Search Results

Search found 1466 results on 59 pages for 'authenticate'.

Page 31/59 | < Previous Page | 27 28 29 30 31 32 33 34 35 36 37 38  | Next Page >

  • Samba file shares - ownership of folder accessible for 1 group verified by MS active direcctory

    - by jackweirdy
    I have a machine set up to share a folder /srv/sambashare, here's an exerpt of the config file: [share] path = /srv/sambashare writable = yes The permissions of that folder are set at 700 and it is owned by nobody:nogroup at the moment. The problem I face is probably a simple one but I'm fairly new to Samba so I'm not sure what to do. The contents of the share should be accessible to a particular user who will authenticate with domain credentials, checked against Active Directory by kerberos. I haven't got kerberos configured yet as I wanted to test the share as soon as samba was configured, albeit basically, to ensure that it works. I've noticed that I can only access & write to the share when the folder is either owned by the user logging in or made world writable. The key issues are that this folder can't be world writable as it contains sensitive stuff, but at the same time can't be owned by a user or group since they come from the AD server. Anyone know what I should do?

    Read the article

  • Why are my log in times taking so long in Linux?

    - by Jamie
    In recent weeks, login times on my Ubuntu server have started timing out; both through SSH and the local command line console. Examination of the /var/auth.log yields nothing interesting. How can I diagnose long log in times on my Ubuntu server? I should mention, also, that no updates have been performed since the problem has started, and that the /, /boot/ and /usr/ file systems are mounted as readonly. [Edit] This is a stand alone machine, so it doesn't authenticate with Active Directory, LDAP etc. Also, the login prompt is responsive, as is the password prompt. Upon typing the password then CR, I'll timeout. After four a five tries, I will be able to login, although I'm worried this will start taking longer.

    Read the article

  • Is there a way in IE9 on a Virtual Machine to do AD auth in IE9 without the machine being added to the domain but the host machine is?

    - by Micah Armantrout
    I have a virtual machine that is running IE 9 and windows 7 Latest Updates that I want to use to test my intranet site (ASP.Net Application). I can't add the virtual machine to the domain and I don't want to have to type my ad cruds everytime I load the site up. Is there a way for the IE on the virtualbox to Authenticate as my AD Cruds on the host machine so I don't have to always put my username and password in ? I guess I can just have IE on the virtual machine remember my username and password but other than that is there another way to do this ?

    Read the article

  • SVN Active Directory authentication with ProxyPass redirect in the mix

    - by Jason B. Standing
    We have a BitNami SVN stack running on a Windows machine which holds our SVN repository. It's set up to authenticate against our AD server and uses authz to control rights. Everything works perfectly if Tortoise points at http://[machine name]/svn However - we need to be able to access it from http://[domain]/svn. The domain name points to a linux environment that we're decommissioning, but until we do, other systems on that box prevent us from just re-pointing the domain record. Currently, we've got a ProxyPass record on the linux machine to forward requests through to http://[machine name]/svn - it seems to work fine, and the endpoint machine asks for credentials, then authenticates: but when that happens, the access attempt is logged as coming from the linux box, rather than from the user who has authenticated. It's almost like some element of the credentials aren't being passed through to the endpoint machine. Has anyone done this before, or is there other info I can give to try to make sense of this problem, and figure out a way to solve it? Thankyou!

    Read the article

  • Adding a W2008 Authenticating Server to existing W2003 Domain?

    - by spelk
    I have an existing W2003 Domain, simple setup with one DC and a SQL Server (approx 100 users). There are issues with Windows 7 Clients and login scripts and we're now seeing much greater numbers of Windows 7 users turning up as they upgrade their PC/Laptops. What I want to do, is add another Server with W2008 on it, and authenticate the Windows 7 Clients - but leave the W2003 server running as is - to prevent disruption to the network and the existing WinXP users. Is it possible? Any advice as to how do this, without major disruption to the W2003 network?

    Read the article

  • Trying to get MYLDAPAdmin working on Scientific Linux

    - by techsjs2012
    I am trying to get MYLDAPAdmin working on Scientific Linux. I downloaded it and installed it but I am getting the following message. It looks like my PHP is not setup for LDAP. Can someone help me? Missing required extension Your install of PHP appears to be missing LDAP support. Please install LDAP support before using phpLDAPadmin. (Dont forget to restart your web server afterwards) After adding php-ldap.. I am now getting this error Unable to connect to LDAP server dvldap01.uftwf Error: Can't contact LDAP server (-1) for user error Failed to Authenticate to server Invalid Username or Password.

