Search Results

Search found 14784 results on 592 pages for 'spring security'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 103/592 | < Previous Page | 99 100 101 102 103 104 105 106 107 108 109 110  | Next Page >

  • Why don't smart phones have an auto-forget password feature? [closed]

    - by Kelvin
    Storing passwords to external services (e.g. corporate email servers) on smart phones is very insecure, since phones are more easily stolen. Has any vendor implemented a feature to only cache a password in memory for a limited amount of time? After the time period has elapsed, the app would ask for the password again. EDIT: I should've clarified - I'm aware that many (most?) users are lazy and want to just "set it and forget it". The always-remember feature will probably always be present. I was curious about an option to enable auto-forget for the security-conscious.

    Read the article

  • Is the escaping provided by the Google-Gson library enough to ensure a safe JSON payload?

    - by Lifetime_Learner
    I am currently using the Google-Gson library to convert Java objects into JSON inside a web service. Once the object has been converted to JSON, it is returned to the client to be converted into a JSON object using the JavaScript eval() function. Is the character escaping provided by the Gson library enough to ensure that nothing nasty will happen when I run the eval() function on the JSON payload? Do I need to HTML Encode the Strings in the Java Objects before passing them to the Gson library? Are there any other security concerns that I should be aware of?

    Read the article

  • How to get rid of crawling errors due to the URL Encoded Slashes (%2F) problem in Apache

    - by user14198
    The Google web crawler has indexed a whole set of URLs with encoded slashes (%2F) for our site. I assume it has picked up the pages from our XML sitemap file. The problem is that the live pages will actually result in a failure because of the Url Encoded Slashes Problem in Apache. Some solutions are mentioned here We are implementing a 301 redirect scheme for all the error pages. This should make the Google bot delete the pages from the crawling errors (no more crashing pages). Does implementing the 301s require the pages to be "live"? In that case we may be forced to implement solution 1 in the article. The problem is that solution 1 will pose a security vulnerability..

    Read the article

  • Is this fix for Avast Antivirus crashing safe to use?

    - by TmRn
    Well I have installed avast anti virus on Ubuntu 12.04. But after updating, it crashes! So I have made some tweaks like below: Press Ctrl+Alt+T to open the Terminal. When it opens, run the command below. sudo gedit /etc/init.d/rcS Type your password and hit Enter. When the text file opens, add the line: sysctl -w kernel.shmmax=128000000 Make sure the line you added is before: exec /etc/init.d/rc S This is what it should look like: #! /bin/sh # rcS # # Call all S??* scripts in /etc/rcS.d/ in numerical/alphabetical order # sysctl -w kernel.shmmax=128000000 exec /etc/init.d/rc S Save the file. Reboot. My question is: Did I do anything wrong? I mean as I have made some tweaks, will it lower the security of Avast down like viruses do? Please if you are a programmer check this if it contains bug or harmful intentions... Thanks.

    Read the article

  • Drive By Download Issue

    - by mprototype
    I'm getting a drive by download issue reported on www.cottonsandwichquiltshop.com/catalog/index.php?manufacturers_id=19&sort=2a&filterid=61 reported from safeweb.norton.com when I scan the root url. I have dug through the entire site architecture, and code base and removed a few files that were malicious, i upgraded the site's framework and fixed the security holes (mostly sql injection concerns)..... However this one threat still exists and I can't locate it for the life of me, or find any valid research or information on removing this type of threat at the server level, mostly just a bunch of anti-virus software wanting to sell you on their ability to manage it on the client end. PLEASE HELP Thanks.

    Read the article

  • Apache: DoS with mod_deflate & range requests, tomcat also? [migrated]

    - by VextoR
    I know that apache has a security bug http://seclists.org/fulldisclosure/2011/Aug/175 So if you do this command: curl -I -H "Range: bytes=0-1,0-2" -s www.yandex.ru/robots.txt it says HTTP/1.1 206 Partial Content it means, the problem is exist. But the fact is, that for apache tomcat (our server) curl says 206 Partial Content as well. So we need to fix it. I found solution for apache HTTP (.htaccess, mod_headers) but not for tomcat. I'm very newbie for servers things, so can't understand most, so please help

