Search Results

Search found 2054 results on 83 pages for 'ion auth'.

Page 50/83 | < Previous Page | 46 47 48 49 50 51 52 53 54 55 56 57  | Next Page >

• Vnc viewer authentication failure

  - by Twosingleton

  I recently backed up my data and I had moved the vnc viewer executable from my PC to my portable hard disk. Realizing that I no longer had vnc, I got the latest one, but all of a sudden I could not connect to my server anymore and got authentification failure. So I moved the VNC exectuable back from my portable HD to my local HD. And I am still getting Authentification failure errors. I had a certain setup and I don't want to re-create it, do you know how I can recover or what happened to get auth failures all of a sudden ? I checked and the vncserver process is running fine. Old VNC viewer: vnc-4_1_3-x86_win32_viewer.exe New one:

  Read the article

• Authentication in Apache2 with mod_dav_svn

  - by Poita_

  I'm having some trouble setting up authentication in Apache2 for a SVN repository that's being served using mod_dav_svn. Here is my Apache config for the directory: <Location /svn> DAV svn SVNParentPath /var/svn/repos AuthType Basic AuthName "Subversion Repository" AuthUserFile /etc/apache2/dev.passwd Require valid-user </Location> I can use svn with the projects under /var/svn/repos, so I know that the DAV is working, but when I do svn updates or commits (or anything), Apache doesn't ask for any authentication... It does the exact same thing whether the Auth directives are there or not. The permissions on the repository directory (and all subdirectories/files) only give permission to www-data (the Apache2 user/group). I have also ensured that all relevant modules are enabled (in particular mod_auth is enabled, as are all mod_dav* modules). Any ideas why svn commands aren't authenticating? Thanks in advance.

  Read the article

• Software for Company internal Website [closed]

  - by LordT

  hope this is the right stackexchange site to ask this: We've a group of webpages/services at work (SE Startup), ranging from SVN, trac, continous integration to link collections to a DMS. Nearly everything has an RSS Feed to get the info I need, with the exception of SVN. I'm looking for some kind of software that can integrate these well on a kind of start-page. The most recent changes, upcoming events etc should be clearly visible, as well as an option to search (the search will be provided from a different tool). A news area should be included as well. Currently, I'm pondering doing this with either wordpress or TWiki, although wordpress seems to be the simpler solution in terms of getting something good looking quickly. Authentication should be handled by HTTP-Basic Auth, which we already have in place and working well. I normally would consider Sharepoint a viable option for this, but we're exclusively mac and linux, I won't put up a windows server just for this.

  Read the article

• cPanel configuration appears to allow unauthenticated SMTP - how to fix?

  - by ttsiodras

  One of my clients is using a cPanel-based Virtual Dedicated Server that appears to allow unauthenticated SMTP: bash$ echo EHLO | nc mail.clientscompany.com 25 ... 250-SIZE 52428800 250-PIPELINING 250-AUTH PLAIN LOGIN 250-STARTTLS 250 HELP It therefore appears that anyone (esp. spammers) can use his mail server to send whatever - I just connected from my DSL connection at home, and... bash$ nc mail.clientscompany.com 25 HELO clientscompany.com MAIL FROM: [email protected] RCPT TO: [email protected] DATA From: <[email protected]> To: <[email protected]> Date: ... Subject: ... Blah . QUIT I just tested this, and sure enough, it sent a mail from "[email protected]". Since I am not familiar with cPanel and WHM, can someone provide pointers to configure his mail server to (a) only accept TLS connections and (b) only authenticated ones (i.e. with user/password, not just plain connections). Thanks for any help.

  Read the article

• server down "without reason"

  - by Nick

  I have a Lenny dedicated server at Hivelocity. My server went down today. They doesn't know why. I don't know why. MTRG shows 7Mbps before went the server goes offline, ddos not probably. Hardware failure? maybe. but now is running ok. hacked? maybe. lastlog, md5sum, rkhunter, syslog and auth.log seems ok. my load is always between 0.02 and 0.3, the server runs a small website but with 2million pageviews/day and never failed before. Where can I find more information in my logs? where I start looking?

