Win a copy of The Java Performance Companion this week in the Performance forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Security issue

 
Abhijit Rai
Ranch Hand
Posts: 41
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi all,
I had a security related problem in <user-auth-constraint> tag please help out.
When I place either CONFIDENTIAL/INTEGRAL in <tranport-guarantee> tag the browser displays error "page cant be displayed".
My web.xml is :


<?xml version="1.0" encoding="UTF-8"?>

<web-app xmlns="http://java.sun.com/xml/ns/j2ee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd"
version="2.4">

<welcome-file-list>
<welcome-file>
index.jsp
</welcome-file>
</welcome-file-list>
<security-role>
<role-name>manager</role-name>
</security-role>


<security-constraint>
<web-resource-collection>
<web-resource-name> tipu </web-resource-name>
<url-pattern>/*</url-pattern>
<http-method> GET </http-method>
<http-method>POST</http-method>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL </transport-guarantee>
</user-data-constraint>
<auth-constraint>
<role-name>manager</role-name>
</auth-constraint>


</security-constraint>

<login-config>
<auth-method>BASIC</auth-method>
</login-config>

</web-app>



And I am using Java5,netbeans 5.5.1,tomcat 5.5 and j2ee1.4. Thanks in advance. Cheers !!!
 
Jan Sterk
Ranch Hand
Posts: 142
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hello Night,

You have to create a (self-signed) certificate to make SSL work. You also have to configure some file in Tomcat (if that's what you're using).

Google for it - on tomcat's website it is explained very well.
 
Christophe Verré
Sheriff
Posts: 14691
16
Eclipse IDE Ubuntu VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
"night fox",
Welcome to the ranch. You may not be aware of the ranch Naming Policy. Please read it carefully and change your name accordingly (obviously fake names are not allowed). Thank you.
 
Abhijit Rai
Ranch Hand
Posts: 41
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks Jan,
Got it now .It really is pretty straight forward .There are 2 steps as Jan prophesied

1.Create a certificate keystore by executing the following command:
Windows:
%JAVA_HOME%\bin\keytool -genkey -alias tomcat -keyalg RSA
Unix:
$JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA

and remember to specify a password value as "changeit"(only for tomcat).

2.Add

<Connector port="8443" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" />

in server.xml present in %catalina-home%\conf\
.
 
Jeanne Boyarsky
author & internet detective
Marshal
Posts: 34671
367
Eclipse IDE Java VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
"abhijit.r",
You are getting closer to following the naming policy now, but not quite there yet. Please use a space rather than a dot to separate first name and last name. Also, we do not allow an initial for the last name.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic