Search Results

Search found 13454 results on 539 pages for 'ws security'.

Page 7/539 | < Previous Page | 3 4 5 6 7 8 9 10 11 12 13 14  | Next Page >

  • WS-Security using the ASMX file in ASP.NET 3.5

    - by Adam
    Basically I need to setup my ASMX file so that when I pull it up in a browser to display the WebMethod specification the Soap Header conforms to this format: <soap:Header> <wsse:Security> <wsse:UsernameToken wsu:Id='SecurityToken-securityToken'> <wsse:Username>Username</wsse:Username> <wsse:Password>Password</wsse:Password> <wsu:Created>Timestamp</wsu:Created> </wsse:UsernameToken> </wsse:Security> </soap:Header> Back-story: I'm integrating with a client application that is already built (and owned by another company). Basically this client application already has their soap messages all set up from its past integrations with other companies. So we've opted to just build a web service using an ASMX file that matches the WSDL that they're already setup to consume. Is it possible to get WS-Security working on an ASMX file or is ASMX too simplistic and I have to upgrade to WFC (which I really don't want to do)?

    Read the article

  • Problem consuming Exchange Web Service 2010 with jax-ws metro

    - by Johan Karlberg
    I am trying to consume the Exchange 2010 Web Service interface using JAX-WS. I'm using JAX-WS 2.2 RI (Metro 2.0). 2.1 exhibited the same problem. I am running into trouble with Exchange, which returns "HTTP/1.1 415 Cannot process the message because the content type 'text/xml;charset=utf-8' was not the expected type 'text/xml; charset=utf-8'." as a reponse (2.1 quoted the charset value, otherwise same response). Apparently I need to dictate the exact Content-type header for Exchange to be happy. Is there a way for me to do this without forcing me to manually rebuild the dependency? I currently rely on published maven artifacts, and would like to continue doing this if at all possible. The consuming process is a regular J2SE app, with no containers in sight. I have control of the application and can add pretty much anything required to the applications scope, but can not add out-of-process items like proxy servers. The client classes were generated from local WSDL, but the charset specification is derived from constants declared in the jaxws RI implementation, not the generated code. The resulting HTTP transport is thus handled by the standard http/https client from Sun JRE5 or JRE6.

    Read the article

  • Writing files in a sub folder of the web folder (apache security)

    - by Homunculus Reticulli
    I need to save session data for a dynamic web page script by writing to file. I have two questions: Are there any security preferences as to whether to save the data UNDER the web folder, or OUTSIDE the web folder? I attempted to write to the folder an (unsuprisingly), I had a 'file permission refused' type error. Should I set the folder ownership to the apache user (600, 640 or 644?) [[Edit]] core <- 'OUTSIDE' web folder (php script live here) data <- 'OUTSIDE' web folder (session data and other misc data resides here) web <- web root folder js <- any folder below is 'INSIDE' the web folder css html For example, in a php script (i.e. a dynamic PHP page), I can attempt to write to a file using something like fput('../data',data) yet (as I understand it) ../data should not be accessible - for security reasons. Could someone please provide a simple example that shows how to provide access to ../data/ in the example given above?. What are the actual SPECIFIC steps required? BTW, I am running on a LAMP stack.

    Read the article

  • Security Goes Underground

    - by BuckWoody
    You might not have heard of as many data breaches recently as in the past. As you’re probably aware, I call them out here as often as I can, especially the big ones in government and medical institutions, because I believe those can have lasting implications on a person’s life. I think that my data is personal – and I’ve seen the impact of someone having their identity stolen. It’s a brutal experience that I wouldn’t wish on anyone. So with all of that it stands to reason that I hold the data professionals to the highest standards on security. I think your first role is to ensure the data you have, number one because it can be so harmful, and number two because it isn’t yours. It belongs to the person that has that data. You might think I’m happy about that downturn in reported data losses. Well, I was, until I learned that companies have realized they suffer a lowering of their stock when they report it, but not when they don’t. So, since we all do what we are measured on, they don’t. So now, not only are they not protecting your information, they are hiding the fact that they are losing it. So take this as a personal challenge. Make sure you have a security audit on your data, and treat any breach like a personal failure. We’re the gatekeepers, so let’s keep the gates. Share this post: email it! | bookmark it! | digg it! | reddit! | kick it! | live it!