  Read the article

• Password protect app in jetty

  - by JohnW

  I am testing a webapp (.war) running in Jetty 7. For demo purposes I want to run this on a public URL, however I would like not to have the whole world (if they happen to come across the URL) be able to see it. Is there a way to make Jetty require a basic-auth type of authentication when accessing the webapp (without modifying anything inside the war, i.e. no edits on the web.xml file)? Or if not the webapp, then any part of what Jetty provides at port 8080?

  Read the article

• Bootstrapped Ubuntu 12.04 EC2 instance. Where to find log?

  - by nocode

  So I bootstrapped a shell script to install and run a bunch of tasks. Looks like the it ran for the most part, but I added one part and that was formatting an extra EBS volume. Pretty straightforward: mkfs.ext4 /dev/xvdf mkdir –m 000 /vol01 echo “/dev/xvdf /vol01 auto noatime 0 0” | sudo tee –a /etc/fstab sudo mount /vol01 I was able to install MongoDB, NGINX and Forever. I selected to use /dev/xdvf in the AWS console and see it. The 3rd line is not in fstab either. I've searched through various logs in /var/log/ but I don't really see much indicating the execution of the bootstrap. Logs that I see and looked through: auth.log boot.log dmesg dpkg.log syslog udev

  Read the article

• Cannot login as root to centos server

  - by perpetual_dream

  I used to login as :ssh root@servip with a password authentication into my centos 6 server. I am not sure if what I have done has caused this, but while trying to get over my problem of accessing webmin remotely I followed the following tutorial until I reached: adding auth required pam_google_authenticator.so into /etc/pam.d/sshd. Then by mistake, I have closed the ssh session. When I tried to login in back with the usual password, I get: Permission denied, please try again error. How can I get over this problem? I don't have a physical access to the server.

  Read the article

• Solution to: Hotmail Senders receiving NDR : “550-Please turn on SMTP Authentication in your mail client…”

  - by Tony Yustein

  Original question is here original question I can not answer to that question because the system requires me to have 10 credits, very nice.... This error is based mostly on mobile devices, mostly on iPhones and mostly on mobile networks. This is how much I have narrowed it to. I believe: Hotmail checks where your are connecting from If it is a mobile network it requires additional security for sending messages but the default iPhone config does not have this option for hotmail if the user creates the hotmail account on the iPhone with SMTP AUTH enabled manually it might solve the situation Cheers, Tony

  Read the article

• Dynamic authentication realms in Apache

  - by Cogsy

  I have a front end server acting as a gateway proxy for many (a dynamic 'many') building monitors with embedded webservers. They are accessed with a URL like: http://www.example.com/monitor1/ http://www.example.com/monitor2/ ... I'm trying to restrict access to these monitors to only the users that own them. So what I need is a way of specifying rights to users or groups for specific directories. The standard auth mechanisms I see in Apache won't work because I need to specify every location. I'd prefer some dynamic map or script. Any suggestions?

  Read the article

• Exchange 2010 Prevent Authenticated Users From Sending Email From Any Address

  - by Chance

  I have recently been combating an SMTP AUTH attack in which one of my email accounts had been compromised and was being used to solicit spam. I have been able to identify the account and change the password however I would like to further restrict my exchange server. By default exchange 2010 allows for any authenticated user to specify any email address as the MAIL FROM address and it will accept it. Is there any way to restrict this so that only the authenticated account's email address will be able to be used as the MAIL FROM address? I have been looking through all ADPermissions for the SMTP connector however I can't find any documentation on how to accomplish this. Any suggestions would be greatly appreciated. Telnet Test Picture Telnet Test SMTP Connector Properties Pictures Permissions Tab

  Read the article

• Windows 8.1 keeps prompting for Network Share Credentials after every log on or restart

  - by Peret del Trunfa

  I have a Network drive Shared in a Workgroup with 3 clients. Two clients with Windows 7 have persistent connections to the Share. No issues with those two. My windows 8.1 client keeps prompting for credentials at every restart / log on. I spent hours looking around for a solution: I have stored cred in cred manager, and tried every possible combination (WORKGROUP\user , COMPUTERNAME\user, user, .. and so on). I have changed NT and NTLM negotiation in policy manager. I've compared the settings under GPO network security with a working win 7 computer, everything is pretty much the same. -I've captured Wireshark to see SMB negotiation process, honestly I see the messages flowing around, and the share sending AUTH DENIED.. which means is how the 8.1 client formats the request.... that makes the share reject it.. Now I still don't really know why. Any ideas would be appreciated.

