Secure Login Client and Java

Similar Messages

• Secure login client is not working in VPN

  Hi,
  We have scenario where users connect to office network though VPN and access SSO. When users connect through VPN, users are not able to login in SLC and hence not receiving X.509 user certificate. It shows the following error when try to login in SLC.
  "There are currently no logon servers available to service the logon request"
  But the same SLC is working when users connect directly (ex LAN or WI-FI) to the network.
  We have enabled secure login client trace and found the below errors in the trace when user is connected through VPN.
  SLC trace file
  [2014.04.23 14:23:24.531][ERROR][sbus.exe            ][BASE        ][  6060] ERROR(0xA0100017) in CRYPT->sec_crypt_cipher_get_cipher_len(): An attribute is missing
  [2014.04.23 14:23:39.578][WARN ][sbus.exe            ][Kerberos    ][  6056] Getting kerberos ticket for 'HTTP/ssodev' with algorithm 23 returned error
  [2014.04.23 14:23:39.578][WARN ][sbus.exe            ][Kerberos    ][  6056]     0/C000005E There are currently no logon servers available to service the logon request.
  [2014.04.23 14:23:39.578][WARN ][sbus.exe            ][Kerberos    ][  6056] Getting kerberos ticket for 'HTTP/ssodev' with algorithm  3 returned error
  [2014.04.23 14:23:39.578][WARN ][sbus.exe            ][Kerberos    ][  6056]     0/C000005E There are currently no logon servers available to service the logon request.
  [2014.04.23 14:23:39.578][WARN ][sbus.exe            ][Kerberos    ][  6056] Getting kerberos ticket for 'HTTP/ssodev' failed (user name is [email protected])
  [2014.04.23 14:23:39.578][ERROR][sbus.exe            ][Kerberos    ][  6056] ERROR(0xA2600202) in KERBEROS->sec_kerberos_clientGetTicket(): No Kerberos ticket for the requested service
  [2014.04.23 14:23:39.578][ERROR][sbus.exe            ][Kerberos    ][  6056] ERROR(0xA2600202) in KERBEROS->sec_kerberos_spnego_CreateToken(): No Kerberos ticket for the requested service
  [2014.04.23 14:23:39.578][WARN ][sbus.exe            ][Kerberos    ][  6056] Getting kerberos ticket for 'HTTP/[email protected]' with algorithm 23 returned error
  [2014.04.23 14:23:39.578][WARN ][sbus.exe            ][Kerberos    ][  6056]     0/C000005E There are currently no logon servers available to service the logon request.
  [2014.04.23 14:23:39.578][WARN ][sbus.exe            ][Kerberos    ][  6056] Getting kerberos ticket for 'HTTP/[email protected]' with algorithm  3 returned error
  [2014.04.23 14:23:39.578][WARN ][sbus.exe            ][Kerberos    ][  6056]     0/C000005E There are currently no logon servers available to service the logon request.
  [2014.04.23 14:23:39.578][WARN ][sbus.exe            ][Kerberos    ][  6056] Getting kerberos ticket for 'HTTP/[email protected]' failed (user name is [email protected])
  [2014.04.23 14:23:39.578][ERROR][sbus.exe            ][Kerberos    ][  6056] ERROR(0xA2600202) in KERBEROS->sec_kerberos_clientGetTicket(): No Kerberos ticket for the requested service
  [2014.04.23 14:23:39.578][ERROR][sbus.exe            ][Kerberos    ][  6056] ERROR(0xA2600202) in KERBEROS->sec_kerberos_spnego_CreateToken(): No Kerberos ticket for the requested service
  [2014.04.23 14:28:38.171][TRACE][sbus.exe            ][sbusslogin.d][  6056] { CSecureLogin_Protocol_2_0::Send_DeleteSession
  Anyone suggest us to fix this issue.
  Regards,
  Yogesh Kumar D

  Hello,
  which kind of VPN do you use?
  Does this guarantee full network access to the domain servers?
  Is the VPN network IPv4 or IPv6 based?
  thanks for the information
  best regards
  Alexander Gimbel

• Security 2009-01 and Java release 8 - which first?

