -1) {
System.out.println("Certificate for " + hostname +
" is issued to " + peerCertDN);
System.out.println("Aborting connection");
System.exit(-1);
try {
HTTPResponse rsp = httpsConnection.Get("/");
System.out.println("Server Response: ");
System.out.println(rsp);
} catch (Exception e) {
System.out.println("Exception occured during Get");
e.printStackTrace();
System.exit(-1);
================================================================
C:\j2sdk1.4.2_09\bin\javaw.exe -client -classpath "D:\eclipse\workspace\OC4JClient\OC4JClient\classes;D:\eclipse\workspace\jdev\extensions\.jar;C:\Documents and Settings\nilesh_bafna\Desktop\Nitin\lib\jssl-1_1.jar;E:\product\10.1.3.1\OracleAS_1\j2ee\home\lib\http_client.jar;E:\product\10.1.3.1\OracleAS_1\jlib\javax-ssl-1_1.jar" -Djava.protocol.handler.pkgs=HTTPClient -Djavax.net.debug=ssl -Djavax.net.ssl.keyStore=F:/oc4jcert/client.keystore -Djavax.net.ssl.keyStorePassword=welcome1 -Djavax.net.ssl.trustStore=F:/oc4jcert/client.keystore -Djavax.net.ssl.trustStorePassword=welcome1 -DOracle.ssl.defaultCipherSuites=SSL_RSA_WITH_RC4_128_MD5 SSLSocketClientWithClientAuth ps4372.persistent.co.in 443 F:/oc4jcert/client.keystore welcome1
keyStore is : F:/oc4jcert/client.keystore
keyStore type is : jks
init keystore
init keymanager of type SunX509
found key for : oracle-client
chain [0] = [
Version: V3
Subject: CN=ps4372.persistent.co.in, OU=Marketing, O=Oracle, L=Atlanta, ST=Georgia, C=US
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
Key: SunJSSE RSA public key:
public exponent:
010001
modulus:
87fcc8e9 0ffcef8e 61f3be10 be7c9715 2792849b 3bbdeb1c cc76b337 4b82bbab
86972c63 9af3adfd 35b5df99 9078a0d1 6dc760d8 0549a95a bfa7648a 9eadd326
a6bc4b61 d8f8b42f 44e0b178 ff1dee20 db8406cd d800c26a 9c5a6ed9 4d6f2aef
bc919814 3b46be39 e129280c e83afe12 c9d4e3d7 fb5787b1 d98bed4a 4f0833d5
Validity: [From: Thu Jan 18 21:18:14 GMT+05:30 2007,
 To: Wed Apr 18 21:18:14 GMT+05:30 2007]
Issuer: CN=ps4372.persistent.co.in, OU=Marketing, O=Oracle, L=Atlanta, ST=Georgia, C=US
SerialNumber: [ 45af96be]
Algorithm: [MD5withRSA]
Signature:
0000: 41 47 35 41 90 10 E3 77 A7 F3 F5 81 37 49 4F 57 AG5A...w....7IOW
0010: 01 11 82 A2 FB 69 46 E8 18 6C EE 11 23 A6 67 2E .....iF..l..#.g.
0020: 68 4D D6 A6 E7 09 45 24 58 18 9A E5 44 49 10 9B hM....E$X...DI..
0030: F1 EC 99 4A 45 5F A4 4F 71 3F 05 3D 45 29 42 CD ...JE_.Oq?.=E)B.
0040: 11 87 DA 0C AA DC 55 4E CF 22 4A 94 85 CB E5 EB ......UN."J.....
0050: BA E1 10 D2 C8 80 2C 6B 65 94 13 01 1F 6E 18 C3 ......,ke....n..
0060: 87 33 8C 65 C7 03 16 03 24 FB 0D B0 6D D8 E7 AA .3.e....$...m...
0070: A1 A5 48 90 0D D6 8C 47 50 2A AA 7C 7B 14 E5 B7 ..H....GP*......
trustStore is: F:\oc4jcert\client.keystore
trustStore type is : jks
init truststore
adding as trusted cert:
Subject: CN=ps4372.persistent.co.in, OU=Marketing, O=Oracle, L=Atlanta, ST=Georgia, C=US
Issuer: CN=ps4372.persistent.co.in, OU=Marketing, O=Oracle, L=Atlanta, ST=Georgia, C=US
Algorithm: RSA; Serial number: 0x45af96be
Valid from Thu Jan 18 21:18:14 GMT+05:30 2007 until Wed Apr 18 21:18:14 GMT+05:30 2007
adding as trusted cert:
Subject: CN=ps4372.persistent.co.in, OU=Marketing, O=Oracle, L=Atlanta, ST=Georgia, C=US
Issuer: CN=ps4372.persistent.co.in, OU=Marketing, O=Oracle, L=Atlanta, ST=Georgia, C=US
Algorithm: RSA; Serial number: 0x45af95dc
Valid from Thu Jan 18 21:14:28 GMT+05:30 2007 until Wed Apr 18 21:14:28 GMT+05:30 2007
init context
trigger seeding of SecureRandom
done seeding SecureRandom
%% No cached client session
*** ClientHello, TLSv1
RandomCookie: GMT: 1152299454 bytes = { 41, 212, 166, 48, 109, 77, 185, 232, 204, 95, 158, 141, 60, 96, 196, 172, 49, 19, 49, 22, 222, 234, 47, 76, 27, 130, 5, 176 }
Session ID: {}
Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA]
Compression Methods: { 0 }
main, WRITE: TLSv1 Handshake, length = 73
main, WRITE: SSLv2 client hello message, length = 98
main, READ: TLSv1 Handshake, length = 839
*** ServerHello, TLSv1
RandomCookie: GMT: 1152299454 bytes = { 206, 186, 162, 116, 179, 72, 44, 198, 189, 25, 70, 227, 170, 235, 83, 186, 152, 49, 194, 222, 248, 3, 191, 170, 248, 95, 134, 35 }
Session ID: {69, 175, 178, 190, 47, 141, 131, 115, 241, 226, 39, 29, 241, 65, 235, 165, 57, 40, 52, 85, 68, 85, 68, 84, 108, 141, 1, 125, 193, 191, 158, 208}
Cipher Suite: SSL_RSA_WITH_RC4_128_MD5
Compression Method: 0
%% Created: [Session-1, SSL_RSA_WITH_RC4_128_MD5]
** SSL_RSA_WITH_RC4_128_MD5
*** Certificate chain
chain [0] = [
Version: V3
Subject: CN=ps4372.persistent.co.in, OU=Marketing, O=Oracle, L=Atlanta, ST=Georgia, C=US
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
Key: SunJSSE RSA public key:
public exponent:
010001
modulus:
6f24d75b 96919725 ad6ea93a cab0bd96 a49d2f3c e14f5c09 0e228e36 de64e0f2
f2b82740 1653bdb4 5024d281 21ed8c4c 89bc322b 4dc9ffb2 0e97cd95 16e6fe1e
380340c9 f3c67e2c 18d06461 f4f30eaf 4394716e 7bc66d80 810a9cb5 9c168b36
cdd99919 67074ebc edebf02e ebf0accb 2193bc38 7ae1cdda af5ff300 ed0e7763
Validity: [From: Thu Jan 18 21:14:28 GMT+05:30 2007,
 To: Wed Apr 18 21:14:28 GMT+05:30 2007]
Issuer: CN=ps4372.persistent.co.in, OU=Marketing, O=Oracle, L=Atlanta, ST=Georgia, C=US
SerialNumber: [ 45af95dc]
Algorithm: [MD5withRSA]
Signature:
0000: 05 4E EE 12 5B DD 7F 26 92 37 67 C9 D0 73 46 4D .N..[..&.7g..sFM
0010: 7E A5 1E 67 38 06 D9 5F 9F B7 2F E8 F6 9E BF 88 ...g8.._../.....
0020: 01 31 7D EA 42 5E 4F 9E D7 8F DA 9F 94 A5 EF 47 .1..B^O........G
0030: E3 E9 BA DE 94 15 C6 03 DE C9 C0 7D CE 58 C0 27 .............X.'
0040: 0F 1A 66 EC 73 53 5D 1D DE 7E FA 35 15 E0 2A CC ..f.sS]....5..*.
0050: C9 74 CC 58 E9 B6 2F 68 A0 89 2B F3 E6 61 7D E1 .t.X../h..+..a..
0060: 21 AF BE E8 83 49 B1 BD 36 C5 2D 1B 0D A1 0E 63 !....I..6.-....c
0070: 02 4A 82 71 B0 E1 9C AD 55 67 F9 17 A5 96 18 EB .J.q....Ug......
Found trusted certificate:
Version: V3
Subject: CN=ps4372.persistent.co.in, OU=Marketing, O=Oracle, L=Atlanta, ST=Georgia, C=US
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
Key: SunJSSE RSA public key:
public exponent:
010001
modulus:
6f24d75b 96919725 ad6ea93a cab0bd96 a49d2f3c e14f5c09 0e228e36 de64e0f2
f2b82740 1653bdb4 5024d281 21ed8c4c 89bc322b 4dc9ffb2 0e97cd95 16e6fe1e
380340c9 f3c67e2c 18d06461 f4f30eaf 4394716e 7bc66d80 810a9cb5 9c168b36
cdd99919 67074ebc edebf02e ebf0accb 2193bc38 7ae1cdda af5ff300 ed0e7763
Validity: [From: Thu Jan 18 21:14:28 GMT+05:30 2007,
 To: Wed Apr 18 21:14:28 GMT+05:30 2007]
Issuer: CN=ps4372.persistent.co.in, OU=Marketing, O=Oracle, L=Atlanta, ST=Georgia, C=US
SerialNumber: [ 45af95dc]
Algorithm: [MD5withRSA]
Signature:
0000: 05 4E EE 12 5B DD 7F 26 92 37 67 C9 D0 73 46 4D .N..[..&.7g..sFM
0010: 7E A5 1E 67 38 06 D9 5F 9F B7 2F E8 F6 9E BF 88 ...g8.._../.....
0020: 01 31 7D EA 42 5E 4F 9E D7 8F DA 9F 94 A5 EF 47 .1..B^O........G
0030: E3 E9 BA DE 94 15 C6 03 DE C9 C0 7D CE 58 C0 27 .............X.'
0040: 0F 1A 66 EC 73 53 5D 1D DE 7E FA 35 15 E0 2A CC ..f.sS]....5..*.
0050: C9 74 CC 58 E9 B6 2F 68 A0 89 2B F3 E6 61 7D E1 .t.X../h..+..a..
0060: 21 AF BE E8 83 49 B1 BD 36 C5 2D 1B 0D A1 0E 63 !....I..6.-....c
0070: 02 4A 82 71 B0 E1 9C AD 55 67 F9 17 A5 96 18 EB .J.q....Ug......
*** CertificateRequest
Cert Types: RSA, DSS,
Cert Authorities:
<CN=ps4372.persistent.co.in, OU=Marketing, O=Oracle, L=Atlanta, ST=Georgia, C=US>
*** ServerHelloDone
matching alias: oracle-client
*** Certificate chain
chain [0] = [
Version: V3
Subject: CN=ps4372.persistent.co.in, OU=Marketing, O=Oracle, L=Atlanta, ST=Georgia, C=US
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
Key: SunJSSE RSA public key:
public exponent:
010001
modulus:
87fcc8e9 0ffcef8e 61f3be10 be7c9715 2792849b 3bbdeb1c cc76b337 4b82bbab
86972c63 9af3adfd 35b5df99 9078a0d1 6dc760d8 0549a95a bfa7648a 9eadd326
a6bc4b61 d8f8b42f 44e0b178 ff1dee20 db8406cd d800c26a 9c5a6ed9 4d6f2aef
bc919814 3b46be39 e129280c e83afe12 c9d4e3d7 fb5787b1 d98bed4a 4f0833d5
Validity: [From: Thu Jan 18 21:18:14 GMT+05:30 2007,
 To: Wed Apr 18 21:18:14 GMT+05:30 2007]
Issuer: CN=ps4372.persistent.co.in, OU=Marketing, O=Oracle, L=Atlanta, ST=Georgia, C=US
SerialNumber: [ 45af96be]
Algorithm: [MD5withRSA]
Signature:
0000: 41 47 35 41 90 10 E3 77 A7 F3 F5 81 37 49 4F 57 AG5A...w....7IOW
0010: 01 11 82 A2 FB 69 46 E8 18 6C EE 11 23 A6 67 2E .....iF..l..#.g.
0020: 68 4D D6 A6 E7 09 45 24 58 18 9A E5 44 49 10 9B hM....E$X...DI..
0030: F1 EC 99 4A 45 5F A4 4F 71 3F 05 3D 45 29 42 CD ...JE_.Oq?.=E)B.
0040: 11 87 DA 0C AA DC 55 4E CF 22 4A 94 85 CB E5 EB ......UN."J.....
0050: BA E1 10 D2 C8 80 2C 6B 65 94 13 01 1F 6E 18 C3 ......,ke....n..
0060: 87 33 8C 65 C7 03 16 03 24 FB 0D B0 6D D8 E7 AA .3.e....$...m...
0070: A1 A5 48 90 0D D6 8C 47 50 2A AA 7C 7B 14 E5 B7 ..H....GP*......
JsseJCE: Using JSSE internal implementation for cipher RSA/ECB/PKCS1Padding
*** ClientKeyExchange, RSA PreMasterSecret, TLSv1
Random Secret: { 3, 1, 236, 206, 185, 158, 75, 201, 230, 16, 170, 40, 193, 70, 188, 134, 36, 134, 14, 20, 191, 121, 246, 8, 7, 2, 137, 66, 166, 10, 185, 246, 104, 154, 27, 82, 161, 133, 11, 130, 11, 130, 71, 84, 155, 165, 239, 227 }
main, WRITE: TLSv1 Handshake, length = 763
SESSION KEYGEN:
PreMaster Secret:
0000: 03 01 EC CE B9 9E 4B C9 E6 10 AA 28 C1 46 BC 86 ......K....(.F..
0010: 24 86 0E 14 BF 79 F6 08 07 02 89 42 A6 0A B9 F6 $....y.....B....
0020: 68 9A 1B 52 A1 85 0B 82 0B 82 47 54 9B A5 EF E3 h..R......GT....
CONNECTION KEYGEN:
Client Nonce:
0000: 45 AF B2 BE 29 D4 A6 30 6D 4D B9 E8 CC 5F 9E 8D E...)..0mM..._..
0010: 3C 60 C4 AC 31 13 31 16 DE EA 2F 4C 1B 82 05 B0 <`..1.1.../L....
Server Nonce:
0000: 45 AF B2 BE CE BA A2 74 B3 48 2C C6 BD 19 46 E3 E......t.H,...F.
0010: AA EB 53 BA 98 31 C2 DE F8 03 BF AA F8 5F 86 23 ..S..1......._.#
Master Secret:
0000: CA 5C BA B3 D0 C9 26 A9 3A 06 08 8F 27 2E CE 17 .\....&.:...'...
0010: 93 98 BC DF EF 78 2A 99 DB 3E 50 3B 01 D1 84 5F .....x*..>P;..._
0020: 28 80 CE 7C 7C C1 12 A4 11 F6 33 9B 2E D9 6F BE (.........3...o.
Client MAC write Secret:
0000: 80 FF CE 99 7C 45 4C D8 60 FA 40 79 A2 A4 36 7C .....EL.`[email protected].
Server MAC write Secret:
0000: 2D F1 A0 A8 ED A1 7B DD 89 A5 01 90 43 BF F1 19 -...........C...
Client write key:
0000: E1 3F 33 54 D3 C5 3A 26 4A 41 65 DA AC 44 3B 28 .?3T..:&JAe..D;(
Server write key:
0000: C5 08 52 AE A9 0A 4F D0 AD 54 49 C6 4E 2F 9C 4E ..R...O..TI.N/.N
... no IV for cipher
JsseJCE: Using JSSE internal implementation for cipher RSA/ECB/PKCS1Padding
*** CertificateVerify
main, WRITE: TLSv1 Handshake, length = 134
main, WRITE: TLSv1 Change Cipher Spec, length = 1
main, handling exception: java.net.SocketException: Software caused connection abort: socket write error
main, SEND TLSv1 ALERT: fatal, description = unexpected_message
main, WRITE: TLSv1 Alert, length = 2
Exception sending alert: java.net.SocketException: Software caused connection abort: socket write error
main, called closeSocket()
IOException in getSession(): java.net.SocketException: Software caused connection abort: socket write error
Unable to obtain peer credentials
javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
 at com.sun.net.ssl.internal.ssl.SSLSessionImpl.getPeerCertificateChain(DashoA12275)
 at SSLSocketClientWithClientAuth.main(SSLSocketClientWithClientAuth.java:56)
Process exited with exit code -1.
=====================================================
I think this is the problem with ciphers. So can anybody please help me with this!!!. This is very urgent!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Thanks in advance
Nilesh

Thanks for your prompt reply I was able to make it run. Actually I am using the same keystore and truststore at both the client and the server end. I added those properties in opmn.xml as startup parameters.
I have another query I am using JDev to create a client proxy for my webservice that is deployed in OC4J. I have setup OC4J in 2 way SSL (mutual authentication)
When I invoke my client proxy with these system properties set
System.setProperty("javax.net.ssl.keyStore",keyStore);
System.setProperty("javax.net.ssl.keyStorePassword", keyStorePassword);
System.setProperty("javax.net.ssl.trustStore", trustStore);
System.setProperty("javax.net.ssl.trustStorePassword",trustStorePassword);
System.setProperty("javax.net.ssl.keyStoreType","JKS");
System.setProperty("javax.net.ssl.trustStoreType","JKS");
I get an exception in the log.xml which is
<MSG_TEXT>IOException in ServerSocketAcceptHandler$AcceptHandlerHorse:run</MSG_TEXT>
<SUPPL_DETAIL><![CDATA[javax.net.ssl.SSLProtocolException: handshake alert: no_certificate
 at com.sun.net.ssl.internal.ssl.ServerHandshaker.handshakeAlert(ServerHandshaker.java:1031)
 at com.sun.net.ssl.internal.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:1535)
 at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:863)
 at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1025)
 at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1038)
 at oracle.oc4j.network.ServerSocketAcceptHandler.doSSLHandShaking(ServerSocketAcceptHandler.java:250)
 at oracle.oc4j.network.ServerSocketAcceptHandler$AcceptHandlerHorse.run(ServerSocketAcceptHandler.java:868)
 at com.evermind.util.ReleasableResourcePooledExecutor$MyWorker.run(ReleasableResourcePooledExecutor.java:303)
 at java.lang.Thread.run(Thread.java:595)
]]></SUPPL_DETAIL>
Isn't setting these properties enough for sending a client certificate. Please help!!!!
Thanks,
Nilesh.

