Sometime ago there was a question on whether there was support for Programmatic Web Login in JBoss. We did not have it.
Security Forum Question
Starting JBoss 4.2.0.GA, this feature is available:
http://wiki.jboss.org/wiki/Wiki.jsp?page=WebAuthentication
Friday, March 16, 2007
Java PKI Management Tools
The command line tool "keytool" as part of the JDK is not the best tool from an usability perspective. There is the issue of various signature algorithms (DSA,RSA etc), various keystore types(JKS,pkcs12 etc), generation of CSRs etc.
I did play around with the "keyman" tool available from IBM for free. Quite decent.
I came across the following OSS tool "CSRTool". I have not yet played around with it.
CSRTool
I did play around with the "keyman" tool available from IBM for free. Quite decent.
I came across the following OSS tool "CSRTool". I have not yet played around with it.
CSRTool
Fine Tune JBoss
Ever wondered how you can fine the JBoss Application Server?
Then just look at the following wiki page on JBoss Wiki:
Fine Tuning JBoss
Then just look at the following wiki page on JBoss Wiki:
Fine Tuning JBoss
Wednesday, March 14, 2007
Using HttpClient to make a FORM based conversation
I found this blog that had some code for doing FORM based authentication conversation.
http://cocoalocker.blogspot.com/2007/01/java-ruby-http-clients.html
===========
So the Java code to access the servlet using form based authentication looks like this:
http://cocoalocker.blogspot.com/2007/01/java-ruby-http-clients.html
===========
So the Java code to access the servlet using form based authentication looks like this:
public static void formAuthDemo()
throws IOException, HttpException {
HttpClient client = new HttpClient();
// make the initial get to get the JSESSION cookie
GetMethod get = new GetMethod(
"http://localhost:8080/MyWebApp/myservlet");
client.executeMethod(get);
get.releaseConnection();
// authorize
PostMethod post = new PostMethod(
"http://localhost:8080/MyWebApp/j_security_check");
NameValuePair[] data = {
new NameValuePair("j_username", "tomcat"),
new NameValuePair("j_password", "tomcat")
};
post.setRequestBody(data);
client.executeMethod(post);
post.releaseConnection();
//resubmit the original request
client.executeMethod(get);
String response = get.getResponseBodyAsString();
get.releaseConnection();
System.out.println(response);
}
==================
Saturday, March 10, 2007
Firefox Tips
Use SHIFT-DELETE (or just DEL) on mistyped auto-completion suggestions.
Saturday, March 03, 2007
Sun's Open Source OpenSSO Project
I am going to take a look at Sun's OSS project OpenSSO.
Some references:
Nightly Builds of OpenSSO
Final Conclusion:
A big project to look at in short time. They make use of JWSDP (Jaxrpc) and JAXB impl which may not work for me.
Some references:
Orhan Alkan's Weblog
Orhan's Installation GuideNightly Builds of OpenSSO
Final Conclusion:
A big project to look at in short time. They make use of JWSDP (Jaxrpc) and JAXB impl which may not work for me.
Friday, March 02, 2007
ApacheCon Europe 2007
I will be presenting a session on "Apache Tomcat Security" on May 4, 2007 at ApacheCon 2007 at Amsterdam. If you are going to be present at the conference, do attend this one-hour presentation.
ApacheCon 2007
Related stories:
Apache Tomcat v6.0 is stable and is released. Apache News.
Additional details on the new IO mechanism in v6 using APR/NIO.
Tomcat AIO
Greg Wilkin's blog entry on Async Servlets
As usual, the Apache Tomcat web page is: Apache Tomcat
ApacheCon 2007
Related stories:
Apache Tomcat v6.0 is stable and is released. Apache News.
Additional details on the new IO mechanism in v6 using APR/NIO.
Tomcat AIO
Greg Wilkin's blog entry on Async Servlets
As usual, the Apache Tomcat web page is: Apache Tomcat
Subscribe to:
Posts (Atom)