I have JSP application naming myProject ,which has been deployed in webapp folder in tomcat. I want to provide security for myProject folder. I mean, I want to protect it from copying by someone else. Is there any way to do the same. I tried by hiding the folder using one of hiding software, but when I do that, I was not able to access those files in web browser.
Where can I learn or how can I, being the most efficient way known to do so, create a folder outside my JAR file with the java source code, this then will copy YAML documents from my JAR file to that folder, then I need to read the YAML documents some way. I'm making an addon for a game, I am using an API that allows you to make a config.yml easily, and add and read entries from it, but I've read that I need to make my own methods to be able to create additional YAML documents.
I don't exactly know what to type in google to perhaps find such a page, but I did try to find a tutorial page about this or something and couldn't.
I've partially figured out how to create a folder, but I have a problem, how can I RETURN one directory to make the folder, I don't want to make the folder in the JAR file I want to make it just outside the Jar file in the same folder that the Jar file is at.
I'm having issues with providing focus to keyboard buttons when a JInternalFrame with keyboard buttons is called in my program. So for example when the program is started the attachment called signinscn.png is called.
This screen is a JDesktopPane which calls JPanel for its components.
From here a JInternalFrame containing the buttons ESC and F1 to F4 as seen in the attachment called signinscn.png is called.
I would like the buttons in my JInternalFrame to have focus such that when a user engages the equivalent keyboard button i.e. ESC or F1 to F4 WITHOUT clicking on the JInternalFrame the respective button's action listener kicks in. At the moment only after the user clicks on the JInternalFrame do the equivalent keyboard buttons respond.
Here's the constructor of my JInternalFrame and you can see how I handle the ESC keyboard button in the constructor of the JInternalFrame (but as I mentioned only after the user has engaged the JInternalFrame):
I've been trying to create a tool that extracts emails from inbox using Apache HttpClient, however I'm stuck at the logging in part itself.This is the code. (I've written it all in a main class and removed exception handling for brevity). More in code comments.
Now the thing is, after execution I am returned the login-page again instead of the inbox, which leads me to believe that login did not take place at all.Also the response to the post method in the browser has two cookies "cdata"; "sessionid" populated with values however I get them as empty. I believe that I am losing my session between the first get request and the subsequent post.
Means like in php we can install xampp and there for a new app we need to create a folder in htdocs folder...and after that , that folder works like a app.
I need to invoke a restful webservice Client(Rest) from my Webapp based on some scheduler . Also I need to persist the data which the webservice returns in response. So basically-
1. Scheduler triggers, I need to build the rest service request (JSON) and invoke it. 2. Capture the response of the webservice and persist the data in DB.
I have a simple applet that doesn't stray outside the sandbox. It used to work fine before Java 7 but now it craps out with security warnings. It does nothing but play a game, it doesn't even save the state of the game. This is the applet, it's a very simple chess program.
The warnings and popups I'm getting are: activate javaTM platform SE 7U?allow now?activation blocked by security settings - I never changed any security settings and as I said, this applet stays firmly in the sandbox so I can't see what the issue is.Viewing the java error window I see
Java Plug-in 10.51.2.13 Using JRE version 1.7.0_51-b13 Java HotSpot(TM) Client VM User home directory = C:UsersMike ---------------------------------------------------- c: clear console window f: finalize objects on finalization queue g: garbage collect h: display this help message l: dump classloader list m: print memory usage o: trigger logging
[code]....
why it shows the C:UsersMike directory in the above listing, there is no access to files etc.The applet plays fine if I run it in appletviewer.What do I need to do to make this simply work in anyone's browser? I have a similar problem with a (rather funky) Connect 4 program I wrote. It worked fine for years and then just stopped with the Java 7.
I know that Servlets are meant to do the JDBC tasks, JSP are only for displaying the final information forwarded by the Servlet.
JSP are Servlets too, but I heard an idea that it is safer to make database operations in a Servlet.
