Friday, March 16, 2007

Programmatic Web Login in JBoss

Sometime ago there was a question on whether there was support for Programmatic Web Login in JBoss. We did not have it.

Security Forum Question

Starting JBoss 4.2.0.GA, this feature is available:
http://wiki.jboss.org/wiki/Wiki.jsp?page=WebAuthentication

Java PKI Management Tools

The command line tool "keytool" as part of the JDK is not the best tool from an usability perspective. There is the issue of various signature algorithms (DSA,RSA etc), various keystore types(JKS,pkcs12 etc), generation of CSRs etc.

I did play around with the "keyman" tool available from IBM for free. Quite decent.

I came across the following OSS tool "CSRTool". I have not yet played around with it.
CSRTool

Fine Tune JBoss

Ever wondered how you can fine the JBoss Application Server?

Then just look at the following wiki page on JBoss Wiki:
Fine Tuning JBoss

Wednesday, March 14, 2007

Using HttpClient to make a FORM based conversation

I found this blog that had some code for doing FORM based authentication conversation.
http://cocoalocker.blogspot.com/2007/01/java-ruby-http-clients.html

===========

So the Java code to access the servlet using form based authentication looks like this:
public static void formAuthDemo()
throws IOException, HttpException {
HttpClient client = new HttpClient();

// make the initial get to get the JSESSION cookie
GetMethod get = new GetMethod(
"http://localhost:8080/MyWebApp/myservlet");
client.executeMethod(get);
get.releaseConnection();

// authorize
PostMethod post = new PostMethod(
"http://localhost:8080/MyWebApp/j_security_check");
NameValuePair[] data = {
new NameValuePair("j_username", "tomcat"),
new NameValuePair("j_password", "tomcat")
};
post.setRequestBody(data);
client.executeMethod(post);
post.releaseConnection();

//resubmit the original request
client.executeMethod(get);
String response = get.getResponseBodyAsString();
get.releaseConnection();
System.out.println(response);
}
==================

Saturday, March 10, 2007

Firefox Tips

Use SHIFT-DELETE (or just DEL) on mistyped auto-completion suggestions.

Saturday, March 03, 2007

Sun's Open Source OpenSSO Project

I am going to take a look at Sun's OSS project OpenSSO.

Some references:

Orhan Alkan's Weblog

Orhan's Installation Guide

Nightly Builds of OpenSSO

Final Conclusion:
A big project to look at in short time. They make use of JWSDP (Jaxrpc) and JAXB impl which may not work for me.

Friday, March 02, 2007

ApacheCon Europe 2007

I will be presenting a session on "Apache Tomcat Security" on May 4, 2007 at ApacheCon 2007 at Amsterdam. If you are going to be present at the conference, do attend this one-hour presentation.

ApacheCon 2007

Related stories:
Apache Tomcat v6.0 is stable and is released. Apache News.

Additional details on the new IO mechanism in v6 using APR/NIO.
Tomcat AIO
Greg Wilkin's blog entry on Async Servlets

As usual, the Apache Tomcat web page is: Apache Tomcat