    Read the article

  • AD Local Admins without password sharing

    - by Cocoabean
    My team is building out an Active Directory environment in a small grad school with support for general computer labs, and staff/faculty machine and account management. We have a team of student consultants that are hired to do general help desk work. As of now we have a local admin account on every machine. It has the same password and all of us know it. I know it's not best practice and I want to avoid this with the new setup. We want to have local admin accounts in case there are network issues that prevent AD authentication, but we do not want this account to be generic with a shared password. Is there a way we can get each machine to cache the necessary information to authenticate a group of local admins so that if AD is somehow inaccessible, student consultants can still login with their AD admin accounts?

    Read the article

  • Asterisk is hacking itself [duplicate]

    - by Shirker
    This question already has an answer here: How do I deal with a compromised server? 11 answers I've got some strange logs on my asterisk (and there a lot of extensions were tried): chan_sip.c: Failed to authenticate device 6006<sip:[email protected]>;tag=f106f3fe but IP XX.XX.XX.39 is its OWN IP! cat /etc/asterisk/* | grep 6006 returns nothing. asterisk -rv Asterisk 11.4.0 How its possible, that its hacks itself? And how could I trace, where it comes from?

    Read the article

  • RHEL 6.5 and LDAP

    - by zuboje
    I am trying to connect our Active directory server to brand new RHEL 6.5 server. I want to authenticate users using AD credentials, but I want to restrict that only certain users can login, I don't want to allow anybody from AD to connect to it. I would like to use something like this: CN=linuxtest,OU=SecurityGroups,DC=mydomain,DC=local but I am not sure how would I setup OU and CN. I use sssd for authentication and my id_provider = ad. I wanted to use id_provider = ldap, but that did not work at all and RHEL customer service told me to setup this way. But I want to have a little bit more control who can do what. I know I can use this to restrict simple_allow_users = user1, user2, but I have 400+ users, I really don't want to go and type them all. Question is how would I setup OU or CN for my search?

    Read the article

  • Login-time quota for VPN users

    - by Isaac
    I have configured Routing and Remote Access Service in Windows Server 2003 as the VPN server. VPN users are defined in Active Directory which is running on this server too. How i can configure the server to give each user a limited download size (for example 1GB) and does not authenticate them when they exceeds their download quota. The VPN server should also disconnect the users that reach their quota. Update: Apparently a third-party RADIUS server could provide this feature. One solution I have found is TekRADIUS but it is commercial. FreeRADIUS is a open-source free RADIUS server but I am not sure if it could these kind of features.

    Read the article

  • How do I make stunnel verify a clients certificate?

    - by unixman83
    NOTE: The title is misleading. Please correct it if you know a better title. What I want to know is how do I create the SSL keys / certificates needed for this. Hi. I am using stunnel to authenticate RDP (Remote Desktop) and I need to verify that a client possesses the proper credentials. So people cannot brute force into the machine. I am also using a bad (outdated) version of RDP that has security vulnerabilities, so stunnel is a must. I will preshare the necessary .pem's between machines. What are the openssl commands I need to create the right .pem files on both the client and on the server? What files need to be shared?

    Read the article

  • SVN + Active Directory

    - by rudigrobler
    How do I setup SVN (On a linux box - Centos 5.2) to authenticate using Active Directory? Also: Any tips or tricks? What should I watch out for? How fine grain can I set the access? This group have access to these projects, etc? And how does this work if I use something like tortoissvn to access my repository? What I have learned so far: you need the following modules installed for apache mod_ldap mod_authnz_ldap mod_dav mod_dav_svn mod_authz_svn?

    Read the article

  • Cisco WLAN Controller not pushing out DHCP addresses, what else could it be?

    - by Name
    On our Cisco WLAN Controller web interfaces, in Controller Interfaces, I have made a new interface with these settings: VLAN Identifier 202 IP Address 172.16.202.1 Netmask 255.255.255.0 Gateway 172.16.202.254 Primary DHCP Server 172.16.100.3 Secondary DHCP Server 172.16.100.2 Port: LAG I've also made a new WLAN and assigned it to the above interface. I have saved changes. But our wireless devices, although they seem to authenticate with the WLAN fine, they always get stuck on "obtaining DHCP address", so it seems the WLAN Controller isn't pushing out DHCP addresses to our devices. We do have a DHCP scope for the above in Windows Server 2008 R2 and everything there seems fine. If I connect a device with a static address (e.g. 172.16.202.10), it will connect. Stuck on what to do :(

    Read the article

  • Controlling access to my API using SSH public key (not SSL)

    - by tharrison
    I have the challenge of implementing an API to be consumed by relatively non-technical clients -- pasting some sample code into their WordPress or homegrown PHP site is probably as much as we can ask. Asking them to install SSL on their servers ain't happening. So I am seeking a simple yet secure way to authenticate API clients. OAuth is the obvious solution, but I don't think it passes the "simple" test. Adding a client id and hashed secret as a parameter to the requests is closer -- it's not hard to do md5($secret . $client_id) or whatever the php would be. It seems to me that if client requests could use the same approach as SSH public keys (client gives us a key from their server(s) there should be some existing magic to make all of the subsequent transactions transparently work just as regular HTTP API requests. I am still working this out (obviously :-), so if I am being an idiot, it would be nice to know why. Thanks!

