Search Results

Search found 13853 results on 555 pages for 'soa security'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 221/555 | < Previous Page | 217 218 219 220 221 222 223 224 225 226 227 228  | Next Page >

  • Has glassfish 2.1.1 a bug handling http request and handle them twice?

    - by marabol
    I'm using glassfish 2.1.1. I've watched a mysterious http/webservice-call handling. It seams an http request is handled by two different threads. After http basic authentication the first thread is faster. Persisting some data end, but writing response fails in glassfish internal. The second thread fails, because it tries to persist identical data and there are (unique) constrain failures. The response (the failure) of second thread was delivered to client. I don't won't discuss the behavior with the unique constrain failure. I've improve the webservice, so it can handle this better, because it could be happen anytime, that the client send the ws call a second time. But I think, glassfish 2.1.1 has an bug handling http request. Is there any known issue? Have I done an mistake? [#|2010-03-22T10:40:54.150+0000|INFO|sun-appserver2.1|javax.enterprise.system.core|_ThreadID=10;_ThreadName=main;|Starting Sun GlassFish Enterprise Server v2.1.1 ((v2.1 Patch06)(9.1_02 Patch12)) (build b31g-fcs) ...|#] ... [#|2010-03-22T11:18:44.220+0000|FINE|sun-appserver2.1|mypackage.module.security.auth.realm.YaJdbcRealm|_ThreadID=26;_ThreadName=httpSSLWorkerThread-8080-1;ClassName=mypackage.module.security.auth.realm.YaJdbcRealm;MethodName=authenticate;_RequestID=4d8f23e9-5106-4d64-b865-1638d7075bde;|JDBC authenticate successful for: 8002 groups:[roleUser]|#] [#|2010-03-22T11:18:44.220+0000|FINE|sun-appserver2.1|mypackage.module.security.auth.login.YaJdbcLoginModule|_ThreadID=26;_ThreadName=httpSSLWorkerThread-8080-1;ClassName=mypackage.module.security.auth.login.YaJdbcLoginModule;MethodName=authenticate;_RequestID=4d8f23e9-5106-4d64-b865-1638d7075bde;|JDBC login succeeded for: 8002 groups:[roleUser]|#] [#|2010-03-22T11:18:44.220+0000|FINE|sun-appserver2.1|mypackage.module.security.auth.realm.YaJdbcRealm|_ThreadID=39;_ThreadName=httpSSLWorkerThread-8080-2;ClassName=mypackage.module.security.auth.realm.YaJdbcRealm;MethodName=authenticate;_RequestID=4ca7e3e5-5ab7-41ec-b3c9-d9260b1164c9;|JDBC authenticate successful for: 8002 groups:[roleUser]|#] [#|2010-03-22T11:18:44.220+0000|FINE|sun-appserver2.1|mypackage.module.security.auth.login.YaJdbcLoginModule|_ThreadID=39;_ThreadName=httpSSLWorkerThread-8080-2;ClassName=mypackage.module.security.auth.login.YaJdbcLoginModule;MethodName=authenticate;_RequestID=4ca7e3e5-5ab7-41ec-b3c9-d9260b1164c9;|JDBC login succeeded for: 8002 groups:[roleUser]|#] [#|2010-03-22T11:18:44.220+0000|FINE|sun-appserver2.1|mypackage.MyWebService|_ThreadID=26;_ThreadName=httpSSLWorkerThread-8080-1;ClassName=mypackage.MyWebService;MethodName=enqueue;_RequestID=4d8f23e9-5106-4d64-b865-1638d7075bde;|Received WebService call to enqueue() from client 59|#] [#|2010-03-22T11:18:44.220+0000|FINE|sun-appserver2.1|mypackage.MyWebService|_ThreadID=39;_ThreadName=httpSSLWorkerThread-8080-2;ClassName=mypackage.MyWebService;MethodName=enqueue;_RequestID=4ca7e3e5-5ab7-41ec-b3c9-d9260b1164c9;|Received WebService call to enqueue() from client 59|#] ... [#|2010-03-22T11:18:44.267+0000|FINE|sun-appserver2.1|mypackage.MyWebService|_ThreadID=26;_ThreadName=httpSSLWorkerThread-8080-1;ClassName=mypackage.MyWebService;MethodName=enqueue;_RequestID=4d8f23e9-5106-4d64-b865-1638d7075bde;|Successfully finished WebService call to enqueue() from client 59|#] [#|2010-03-22T11:18:44.329+0000|WARNING|sun-appserver2.1|javax.enterprise.system.container.ejb|_ThreadID=26;_ThreadName=httpSSLWorkerThread-8080-1;_RequestID=4d8f23e9-5106-4d64-b865-1638d7075bde;|invocation error on ejb endpoint MyWebService at /MyWebserviceService/MyWebservice : com.sun.xml.stream.XMLStreamException2 javax.xml.ws.WebServiceException: com.sun.xml.stream.XMLStreamException2 at com.sun.xml.ws.encoding.StreamSOAPCodec.encode(StreamSOAPCodec.java:111) at com.sun.xml.ws.encoding.SOAPBindingCodec.encode(SOAPBindingCodec.java:281) at com.sun.xml.ws.transport.http.HttpAdapter.encodePacket(HttpAdapter.java:320) at com.sun.xml.ws.transport.http.HttpAdapter.access$100(HttpAdapter.java:93) at com.sun.xml.ws.transport.http.HttpAdapter$HttpToolkit.handle(HttpAdapter.java:454) at com.sun.xml.ws.transport.http.HttpAdapter.handle(HttpAdapter.java:244) at com.sun.xml.ws.transport.http.servlet.ServletAdapter.handle(ServletAdapter.java:135) at com.sun.enterprise.webservice.Ejb3MessageDispatcher.handlePost(Ejb3MessageDispatcher.java:113) at com.sun.enterprise.webservice.Ejb3MessageDispatcher.invoke(Ejb3MessageDispatcher.java:87) at com.sun.enterprise.webservice.EjbWebServiceServlet.dispatchToEjbEndpoint(EjbWebServiceServlet.java:231) at com.sun.enterprise.webservice.EjbWebServiceServlet.service(EjbWebServiceServlet.java:157) at javax.servlet.http.HttpServlet.service(HttpServlet.java:847) at com.sun.enterprise.web.AdHocContextValve.invoke(AdHocContextValve.java:114) at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:648) at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:593) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:587) at com.sun.enterprise.web.WebPipeline.invoke(WebPipeline.java:87) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:222) at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:648) at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:593) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:587) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:1093) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:166) at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:648) at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:593) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:587) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:1093) at org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:291) at com.sun.enterprise.web.connector.grizzly.DefaultProcessorTask.invokeAdapter(DefaultProcessorTask.java:666) at com.sun.enterprise.web.connector.grizzly.comet.CometEngine.executeServlet(CometEngine.java:616) at com.sun.enterprise.web.connector.grizzly.comet.CometEngine.handle(CometEngine.java:362) at com.sun.enterprise.web.connector.grizzly.comet.CometAsyncFilter.doFilter(CometAsyncFilter.java:84) at com.sun.enterprise.web.connector.grizzly.async.DefaultAsyncExecutor.invokeFilters(DefaultAsyncExecutor.java:189) at com.sun.enterprise.web.connector.grizzly.async.DefaultAsyncExecutor.interrupt(DefaultAsyncExecutor.java:164) at com.sun.enterprise.web.connector.grizzly.async.AsyncProcessorTask.doTask(AsyncProcessorTask.java:92) at com.sun.enterprise.web.connector.grizzly.TaskBase.run(TaskBase.java:264) at com.sun.enterprise.web.connector.grizzly.ssl.SSLWorkerThread.run(SSLWorkerThread.java:106) Caused by: com.sun.xml.stream.XMLStreamException2 at com.sun.xml.stream.writers.XMLStreamWriterImpl.flush(XMLStreamWriterImpl.java:416) at com.sun.xml.ws.encoding.StreamSOAPCodec.encode(StreamSOAPCodec.java:109) ... 36 more Caused by: ClientAbortException: java.nio.channels.ClosedChannelException at org.apache.coyote.tomcat5.OutputBuffer.doFlush(OutputBuffer.java:385) at org.apache.coyote.tomcat5.OutputBuffer.flush(OutputBuffer.java:351) at org.apache.coyote.tomcat5.CoyoteOutputStream.flush(CoyoteOutputStream.java:176) at com.sun.xml.stream.writers.UTF8OutputStreamWriter.flush(UTF8OutputStreamWriter.java:153) at com.sun.xml.stream.writers.XMLStreamWriterImpl.flush(XMLStreamWriterImpl.java:414) ... 37 more Caused by: java.nio.channels.ClosedChannelException at sun.nio.ch.SocketChannelImpl.ensureWriteOpen(SocketChannelImpl.java:126) at sun.nio.ch.SocketChannelImpl.write(SocketChannelImpl.java:324) at com.sun.enterprise.web.connector.grizzly.OutputWriter.flushChannel(OutputWriter.java:91) at com.sun.enterprise.web.connector.grizzly.OutputWriter.flushChannel(OutputWriter.java:66) at com.sun.enterprise.web.connector.grizzly.SocketChannelOutputBuffer.flushChannel(SocketChannelOutputBuffer.java:172) at com.sun.enterprise.web.connector.grizzly.async.AsynchronousOutputBuffer.flushChannel(AsynchronousOutputBuffer.java:81) at com.sun.enterprise.web.connector.grizzly.SocketChannelOutputBuffer.flushBuffer(SocketChannelOutputBuffer.java:205) at com.sun.enterprise.web.connector.grizzly.async.AsynchronousOutputBuffer.flushBuffer(AsynchronousOutputBuffer.java:114) at com.sun.enterprise.web.connector.grizzly.SocketChannelOutputBuffer.flush(SocketChannelOutputBuffer.java:183) at com.sun.enterprise.web.connector.grizzly.async.AsynchronousOutputBuffer.flush(AsynchronousOutputBuffer.java:104) at com.sun.enterprise.web.connector.grizzly.DefaultProcessorTask.action(DefaultProcessorTask.java:1100) at org.apache.coyote.Response.action(Response.java:237) at org.apache.coyote.tomcat5.OutputBuffer.doFlush(OutputBuffer.java:381) ... 41 more |#] [#|2010-03-22T11:18:44.376+0000|WARNING|sun-appserver2.1|oracle.toplink.essentials.session.file:/mygf-211/domains/mydomain/applications/j2ee-apps/myear/myjar-myPu|_ThreadID=39;_ThreadName=httpSSLWorkerThread-8080-2;_RequestID=4ca7e3e5-5ab7-41ec-b3c9-d9260b1164c9;| Local Exception Stack: Exception [TOPLINK-4002] (Oracle TopLink Essentials - 2.1 (Build b31g-fcs (10/19/2009))): oracle.toplink.essentials.exceptions.DatabaseException Internal Exception: com.microsoft.sqlserver.jdbc.SQLServerException: Eine Zeile mit doppeltem Schlüssel kann in das 'dbo.MY_TABLE'-Objekt mit dem eindeutigen 'MY_INDEX'-Index nicht eingefügt werden.

