JSP :: Using Filters With Declarative Security Login

Nov 13, 2014

I've been building out a course lab project over the last few weeks, and at the time (with what we knew), it made sense to use a session level ResourceBundle to facilitate translations.

In order to validate if there is a session level ResourceBundle, I have a filter running (checking if the bundle exists, creating one if not, etc...).

The problem I now have is the final step of the project (the part most recently taught), is to add Declarative Security.

Of course, when that happens the login.jsp is called and the Filter doesn't run. It's not a problem for most scenarios, except for someone who bookmarks a link inside the secure part of the site. Then, the ResourceBundle doesn't exist and the login.jsp content that should be translated is "".

Is there a way to indicate via the web.xml that a specific Filter should be allowed before the login.jsp is displayed?

I imagine JSTL:FMT is probably the best solution, but we don't cover that until after the lab is due. I have a (messy) short-term solution of creating a temporary ResourceBundle in the login.jsp via a scriplet if the session scope ResourceBundle is null, but I was wondering if I missed something with the web.xml.

View Replies


ADVERTISEMENT

Filters Java Programming - Determine If Integer Is Not Divisible By Some Value

Apr 10, 2014

I am new to java and do not understand how to use filters very well. I need to write a code that determines if an integer is not divisible by some value. A filter also contains an upstream filter so that this filter can be part of a chain of filters.

View Replies View Related

Applets :: Won't Work Due To Security?

Feb 26, 2014

I have a simple applet that doesn't stray outside the sandbox. It used to work fine before Java 7 but now it craps out with security warnings. It does nothing but play a game, it doesn't even save the state of the game. This is the applet, it's a very simple chess program.

The warnings and popups I'm getting are:
activate javaTM platform SE 7U?allow now?activation blocked by security settings - I never changed any security settings and as I said, this applet stays firmly in the sandbox so I can't see what the issue is.Viewing the java error window I see

Java Plug-in 10.51.2.13
Using JRE version 1.7.0_51-b13 Java HotSpot(TM) Client VM
User home directory = C:UsersMike
----------------------------------------------------
c: clear console window
f: finalize objects on finalization queue
g: garbage collect
h: display this help message
l: dump classloader list
m: print memory usage
o: trigger logging

[code]....

why it shows the C:UsersMike directory in the above listing, there is no access to files etc.The applet plays fine if I run it in appletviewer.What do I need to do to make this simply work in anyone's browser? I have a similar problem with a (rather funky) Connect 4 program I wrote. It worked fine for years and then just stopped with the Java 7.

View Replies View Related

JSP :: Security Constraints When Connecting To Database?

Jan 29, 2015

I know that Servlets are meant to do the JDBC tasks, JSP are only for displaying the final information forwarded by the Servlet.

JSP are Servlets too, but I heard an idea that it is safer to make database operations in a Servlet.

The idea is that I have a few JSP that use JSTL tags to retrieve some database information. By doing this I was concerned that this may be bad design, though I really wanted to get in fit with the JSTL tags.

Are there any security weaknesses if doing some JDBC stuff in a JSP, by using JSTL or plain Java code in <%...%>?

P.S. In my JSP I only retrieve data, not modifying it.

View Replies View Related

JSP :: Providing Security To Webapp Folder

May 12, 2014

I have JSP application naming myProject ,which has been deployed in webapp folder in tomcat. I want to provide security for myProject folder. I mean, I want to protect it from copying by someone else. Is there any way to do the same. I tried by hiding the folder using one of hiding software, but when I do that, I was not able to access those files in web browser.

View Replies View Related

How To Force Outdated Java To Run Regardless Of Security

Jun 3, 2015

I wanna run apps using an outdated version of Java and not have it stop me for security certificates.

View Replies View Related

Change Java Security Settings

Dec 8, 2014

I have made a very simple Java applet.

<HTML>
<BODY>
<CENTER>
<APPLET CODE="HelloWorldApp.class" WIDTH="862" HEIGHT="512"></APPLET>
</CENTER>
</BODY>
</HTML>

But when i try to open it i get the message: Application Blocked. Click for details.