  Read the article

• OSX : Setup for filestorage in medium business

  - by Franatique

  In our office every machine runs OSX. In search of an ideal storage and sharing solution we decided to let OSX Server handle all account information and auth requests whereas an 7TB QNAP provides NFS shares. All shares are published as mounts in the companywide LDAP. As it turns out, handling permissions in this situation is very clumsy (e.g. inherit permissions on newly created files). Unfortunately using NFS4 in combination with ACLs did not solve the problem. As a possible solution I set up a iSCSI connection between QNAP and the machine running OSX Server which in turn serves the LUN as AFP share. Permission handling works like a charm for this setup. Although I am a bit concerned about the performance of this setup. As we are a fast growing company we expect the solution to serve at least 100 clients while using files aprox. above 100MB each. Are there any known drawbacks of this solution?

  Read the article

• choose server backend to some URL with haproxy

  - by shingara

  To some URL I don't want use some server. So use other. Actually I have this haproxy configuration. global daemon log 127.0.0.1 local0 #log loghost local0 info maxconn 4096 #debug #quiet user haproxy group haproxy defaults log global mode http option httplog option dontlognull retries 3 option redispatch maxconn 2000 contimeout 5000 clitimeout 50000 srvtimeout 50000 balance roundrobin stats enable stats refresh 5s stats auth admin:123abc789xyz # Set up application listeners here. listen application 0.0.0.0:10000 server localhost 127.0.0.1:10100 weight 1 maxconn 5 check server externe 127.0.0.1:10101 weight 1 maxconn 5 check By example I want all url to /users be served only by server localhost, not by externe.

  Read the article

• cron+pam heavily spamming my logs

  - by Lo'oris

  Two times every minute I get this in auth.log: May 12 15:21:01 ruptai CRON[25303]: pam_unix(cron:session): session opened for user root by (uid=0) May 12 15:21:01 ruptai CRON[25303]: pam_unix(cron:session): session closed for user root This never stops, two times every minute, every minute of every day. I've no idea what it is, I would just to stop it from pointless logging this stuff. This has been going on for ages so I can't recall when it started. OS is debian stable. Btw, I've found questions on google but no answers

  Read the article

• phpmyadmin error #2002 cannot connect to mysql server

  - by Joe

  I am getting the error in the title when trying to connect to my MySQL server. I have reinstalled MySQL and PHP several times and tried a slew of command line work based on information I searched out. web.mysql is running and I know that my mysql.sock exists and is located in ~/private/tmp/ and also in ~/tmp/. I also have plenty of hard drive space. I have installed and setup phpMyAdmin correctly only adding a password to 'Password for config auth'. I have also connected to the server via Sequel Pro. Why can't I connect to the server via phpMyAdmin? I'm on a 64-bit Intel Mac running Snow Leopard

  Read the article

• disbale ssh for bnroot as root account

  - by user2916639

  i am beginner with centos - Linux i have dedicated server . my root username is bnroot . now i am taking ssh using this user. i want to disable ssh for bnroot. i have created user user name welcome i want take ssh login by welcome user then i ll use su - bnroot to get root privileges. i have set PermitRootLogin no , AllowUsers welcome IN /etc/sshd_config and after restarting sshd service . i take ssh login by welcome use then it is ok. but when i use su bnroot its prompt to password and i enter right passowrd it show su: incorrect password , i dont know where i am wrong . please help me here. changes i done - /etc/ssh/sshd_confid PermitRootLogin no AllowUsers welcome /etc/sudoers welcome ALL=(ALL) ALL getting error in /var/log/secure unix_chkpwd[666]: password check failed for user (bnroot) su: pam_unix(su:auth): authentication failure; logname=ewalletssh uid=503 euid=500 tty=pts/1 ruser=ewalletssh rhost= user=bnroot please let me know where i am wrong