    Read the article

  • Compile classfile issue in Spring 3

    - by Prajith R
    I have used spring framework 3 for my application. Everything is ok while developed in Netbeans But i need a custom build and done for the same The build created without any issue, but i got the following error The error occurred while calling the following method @RequestMapping(value = "/security/login", method = RequestMethod.POST) public ModelAndView login(@RequestParam String userName, @RequestParam String password, HttpServletRequest request) { ...................... But There is no issue while creating the war with netbeans (I am sure it is about the compilation issue) have you any experiance on this issue ... There is any additional javac argument for compile the same (netbeans used there custom task for the compilation) type Exception report message description The server encountered an internal error () that prevented it from fulfilling this request. exception org.springframework.web.util.NestedServletException: Request processing failed; nested exception is org.springframework.web.bind.annotation.support.HandlerMethodInvocationException: Failed to invoke handler method [public org.springframework.web.servlet.ModelAndView com.mypackage.security.controller.LoginController.login(java.lang.String,java.lang.String,javax.servlet.http.HttpServletRequest)]; nested exception is java.lang.IllegalStateException: No parameter name specified for argument of type [java.lang.String], and no parameter name information found in class file either. org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:659) org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:563) javax.servlet.http.HttpServlet.service(HttpServlet.java:637) javax.servlet.http.HttpServlet.service(HttpServlet.java:717) com.mypackage.security.controller.AuthFilter.doFilter(Unknown Source) org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:237) org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:167) root cause org.springframework.web.bind.annotation.support.HandlerMethodInvocationException: Failed to invoke handler method [public org.springframework.web.servlet.ModelAndView com.mypackage.security.controller.LoginController.login(java.lang.String,java.lang.String,javax.servlet.http.HttpServletRequest)]; nested exception is java.lang.IllegalStateException: No parameter name specified for argument of type [java.lang.String], and no parameter name information found in class file either. org.springframework.web.bind.annotation.support.HandlerMethodInvoker.invokeHandlerMethod(HandlerMethodInvoker.java:171) org.springframework.web.servlet.mvc.annotation.AnnotationMethodHandlerAdapter.invokeHandlerMethod(AnnotationMethodHandlerAdapter.java:414) org.springframework.web.servlet.mvc.annotation.AnnotationMethodHandlerAdapter.handle(AnnotationMethodHandlerAdapter.java:402) org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:771) org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:716) org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:647) org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:563) javax.servlet.http.HttpServlet.service(HttpServlet.java:637) javax.servlet.http.HttpServlet.service(HttpServlet.java:717) com.mypackage.security.controller.AuthFilter.doFilter(Unknown Source) org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:237) org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:167) root cause java.lang.IllegalStateException: No parameter name specified for argument of type [java.lang.String], and no parameter name information found in class file either. org.springframework.web.bind.annotation.support.HandlerMethodInvoker.getRequiredParameterName(HandlerMethodInvoker.java:618) org.springframework.web.bind.annotation.support.HandlerMethodInvoker.resolveRequestParam(HandlerMethodInvoker.java:417) org.springframework.web.bind.annotation.support.HandlerMethodInvoker.resolveHandlerArguments(HandlerMethodInvoker.java:277) org.springframework.web.bind.annotation.support.HandlerMethodInvoker.invokeHandlerMethod(HandlerMethodInvoker.java:163) org.springframework.web.servlet.mvc.annotation.AnnotationMethodHandlerAdapter.invokeHandlerMethod(AnnotationMethodHandlerAdapter.java:414) org.springframework.web.servlet.mvc.annotation.AnnotationMethodHandlerAdapter.handle(AnnotationMethodHandlerAdapter.java:402) org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:771) org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:716) org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:647) org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:563) javax.servlet.http.HttpServlet.service(HttpServlet.java:637) javax.servlet.http.HttpServlet.service(HttpServlet.java:717) com.mypackage.security.controller.AuthFilter.doFilter(Unknown Source) org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:237) org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:167) note The full stack trace of the root cause is available in the Apache Tomcat/6.0.18 logs.