    Read the article

  • Possible? OpenVPN server requiring both certificate- AND password-based login (via Tomato router firmware)

    - by Eric
    I've been using Shibby's build of Tomato (64k NVRAM version) on my Asus N66U router in order to run an OpenVPN server. I'm curious whether it's possible to setup this OpenVPN server to require both a certificate AND a username/password before a user is allowed access. I noticed there's a "challenge password" entry when filling out the certificate details, but everyone says to leave it blank "or else"; I have no idea why, and I can't find an explanation. In addition, I've Google'd this issue a bunch and have noticed people talking about a PAM module for OpenVPN in order to authenticate via username/password, but that appeared to be an either/or option; in other words, I can force authentication via username/password OR certificate. I want to require both. Is this possible? If so, how?

    Read the article

  • Auth failed running command from shell script

    - by CSchulz
    I try to run following command from shell script: svn checkout http://url/ --username user --password password --non-interactive --no-auth-cache . It fails always with following error: svn: OPTIONS of 'http://url/': authorization failed: Could not authenticate to server: rejected Basic challenge (http://url) Here the call out of my script: $(svn $command $url $auth --non-interactive --no-auth-cache .) Running the same command from the terminal works fine. What is the difference between running from shell script and terminal? EDIT: Here some version information: OS: Porteus 1.0 based on Slackware 13.3 Subversion: subversion-1.6.16-i486-1

    Read the article

  • Hyper-V Manager - Host Access During a Catastrophe

    - by LonnieBest
    How can I ensure that I can always have Hyper-V Manager access to a Hyper-V server, even in the event that the Active Directory Server is down (in a domain-login environment)? Background: The one that came before me, set up the company's servers as virtual machines on top of a host running Hyper-V Server 6.1 (7601) Service Pack 1. For managing Hyper-V, he installed Window 7 onto a virtual machine (run on the same host) with Hyper-V Manager installed. When the (virtual) Active Directory server (run on this same host) is rebooted, during that reboot, I'm unable to RDP into the Windows 7 virtual machine, and I'm therefore unable to access Hyper-V Manager when the Active Directory server is down. I suspect I can't login because I can't authenticate with the Active Directory Server. I'm going to install Hyper-V Manger onto some addition manager's workstations, but how can I ensure they'll have access in a catastrophe where Active Directory authentication isn't possible?

    Read the article

  • Building a Student Storage server

    - by DobotJr
    I work for a school district. I've been put in charge of building a storage server for students. A place for them to work off of from school and home. My challenge is getting this to work from home. At school they login, authenticate, and they get a mapped drive to their folder on the server (S:\fileserver\studentname). My question is how can I make this available to students at home? The server is running Windows Server 2003 R1. I've got PHP, Apache, and MySQL working together. My idea is to write a script that will "crawl" through the directory containing all of the student folders, then create an instance of every file and folder in a MySQL DB. Create a login page that will use LDAP for authentication, and once they login to the server from home, they get a page with folders a files tied to their username. Has anyone out there ever put something like this together??