  Read the article

• IPSec 2 hosts (preshared key) - network shares very slow

  - by LxFlip

  I'm testing a IPSec config between 2 hosts, using ipsec auth with preshared key, very simple configuration. (I want to start with a IPSec simple preshared key config, and then step up to a Certificate or kerberos...) The problem is: The connection is working but when accessing network file shares the first time it's very slow. On the same host i'm testing the shares, i have an IIS site running, and the performance seems very normal, fast. Does anybody know why does SMB shares are soo slow? Is there any ipsec policy options that should be tweaked? Thanks

  Read the article

• ftp-client works fine. ftp-tls-client fails on one computer and works on another

  - by ispiro

  Connecting to ftp - from a Windows Server 2012 - it works both secure (-over tls) and unsecure. From a Windows 7 it succeeds unsecure but fails when secure. (Using explicit TLS and passive mode.) filezilla: 234 AUTH command ok. Expecting TLS Negotiation. Initializing TLS... Connection timed out I've tried many things but nothing helps. (I'm also trying this programmatically. For details see: http://stackoverflow.com/questions/25393716/ftp-ssl-fails-after-expecting-tls-negotiation ) The fact that it does succeed from one computer proves that the ftp server is fine. And the fact that the Windows 7 computer succeeds without tls proves that it's not a NAT/firewall problem (besides, it failed even after disabling firewall etc.). I'm not sure where to start looking. Perhaps a difference between PC Windows and Windows Server? EDIT The ftp server is on a Windows Server 2012.

  Read the article

• Setting up IIS 7.5 for AD Client Certificates for iOS devices

  - by vonsch

  I am working on getting an iPad to auth to an IIS7.5 website using a local certificate mapped to a user in AD. I am not, in any sense of the word, an IIS admin. I essentially need to setup a proof of concept. I believe that this may work, but I just have no idea how to do it. What I have so far is an iPad with a user certificate installed. I have this user certificate added the correlating user account in AD. What I would like is a basic text webpage to load showing the user that it is authenticating. I would like this page to not be viewable unless it is client certificate authenticated. I don't mind doing the legwork, but I really don't know where to begin on the IIS side. Can anyone point me in the right direction?

  Read the article

• How to reference or vlookup a list of values based on a comma separated list of column references within a cell in excel?

  - by glallen

  I want to do a vlookup (or similar) against a column which is a list of values. This works fine for looking up a value from a single row, but I want to be able to look up multiple rows, sum the results, and divide by the number of rows referenced. For example: A B C D E F G [----given values----------------] [Work/Auth] [sum(vlookup(each(G),table,5)) /count(G)] [given vals] 1 Item Authorized OnHand Working Operational% DependencyOR% Dependencies 2 A 1 1 1 1 .55 B 3 B 10 5 5 .50 .55 C,D 4 C 100 75 50 .50 .60 D 5 D 10 10 6 .60 1 I want to be able to show an Operational Rate, and an operational rate of the systems each system depends on (F). In order to get a value for F, I want to sum over each value in column-E that was referenced by a dependency in column-G then divide by the number of dependencies in G. Column-G can have varying lengths, and will be a comma separated list of values from column-A. Is there any way to do this in excel?

  Read the article

• Should Production Windows Web Servers (IIS & SQL) be in a domain?

  - by tlianza

  We have a few web servers and a few database servers. To date, they've been standalone machines that are not part of a domain. The web servers don't talk to each other, and the web servers talk to the database servers via SQL Auth. My concern with putting the machines in a domain together were added complexity - it's one more "thing" running, and doing "things" that could go wrong. risk - if a domain controller fails, am I now putting other machines at risk? However, in certain scenarios it does seem convenient for them to be on a domain, sharing credentials. For example, if I want to give the "services" control on one machine access to another machine (because Remote Desktop craps out) I need to go in and assign privileges on multiple machines - something that I believe Active Directory and Domain Accounts set to simplify. My question: I'm sure there are things I'm not considering here. Is there a best practice?