    Read the article

  • C# WCF client configuration for X509 secured web service over https

    - by Kam
    Hi guys I been pulling my hair out for the past few days trying to connect to a web service using .Net 3.5 and WCF (have also tried using WSE 3.0) without much luck. The web service is hosted by a 3rd party and we can access via https. They also make use of X509 certificates for security, to sign the message. I've been given some basic info and am able to connect and test the service using SOAP UI 3.5 without any problems, so we know that this is not the issue. Just trying to get it done in code! I've added the X509 certificate into the certificate store using the mmc snap-in, and using tracing and logging i can see that the message is being signed, just unable to see which part i have got wrong. Any healp GREATLY appreciated :) I've been given an offline WSDL file, which I have imported in as a service reference is VS 2008. My calling code looks like so, simple enough: ServicePointManager.ServerCertificateValidationCallback = delegate(object sender,X509Certificate certificate,X509Chain chain, SslPolicyErrors sslErrors) { return true; }; GatewayClient gateway = new GatewayClient(); CheckStatusResponse response = gateway.CheckLineStatus(); And my config looks like so: <basicHttpBinding> <binding name="Gateway_1.0" closeTimeout="00:01:00" openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00" allowCookies="false" bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard" maxBufferSize="65536" maxBufferPoolSize="524288" maxReceivedMessageSize="65536" messageEncoding="Text" textEncoding="utf-8" transferMode="Buffered" useDefaultWebProxy="true"> <readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384" maxBytesPerRead="4096" maxNameTableCharCount="16384" /> <security mode="TransportWithMessageCredential"> <transport clientCredentialType="None" proxyCredentialType="None" realm="" /> <message clientCredentialType="Certificate" algorithmSuite="Default" /> </security> </binding> </basicHttpBinding> <customBinding> <binding name="Gateway_1"> <security authenticationMode="CertificateOverTransport" includeTimestamp="true" messageProtectionOrder="SignBeforeEncrypt"> <localClientSettings maxClockSkew="12:00:00" replayWindow="12:00:00" sessionKeyRolloverInterval="12:00:00" timestampValidityDuration="12:00:00" /> <localServiceSettings maxClockSkew="12:00:00" sessionKeyRolloverInterval="12:00:00" timestampValidityDuration="12:00:00" /> <secureConversationBootstrap /> </security> <textMessageEncoding messageVersion="Soap11" /> <sslStreamSecurity requireClientCertificate="true" /> <httpsTransport hostNameComparisonMode="WeakWildcard" /> </binding> </customBinding> <wsHttpBinding> <binding name="Gateway_1" closeTimeout="00:01:00" openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00" bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard" messageEncoding="Text" textEncoding="utf-8" useDefaultWebProxy="true" allowCookies="false"> <security mode="TransportWithMessageCredential"> <message clientCredentialType="Certificate" negotiateServiceCredential="false" establishSecurityContext="true" /> </security> </binding> </wsHttpBinding> </bindings> <client> <endpoint address="https://XXX.XX.XXX.XX/SOAP" behaviorConfiguration="ClientCertificateBehavior" binding="wsHttpBinding" bindingConfiguration="Gateway_1" contract="B2BService.Gateway" name="Gateway_1_HTTPSPort"> <identity> <dns value="ext.test.com" /> </identity> </endpoint> </client> <behaviors> <endpointBehaviors> <behavior name="ClientCertificateBehavior"> <clientCredentials> <clientCertificate findValue="mycertificate.com" storeLocation="CurrentUser" storeName="Root" x509FindType="FindBySubjectName" /> <serviceCertificate> <authentication certificateValidationMode="PeerOrChainTrust" /> </serviceCertificate> </clientCredentials> </behavior> </endpointBehaviors> </behaviors> </system.serviceModel> Regardless of which config I use, the code fails for one reason or another, causing internal server errors, Error processing message for security, Undefined 'badEncoding' resource property, or expected http URI given https, and a few other! Been going round and round a bit, and I am sure it is very simple once the cofig is set :( I'm sure I've missed loads out, let me know if seeing the SOAP UI generated envelope and the currect WCF generated envelope will help. many thanks. Kam

    Read the article

  • java.lang.NoClassDefFoundError

    - by Jenny
    Everything was working just fine but now I can no longer run my application. For some reason javax.* is not being found yet in Eclipse the imports are fine... exception javax.servlet.ServletException: Error allocating a servlet instance org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:298) org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:857) org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:588) org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489) java.lang.Thread.run(Thread.java:619) root cause java.lang.NoClassDefFoundError: javax/servlet/http/HttpServlet java.lang.ClassLoader.defineClass1(Native Method) java.lang.ClassLoader.defineClassCond(ClassLoader.java:632) java.lang.ClassLoader.defineClass(ClassLoader.java:616) java.security.SecureClassLoader.defineClass(SecureClassLoader.java:141) java.net.URLClassLoader.defineClass(URLClassLoader.java:283) java.net.URLClassLoader.access$000(URLClassLoader.java:58) java.net.URLClassLoader$1.run(URLClassLoader.java:197) java.security.AccessController.doPrivileged(Native Method) java.net.URLClassLoader.findClass(URLClassLoader.java:190) java.lang.ClassLoader.loadClass(ClassLoader.java:307) sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:301) java.lang.ClassLoader.loadClass(ClassLoader.java:248) org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1560) org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1491) org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:298) org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:857) org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:588) org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489) java.lang.Thread.run(Thread.java:619) root cause java.lang.ClassNotFoundException: javax.servlet.http.HttpServlet java.net.URLClassLoader$1.run(URLClassLoader.java:202) java.security.AccessController.doPrivileged(Native Method) java.net.URLClassLoader.findClass(URLClassLoader.java:190) java.lang.ClassLoader.loadClass(ClassLoader.java:307) sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:301) java.lang.ClassLoader.loadClass(ClassLoader.java:248) java.lang.ClassLoader.defineClass1(Native Method) java.lang.ClassLoader.defineClassCond(ClassLoader.java:632) java.lang.ClassLoader.defineClass(ClassLoader.java:616) java.security.SecureClassLoader.defineClass(SecureClassLoader.java:141) java.net.URLClassLoader.defineClass(URLClassLoader.java:283) java.net.URLClassLoader.access$000(URLClassLoader.java:58) java.net.URLClassLoader$1.run(URLClassLoader.java:197) java.security.AccessController.doPrivileged(Native Method) java.net.URLClassLoader.findClass(URLClassLoader.java:190) java.lang.ClassLoader.loadClass(ClassLoader.java:307) sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:301) java.lang.ClassLoader.loadClass(ClassLoader.java:248) org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1560) org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1491) org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:298) org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:857) org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:588) org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489) java.lang.Thread.run(Thread.java:619)

    Read the article

  • AES code throwing NoSuchPaddingException: Padding NoPaddin unknown

    - by Tom Brito
    The following code is a try to encrypt data using AES with asymmetric key: import java.io.OutputStream; import java.math.BigInteger; import java.security.Key; import java.security.KeyFactory; import java.security.interfaces.RSAPrivateKey; import java.security.interfaces.RSAPublicKey; import java.security.spec.RSAPrivateKeySpec; import java.security.spec.RSAPublicKeySpec; import javax.crypto.Cipher; public class AsyncronousKeyTest { private final Cipher cipher; private final KeyFactory keyFactory; private final RSAPrivateKey privKey; private AsyncronousKeyTest() throws Exception { cipher = Cipher.getInstance("AES/CBC/NoPaddin", "BC"); keyFactory = KeyFactory.getInstance("AES", "BC"); // create the keys // TODO should this numbers be random? RSAPrivateKeySpec privKeySpec = new RSAPrivateKeySpec(new BigInteger( "d46f473a2d746537de2056ae3092c451", 16), new BigInteger("57791d5430d593164082036ad8b29fb1", 16)); privKey = (RSAPrivateKey) keyFactory.generatePrivate(privKeySpec); } public void generateAuthorizationAct(OutputStream outputStream) throws Exception { // TODO Ticket #14 - GenerateAuthorization action KeyFactory keyFactory = KeyFactory.getInstance("AES", "BC"); // TODO should this numbers be random? RSAPublicKeySpec pubKeySpec = new RSAPublicKeySpec(new BigInteger("d46f473a2d746537de2056ae3092c451", 16), new BigInteger("11", 16)); RSAPublicKey pubKey = (RSAPublicKey) keyFactory.generatePublic(pubKeySpec); byte[] data = new byte[] {0x01}; byte[] encrypted = encryptAO(pubKey, data); outputStream.write(encrypted); } /** Encrypt the AuthorizationObject. */ public byte[] encryptAO(Key pubKey, byte[] data) throws Exception { cipher.init(Cipher.ENCRYPT_MODE, pubKey); byte[] cipherText = cipher.doFinal(data); return cipherText; } public byte[] decrypt(byte[] cipherText) throws Exception { cipher.init(Cipher.DECRYPT_MODE, privKey); byte[] decyptedData = cipher.doFinal(cipherText); return decyptedData; } public static void main(String[] args) throws Exception { System.out.println("start"); AsyncronousKeyTest auth = new AsyncronousKeyTest(); auth.generateAuthorizationAct(System.out); System.out.println("done"); } } but at line cipher = Cipher.getInstance(AesEncrypter.getTransformation(), "BC"); it throws NoSuchPaddingException: Padding NoPaddin unknown. What is this? And how to solve?