OC4J 9.0.3: JAAS Compliant LoginModule support !

Hi,
I have a requirement where I need to migrate my JAAS Compliant LoginModule(implements LoginModule interface) from Weblogic to OC4J. I want to use my Custom LoginModule to perform authentication at the Web Tier and Ejb Tier and let the containers handle the details. I only want to plug in my Login Module as needed. The Login Module works absolutely fine as it is on Weblogic and JBoss, but fails to work on OC4J. This is the error that I get :-
When I call a protected EJB function the following error is found in the server.log file:
The run-as user is not an instance of com.evermind.security.User
Why is it looking for a "User" of this instance? I am using all standard JAAS compliant
classes:
javax.security.auth.spi.LoginModule to implement my Login Module
java.security.Principal to implement my Principal
java.security.acl.Group to implement by Group/Role
As of OC4J version 9.0.3 does it have Support for JAAS Compliant custom login module??
These are the source files that I have
1) JAAS Compliant Login Module (implement LoginModule interface)
2) JAAS compliant Principal (implement Principal interface)
3) JAAS compliant Group (implement Principal interface and Group interface)
4) Allow Web Tier and EJB Tier to be authenticated and authorized
Now how do I go about deploying the same on OC4J.
Any help would be appreciated.
Thanks in Advance,
Easwar.