    Read the article

  • Security Risks of Unsigned ClickOnce Manifests

    - by Tom Tom
    Using signed manifests in ClickOnce deployments, it is not possible to modify files after the deployment package has been published - installation will fail as hash information in the manifest won't match up with the modified files. I recently stumbled upon a situation where this was problematic - customers need to be able to set things like connection strings in app.config before deploying the software to their users. I got round the problem by un-checking the option to "Sign the ClickOnce manifests" in VS2010 and explicitly excluding the app.config file from the list of files to have hashes generated during the publish process. From a related page on MSDN "Unsigned manifests can simplify development and testing of your application. However, unsigned manifests introduce substantial security risks in a production environment. Only consider using unsigned manifests if your ClickOnce application runs on computers within an intranet that is completely isolated from the internet or other sources of malicious code." In my situation, this isn't an immediate problem - the deployment won't be internet-facing. However, I'm curious to learn what the "substantial security risks" of what I've done would be if it was internet-facing (or if things changed and it needed to be in the future). Thanks in advance!

    Read the article

  • chrome extension login security with iframe

    - by Weaver
    I should note, I'm not a chrome extension expert. However, I'm looking for some advice or high level solution to a security concern I have with my chrome extension. I've searched quite a bit but can't seem to find a concrete answer. The situation I have a chrome extension that needs to have the user login to our backend server. However, it was decided for design reasons that the default chrome popup balloon was undesirable. Thus I've used a modal dialog and jquery to make a styled popup that is injected with content scripts. Hence, the popup is injected into the DOM o the page you are visiting. The Problem Everything works, however now that I need to implement login functionality I've noticed a vulnerability: If the site we've injected our popup into knows the password fields ID they could run a script to continuously monitor the password and username field and store that data. Call me paranoid, but I see it as a risk. In fact,I wrote a mockup attack site that can correctly pull the user and password when entered into the given fields. My devised solution I took a look at some other chrome extensions, like Buffer, and noticed what they do is load their popup from their website and, instead, embed an iFrame which contains the popup in it. The popup would interact with the server inside the iframe. My understanding is iframes are subject to same-origin scripting policies as other websites, but I may be mistaken. As such, would doing the same thing be secure? TLDR To simplify, if I embedded an https login form from our server into a given DOM, via a chrome extension, are there security concerns to password sniffing? If this is not the best way to deal with chrome extension logins, do you have suggestions with what is? Perhaps there is a way to declare text fields that javascript can simply not interact with? Not too sure! Thank you so much for your time! I will happily clarify anything required.

    Read the article

  • Custom Glassfish Security Realm does not work (unable to find LoginModule)