    Read the article

  • Combining a content management system with ASP.NET

    - by Ek0nomik
    I am going to be creating a site that seems like it requires a blend of a content management system (CMS) and some custom web development (which is done in ASP.NET MVC). I have plenty of web development experience to understand the ASP.NET MVC side of the fence, but, I don't have a lot of CMS knowledge aside from getting one stood up. Right now my biggest question is around integrating security from ASP.NET with the CMS. I currently have an ASP.NET MVC site that handles the authentication for multiple production sites and creates an authentication cookie under our domain (*.example.com). The page acts like a single sign on page since the cookie is a wildcard and can be used in any other applications of the same domain. I'd really like to avoid having users put in their credentials twice. Is there a CMS that will play well with the ASP.NET Forms Authentication given how I have these existing applications structured? As an aside, right now I am leaning towards Drupal, but, that isn't finalized.

    Read the article

  • Where can I hire a trustworthy professional PHP programmer?

    - by JJ22
    I wrote a php application for my website that really needs to work well and be as secure as possible. I'm a novice php programmer, so while my application seems to work well, there may be inefficiencies or security vulnerabilities. I feel that I should have someone look over my code before making the application publicly available, but I'm hesitant to just post it online because it handles some rather sensitive things. Where can I find a competent, trustworthy, and relatively inexpensive php programmer who would be willing to review a few thousand lies of well-commented easy-to-read php code? Thank you!

    Read the article

  • Need private personal access to ~three PHP pages

    - by Roger
    I would like secure access to the text output by three PHP scripts (the text output is JavaScript and html) . The security level is much less then financial data but important none-the-less. I have considered purchasing AND studying https and SSL certificates. Hostgator charges an extra $2/month for a private ip plus $50+ anually for a certificate. This is more then I want to spend for this project (time + money). Is there a simpler solution that is: less expensive easier to implement. I'm open to different approaches.

    Read the article

  • What to do about this gnome-keyring message?

    - by arroy_0209
    I upgraded from ubuntu 10.04 to 12.04 and installed lxde. Since then whenever I try to print some file (or use command lpstat), I get this message on the terminal: "WARNING: gnome-keyring:: couldn't connect to: /tmp/keyring-SZ59jJ/pkcs11: No such file or directory". This is beyond my knowledge and from search I only realize that this mey be related to security (as learned from gnome-keyring on wikipedia). I have no idea what to about this warning. Can anybody please suggest? Evidently as stated, I am not using gnome desktop, I choose lxde session at the time of logging in.

    Read the article

  • Access Token Verification

    - by DecafCoder
    I have spent quite a few days reading up on Oauth and token based security measures for REST API's and I am currently looking at implementing an Oauth based authentication approach almost exactly like the one described in this post (OAuth alternative for a 2 party system). From what I understand, the token is to be verified upon each request to the resource server. This means the resource server would need to retrieve the token from a datastore to verify the clients token. Given this would have to happen upon every request I am concerned about the speed implications of hitting a datastore like MySQL or NoSQL upon every request just to verify the token. Is this the standard way to verify tokens by having them stored in a RDBMS or NoSQL database and retrieved upon each request? Or is it a suitable solution to have them cached (baring in mind that we are talking millions of users)?

    Read the article

  • Setting up fastcgi on an Ubunutu server (socket file permissions issue)

    - by gray alien
    I am trying to set up mod_fcgid on my server. Part of the requirement is that Apache needs to create a socket file for mod_fcgid. I specified the folder for Apache to write the socket data to: /var/run/apache2/fcgid I then specified this file in my fcgid.conf file as follows: SocketPath /var/run/apache2/fcgid/sock I then changed the owner of the folder to www-data (the apache user) and gave the owner full permissions to the folder and its contents. I was able to run my test fcgi app then. When I rebooted the machine, y fastcgi app no longer worked. After some investigation, I found that ownership of /var/run/apache2/fcgid has been reset to root, and with permission reset to 700 I have the following questions: Is there something specific about the /var/run folder? why is the permissions being reset after a reboot? Should I move my socket file to another location (in case root automatically takes ownership of contents in this folder for security reasons?) I am running Ubuntu 10.0.4 LTS 64 bit

    Read the article

  • aspect parameter validation [closed]