  Read the article

• Overriding the save() method of a model that uses django-mptt

  - by saturdayplace

  I've been using django-mptt in my project for a while now, it's fabulous. Recently, I've found a need to override a model's save() method that uses mptt, and I'm getting an error when I try to save a new instance of that model: Exception Type: ValueError at /admin/scrivener/page/add/ Exception Value: Cannot use None as a query value I'm assuming that this is a result of the fact that the instance hasn't been stuck into a tree yet, but I'm not sure how to go about fixing this. I added a comment about it onto a similar issue on the project's tracker, but I was hoping that someone here might be able to put me on the right track faster. Here's the traceback. Environment: Request Method: POST Request URL: http://localhost:8000/admin/scrivener/page/add/ Django Version: 1.2 rc 1 SVN-13117 Python Version: 2.6.4 Installed Applications: ['django.contrib.auth', 'django.contrib.contenttypes', 'django.contrib.sessions', 'django.contrib.sites', 'django.contrib.admin', 'django.contrib.sitemaps', 'mptt', 'filebrowser', 'south', 'haystack', 'django_static', 'etc', 'scrivener', 'gregor', 'annunciator'] Installed Middleware: ('django.middleware.common.CommonMiddleware', 'django.contrib.sessions.middleware.SessionMiddleware', 'django.contrib.auth.middleware.AuthenticationMiddleware') Traceback: File "B:\django-apps\3rd Party Source\django\core\handlers\base.py" in get_response 100. response = callback(request, *callback_args, **callback_kwargs) File "B:\django-apps\3rd Party Source\django\contrib\admin\options.py" in wrapper 239. return self.admin_site.admin_view(view)(*args, **kwargs) File "B:\django-apps\3rd Party Source\django\utils\decorators.py" in _wrapped_view 74. response = view_func(request, *args, **kwargs) File "B:\django-apps\3rd Party Source\django\views\decorators\cache.py" in _wrapped_view_func 69. response = view_func(request, *args, **kwargs) File "B:\django-apps\3rd Party Source\django\contrib\admin\sites.py" in inner 190. return view(request, *args, **kwargs) File "B:\django-apps\3rd Party Source\django\utils\decorators.py" in _wrapper 21. return decorator(bound_func)(*args, **kwargs) File "B:\django-apps\3rd Party Source\django\utils\decorators.py" in _wrapped_view 74. response = view_func(request, *args, **kwargs) File "B:\django-apps\3rd Party Source\django\utils\decorators.py" in bound_func 17. return func(self, *args2, **kwargs2) File "B:\django-apps\3rd Party Source\django\db\transaction.py" in _commit_on_success 299. res = func(*args, **kw) File "B:\django-apps\3rd Party Source\django\contrib\admin\options.py" in add_view 795. self.save_model(request, new_object, form, change=False) File "B:\django-apps\3rd Party Source\django\contrib\admin\options.py" in save_model 597. obj.save() File "B:\django-apps\scrivener\models.py" in save 205. self.url = self.get_absolute_url() File "B:\django-apps\3rd Party Source\django\utils\functional.py" in _curried 55. return _curried_func(*(args+moreargs), **dict(kwargs, **morekwargs)) File "B:\django-apps\3rd Party Source\django\db\models\base.py" in get_absolute_url 940. return settings.ABSOLUTE_URL_OVERRIDES.get('%s.%s' % (opts.app_label, opts.module_name), func)(self, *args, **kwargs) File "B:\django-apps\3rd Party Source\django\db\models\__init__.py" in inner 31. bits = func(*args, **kwargs) File "B:\django-apps\scrivener\models.py" in get_absolute_url 194. for ancestor in self.get_ancestors(): File "B:\django-apps\3rd Party Source\mptt\models.py" in get_ancestors 23. opts.tree_id_attr: getattr(self, opts.tree_id_attr), File "B:\django-apps\3rd Party Source\django\db\models\manager.py" in filter 141. return self.get_query_set().filter(*args, **kwargs) File "B:\django-apps\3rd Party Source\django\db\models\query.py" in filter 550. return self._filter_or_exclude(False, *args, **kwargs) File "B:\django-apps\3rd Party Source\django\db\models\query.py" in _filter_or_exclude 568. clone.query.add_q(Q(*args, **kwargs)) File "B:\django-apps\3rd Party Source\django\db\models\sql\query.py" in add_q 1131. can_reuse=used_aliases) File "B:\django-apps\3rd Party Source\django\db\models\sql\query.py" in add_filter 1000. raise ValueError("Cannot use None as a query value") Exception Type: ValueError at /admin/scrivener/page/add/ Exception Value: Cannot use None as a query value

