aspose file tools*
The moose likes Web Component Certification (SCWCD/OCPJWCD) and the fly likes Security issue Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Certification » Web Component Certification (SCWCD/OCPJWCD)
Bookmark "Security issue" Watch "Security issue" New topic
Author

Security issue

Abhijit Rai
Ranch Hand

Joined: Aug 07, 2008
Posts: 41
Hi all,
I had a security related problem in <user-auth-constraint> tag please help out.
When I place either CONFIDENTIAL/INTEGRAL in <tranport-guarantee> tag the browser displays error "page cant be displayed".
My web.xml is :


<?xml version="1.0" encoding="UTF-8"?>

<web-app xmlns="http://java.sun.com/xml/ns/j2ee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd"
version="2.4">

<welcome-file-list>
<welcome-file>
index.jsp
</welcome-file>
</welcome-file-list>
<security-role>
<role-name>manager</role-name>
</security-role>


<security-constraint>
<web-resource-collection>
<web-resource-name> tipu </web-resource-name>
<url-pattern>/*</url-pattern>
<http-method> GET </http-method>
<http-method>POST</http-method>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL </transport-guarantee>
</user-data-constraint>
<auth-constraint>
<role-name>manager</role-name>
</auth-constraint>


</security-constraint>

<login-config>
<auth-method>BASIC</auth-method>
</login-config>

</web-app>



And I am using Java5,netbeans 5.5.1,tomcat 5.5 and j2ee1.4. Thanks in advance. Cheers !!!


SCJP5 ,SCWCD5
Jan Sterk
Ranch Hand

Joined: Jun 06, 2008
Posts: 139
Hello Night,

You have to create a (self-signed) certificate to make SSL work. You also have to configure some file in Tomcat (if that's what you're using).

Google for it - on tomcat's website it is explained very well.


SCJP 1.4 (81%)<br />SCWCD 5 (95%)
Christophe Verré
Sheriff

Joined: Nov 24, 2005
Posts: 14688
    
  16

"night fox",
Welcome to the ranch. You may not be aware of the ranch Naming Policy. Please read it carefully and change your name accordingly (obviously fake names are not allowed). Thank you.


[My Blog]
All roads lead to JavaRanch
Abhijit Rai
Ranch Hand

Joined: Aug 07, 2008
Posts: 41
Thanks Jan,
Got it now .It really is pretty straight forward .There are 2 steps as Jan prophesied

1.Create a certificate keystore by executing the following command:
Windows:
%JAVA_HOME%\bin\keytool -genkey -alias tomcat -keyalg RSA
Unix:
$JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA

and remember to specify a password value as "changeit"(only for tomcat).

2.Add

<Connector port="8443" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" />

in server.xml present in %catalina-home%\conf\
.
Jeanne Boyarsky
author & internet detective
Marshal

Joined: May 26, 2003
Posts: 30774
    
156

"abhijit.r",
You are getting closer to following the naming policy now, but not quite there yet. Please use a space rather than a dot to separate first name and last name. Also, we do not allow an initial for the last name.


[Blog] [JavaRanch FAQ] [How To Ask Questions The Smart Way] [Book Promos]
Blogging on Certs: SCEA Part 1, Part 2 & 3, Core Spring 3, OCAJP, OCPJP beta, TOGAF part 1 and part 2
 
It is sorta covered in the JavaRanch Style Guide.
 
subject: Security issue