    - by user12558
    Hi, Im doing a POC using Aspectj. class BaseInfo{..} class UserInfo extends BaseInfo{..} class UserService { public void getUser(UserInfo userInfo){..} public void deleteUser(String userId){..} } I've defined an advice, that gets invoked when I pass an UserInfo instance.But when i try to pass the BaseInfo, the advice is not getting invoked. Below block executes the afterMethod as expected for getUser. &ltaop:pointcut id="aopafterMethod" expression="execution(* UserService.*(..,UserInfo,..))" / &gtaop:after pointcut-ref="aopafterMethod" method="afterMethod" / But when i try to give BaseInfo instead of UserInfo, the aspect is not getting triggered. Am i missing something? Kindly help me on this issue.

    Read the article

  • A Safe Way to Allow Upload of All File Types?

    - by user34682
    By default WordPress restricts the file types that can be uploaded to /uploads using the default Media Manager. I know it is possible to manually extend the allowed file types. I also know it is possible to change functions.php to allow ALL file types to be uploaded. This restriction obviously exists for security concerns - e.g. someone could upload a harmful .exe Would it not be possible to allow secure upload of all filetypes by setting the permissions of the /uploads directory to prevent execution of any of its contents? Thus it wouldn't matter if someone uploaded a harmful file because it would not be executable on the server...

    Read the article

  • Ibatis startBatch() only works with SqlMapClient's own start and commit transactions, not with Sprin

    - by Brian
    Hi, I'm finding that even though I have code wrapped by Spring transactions, and it commits/rolls back when I would expect, in order to make use of JDBC batching when using Ibatis and Spring I need to use explicit SqlMapClient transaction methods. I.e. this does batching as I'd expect: dao.getSqlMapClient().startTransaction(); dao.getSqlMapClient().startBatch(); int i = 0; for (MyObject obj : allObjects) { dao.storeChange(obj); i++; if (i % DB_BATCH_SIZE == 0) { dao.getSqlMapClient().executeBatch(); dao.getSqlMapClient().startBatch(); } } dao.getSqlMapClient().executeBatch(); dao.getSqlMapClient().commitTransaction(); but if I don't have the opening and closing transaction statements, and rely on Spring to manage things (which is what I want to do!), batching just doesn't happen. Given that Spring does otherwise seem to be handling its side of the bargain regarding transaction management, can anyone advise on any known issues here? (Database is MySQL; I'm aware of the issues regarding its JDBC pseudo-batch approach with INSERT statement rewriting, that's definitely not an issue here)

    Read the article

  • Using ControllerClassNameHandlerMapping with @Controller and extending AbstractController

    - by whiskerz
    Hey there, actually I thought I was trying something really simple. ControllerClassNameHandlerMapping sounded great to produce a small spring webapp using a very lean configuration. Just annotate the Controller with @Controller, have it extend AbstractController and the configuration shouldn't need more than this <context:component-scan base-package="test.mypackage.controller" /> <bean id="urlMapping" class="org.springframework.web.servlet.mvc.support.ControllerClassNameHandlerMapping" /> to resolve my requests and map them to my controllers. I've mapped the servlet to "*.spring", and calling <approot>/hello.spring All I ever get is an error stating that no mapping was found. If however I extend the MultiActionController, and do something like <approot>/hello/hello.spring it works. Which somehow irritates me, as I would have thought that if that is working, why didn't my first try? Does anyone have any idea? The two controllers I used looked like this @Controller public class HelloController extends AbstractController { @Override protected ModelAndView handleRequestInternal(HttpServletRequest request, HttpServletResponse response) throws Exception { ModelAndView modelAndView = new ModelAndView("hello"); modelAndView.addObject("message", "Hello World!"); return modelAndView; } } and @Controller public class HelloController extends MultiActionController { public ModelAndView hello(HttpServletRequest request, HttpServletResponse response) throws Exception { ModelAndView modelAndView = new ModelAndView("hello"); modelAndView.addObject("message", "Hello World!"); return modelAndView; } }