  Software update shows it's time for Security 2009-01 and Java Release 8. Java comes first on the list.
  I do updates via downloads from Apple and install later. Should I install the Java release first?
  Mrs H
  BTW - The updates for Security used to indicate "Client" or "Server". This one just indicates Tiger PPC, Intel Tiger, Server Tiger, Leopard Server etc - has Client gone by the wayside?

  Hi BDA,
  A Safe Boot will prevent most of those from interfering, btw, this G4 I did the Alphabetically...
  Alphabetically! Well, I'll be... I thought there was some secret significance here to the sequence - for example, you must do QT before iT.
  ...updating to had 5 Firewire Drives, 2 eSata Drives, 14 USB Devices besides the KB & Mouse, and four USB RAID Drives hooked up to it during the Updates... no problem here.
  So maybe I don't have to disconnect my modem? (I leave the printer disconnected anyway, so I can connect to whichever Mac I need for printing)
  Was that Klaus that told you that! (about points)? LOL
  No, just my own thinking.
  Yes indeed, thank you again, great news that you're getting more comfortable/knowledgeable about your Macs!
  And it's only taken 20 years of working with Macs to do that!
  Mrs H
  To see where my current frustrations/confusions/issues lie check out:
  http://discussions.apple.com/thread.jspa?threadID=1903870&tstart=0
  and
  http://discussions.apple.com/thread.jspa?threadID=1888621&tstart=0

• Secure Login Client 2.0 SP04 Silent Installtion

  Hi Experts,
  I would like to seek assistance with mass roll-out of the secure login client. Is it possible to perform silent installation of the secure login client?
  Thank you.
  Regards,
  Tom

  Hi Thomas,
  you may start SapSetupSLC.exe with parameter "/silent".
  This installs SecureLoginClient (SLC) with it's default settings (all components except "Secure Login Server Support").
  For a customized installation it's required to use the SAP Installation Server.
  If your company is using SAP GUI there is possibly an Installation Server in place. SAPGUI and SLC are "SAPSetup"-packages hence it's possibly to integrate SLC into the SAPGUI package and distribute them together.
  The Installation Server is also part of the SecureLoginClient package.
  After extracting SapSetupSLC.exe with command line:C:\> SapSetupSLC.exe /x:C:\slc
  you find SAP Setup Guide.pdf which describes ho to setup and configure the installation server.
  You also find useful hints in the Secure Login Implementation Guide
  chapter 2.1.1 Unattended Installation with SAPSetup Installation Server
  Grüße / Kind regards,
  Frank

• EWA does not report security notes missing and java systems

  Hello guys,
  Our early watch report don't contain section 7.1 with security notes missing in the system.
  We have solution manager 7.0 with ST-SER 700_2008_1 SP4.
  What do we need to configure so that ewa reports security notes missing?
  Another doubt, how can I get the list of security notes missing in java stack system like portal?
  thanks.
  regards,
  Filipe

  hello Filipe
  Below is a line from the SAP note 888889.
  "In the SAP EarlyWatch Alert report, the "Service Preparation Check" unit complains that Note 888889 is not implemented.  As a result, the check for security-relevant notes can only be carried out partially in the "Security" section."
  Looks like that could be the reason for that.
  For JAVA stack there is no note concept.
  Thanks & regards
  bala

• Secure login (T3S)- and subsequent switch to T3?

  We have a fat java client, EJB application.
  We want to secure our login against packet sniffer-type attackes.
  1. When I create a T3S connection- is the INITIAL message, containing
  username/password, encrypted?
  2. If it IS- we then want to switch back to a T3 connection, as
  our server probably won't support T3S for ALL app data. Having got a
  T3S connection, can I switch OFF the encryption? (If I then create
  a T3 connection, our problem reappears- I have to send the password
  over the network in such a way that it can be sniffed).
  Thanks
  Gavin GJ

  We have a fat java client, EJB application.
  We want to secure our login against packet sniffer-type attackes.
  1. When I create a T3S connection- is the INITIAL message, containing
  username/password, encrypted?
  2. If it IS- we then want to switch back to a T3 connection, as
  our server probably won't support T3S for ALL app data. Having got a
  T3S connection, can I switch OFF the encryption? (If I then create
  a T3 connection, our problem reappears- I have to send the password
  over the network in such a way that it can be sniffed).
  Thanks
  Gavin GJ

• Data transfer between C client and Java server

  Hello there
  I am working on a project where I have to develop a Client based on C and Server based on Java. The client can connect to Java server and it then sends a integer/string to Java server. But.. Java server unable to receive that and throws an IOException.
  I use write method to send the integer buffer to the socket.
  int out_buffer = 0;
  int *pbuf;
  pbuf = &out_buffer;
       if (write(acskfd, pbuf, 4)< 0){
                 syslog(LOG_ERR,"Write failed. %s(%d)", strerror(errno), errno);
                 printf("\tCLIENT:\tWrite failed\n");
                 exit(1);
  In Java, i use DatainputStream and readnInt method to read the integer from the stream.
  cl_sock = socket_out.accept();
  DataInputStream sInput =new DataInputStream(cl_sock.getInputStream()) ;
  int cmd = sInput.readInt();
  Am I missing someting.. Any suggestions would be really really helpful.
  Thanks
  Ithaca
  PS: I running both programs in the same machine.
  In C part, I also use host to network byte order conversion (serv_addr.sin_port = htons(portno).

  I would suggest writing a Java client to perform the same tasks as the C client.
  Then if the Java client does, or does not work this can help dteremine which end is at fault.
  Are you flushing your data from the client?

• UDP DatagramPacket sent between C (client) and Java (server)

  Hi,
  I have a problem sending a struct from C to Java UDP server.
  In the C (client) program, the struct is defined as
  typedef strurct dataType_s {
  char name[52];
  char add[52];
  long x;
  long y;
  } dataType;
  dataType data;
  strcpy(data.name, "sun");
  strcpy(data.add, "com");
  data.x = 100;
  data.y = 50;
  sendto(sock, (struct dataType*)&dataType, sizeof(dataType), (struct sockaddr*)&dest, sizeof(dest))
  In the Java server side, I have the following code.
  byte[] buffer = new Byte[1024];
  DatagramPacket packet = new DatagramPacket(buffer, 1024);
  udpSock.receive(buffer);
  byte[] data = buffer.getData();
  String name = new String(data, 0, 52);
  String add = new String(data, 52, 52);
  String _xx = new String(data, 104, 4);
  String _yy = new String(data, 108, 4);
  Byte x = new Byte(xx.getBytes());
  long x = _x.longValue();
  Byte y = new Byte(yy.getBytes());
  long y = _y.longValue();
  I am having problem to read the contents of x and y above. The string name and add received by the server
  are correct. However, I receive garbage value
  for x (long) and y (long). In fact, I get expection
  that I cannot create Byte x and Byte y as shown
  above. Any idea of how to send a mixture of types
  from C/C++ to Java server?
  Thanks a lot.
  Kelvin ([email protected])

  sendto(sock, (struct dataType*)&dataType,
  sizeof(dataType), (struct sockaddr*)&dest,
  sizeof(dest))You have to check the alignment of your structs. You can't be sure that a long takes up four bytes. It can very well be 8 bytes or something else depending on your settings at compilation.
  udpSock.receive(buffer);
  byte[] data = buffer.getData();I suppose this is a typo, but of course you should use packet not buffer here.
  >
  Byte x = new Byte(xx.getBytes());
  long x = _x.longValue();
  Byte y = new Byte(yy.getBytes());
  long y = _y.longValue();
  in my opinion its easier to use a DataInputStream instead:
  DataInputStream in = new DataInputStream(new ByteArrayInputStream(data));
  int y = in.readInt();
  Notice that a long in Java is 8 bytes. A C long corresponds to a Java int.
  /Per-Arne

• What's relation among prod client,login client and non-livecache-relevant?