- The list i see doesn't work
- If i click Ignore nothing happens
- If i click reload nothing happens

When i read and search the net i have to change my java security settings. The security setting are HIGH and i cannot change that.But i can fill in an Exception Site List...The hello.html file is on my NAS : file:///X:/Lantronix/hello.html..I fill this in the exception Site list -> I get a message that it is a security risk to add this location.

View Replies View Related

Security (encrypt / Decrypt) Across Machines

Feb 12, 2014

I am using AES/CBC/PKCS5Padding algorithm to encrypt/decrypt, it works fine across machines, since i am not using a Facrtory to create the secret . I am using constant SecretKeySpec and iv for the ciphers. This of course heart the security , and doesn't prevent the "man of the middle" problem .

I saw that there are ways with key generation with MAC , and RSA symmetric encryption , but i am not sure how to implement it , and how to it depends on local certificates or files .

View Replies View Related

JavaFX 2.0 :: Security Exception When Executed Over Web

Oct 6, 2014

I have an FX application which invokes a REST JSON webservice. It works perfect if I run it standalone. But if I try to run it over browser, it throws java security exception.

It also works fine in web if I comment some lines that invokes the webservice (code that calls the webservice using jackson.)

Java version used is JDK 1.7u67
IE plugin version  : 7.0.670.1
 
Error log :
java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "accessDeclaredMembers")
at java.security.AccessControlContext.checkPermission(Unknown Source)
at java.security.AccessController.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkPermission(Unknown Source)

[Code] .....
 
Jnlp File:
<?xml version="1.0" encoding="utf-8"?>
<jnlp spec="1.0" xmlns:jfx="http://javafx.com" href="uibuilder.jnlp">
  <information>
    <title>UI Builder</title>
    <vendor>javafx.com</vendor>
    <description>XEye UI Builder</description>
 
[Code] ....

View Replies View Related

JRE :: Changing Default Security Levels

Dec 21, 2014

I have several Windows 7 Enterprise machines that have already been deployed via image and need to lower the security settings for use on internal web based applications.
 
Is there an easy way to manipulate the configuration (a file) so that I may simply make the changes by overwriting the current configuration settings instead of, having to go to each device, opening the Java console, and changing the security settings that way?
 
I have attempted to login as the machine administration, make the changes on the Java console with the hopes this configuration would have migrated to all user profiles that log into the PC. Is there a "public profile" configuration file I can change and if so, what should I do.

View Replies View Related

Client App To Consume Web Service With Security

Dec 15, 2014

I need to write a simple client to access a WS. Things I can not do :

Modify the serverAdd external jars 

The client will be part of a command line call and will run as a stand alone.
 
I've been searching all day and have found hundreds of vague, overly complex examples, mostly based on SOAPHandler (which tells me I need to install server components which I cannot do). I grasp the general requirements but am having difficulty figuring out how to add the security elements to the header.
 
What do I need to do to add the username and password tokens to the header?
 
This is where I am so far.

package findingLetter;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.util.ArrayList;
import java.util.List;
import javax.xml.namespace.QName;
import javax.xml.soap.MessageFactory;

[Code] ....

View Replies View Related

Unable To Implement Alphanumeric Security Code

Apr 10, 2014

I have been trying to implement a alphanumeric security code in JAVA. Here are my specifications:

1) Numbers and letters
2) There is user input
3) In the format of NNN-LL-NNNN where N=Numbers and L=UPPERCASE letters
4) If it is incorrect print out INVALID CODE
5) If it is correct print out VALID CODE

Here is what I have produced so far...

import java.util.*;
import java.io.*;
//Class Declaration
class WorkingWithStrings
{
//Main Method
public static void main(String[] args)
{
//Takes input from user

[Code]...

I have taking the approach of invoking a separate method that will check the validity of the security code. However I am having an issue with creating a statement that checks if the middle two characters of the security code are capital letters. This could possibly tie in with my understanding of strings.