Hello All,
As I was going through JAAS implementation using the iPlanet LDAP as our user/role data source found that its not just the LoginModule you have to write in addition to this you would end up wirting a whole new set of classes for manaing the users i.e UserManager :(
Here is the list of classes we have to implement to get the container managed declarative security model to work with the Web (web.xml) and EJB containers (ejb-jar.xml)
1 SampleAuthenticator.java
2 SampleLoginModule.java
3 SampleProvider.java
4 SampleRealm.java
5 SampleRealmManager.java
6 SampleRealmPrincipal.java
7 SampleRealmRole.java
8 SampleRealmUser.java
9 SampleRoleManager.java
10 SampleUserManager.java
I have still some doubt that after implementing this there could be some more catch and the implementation may still not work!!! :(
Have any one done such an implementation?
if some one has done this please let us know is it worth implementing them?
Thank you
Mallik

SSL related exceptions on visiting https pages with OC4J 10.1.3.1.0

I have a standalone oc4j version 10.1.3.1.0 that I configured for SSL by following instructions of this link: http://technology.amis.nl/blog/268/quick-and-easy-ssl-in-oc4j-standalone.
<OC4J_HOME/j2ee/home/config/secure-web.xml is as follows:
<?xml version="1.0"?>
<web-site xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="http://xmlns.oracle.com/oracleas/schema/web-site-10_0.xsd" secure="true" display-name="OC4J 10g (10.1.3) Default Web Site" schema-major-version="10" schema-minor-version="0" >
<web-app application="app" name="app" load-on-startup="true" root="/app" shared="true"/>
<ssl-config factory="com.evermind.ssl.JSSESSLServerSocketFactory" keystore="sslfile" keystore-password="abc123" truststore-password=""/>
</web-site>
As I interact with https pages, I start to see below exceptions in the oc4j log that I like to know what are those exceptions
are all about. Any thoughts on that and could it be that I am missing some SSL settings that may explain the below exceptions ?
and how about the below java.lang.NullPointerException ?
Mar 31, 2009 7:59:26 PM oracle.oc4j.network.NIOServerSocketDriver$SelectorThreadTask selectForRead
WARNING: Exception in NIOServerSocketDriver:selectForRead
java.nio.channels.ClosedChannelException
at java.nio.channels.spi.AbstractSelectableChannel.configureBlocking(AbstractSelectableChannel.java:252)
at oracle.oc4j.network.NIOServerSocketDriver$SelectorThreadTask.selectForRead(NIOServerSocketDriver.java:331)
at oracle.oc4j.network.NIOServerSocketDriver.selectForRead(NIOServerSocketDriver.java:58)
at oracle.oc4j.network.ServerSocketAcceptHandler.persistConnection(ServerSocketAcceptHandler.java:396)
at oracle.oc4j.network.ServerSocketAcceptHandler.endReadHandlerRun(ServerSocketAcceptHandler.java:416)
at oracle.oc4j.network.ServerSocketReadHandler$SafeRunnable.run(ServerSocketReadHandler.java:275)
at com.evermind.util.ReleasableResourcePooledExecutor$MyWorker.run(ReleasableResourcePooledExecutor.java:303)
at java.lang.Thread.run(Thread.java:619)
Mar 31, 2009 7:59:42 PM oracle.oc4j.network.ServerSocketAcceptHandler$AcceptHandlerHorse run
WARNING: IOException in ServerSocketAcceptHandler$AcceptHandlerHorse:run
javax.net.ssl.SSLException: Unexpected end of handshake data
at com.sun.net.ssl.internal.ssl.HandshakeInStream.read(HandshakeInStream.java:81)
at java.io.InputStream.read(InputStream.java:85)
at com.sun.net.ssl.internal.ssl.UnknownExtension.<init>(HelloExtensions.java:204)
at com.sun.net.ssl.internal.ssl.HelloExtensions.<init>(HelloExtensions.java:69)
at com.sun.net.ssl.internal.ssl.HandshakeMessage$ClientHello.<init>(HandshakeMessage.java:252)
at com.sun.net.ssl.internal.ssl.ServerHandshaker.processMessage(ServerHandshaker.java:135)
at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:516)
at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:454)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:884)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1096)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1123)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1107)
at oracle.oc4j.network.ServerSocketAcceptHandler.doSSLHandShaking(ServerSocketAcceptHandler.java:250)
at oracle.oc4j.network.ServerSocketAcceptHandler$AcceptHandlerHorse.run(ServerSocketAcceptHandler.java:868)
at com.evermind.util.ReleasableResourcePooledExecutor$MyWorker.run(ReleasableResourcePooledExecutor.java:303)
at java.lang.Thread.run(Thread.java:619)
Mar 31, 2009 7:59:42 PM oracle.oc4j.network.ServerSocketAcceptHandler$IdleHandlers closeIdleHandler
WARNING: Exception in SelectionKey cancel
java.lang.NullPointerException
at oracle.oc4j.network.ServerSocketAcceptHandler$IdleHandlers.closeIdleHandler(ServerSocketAcceptHandler.java:
3)
at oracle.oc4j.network.ServerSocketAcceptHandler$IdleHandlers.expireHandlers(ServerSocketAcceptHandler.java:60
at oracle.oc4j.network.ServerSocketAcceptHandler.selectorThreadHouseKeeping(ServerSocketAcceptHandler.java:217
at oracle.oc4j.network.NIOServerSocketDriver.selfHouseKeeping(NIOServerSocketDriver.java:129)
at oracle.oc4j.network.NIOServerSocketDriver.run(NIOServerSocketDriver.java:149)
at com.evermind.server.http.HttpConnectionListener.run(HttpConnectionListener.java:294)
at com.evermind.util.ReleasableResourcePooledExecutor$MyWorker.run(ReleasableResourcePooledExecutor.java:298)
at java.lang.Thread.run(Thread.java:619)
Mar 31, 2009 8:00:30 PM oracle.oc4j.network.NIOServerSocketDriver$SelectorThreadTask selectForRead
WARNING: Exception in NIOServerSocketDriver:selectForRead
java.nio.channels.ClosedChannelException
at java.nio.channels.spi.AbstractSelectableChannel.configureBlocking(AbstractSelectableChannel.java:252)
at oracle.oc4j.network.NIOServerSocketDriver$SelectorThreadTask.selectForRead(NIOServerSocketDriver.java:331)
at oracle.oc4j.network.NIOServerSocketDriver.selectForRead(NIOServerSocketDriver.java:58)
at oracle.oc4j.network.ServerSocketAcceptHandler.persistConnection(ServerSocketAcceptHandler.java:396)
at oracle.oc4j.network.ServerSocketAcceptHandler.endReadHandlerRun(ServerSocketAcceptHandler.java:416)
at oracle.oc4j.network.ServerSocketReadHandler$SafeRunnable.run(ServerSocketReadHandler.java:275)
at oracle.oc4j.network.ServerSocketAcceptHandler.procClientSocket(ServerSocketAcceptHandler.java:239)
at oracle.oc4j.network.ServerSocketAcceptHandler.access$700(ServerSocketAcceptHandler.java:34)
at oracle.oc4j.network.ServerSocketAcceptHandler$AcceptHandlerHorse.run(ServerSocketAcceptHandler.java:880)
at com.evermind.util.ReleasableResourcePooledExecutor$MyWorker.run(ReleasableResourcePooledExecutor.java:303)
at java.lang.Thread.run(Thread.java:619)
Mar 31, 2009 8:00:31 PM oracle.oc4j.network.NIOServerSocketDriver$SelectorThreadTask selectForRead
WARNING: Exception in NIOServerSocketDriver:selectForRead
java.nio.channels.ClosedChannelException
at java.nio.channels.spi.AbstractSelectableChannel.configureBlocking(AbstractSelectableChannel.java:252)
at oracle.oc4j.network.NIOServerSocketDriver$SelectorThreadTask.selectForRead(NIOServerSocketDriver.java:331)
at oracle.oc4j.network.NIOServerSocketDriver.selectForRead(NIOServerSocketDriver.java:58)
at oracle.oc4j.network.ServerSocketAcceptHandler.persistConnection(ServerSocketAcceptHandler.java:396)
at oracle.oc4j.network.ServerSocketAcceptHandler.endReadHandlerRun(ServerSocketAcceptHandler.java:416)
at oracle.oc4j.network.ServerSocketReadHandler$SafeRunnable.run(ServerSocketReadHandler.java:275)
at oracle.oc4j.network.ServerSocketAcceptHandler.procClientSocket(ServerSocketAcceptHandler.java:239)
at oracle.oc4j.network.ServerSocketAcceptHandler.access$700(ServerSocketAcceptHandler.java:34)
at oracle.oc4j.network.ServerSocketAcceptHandler$AcceptHandlerHorse.run(ServerSocketAcceptHandler.java:880)
at com.evermind.util.ReleasableResourcePooledExecutor$MyWorker.run(ReleasableResourcePooledExecutor.java:303)
at java.lang.Thread.run(Thread.java:619)
Mar 31, 2009 8:00:48 PM oracle.oc4j.network.ServerSocketAcceptHandler$IdleHandlers closeIdleHandler