  Experts:
  I have some questions about abve concepts:
  Can a production client be non-livecache-relevant?
  Can some clients that are livecache-relevant but not production client?
  How many production client are allowed for SCM (only one like other SAP products?)?
  Thanks!

  Hi,
  1) how to decide which clients should be livecache relevant?
  Ans: All the clients should have LiveCache. Because the data will be fetched from livecache, the database and livecace will be having data sincronized.
  2) how to decide which one should production client?
  Ans: If you are asking about the number of client then it can be any. If you are asking relevant to other testing and QA then the production server will be different from the other and wich connected to OLTP system and having all the relevant business data.
  3) how do I know a client is livecache-relevant Or not? Which place to verify?
  Ans: as said above all the clients are livecache relevant only. You can check in the Transaction code LC10
  We have a SCM PROD system with only one working client :001. We should never make it non-livecache-relevant, right?
  Ans: Yes. If livecahe is not installed then SCM system will not work. The data fetch from livecache only.
  When you save any data it stores in Livecache and Database.
  Regards,
  Kishore Reddy.

• Secure Login and trust between BO/BW

  Hi.
  We configured server-side trust between BO and BW using libsapcrypto library. All works fine.
  Now we installing Secure Login (SAP NetWeaver Single Sign-On) for SSO from SAP GUI based on Kerberos token. To configure Secure Login we need to modify profile parameters like
    snc/identity/as=p:CN=QBW, OU=Surgutasuneft, O=Surgutneftegas, C=RU
    snc/gssapi_lib=/sapmnt/QBW/exe/libsapcrypto.so
  which were in use by server-side trust between BO and BW. So when we modify them like in installation guide for Secure Login to this:
    snc/identity/as=p:CN=SAP/[email protected]
    snc/gssapi_lib=/usr/sap/QBW/DVEBMGS20/SLL/libsecgss.sl
  we can use SAP GUI SSO to BW but can't run reports from BO since we broke server-side trust.
  We tried many different variations of using these two libraries (including fully regenerating certificates both on BW and BO for server-side trust) but they all failed.
  Any suggestions of how we can activate SAP NetWeaver Single Sign-On on our BW systems, without breaking server-side trust between BW and BO?
  Thanks in advance
  wbr
  Stanislav

  Thanks, but this problem was resolved. Frane was very helpfull in solving this problem, but it was beyond the forum.
  He described the possibility of Secure Login Client that I did not know.
  Another possibility is implemented in Secure Login Client 1.0 SP02 Patch 03 and higher (current version is 1.0 SP03 Patch 02).
  Secure Login Client is able to “rebuild” the required SPN Name (in your example p:CN=SAP/[email protected]).
  This means if the X.509 certificate SNC name is p:CN=KerberosSSO à Secure Login Client will rebuild p:CN=SAP/[email protected]
  This works also if the X.509 certificate name is p:CN=KerberosSSO, OU=SAP Security, C=RU
  Maybe this solution integration is easier for You? You can use the transaction STRUST to create a self-signed certificate.
  Thanks again, Frane.

• Secure login to remote UNIX host and run a shell script

  Hi I am new to JAVA. I want to login to remote UNIX host from my application secure login (SSH) and run a shell script reside that remote host. Can any one let me know the way how to do it. If possible provide the code example.

  Runtime.exec with an ssh command (not really recommended).
  Much better, an SSH API (JSch, which needs JZlib, from http://www.jcraft.com/ is a good one).

• Intego Internet Security Barrier X6 and OS X's firewall

  Hi!
  This may be the wrong place ot ask this question, but I coundn't find any better.
  I'm wondering if the internet security program Intego Internet Security Barrier X6 works well with OS X's built-in firewall...
  I also wonder if it is recommended/neccesarly to use such software on a mac - but I guess there have become a lot of mac-user these days, that means more viruses/threaths.
  And, at last, I also wonder if other products than Intego's are "better"; such software as Norton and Kaspersky.
  Thanks!

  1. This comment applies to malicious software ("malware") that's installed unwittingly by the victim of a network attack. It does not apply to software, such as keystroke loggers, that may be installed deliberately by an intruder who has hands-on access to the victim's computer. That threat is in a different category, and there's no easy way to defend against it. If you have reason to suspect that you're the target of such an attack, you need expert help.
  2. All versions of OS X since 10.6.7 have been able to detect known Mac malware in downloaded files, and to block insecure web plugins. This feature is transparent to the user, but internally Apple calls it "XProtect." The malware recognition database is automatically updated once a day; however, you shouldn't rely on it, because the attackers are always at least a day ahead of the defenders.
  The following caveats apply to XProtect:
  It can be bypassed by some third-party networking software, such as BitTorrent clients and Java applets (see below.)
  It only applies to software downloaded from the network. Software installed from a CD or other media is not checked.
  3. Starting with OS X 10.7.5, there has been another layer of built-in malware protection, designated "Gatekeeper" by Apple. By default, applications and Installer packages downloaded from the network will only run if they're digitally signed by a developer with a certificate issued by Apple. Software certified in this way hasn't actually been tested by Apple (unless it comes from the Mac App Store), but you can be reasonably sure that it hasn't been modified by anyone other than the developer. His identity is known to Apple, so he could be held legally responsible if he distributed malware. For most practical purposes, applications recognized by Gatekeeper as signed can be considered safe.
  Gatekeeper has, however, the same limitations as XProtect, and in addition the following:
  It can easily be disabled or overridden by the user.
  A malware attacker could get control of a code-signing certificate under false pretenses, or could find some other way to evade Apple's controls.
  For more information about Gatekeeper, see this Apple Support article.
  4. Beyond XProtect and Gatekeeper, there’s no benefit, in most cases, from any other automated protection against malware. The first and best line of defense is always your own intelligence. All known malware circulating on the Internet that affects a fully-updated installation of OS X 10.6 or later takes the form of so-called "trojan horses," which can only have an effect if the victim is duped into running them. The threat therefore amounts to a battle of wits between you and the malware attacker. If you're smarter than he thinks you are, you'll win.
  That means, in practice, that you never use software that comes from an untrustworthy source. How do you know whether a source is trustworthy?
  Any website that prompts you to install a “codec,” “plug-in,” "player," "archive extractor," or “certificate” that comes from that same site, or an unknown one, is untrustworthy.
  A web operator who tells you that you have a “virus,” or that anything else is wrong with your computer, or that you have won a prize in a contest you never entered, is trying to commit a crime with you as the victim. (Some reputable websites did legitimately warn users who were infected with the "DNSChanger" malware. That exception to this rule no longer applies.)
  Pirated copies or "cracks" of commercial software, no matter where they come from, are unsafe.
  Software of any kind downloaded from a BitTorrent or from a Usenet binary newsgroup is unsafe.
  Software with a corporate brand, such as Adobe Flash Player, must be downloaded directly from the developer’s website. If it comes from any other source, it's unsafe.