    Read the article

  • Ninject Given Path's format is not supported

    - by David Osborn
    The Ninject initialization works fine when i run my application directly from VS2010, but if I deploy the application to our custom "plugin" environment I get this error when I run the app and it tries to initialize Ninject. Error during initialization The given path's format is not supported. ERROR : The given path's format is not supported. Type : NotSupportedException Location: System.String CanonicalizePath(System.String, Boolean) Stack Trace: at System.Security.Util.StringExpressionSet.CanonicalizePath(String path, Boolean needFullPath) at System.Security.Util.StringExpressionSet.CreateListFromExpressions(String[] str, Boolean needFullPath) at System.Security.Permissions.FileIOPermission.AddPathList(FileIOPermissionAccess access, AccessControlActions control, String[] pathListOrig, Boolean checkForDuplicates, Boolean needFullPath, Boolean copyPathList) at System.Security.Permissions.FileIOPermission..ctor(FileIOPermissionAccess access, String[] pathList, Boolean checkForDuplicates, Boolean needFullPath) at System.IO.Path.GetFullPath(String path) at Ninject.Modules.ModuleLoader.NormalizePath(String path) at Ninject.Modules.ModuleLoader.GetFilesMatchingPattern(String pattern) at Ninject.Modules.ModuleLoader.b_0(String pattern) at System.Linq.Enumerable.d_142.MoveNext() at System.Linq.Lookup2.Create[TSource](IEnumerable1 source, Func2 keySelector, Func2 elementSelector, IEqualityComparer1 comparer) at System.Linq.GroupedEnumerable3.GetEnumerator() at Ninject.Modules.ModuleLoader.LoadModules(IEnumerable1 patterns) at Ninject.KernelBase.Load(IEnumerable`1 filePatterns) at Ninject.KernelBase..ctor(IComponentContainer components, INinjectSettings settings, INinjectModule[] modules) at Ninject.KernelBase..ctor(INinjectModule[] modules) at MyApp.Ioc.ResolveType.Initialize() at MyApp.Program.Run()

    Read the article

  • Policy file error while loading images form facebook

    - by Fahim Akhter
    Hi, I making a game leaderboard on facebook. I'm not using connect but working inside the canvas. When I try to load the images from facebook it gives me the following error. SecurityError: Error #2122: Security sandbox violation: Loader.content: http://test cannot access http://profile.ak.fbcdn.net/v22941/254/15/q652310588_2173.jpg A policy file is required, but the checkPolicyFile flag was not set when this media was loaded. Here is my loader code public var preLoader:Loader; preLoader=new Loader(); **update** Security.loadPolicyFile('http://api.facebook.com/crossdomain.xml'); Security.allowDomain('http://profile.ak.fbcdn.net'); Security.allowInsecureDomain('http://profile.ak.fbcdn.net'); **update-end** public function imageContainer(Imagewidth:Number,Imageheight:Number,url:String,path:String) { preLoader=new Loader(); Security.loadPolicyFile("http://api.facebook.com/crossdomain.xml"); var context:LoaderContext = new LoaderContext(); context.checkPolicyFile = true; context.applicationDomain = ApplicationDomain.currentDomain; preLoader.load(new URLRequest(path),context); Any Ideas? I am importing the right class though. UPDATE: I am loading the images from a different domain say , calling func http://fahim.com images are from http://profile.ak.fbcdn.net/v22941/254/15/q652310588_2173.jpg something ( I have made sure the pictures are static do not require a facebook login or anything , they are just user public profile pictures)

    Read the article

  • Tomcat 403 error after LDAP authentication.

    - by user352636
    I'm currently trying to use an LDAP server to authenticate users who are trying to access our Tomcat setup. I believe I have managed to get the LDAP authentication working in the form of a JNDI realm call from Tomcat, but immediately after the user enters their password Tomcat starts throwing 403 (permission denied) errors for everything except from the root page (ttp://localhost:1337/). I have no idea why this is happening. I am following the example at http://blog.mc-thias.org/?title=tomcat_ldap_authentication&more=1&c=1&tb=1&pb=1 . server.xml (the interesting/changed bits) <Realm className="org.apache.catalina.realm.JNDIRealm" debug="99" connectionURL="ldap://localhost:389" userPattern="uid={0},ou=People,o=test,dc=company,dc=uk" userSubTree="true" roleBase="ou=Roles,o=test,dc=company,dc=uk" roleName="cn" roleSearch="memberUid={1}" /> <Valve className="org.apache.catalina.authenticator.SingleSignOn" /> web.xml (the interesting/changed bits) <security-constraint> <display-name>Security Constraint</display-name> <web-resource-collection> <web-resource-name>Protected Area</web-resource-name> <!-- Define the context-relative URL(s) to be protected --> <url-pattern>/*</url-pattern> <!-- If you list http methods, only those methods are protected --> </web-resource-collection> <auth-constraint> <!-- Anyone with one of the listed roles may access this area --> <role-name>admin</role-name> <role-name>regular</role-name> </auth-constraint> </security-constraint> <!-- Default login configuration uses form-based authentication --> <login-config> <auth-method>BASIC</auth-method> </login-config> <!-- Security roles referenced by this web application --> <security-role> <role-name>admin</role-name> <role-name>regular</role-name> </security-role> I cannot access my LDAP setup at the moment, but I believe it is alright as the login is accepted by the BASIC auth method, it's just tomcat that is rejecting it. The roles should be as defined in web.xml - admin and regular. If there is any other information you require me to provide, please just ask! My thanks in advance to anyone who can help, and my apologies for any major mistakes I have made - yesterday was pretty much the first time I'd ever heard of LDAP =D. EDIT: Fixed the second xml segment. Apologies for the formating-fail.

    Read the article

  • Convert XML namespace prefixes with C#?