    Read the article

  • Curl, twitter oauth problem

    - by Darxval
    Does anyone see a problem with the following Curl call / how the Oauth request is built? (i am trying to get a correctly setup request so i can finish my app) So i am calling the following CURL call: C:\>curl -v -k --data-urlencode "status=Testing2" -H "Authorization: OAuth realm='', oauth_nonce=1276107867blah, oauth_timestamp=1276107867, oauth_consumer_key=yJDLH7BDdVi1OKIINSV7Q, oauth_signature_method=HMAC-SHA1, oauth_version=1.0, oauth_signature=NWU4MDdlNjk0OGIxYWQ1YTkyNmU5YjU1NGYyOTczMmU5ZDg5 YWNkNA==, staus=Testing2 " http://twitter.com/statuses/update.xml?status=Testing2 and i recieve this: * About to connect() to twitter.com port 80 (#0) * Trying 168.143.162.68... connected * Connected to twitter.com (168.143.162.68) port 80 (#0) > POST /statuses/update.xml?status=Testing2 HTTP/1.1 > User-Agent: curl/7.20.1 (i386-pc-win32) libcurl/7.20.1 OpenSSL/0.9.8n zlib/1.2.5 libidn/1.18 libssh2/1.2.5 > Host: twitter.com > Accept: */* > Authorization: OAuth realm='', oauth_nonce=1276106370blah, oauth_timestamp=1276106370, oauth_consumer_key=yJDLH7BDdVi1OKIINSV7Q, oauth_signature_method=HMAC-SHA1, oauth_version=1.0, oauth_signature=MjQzNDA1MGU4NGRmMWVjMzUwZmQ4YzE5NzMzY2I1ZDJlOTRkNmQ2Zg==, staus=Testing2 > Content-Length: 15 > Content-Type: application/x-www-form-urlencoded > < HTTP/1.1 401 Unauthorized < Date: Wed, 09 Jun 2010 18:00:22 GMT < Server: hi < Status: 401 Unauthorized < WWW-Authenticate: Basic realm="Twitter API" < X-Runtime: 0.00548 < Content-Type: application/xml; charset=utf-8 < Content-Length: 164 < Cache-Control: no-cache, max-age=1800 < Set-Cookie: k=209.234.229.21.1276106420885412; path=/; expires=Wed, 16-Jun-10 18:00:20 GMT; domain=.twitter.com < Set-Cookie: guest_id=127610642214871948; path=/; expires=Fri, 09 Jul 2010 18:00:22 GMT < Set-Cookie: _twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCIm33h0pAToHaWQiJTkyMjllODE0NTdiYWE1%250AMWU1MzBmNjgwMTFiMDhkYjdlIgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVy%250AOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--8ebb3c62d461d28f8fda7b8adab642af66969f7e; domain=.twitter.com; path=/ < Expires: Wed, 09 Jun 2010 18:30:20 GMT < Vary: Accept-Encoding < Connection: close < <?xml version="1.0" encoding="UTF-8"?> <hash> <request>/statuses/update.xml?status=Testing2</request> <error>Could not authenticate with OAuth.</error> </hash> * Closing connection #0 my Parameters are setup like so: var parameters = [encodeURIComponent("status="+status),encodeURIComponent("oauth_token="+ac_token),encodeURIComponent("oauth_consumer_key="+"yJDLH7BDdVi1OKIINSV7Q"),encodeURIComponent("oauth_nonce="+nonce,"oauth_signature_method=HMAC-SHA1"),encodeURIComponent("oauth_timestamp="+timestamp),encodeURIComponent("oauth_version=1.0")] var join = parameters.join("&"); var eparamjoin =encodeURIComponent(join); The key is like so: var key=con_secret+"&"+ac_secret; Signature base string is: var signaturebs = "POST&"+encodeURIComponent(url)+"&"+eparamjoin; giving this: POST&http%3A%2F%2Ftwitter.com%2Fstatuses%2Fupdate.xml&status%253DTesting2%26oauth_token%253D142715285-yi2ch324S3zfyKyJby6WDUZOhCsiQuKNUtc3nAGe%26oauth_consumer_key%253DyJDLH7BDdVi1OKIINSV7Q%26oauth_nonce%253D1276107867blah%26oauth_timestamp%253D1276107867%26oauth_version%253D1.0 and signature built like so: var hmac = Crypto.HMAC(Crypto.SHA1, signaturebs,key ); var signature=Base64.encode(hmac); making the signature: NWU4MDdlNjk0OGIxYWQ1YTkyNmU5YjU1NGYyOTczMmU5ZDg5YWNkNA== Any help would be appreciated thank you!