    Read the article

  • Dependency Injection into your Singleton

    - by Langali
    I have a singleton that has a spring injected Dao (simplified below): public class MyService<T> implements Service<T> { private final Map<String, T> objects; private static MyService instance; MyDao myDao; public void set MyDao(MyDao myDao) { this. myDao = myDao; } private MyService() { this.objects = Collections.synchronizedMap(new HashMap<String, T>()); // start a background thread that runs for ever } public static synchronized MyService getInstance() { if(instance == null) { instance = new MyService(); } return instance; } public void doSomething() { myDao.persist(objects); } } My spring config will probably look like this: <bean id="service" class="MyService" factory-method="getInstance"/> But this will instantiate the MyService during startup. Is there a programmatic way to do a dependency injection of MyDao into MyService, but not have spring manage the MyService? Basically I want to be able to do this from my code: MyService.getInstance().doSomething(); while having spring inject the MyDao for me.

    Read the article

  • JAR files, don't they just bloat and slow Java down?

    - by Josamoto
    Okay, the question might seem dumb, but I'm asking it anyways. After struggling for hours to get a Spring + BlazeDS project up and running, I discovered that I was having problems with my project as a result of not including the right dependencies for Spring etc. There were .jars missing from my WEB-INF/lib folder, yes, silly me. After a while, I managed to get all the .jar files where they belong, and it comes at a whopping 12.5MB at that, and there's more than 30 of them! Which concerns me, but it probably and hopefully shouldn't be concerned. How does Java operate in terms of these JAR files, they do take up quite a bit of hard drive space, taking into account that it's compressed and compiled source code. So that can really quickly populate a lot of RAM and in an instant. My questions are: Does Java load an entire .jar file into memory when say for instance a class in that .jar is instantiated? What about stuff that's in the .jar that never gets used. Do .jars get cached somehow, for optimized application performance? When a single .jar is loaded, I understand that the thing sits in memory and is available across multiple HTTP requests (i.e. for the lifetime of the server instance running), unlike PHP where objects are created on the fly with each request, is this assumption correct? When using Spring, I'm thinking, I had to include all those fiddly .jars, wouldn't I just be better off just using native Java, with say at least and ORM solution like Hibernate? So far, Spring just took extra time configuring, extra hard drive space, extra memory, cpu consumption, so I'm concerned that the framework is going to cost too much application performance just to get for example, IoC implemented with my BlazeDS server. There still has to come ORM, a unit testing framework and bits and pieces here and there. It's just so easy to bloat up a project quickly and irresponsibly easily. Where do I draw the line?

    Read the article

  • Network authentication + roaming home directory - which technology should I look into using?

    - by Brian
    I'm looking into software which provides a user with a single identity across multiple computers. That is, a user should have the same permissions on each computer, and the user should have access to all of his or her files (roaming home directory) on each computer. There seem to be many solutions for this general idea, but I'm trying to determine the best one for me. Here are some details along with requirements: The network of machines are Amazon EC2 instances running Ubuntu. We access the machines with SSH. Some machines on this LAN may have different uses, but I am only discussing machines for a certain use (running a multi-tenancy platform). The system will not necessarily have a constant amount of machines. We may have to permanently or temporarily alter the amount of machines running. This is the the reason why I'm looking into centralized authentication/storage. The implementation of this effect should be a secure one. We're unsure if users will have direct shell access, but their software will potentially be running (under restricted Linux user names, of course) on our systems, which is as good as direct shell access. Let's assume that their software could potentially be malicious for the sake of security. I have heard of several technologies/combinations to achieve my goal, but I'm unsure of the ramifications of each. An older ServerFault post recommended NFS & NIS, though the combination has security problems according to this old article by Symantec. The article suggests moving to NIS+, but, as it is old, this Wikipedia article has cited statements suggesting a trending away from NIS+ by Sun. The recommended replacement is another thing I have heard of... LDAP. It looks like LDAP can be used to save user information in a centralized location on a network. NFS would still need to be used to cover the 'roaming home folder' requirement, but I see references of them being used together. Since the Symantec article pointed out security problems in both NIS and NFS, is there software to replace NFS, or should I heed that article's suggestions for locking it down? I'm tending toward LDAP because another fundamental piece of our architecture, RabbitMQ, has a authentication/authorization plugin for LDAP. RabbitMQ will be accessible in a restricted manner to users on the system, so I would like to tie the security systems together if possible. Kerberos is another secure authentication protocol that I have heard of. I learned a bit about it some years ago in a cryptography class but don't remember much about it. I have seen suggestions online that it can be combined with LDAP in several ways. Is this necessary? What are the security risks of LDAP without Kerberos? I also remember Kerberos being used in another piece of software developed by Carnegie Mellon University... Andrew File System, or AFS. OpenAFS is available for use, though its setup seems a bit complicated. At my university, AFS provides both requirements... I can log in to any machine, and my "AFS folder" is always available (at least when I acquire an AFS token). Along with suggestions for which path I should look into, does anybody have any guides which were particularly helpful? As the bold text pointed out, LDAP looks to be the best choice, but I'm particularly interested in the implementation details (Keberos? NFS?) with respect to security.