    - by jrista
    I have run into an exasperating problem getting a Java service client to communicate successfully with a WCF service. I have overcome many hurdles, and I believe that this is my last one. The problem boils down to how Java Axis + WSS4J seem to handle xml namespaces. The Java platform seem to be very rigid in what they expect for xml namespace prefixes, and as such, do not understand the WCF reply messages. My problem in a nutshell is as follows. I have an xml response similar to the following from my WCF service: <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" xmlns:a="http://www.w3.org/2005/08/addressing" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"> <s:Header> <a:Action s:mustUnderstand="1" u:Id="_3">http://tempuri.org/IProcessor/DoProcessingResponse</a:Action> <h:CorrelationID xmlns:h="http://tempuri.org/">1234</h:CorrelationID> <a:RelatesTo u:Id="_4">uuid:40f800a0-9613-4f4a-96c5-b9fd98085deb</a:RelatesTo> <o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"> <!-- WS-Security header stuff --> </o:Security> </s:Header> <s:Body u:Id="_1"> <e:EncryptedData Id="_2" Type="http://www.w3.org/2001/04/xmlenc#Content" xmlns:e="http://www.w3.org/2001/04/xmlenc#"> <e:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/> <e:CipherData> <e:CipherValue>NfA6XunmyLlT2ucA+5QneoawHm+imcaCltDAJC1mRZOSxoB6YGpDLY1FyVykPbPGDoFGUESLsmvvbD62sNnRrgE+AuKPo+1CD3DF4LfurRcEv9A50ba9V+ViqlrhydhK</e:CipherValue> </e:CipherData> </e:EncryptedData> </s:Body> </s:Envelope> This response uses simple one-character namespace prefixes for most things, such as 's' for SOAP Envelope, 'a' for WS-Addressing, 'o' for 'WS-Security', etc. The Java client, namely WSS4J, seems to expect the following: <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:wsa="http://www.w3.org/2005/08/addressing" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"> <soap:Header> <wsa:Action soap:mustUnderstand="1" wsu:Id="_3">http://tempuri.org/IProcessor/DoProcessingResponse</wsa:Action> <h:CorrelationID xmlns:h="http://tempuri.org/">1234</h:CorrelationID> <wsa:RelatesTo wsu:Id="_4">uuid:40f800a0-9613-4f4a-96c5-b9fd98085deb</a:RelatesTo> <wsse:Security soap:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"> <!-- WS-Security header stuff --> </wsse:Security> </soap:Header> <soap:Body u:Id="_1"> <xenc:EncryptedData Id="_2" Type="http://www.w3.org/2001/04/xmlenc#Content" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"> <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/> <xenc:CipherData> <xenc:CipherValue>NfA6XunmyLlT2ucA+5QneoawHm+imcaCltDAJC1mRZOSxoB6YGpDLY1FyVykPbPGDoFGUESLsmvvbD62sNnRrgE+AuKPo+1CD3DF4LfurRcEv9A50ba9V+ViqlrhydhK</xenc:CipherValue> </xenc:CipherData> </xenc:EncryptedData> </soap:Body> </soap:Envelope> Upon receipt of my response message, the Java client and WSS4J seem to want to look up elements by their own internal xml aliases, such as 'wsa' for WS-Addressing, and 'wsse' for WS-Security Extensions. Since neither of those namespaces are present in the actual response xml, exceptions are thrown. I am wondering if there is any simple way to transform an xml document from one set of namespaces to another set using C#, .NET, and the System.Xml namespace. I've poked around with XmlNamespaceManager a bit, but it does not seem to fully support what I need...or at least, I have been unable to find any really useful examples, and am not fully sure how it works. I am trying to avoid having to write some heavy-duty process to handle this manually myself, as I do not want to drastically impact the performance of our services when called by a Java Axis/WSS4J client.

    Read the article

  • Unittesting aspect-oriented features.

    - by Tomas Brambora
    Hi, I'd like to know what would you propose as the best way to unit test aspect-oriented application features (well, perhaps that's not the best name, but it's the best I was able to come up with :-) ) such as logging or security? These things are sort of omni-present in the application, so how to test them properly? E.g. say that I'm writing a Cherrypy web server in Python. I can use a decorator to check whether the logged-in user has the permission to access a given page. But then I'd need to write a test for every page to see whether it works oK (or more like to see that I had not forgotten to check security perms for that page). This could maybe (emphasis on maybe) be bearable if logging and/or security were implemented during the web server "normal business implementation". However, security and logging usually tend to be added to the app as an afterthough (or maybe that's just my experience, I'm usually given a server and then asked to implement security model :-) ). Any thoughts on this are very welcome. I have currently 'solved' this issue by, well - not testing this at all. Thanks.

    Read the article

  • Invalid character in a Base-64 string

    - by swetha
    I am getting this error when I am validating the user with sql membership provider this.provider.ValidateUser(userName, password); the password i have used is "freetrial". I tried trimming the spaces but still no luck!!! and the call stack is as follows: [FormatException: Invalid character in a Base-64 string.] System.Convert.FromBase64String(String s) +0 System.Web.Security.MembershipProvider.EncodePassword(String pass, Int32 passwordFormat, String salt) +54 System.Web.Security.SqlMembershipProvider.CheckPassword(String username, String password, Boolean updateLastLoginActivityDate, Boolean failIfNotApproved, String& salt, Int32& passwordFormat) +169 System.Web.Security.SqlMembershipProvider.CheckPassword(String username, String password, Boolean updateLastLoginActivityDate, Boolean failIfNotApproved) +42 System.Web.Security.SqlMembershipProvider.ValidateUser(String username, String password) +78

    Read the article

  • What issues to consider when rolling your own data-backend for Silverlight / AJAX on non-ASP.NET ser

    - by Edward Tanguay
    I have read-only Silverlight and AJAX apps which read static text and XML files from a PHP/Apache server, which works very nicely with features such as asynchronous loading, lazy-loading only what I need for each page, loading in the background, developed a little query language to get a PHP script to create custom XML files etc. it's pragmatic read-only REST, and all works fast and fine for read-only sites. Now I want to also add the ability to write data from these apps to a database on the same PHP/Apache server. For those of you who have built similar data-access layers, what do I need to consider while building this, especially regarding security so that not just any client can write and alter my database, e.g.: check HTTP_USER_AGENT for security check REMOTE_ADDR for security require a special code for security, perhaps a list of TAN codes (such as banks use for online transactions) each which can only be used once, both the client and server have these I wonder if there is some kind of standard REST query I should lean on for e.g. building SQL-like statements in the URL parameters, e.g. http://www.thedatalayersite.com/query?insertinto=customers&... Any thoughts, notes from experience, ideas, gotchas, especially ideas on tightening down security in this endeavor would be helpful.

    Read the article

  • Unable to find valid certification path to requested target while CAS authentication

