Report to write about Java Security

Hello
I'm doing a project for my studies; I'm investigating some points of java security (class loader, bytecoder verifier, security manager and applets). In the second part of my report, I would like to do some tests to show these functionalities in use.
Here is what I was think to implement
Security Manager
- Update the security manager; application can be very restricted - Or very free
Byte code verifier: I don't know how to test
Class loader: I don't know how to test
Applets
- Show the difference between local and downloaded code (On server vs applet)
Write the same code for both application. The only difference will be that one application will be downloaded; the other one run from the server.
- Show the difference between signed applet and untrusted applet
Write the same code for both applets. The only difference will be that just one applet we be signed.
- Possibilities on extending the sandbox. What can do an applet?
What do you think about these tests?
Do you have some ideas for my missing tests?
Thanks in advance
Romain

I would like to do some forbidden actions, to show how Java reacts.
Is it possible to change the bytecode? In order to raise an error from the bytecode verifier?
Actually, I would like to implements attacks, and Java would protect the application.
I hope you understand what I mean.

Similar Messages

About Java Security

Hi...I wrote a simple java class and want to execute it through script. I read about this security stuff to take care of. If I run my java class as a standalone application, there is no problem. But when executing it as an applet, I get huge chunk of errors. Then to debug the errors, I tried running the standalone application with security manager i.e.Run with same security as applet
java -Djava.security.manager MyClass
java -Djava.security.debug=help MyClass
I have a few questions:
1. If running the application with security manager has no problem does it mean that I will be able to execute the applet without problem? I noticed that though I can resolve the error in standalone application but I am still seeing errors when run as an applet.
2.Can someone tell me what is the difference between signing a jar file and creating access rights using policy tool? I thought Java Plug-in is meant to ensure uniformity in security deployment so does it mean that creating access rights using policy tool is sufficient? Is there still a need to import certificates into browser?
A million thanks!

If you are really running the application with the same security manager as an applet uses, then yes, whatever you can do in the app would work in the applet.
The signed jar provides a way of securing the jar file so that it can be determined that it comes from a trusted source and that the file hasn't been altered. Using a security policy to allow it to do normally disallowed actions does not provide that kind of security. The plug-in does provide uniformity (given the same JVM version) for many things, so one need not deal with bugs in a browser's built-in JVM (if one exists).
I would recommend using the signed applet anyway, because to do the security policy thing, the user has to alter it on their system. I don't believe you can just provide it with the applet itself, otherwise that's not a very secure system.

I have One Question about java security

In java.security file, there are many option...
(Ex) java.security
# Class to instantiate as the system Policy. This is the name of the class
# that will be used as the Policy object.
policy.provider=sun.security.provider.PolicyFile
but, I can't understand where "sun.security.provider.PolicyFile" class is located.
please, tell me where this class located, and How can I customized this PolicyFile

<waving the magic wand>
abracadabra
</waving the magic wand>
check up the rt.jar file and u will c the classes.
have fun

Java.security.AccessControlException: access denied (java.util.PropertyPerm

Hi All,
I try to run an applet from Solaris 8 server on some client machine using IE5 and NetScape 6.2 ( I installed JRE 1.4, I also try other JRE versions) but I get the following errors again and agian,
I even try to use appletviewer on the Solaris Box itself to open the applet but it makes no difference same errors
could somebody please help or give me a hint how should I start tracing what the problem might be ?
this applet comes with Solaris Bandwidth Manager as a gui administration tool ( webbased ) it supposed to change the configurations remotly over the web. I asure there is no solaris permission problem exist.
I use Tomcat on the server side.Installed JDK 1.3 on Solaris 8 with all the default settings.
i suppose something should be done with java.policy or java.security files i know nothing about java security please at least give me some URL's to find out more about this matter i searched a lot but couldn't find good documents about java default security restrictions
java.lang.ExceptionInInitializerError
at com.sun.ba.common.QConfiguration.loadPredefServices(QConfiguration.java:617)
at com.sun.ba.common.QConfiguration.getPredefServices(QConfiguration.java:630)
at com.sun.ba.tool.MainPanel.<init>(MainPanel.java:95)
at com.sun.ba.tool.QoSFrame.<init>(QoSFrame.java:48)
at com.sun.ba.tool.baApplet.init(baApplet.java:46)
at sun.applet.AppletPanel.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
Caused by: java.security.AccessControlException: access denied (java.util.PropertyPermission console read)
at java.security.AccessControlContext.checkPermission(Unknown Source)
at java.security.AccessController.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkPropertyAccess(Unknown Source)
at java.lang.System.getProperty(Unknown Source)
at com.sun.ba.common.QDebug.<clinit>(QDebug.java:39)
... 7 more
any help would be appriciated so much.
thanks
mehmad

I dont know, but It may be that an Applet can only access the local machine. ie. If you run the applet on computer A and you want to edit the config on computer B, I do not believe you can. The applet can only talk to Computer A. You would have to:
1) Run an application on computer A and the applet would tell the application what to change.
2)Maybe sign the applet in a JAR File
You will probably have to do #1.
US101

Java.security.AccessControlException: access denied (java.util.PropertyPer

Hi All,
I try to run an applet from Solaris 8 server on some client machine using IE5 and NetScape 6.2 ( I installed JRE 1.4, I also try other JRE versions) but I get the following errors again and agian,
I even try to use appletviewer on the Solaris Box itself to open the applet but it makes no difference same errors
could somebody please help or give me a hint how should I start tracing what the problem might be ?
this applet comes with Solaris Bandwidth Manager as a gui administration tool ( webbased ) it supposed to change the configurations remotly over the web. I asure there is no solaris permission problem exist.
I use Tomcat on the server side.Installed JDK 1.3 on Solaris 8 with all the default settings.
i suppose something should be done with java.policy or java.security files i know nothing about java security please at least give me some URL's to find out more about this matter i searched a lot but couldn't find good documents about java default security restrictions
java.lang.ExceptionInInitializerError
 at com.sun.ba.common.QConfiguration.loadPredefServices(QConfiguration.java:617)
 at com.sun.ba.common.QConfiguration.getPredefServices(QConfiguration.java:630)
 at com.sun.ba.tool.MainPanel.<init>(MainPanel.java:95)
 at com.sun.ba.tool.QoSFrame.<init>(QoSFrame.java:48)
 at com.sun.ba.tool.baApplet.init(baApplet.java:46)
 at sun.applet.AppletPanel.run(Unknown Source)
 at java.lang.Thread.run(Unknown Source)
Caused by: java.security.AccessControlException: access denied (java.util.PropertyPermission console read)
 at java.security.AccessControlContext.checkPermission(Unknown Source)
 at java.security.AccessController.checkPermission(Unknown Source)
 at java.lang.SecurityManager.checkPermission(Unknown Source)
 at java.lang.SecurityManager.checkPropertyAccess(Unknown Source)
 at java.lang.System.getProperty(Unknown Source)
 at com.sun.ba.common.QDebug.<clinit>(QDebug.java:39)
 ... 7 more
any help would be appriciated so much.
thanks
mehmad

Hi,
Please make changes in the java.security files present in the jdk1.3/lib/jre/security/java.security.There you make the changes in the property which gives you the error.See if this helps..
regards vickyk

Java Security Model for Web Apllication Security

Hi,
Any one can tell me about Java Security model used in web site protection. what are th eAPI's used to implement this model on Websites.
I am keen to know only about the Authentication and Authorization secutiry.
Thanks,
Vivek

Hi Ram, thanks for reply. I appreciate your comments.
This is a very interesting topic because we need to know how much flexibility we have in order to apply security policies to our services. After all, SOA is about flexibility (with appropriate level of control), isn't it? :-P
Option 1 (WSDL files) is a reasonable one. We could create "views" of the same service using ESB. But I'm concerned if this approach ("Security Oriented Views" of a service) can lead to difficulties in operational governance and appropriate discovery and reuse of the service.
Option 2 is also something to be concerned, as we could end up designing "Security Oriented Architecture" :-P
Option 3 (Customization through OAM) is also reasonable, but I don't know if this is really possible to achieve since OAM is mostly related to web resources. It would be nice if we had a chance to implement this in WSM instead.
Denis
Message was edited by:
[email protected]
Message was edited by:
[email protected]