I enabled ssl handshake debugging and I see the following in the log:
09/04/05 17:36:37 HTTPThreadGroup-5, READ: TLSv1 Application Data, length = 599
09/04/05 17:36:37 HTTPThreadGroup-5, WRITE: TLSv1 Application Data, length = 246
09/04/05 17:36:37 HTTPThreadGroup-4, WRITE: TLSv1 Application Data, length = 304
09/04/05 17:36:37 HTTPThreadGroup-4, WRITE: TLSv1 Application Data, length = 4564
09/04/05 17:36:40 HTTPThreadGroup-6, READ: TLSv1 Application Data, length = 856
09/04/05 17:36:40 HTTPThreadGroup-6, READ: TLSv1 Application Data, length = 1071
09/04/05 17:36:40 HTTPThreadGroup-6, WRITE: TLSv1 Application Data, length = 299
09/04/05 17:36:40 HTTPThreadGroup-5, READ: TLSv1 Application Data, length = 753
09/04/05 17:36:40 HTTPThreadGroup-6, WRITE: TLSv1 Application Data, length = 19
09/04/05 17:36:40 HTTPThreadGroup-6, WRITE: TLSv1 Application Data, length = 18
09/04/05 17:36:40 HTTPThreadGroup-6, handling exception: java.io.IOException: An established connection was aborted by the software in your
09/04/05 17:36:40 %% Invalidated: [Session-3, SSL_RSA_WITH_RC4_128_MD5]
09/04/05 17:36:40 HTTPThreadGroup-6, SEND TLSv1 ALERT: fatal, description = unexpected_message
09/04/05 17:36:40 HTTPThreadGroup-6, WRITE: TLSv1 Alert, length = 18
09/04/05 17:36:40 HTTPThreadGroup-6, Exception sending alert: java.io.IOException: An established connection was aborted by the software in
09/04/05 17:36:40 HTTPThreadGroup-6, called closeSocket()
Apr 5, 2009 5:36:40 PM oracle.oc4j.network.NIOServerSocketDriver$SelectorThreadTask selectForRead
WARNING: Exception in NIOServerSocketDriver:selectForRead
java.nio.channels.ClosedChannelException
at java.nio.channels.spi.AbstractSelectableChannel.configureBlocking(AbstractSelectableChannel.java:252)
at oracle.oc4j.network.NIOServerSocketDriver$SelectorThreadTask.selectForRead(NIOServerSocketDriver.java:331)
at oracle.oc4j.network.NIOServerSocketDriver.selectForRead(NIOServerSocketDriver.java:58)
at oracle.oc4j.network.ServerSocketAcceptHandler.persistConnection(ServerSocketAcceptHandler.java:396)
at oracle.oc4j.network.ServerSocketAcceptHandler.endReadHandlerRun(ServerSocketAcceptHandler.java:416)
at oracle.oc4j.network.ServerSocketReadHandler$SafeRunnable.run(ServerSocketReadHandler.java:275)
at com.evermind.util.ReleasableResourcePooledExecutor$MyWorker.run(ReleasableResourcePooledExecutor.java:303)
at java.lang.Thread.run(Thread.java:619)
09/04/05 17:36:40 HTTPThreadGroup-5, WRITE: TLSv1 Application Data, length = 761
09/04/05 17:36:40 HTTPThreadGroup-5, WRITE: TLSv1 Application Data, length = 2175
09/04/05 17:36:40 HTTPThreadGroup-4, READ: TLSv1 Application Data, length = 572
09/04/05 17:36:40 HTTPThreadGroup-4, WRITE: TLSv1 Application Data, length = 288
09/04/05 17:36:40 HTTPThreadGroup-4, WRITE: TLSv1 Application Data, length = 8531
09/04/05 17:36:31 HTTPThreadGroup-6, WRITE: TLSv1 Handshake, length = 74
09/04/05 17:36:31 HTTPThreadGroup-6, WRITE: TLSv1 Change Cipher Spec, length = 1
09/04/05 17:36:31 *** Finished
09/04/05 17:36:31 verify_data: { 72, 81, 73, 209, 19, 180, 203, 41, 196, 20, 133, 206 }
09/04/05 17:36:31 ***
09/04/05 17:36:31 HTTPThreadGroup-6, WRITE: TLSv1 Handshake, length = 32
09/04/05 17:36:31 HTTPThreadGroup-6, READ: TLSv1 Change Cipher Spec, length = 1
09/04/05 17:36:31 HTTPThreadGroup-6, READ: TLSv1 Handshake, length = 32
09/04/05 17:36:31 *** Finished
09/04/05 17:36:31 verify_data: { 192, 244, 111, 12, 113, 174, 226, 171, 37, 22, 118, 17 }
09/04/05 17:36:31 ***
09/04/05 17:36:31 HTTPThreadGroup-6, READ: TLSv1 Application Data, length = 764
09/04/05 17:36:31 HTTPThreadGroup-6, WRITE: TLSv1 Application Data, length = 761
09/04/05 17:36:31 HTTPThreadGroup-6, WRITE: TLSv1 Application Data, length = 2176
Apr 5, 2009 5:36:31 PM oracle.oc4j.network.ServerSocketAcceptHandler$IdleHandlers closeIdleHandler
WARNING: Exception in SelectionKey cancel
java.lang.NullPointerException
at oracle.oc4j.network.ServerSocketAcceptHandler$IdleHandlers.closeIdleHandler(ServerSocketAcceptHandler.java:583)
at oracle.oc4j.network.ServerSocketAcceptHandler$IdleHandlers.expireHandlers(ServerSocketAcceptHandler.java:604)
at oracle.oc4j.network.ServerSocketAcceptHandler.selectorThreadHouseKeeping(ServerSocketAcceptHandler.java:217)
at oracle.oc4j.network.NIOServerSocketDriver.selfHouseKeeping(NIOServerSocketDriver.java:129)
at oracle.oc4j.network.NIOServerSocketDriver.run(NIOServerSocketDriver.java:149)
at com.evermind.server.http.HttpConnectionListener.run(HttpConnectionListener.java:294)
at com.evermind.util.ReleasableResourcePooledExecutor$MyWorker.run(ReleasableResourcePooledExecutor.java:298)
at java.lang.Thread.run(Thread.java:619)
09/04/05 17:36:31 SystemThreadGroup-6, called close()
09/04/05 17:36:31 SystemThreadGroup-6, called closeInternal(true)
09/04/05 17:36:32 HTTPThreadGroup-4, READ: TLSv1 Application Data, length = 572
09/04/05 17:36:32 HTTPThreadGroup-4, WRITE: TLSv1 Application Data, length = 288
09/04/05 17:36:32 HTTPThreadGroup-4, WRITE: TLSv1 Application Data, length = 8531
09/04/05 17:36:33 HTTPThreadGroup-5, READ: TLSv1 Application Data, length = 868
09/04/05 17:36:33 HTTPThreadGroup-5, READ: TLSv1 Application Data, length = 494
09/04/05 17:36:33 HTTPThreadGroup-5, WRITE: TLSv1 Application Data, length = 293
09/04/05 17:36:33 HTTPThreadGroup-5, WRITE: TLSv1 Application Data, length = 19
09/04/05 17:36:33 HTTPThreadGroup-5, WRITE: TLSv1 Application Data, length = 18
09/04/05 17:36:33 HTTPThreadGroup-5, WRITE: TLSv1 Application Data, length = 316
09/04/05 17:36:33 HTTPThreadGroup-5, WRITE: TLSv1 Application Data, length = 18
09/04/05 17:36:33 HTTPThreadGroup-5, WRITE: TLSv1 Application Data, length = 21
09/04/05 17:36:33 HTTPThreadGroup-6, READ: TLSv1 Application Data, length = 753
09/04/05 17:36:33 HTTPThreadGroup-6, WRITE: TLSv1 Application Data, length = 755
09/04/05 17:36:33 HTTPThreadGroup-6, WRITE: TLSv1 Application Data, length = 2494

Configure JAAS login module stack to support x.509 certificates without SSL

I want to use x.509 certificates for authentication against a EP 7.0 but I dont want to have SSL traffic on the network segment where the portal resides. Obviously the SSL must be terminated in an application gateway that sends the certificate to the portal in the header.
I know that AcceptClientCertWithoutSSL must be set to true in the http provider and that ClientCertificateHeaderName is the name of the header variable that contains the users certificate, default is SSL_CLIENT_CERT.
What I dont know is how to configure my JAAS login module stack, my suggestion would be this:
EvaluateTicketLoginModule SUFFICIENT {ume.configuration.active=true}
ClientCertLoginModule OPTIONAL {Rule1.getUserFrom=SSL_CLIENT_CERT}
CreateTicketLoginModule SUFFICIENT {ume.configuration.active=true}
BasicPasswordLoginModule REQUISITE {}
CertPersisterLoginModule OPTIONAL {Rule1.getUserFrom=SSL_CLIENT_CERT}
CreateTicketLoginModule SUFFICIENT {ume.configuration.active=true}
My concern is does the ClientCertLoginModule and the CertPersisterLoginModule read from the header variable? If they dont, is there another login module that should be used in this case?

Hi Claus,
you got the flags right but the options of the login modules (LM) are wrong, so the certificate authentication won't work.
There's two problems I see: (1) Rule1.getUserFrom is not a valid option for the LM CertPersisterLoginModule, and (2) SSL_CLIENT_CERT is not a valid value for the option Rule1.getUserFrom of the ClientCertLoginModule.
Looking at this topic:
http://help.sap.com/saphelp_nw2004s/helpdata/en/ea/301e3e6217b40be10000000a114084/content.htm
the header variable used to pass the certificate is maintained in the HTTP provider service properties but since you use the default you don't need to maintain that part of the config. You also don't need the CertPersisterLoginModule in the config because it is used for automatic certificate mapping, which doesn't work when you don't have SSL to the portal.
So with the above said your LM stack config should look like this:
EvaluateTicketLoginModule SUFFICIENT {ume.configuration.active=true}
ClientCertLoginModule OPTIONAL {Rule1.getUserFrom=wholeCert}
CreateTicketLoginModule SUFFICIENT {ume.configuration.active=true}
BasicPasswordLoginModule REQUISITE {}
CreateTicketLoginModule SUFFICIENT {ume.configuration.active=true}
If this doesn't work I'd suggest opening a support ticket.
Regards,
Yonko

Create new JAAS login module & have to deploy in OC4J

Dear Experts,
Is it possible to create number of user roles under the group oc4jadmin. Then have to assign task for each user in group. please suggest me.
Thanks,
Rajesh
Edited by: Rajesh A on Mar 12, 2009 10:15 AM
Edited by: Rajesh A on Mar 12, 2009 6:48 PM

h5. James,Anirudh
Is it possible to define new JAAS module that would first check with Oracle DB & then check with LDAP directory. Actually my requirement was to authenticate user with the help of backends. Here backend denotes both Oracle DB & LDAP. In the sense when user enters valid id & password it checks for existence in DB & if exist DB returns a new value (role) then have to check new value with LDAP( what are the privileges available for specified role & who is the superior for the same). The details maintaining in LDAP are dynamic so we cant able to move into DB. Every process involving here is automatic in the sense no external server connection should provide for authentication. The custom login module should be deploy in same OC4J container. Always available as service. I want to know about the following
1) How to define costom JAAS login module
2) How to configure coutom JAAS login module over OC4J
3) How to make use of it
Thanks,
Rajesh

How to configure OC4J using RMI/IIOP with SSL

Any help?
I just mange configure the OC4J using RMI/IIOP but base on
But when I follow further to use RMI/IIOP with SSL I face the problem with: javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?
p/s: I use self generate keystore which should be ok as I can use it for https connection.
Any one can help?
Below is the OC4J log:
D:\oc4j\j2ee\home>java -Djavax.net.debug=all -DGenerateIIOP=true -Diiop.runtime.debug=true -jar oc4j.jar
05/02/23 16:43:16 ================ IIOPServerExtensionProvider.preInitApplicationServer
05/02/23 16:43:38 ================= IIOPServerExtensionProvider.postInitApplicationServer
05/02/23 16:43:38 ================== config = {SEPS={IIOP={ssl-port=5556, port=5555, ssl=true, trusted-clients=*, ssl-client-server-auth-port=5557, keystore=D:\\oc4j\\j2ee\\home\\server.keystore, keystore-password=123456, truststore=D:\\oc4j\\j2ee\\home\\server.keystore, truststore-password=123456, ClassName=com.oracle.iiop.server.IIOPServerExtensionProvider, host=localhost}}}
05/02/23 16:43:38 ================== server.getAttributes() = {threadPool=com.evermind.server.ApplicationServerThreadPool@968fda}
05/02/23 16:43:38 ================== pool: null
05/02/23 16:43:38 ====================== In startServer ...
05/02/23 16:43:38 ==================== Creating an IIOPServer ...
05/02/23 16:43:38 ========= IIOP server being initialized
05/02/23 16:43:38 SSL port: 5556
05/02/23 16:43:38 SSL port 2: 5557
05/02/23 16:43:43 com.sun.corba.ee.internal.iiop.GIOPImpl(Thread[Orion Launcher,5,main]): getEndpoint(IIOP_CLEAR_TEXT, 5555, null)
05/02/23 16:43:43 com.sun.corba.ee.internal.iiop.GIOPImpl(Thread[Orion Launcher,5,main]): createListener( socketType = IIOP_CLEAR_TEXT port = 5555 )
05/02/23 16:43:44 com.sun.corba.ee.internal.iiop.GIOPImpl(Thread[Orion Launcher,5,main]): getEndpoint(SSL, 5556, null)
05/02/23 16:43:44 com.sun.corba.ee.internal.iiop.GIOPImpl(Thread[Orion Launcher,5,main]): createListener( socketType = SSL port = 5556 )
05/02/23 16:43:45 ***
05/02/23 16:43:45 found key for : mykey
05/02/23 16:43:45 chain [0] = [
Version: V1
Subject: CN=Server, OU=Bar, O=Foo, L=Some, ST=Where, C=UN
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
Key: SunJSSE RSA public key:
public exponent:
010001
modulus:
b1239fff 2ae5d31d b01a0cfb 1186bae0 bbc7ac41 94f24464 e92a7e33 6a5b0844
109e30fb d24ad770 99b3ff86 bd96c705 56bf2e7a b3bb9d03 40fdcc0a c9bea9a1
c21395a4 37d8b2ce ff00eb64 e22a6dd6 97578f92 29627229 462ebfee 061c99a4
1c69b3a0 aea6a95b 7ed3fd89 f829f17e a9362efe ccf8034a 0910989a a8573305
Validity: [From: Wed Feb 23 15:57:28 SGT 2005,
To: Tue May 24 15:57:28 SGT 2005]
Issuer: CN=Server, OU=Bar, O=Foo, L=Some, ST=Where, C=UN
SerialNumber: [ 421c3768]
Algorithm: [MD5withRSA]
Signature:
0000: 34 F4 FA D4 6F 23 7B 84 30 42 F3 5C 4B 5E 18 17 4...o#..0B.\K^..
0010: 73 69 73 A6 BF 9A 5D C0 67 8D C3 56 DF A9 4A AC sis...].g..V..J.
0020: 88 AF 24 28 C9 39 16 22 29 81 01 93 86 AA 1A 5D ..$(.9.")......]
0030: 07 89 26 22 91 F0 8F DE E1 4A CF 17 9A 02 51 7D ..&".....J....Q.
0040: 92 D3 6D 9B EF 5E C1 C6 66 F9 11 D4 EB 13 8F 17 ..m..^..f.......
0050: E7 66 58 9F 6C B0 60 7C 39 B4 E0 B7 04 A7 7F A6 .fX.l.`.9.......
0060: 4D A5 89 E7 F4 8A DC 59 B4 E7 A5 D4 0A 35 9A F1 M......Y.....5..
0070: A2 CD 3A 04 D6 8F 16 B1 9E 6F 34 40 E8 C0 47 03 ..:[email protected].
05/02/23 16:43:45 ***
05/02/23 16:43:45 adding as trusted cert:
05/02/23 16:43:45 Subject: CN=Client, OU=Bar, O=Foo, L=Some, ST=Where, C=UN
05/02/23 16:43:45 Issuer: CN=Client, OU=Bar, O=Foo, L=Some, ST=Where, C=UN
05/02/23 16:43:45 Algorithm: RSA; Serial number: 0x421c3779
05/02/23 16:43:45 Valid from Wed Feb 23 15:57:45 SGT 2005 until Tue May 24 15:57:45 SGT 2005
05/02/23 16:43:45 adding as trusted cert:
05/02/23 16:43:45 Subject: CN=Server, OU=Bar, O=Foo, L=Some, ST=Where, C=UN
05/02/23 16:43:45 Issuer: CN=Server, OU=Bar, O=Foo, L=Some, ST=Where, C=UN
05/02/23 16:43:45 Algorithm: RSA; Serial number: 0x421c3768
05/02/23 16:43:45 Valid from Wed Feb 23 15:57:28 SGT 2005 until Tue May 24 15:57:28 SGT 2005
05/02/23 16:43:45 trigger seeding of SecureRandom
05/02/23 16:43:45 done seeding SecureRandom
05/02/23 16:43:45 com.sun.corba.ee.internal.iiop.GIOPImpl(Thread[Orion Launcher,5,main]): getEndpoint(SSL_MUTUALAUTH, 5557, null)
05/02/23 16:43:45 com.sun.corba.ee.internal.iiop.GIOPImpl(Thread[Orion Launcher,5,main]): createListener( socketType = SSL_MUTUALAUTH port = 5557 )
05/02/23 16:43:45 matching alias: mykey
matching alias: mykey
05/02/23 16:43:46 ORB created ..com.oracle.iiop.server.OC4JORB@65b738
05/02/23 16:43:47 com.sun.corba.ee.internal.corba.ClientDelegate(Thread[Orion Launcher,5,main]): invoke(ClientRequest) called
05/02/23 16:43:47 com.oracle.iiop.server.OC4JORB(Thread[Orion Launcher,5,main]): process: dispatching to scid 2
05/02/23 16:43:47 com.oracle.iiop.server.OC4JORB(Thread[Orion Launcher,5,main]): dispatching to sc [email protected]7
05/02/23 16:43:48 com.sun.corba.ee.internal.corba.ClientDelegate(Thread[Orion Launcher,5,main]): invoke(ClientRequest) called
05/02/23 16:43:48 com.oracle.iiop.server.OC4JORB(Thread[Orion Launcher,5,main]): process: dispatching to scid 2
05/02/23 16:43:48 com.oracle.iiop.server.OC4JORB(Thread[Orion Launcher,5,main]): dispatching to sc com.sun.corba.ee.internal.corba.ServerDelegate@9300cc
05/02/23 16:43:48 com.sun.corba.ee.internal.corba.ServerDelegate(Thread[Orion Launcher,5,main]): Entering dispatch method
05/02/23 16:43:48 com.sun.corba.ee.internal.corba.ServerDelegate(Thread[Orion Launcher,5,main]): Consuming service contexts, GIOP version: 1.2
05/02/23 16:43:48 com.sun.corba.ee.internal.corba.ServerDelegate(Thread[Orion Launcher,5,main]): Has code set context? false
05/02/23 16:43:48 com.sun.corba.ee.internal.corba.ServerDelegate(Thread[Orion Launcher,5,main]): Dispatching to servant
05/02/23 16:43:48 com.sun.corba.ee.internal.corba.ServerDelegate(Thread[Orion Launcher,5,main]): Handling invoke handler type servant
05/02/23 16:43:48 NS service created and started ..org.omg.CosNaming._NamingContextExtStub:IOR:000000000000002b49444c3a6f6d672e6f72672f436f734e616d696e672f4e616d696e67436f6e746578744578743a312e30000000000001000000000000007c000102000000000c31302e312e3231342e31310015b3000000000031afabcb0000000020d309e06a0000000100000000000000010000000c4e616d65536572766963650000000004000000000a0000000000000100000001000000200000000000010001000000020501000100010020000101090000000100010100
05/02/23 16:43:48 NS ior = ..IOR:000000000000002b49444c3a6f6d672e6f72672f436f734e616d696e672f4e616d696e67436f6e746578744578743a312e30000000000001000000000000007c000102000000000c31302e312e3231342e31310015b3000000000031afabcb0000000020d309e06a0000000100000000000000010000000c4e616d65536572766963650000000004000000000a0000000000000100000001000000200000000000010001000000020501000100010020000101090000000100010100
05/02/23 16:43:48 Oracle Application Server Containers for J2EE 10g (9.0.4.0.0) initialized
05/02/23 16:45:14 com.sun.corba.ee.internal.iiop.ConnectionTable(Thread[JavaIDL Listener,5,main]): Server getConnection(119e583[Unknown 0x0:0x0: Socket[addr=/127.0.0.1,port=1281,localport=5556]], SSL)
05/02/23 16:45:14 com.sun.corba.ee.internal.iiop.ConnectionTable(Thread[JavaIDL Listener,5,main]): host = 127.0.0.1 port = 1281
05/02/23 16:45:14 com.sun.corba.ee.internal.iiop.ConnectionTable(Thread[JavaIDL Listener,5,main]): Created connection Connection[type=SSL remote_host=127.0.0.1 remote_port=1281 state=ESTABLISHED]
com.sun.corba.ee.internal.iiop.MessageMediator(Thread[JavaIDL Reader for 127.0.0.1:1281,5,main]): Creating message from stream
05/02/23 16:45:14 JavaIDL Reader for 127.0.0.1:1281, handling exception: javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?
05/02/23 16:45:14 JavaIDL Reader for 127.0.0.1:1281, SEND TLSv1 ALERT: fatal, description = unexpected_message
05/02/23 16:45:14 JavaIDL Reader for 127.0.0.1:1281, WRITE: TLSv1 Alert, length = 2
05/02/23 16:45:14 JavaIDL Reader for 127.0.0.1:1281, called closeSocket()
05/02/23 16:45:14 com.sun.corba.ee.internal.iiop.ReaderThread(Thread[JavaIDL Reader for 127.0.0.1:1281,5,main]): IOException in createInputStream: javax.net.ssl.SSLException: Connection has been shutdown: javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?
05/02/23 16:45:14 javax.net.ssl.SSLException: Connection has been shutdown: javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?
05/02/23 16:45:14 at com.sun.net.ssl.internal.ssl.SSLSocketImpl.d(DashoA12275)
05/02/23 16:45:14 at com.sun.net.ssl.internal.ssl.AppInputStream.read(DashoA12275)
05/02/23 16:45:14 at com.sun.corba.ee.internal.iiop.messages.MessageBase.readFully(MessageBase.java:520)
05/02/23 16:45:14 at com.sun.corba.ee.internal.iiop.messages.MessageBase.createFromStream(MessageBase.java:58)
05/02/23 16:45:14 at com.sun.corba.ee.internal.iiop.MessageMediator.processRequest(MessageMediator.java:110)
05/02/23 16:45:14 at com.sun.corba.ee.internal.iiop.IIOPConnection.processInput(IIOPConnection.java:339)
05/02/23 16:45:14 at com.sun.corba.ee.internal.iiop.ReaderThread.run(ReaderThread.java:63)
05/02/23 16:45:14 Caused by: javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?
05/02/23 16:45:14 at com.sun.net.ssl.internal.ssl.InputRecord.b(DashoA12275)
05/02/23 16:45:14 at com.sun.net.ssl.internal.ssl.InputRecord.read(DashoA12275)
05/02/23 16:45:14 at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275)
05/02/23 16:45:14 at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(DashoA12275)
05/02/23 16:45:14 at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275)
05/02/23 16:45:14 ... 6 more
05/02/23 16:45:14 com.sun.corba.ee.internal.iiop.IIOPConnection(Thread[JavaIDL Reader for 127.0.0.1:1281,5,main]): purge_calls: starting: code = 1398079696 die = true
05/02/23 16:45:14 JavaIDL Reader for 127.0.0.1:1281, called close()
05/02/23 16:45:14 JavaIDL Reader for 127.0.0.1:1281, called closeInternal(true)
05/02/23 16:45:14 JavaIDL Reader for 127.0.0.1:1281, called close()
05/02/23 16:45:14 JavaIDL Reader for 127.0.0.1:1281, called closeInternal(true)
05/02/23 16:45:14 JavaIDL Reader for 127.0.0.1:1281, called close()
05/02/23 16:45:14 JavaIDL Reader for 127.0.0.1:1281, called closeInternal(true)
05/02/23 16:45:14 com.sun.corba.ee.internal.iiop.ConnectionTable(Thread[JavaIDL Reader for 127.0.0.1:1281,5,main]): DeleteConn called: host = 127.0.0.1 port = 1281

Good point, I do belive what you are referring to is this:
Any client, whether running inside a server or not, has EJB security properties. Table 15-2 lists the EJB client security properties controlled by the ejb_sec.properties file. By default, OC4J searches for this file in the current directory when running as a client, or in ORACLE_HOME/j2ee/home/config when running in the server. You can specify the location of this file explicitly with the system property setting -Dejb_sec_properties_location=pathname.
Table 15-2 EJB Client Security Properties
Property Meaning
# oc4j.iiop.keyStoreLoc
The path and name of the keystore. An absolute path is recommended.
# oc4j.iiop.keyStorePass
The password for the keystore.
# oc4j.iiop.trustStoreLoc
The path name and name of the truststore. An absolute path is recommended.
# oc4j.iiop.trustStorePass
The password for the truststore.
# oc4j.iiop.enable.clientauth
Whether the client supports client-side authentication. If this property is set to true, you must specify a keystore location and password.
# oc4j.iiop.ciphersuites
Which cipher suites are to be enabled. The valid cipher suites are:
TLS_RSA_WITH_RC4_128_MD5
SSL_RSA_WITH_RC4_128_MD5
TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA
TLS_RSA_EXPORT_WITH_RC4_40_MD5
SSL_RSA_EXPORT_WITH_RC4_40_MD5
TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA
SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA
nameservice.useSSL
Whether to use SSL when making the initial connection to the server.
client.sendpassword
Whether to send user name and password in clear form (unencrypted) in the service context when not using SSL. If this property is set to true, the user name and password are sent only to servers listed in the trustedServer list.
oc4j.iiop.trustedServers
A list of servers that can be trusted to receive passwords sent in clear form. This has no effect if client.sendpassword is set to false. The list is comma-delimited. Each entry in the list can be an IP address, a host name, a host name pattern (for example, *.example.com), or * (where "*" alone means that all servers are trusted.

OC4J: SSL & JAAS

Similar Messages

Maybe you are looking for