    Read the article

  • Reuse security code between WCF and MVC.NET

    - by mrjoltcola
    First the background: I jumped into MVC.NET from the Java MVC world, so my implementation below is possibly cheating, I don't know. I avoided fooling with a custom membership provider and I just implemented the base code needed to authenticate and load roles in my LogOn action. Typically I just need to check roles programatically, and have no use for all of the other membership features, so I didn't originally think I needed a full Membership provider. I have a successful WCF project with a custom authentication and authorization layer that I did at least write per the proper API. I implemented it with custom IPrincipal, UserNamePasswordValidator and IAuthorizationPolicy classes to load from an Oracle database. In my WCF services, I use declarative security: [PrincipalPermission(SecurityAction.Demand, Role="ADMIN")]. The question (on the ASP.NET/MCV.NET side): All my reading indicates I should implement a custom Membership/Roles provider, and use [Authorize(Roles="ADMIN")] on my controller actions. At this point, I don't have a true Membership provider, but I'm using the same User class that implements the IPrincipal interface that works with the WCF security. I plan to share common code between the WCF and ASP.NET modules. So my LogOn action is not using the FormsService (and I assume this is bad). I had commented it out, and just used my "UserService" to access the Oracle db. Note my "TODO" comment below. public ActionResult LogOn(LogOnModel model, string returnUrl) { log.Info("Login attempt by " + model.UserName); if (ModelState.IsValid) { User user = userService.findByUserName(model.UserName); // Commented original MemberShipService code, this is probably bad // if (MembershipService.ValidateUser(model.UserName, model.Password)) if (user != null && user.Authenticate(model.Password) == true) { log.Info("Login success by " + model.UserName); FormsService.SignIn(model.UserName, model.RememberMe); // TODO: Override with Custom identity / roles? user.AddRoles(userService.listRolesByUser(user)); // pull in roles from db if (!String.IsNullOrEmpty(returnUrl)) return Redirect(returnUrl); else return RedirectToAction("Index", "Home"); } else { log.Info("Login failure by " + model.UserName); ModelState.AddModelError("", "The user name or password provided is incorrect."); } } // If we got this far, something failed, redisplay form return View(model); } So can I make the above work? Can I stick the IPrincipal (User) into the CurrentContext or HttpContext? Can I integrate the custom IPrincipal I've already created without writing a full Membership/Roles Provider? I currently stick the User object into the session and access it from all MVC.NET controllers with "CurrentUser" property which grabs it from the session on demand. But this doesn't work with the [Authorize] attribute; I assume that is because it knows nothing about my custom Principal in the session, and is instead using whatever FormsService.SignIn() produces. I also found that session timeouts screw up the login redirect, the user doesn't get forwarded, instead we get a null exception accessing User from the session, and I assume it is related to my "skipping steps" to get a quick implementation. Thanks.

    Read the article

  • How to tell Seam to inject a local EJB interface (SLSB) and not the remote EJB interface (SLSB)?

    - by Harshad V
    Hello, I am using Seam with JBoss AS. In my application I have a SLSB which is also declared as a seam component using the @Name annotation. I am trying to inject and use this SLSB in another seam component using the @In annotation. My problem is that sometimes Seam injects the local interface (then the code runs fine) and sometimes seam injects the remote interface (then there is an error in execution of the code). I have tried doing all the things specified on this link: http://docs.jboss.org/seam/2.2.0.GA/reference/en-US/html/configuration.html#config.integration.ejb.container The SeamInterceptor is configured, I have specified the jndi pattern in components.xml file ( < core:init debug="true" jndi-pattern="earName/#{ejbName}/local"/ ), I have also tried using the @JndiName("earName/ejbName/local") annotation for every SLSB, I have tried setting this property ( org.jboss.seam.core.init.jndiPattern=earName/#{ejbName}/local ) in the seam.properties file. I have also tried putting the text below in web.xml file <context-param> <param-name>org.jboss.seam.core.init.jndiPattern</param-name> <param-value>earName/#{ejbName}/local</param-value> </context-param> Even after doing all the above mentioned things, the seam still injects the remote interface sometimes. Am I missing something here? Can anyone tell me how to resolve this issue and tell seam to always inject the local interface? My components.xml file looks like: <?xml version="1.0" encoding="UTF-8"?> <components xmlns="http://jboss.com/products/seam/components" xmlns:core="http://jboss.com/products/seam/core" xmlns:persistence="http://jboss.com/products/seam/persistence" xmlns:drools="http://jboss.com/products/seam/drools" xmlns:bpm="http://jboss.com/products/seam/bpm" xmlns:security="http://jboss.com/products/seam/security" xmlns:mail="http://jboss.com/products/seam/mail" xmlns:web="http://jboss.com/products/seam/web" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation= "http://jboss.com/products/seam/core http://jboss.com/products/seam/core-2.1.xsd http://jboss.com/products/seam/persistence http://jboss.com/products/seam/persistence-2.1.xsd http://jboss.com/products/seam/drools http://jboss.com/products/seam/drools-2.1.xsd http://jboss.com/products/seam/bpm http://jboss.com/products/seam/bpm-2.1.xsd http://jboss.com/products/seam/security http://jboss.com/products/seam/security-2.1.xsd http://jboss.com/products/seam/mail http://jboss.com/products/seam/mail-2.1.xsd http://jboss.com/products/seam/web http://jboss.com/products/seam/web-2.1.xsd http://jboss.com/products/seam/components http://jboss.com/products/seam/components-2.1.xsd"> <core:init debug="true" jndi-pattern="myEarName/#{ejbName}/local"/> <core:manager concurrent-request-timeout="500" conversation-timeout="120000" conversation-id-parameter="cid" parent-conversation-id-parameter="pid"/> <web:hot-deploy-filter url-pattern="*.seam"/> <persistence:managed-persistence-context name="entityManager" auto-create="true" persistence-unit-jndi-name="@puJndiName@"/> <drools:rule-base name="securityRules"> <drools:rule-files> <value>/security.drl</value> </drools:rule-files> </drools:rule-base> <security:rule-based-permission-resolver security-rules="#{securityRules}"/> <security:identity authenticate-method="#{authenticator.authenticate}" remember-me="true"/> <event type="org.jboss.seam.security.notLoggedIn"> <action execute="#{redirect.captureCurrentView}"/> </event> <event type="org.jboss.seam.security.loginSuccessful"> <action execute="#{redirect.returnToCapturedView}"/> </event> <component name="org.jboss.seam.core.init"> <property name="jndiPattern">myEarName/#{ejbName}/local</property> </component> </components> And my EJB component looks like: @Stateless @Name("myEJBComponent") @AutoCreate public class MyEJBComponentImpl implements MyEJBComponentRemote, MyEJBComponentLocal { public void doSomething() { } }