    - by ifischer
    I'm trying to get a Custom Security Realm in Glassfish working (i tried 3.0.1 final and 3.1 B33). I read nearly all tutorials about this, but it doesn not work on my System. I'm getting the error Login failed: javax.security.auth.login.LoginException: unable to find LoginModule class: de.company.security.utility.CustomLoginModule when trying to login. Here is what i did: I created a little Maven project, which contains the needed Realm class, CustomRealm, and the corresponding LoginModule, CustomLoginModule. My pom.xml: <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> <modelVersion>4.0.0</modelVersion> <groupId>com.mycompany</groupId> <artifactId>CustomJDBCRealm</artifactId> <version>1.0-SNAPSHOT</version> <packaging>jar</packaging> <name>Custom JDBCRealm</name> <url>http://maven.apache.org</url> <properties> <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding> </properties> <dependencies> <dependency> <groupId>org.glassfish.security</groupId> <artifactId>security</artifactId> <version>3.1-b33</version> </dependency> </dependencies> <build> <plugins> <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-compiler-plugin</artifactId> <configuration> <source>1.6</source> <target>1.6</target> <optimise>true</optimise> <debug>true</debug> <encoding>UTF-8</encoding> </configuration> </plugin> </plugins> </build> </project> My Custom Realm class: package de.company.security.utility; import com.sun.appserv.security.AppservRealm; import com.sun.enterprise.security.auth.realm.BadRealmException; import com.sun.enterprise.security.auth.realm.InvalidOperationException; import com.sun.enterprise.security.auth.realm.NoSuchRealmException; import com.sun.enterprise.security.auth.realm.NoSuchUserException; import java.util.Enumeration; import java.util.Properties; import java.util.Vector; /** * * @author ifischer */ public class CustomRealm extends AppservRealm { Vector<String> groups = new Vector<String>(); private String jaasCtxName; private String startWith; @Override public void init(Properties properties) throws BadRealmException, NoSuchRealmException { jaasCtxName = properties.getProperty("jaas-context", "customRealm"); startWith = properties.getProperty("startWith", "z"); groups.add("dummy"); } @Override public String getAuthType() { return "Custom Realm"; } public String[] authenticate(String username, char[] password) { // if (isValidLogin(username, password)) return (String[]) groups.toArray(); } @Override public Enumeration getGroupNames(String username) throws InvalidOperationException, NoSuchUserException { return groups.elements(); } @Override public String getJAASContext() { return jaasCtxName; } public String getStartWith() { return startWith; } } My LoginModule class: /* * Copyright (c) 2010 ProfitBricks GmbH. All Rights Reserved. */ package de.company.security.utility; import com.sun.appserv.security.AppservPasswordLoginModule; import com.sun.enterprise.security.auth.login.common.LoginException; import java.util.Set; import org.glassfish.security.common.PrincipalImpl; /** * * @author ifischer */ public class CustomLoginModule extends AppservPasswordLoginModule { @Override protected void authenticateUser() throws LoginException { _logger.info("CustomRealm : authenticateUser for " + _username); final CustomRealm realm = (CustomRealm)_currentRealm; if ( (_username == null) || (_username.length() == 0) || !_username.startsWith(realm.getStartWith())) throw new LoginException("Invalid credentials"); String[] grpList = realm.authenticate(_username, getPasswordChar()); if (grpList == null) { throw new LoginException("User not in groups"); } _logger.info("CustomRealm : authenticateUser for " + _username); Set principals = _subject.getPrincipals(); principals.add(new PrincipalImpl(_username)); this.commitUserAuthentication(grpList); } } I compiled this Maven project and copyied the resulting JAR-file to the Glassfish/lib directory. Then i added the Security Realm "customRealm" to my Glassfish with asadmin: asadmin create-auth-realm --classname de.company.security.utility.CustomRealm --property jaas-context=customRealm:startWith=a customRealm I even referenced the LoginModule class for the JAAS context of my Custom Realm, therefore i inserted this into the login.conf of my domain: customRealm { de.company.security.utility.CustomLoginModule required; }; Although this LoginModule SHOULD BE on the Glassfish classpath, as it's classfiled is packaged in the JAR that i put into the Glassfish/lib-dir, it cannot be found when i try to login. For login, i build a really simple JSF-project, which calls the HttpServletRequest-login-method of Servlet 3.0. When trying to login i'm getting the following Exception: 2010-12-24T14:41:31.613+0100|WARNING|glassfish3.0.1| javax.enterprise.system.container.web.com.sun.web.security|_ThreadID=25; _ThreadName=Thread-1;|Web login failed: Login failed: javax.security.auth.login.LoginException: unable to find LoginModule class: de.company.security.utility.CustomLoginModule Anybody got an idea what i can do that Glassfish loads the LoginModule-class?

    Read the article

  • Spring security with GAE

    - by xybrek
    I'm trying to implement Spring security for my GAE application however I'm getting this error: No bean named 'springSecurityFilterChain' is defined I added this configuration on my application web.xml: <filter> <filter-name>springSecurityFilterChain</filter-name> <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> </filter> <filter-mapping> <filter-name>springSecurityFilterChain</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> And in the servlet-context: <!-- Configure security --> <security:http auto-config="true"> <security:intercept-url pattern="/**" access="ROLE_USER" /> </security:http> <security:authentication-manager alias="authenticationManager"> <security:authentication-provider> <security:user-service> <security:user name="jimi" password="jimi" authorities="ROLE_USER, ROLE_ADMIN" /> <security:user name="bob" password="bob" authorities="ROLE_USER" /> </security:user-service> </security:authentication-provider> </security:authentication-manager> What could be causing the error?

    Read the article

  • Jaxb2Marshaller and primitive types

    - by Thomas Einwaller
    Is it possible to create a web service operation using primitive or basic Java types when using the Jaxb2Marschaller in spring-ws? For example a method looking like this: @Override @PayloadRoot(localPart = "AddTaskRequest", namespace = "http://example.com/examplews/") public long addTask(final Task task) throws AddTaskFault { // do something return 0; } I am using the maven jaxws plugin to generate the interface and model classes from my WSDL. When I try to call the webservice I get the following error: java.lang.IllegalStateException: No adapter for endpoint [...]: Does your endpoint implement a supported interface like MessageHandler or PayloadEndpoint I found out that if I change the method to that: @Override @PayloadRoot(localPart = "AddTaskRequest", namespace = "http://example.com/examplews/") public JAXBElement<Long> addTask(final JAXBElement<Task> task) throws AddTaskFault { final ObjectFactory objectFactory = new ObjectFactory(); return objectFactory.createAddTaskResponse(0L); } I am able to call it - but this signature is not compatible with the interface generated by the maven jaxws plugin. What can I do to configure either spring-ws to be able to use the first kind of implementation or to tell maven jaxws plugin to generate the second variant of the interface? UPDATE: My relevant spring-ws config entries look like that: <bean id="marshaller" class="org.springframework.oxm.jaxb.Jaxb2Marshaller"> <property name="contextPath" value="com.example.examplews" /> </bean> <bean class="org.springframework.ws.server.endpoint.adapter.GenericMarshallingMethodEndpointAdapter"> <constructor-arg ref="marshaller" /> </bean> <bean class="org.springframework.ws.server.endpoint.mapping.PayloadRootAnnotationMethodEndpointMapping"> <property name="order" value="1" /> </bean>

    Read the article

  • WS-Security on iphone, is it possible?

    - by emmanuel.aquino
    Hello, I'm new here and I'm facing a problem. I need to know if it is possible to implement the WS-Security protocol with X.509 certificates on a native iPhone application. I haven't found much information on the web, except this information from Apple about security services. I just want to ask, is it possible? has it been made before?. If it is posbile, can you point me in the right direction?. Thanks in advance.

    Read the article

  • Could someone explain Spring Security BasePermission.Create?

    - by Matthew Sowders
    I am working on a project that involves Spring Security ACL and I came across the create permission BasePermission.CREATE. Would someone please explain how this is supposed to work or what it allows someone to do? It is my understanding that each object has an acl, and each acl has many ace's, and each ace has an sid and a permission. How can you grant permission on an object to create it, if it must be created in order to attach the acl to it?

    Read the article

  • Can't work out security

    - by user215351
    I installed Ubuntu on puter I am the only user I alone use. I was trying a to find out how to repair hardware faults. Surprised to find I was not the owner and that there is a password that locks me out. I only set one password during set up so what is this mysterious password. As far as I'm concerned it is overdone on security, Im sick of authenticating every 3 seconds. I need a simpler system

    Read the article

  • Worst security hole you've seen?

    - by Si
    Subject says it all, probably a good idea to keep details basic to protect the guilty. FWIW, here's a question about what to do if you find a security hole, and another with some useful answers if a company doesn't (seem to) respond.

    Read the article

  • NoSuchMethodError: com/sun/istack/logging/Logger.getLogger

    - by pandi-sus
    I developed a webservice and deployed it to websphere 7.0 and developed a dynamic dispatch client using JAX-WS APIs which also runs on same application server. I get error at the following line: Dispatch dispatch = service.createDispatch(portName, SOAPMessage.class, Service.Mode.MESSAGE); Error: Caused by: java.lang.NoSuchMethodError: com/sun/istack/logging/Logger.getLogger(Ljava/lang/Class;)Lcom/sun/istack/logging/Logger; at com.sun.xml.ws.api.config.management.policy.ManagementAssertion.(ManagementAssertion.java:87) at java.lang.J9VMInternals.initializeImpl(Native Method) at java.lang.J9VMInternals.initialize(J9VMInternals.java:200) at java.lang.J9VMInternals.initialize(J9VMInternals.java:167) at com.sun.xml.ws.server.MonitorBase.createManagedObjectManager(MonitorBase.java:177) at com.sun.xml.ws.client.Stub.(Stub.java:196) at com.sun.xml.ws.client.Stub.(Stub.java:174) at com.sun.xml.ws.client.dispatch.DispatchImpl.(DispatchImpl.java:129) at com.sun.xml.ws.client.dispatch.SOAPMessageDispatch.(SOAPMessageDispatch.java:77) at com.sun.xml.ws.api.pipe.Stubs.createSAAJDispatch(Stubs.java:143) at com.sun.xml.ws.api.pipe.Stubs.createDispatch(Stubs.java:264) at com.sun.xml.ws.client.WSServiceDelegate.createDispatch(WSServiceDelegate.java:390) at com.sun.xml.ws.client.WSServiceDelegate.createDispatch(WSServiceDelegate.java:401) at com.sun.xml.ws.client.WSServiceDelegate.createDispatch(WSServiceDelegate.java:383) at javax.xml.ws.Service.createDispatch(Service.java:336) I included the following dependency. javax.xml.ws jaxws-api 2.1 I also tried adding policy dependency (versions - 2.2 and 2.2.1) com.sun.xml.ws policy 2.2.1 Any ideas on what more dependencies I need to add?

    Read the article

  • Security risks posed by specifying technologies used

    - by SabreWolfy
    I am developing online tools for non-commercial use, which are hosted on dedicated hardware. I would like to include logos indicating the technologies I used (Apache or Python for example), at the bottom of the page. What are the security risks/implications, if any, of "advertizing" this information? It is better not to reveal that the web server is Apache, and that I used Pyhton and jQuery, for example?

    Read the article

  • Save File to Sharepoint Server using JAX-WS

    - by Evan Porter
    I'm trying to save a file to a Sharepoint server using JAX-WS. The web service call is reporting a success, but the file doesn't show up. I used this command (from a WinXP) to generate the Java code to make the JAX-WS call: wsimport -keep -extension -Xnocompile http://hostname/sites/teamname/_vti_bin/Copy.asmx?WSDL I get a handle on the web service which I called port using the following: CopySoap port = null; if (userName != null && password != null) { Copy service = new Copy(); port = service.getCopySoap(); ((BindingProvider) port).getRequestContext().put(BindingProvider.USERNAME_PROPERTY, userName); ((BindingProvider) port).getRequestContext().put(BindingProvider.PASSWORD_PROPERTY, password); } else { throw new Exception("Holy Frijolé! Null userName and/or password!"); } I called the web service using the following: port.copyIntoItems(sourceUrl, destUrlCollection, fields , "Contents of the file".getBytes(), copyIntoItemsResult, copyResultCollection) The sourceUrl and the only url in destUrlCollection equals "hostname/sites/teamname/Tech Docs/Sub Folder". The FieldInformationCollection object named fields contains only one FieldInformation. The FieldInformation object has "HelloWorld.txt" as the value for displayName, internalName and value. The type property is set to FieldType.FILE. The id property is set to (java.util.UUID.randomUUID()).toString(). The call to copyIntoItems returns successfuly; copyIntoItemsResult contains a value of 0 and the only CopyResult object set in copyResultCollection has an error code of "SUCCESS" with a null error message. When I look into the "Tech Docs" library on Sharepoint, in the "Sub Folder" there's no file there. Why wouldn't it tell me what I did wrong? Did I just miss a step? Update (Feb 26th, 2011) I've changed my FieldInformation object's displayName and internalName properties to be "Title" as suggested. Still no joy, but a step in the right direction. After playing around with the urls for a bit, I got these results: With both the sourceUrl and the only destination URL equivalent, with no protocol, I get the SUCCESS response but no actual document appears in the document library. With both of the URLs equivalent but with an "http://" protocol specified, I get an UNKNOWN error with "Object reference not set to an instance of an object." as the message. With the source URL an empty string or null, I get an UNKNOWN error with " Value does not fall within the expected range." as the error message.

    Read the article

  • jax-ws: how to get a handle to start/end of processing incoming soap message

    - by Gerard
    Situation: jax-ws web service on Weblogic appserver; wsdl first development, jaxb customizations in external binding file. I would like to get a handle to the actual jaxb context that will process the incoming soap xml message, before it has been unmarshalled into java objects. Then I would like to get the unmarshaller of this jaxb context - the one that actually will be used during the unmarshalling. And then setup some properties of this unmarshaller (e.g. listener and idresolver).

    Read the article

  • Microsoft Blacklists Google, Windows 8 Integrated Security

    According to researcher Brian Krebs, millions of surfers were affected by the error which was caused by two of Microsoft's antivirus solutions in the form of Microsoft Security Essentials and the business-related Microsoft Forefront. Both received updates as part of Microsoft's traditional Patch Tuesday on February 14, and those patches are believed to be the cause behind Google's incorrect blacklisting. The false positive alert specifically tagged the search site as being infected with the infamous Blackhole Exploit Kit, which reportedly gives cybercriminals the power to create their own bo...

    Read the article

  • jax-ws, authentication for php clents

    - by kislo_metal
    Scenario: Server is glassfish with jax-ws web services and clients is php based What type of authentication for web services is more computable with php based clients ? HTTP Basic Authentication HTTPS Client Authentication Mutual Authentication (is it supported ?) Digest Authentication (is it supported ?) Description : Specifying an Authentication Mechanism Thank you!

    Read the article

  • C++ library for making Jax WS calls

    - by Harsha Reddy
    Hi all, I want to know if there are any C++ libraries which allow me to make JAX WS calls for a web service to a server. (Mainly the SOAP message part - the serialization and de-serialization of SOAP message.) My web service is in java but i need to invoke it using c++. Thanks, Harsha

    Read the article

< Previous Page | 3 4 5 6 7 8 9 10 11 12 13 14  | Next Page >