The idea is that I have a few JSP that use JSTL tags to retrieve some database information. By doing this I was concerned that this may be bad design, though I really wanted to get in fit with the JSTL tags.
Are there any security weaknesses if doing some JDBC stuff in a JSP, by using JSTL or plain Java code in <%...%>?
P.S. In my JSP I only retrieve data, not modifying it.
But when i try to open it i get the message: Application Blocked. Click for details.
- The list i see doesn't work - If i click Ignore nothing happens - If i click reload nothing happens
When i read and search the net i have to change my java security settings. The security setting are HIGH and i cannot change that.But i can fill in an Exception Site List...The hello.html file is on my NAS : file:///X:/Lantronix/hello.html..I fill this in the exception Site list -> I get a message that it is a security risk to add this location.
I've been building out a course lab project over the last few weeks, and at the time (with what we knew), it made sense to use a session level ResourceBundle to facilitate translations.
In order to validate if there is a session level ResourceBundle, I have a filter running (checking if the bundle exists, creating one if not, etc...).
The problem I now have is the final step of the project (the part most recently taught), is to add Declarative Security.
Of course, when that happens the login.jsp is called and the Filter doesn't run. It's not a problem for most scenarios, except for someone who bookmarks a link inside the secure part of the site. Then, the ResourceBundle doesn't exist and the login.jsp content that should be translated is "".
Is there a way to indicate via the web.xml that a specific Filter should be allowed before the login.jsp is displayed?
I imagine JSTL:FMT is probably the best solution, but we don't cover that until after the lab is due. I have a (messy) short-term solution of creating a temporary ResourceBundle in the login.jsp via a scriplet if the session scope ResourceBundle is null, but I was wondering if I missed something with the web.xml.
I am using AES/CBC/PKCS5Padding algorithm to encrypt/decrypt, it works fine across machines, since i am not using a Facrtory to create the secret . I am using constant SecretKeySpec and iv for the ciphers. This of course heart the security , and doesn't prevent the "man of the middle" problem .
I saw that there are ways with key generation with MAC , and RSA symmetric encryption , but i am not sure how to implement it , and how to it depends on local certificates or files .
I have an FX application which invokes a REST JSON webservice. It works perfect if I run it standalone. But if I try to run it over browser, it throws java security exception.
It also works fine in web if I comment some lines that invokes the webservice (code that calls the webservice using jackson.)
Java version used is JDK 1.7u67 IE plugin version : 7.0.670.1
Error log : java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "accessDeclaredMembers") at java.security.AccessControlContext.checkPermission(Unknown Source) at java.security.AccessController.checkPermission(Unknown Source) at java.lang.SecurityManager.checkPermission(Unknown Source)
I have several Windows 7 Enterprise machines that have already been deployed via image and need to lower the security settings for use on internal web based applications.
Is there an easy way to manipulate the configuration (a file) so that I may simply make the changes by overwriting the current configuration settings instead of, having to go to each device, opening the Java console, and changing the security settings that way?
I have attempted to login as the machine administration, make the changes on the Java console with the hopes this configuration would have migrated to all user profiles that log into the PC. Is there a "public profile" configuration file I can change and if so, what should I do.
I need to write a simple client to access a WS. Things I can not do :
Modify the serverAdd external jars
The client will be part of a command line call and will run as a stand alone.
I've been searching all day and have found hundreds of vague, overly complex examples, mostly based on SOAPHandler (which tells me I need to install server components which I cannot do). I grasp the general requirements but am having difficulty figuring out how to add the security elements to the header.
What do I need to do to add the username and password tokens to the header?
I have been trying to implement a alphanumeric security code in JAVA. Here are my specifications:
1) Numbers and letters 2) There is user input 3) In the format of NNN-LL-NNNN where N=Numbers and L=UPPERCASE letters 4) If it is incorrect print out INVALID CODE 5) If it is correct print out VALID CODE
Here is what I have produced so far...
import java.util.*; import java.io.*; //Class Declaration class WorkingWithStrings { //Main Method public static void main(String[] args) { //Takes input from user
[Code]...
I have taking the approach of invoking a separate method that will check the validity of the security code. However I am having an issue with creating a statement that checks if the middle two characters of the security code are capital letters. This could possibly tie in with my understanding of strings.
I have to validate security number based on tHIS REQUEST
If the SECURITYNNUBER IS INVALID UNDER THE SECURITYNUMBER attribute,it must reject(Date & algorith). To override the normal validation,the subject must contain INVALIDSECURITYNUMBER. The incorrect ID number must still reflect in the SECURITYNUMBER attribute.
THE FIRST 6 DIGIT IS DATE
EXAMPLE 7701205334086
public boolean val_SECURITYNUMBER() { boolean flag = true; String u_Securtynr = transactionFile.getS_securtynumber(); // 1. Invalid securty number if completed if(!isBlank(u_Securtynr))
I have been trying to find all day long a way to secure my .ear file from modifications made by third parties... My product is packaged as an .ear file which i send for deployment to other administrators. What i am looking for is a way to "sign" my version of .ear versus the deployed version of .ear to be sure that no modification has been made to my code...
I have followed the Java tutorial on JAAS Authentication and Authorization. All the sample code in the tutorials works fine also when running under a security manager. Now I am trying to modify the LoginModule class, so that it uses a password file to look up users and passwords, but as soon as I try to run the code under a security manager, I get a Security Exception. I suppose it has something to do with the code havent been granted any access to read the password file? So I tried to add this to the policy file:
grant codebase "file:./sample/module/-" { permission java.io.FilePermission "sample/module/passwords.txt", "read"; };
It didn't do any difference. why I get this Security Exception?
The only difference from my code to the tutorial code, is that I have added the lines:
I am working on an Eclipse based project that uses WTP Eclipse plugin. Since I have switched security on in that plugin (by checking "Enable Security" check box on) I'm having multiple problems. I get a stack of security errors - attached in this post. I also show my java.policy file. Because the of the mass exceptions I list only the top, although I have attached a docx file with full thing.
Here is my java.policy file:
grant codeBase "file:${catalina.base}/wtpwebapps/App/WEB-INF/lib/hibernate-core-4.3.5.Final.jar" { permission java.util.PropertyPermission "*", "read, write"; }; grant codeBase "file:${catalina.home}/lib/catalina.jar" { permission java.lang.RuntimePermission "*";
[Code] ....
Exceptions:
15/08/2014 10:12:43 PM org.apache.catalina.core.AprLifecycleListener init INFO: The APR based Apache Tomcat Native library which allows optimal performance in production environments was not found on the java.library.path: C:Javajdk1.6.0_33in;C:WINDOWSSunJavain; C:WINDOWSsystem32;C:WINDOWS;
I am creating a very simple webpage where I am using just a little bit of JSP to include partials (header, footer and asides) that are centrally located. One of the constraint that the site owner has put is that, for SEO reason, he wants to keep the url's the way they are. Most of the pages are located in the same folder, except for one which is in a subfolder.
Here is my problem, I have the partials in a folder and at the same level the images. Now, for that page located in the subfolder, when I include the partials, it is not able to locate the images because they are located in a folder one level up. What I could do is create a copy of the image folder in the subfolder or an adapted copy of the partials (referring to the images one level up), but either solution would make for a maintenance nightmare and repeat information on the server.
Here is a visual representation of my file system:
I am creating a bukkit plugin, but my question has nothing to do with bukkit, just Java. I am trying to load a file that is located in the same folder as the jar file that is being run and I am having no luck. I can't set a manual path because if I move this plugin to a remote server it won't work. So how to get a file from the same folder as the jar.
I have tried running the java application without adding the site to site list in java security tab. But I get a sand box message as APPLICATION BLOCKED BY SECURITY SETTINGS. How to run the java application without adding the site to site list in java security tab.