View Replies View Related

Security Number Validation Based On Request

Jan 30, 2014

I have to validate security number based on tHIS REQUEST
 
If the SECURITYNNUBER IS INVALID UNDER THE SECURITYNUMBER attribute,it must reject(Date & algorith). To override the normal validation,the subject must contain INVALIDSECURITYNUMBER. The incorrect ID number must still reflect in the SECURITYNUMBER attribute.
 
THE FIRST 6 DIGIT IS DATE
 
EXAMPLE 7701205334086
 
public boolean val_SECURITYNUMBER()
    {
        boolean flag = true;
        String u_Securtynr = transactionFile.getS_securtynumber();
        // 1. Invalid securty number if completed
            if(!isBlank(u_Securtynr))

[Code] .....

View Replies View Related

Java Servlet :: EAR Deployment File Security

Jul 10, 2012

I have been trying to find all day long a way to secure my .ear file from modifications made by third parties... My product is packaged as an .ear file which i send for deployment to other administrators. What i am looking for is a way to "sign" my version of .ear versus the deployed version of .ear to be sure that no modification has been made to my code...

View Replies View Related

Read File From LoginModule Running Under Security Manager

Nov 27, 2013

I have followed the Java tutorial on JAAS Authentication and Authorization. All the sample code in the tutorials works fine also when running under a security manager. Now I am trying to modify the LoginModule class, so that it uses a password file to look up users and passwords, but as soon as I try to run the code under a security manager, I get a Security Exception. I suppose it has something to do with the code havent been granted any access to read the password file? So I tried to add this to the policy file:

grant codebase "file:./sample/module/-" {
permission java.io.FilePermission "sample/module/passwords.txt", "read";
};

It didn't do any difference. why I get this Security Exception?

The only difference from my code to the tutorial code, is that I have added the lines:

Scanner scanner = null;
try {
scanner = new Scanner(new File("src/sample/module/passwords.txt"));
} catch (FileNotFoundException e) {
e.printStackTrace();
}

to the login() method of the SampleLoginModule class...

View Replies View Related

Switching Security On In WTP Eclipse Plugin Causing Massive Errors

Aug 15, 2014

I am working on an Eclipse based project that uses WTP Eclipse plugin. Since I have switched security on in that plugin (by checking "Enable Security" check box on) I'm having multiple problems. I get a stack of security errors - attached in this post. I also show my java.policy file. Because the of the mass exceptions I list only the top, although I have attached a docx file with full thing.

Here is my java.policy file:

grant codeBase "file:${catalina.base}/wtpwebapps/App/WEB-INF/lib/hibernate-core-4.3.5.Final.jar" {
permission java.util.PropertyPermission "*", "read, write";
};
grant codeBase "file:${catalina.home}/lib/catalina.jar" {
permission java.lang.RuntimePermission "*";

[Code] ....

Exceptions:

15/08/2014 10:12:43 PM org.apache.catalina.core.AprLifecycleListener init
INFO: The APR based Apache Tomcat Native library which allows optimal performance in production environments was not found on the java.library.path:
C:Javajdk1.6.0_33in;C:WINDOWSSunJavain;
C:WINDOWSsystem32;C:WINDOWS;

[Code] .....

View Replies View Related

Applets :: Accessing Java Application Without Adding Site To Java Security

Sep 12, 2014

I have tried running the java application without adding the site to site list in java security tab. But I get a sand box message as APPLICATION BLOCKED BY SECURITY SETTINGS. How to run the java application without adding the site to site list in java security tab.

View Replies View Related

Servlets :: Redirect After Login

Jan 30, 2014

I have a secured Struts application in WebSphere that uses FORM j_security_check for authentication.There is also a Post Logon "filter" defined which runs some code after a login is processed.The extract from web.xml showing the login configuration and filter is as follows:

<login-config>
<auth-method>FORM</auth-method>
<realm-name>MyRealm</realm-name>
<form-login-config>
<form-login-page>/login.html</form-login-page>
<form-error-page>/error.html</form-error-page>

[code]....