    Read the article

  • JAX-WS, webservices (Spring) issue

    - by vinay
    Hi All, I have written web services and configured with spring framework but I am getting exception when invoking services. Exceptions stack trace are given below - com.sun.xml.ws.server.sei.EndpointMethodHandler invoke SEVERE: object is not an instance of declaring class java.lang.IllegalArgumentException: object is not an instance of declaring class at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl. java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces sorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at org.jvnet.jax_ws_commons.spring.SpringService$1$1.invoke(SpringServic e.java:185) at com.sun.xml.ws.server.InvokerTube$2.invoke(InvokerTube.java:152) at com.sun.xml.ws.server.sei.EndpointMethodHandler.invoke(EndpointMethod Handler.java:264) at com.sun.xml.ws.server.sei.SEIInvokerTube.processRequest(SEIInvokerTub e.java:93) at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:604) at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:563) at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:548) at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:445) at com.sun.xml.ws.server.WSEndpointImpl$2.process(WSEndpointImpl.java:27 5) at com.sun.xml.ws.transport.http.HttpAdapter$HttpToolkit.handle(HttpAdap ter.java:454) at com.sun.xml.ws.transport.http.HttpAdapter.handle(HttpAdapter.java:250 ) at com.sun.xml.ws.transport.http.servlet.ServletAdapter.handle(ServletAd apter.java:140) at com.sun.xml.ws.transport.http.servlet.WSServletDelegate.doGet(WSServl etDelegate.java:129) at com.sun.xml.ws.transport.http.servlet.WSServletDelegate.doPost(WSServ letDelegate.java:160) at com.sun.xml.ws.transport.http.servlet.WSSpringServlet.doPost(WSSpring Servlet.java:52) at javax.servlet.http.HttpServlet.service(HttpServlet.java:727) at javax.servlet.http.HttpServlet.service(HttpServlet.java:820) at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run (StubSecurityHelper.java:227) at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecuri tyHelper.java:125) at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.jav a:292) at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.jav a:175) at weblogic.servlet.internal.WebAppServletContext$ServletInvocationActio n.run(WebAppServletContext.java:3594) at weblogic.security.acl.internal.AuthenticatedSubject.doAs(Authenticate dSubject.java:321) at weblogic.security.service.SecurityManager.runAs(SecurityManager.java: 121) at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppS ervletContext.java:2202) at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletC ontext.java:2108) at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.j ava:1432) at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201) at weblogic.work.ExecuteThread.run(ExecuteThread.java:173) Mar 31, 2010 3:47:20 PM com.sun.xml.ws.server.sei.EndpointMethodHandler invoke SEVERE: object is not an instance of declaring class java.lang.IllegalArgumentException: object is not an instance of declaring class at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl. java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces sorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at org.jvnet.jax_ws_commons.spring.SpringService$1$1.invoke(SpringServic e.java:185) at com.sun.xml.ws.server.InvokerTube$2.invoke(InvokerTube.java:152) at com.sun.xml.ws.server.sei.EndpointMethodHandler.invoke(EndpointMethod Handler.java:264) at com.sun.xml.ws.server.sei.SEIInvokerTube.processRequest(SEIInvokerTub e.java:93) at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:604) at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:563) at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:548) at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:445) at com.sun.xml.ws.server.WSEndpointImpl$2.process(WSEndpointImpl.java:27 5) at com.sun.xml.ws.transport.http.HttpAdapter$HttpToolkit.handle(HttpAdap ter.java:454) at com.sun.xml.ws.transport.http.HttpAdapter.handle(HttpAdapter.java:250 ) at com.sun.xml.ws.transport.http.servlet.ServletAdapter.handle(ServletAd apter.java:140) at com.sun.xml.ws.transport.http.servlet.WSServletDelegate.doGet(WSServl etDelegate.java:129) at com.sun.xml.ws.transport.http.servlet.WSServletDelegate.doPost(WSServ letDelegate.java:160) at com.sun.xml.ws.transport.http.servlet.WSSpringServlet.doPost(WSSpring Servlet.java:52) at javax.servlet.http.HttpServlet.service(HttpServlet.java:727) at javax.servlet.http.HttpServlet.service(HttpServlet.java:820) at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run (StubSecurityHelper.java:227) at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecuri tyHelper.java:125) at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.jav a:292) at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.jav a:175) at weblogic.servlet.internal.WebAppServletContext$ServletInvocationActio n.run(WebAppServletContext.java:3594) at weblogic.security.acl.internal.AuthenticatedSubject.doAs(Authenticate dSubject.java:321) at weblogic.security.service.SecurityManager.runAs(SecurityManager.java: 121) at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppS ervletContext.java:2202) at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletC ontext.java:2108) at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.j ava:1432) at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201) at weblogic.work.ExecuteThread.run(ExecuteThread.java:173) i am testing our services using SOAP UI and getting above mentioed exception. I think some how the object creation from the xml is not acceptable to webservices I am confused what is happening