  5. Java on the Web (not to be confused with JavaScript, to which it's not related, despite the similarity of the names) is a weak point in the security of any system. Java is, among other things, a platform for running complex applications in a web page, on the client. That was never a good idea, and Java's developers have had a lot of trouble implementing it without also creating a portal for malware to enter. Past Java exploits are the closest thing there has ever been to a Windows-style "virus" affecting OS X. Merely loading a page with malicious Java content could be harmful. Fortunately, Java on the Web is mostly extinct. Only a few outmoded sites still use it. Try to hasten the process of extinction by avoiding those sites, if you have a choice.
  Java is not included in OS X 10.7 and later. A separate Java installer is distributed by Apple, and another one by Oracle (the developer of Java.) Don't use either one unless you need it. Most people don't. If Java is installed, disable it — not JavaScript — in your browsers. In Safari, this is done by unchecking the box marked Enable Java in the Security tab of the preferences dialog.
  Regardless of version, experience has shown that Java on the Web can't be trusted. If you must use a Java applet for a specific task, enable Java only when needed for the task and disable it immediately when done. Close all other browser windows and tabs, and don't visit any other sites while Java is active. Never enable any version of Java on a public web page that carries third-party advertising. Use it, if at all, only on well-known, password-protected, secure business or government websites without ads. In Safari 6 or later, you'll see a lock icon in the address bar with the abbreviation "https" when visiting a secure site.
  Follow these guidelines, and you’ll be as safe from malware as you can reasonably be.
  6. Never install any commercial "anti-virus" or "Internet security" products for the Mac, as they all do more harm than good, if they do any good at all. If you need to be able to detect Windows malware in your files, use the free software ClamXav — nothing else.
  Why shouldn't you use commercial "anti-virus" products?
  Their design is predicated on the nonexistent threat that malware may be injected at any time, anywhere in the file system. Malware is downloaded from the network; it doesn't materialize from nowhere.
  In order to meet that nonexistent threat, the software modifies or duplicates low-level functions of the operating system, which is a waste of resources and a common cause of instability, bugs, and poor performance.
  By modifying the operating system, the software itself may create weaknesses that could be exploited by malware attackers.
  7. ClamXav doesn't have these drawbacks. That doesn't mean it's entirely safe. It may report email messages that have "phishing" links in the body, or Windows malware in attachments, as infected files, and offer to delete or move them. Doing so will corrupt the Mail database. The messages should be deleted from within the Mail application.
  ClamXav is not needed, and should not be relied upon, for protection against OS X malware. It's useful only for detecting Windows malware. Windows malware can't harm you directly (unless, of course, you use Windows.) Just don't pass it on to anyone else.
  A Windows malware attachment in email is usually easy to recognize. The file name will often be targeted at people who aren't very bright; for example:
  ♥♥♥♥♥♥♥♥♥♥♥♥♥♥!!!!!!!H0TBABEZ4U!!!!!!!.AVI♥♥♥♥♥♥♥♥♥♥♥♥♥♥.exe
  ClamXav may be able to tell you which particular virus or trojan it is, but do you care? In practice, there's seldom a reason to use ClamXav unless a network administrator requires you to run an anti-virus application.
  8. The greatest harm done by anti-virus software, in my opinion, is in its effect on human behavior. It does little or nothing to protect people from emerging threats, but they get a false sense of security from it, and then they may behave in ways that expose them to higher risk. Nothing can lessen the need for safe computing practices.
  9. It seems to be a common belief that the built-in Application Firewall acts as a barrier to infection, or prevents malware from functioning. It does neither. It blocks inbound connections to certain network services you're running, such as file sharing. It's disabled by default and you should leave it that way if you're behind a router on a private home or office network. Activate it only when you're on an untrusted network, for instance a public Wi-Fi hotspot, where you don't want to provide services. Disable any services you don't use in the Sharing preference pane. All are disabled by default.