    - by Dmitriy Sukharev
    I'm trying to configure CAS authentication. It requires both CAS and client application to use HTTPS protocol. Unfortunately we should use self-signed certificate (with CN that doesn't have anything in common with our server). Also the server is behind firewall and we have only two ports (ssh and https) visible. As far as there're several application that should be visible externally, we use Apache for ajp reverse proxying requests to these applications. Secure connections are managed by Apache, and all Tomcat are not configured to work with SSL. But I obtained exception while authentication, therefore desided to set keystore in CATALINA_OPTS: export CATALINA_OPTS="-Djavax.net.ssl.keyStore=/path/to/tomcat/ssl/cert.pfx -Djavax.net.ssl.keyStoreType=PKCS12 -Djavax.net.ssl.keyStorePassword=password -Djavax.net.ssl.keyAlias=alias -Djavax.net.debug=ssl" cert.pfx was obtained from certificate and key that are used by Apache HTTP Server: $ openssl pkcs12 -export -out /path/to/tomcat/ssl/cert.pfx -inkey /path/to/apache2/ssl/server-key.pem -in /path/to/apache2/ssl/server-cert.pem When I try to authenticate a user I obtain the following exception: Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:174) ~[na:1.6.0_32] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:238) ~[na:1.6.0_32] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:318) ~[na:1.6.0_32] Meanwhile I can see in catalina.out that Tomcat see certificate in cert.pfx and it's the same as the one that is used while authentication: 09:11:38.886 [http-bio-8080-exec-2] DEBUG o.j.c.c.v.Cas20ProxyTicketValidator - Constructing validation url: https://external-ip/cas/proxyValidate?pgtUrl=https%3A%2F%2Fexternal-ip%2Fclient%2Fj_spring_cas_security_proxyreceptor&ticket=ST-17-PN26WtdsZqNmpUBS59RC-cas&service=https%3A%2F%2Fexternal-ip%2Fclient%2Fj_spring_cas_security_check 09:11:38.886 [http-bio-8080-exec-2] DEBUG o.j.c.c.v.Cas20ProxyTicketValidator - Retrieving response from server. keyStore is : /path/to/tomcat/ssl/cert.pfx keyStore type is : PKCS12 keyStore provider is : init keystore init keymanager of type SunX509 *** found key for : 1 chain [0] = [ [ Version: V1 Subject: CN=wrong.domain.name, O=Our organization, L=Location, ST=State, C=Country Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5 Key: Sun RSA public key, 1024 bits modulus: 13??a lot of digits here??19 public exponent: ????7 Validity: [From: Tue Apr 24 16:32:18 CEST 2012, To: Wed Apr 24 16:32:18 CEST 2013] Issuer: CN=wrong.domain.name, O=Our organization, L=Location, ST=State, C=Country SerialNumber: [ d??????? ????????] ] Algorithm: [SHA1withRSA] Signature: 0000: 65 Signature is here 0070: 96 . ] *** trustStore is: /jdk-home-folder/jre/lib/security/cacerts Here is a lot of trusted CAs. Here is nothing related to our certicate or our (not trusted) CA. ... 09:11:39.731 [http-bio-8080-exec-4] DEBUG o.j.c.c.v.Cas20ProxyTicketValidator - Retrieving response from server. Allow unsafe renegotiation: false Allow legacy hello messages: true Is initial handshake: true Is secure renegotiation: false %% No cached client session *** ClientHello, TLSv1 RandomCookie: GMT: 1347433643 bytes = { 63, 239, 180, 32, 103, 140, 83, 7, 109, 149, 177, 80, 223, 79, 243, 244, 60, 191, 124, 139, 108, 5, 122, 238, 146, 1, 54, 218 } Session ID: {} Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV] Compression Methods: { 0 } *** http-bio-8080-exec-4, WRITE: TLSv1 Handshake, length = 75 http-bio-8080-exec-4, WRITE: SSLv2 client hello message, length = 101 http-bio-8080-exec-4, READ: TLSv1 Handshake, length = 81 *** ServerHello, TLSv1 RandomCookie: GMT: 1347433643 bytes = { 145, 237, 232, 63, 240, 104, 234, 201, 148, 235, 12, 222, 60, 75, 174, 0, 103, 38, 196, 181, 27, 226, 243, 61, 34, 7, 107, 72 } Session ID: {79, 202, 117, 79, 130, 216, 168, 38, 68, 29, 182, 82, 16, 25, 251, 66, 93, 108, 49, 133, 92, 108, 198, 23, 120, 120, 135, 151, 15, 13, 199, 87} Cipher Suite: SSL_RSA_WITH_RC4_128_SHA Compression Method: 0 Extension renegotiation_info, renegotiated_connection: <empty> *** %% Created: [Session-2, SSL_RSA_WITH_RC4_128_SHA] ** SSL_RSA_WITH_RC4_128_SHA http-bio-8080-exec-4, READ: TLSv1 Handshake, length = 609 *** Certificate chain chain [0] = [ [ Version: V1 Subject: CN=wrong.domain.name, O=Our organization, L=Location, ST=State, C=Country Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5 Key: Sun RSA public key, 1024 bits modulus: 13??a lot of digits here??19 public exponent: ????7 Validity: [From: Tue Apr 24 16:32:18 CEST 2012, To: Wed Apr 24 16:32:18 CEST 2013] Issuer: CN=wrong.domain.name, O=Our organization, L=Location, ST=State, C=Country SerialNumber: [ d??????? ????????] ] Algorithm: [SHA1withRSA] Signature: 0000: 65 Signature is here 0070: 96 . ] *** http-bio-8080-exec-4, SEND TLSv1 ALERT: fatal, description = certificate_unknown http-bio-8080-exec-4, WRITE: TLSv1 Alert, length = 2 http-bio-8080-exec-4, called closeSocket() http-bio-8080-exec-4, handling exception: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target I tried to convert our pem certificate to der format and imported it to trustedKeyStore (cacerts) (without private key), but it didn't change anything. But I'm not confident that I did it rigth. Also I must inform you that I don't know passphrase for our servier-key.pem file, and probably it differs from password for keystore created by me. OS: CentOS 6.2 Architecture: x64 Tomcat version: 7 Apache HTTP Server version: 2.4 Is there any way to make Tomcat accepts our certificate?

    Read the article

  • How to authenticate my own provider( only for testing purposes)

    - by user308806
    Dear all Now, I wrote a new provider (ESMJCE provider), and I also write a simple application to test it, but I have some exceptions like that java.lang.SecurityException: JCE cannot authenticate the provider ESMJCE at javax.crypto.Cipher.getInstance(DashoA13*..) at javax.crypto.Cipher.getInstance(DashoA13*..) at testprovider.main(testprovider.java:27) Caused by: java.util.jar.JarException: Cannot parse file:/C:/Program%20Files/Java/jre1.6.0_02/lib/ext/abc.jar at javax.crypto.SunJCE_c.a(DashoA13*..) at javax.crypto.SunJCE_b.b(DashoA13*..) at javax.crypto.SunJCE_b.a(DashoA13*..) ... 3 more And here is my source code import java.security.Provider; import java.security.Security; import javax.crypto.Cipher; import esm.jce.provider.ESMProvider; public class testprovider { / @param args / public static void main(String[] args) { // TODO Auto-generated method stub ESMProvider esmprovider = new esm.jce.provider.ESMProvider(); Security.insertProviderAt(esmprovider,2); Provider[] temp = Security.getProviders(); for (int i= 0; i<temp.length; i++){ System.out.println("Providers: " temp[i].getName()); } try{ Cipher cipher = Cipher.getInstance("DES", "ESMJCE"); System.out.println("Cipher: " cipher); int blockSize= cipher.getBlockSize(); System.out.println("blockSize= " + blockSize); }catch (Exception e){ e.printStackTrace(); } } } Please help me solve this issue Thanks

    Read the article

  • ProviderException: InvalidCastException

    - by JS
    Few of our clients are regularly getting invalid cast exception, with variations i.e. InvalidCastException / ProviderException, but both generating from method call: System.Web.Security.SqlRoleProvider.GetRolesForUser(String username) The other variation is: Exception type: InvalidCastException Exception message: Unable to cast object of type System.Int32 to type System.String. I had a look at application event log which shows: Stack trace: at System.Web.Security.SqlRoleProvider.GetRolesForUser(String username) at System.Web.Security.RolePrincipal.IsInRole(String role) at System.Web.Configuration.AuthorizationRule.IsTheUserInAnyRole(StringCollection roles, IPrincipal principal) at System.Web.Configuration.AuthorizationRule.IsUserAllowed(IPrincipal user, String verb) at System.Web.Configuration.AuthorizationRuleCollection.IsUserAllowed(IPrincipal user, String verb) at System.Web.Security.UrlAuthorizationModule.OnEnter(Object source, EventArgs eventArgs) at System.Web.HttpApplication.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)* Has anyone come across this issue, and if so what is the fix? Thanks JS

    Read the article

  • WCF Fails when using impersonation over 2 machine boundaries (3 machines)