    Read the article

  • Problem in Apache CXF (Simple Frontend): 'Already connected'

    - by seanizer
    I am using apache CXF for the first time. I am trying to establish a connection based on the CXF simple front end (Configuration notes) technology. I can't really see what I've done wrong, but I am getting a weird error (see below). I have also posted this question to [email protected], but I haven't received a response yet. Perhaps someone here can help. The service bean that is wrapped here is a Spring / JPA service that does not know anything about the web, I want to use simple frontend to publish it as a web service without having to annotate it with Jax-ws etc. (This works in theory). Here's my configuration: Server: <beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:simple="http://cxf.apache.org/simple" xmlns:soap="http://cxf.apache.org/bindings/soap" xmlns:context="http://www.springframework.org/schema/context" xmlns:cs="http://[www.mycompany.com]/coupon/service" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd http://cxf.apache.org/bindings/soap http://cxf.apache.org/schemas/configuration/soap.xsd http://cxf.apache.org/simple http://cxf.apache.org/schemas/simple.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.0.xsd" default-autowire="byType" > <import resource="classpath:META-INF/cxf/cxf.xml" /> <import resource="classpath:META-INF/cxf/cxf-extension-soap.xml" /> <import resource="classpath:META-INF/cxf/cxf-extension-http.xml" /> <import resource="classpath:META-INF/cxf/cxf-extension-http-binding.xml" /> <import resource="classpath:META-INF/cxf/cxf-servlet.xml" /> <import resource="classpath*:persistenceContext.xml" /> <!—my service implementation --> <!-- serviceClass points to an interface --> <simple:server id="server" serviceBean="couponService" serviceClass="[com.mycompany].MyServiceInterface" bindingId="http://apache.org/cxf/binding/http" address="/${wsdl.path}" serviceName="cs:couponService" endpointName="cs:couponServicePort" > <simple:dataBinding> <bean class="org.apache.cxf.aegis.databinding.AegisDatabinding" /> </simple:dataBinding> <simple:binding> <soap:soapBinding version="1.2" mtomEnabled="true" /> </simple:binding> </simple:server> <context:property-placeholder location="classpath:service.properties" /> </beans> Client: <beans xmlns="http://www.springframework.org/schema/beans" xmlns:simple="http://cxf.apache.org/simple" xmlns:soap="http://cxf.apache.org/bindings/soap" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:aop="http://www.springframework.org/schema/aop" xmlns:context="http://www.springframework.org/schema/context" xmlns:oxm=http://www.springframework.org/schema/oxm xmlns:cs="http://[www.mycompany.com]/coupon/service" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd http://cxf.apache.org/bindings/soap http://cxf.apache.org/schemas/configuration/soap.xsd http://cxf.apache.org/simple http://cxf.apache.org/schemas/simple.xsd http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.0.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.0.xsd http://www.springframework.org/schema/oxm http://www.springframework.org/schema/oxm/spring-oxm-3.0.xsd" default-autowire="byType" > <import resource="classpath:META-INF/cxf/cxf.xml" /> <import resource="classpath:META-INF/cxf/cxf-extension-http.xml" /> <import resource="classpath:META-INF/cxf/cxf-extension-http-binding.xml" /> <import resource="classpath:META-INF/cxf/cxf-extension-soap.xml" /> <simple:client id="couponService" wsdlLocation="${wsdl.url}?wsdl" serviceName="cs:couponService" endpointName="cs:couponServicePort" transportId="http://schemas.xmlsoap.org/soap/http" address="${wsdl.url}" bindingId="http://apache.org/cxf/binding/http" serviceClass="[com.mycompany].MyServiceInterface"> <simple:dataBinding> <bean class="org.apache.cxf.aegis.databinding.AegisDatabinding" /> </simple:dataBinding> <simple:binding> <soap:soapBinding mtomEnabled="true" version="1.2" /> </simple:binding> </simple:client> <context:property-placeholder location="classpath:service.properties" /> On the client side, I inject the generated service into my web