  Read the article

• Apache2 VirtualHost Configuration with SSL

  - by Peter

  Hello! I'm new here and I have a strange problem which needs to be solved. Previously I searched in the whole forum and I've read all of related questions but I didn't find solution to my question. We have two servers and a firewall computer. On the Server#1 there is an Apache 2.2 web server and it forwards the incoming traffic to the appropriate ports, to our subdomains by its virtual host configuration (Apache, Tomcat, IIS, Server#2 and so on). We recently bought an SSL certificate to protect one of our subdomain. I successfully installed and configured the certificate into the Apache and it works flawlessly within our local network. Our Kerio Winroute Firewall is configured to permit https traffic and it is translated to Server#1. But all of our subdomains are unavailable from outside (http & https too). Web browser shows "Failed to connect" message. Now, I enclose some parts from our httpd.conf and httpd-vhosts.conf file. httpd.conf ServerRoot "C:/Program Files/Apache Software Foundation/Apache2.2" Listen 80 ServerName dev.mydomain.hu:80 DocumentRoot "C:/Program Files/Apache Software Foundation/Apache2.2/htdocs" LoadModule proxy_module modules/mod_proxy.so LoadModule proxy_connect_module modules/mod_proxy_connect.so LoadModule proxy_http_module modules/mod_proxy_http.so LoadModule rewrite_module modules/mod_rewrite.so LoadModule ssl_module modules/mod_ssl.so Include conf/extra/httpd-vhosts.conf <IfModule ssl_module> SSLMutex default SSLRandomSeed startup builtin SSLRandomSeed connect builtin SSLSessionCache none </IfModule> httpd-vhosts.conf NameVirtualHost *:80 NameVirtualHost *:443 Listen 443 <VirtualHost *:80> DocumentRoot "C:/Program Files/Apache Software Foundation/Apache2.2/htdocs" ServerName localhost </VirtualHost> #-------EXCHANGE SERVER-------- <VirtualHost *:80> ServerName intra.mydomain.hu ProxyRequests Off ProxyVia On ProxyPass / http://myserver:8080/ ProxyPassReverse / http://myserver:8080/ <Proxy *:80> Order deny,allow Allow from all </Proxy> <Location /> Order allow,deny Allow from all </Location> ErrorLog "c:/Program Files/Apache Software Foundation/Apache2.2/logs/exchange.log" CustomLog "c:/Program Files/Apache Software Foundation/Apache2.2/logs/exchange_cust.log" common LogLevel info </VirtualHost> #--------FITNESSE SERVER------- <VirtualHost *:80> ServerName test.mydomain.hu ProxyRequests Off <Proxy *:80> Order deny,allow Allow from all </Proxy> ProxyPass / http://myserver:8004/ ProxyPassReverse / http://myserver:8004/ <Location /> AuthType Basic AuthName "FitNesse" AuthUserFile "C:/Program Files/Apache Software Foundation/Apache2.2/auth/password" AuthGroupFile "C:/Program Files/Apache Software Foundation/Apache2.2/auth/pwgroup" require group Users Order allow,deny Allow from all </Location> ErrorLog "c:/Program Files/Apache Software Foundation/Apache2.2/logs/fitnesse.log" CustomLog "c:/Program Files/Apache Software Foundation/Apache2.2/logs/fitnesse_cust.log" common LogLevel info </VirtualHost> #----WIKI SERVER-----(SSL)- <VirtualHost *:80 *:443> ServerName wiki.mydomain.hu ServerAlias wiki.mydomain.hu SSLEngine On SSLCertificateFile "C:/Program Files/Apache Software Foundation/Apache2.2/cert/certificate.cer" SSLCertificateKeyFile "C:/Program Files/Apache Software Foundation/Apache2.2/cert/wiki.itkodex.hu.key" ProxyRequests Off <Proxy *:80> Order deny,allow Allow from all </Proxy> ProxyPass / http://localhost:8000/ ProxyPassReverse / http://localhost:8000/ ErrorLog "c:/Program Files/Apache Software Foundation/Apache2.2/logs/wiki.log" CustomLog "c:/Program Files/Apache Software Foundation/Apache2.2/logs/wikicust.log" common LogLevel info </VirtualHost> Because this wiki is a JSPWIKI web application, runs on Apache Tomcat therefore there is no "DocumentRoot" parameter in the VirtualHost. Could anybody please help me, to solve this issue, or what should I modify in the configuration? Thanks in advance! Peter