Please help me , I am having java.security.AccessControlException

Hi,
Let me tell you may problem,
I have an application with its jar file build inside for eg in E:\Projects folder with the name MyApplication,
also I have build this application and its jar file whose name is MyApplication.jar is inside dist folder.
Well I go inside this folder and type this command as I have shown below;
E:\Projects\MyApplication> java -jar "MyApplication.jar"
there is no error every thing works fine, but if I go to the root folder and
type the command as I have shown below;
E:\>java -jar "E:\Projects\MyApplication\dist\MyApplication.jar"
I get the following error, tell me whats wrong;
checkPermission Line no:-1 java.security.AccessController.checkPermission(Unknown Source)
java.security.AccessControlException: access denied (java.io.FilePermission jint
egra.log write)
at java.security.AccessControlContext.checkPermission(Unknown Source)
at java.security.AccessController.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkWrite(Unknown Source)
at java.io.FileOutputStream.<init>(Unknown Source)
at java.io.FileOutputStream.<init>(Unknown Source)
at com.linar.jintegra.Log.logImmediately(Unknown Source)
at bis.opencontrol.opcconnector.CheckOPCServerOne.checkThisOPCServerAtTh
isIPaddress(CheckOPCServerOne.java:74)
at bis.opencontrol.opcconnector.CheckOPCServerOne.run(CheckOPCServerOne.
java:57)
at java.lang.Thread.run(Unknown Source)
at com.mysql.jdbc.Connection.<init>(Connection.java:716)
Feb 07,2009 8:12:51:212 PM|bis.opencontrol.opcconnector.CheckOPCServerOne.class(
120)|Thread-12| checkPermission Line no:-1 java.lang.SecurityManager.checkPermis
sion(Unknown Source)
java.security.AccessControlException: access denied (java.io.FilePermission jint
egra.log write)
at java.security.AccessControlContext.checkPermission(Unknown Source)
at java.security.AccessController.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkWrite(Unknown Source)
at java.io.FileOutputStream.<init>(Unknown Source)
at java.io.FileOutputStream.<init>(Unknown Source)
at com.linar.jintegra.Log.logImmediately(Unknown Source)
at bis.opencontrol.opcconnector.CheckOPCServerOne.checkThisOPCServerAtTh
isIPaddress(CheckOPCServerOne.java:74)
Well please help me I don't know whats wrong...

Reset Security Questions
http://support.apple.com/kb/ht5312
If you still have problem, call Apple to help reset your Security Question.
http://support.apple.com/kb/HT5699

HT1338 There is a lot of talk about the Java security issues and the ability to download a patch fix, do i need to do this or will software update pick this up for me?

There is a lot of talk about the Java security issues and the ability to download an apple patch fix, do i need to do this or will software update pick this up for me?

Thanks for that, how do I establish if I have Java installed as on Safari preferences it indicates the following
Web content - Enable Java
- Enable JavaScript

What to do about the recent Java security issue?

I am reading about the Java security issue. Do I need to do something with Safari?

Open Safari preferences, click on the Security icon in the toolbar. Uncheck the Enable Java option.

How can i deal with java.security.AccessControlException?