application (I am using wicket but that should be irrelevant) and when I call service methods on it I get an IllegalStateException from java.net.HttpURLConnection saying the connection is already open. Here’s the stack trace: java.lang.IllegalStateException: IllegalStateException invoking http://localhost:9999/services/coupon: Already connected at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39) at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27) at java.lang.reflect.Constructor.newInstance(Constructor.java:513) at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.mapException(HTTPConduit.java:2058) at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:2048) at org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:66) at org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:639) at org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:62) at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:243) at org.apache.cxf.binding.http.interceptor.DatabindingOutSetupInterceptor.handleMessage(DatabindingOutSetupInterceptor.java:91) at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:243) at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:487) at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:313) at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:265) at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:73) at org.apache.cxf.frontend.ClientProxy.invoke(ClientProxy.java:68) at $Proxy30.createIndividualUserCouponsJob(Unknown Source) at [com.mycompany].coupons.web.app.dummycontent.DummyContentInitializer.addSomeIndividualCoupons(DummyContentInitializer.java:84) at [com.mycompany].coupons.web.app.dummycontent.DummyContentInitializer.addSomeCoupons(DummyContentInitializer.java:68) at [com.mycompany].coupons.web.app.dummycontent.DummyContentInitializer.init(DummyContentInitializer.java:50) at org.apache.wicket.Application.callInitializers(Application.java:843) at org.apache.wicket.Application.initializeComponents(Application.java:678) at org.apache.wicket.protocol.http.WicketFilter.init(WicketFilter.java:725) at org.apache.wicket.protocol.http.WicketServlet.init(WicketServlet.java:219) at javax.servlet.GenericServlet.init(GenericServlet.java:241) at org.mortbay.jetty.servlet.ServletHolder.initServlet(ServletHolder.java:433) at org.mortbay.jetty.servlet.ServletHolder.doStart(ServletHolder.java:256) at org.mortbay.component.AbstractLifeCycle.start(AbstractLifeCycle.java:40) at org.mortbay.jetty.servlet.ServletHandler.initialize(ServletHandler.java:617) at org.mortbay.jetty.servlet.Context.startContext(Context.java:139) at org.mortbay.jetty.webapp.WebAppContext.startContext(WebAppContext.java:1218) at org.mortbay.jetty.handler.ContextHandler.doStart(ContextHandler.java:500) at org.mortbay.jetty.webapp.WebAppContext.doStart(WebAppContext.java:448) at org.mortbay.component.AbstractLifeCycle.start(AbstractLifeCycle.java:40) at org.mortbay.jetty.handler.HandlerWrapper.doStart(HandlerWrapper.java:117) at org.mortbay.jetty.Server.doStart(Server.java:220) at org.mortbay.component.AbstractLifeCycle.start(AbstractLifeCycle.java:40) at [com.mycompany].coupons.web.test.Start.main(Start.java:45) Caused by: java.lang.IllegalStateException: Already connected at java.net.HttpURLConnection.setFixedLengthStreamingMode(HttpURLConnection.java:103) at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.thresholdNotReached(HTTPConduit.java:1889) at org.apache.cxf.io.AbstractThresholdOutputStream.close(AbstractThresholdOutputStream.java:99) at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1980) This happens the first time a service call is made, and the only URLConnection that is opened before that is that of the wsdl. I have searched the web for similar problems, but all I found was a bug using rest that has already been fixed. I am trying to use the simple frontend, as my service is not annotated with jax-ws annotations and I would like to keep it that way. Can someone help? Thanks in advance. Sean

    Read the article

  • WCF client encrypt message to JAVA WS using username_token with message protection client policy