    Read the article

  • Changes to JBoss web.xml have no effect

    - by sixtyfootersdude
    I just added this to my web.xml on my JBOSS server. But it had no effect. I am still allowed to connect to ports that do not use bi-directional certificate exchange. Anyone have an ideas? <!-- Force SSL for entire site as described here: http://wiki.metawerx.net/wiki/ForcingSSLForSectionsOfYourWebsite --> <security-constraint> <!-- defines resources to be protected (in this case everything)--> <web-resource-collection> <!-- name for the resource, can be anything you like --> <!-- Question: is this referenced anywhere else? --> <web-resource-name> Entire Application </web-resource-name> <!-- protect the entire application --> <url-pattern> /* </url-pattern> </web-resource-collection> <!-- defines protection level for protected resource --> <user-data-constraint> <!-- data cannot be observed or changed --> <!-- how it works in tomcat: --> <!-- if (set to integral or confidential && not using ssl) --> <!-- redirect sent to client, redirecting them to same url --> <!-- but using the port defined in the redirect port --> <!-- attribute in the <Connector> element of server.xml --> <!-- default is 443, so in other words user is redirected --> <!-- to same page using ssl. --> <!-- BUT it is differnt for JBOSS!! See this link: http://wiki.metawerx.net/wiki/ForcingSSLForSectionsOfYourWebsite --> <transport-guarantee> CONFIDENTIAL </transport-guarantee> </user-data-constraint> </security-constraint> <login-config> <!-- Client-side SSL certificate based authentication. The cert is passed to the server to authenticate --> <!-- I am pretty sure that CLIENT-CERT should have a dash NOT an underscore see: http://www.mail-archive.com/[email protected]/msg139845.html --> <!-- CLIENT-CERT uses a client's AND server's certificates. See: http://monduke.com/2006/01/19/the-mysterious-client-cert/ --> <auth-method> CLIENT-CERT </auth-method> </login-config> Update Actually it appears that I have made an error in my original posting. The web.xml does block users from connecting to the webservice using http (port C below). However users are still allowed to connect to ports that do not force users to authenticate themselves (port B). I think that users should be able to connect to port A (it has clientAuth="true") but I dont think that people should be able to connect to port B (it has clientAuth="false"). Excerpt from server.xml <Connector port="<A>" ... SSLEnabled="true" ... scheme="https" secure="true" clientAuth="true" keystoreFile="... .keystore" keystorePass="pword" truststoreFile="... .keystore" truststorePass="pword" sslProtocol="TLS"/> <Connector port="<B>" ... SSLEnabled="true" ... scheme="https" secure="true" clientAuth="false" keystoreFile="... .keystore" keystorePass="pword" sslProtocol = "TLS" /> <Connector port="<C>" ... />

    Read the article

  • Should we develop a custom membership provider in this case?