Hi all, I need to implement JavaMail using Servlet and deploy throught J2EE deployment tool. But when i test out the servlet i will always encounter this exception thrown. How can i solve this?
java.security.AccessControlException: access denied (java.util.PropertyPermission * read,write)
This is the servlet i am testing. Please advise. Thanks in advance!
* @(#)JavaMailServlet.java 1.3 99/12/06
* Copyright 1998, 1999 Sun Microsystems, Inc. All Rights Reserved.
* This software is the proprietary information of Sun Microsystems, Inc.
* Use is subject to license terms.
import java.io.*;
import java.util.*;
import java.text.*;
import javax.servlet.*;
import javax.servlet.http.*;
import javax.mail.*;
import javax.mail.internet.*;
import javax.activation.*;
* This is a servlet that demonstrates the use of JavaMail APIs
* in a 3-tier application. It allows the user to login to an
* IMAP store, list all the messages in the INBOX folder, view
* selected messages, compose and send a message, and logout.
* 
* Please note: This is NOT an example of how to write servlets!
* This is simply to show that JavaMail can be used in a servlet.
* 
* For more information on this servlet, see the
* JavaMailServlet.README.txt file.
* 
* For more information on servlets, see
* * http://java.sun.com/products/java-server/servlets/index.html
* @author Max Spivak
public class JavaMailServlet extends HttpServlet implements SingleThreadModel {
String protocol = "POP3";
String mbox = "INBOX";
* This method handles the "POST" submission from two forms: the
* login form and the message compose form. The login form has the
* following parameters: <code>hostname</code>, <code>username</code>,
* and <code>password</code>. The <code>send</code> parameter denotes
* that the method is processing the compose form submission.
public void doPost(HttpServletRequest req, HttpServletResponse res)
 throws ServletException, IOException {
// get the session
 HttpSession ssn = req.getSession(true);
 String send = req.getParameter("send");
String host = req.getParameter("hostname");
String user = req.getParameter("username");
String passwd = req.getParameter("password");
URLName url = new URLName(protocol, host, -1, mbox, user, passwd);
ServletOutputStream out = res.getOutputStream();
 res.setContentType("text/html");
 out.println("<html><body bgcolor=\"#CCCCFF\">");
 if (send != null) {
 // process message sending
 send(req, res, out, ssn);
 } else {
 // initial login
 // create
 MailUserData mud = new MailUserData(url);
 ssn.putValue("javamailservlet", mud);
 try {
 Properties props = System.getProperties();
 System.out.println("url");
 props.put("mail.smtp.host", host);
 Session session = Session.getDefaultInstance(props, null);
 session.setDebug(false);
 Store store = session.getStore(url);
 store.connect();
 Folder folder = store.getDefaultFolder();
 if (folder == null)
 throw new MessagingException("No default folder");
 folder = folder.getFolder(mbox);
 if (folder == null)
 throw new MessagingException("Invalid folder");
 folder.open(Folder.READ_WRITE);
 int totalMessages = folder.getMessageCount();
 Message[] msgs = folder.getMessages();
 FetchProfile fp = new FetchProfile();
 fp.add(FetchProfile.Item.ENVELOPE);
 folder.fetch(msgs, fp);
 // track who logged in
 System.out.println("Login from: " + store.getURLName());
 // save stuff into MUD
 mud.setSession(session);
 mud.setStore(store);
 mud.setFolder(folder);
 // splash
 out.print("<center>");
 out.print("");
 out.println("Welcome to JavaMail!</center>");
 // folder table
 out.println("<table width=\"50%\" border=0 align=center>");
 // folder name column header
 out.print("<tr><td width=\"75%\" bgcolor=\"#ffffcc\">");
 out.print("");
 out.println("FolderName</td> ");
 // msg count column header
 out.print("<td width=\"25%\" bgcolor=\"#ffffcc\">");
 out.print("");
 out.println("Messages</td> ");
 out.println("</tr>");
 // folder name
 out.print("<tr><td width=\"75%\" bgcolor=\"#ffffff\">");
 out.print("<a href=\"" + HttpUtils.getRequestURL(req) + "\">" +
 "Inbox" + "</a></td> ");
 // msg count
 out.println("<td width=\"25%\" bgcolor=\"#ffffff\">" +
 totalMessages + "</td>");
 out.println("</tr>");
 out.println("</table");
 } catch (Exception ex) {
 out.println(ex.toString());
 } finally {
 out.println("</body></html>");
 out.close();
* This method handles the GET requests for the client.
public void doGet (HttpServletRequest req, HttpServletResponse res)
 throws ServletException, IOException {
HttpSession ses = req.getSession(false); // before we write to out
ServletOutputStream out = res.getOutputStream();
 MailUserData mud = getMUD(ses);
 if (mud == null) {
 res.setContentType("text/html");
 out.println("<html><body>Please Login (no session)</body></html>");
 out.close();
 return;
 if (!mud.getStore().isConnected()) {
 res.setContentType("text/html");
 out.println("<html><body>Not Connected To Store</body></html>");
 out.close();
 return;
 // mux that takes a GET request, based on parameters figures
 // out what it should do, and routes it to the
 // appropriate method
 // get url parameters
 String msgStr = req.getParameter("message");
String logout = req.getParameter("logout");
 String compose = req.getParameter("compose");
 String part = req.getParameter("part");
 int msgNum = -1;
 int partNum = -1;
 // process url params
 if (msgStr != null) {
 // operate on message "msgStr"
 msgNum = Integer.parseInt(msgStr);
 if (part == null) {
 // display message "msgStr"
res.setContentType("text/html");
 displayMessage(mud, req, out, msgNum);
 } else if (part != null) {
 // display part "part" in message "msgStr"
 partNum = Integer.parseInt(part);
displayPart(mud, msgNum, partNum, out, res);
 } else if (compose != null) {
 // display compose form
 compose(mud, res, out);
} else if (logout != null) {
 // process logout
try {
mud.getFolder().close(false);
mud.getStore().close();
 ses.invalidate();
out.println("<html><body>Logged out OK</body></html>");
} catch (MessagingException mex) {
out.println(mex.toString());
 } else {
 // display headers
 displayHeaders(mud, req, out);
/* main method to display messages */
private void displayMessage(MailUserData mud, HttpServletRequest req,
 ServletOutputStream out, int msgNum)
 throws IOException {
 out.println("<html>");
out.println("<HEAD><TITLE>JavaMail Servlet</TITLE></HEAD>");
 out.println("<BODY bgcolor=\"#ccccff\">");
 out.print("<center>");
 out.println("Message " + (msgNum+1) + " in folder " +
 mud.getStore().getURLName() +
 "/INBOX</center>");
 try {
 Message msg = mud.getFolder().getMessage(msgNum);
 // first, display this message's headers
 displayMessageHeaders(mud, msg, out);
 // and now, handle the content
 Object o = msg.getContent();
 //if (o instanceof String) {
 if (msg.isMimeType("text/plain")) {
 out.println("<pre>");
 out.println((String)o);
 out.println("</pre>");
 //} else if (o instanceof Multipart){
 } else if (msg.isMimeType("multipart/*")) {
 Multipart mp = (Multipart)o;
 int cnt = mp.getCount();
 for (int i = 0; i < cnt; i++) {
 displayPart(mud, msgNum, mp.getBodyPart(i), i, req, out);
 } else {
 out.println(msg.getContentType());
 } catch (MessagingException mex) {
 out.println(mex.toString());
 out.println("</BODY></html>");
 out.close();
* This method displays a message part. <code>text/plain</code>
* content parts are displayed inline. For all other parts,
* a URL is generated and displayed; clicking on the URL
* brings up the part in a separate page.
private void displayPart(MailUserData mud, int msgNum, Part part,
 int partNum, HttpServletRequest req,
 ServletOutputStream out)
 throws IOException {
 if (partNum != 0)
 out.println("<hr>");
try {
 String sct = part.getContentType();
 if (sct == null) {
 out.println("invalid part");
 return;
 ContentType ct = new ContentType(sct);
 if (partNum != 0)
 out.println("Attachment Type: " +
 ct.getBaseType() + " ");
 if (ct.match("text/plain")) {
 // display text/plain inline
 out.println("<pre>");
 out.println((String)part.getContent());
 out.println("</pre>");
 } else {
 // generate a url for this part
 String s;
 if ((s = part.getFileName()) != null)
 out.println("Filename: " + s + " ");
 s = null;
 if ((s = part.getDescription()) != null)
 out.println("Description: " + s + " ");
 out.println("<a href=\"" +
 HttpUtils.getRequestURL(req) +
 "?message=" +
 msgNum + "&part=" +
 partNum + "\">Display Attachment</a>");
 } catch (MessagingException mex) {
 out.println(mex.toString());