    - by Alex
    I am trying to create a WCF client APP that is consuming a JAVA WS that uses username_token with message protection client policy. There is a private key that is installed on the server and a public certificate file was exported from the JKS keystore file. I have installed the public key into certificate store via MMC under Personal certificates. I am trying to create a binding that will encrypt the message and pass the username as part of the payload. I have been researching and trying the different configurations for about a day now. I found a similar situation on the msdn forum: http://social.msdn.microsoft.com/Forums/en/wcf/thread/ce4b1bf5-8357-4e15-beb7-2e71b27d7415 This is the configuration that I am using in my app.config <customBinding> <binding name="certbinding"> <security authenticationMode="UserNameOverTransport"> <secureConversationBootstrap /> </security> <httpsTransport requireClientCertificate="true" /> </binding> </customBinding> <endpoint address="https://localhost:8443/ZZZService?wsdl" binding="customBinding" bindingConfiguration="cbinding" contract="XXX.YYYPortType" name="ServiceEndPointCfg" /> And this is the client code that I am using: EndpointAddress endpointAddress = new EndpointAddress(url + "?wsdl"); P6.WCF.Project.ProjectPortTypeClient proxy = new P6.WCF.Project.ProjectPortTypeClient("ServiceEndPointCfg", endpointAddress); proxy.ClientCredentials.UserName.UserName = UserName; proxy.ClientCredentials.ClientCertificate.SetCertificate(StoreLocation.CurrentUser, StoreName.My, X509FindType.FindByThumbprint, "67 87 ba 28 80 a6 27 f8 01 a6 53 2f 4a 43 3b 47 3e 88 5a c1"); var projects = proxy.ReadProjects(readProjects); This is the .NET CLient error I get: Error Log: Invalid security information. On the Java WS side I trace the log : SEVERE: Encryption is enabled but there is no encrypted key in the request. I traced the SOAP headers and payload and did confirm the encrypted key is not there. Headers: {expect=[100-continue], content-type=[text/xml; charset=utf-8], connection=[Keep-Alive], host=[localhost:8443], Content-Length=[731], vsdebuggercausalitydata=[uIDPo6hC1kng3ehImoceZNpAjXsAAAAAUBpXWdHrtkSTXPWB7oOvGZwi7MLEYUZKuRTz1XkJ3soACQAA], SOAPAction=[""], Content-Type=[text/xml; charset=utf-8]} Payload: <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"><s:Header><o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"><o:UsernameToken u:Id="uuid-5809743b-d6e1-41a3-bc7c-66eba0a00998-1"><o:Username>admin</o:Username><o:Password>admin</o:Password></o:UsernameToken></o:Security></s:Header><s:Body xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"><ReadProjects xmlns="http://xmlns.dev.com/WS/Project/V1"><Field>ObjectId</Field><Filter>Id='WS-Demo'</Filter></ReadProjects></s:Body></s:Envelope> I have also tryed some other bindings but with no success: <basicHttpBinding> <binding name="basicHttp"> <security mode="TransportWithMessageCredential"> <message clientCredentialType="Certificate"/> </security> </binding> </basicHttpBinding> <wsHttpBinding> <binding name="wsBinding"> <security mode="Message"> <message clientCredentialType="UserName" negotiateServiceCredential="false" /> </security> </binding> </wsHttpBinding> Your help will be greatly aprreciatted! Thanks!

    Read the article

  • CSS file in a Spring WAR returns a 404

    - by Rachel G.
    I have a J2EE application that I am building with Spring and Maven. It has the usual project structure. Here is a bit of the hierarchy. MyApplication src main webapp WEB-INF layout header.jsp styles main.css I want to include that CSS file in my JSP. I have the following tag in place. <c:url var="styleSheetUrl" value="/styles/main.css" /> <link rel="stylesheet" href="${styleSheetUrl}"> When I deploy the application, the CSS page isn't being located. When I view the page source, the href is /MyApplication/styles/main.css. Looking inside the WAR, there is a /styles/main.css. However, I get a 404 when I try to access the CSS file directly in the browser. I discovered that the reason for the issue was the Dispatcher Servlet mapping. The mapping looks as follows. <servlet-mapping> <servlet-name>Spring MVC Dispatcher Servlet</servlet-name> <url-pattern>/</url-pattern> </servlet-mapping> I imagine the Dispatcher Servlet doesn't know how to handle the CSS request. What is the best way to handle this issue? I would rather not have to change all of my request mappings.