    - by MrTortoise
    These scenarios work in their pieces. Its when i put it all together that it breaks. I have a WCF service using netTCP that uses impersonation to get the callers ID (role based security will be used at this level) on top of this is a WCF service using basicHTTP with TransportCredientialOnly which also uses impersonation I then have a client front end that connects to the basicHttp. the aim of the game is to return the clients username from the netTCP service at the bottom - so ultimatley i can use role based security here. each service is on a different machine - and each service works when you remove any calls they make to other services when you run a client for them both locally and remotley. IE the problem only manifests when you jump accross more than one machine boundary. IE the setup breaks when i connect each part together - but they work fine on their own. I also specify [OperationBehavior(Impersonation = ImpersonationOption.Required)] in the method and have IIS setup to only allow windows authentication (actually i have ananymous enabled still, but disabling makes no difference) This impersonation works fine in the scenario where i have a netTCP Service on Machine A with a client with a basicHttp service on machine B with a clinet for the basicHttp service also on machine B ... however if i move that client to any machine C i get the following error: The exception is 'The socket connection was aborted. This could be caused by an error processing your message or a receive timeout being exceeded by the remote host, or an underlying network resource issue. Local socket timeout was '00:10:00'' the inner message is 'An existing connection was forcibly closed by the remote host' Am beginning to think this is more a network issue than config ... but then im grasping at straws ... the config files are as follows (heading from the client down to the netTCP layer) <?xml version="1.0" encoding="utf-8" ?> <configuration> <system.serviceModel> <bindings> <basicHttpBinding> <binding name="basicHttpBindingEndpoint" closeTimeout="00:02:00" openTimeout="00:02:00" receiveTimeout="00:10:00" sendTimeout="00:02:00" allowCookies="false" bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard" maxBufferSize="65536" maxBufferPoolSize="524288" maxReceivedMessageSize="65536" messageEncoding="Text" textEncoding="utf-8" transferMode="Buffered" useDefaultWebProxy="true"> <readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384" maxBytesPerRead="4096" maxNameTableCharCount="16384" /> <security mode="TransportCredentialOnly"> <transport clientCredentialType="Windows" proxyCredentialType="None" realm="" /> <message clientCredentialType="UserName" algorithmSuite="Default" /> </security> </binding> </basicHttpBinding> </bindings> <client> <endpoint address="http://panrelease01/WCFTopWindowsTest/Service1.svc" binding="basicHttpBinding" bindingConfiguration="basicHttpBindingEndpoint" contract="ServiceReference1.IService1" name="basicHttpBindingEndpoint" behaviorConfiguration="ImpersonationBehaviour" /> </client> <behaviors> <endpointBehaviors> <behavior name="ImpersonationBehaviour"> <clientCredentials> <windows allowedImpersonationLevel="Impersonation"/> </clientCredentials> </behavior> </endpointBehaviors> </behaviors> </system.serviceModel> </configuration> the service for the client (basicHttp service and the client for the netTCP service) <?xml version="1.0" encoding="UTF-8"?> <configuration> <system.web> <compilation debug="true" targetFramework="4.0" /> </system.web> <system.serviceModel> <bindings> <netTcpBinding> <binding name="netTcpBindingEndpoint" closeTimeout="00:01:00" openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00" transactionFlow="false" transferMode="Buffered" transactionProtocol="OleTransactions" hostNameComparisonMode="StrongWildcard" listenBacklog="10" maxBufferPoolSize="524288" maxBufferSize="65536" maxConnections="10" maxReceivedMessageSize="65536"> <readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384" maxBytesPerRead="4096" maxNameTableCharCount="16384" /> <reliableSession ordered="true" inactivityTimeout="00:10:00" enabled="false" /> <security mode="Transport"> <transport clientCredentialType="Windows" protectionLevel="EncryptAndSign" /> <message clientCredentialType="Windows" /> </security> </binding> </netTcpBinding> <basicHttpBinding> <binding name="basicHttpWindows"> <security mode="TransportCredentialOnly"> <transport clientCredentialType="Windows"></transport> </security> </binding> </basicHttpBinding> </bindings> <client> <endpoint address="net.tcp://5d2x23j.panint.com/netTCPwindows/Service1.svc" binding="netTcpBinding" bindingConfiguration="netTcpBindingEndpoint" contract="ServiceReference1.IService1" name="netTcpBindingEndpoint" behaviorConfiguration="ImpersonationBehaviour"> <identity> <dns value="localhost" /> </identity> </endpoint> </client> <behaviors> <endpointBehaviors> <behavior name="ImpersonationBehaviour"> <clientCredentials> <windows allowedImpersonationLevel="Impersonation" allowNtlm="true"/> </clientCredentials> </behavior> </endpointBehaviors> <serviceBehaviors> <behavior name="WCFTopWindowsTest.basicHttpWindowsBehaviour"> <!-- To avoid disclosing metadata information, set the value below to false and remove the metadata endpoint above before deployment --> <serviceMetadata httpGetEnabled="true" /> <!-- To receive exception details in faults for debugging purposes, set the value below to true. Set to false before deployment to avoid disclosing exception information --> <serviceDebug includeExceptionDetailInFaults="true" /> </behavior> </serviceBehaviors> </behaviors> <services> <service name="WCFTopWindowsTest.Service1" behaviorConfiguration="WCFTopWindowsTest.basicHttpWindowsBehaviour"> <endpoint address="" binding="basicHttpBinding" bindingConfiguration="basicHttpWindows" name ="basicHttpBindingEndpoint" contract ="WCFTopWindowsTest.IService1"> </endpoint> </service> </services> <serviceHostingEnvironment multipleSiteBindingsEnabled="true" /> </system.serviceModel> <system.webServer> <modules runAllManagedModulesForAllRequests="true" /> <directoryBrowse enabled="true" /> </system.webServer> </configuration> then finally the service for the netTCP layer <?xml version="1.0" encoding="UTF-8"?> <configuration> <system.web> <authentication mode="Windows"></authentication> <authorization> <allow roles="*"/> </authorization> <compilation debug="true" targetFramework="4.0" /> <identity impersonate="true" /> </system.web> <system.serviceModel> <bindings> <netTcpBinding> <binding name="netTCPwindows"> <security mode="Transport"> <transport clientCredentialType="Windows"></transport> </security> </binding> </netTcpBinding> </bindings> <services> <service behaviorConfiguration="netTCPwindows.netTCPwindowsBehaviour" name="netTCPwindows.Service1"> <endpoint address="" bindingConfiguration="netTCPwindows" binding="netTcpBinding" name="netTcpBindingEndpoint" contract="netTCPwindows.IService1"> <identity> <dns value="localhost" /> </identity> </endpoint> <endpoint address="mextcp" binding="mexTcpBinding" contract="IMetadataExchange"/> <host> <baseAddresses> <add baseAddress="net.tcp://localhost:8721/test2" /> </baseAddresses> </host> </service> </services> <behaviors> <serviceBehaviors> <behavior name="netTCPwindows.netTCPwindowsBehaviour"> <!-- To avoid disclosing metadata information, set the value below to false and remove the metadata endpoint above before deployment --> <serviceMetadata httpGetEnabled="false" /> <!-- To receive exception details in faults for debugging purposes, set the value below to true. Set to false before deployment to avoid disclosing exception information --> <serviceDebug includeExceptionDetailInFaults="true" /> </behavior> </serviceBehaviors> </behaviors> <serviceHostingEnvironment multipleSiteBindingsEnabled="true" /> </system.serviceModel> <system.webServer> <modules runAllManagedModulesForAllRequests="true" /> <directoryBrowse enabled="true" /> </system.webServer> </configuration>

    Read the article

  • DSACryptoServiceProvider constructor throws CryptographicException

    - by Rick
    This code below thows the following error: System.Security.Cryptography.CryptographicException "The handle is invalid" CspParameters CSPParam = new System.Security.Cryptography.CspParameters(13, null, null); CSPParam.Flags = CspProviderFlags.UseMachineKeyStore; CSPParam.KeyContainerName = "MyKeys"; System.Security.Cryptography.DSACryptoServiceProvider r = new System.Security.Cryptography.DSACryptoServiceProvider(CSPParam); //Error occurs here This code had been working with no issues then it started throwing this error. I can't think of anything that I have changed that relates to this. Has nayone seen this error? Any ideas of what to try?

    Read the article

  • What policies are standard for programmers?

    - by Shehket's Apprentice
    My office is about has proposed implementing some extremely strict (I would consider them draconian) policies regarding programmers, and our access due to security concerns (note, we have never had a security breach). While I can theoretically get used to them, I'd like to ask about what is considered good security policy for programmers, specifically in the area of access policies, and what is too much? Any answers to this question are greatly appreciated as they directly relate to my ability to write code, and I can't find anything so far on Google. Edit: Most of the security policies that concern me are about access to my machine and to the code. According to these proposed policies, I'd need management approval to access either, which means that I'd be forced to get management to unlock my computer anytime I leave my desk as my computer is always locked when I'm not at my desk.

