Help coderanch get a
new server
by contributing to the fundraiser
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Security issue

 
Ranch Hand
Posts: 41
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi all,
I had a security related problem in <user-auth-constraint> tag please help out.
When I place either CONFIDENTIAL/INTEGRAL in <tranport-guarantee> tag the browser displays error "page cant be displayed".
My web.xml is :


<?xml version="1.0" encoding="UTF-8"?>

<web-app xmlns="http://java.sun.com/xml/ns/j2ee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd"
version="2.4">

<welcome-file-list>
<welcome-file>
index.jsp
</welcome-file>
</welcome-file-list>
<security-role>
<role-name>manager</role-name>
</security-role>


<security-constraint>
<web-resource-collection>
<web-resource-name> tipu </web-resource-name>
<url-pattern>/*</url-pattern>
<http-method> GET </http-method>
<http-method>POST</http-method>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL </transport-guarantee>
</user-data-constraint>
<auth-constraint>
<role-name>manager</role-name>
</auth-constraint>


</security-constraint>

<login-config>
<auth-method>BASIC</auth-method>
</login-config>

</web-app>



And I am using Java5,netbeans 5.5.1,tomcat 5.5 and j2ee1.4. Thanks in advance. Cheers !!!
 
Ranch Hand
Posts: 142
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hello Night,

You have to create a (self-signed) certificate to make SSL work. You also have to configure some file in Tomcat (if that's what you're using).

Google for it - on tomcat's website it is explained very well.
 
Sheriff
Posts: 14691
16
Eclipse IDE VI Editor Ubuntu
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
"night fox",
Welcome to the ranch. You may not be aware of the ranch Naming Policy. Please read it carefully and change your name accordingly (obviously fake names are not allowed). Thank you.
 
Abhijit Rai
Ranch Hand
Posts: 41
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Thanks Jan,
Got it now .It really is pretty straight forward .There are 2 steps as Jan prophesied

1.Create a certificate keystore by executing the following command:
Windows:
%JAVA_HOME%\bin\keytool -genkey -alias tomcat -keyalg RSA
Unix:
$JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA

and remember to specify a password value as "changeit"(only for tomcat).

2.Add

<Connector port="8443" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" />

in server.xml present in %catalina-home%\conf\
.
 
author & internet detective
Posts: 41937
911
Eclipse IDE VI Editor Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
"abhijit.r",
You are getting closer to following the naming policy now, but not quite there yet. Please use a space rather than a dot to separate first name and last name. Also, we do not allow an initial for the last name.
 
The world's cheapest jedi mind trick: "Aw c'mon, why not read this tiny ad?"
We need your help - Coderanch server fundraiser
https://coderanch.com/t/782867/Coderanch-server-fundraiser
reply
    Bookmark Topic Watch Topic
  • New Topic