* This method gets the stream from for a given msg part and
* pushes it out to the browser with the correct content type.
* Used to display attachments and relies on the browser's
* content handling capabilities.
private void displayPart(MailUserData mud, int msgNum,
 int partNum, ServletOutputStream out,
 HttpServletResponse res)
 throws IOException {
 Part part = null;
try {
 Message msg = mud.getFolder().getMessage(msgNum);
 Multipart mp = (Multipart)msg.getContent();
 part = mp.getBodyPart(partNum);
 String sct = part.getContentType();
 if (sct == null) {
 out.println("invalid part");
 return;
 ContentType ct = new ContentType(sct);
 res.setContentType(ct.getBaseType());
 InputStream is = part.getInputStream();
 int i;
 while ((i = is.read()) != -1)
 out.write(i);
 out.flush();
 out.close();
 } catch (MessagingException mex) {
 out.println(mex.toString());
* This is a utility message that pretty-prints the message
* headers for message that is being displayed.
private void displayMessageHeaders(MailUserData mud, Message msg,
 ServletOutputStream out)
 throws IOException {
 try {
 out.println("Date: " + msg.getSentDate() + " ");
Address[] fr = msg.getFrom();
if (fr != null) {
boolean tf = true;
out.print("From: ");
for (int i = 0; i < fr.length; i++) {
out.print(((tf) ? " " : ", ") + getDisplayAddress(fr));
tf = false;
out.println(" ");
Address[] to = msg.getRecipients(Message.RecipientType.TO);
if (to != null) {
boolean tf = true;
out.print("To: ");
for (int i = 0; i < to.length; i++) {
out.print(((tf) ? " " : ", ") + getDisplayAddress(to[i]));
tf = false;
out.println(" ");
Address[] cc = msg.getRecipients(Message.RecipientType.CC);
if (cc != null) {
boolean cf = true;
out.print("CC: ");
for (int i = 0; i < cc.length; i++) {
out.print(((cf) ? " " : ", ") + getDisplayAddress(cc[i]));
 cf = false;
out.println(" ");
 out.print("Subject: " +
 ((msg.getSubject() !=null) ? msg.getSubject() : "") +
 " ");
} catch (MessagingException mex) {
 out.println(msg.toString());
* This method displays the URL's for the available commands and the
* INBOX headerlist
private void displayHeaders(MailUserData mud,
 HttpServletRequest req,
ServletOutputStream out)
 throws IOException {
SimpleDateFormat df = new SimpleDateFormat("EE M/d/yy");
out.println("<html>");
out.println("<HEAD><TITLE>JavaMail Servlet</TITLE></HEAD>");
 out.println("<BODY bgcolor=\"#ccccff\"><hr>");
 out.print("<center>");
 out.println("Folder " + mud.getStore().getURLName() +
 "/INBOX</center>");
 // URL's for the commands that are available
 out.println("");
out.println("<a href=\"" +
 HttpUtils.getRequestURL(req) +
 "?logout=true\">Logout</a>");
out.println("<a href=\"" +
 HttpUtils.getRequestURL(req) +
 "?compose=true\" target=\"compose\">Compose</a>");
 out.println("");
 out.println("<hr>");
 // List headers in a table
out.print("<table cellpadding=1 cellspacing=1 "); // table
 out.println("width=\"100%\" border=1>"); // settings
 // sender column header
 out.println("<tr><td width=\"25%\" bgcolor=\"ffffcc\">");
 out.println("");
 out.println("Sender</td>");
 // date column header
 out.println("<td width=\"15%\" bgcolor=\"ffffcc\">");
 out.println("");
 out.println("Date</td>");
 // subject column header
 out.println("<td bgcolor=\"ffffcc\">");
 out.println("");
 out.println("Subject</td></tr>");
 try {
 Folder f = mud.getFolder();
 int msgCount = f.getMessageCount();
 Message m = null;
 // for each message, show its headers
 for (int i = 1; i <= msgCount; i++) {
m = f.getMessage(i);
 // if message has the DELETED flag set, don't display it
 if (m.isSet(Flags.Flag.DELETED))
 continue;
 // from
out.println("<tr valigh=middle>");
out.print("<td width=\"25%\" bgcolor=\"ffffff\">");
 out.println("" +
 ((m.getFrom() != null) ?
 m.getFrom()[0].toString() :
 "" ) +
 "</td>");
 // date
out.print("<td nowrap width=\"15%\" bgcolor=\"ffffff\">");
 out.println("" +
df.format((m.getSentDate()!=null) ?
 m.getSentDate() : m.getReceivedDate()) +
 "</td>");
 // subject & link
out.print("<td bgcolor=\"ffffff\">");
 out.println("" +
 "<a href=\"" +
 HttpUtils.getRequestURL(req) +
"?message=" +
i + "\">" +
((m.getSubject() != null) ?
 m.getSubject() :
 "No Subject") +
"</a>" +
"</td>");
out.println("</tr>");
 } catch (MessagingException mex) {
 out.println("<tr><td>" + mex.toString() + "</td></tr>");
 mex.printStackTrace();
 out.println("</table>");
 out.println("</BODY></html>");
 out.flush();
 out.close();
* This method handles the request when the user hits the
* Compose link. It send the compose form to the browser.
private void compose(MailUserData mud, HttpServletResponse res,
 ServletOutputStream out)
 throws IOException {
 res.setContentType("text/html");
 out.println(composeForm);
 out.close();
* This method processes the send request from the compose form
private void send(HttpServletRequest req, HttpServletResponse res,
 ServletOutputStream out, HttpSession ssn)
 throws IOException {
String to = req.getParameter("to");
 String cc = req.getParameter("cc");
 String subj = req.getParameter("subject");
 String text = req.getParameter("text");
 try {
 MailUserData mud = getMUD(ssn);
 if (mud == null)
 throw new Exception("trying to send, but not logged in");
 Message msg = new MimeMessage(mud.getSession());
 InternetAddress[] toAddrs = null, ccAddrs = null;
 if (to != null) {
 toAddrs = InternetAddress.parse(to, false);
 msg.setRecipients(Message.RecipientType.TO, toAddrs);
 } else
 throw new MessagingException("No \"To\" address specified");
 if (cc != null) {
 ccAddrs = InternetAddress.parse(cc, false);
 msg.setRecipients(Message.RecipientType.CC, ccAddrs);
 if (subj != null)
 msg.setSubject(subj);
 URLName u = mud.getURLName();
 msg.setFrom(new InternetAddress(u.getUsername() + "@" +
 u.getHost()));
 if (text != null)
 msg.setText(text);
 Transport.send(msg);
 out.println("<h1>Message sent successfully</h1></body></html>");
 out.close();
 } catch (Exception mex) {
 out.println("<h1>Error sending message.</h1>");
 out.println(mex.toString());
 out.println(" </body></html>");
// utility method; returns a string suitable for msg header display
private String getDisplayAddress(Address a) {
String pers = null;
String addr = null;
if (a instanceof InternetAddress &&
((pers = ((InternetAddress)a).getPersonal()) != null)) {
 addr = pers + " "+"<"+((InternetAddress)a).getAddress()+">";
} else
addr = a.toString();
return addr;
// utility method; retrieve the MailUserData
// from the HttpSession and return it
private MailUserData getMUD(HttpSession ses) throws IOException {
 MailUserData mud = null;
 if (ses == null) {
 return null;
 } else {
 if ((mud = (MailUserData)ses.getValue("javamailservlet")) == null){
 return null;
 return mud;
public String getServletInfo() {
return "A mail reader servlet";
* This is the HTML code for the compose form. Another option would
* have been to use a separate html page.
private static String composeForm = "<HTML><HEAD><TITLE>JavaMail Compose</TITLE></HEAD><BODY BGCOLOR=\"#CCCCFF\"><FORM ACTION=\"/servlet/JavaMailServlet\" METHOD=\"POST\"><input type=\"hidden\" name=\"send\" value=\"send\">JavaMail Compose Message<TABLE BORDER=\"0\" WIDTH=\"100%\"><TR><TD WIDTH=\"16%\" HEIGHT=\"22\"> To:</TD><TD WIDTH=\"84%\" HEIGHT=\"22\"><INPUT TYPE=\"TEXT\" NAME=\"to\" SIZE=\"30\"> (separate addresses with commas)</TD></TR><TR><TD WIDTH=\"16%\">CC:</TD><TD WIDTH=\"84%\"><INPUT TYPE=\"TEXT\" NAME=\"cc\" SIZE=\"30\"> (separate addresses with commas)</TD></TR><TR><TD WIDTH=\"16%\">Subject:</TD><TD WIDTH=\"84%\"><INPUT TYPE=\"TEXT\" NAME=\"subject\" SIZE=\"55\"></TD></TR><TR><TD WIDTH=\"16%\"> </TD><TD WIDTH=\"84%\"><TEXTAREA NAME=\"text\" ROWS=\"15\" COLS=\"53\"></TEXTAREA></TD></TR><TR><TD WIDTH=\"16%\" HEIGHT=\"32\"> </TD><TD WIDTH=\"84%\" HEIGHT=\"32\"><INPUT TYPE=\"SUBMIT\" NAME=\"Send\" VALUE=\"Send\"><INPUT TYPE=\"RESET\" NAME=\"Reset\" VALUE=\"Reset\"></TD></TR></TABLE></FORM></BODY></HTML>";
* This class is used to store session data for each user's session. It
* is stored in the HttpSession.
class MailUserData {
URLName url;
Session session;
Store store;
Folder folder;
public MailUserData(URLName urlname) {
 url = urlname;
public URLName getURLName() {
 return url;
public Session getSession() {
 return session;
public void setSession(Session s) {
 session = s;
public Store getStore() {
 return store;
public void setStore(Store s) {
 store = s;
public Folder getFolder() {
 return folder;
public void setFolder(Folder f) {
 folder = f;