    Read the article

  • Principles of an extensible data proxy

    - by Wesley
    There is a growing industry now with more than 30 companies playing in the Backend-As-A-Service (BaaS) market. The principle is simple: give companies a secure way of exposing data housed on premises and behind the firewall publicly. This can include database data, as well as Legacy PC data through established connectors; SAP for example provides a connector for transacting with their legacy systems. Early attempts were fixed providers for specific systems like SAP, IBM or Oracle, but the new breed is extensible, allowing Channel Partners and Consultants to build robust integration applications that can consume whatever data sources the client wants to expose. I just happen to be close to finishing a Cloud Based HTML5 application platform that provides robust integration services, and I would like to break ground on an extensible data proxy to complete the system. From what I can gather, I need to provide either an installable web service of some kind, or a Cloud service which the client can configure with VPN for interactions. Then I can build in connectors, which can be activated with a service account, and expose those transactions via web services of some kind (JSON, SOAP, etc). I can also provide a framework that allows people to build in their own connectors, and use some kind of schema to hook those connectors into the proxy. The end result is some kind of public facing web service that could securely be consumed by applications to show data through HTML5 on any device. My gut is, this isn't as hard as it sounds. Almost all of the 30+ companies (With more popping up almost weekly) have all come into existence in the last 18 months or so, which tells me either the root technology, or the skillset to create the technology is in abundance right now. Where should I start on this? Are there some open source projects I can leverage? A specific group of developers I can hire? I'm confident someone here can set me on the right path and save me some time. You don't see this many companies spring up this rapidly if they are all starting from scratch with proprietary technology. The Register: WTF is BaaS One Minute Video from Kony on their BaaS

    Read the article

  • VLC (Server) re-stream Security Camera Feed

    - by Aaron
    I purchased a Swann Home Security DVR system and was hoping for some help on how to duplicate the streaming video on my server. In order to get their web view (streaming video in the browser) to work, I had to install the following plugins: HiDvrPlugin.dmg for mac. Hidvrocx.cab for Windows. I was originally thinking it was a sign of some form of DRM? Maybe. Maybe not. HTML wise, the following code is in the source of the safari version of the web view: <embed pluginspage="SurveilClient.dmg" width="10px" height="10px" type="application/x-scplugin" id="MacDiv" style="height: 592px; width: 720px; left: 278px; top: 61px; "> It seems to be the main display area. Using wireshark, I am able to see that the video stream is on port 9000. However, I have no idea what type of stream it is. I've tried opening it in VLC with no such luck. http://dvr_ip:9000 tcp://dvr_ip:9000 My hope was to do the following to redistribute the feed vlc dvr_ip:9000 --sout h264-version-on-localhost:3000 TLDR; Trying to re-distribute a stream from a security camera (can't tell the format) using vlc (re-distribute via h.264 / HTML5). Not sure how to accomplish this. Is it possible that the software has some type of DRM that only the plugins can decode?

    Read the article

  • Windows Server 2003 R2 Terminal Server : Internet Explorer Enhanced Security won't disable for Users

    - by Tubs
    The Internet Explorer Enhanced Security (IEES) won't disable using the normal method of disabling it from the Add/Remove Programs/Windows components. This came to light immediately after testing. IEES was disabled after Terminal Services were installed for admin and users, and after IE8 was installed. My initial thoughts were that there was some clash between IE8 and IE6 (which is the default on 2003 R2), so I uninstalled IE8 and reverted back to IE6. The same symptoms were displayed, when a normal user logged on Internet Explorer Enhnaced Security was enforced. I then thought it could be a problem that Terminal Server wasn't recognising the removal as IEES was on when initially installed. I uninistalled the Terminal Server Componants using the server roles, and then reactivated and deavtived IEES. Windows Server 2003 R2 allows a limited number of users to connect to RDP by default, so I logged on as a normal user, and IEES was disabled. I then reinstalled Terminal Server, and logged on as a normal user. IEES was back enabled. Why is this?

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 99 100 101 102 103 104 105 106 107 108 109 110  | Next Page >