  Read the article

• Changes to JBoss web.xml have no effect

  - by sixtyfootersdude

  I just added this to my web.xml on my JBOSS server. But it had no effect. I am still allowed to connect to ports that do not use bi-directional certificate exchange. Anyone have an ideas? <!-- Force SSL for entire site as described here: http://wiki.metawerx.net/wiki/ForcingSSLForSectionsOfYourWebsite --> <security-constraint> <!-- defines resources to be protected (in this case everything)--> <web-resource-collection> <!-- name for the resource, can be anything you like --> <!-- Question: is this referenced anywhere else? --> <web-resource-name> Entire Application </web-resource-name> <!-- protect the entire application --> <url-pattern> /* </url-pattern> </web-resource-collection> <!-- defines protection level for protected resource --> <user-data-constraint> <!-- data cannot be observed or changed --> <!-- how it works in tomcat: --> <!-- if (set to integral or confidential && not using ssl) --> <!-- redirect sent to client, redirecting them to same url --> <!-- but using the port defined in the redirect port --> <!-- attribute in the <Connector> element of server.xml --> <!-- default is 443, so in other words user is redirected --> <!-- to same page using ssl. --> <!-- BUT it is differnt for JBOSS!! See this link: http://wiki.metawerx.net/wiki/ForcingSSLForSectionsOfYourWebsite --> <transport-guarantee> CONFIDENTIAL </transport-guarantee> </user-data-constraint> </security-constraint> <login-config> <!-- Client-side SSL certificate based authentication. The cert is passed to the server to authenticate --> <!-- I am pretty sure that CLIENT-CERT should have a dash NOT an underscore see: http://www.mail-archive.com/[email protected]/msg139845.html --> <!-- CLIENT-CERT uses a client's AND server's certificates. See: http://monduke.com/2006/01/19/the-mysterious-client-cert/ --> <auth-method> CLIENT-CERT </auth-method> </login-config> Update Actually it appears that I have made an error in my original posting. The web.xml does block users from connecting to the webservice using http (port C below). However users are still allowed to connect to ports that do not force users to authenticate themselves (port B). I think that users should be able to connect to port A (it has clientAuth="true") but I dont think that people should be able to connect to port B (it has clientAuth="false"). Excerpt from server.xml <Connector port="<A>" ... SSLEnabled="true" ... scheme="https" secure="true" clientAuth="true" keystoreFile="... .keystore" keystorePass="pword" truststoreFile="... .keystore" truststorePass="pword" sslProtocol="TLS"/> <Connector port="<B>" ... SSLEnabled="true" ... scheme="https" secure="true" clientAuth="false" keystoreFile="... .keystore" keystorePass="pword" sslProtocol = "TLS" /> <Connector port="<C>" ... />

  Read the article

< Previous Page | 46 47 48 49 50 51 52 53 54 55 56 57  | Next Page >