You posted a thousand lines of badly-formatted code and didn't have the sense to say which one had the exception.
My guess is that it was this one:Session session = Session.getDefaultInstance(props, null);because that happened to me. I fixed it by calling getInstance instead of getDefaultInstance.
However if that isn't the problem, how about spending a few seconds to post a less useless question?

Java.security.InvalidKeyException: Illegal key size

Hi,
I have developed an adf application using jdeveloper 11g which hosts weblogic 10.3.3.0.
My adf application has to connect to an external application for credit card validation.
To achieve this i am using a HTTPURLConnection and passing the external address and attributes that has to be written to it.
The external application which i am trying to connect is secured starts with https://..
I get an error as soon i am trying to open the "connection.getOutputStream()".
Following is the error i am getting
<Oct 8, 2010 10:32:54 AM CDT> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "CN=T-TeleSec GlobalRoot Class 3,OU=T-Systems Trust Center,O=T-Systems Enterprise Services GmbH,C=DE". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
<Oct 8, 2010 10:32:54 AM CDT> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "CN=T-TeleSec GlobalRoot Class 2,OU=T-Systems Trust Center,O=T-Systems Enterprise Services GmbH,C=DE". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
<Oct 8, 2010 10:32:54 AM CDT> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "CN=GlobalSign,O=GlobalSign,OU=GlobalSign Root CA - R3". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
<Oct 8, 2010 10:32:54 AM CDT> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "OU=Security Communication RootCA2,O=SECOM Trust Systems CO.\,LTD.,C=JP". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
<Oct 8, 2010 10:32:54 AM CDT> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "CN=KEYNECTIS ROOT CA,OU=ROOT,O=KEYNECTIS,C=FR". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
java.security.InvalidKeyException: Illegal key size
 at javax.crypto.Cipher.a(DashoA13*..)
 at javax.crypto.Cipher.init(DashoA13*..)
 at javax.crypto.Cipher.init(DashoA13*..)
 at com.certicom.tls.provider.Cipher.init(Unknown Source)
 at com.certicom.tls.ciphersuite.SecurityParameters.createWriteCipher(Unknown Source)
 at com.certicom.tls.record.handshake.HandshakeHandler.changeCipherSpec(Unknown Source)
 at com.certicom.tls.record.handshake.ClientStateReceivedCertificate.handle(Unknown Source)
 at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessage(Unknown Source)
 at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessages(Unknown Source)
 at com.certicom.tls.record.MessageInterpreter.interpretContent(Unknown Source)
 at com.certicom.tls.record.MessageInterpreter.decryptMessage(Unknown Source)
 at com.certicom.tls.record.ReadHandler.processRecord(Unknown Source)
 at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
 at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown Source)
 at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown Source)
 at com.certicom.tls.record.WriteHandler.write(Unknown Source)
 at com.certicom.io.OutputSSLIOStreamWrapper.write(Unknown Source)
 at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:66)
 at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:124)The code i am using to connect to the external website is as follows.
 URL url;
 HttpURLConnection connection = null;
 try {
 //Create connection
 url = new URL(targetURL);
 connection = (HttpURLConnection)url.openConnection();
 connection.setRequestMethod("POST");
 connection.setRequestProperty("Content-Type", "application/x-www-form-urlencoded");
 connection.setRequestProperty("Content-Length", "" + Integer.toString(urlParameters.getBytes().length));
 connection.setRequestProperty("Content-Language", "en-US");
 connection.setUseCaches (false);
 connection.setDoOutput(true);
 DataOutputStream wr = new DataOutputStream (
 connection.getOutputStream ());
 wr.writeBytes (urlParameters);
 wr.flush ();
 wr.close ();
 //Get Response
 InputStream is = connection.getInputStream();
 System.out.println("after getting input stream");
 BufferedReader rd = new BufferedReader(new InputStreamReader(is));
 System.out.println("after BUffered reader");
 String line;
 StringBuffer response = new StringBuffer();
 System.out.println("after String buffer");
 while((line = rd.readLine()) != null) {
 response.append(line);
 response.append('\r');
 } rd.close();
 return response.toString();
 } catch (Exception e) {
 e.printStackTrace();
 return null;
 } finally {
 if(connection != null) {
 connection.disconnect();
 }I am currently totally clueless , i dont understand what steps should i take. Is this error due to some keystore stuff??
I even tried to replace the policy files in jre as per some blogs but it still does not work.
I have very limited knowledge of the security issues with weblogic , i will really appreciate if i can get any links or any help in this matter.
Thanks in advance
ash

The messages prior to the exception are very significant:
<Oct 8, 2010 10:32:54 AM CDT> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "CN=T-TeleSec GlobalRoot Class 3,OU=T-Systems Trust Center,O=T-Systems Enterprise Services GmbH,C=DE". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
<Oct 8, 2010 10:32:54 AM CDT> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "CN=T-TeleSec GlobalRoot Class 2,OU=T-Systems Trust Center,O=T-Systems Enterprise Services GmbH,C=DE". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
<Oct 8, 2010 10:32:54 AM CDT> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "CN=GlobalSign,O=GlobalSign,OU=GlobalSign Root CA - R3". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
<Oct 8, 2010 10:32:54 AM CDT> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "OU=Security Communication RootCA2,O=SECOM Trust Systems CO.\,LTD.,C=JP". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
<Oct 8, 2010 10:32:54 AM CDT> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "CN=KEYNECTIS ROOT CA,OU=ROOT,O=KEYNECTIS,C=FR". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
java.security.InvalidKeyException: Illegal key size
So there are at least 4 certificates in your server's truststore that are causing issues.
Is your weblogic server using CustomIdentityAndStandardTrust? If so, the the keystore is the $JAVA_HOME/jre/lib/security/cacerts
You should familiarize yourself with keytool ( in $JAVA_HOME/bin ) and consider removing entries from your trust store unless you absolutely need them and are willing to trust any cert signed by them. There's been a thread about some newer Certificate Authorities ( CAs ) that were included as part of a recent java upgrade which have caused similar "unknown OID" issues.
For your specific endpoint, you can use your browser to invoke the services' wsdl; this will cause your browser to fetch the certificate from that server
You can then see what CA is used to sign it. Then see whether that CA is in your truststore.
There is also a thread with a very simple class to test the SSL handshake:
Re: Use Server Cert in Managed server not working

Weblogic 8.1 JAAS login.configuration.provider from java.security does not seem to work?

We configure a custom implementation of the JAAS
javax.security.auth.login.Configuration class for our applications security
framework in JRE_LIB/security/java.security using the entry
login.configuration.provider=com.foo.SecurityConfiguration
However, this does not seem get picked up and the configuration provider
class instead seems to default to
weblogic.security.service.ServerConfiguration
instead.
Has anyone else seen this?
We're using the JDK bundled with Weblogic 8.1
TIA for your help

Thanks for all the posting re. this issue....
I think the way Weblogic implemented "support" for JAAS in 8.1 totally
blows. In fact, when I asked BEA support about this, they basically sent me
an email saying that "Weblogic owns the JAAS configuration" so if you have a
security framework that is application server agnostic, but leverages JAAS
then you are screwed when deploying on Weblogic 8.1.
I looked for a workaround and believe that instead of using an entry in
java.security for your custom configuration class, if you set the JVM
parameter
-Dlogin.configuration.provider=com.foo.SecurityConfiguration
then what happens is that the Weblogic custom class
weblogic.security.service.ServerConfiguration is invoked by JAAS. It tries
to load the login module configuration and if that fails, it delegates to
com.foo.SecurityConfiguration. So this should enable both the weblogic
security framework and a custom security framework that are both based on
JAAS
I'm currently testing this out
"Lloyd Fernandes" <[email protected]> wrote in message
news:[email protected]...
>
Robert Greig <[email protected]> wrote:
Lloyd Fernandes wrote:
"Lloyd Fernandes" <[email protected]> wrote:
"Prashant Nayak" <[email protected]> wrote:
We configure a custom implementation of the JAAS
javax.security.auth.login.Configuration class for our applications
security
framework in JRE_LIB/security/java.security using the entry
login.configuration.provider=com.foo.SecurityConfiguration
However, this does not seem get picked up and the configuration
provider
class instead seems to default to
weblogic.security.service.ServerConfiguration
instead.
Has anyone else seen this?
We're using the JDK bundled with Weblogic 8.1
TIA for your help
As per documentation in the API JAVADOCS forjavax.security.auth.login.Configuration
>>>>
>>>>
The default Configuration implementation can be changed by settingthe
value of
the "login.configuration.provider" security property (in the Java
security
properties
file) to the fully qualified name of the desired Configurationimplementation
class. The Java security properties file is located in the file named
<JAVA_HOME>/lib/security/java.security,
where <JAVA_HOME> refers to the directory where the JDK was installed.
Have you tried to use a startup class to set the configuration providerusing
javax.security.auth.login.setConfiguration(YourConfigClass);
Weblogic probably uses this to set the configuration class to it'sown.
You have to consider whether this is really something you want to do
however. If you want to get WLS to use a custom authenticator use its
SSPIs. You can configure the order etc. in the admin console.
By overriding the configuration you override it for the server as a
whole which can mean for example that you cannot login to the admin
console. Having said this, from memory, I believe that the property is
ignored in WLS. However you can still call
Configuration.setConfiguration if you really want to.
The fact that there is a "global static" in the Configuration class is
a
Bad Thing IMHO, that was never really designed for an app server
environment.
Robert
If it is a bad thing to have a static how come Weblogic uses it instead ofthe
standard way of modifying the property in java security file - it isbecause
weblogic wants it's own way of implementing instead of using using the'plugable
module' architecture of JAAS.
When weblogic advertised that it will support JAAS the impression was thatWeblogic
would provide a login module that will implement the security mechanism itwanted
- instead it went it's own way.
Also consider the following
1. JAAS specifies a mechanism for multiple configurations based on a'application'.
This is not possible in the current 'weblogic security mechanism'
2. Weblogic says it supports JAAS but what it does not tell you is that inorder
to use available login modules you have to write a whole bunch of code tosupport
principal validators and authenticators. (I begin to wonder if write oncedeploy
anywhere is not part of Sun's certification process anymore)

Java.security.cert.CertificateException

Hi,
I am using a JAVA client to connect to a https server which uses certificates for authentication.
The server uses gSOAP certificates for client authentication and encryption of messages.
I am using JSSE coming along with JDK1.6 and generated keystore file from client.pem and cacert.pem files used by the server.
I need to send SOAP messages with attachments.
I am using SAAJ API with JDK 1.6 .
When I try to connect to the server through javax.xml.soap.SOAPConnection, I am getting java.security.cert.CertificateException. Please see the exception below.
Note: Server is responding properly to SOAP UI tool(java testing tool) with certifcates authentication.
I have enabled debug option in SSL.
E:\test\properties\storefile.jks
keyStore is : E:\test\properties\storefile.jks
keyStore type is : jks
keyStore provider is :
init keystore
init keymanager of type SunX509
trustStore is: E:\test\properties\storefile.jks
trustStore type is : jks
trustStore provider is :
init truststore
adding as trusted cert:
Subject: [email protected], CN=genivia.com, OU=IT, O="Genivia, Inc.", L=Tallahassee, ST=FL, C=US
Issuer: [email protected], CN=genivia.com, OU=IT, O="Genivia, Inc.", L=Tallahassee, ST=FL, C=US
Algorithm: RSA; Serial number: 0x0
Valid from Sat Oct 02 22:38:06 IST 2004 until Tue Oct 02 22:38:06 IST 2007
adding as trusted cert:
Subject: [email protected], CN=localhost, OU=IT, O="Genivia, Inc.", L=Tallahassee, ST=FL, C=US
Issuer: [email protected], CN=genivia.com, OU=IT, O="Genivia, Inc.", L=Tallahassee, ST=FL, C=US
Algorithm: RSA; Serial number: 0x7
Valid from Sun Dec 25 01:01:53 IST 2005 until Wed Dec 24 01:01:53 IST 2008
adding as trusted cert:
Subject: [email protected], CN=localhost, OU=IT, O="Genivia, Inc.", L=Tallahassee, ST=FL, C=US
Issuer: [email protected], CN=genivia.com, OU=IT, O="Genivia, Inc.", L=Tallahassee, ST=FL, C=US
Algorithm: RSA; Serial number: 0x8
Valid from Sun Dec 25 01:03:13 IST 2005 until Wed Dec 24 01:03:13 IST 2008
trigger seeding of SecureRandom
done seeding SecureRandom
%% No cached client session
*** ClientHello, TLSv1
RandomCookie: GMT: 1155448094 bytes = { 120, 70, 246, 123, 195, 47, 61, 191, 223, 241, 23, 204, 98, 143, 212, 251, 80, 10, 100, 183, 82, 82, 215, 228, 212, 47, 68, 224 }
Session ID: {}
Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA]
Compression Methods: { 0 }
Thread-3, WRITE: TLSv1 Handshake, length = 73
Thread-3, WRITE: SSLv2 client hello message, length = 98
Thread-3, READ: TLSv1 Handshake, length = 74
*** ServerHello, TLSv1
RandomCookie: GMT: 1155531752 bytes = { 248, 141, 63, 154, 117, 213, 184, 250, 239, 237, 26, 225, 175, 38, 151, 65, 101, 127, 134, 46, 180, 80, 153, 133, 215, 120, 102, 11 }
Session ID: {100, 201, 98, 232, 113, 191, 163, 129, 1, 101, 251, 29, 233, 245, 144, 203, 231, 208, 202, 248, 160, 99, 84, 248, 86, 16, 235, 234, 20, 73, 231, 148}
Cipher Suite: SSL_RSA_WITH_RC4_128_MD5
Compression Method: 0
%% Created: [Session-1, SSL_RSA_WITH_RC4_128_MD5]
** SSL_RSA_WITH_RC4_128_MD5
Thread-3, READ: TLSv1 Handshake, length = 1868
*** Certificate chain
chain [0] = [
Version: V3
Subject: [email protected], CN=localhost, OU=IT, O="Genivia, Inc.", L=Tallahassee, ST=FL, C=US
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: Sun RSA public key, 1024 bits
modulus: 144881101064455404788814091404981462608080902688277626878350142057531273562236240952084735254146287262789443540177122740514352105900513219519909051335421867736741713195463254360663999239941476817345303119999799829037388457231058611674562175705514528085594563474765367007497034178272408363177194954006361904887
public exponent: 65537
Validity: [From: Sun Dec 25 01:03:13 IST 2005,
 To: Wed Dec 24 01:03:13 IST 2008]
Issuer: [email protected], CN=genivia.com, OU=IT, O="Genivia, Inc.", L=Tallahassee, ST=FL, C=US
SerialNumber: [ 08]
Certificate Extensions: 4
[1]: ObjectId: 2.16.840.1.113730.1.13 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 1F 16 1D 4F 70 65 6E 53 53 4C 20 47 65 6E 65 ....OpenSSL Gene
0010: 72 61 74 65 64 20 43 65 72 74 69 66 69 63 61 74 rated Certificat
0020: 65 e
[2]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 3D C1 C8 B5 19 17 C3 8C 12 64 3C 05 C3 22 EE 7B =........d<.."..
0010: BA 27 B4 C1 .'..
[3]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: E0 CC 88 8B 41 A0 21 4A A4 61 18 67 27 61 A0 C9 ....A.!J.a.g'a..
0010: 49 95 77 CA I.w.
[[email protected], CN=genivia.com, OU=IT, O="Genivia, Inc.", L=Tallahassee, ST=FL, C=US]
SerialNumber: [ 00]
[4]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:false
PathLen: undefined
Algorithm: [SHA1withRSA]
Signature:
0000: 6E D0 0E EC 85 EA A9 71 60 5D CB 13 3A 0C C2 C6 n......q`]..:...
0010: A1 92 15 14 2A BB 86 2A 1D 68 B1 4B 41 C0 0B FB ....*..*.h.KA...
0020: 35 C7 0F 6E 51 99 B3 25 95 4F 58 18 3D 73 F2 06 5..nQ..%.OX.=s..
0030: 18 63 40 21 A7 44 1D AB 46 DB DD 6C 20 7D 23 23 .c@!.D..F..l .##
0040: 08 84 92 CE 04 93 10 B3 CB 84 67 FD 3F 53 81 51 ..........g.?S.Q
0050: 25 60 EE D1 02 89 06 58 E6 E0 B4 C2 20 D8 E8 84 %`.....X.... ...
0060: 8A 4E 8D 59 62 67 33 4C 95 BD A3 F7 68 76 5E BA .N.Ybg3L....hv^.
0070: D9 84 3F 80 C8 1E 49 3A 59 D0 B4 74 9E 2D CD F6 ..?...I:Y..t.-..
chain [1] = [
Version: V3
Subject: [email protected], CN=genivia.com, OU=IT, O="Genivia, Inc.", L=Tallahassee, ST=FL, C=US
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: Sun RSA public key, 1024 bits
modulus: 106482211752195899275275639329238789380560290379431640534106480581317795742917955972475513891969031216742557266096088552725987675210922796797720103531106400345818891764659480805498923495886457178236281557583158652266656923442983245641013901721295378444704296581436391012531718274035287004196101203604693764023
public exponent: 65537
Validity: [From: Sat Oct 02 22:38:06 IST 2004,
 To: Tue Oct 02 22:38:06 IST 2007]
Issuer: [email protected], CN=genivia.com, OU=IT, O="Genivia, Inc.", L=Tallahassee, ST=FL, C=US
SerialNumber: [ 00]
Certificate Extensions: 3
[1]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: E0 CC 88 8B 41 A0 21 4A A4 61 18 67 27 61 A0 C9 ....A.!J.a.g'a..
0010: 49 95 77 CA I.w.
[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: E0 CC 88 8B 41 A0 21 4A A4 61 18 67 27 61 A0 C9 ....A.!J.a.g'a..
0010: 49 95 77 CA I.w.
[[email protected], CN=genivia.com, OU=IT, O="Genivia, Inc.", L=Tallahassee, ST=FL, C=US]
SerialNumber: [ 00]
[3]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:true
PathLen:2147483647
Algorithm: [SHA1withRSA]
Signature:
0000: 59 9B F6 45 7E 10 3C 79 3B 88 FB 74 B3 2E F7 4F Y..E..<y;..t...O
0010: 67 16 09 C1 2F 4E AC 7A 98 EA B4 12 08 6D 96 37 g.../N.z.....m.7
0020: 1A 70 A0 79 FC 4A A7 54 BA 21 FD 35 FE 67 55 EF .p.y.J.T.!.5.gU.
0030: D9 D9 18 99 5D 7A 03 3B EE DC F8 54 89 73 B8 86 ....]z.;...T.s..
0040: B3 FB 63 4E F8 6A 9B AF A1 2B 39 1F B7 50 63 AB ..cN.j...+9..Pc.
0050: 46 E1 F7 F5 A3 13 D4 3B F0 1D 8A 54 E4 65 3E 94 F......;...T.e>.
0060: 6D 5A 58 77 50 A7 CB 99 E7 2E 28 90 C8 37 67 D2 mZXwP.....(..7g.
0070: 19 E6 78 A3 91 49 E9 08 74 0E FA AF FC 16 B3 0B ..x..I..t.......
Feb 24, 2007 9:50:47 AM com.sun.xml.internal.messaging.saaj.client.p2p.HttpSOAPConnection post
SEVERE: SAAJ0009: Message send failed
com.sun.xml.internal.messaging.saaj.SOAPExceptionImpl: java.security.PrivilegedActionException: com.sun.xml.internal.messaging.saaj.SOAPExceptionImpl: Message send failed
 at com.sun.xml.internal.messaging.saaj.client.p2p.HttpSOAPConnection.call(Unknown Source)
 at SOAPConnector$1.run(SOAPConnector.java:145)
Caused by: java.security.PrivilegedActionException: com.sun.xml.internal.messaging.saaj.SOAPExceptionImpl: Message send failed
 at java.security.AccessController.doPrivileged(Native Method)Found trusted certificate:
Version: V3
Subject: [email protected], CN=localhost, OU=IT, O="Genivia, Inc.", L=Tallahassee, ST=FL, C=US
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: Sun RSA public key, 1024 bits
modulus: 144881101064455404788814091404981462608080902688277626878350142057531273562236240952084735254146287262789443540177122740514352105900513219519909051335421867736741713195463254360663999239941476817345303119999799829037388457231058611674562175705514528085594563474765367007497034178272408363177194954006361904887
public exponent: 65537
Validity: [From: Sun Dec 25 01:03:13 IST 2005,
 To: Wed Dec 24 01:03:13 IST 2008]
Issuer: [email protected], CN=genivia.com, OU=IT, O="Genivia, Inc.", L=Tallahassee, ST=FL, C=US
SerialNumber: [ 08]
Certificate Extensions: 4
[1]: ObjectId: 2.16.840.1.113730.1.13 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 1F 16 1D 4F 70 65 6E 53 53 4C 20 47 65 6E 65 ....OpenSSL Gene
0010: 72 61 74 65 64 20 43 65 72 74 69 66 69 63 61 74 rated Certificat
0020: 65 e
[2]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 3D C1 C8 B5 19 17 C3 8C 12 64 3C 05 C3 22 EE 7B =........d<.."..
0010: BA 27 B4 C1 .'..
[3]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: E0 CC 88 8B 41 A0 21 4A A4 61 18 67 27 61 A0 C9 ....A.!J.a.g'a..
0010: 49 95 77 CA I.w.
[[email protected], CN=genivia.com, OU=IT, O="Genivia, Inc.", L=Tallahassee, ST=FL, C=US]
SerialNumber: [ 00]
[4]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:false
PathLen: undefined
Algorithm: [SHA1withRSA]
Signature:
0000: 6E D0 0E EC 85 EA A9 71 60 5D CB 13 3A 0C C2 C6 n......q`]..:...
0010: A1 92 15 14 2A BB 86 2A 1D 68 B1 4B 41 C0 0B FB ....*..*.h.KA...
0020: 35 C7 0F 6E 51 99 B3 25 95 4F 58 18 3D 73 F2 06 5..nQ..%.OX.=s..
0030: 18 63 40 21 A7 44 1D AB 46 DB DD 6C 20 7D 23 23 .c@!.D..F..l .##
0040: 08 84 92 CE 04 93 10 B3 CB 84 67 FD 3F 53 81 51 ..........g.?S.Q
0050: 25 60 EE D1 02 89 06 58 E6 E0 B4 C2 20 D8 E8 84 %`.....X.... ...
0060: 8A 4E 8D 59 62 67 33 4C 95 BD A3 F7 68 76 5E BA .N.Ybg3L....hv^.
0070: D9 84 3F 80 C8 1E 49 3A 59 D0 B4 74 9E 2D CD F6 ..?...I:Y..t.-..
Thread-3, SEND TLSv1 ALERT: fatal, description = certificate_unknown
Thread-3, WRITE: TLSv1 Alert, length = 2
Thread-3, called closeSocket()
Thread-3, handling exception: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative names present
 ... 2 more
Caused by: com.sun.xml.internal.messaging.saaj.SOAPExceptionImpl: Message send failed
 at com.sun.xml.internal.messaging.saaj.client.p2p.HttpSOAPConnection.post(Unknown Source)
 at com.sun.xml.internal.messaging.saaj.client.p2p.HttpSOAPConnection$PriviledgedPost.run(Unknown Source)
 ... 3 more
Caused by: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative names present
 at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source)
 at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(Unknown Source)
 at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
 at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
 at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Unknown Source)
 at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown Source)
 at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown Source)
 at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Unknown Source)
 at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source)
 at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
 at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)
 at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)
 at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
 at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)
 at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(Unknown Source)
 at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(Unknown Source)
 ... 5 more
Caused by: java.security.cert.CertificateException: No subject alternative names present
 at sun.security.util.HostnameChecker.matchIP(Unknown Source)
 at sun.security.util.HostnameChecker.match(Unknown Source)
 at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkIdentity(Unknown Source)
 at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
 ... 17 more
CAUSE:
java.security.PrivilegedActionException: com.sun.xml.internal.messaging.saaj.SOAPExceptionImpl: Message send failed
 at java.security.AccessController.doPrivileged(Native Method)
 at com.sun.xml.internal.messaging.saaj.client.p2p.HttpSOAPConnection.call(Unknown Source)
 at SOAPConnector$1.run(SOAPConnector.java:145)
Caused by: com.sun.xml.internal.messaging.saaj.SOAPExceptionImpl: Message send failed
 at com.sun.xml.internal.messaging.saaj.client.p2p.HttpSOAPConnection.post(Unknown Source)
 at com.sun.xml.internal.messaging.saaj.client.p2p.HttpSOAPConnection$PriviledgedPost.run(Unknown Source)
 ... 3 more
Caused by: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative names present
 at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source)
 at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(Unknown Source)
 at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
 at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
 at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Unknown Source)
 at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown Source)
 at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown Source)
 at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Unknown Source)
 at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source)
 at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
 at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)
 at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)
 at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
 at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)
 at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(Unknown Source)
 at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(Unknown Source)
 ... 5 more
Caused by: java.security.cert.CertificateException: No subject alternative names present
 at sun.security.util.HostnameChecker.matchIP(Unknown Source)
 at sun.security.util.HostnameChecker.match(Unknown Source)
 at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkIdentity(Unknown Source)
 at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
 ... 17 more
CAUSE:
java.security.PrivilegedActionException: com.sun.xml.internal.messaging.saaj.SOAPExceptionImpl: Message send failed
 at java.security.AccessController.doPrivileged(Native Method)
 at com.sun.xml.internal.messaging.saaj.client.p2p.HttpSOAPConnection.call(Unknown Source)
 at SOAPConnector$1.run(SOAPConnector.java:145)
Caused by: com.sun.xml.internal.messaging.saaj.SOAPExceptionImpl: Message send failed
 at com.sun.xml.internal.messaging.saaj.client.p2p.HttpSOAPConnection.post(Unknown Source)
 at com.sun.xml.internal.messaging.saaj.client.p2p.HttpSOAPConnection$PriviledgedPost.run(Unknown Source)
 ... 3 more
Caused by: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative names present
 at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source)
 at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(Unknown Source)
 at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
 at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
 at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Unknown Source)
 at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown Source)
 at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown Source)
 at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Unknown Source)
 at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source)
 at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
 at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)
 at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)
 at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
 at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)
 at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(Unknown Source)
 at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(Unknown Source)
 ... 5 more
Caused by: java.security.cert.CertificateException: No subject alternative names present
 at sun.security.util.HostnameChecker.matchIP(Unknown Source)
 at sun.security.util.HostnameChecker.match(Unknown Source)
 at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkIdentity(Unknown Source)
 at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
 ... 17 more
Any help is appreciated.

did you find the solution for the issue i am using jscape now...

Java.security.cert.CertificateException: Untrusted Cert Chain

Hi all,
While sending transaction to our supplier I am facing below error, Actually Our trading partner has given .p7b cert, I converted it into base 64 and i m using in b2b server. I am doing the same with all the suppliers but I am facing issue with only this trading partner. I asked him to send a new trusted certificate but he said that he is having 100's of customers, all are using the same certficate.
Error
http.sender.timeout=0
2010.05.20 at 10:52:20:711: Thread-19: B2B - (DEBUG) scheme null userName null realm null
2010.05.20 at 10:52:22:159: Thread-19: B2B - (WARNING)
Message Transmission Transport Exception
Transport Error Code is OTA-HTTP-SEND-1006
StackTrace oracle.tip.transport.TransportException: [IPT_HttpSendHttpResponseError] HTTP response error :java.security.cert.CertificateException: Untrusted Cert Chain.
 at oracle.tip.transport.TransportException.create(TransportException.java:91)
 at oracle.tip.transport.basic.HTTPSender.send(HTTPSender.java:627)
 at oracle.tip.transport.b2b.B2BTransport.send(B2BTransport.java:311)
 at oracle.tip.adapter.b2b.transport.TransportInterface.send(TransportInterface.java:1034)
 at oracle.tip.adapter.b2b.msgproc.Request.outgoingRequestPostColab(Request.java:1758)
 at oracle.tip.adapter.b2b.msgproc.Request.outgoingRequest(Request.java:976)
 at oracle.tip.adapter.b2b.engine.Engine.processOutgoingMessage(Engine.java:1167)
 at oracle.tip.adapter.b2b.transport.AppInterfaceListener.onMessage(AppInterfaceListener.java:141)
 at oracle.tip.transport.basic.FileSourceMonitor.processMessages(FileSourceMonitor.java:903)
 at oracle.tip.transport.basic.FileSourceMonitor.run(FileSourceMonitor.java:317)
Caused by: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Untrusted Cert Chain
 at com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.a(DashoA12275)
 at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275)
 at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275)
 at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA12275)
 at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA12275)
 at com.sun.net.ssl.internal.ssl.SunJSSE_ax.a(DashoA12275)
 at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275)
 at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(DashoA12275)
 at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275)
 at com.sun.net.ssl.internal.ssl.AppOutputStream.write(DashoA12275)
 at java.io.ByteArrayOutputStream.writeTo(ByteArrayOutputStream.java:112)
 at HTTPClient.HTTPConnection.sendRequest(HTTPConnection.java:3018)
 at HTTPClient.HTTPConnection.handleRequest(HTTPConnection.java:2843)
 at HTTPClient.HTTPConnection.setupRequest(HTTPConnection.java:2635)
 at HTTPClient.HTTPConnection.Post(HTTPConnection.java:1107)
 at oracle.tip.transport.basic.HTTPSender.send(HTTPSender.java:590)
 ... 8 more
Caused by: java.security.cert.CertificateException: Untrusted Cert Chain
 at oracle.security.pki.ssl.C21.checkClientTrusted(C21)
 at oracle.security.pki.ssl.C21.checkServerTrusted(C21)
 at oracle.security.pki.ssl.C08.checkServerTrusted(C08)
 at com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(DashoA12275)
 ... 21 more
2010.05.20 at 10:52:22:164: Thread-19: B2B - (DEBUG) oracle.tip.adapter.b2b.transport.TransportInterface:send Error in sending message
2010.05.20 at 10:52:22:168: Thread-19: B2B - (INFORMATION) oracle.tip.adapter.b2b.msgproc.Request:outgoingRequestPostColab Request Message Transmission failed
2010.05.20 at 10:52:22:170: Thread-19: B2B - (DEBUG) DBContext beginTransaction: Enter
2010.05.20 at 10:52:22:173: Thread-19: B2B - (DEBUG) DBContext beginTransaction: Transaction.begin()
2010.05.20 at 10:52:22:176: Thread-19: B2B - (DEBUG) DBContext beginTransaction: Leave
2010.05.20 at 10:52:22:179: Thread-19: B2B - (DEBUG) oracle.tip.adapter.b2b.msgproc.Request:outgoingRequestPostColab [IPT_HttpSendHttpResponseError] HTTP response error :java.security.cert.CertificateException: Untrusted Cert Chain.
Untrusted Cert Chain
2010.05.20 at 10:52:22:226: Thread-19: B2B - (DEBUG) oracle.tip.adapter.b2b.engine.Engine:notifyApp retry value <= 0, so sending exception to IP_IN_QUEUE
2010.05.20 at 10:52:22:232: Thread-19: B2B - (DEBUG) Engine:notifyApp Enter
2010.05.20 at 10:52:22:248: Thread-19: B2B - (DEBUG) notifyApp:notifyApp Enqueue the ip exception message:
<Exception xmlns="http://integration.oracle.com/B2B/Exception" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<correlationId>543222</correlationId>
<b2bMessageId>543222</b2bMessageId>
<errorCode>AIP-50079</errorCode>
<errorText>Transport error: [IPT_HttpSendHttpResponseError] HTTP response error :java.security.cert.CertificateException: Untrusted Cert Chain.
Untrusted Cert Chain</errorText>
<errorDescription>
<![CDATA[Machine Info: (usmtnz-sinfwi02)Transport error: [IPT_HttpSendHttpResponseError] HTTP response error :java.security.cert.CertificateException: Untrusted Cert Chain.
Untrusted Cert Chain ]]>
</errorDescription>
<errorSeverity>2</errorSeverity>
</Exception>
2010.05.20 at 10:52:22:298: Thread-19: B2B - (DEBUG) Engine:notifyApp Exit
2010.05.20 at 10:52:22:301: Thread-19: B2B - (DEBUG) DBContext commit: Enter
2010.05.20 at 10:52:22:307: Thread-19: B2B - (DEBUG) DBContext commit: Transaction.commit()
2010.05.20 at 10:52:22:310: Thread-19: B2B - (DEBUG) DBContext commit: Leave
2010.05.20 at 10:52:22:313: Thread-19: B2B - (DEBUG) oracle.tip.adapter.b2b.msgproc.Request:outgoingRequest Exit
2010.05.20 at 10:52:22:317: Thread-19: B2B - (INFORMATION) oracle.tip.adapter.b2b.engine.Engine:processOutgoingMessage:
***** REQUEST MESSAGE *****
Exchange Protocol: AS2 Version 1.1
Transport Protocol: HTTPS
Unique Message ID: <543222@EMRSNS>
Trading Partner: ZZEASY_PROD
Message Signed: RSA
Payload encrypted: 3DES
Attachment: None

Hi CNU,
1st they has given me in .p7b certificateIs it a self-signed certificate? If no then do you have the CA certs as well?
Open the certificate by double clicking on it. If "Issued To" and "Issued By" fields are same then it is a self signed cert and you need to import only this cert (in base64 format) into wallet.
If it is not a self-signed cert then open the certificate and click on "Certification Path" tab. You should be able to see the issue's certificate here. Make sure that you have imported all issuers certificate along with your TP's cert in the wallet. Moreover, check that all the certs (TP cert and it's issuer cert's) are valid in terms of dates. You can see the "Certificate status" in "Certification Path" tab of certificate.
Please provide the certificate chain details here along with list of certs in wallet (you may mail it to my id as well - [email protected])
Regards,
Anuj

How do I call a 10g report from a jsp page securly?

How can I call a report from a jsp page securly? We are migrating from 10g forms to J2EE, and we want to keep using our reports. In forms we were able to do this using a cookie. How can I pass a users credentials to reports without the user having to connect to the database? Single Sign-on isn't an option either.
Thanks,
Jim

Hi Jim,
If you want to pass the user credentials to the report dynamically, then SSO (Single Sign-On) is the only option I can think of.
If the user credentials can be hard-coded, then the following 2 solutions are possible:
1. Use cgicmd.dat file, and write the user credentials in the file.
2. In your report JSP itself, you could write the following:
<rw:report id="report" parameters="userid=scott/tiger@mydb">
Navneet.

Report to write about Java Security

Similar Messages

Maybe you are looking for