• ABAP Client and J2EE client mismatch

  Hello,
  we detected mismatch between  default ABAP login client and J2EE client.
  Now we need to change J2EE client to default ABAP client.
  Its ABAP + JAVA installation and diff. occured after client copy.
  Can you please let us know where we need to change all setting for j2ee engine like default client for UME, sld etc.
  Best Regards,
  Tushar

  Hello. By default JAVA used the 001 client in ABAP+JAVA installation,  be cautious with change it.
  you can chage it through Config tool :
  http://help.sap.com/saphelp_nw70/helpdata/EN/0b/50ad3e1d1edc61e10000000a114084/frameset.htm
  or from UME --> configuration --> ABAP system. You need to read about change datasources :
  http://help.sap.com/saphelp_nw70/helpdata/EN/7e/a2d475e5384335a2b1b2d80e1a3a20/frameset.htm
  and about SAPJSF user.
  http://help.sap.com/saphelp_nw70/helpdata/EN/db/8b9b801df84aaaa76bdbcbc0b9725f/content.htm
  http://help.sap.com/saphelp_nw70/helpdata/EN/43/03e11edc6a6e99e10000000a11466f/content.htm
  Regards.

• Secure Login library

  Hi All,
  I want to implement single sign on using secure login. Secure login provides 3 components: secure login server,secure login library and secure login client.
  In installation guide it says that it is not necessary to install all components.This depends upon the use case scenarios.
  In my case it will be active directory using kerberos technology. So I have to install login library and login client. or any one of them.
  Please let me know.
  Regards,
  Josh

  Hi,
  please do the below steps
  Step1: Install SAP library on your local P.C.
  Step 2: Configure the sapdoc.ini
  Configure file sapdoc.ini with the entry as shown. This file exists on C:\Windows. If it is not found, create it using your favorite text editor.
  HtmlHelpFilePath-EN=<C:\Program Files\SAP\SAP ERP Central Component 5.0 English\HELPDATA\EN> : Path of SAP help where you installed it on your P.C.
  u2014-
  Step3: logon to sap dev system
              u2013> Execute the tcode SR13
              u2013> Click on the tab HtmlHelp file
              u2013 >Click on New entries Enter variant name (ECC5 if u r using SAP ECC5)
              -->Platform =Win32 if you are using xp
              -->Area =IWBHELP
              -->Path = http://help.sap.com Or path of the your server where SAP library is installed.
               Save it. Request Dialog prompts you to create request. Create Request.
              Transport the request to Quality & Production.
  Note: Entries in the file sapdoc.ini overwrites the settings present in SR13, if SAP library is not available on your local
  system, it starts from central location.
  Do you  want more details for this issue please find  below link
  http://www.scribd.com/doc/6213550/How-to-Setup-Sap-Library
  Regards,
  K.Ramamoorthy

• Socket communication between client and server

  Hi all,
  I am doing an assignment for communication between java client and java server using sockets. This communication is in the form of XML documents. I am facing a problem in this communication.
  Actually at Server side I'm creating an XML document(Document type object) using DocumentBuilderFactory in javax.xml.parsers package and transforming this Document into a stream using StreamResult.
  My code is :
  Transformer xmlTransformer = TransformerFactory.newInstance().newTransformer();
  StreamResult xmlString = new StreamResult(currentClientHandler.getSocketOutputStream());
  DOMSource xmlDocSource = new DOMSource(xmlDocument); // xmlDocument is Document type reference
  xmlTransformer.transform(xmlDocSource, xmlString);
  so, this xmlString(i.e. StreamResult) is passed directly into the output stream. Here I need to close() output stream after transform() call to help SAX parser to know about end of stream.
  Now at Client side, I am parsing this stream using SAX parser. It parses this correctly. But when sending some another data back to Server when client opens output stream, it given Socket closed exception. I know that closing input or output stream closes socket. But in my problem, I have to send data in streams and not by using files or byte[] etc.
  So what is nearest solution to problem ??
  Plz help me. Any kind of help will be greatly appreciated.

  hi
  thanks for ur reply.
  I didnt get any error msg while getting the back the datas.
  Actually i divided my application into two parts.
  My application will act as both server and client.
  server ll get the browser request and send to the client and the client will send that data to the c++ server.
  Im able to do that.and unable to get the data from server.
  Didnt get any error.
  can u tell me how to make an application to act as both client and server.
  I think im wrong in that part.
  thanks a lot