    Read the article

  • How to ignore the error of the certificate

    - by cavin luo
    Sorry ,my English is poor, I have never speak English after I leave the school. but now this problem have trouble me for a long days. My problem: when I open the website which the security certificate is wrong ,then IE8 show: =========================== There is a problem with this website's security certificate. The security certificate presented by this website was not issued by a trusted certificate authority. Security certificate problems may indicate an attempt to fool you or intercept any data you send to the server. We recommend that you close this webpage and do not continue to this website. Click here to close this webpage. Continue to this website (not recommended). ============================== I want to open this website(https) without show this alert page the method may use "regedit", or change the internet Options, or by code ......and so on. please help me thanks thanks thanks

    Read the article

  • Porting WebSphere code to get remote credentials to Tomcat

    - by Glenn Lawrence
    I have been asked to look into porting some code from a web app under IBM WAS 7 so that it will run under Tomcat 7. This is part of a larger SPNEGO/Kerberos SSO system but for purposes of discussion I have distilled the code down to the following that shows the dependencies on the two WebSphere classes AccessController and WSSubject: GSSCredential clientCreds = (GSSCredential) com.ibm.ws.security.util.AccessController.doPrivileged(new java.security.PrivilegedAction() { public Object run() { javax.security.auth.Subject subject = com.ibm.websphere.security.auth.WSSubject.getCallerSubject(); GSSCredential clientCreds = (GSSCredential) subject.getPrivateCredentials(GSSCredential.class).iterator().next(); return clientCreds; } }); I'd like to be able to do this in Tomcat.

    Read the article

  • WCF REST Does Not Contain All of the Relative File Path

    - by Brandon
    I have a RESTful WCF 3.5 endpoint as such: System.Security.User.svc This is supposed to represent the namespace of the User class and is desired behavior by our client. I have another endpoint I created for testing called: Echo.svc I am writing an overridden IHttpModule and in my module, I follow what almost everyone does by doing: string path = HttpContext.Current.Request.AppRelativeCurrentExecutionFilePath; If I make a call to: http://localhost/services/Echo/test My path variable has a value of '~/echo/test' However, when I make a call to: http://localhost/services/System.Security.User/test My path variable has a value of '~/system.security.user' In my 2nd situation, it is stripping off the '/test' on the end of any endpoint that contains multiple periods. This is undesired behavior and the only solution I have found to fixing this is some ugly string manipulation using the property which does contain the complete URL path: string rawPath = HttpContext.Current.Request.RawUrl; This returns '/services/system.security.user/test'. Does anyone know why my first situation does not return the rest of the URL path for endpoints that contain multiple periods in the name?

    Read the article

  • How do I create an inheritable Semaphore in .NET?

    - by pauldoo
    I am trying to create a Win32 Semaphore object which is inheritable. This means that any child processes I launch may automatically have the right to act on the same Win32 object. My code currently looks as follows: Semaphore semaphore = new Semaphore(0, 10); Process process = Process.Start(pathToExecutable, arguments); But the semaphore object in this code cannot be used by the child process. The code I am writing is a port of come working C++. The old C++ code achieves this by the following: SECURITY_ATTRIBUTES security = {0}; security.nLength = sizeof(security); security.bInheritHandle = TRUE; HANDLE semaphore = CreateSemaphore(&security, 0, LONG_MAX, NULL); Then later when CreateProcess is called the bInheritHandles argument is set to TRUE. (In both the C# and C++ case I am using the same child process (which is C++). It takes the semaphore ID on command line, and uses the value directly in a call to ReleaseSemaphore.) I suspect I need to construct a special SemaphoreSecurity or ProcessStartInfo object, but I haven't figured it out yet.

    Read the article

  • Tomcat 6 Realm Config with Windows AD

    - by mat
    We have Tomcat 6 connecting to a Win2k3 Server running AD. The realm is configured as such <Realm className="org.apache.catalina.realm.JNDIRealm" debug="99" referrals="follow" connectionURL="<url>" connectionName="CN=Query Account,OU=Service Accounts,DC=company,DC=com" connectionPassword="<pwd>" userBase="OU=Users,DC=company,DC=com" userSubtree="true" userSearch="(sAMAccountName={0})" userRoleName="member" roleBase="OU=Security Groups,DC=company,DC=com" roleName="cn" roleSearch="(member={0})" roleSubtree="true"/> Our groups in AD are such Security Groups (OU) IT (OU) IT Support (OU) Support Staff (CN) The LDAP security works if in the web.xml, I speficy Support Staff. i.e works for Common names. We want ANY user under Security Groups OU to have access to the application and not just the CN. Tomcat does not search OU's and it just searches CN's in our case. How do we configure our settings so we can do OU level authorization and not just CN level ? thanks Mat

    Read the article

  • WCF expired token?

    - by Rev
    Hi i use wshttpbinding in my service Config and message security. my app works fine but after 10 or 20 min when client call any method of service, an exception throw cuz my security token will be expired, and connection cant be work. one solution is re_create connection to make new token (but i cant use this cuz my service contain datacontext and if i re_create service, datacontext will be new) other solution is change security type from message to transport (i try this solution but nothing change cuz other exception throw)

    Read the article

  • BeanCreationException in Spring Framework .WAR deploy to Tomcat 6 on Ubuntu 9.10

    - by JediPotPie
    I am in the process of switching from a Windows box to Ubunutu and I want to run my own local instance of Tomcat 6. I have installed Tomcat 6 without any basic issues. When I try to deploy a .war file that I had running on the Tomcat 6 instance on my Windows box I am getting the following error.... Apr 26, 2010 3:30:27 PM org.apache.catalina.core.ApplicationContext log INFO: Initializing Spring root WebApplicationContext Apr 26, 2010 3:30:27 PM org.apache.catalina.core.StandardContext listenerStart SEVERE: Exception sending context initialized event to listener instance of class org.springframework.web.context.ContextLoaderListener org.springframework.beans.factory.CannotLoadBeanClassException: Cannot find class [com.ameren.eam.ldap.LdapDAONovellImpl] for bean with name 'testNovellDao' defined in ServletContext resource [/WEB-INF/applicationContext.xml]; nested exception is java.lang.ClassNotFoundException: com.ameren.eam.ldap.LdapDAONovellImpl at org.springframework.beans.factory.support.AbstractBeanFactory.resolveBeanClass(AbstractBeanFactory.java:1173) at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.predictBeanType(AbstractAutowireCapableBeanFactory.java:479) at org.springframework.beans.factory.support.AbstractBeanFactory.isFactoryBean(AbstractBeanFactory.java:787) at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:393) at org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:736) at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:369) at org.springframework.web.context.ContextLoader.createWebApplicationContext(ContextLoader.java:261) at org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:199) at org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:45) at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:3934) at org.apache.catalina.core.StandardContext.start(StandardContext.java:4429) at org.apache.catalina.manager.ManagerServlet.start(ManagerServlet.java:1249) at org.apache.catalina.manager.HTMLManagerServlet.start(HTMLManagerServlet.java:612) at org.apache.catalina.manager.HTMLManagerServlet.doGet(HTMLManagerServlet.java:136) at javax.servlet.http.HttpServlet.service(HttpServlet.java:617) at javax.servlet.http.HttpServlet.service(HttpServlet.java:717) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:616) at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:269) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.Subject.doAsPrivileged(Subject.java:537) at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:301) at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:162) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:283) at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:56) at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:189) at java.security.AccessController.doPrivileged(Native Method) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:185) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:525) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:293) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:849) at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583) at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:454) at java.lang.Thread.run(Thread.java:636) Caused by: java.lang.ClassNotFoundException: com.ameren.eam.ldap.LdapDAONovellImpl at org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1399) at org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1245) at org.springframework.util.ClassUtils.forName(ClassUtils.java:230) at org.springframework.beans.factory.support.AbstractBeanDefinition.resolveBeanClass(AbstractBeanDefinition.java:381) at org.springframework.beans.factory.support.AbstractBeanFactory.resolveBeanClass(AbstractBeanFactory.java:1170) ... 40 more The class that is not being found is located at /WEB-INF/classes/com/ameren/eam/ldap/LdapDAONovellImpl.class relative to /WEB-INF/applicationContext.xml. I cannot figure out why it cannot find the class? Any ideas would be great.

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 217 218 219 220 221 222 223 224 225 226 227 228  | Next Page >