    - by Allen
    I'll be adding a bounty to this, probably 200, more if you guys think its appropriate. I wont accept an answer until I can add a bounty so feel free to go ahead and answer now Summary Long story short, we've been tasked with gutting the authentication and authorization parts of a fairly old and bloated asp.net application that previously had all of these components written from scratch. Since our application isn't a typical one, and none of us have experience in asp.net's built in membership provider stuff, we're not sure if we should roll our own authentication and authorization again or if we should try to work within the asp.net membership provider mindset and develop our own membership provider. Our Application We have a fairly old asp.net application that gets installed at customer locations to service clients on a LAN. Admins create users (users do not sign up) and depending on the install, we may have the software integrated with LDAP. Currently, the LDAP integration bulk-imports the users to our database and when they login, it authenticates against LDAP so we dont have to manage their passwords. Nothing amazing there. Admins can assign users to 1 group and they can change the authorization of that group to manage access to various parts of the software. Groups are maintained by Admins (web based UI) and as said earlier, granted / denied permissions to certain functionality within the application. All this was completely written from the ground up without using any of the built in .net authorization or authentication. We literally have IsLoggedIn() methods that check for login and redirect to our login page if they aren't. Our Rewrite We've been tasked to integrate more tightly with LDAP, they want us to tie groups in our application to groups (or whatever types of containers that LDAP uses) in LDAP so that when a customer opt's to use our LDAP integration, they dont have to manage their users in LDAP AND in our application. The new way, they will simply create users in LDAP, add them to Groups in LDAP and our application will see that they belong to the appropriate LDAP group and authenticate and authorize them. In addition, we've been granted the go ahead to completely rip out the User authentication and authorization code and completely re-do it. Our Problem The problem is that none of us have any experience with asp.net membership provider functionality. The little bit of exposure I have to it makes me worry that it was not intended to be used for an application such as ours. Though, developing our own ASP.NET Membership Provider and Role Manager sounds like it would be a great experience and most likely the appropriate thing to do. Basically, I'm looking for advice, should we be using the ASP.NET Membership provider & Role Management API or should we continue to roll our own? I know this decision will be influenced by our requirements so I'm going over them below Our Requirements Just a quick n dirty list Maintain the ability to have a db of users and authenticate them and give admins (only, not users) the ability to CRUD users Allow the site to integrate with LDAP, when this is chosen, they don't want any users stored in the DB, only the relationship between Groups as they exist in our app / db and the Groups/Containers as they exist in LDAP. .net 3.5 is being used (mix of asp.net webforms and asp.net mvc) Has to work in ASP.NET and ASP.NET MVC (shouldn't be a problem I'm guessing) This can't be user centric, administrators need to be the only ones that CRUD (or import via ldap) users and groups We have to be able to Auth via LDAP when its configured to do so I always try to monitor my questions closely so feel free to ask for more info. Also, as a general summary of what I'm looking for in an answer is just. "You should/shouldn't use xyz, here's why". Links regarding asp.net membership provider and role management stuff are very welcome, most of the stuff I'm finding is 5+ years old. Edit: Added some stuff to "Our Rewrite"

    Read the article

  • How to configure Spring Security PasswordComparisonAuthenticator

    - by denlab
    I can bind to an embedded ldap server on my local machine with the following bean: <b:bean id="secondLdapProvider" class="org.springframework.security.ldap.authentication.LdapAuthenticationProvider"> <b:constructor-arg> <b:bean class="org.springframework.security.ldap.authentication.BindAuthenticator"> <b:constructor-arg ref="contextSource" /> <b:property name="userSearch"> <b:bean id="userSearch" class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch"> <b:constructor-arg index="0" value="ou=people"/> <b:constructor-arg index="1" value="(uid={0})"/> <b:constructor-arg index="2" ref="contextSource" /> </b:bean> </b:property> </b:bean> </b:constructor-arg> <b:constructor-arg> <b:bean class="com.company.security.ldap.BookinLdapAuthoritiesPopulator"> </b:bean> </b:constructor-arg> </b:bean> however, when I try to authenticate with a PasswordComparisonAuthenticator it repeatedly fails on a bad credentials event: <b:bean id="ldapAuthProvider" class="org.springframework.security.ldap.authentication.LdapAuthenticationProvider"> <b:constructor-arg> <b:bean class="org.springframework.security.ldap.authentication.PasswordComparisonAuthenticator"> <b:constructor-arg ref="contextSource" /> <b:property name="userDnPatterns"> <b:list> <b:value>uid={0},ou=people</b:value> </b:list> </b:property> </b:bean> </b:constructor-arg> <b:constructor-arg> <b:bean class="com.company.security.ldap.BookinLdapAuthoritiesPopulator"> </b:bean> </b:constructor-arg> </b:bean> Through debugging, I can see that the authenticate method picks up the DN from the ldif file, but then tries to compare the passwords, however, it's using the LdapShaPasswordEncoder (the default one) where the password is stored in plaintext in the file, and this is where the authentication fails. Here's the authentication manager bean referencing the preferred authentication bean: <authentication-manager> <authentication-provider ref="ldapAuthProvider"/> <authentication-provider user-service-ref="userDetailsService"> <password-encoder hash="md5" base64="true"> <salt-source system-wide="secret"/> </password-encoder> </authentication-provider> </authentication-manager> On a side note, whether I set the password-encoder on ldapAuthProvider to plaintext or just leave it blank, doesn't seem to make a difference. Any help would be greatly appreciated. Thanks

    Read the article

< Previous Page | 27 28 29 30 31 32 33 34 35 36 37 38  | Next Page >