If a user isn't logged into the application and they try to access one of the secured servlets, for example quotes.do, they are directed to the login page to enter their information.If they login successfully, they are then directed to quotes.do, rather than the default "welcome" page. Is there a setting in the web.xml or the post logon filter where I can force j_security_check to ALWAYS go to the default welcome page after a successful login?

View Replies View Related

Login Page With Startup?

Mar 10, 2014

Today downloaded eclipse and for the database i installed MSSQL 2008 R2. I want to make a webpage where i started with the login credentials, how to make a webpage for the login credentials?

I need two boxes

ID:
Password:
[Submit Button]

how to make a webpage and how can i run locally should i install IIS?

View Replies View Related

Login Database Java

Sep 3, 2014

how can i stop this loop(while (res.next() )

example: i hava a table conex wich i inser on it two columns name and password i fill it by
name : yosra password : lol
name : najeh password :mdr

i don't know when i fill jTextfield of password and name correctly for ewp i put yosra as name and password as lol the loop continue to the next row and i show the two message dialog on netbeans about correct acces and refused access and the frame of my chatroom is opened

private void jButton1MouseClicked(java.awt.event.MouseEvent evt) {
// TODO add your handling code here:
String pass=new String(this.pass.getPassword());
String nam=this.name.getText();
acceder(nam,pass);

[code]....

View Replies View Related

Login Authentication With Database

Apr 22, 2014

i have build an login form with which a user can login to see next form ,login form is working perfectly but whenever a user enters a wrong userid and clicks on login then nothing happens,i want that there a popup will be called and say wrong userid...

However when a user enters correct userid and wrong password then the popup is working but not when the user id itself wrong...

View Replies View Related

JSP :: Verification Of Login Page

Mar 8, 2014

I have created a jsp page named Login.jsp, here's the followings code:

<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
pageEncoding="ISO-8859-1"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<link type="text/css" rel="stylesheet" href="inc/style.css" >

[Code] ....

Is that the structure of my page is correct? I create a new folder below WebContent in my project, named "authentication" and i placed below home.jsp. This page will display, if the login and password is correct.

Also, i change some thing in web.xml of project :

<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" id="WebApp_ID" version="3.0">
<display-name>authentication</display-name>

[Code] ...

When i enter "http://localhost:8080/Gestion_de_stock/authentication/home.jsp" many problem appears :

Firstly, the login page doesn't display with the style that i made in a css file "style.css"

Also, when i enter a correct login and password an error page display and a url i don't know where it comes from [URL] .....

View Replies View Related

JSF :: SSO Class - How To Redirect To Login Page

Jul 20, 2014

I have write a SSO class for Single Sign on But i am getting one issue i am using JSF2 for my web application...here is my SSO class :

public class ApplicationSSO implements SSO {
public String authenticateUser(RequestContext request) {
UmUsersList user = (UmUsersList) request.getSessionContext().getAttribute("USER");
return user.getUmulEmailId();
}

[Code] .....

As you can see i have write below line

JSFUtils.redirectPage("../login/Login.xhtml");

It mean if User null it will redirect to Login page but it is not working. How to solve the issue i am end up with

An error has occurred.

For detailed error information, please see the HTML source code, and contact the forum Administrator.

Error while executing SSO actions: java.lang.NullPointerException

View Replies View Related

Printer Access Login System

Mar 22, 2014

How to hold/cancel print job once it has already been put into the queue in windows with java code?

View Replies View Related

Implementation Of Login Page With Java

Mar 25, 2014

Code for login page by java and how we can implement it.

View Replies View Related

How To Hide A Password In Login System

Jan 26, 2015

I've made a login system with a username and a password. The password is visible and I wanna hide it, how do I do that? Here is my code (have used swing);

import javax.swing.*;
import java.awt.*;
import java.awt.event.*;
public class Password implements ActionListener {
private String Username = "hudhud";
private String Password = "fitness";

[Code] ......

View Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved