1. Creating a REST webserver with security stackoverflow.comI am very new to creating webservers - and I have had several goes at trying to understand them and write a quick webserver, but it's never quite 'clicked'. At ... |
2. Solutions for Java User Account Management stackoverflow.comI currently work on a Java web application that has relies on a permissions mechanism to manage user content. This of course means that we need to manage users. Our current ... |
3. Java EE security - application clients stackoverflow.comI'm writing on a Java EE project which will have everything from 3-6 different clients. The project is open source, and I wonder what security mechanisms one could/should use. The problem ... |
4. How best to sanitize input in Java webapp stackoverflow.comWe use jsp, servlets, beans with mysql database. We don't want to restrict the characters entered by users on form fields. So how do I sanitize the input and how to ... |
5. how to create a secure licensed j2ee application? stackoverflow.comWe are developing a j2ee application backed by any database of customer choice. We will sell to customers based on per user license price. How do I make sure, the application ... |
6. AccessController.doPrivileged stackoverflow.comI am trying to figure out what some legacy code is doing. What exactly is this line doing, and why would I need it this way?
|
7. Should I use Security Manager in Java web applications? stackoverflow.comIs it sufficient to secure a Java web application with the rights of the user that is running the application server process or is it reasonable also to use SecurityManager with ... |
8. How does one protect a webapp to be accessed only by localhost? stackoverflow.comI am planning to run a java web application and solr in the same java container. I want the web application to be publicly accessible but solr to be accessible only ... |
9. Alternative ways to configure security constraints with container managed security outside web.xml? stackoverflow.comif you use Java EE 6 container managed security, you can configure security constraints for resources inside the web.xml deployment descriptor. Are there alternative ways to do this? For example the container ... |
10. OWSM custom security policy for JAX-WS, GenericFault stackoverflow.comI tried creating custom security and policy as given here: http://download.oracle.com/docs/cd/E15523_01/relnotes.1111/e10132/owsm.htm#CIADFGGC when I run the service client custom assertion is executed, returning successfully.
|
11. why it is good idea to disable REFRESH in web application(for security purposes) stackoverflow.comwe are doing XSRF fixes for our code. we are using the session token to request token comparison method to achieve this. in case when session token is not equal to ... |
12. websphere-mq security changes in 7.0 + - Is it possible to secure MQ objects without using security exits stackoverflow.comWe are using security exits in WebsphereMQ 6.0 to provide security in java clients connecting to MQ and MQ - MQ connectivity. We use security exits to provide secure way to ... |
13. user access management in j2ee web application stackoverflow.comI am working with jsp/servlet project and i have to complete the module of access management to my jsps since I have more than one user with different profile. I defined a ... |
14. On Linux do people chroot a Java Web Application or use IPTables and run as non-root? stackoverflow.comWhen you run a Java Servlet Container that you would like to serve both static and dynamic content on port 80 you have the classic question of whether to run the ... |
15. Security in distributed web applications system stackoverflow.comI have a set of three web application systems - A, B & C that are used to service my application. The A system has the core business logic and ... |
16. Looking for Tutorial/How To for JAX-WS Client Security stackoverflow.comI have been given a WSDL to generate a client against which uses a security policy. This is my first time using a security policy and although I've read about ... |
17. Use Enum type as value parameter for @RolesAllowed-Annotation stackoverflow.comI'm developing a Java Enterprise application, currently doing JEE-Security stuff to restrict access for particular functions to specific users. I configured the application server and everything, now i'm using the RolesAllowed-annotation ... |
18. Data Access control in J2EE technologies stackoverflow.comI am working on a project that requires that i implement a mechanism for controlling data access to the content that displayed on the pages. First off to clarify, i am ... |
19. Getting a trusted signature for a Java Web Start application stackoverflow.comI'm planning to distribute an application over the internet with Java Web Start, and I'm aware that I'll need to sign the application to enable certain security privileges (network connections, dynamic ... |
20. Java EE 6 Security Model: How to add or delete user stackoverflow.comI read most of the documentation, I only see the use of |
21. get 2035 on connecting to the base queue stackoverflow.comI am running a simple Java client to connect to a remote MQ queue.
|
22. Open source web app more prone to hacking? stackoverflow.comAt a recent interview, I was asked: Open source web app (say built on Struts/Spring) is more prone to hacking since anyone can access the source code and change it. How do ... |
23. MQ security - getting a 2035 on one queue stackoverflow.comI have a application that is trying to put a message to a queue(LOG.TRANSACTION.IN) on a remote queue manager. The message ends up failing with a 2035 and is put ... |
24. java ee6 security - use user entity class stackoverflow.comAll I need is a simple login page that will check against the username and password of a simple User entity class. Is that possible with JAVA EE6? In the tutorials they ... |
25. Best way to handle standardized look/feel and security across web applications? stackoverflow.comI received a request from my users that they want is a common "portal" for any web applications from my development group. Currently, if we have X number of web apps, ... |
26. After implementing OWASP, application works in IE and Firefox but not Safari stackoverflow.comRecently we implemented OWASP security solutions with OWASP.jar. After this, our application was working fine in IE 7 and Firefox 3.5. But the application is not working in Safari 4.0.5 or ... |
27. detecting vulnerabilities in web applications and desktop applications stackoverflow.comSorry, this is not a question about a specific programming language, but i need opinion on this. Please don't vote for close. where do I learn about detecting vulnerabilities from the scratch? I ... |
28. Exploitable Java functions stackoverflow.comThis question is similar to Exploitable PHP Functions. Tainted data comes from the user, or more specifically an attacker. When a tainted variable reaches a sink function, then ... |
29. java.lang.SecurityException: class "org.apache.log4j.Logger" does not match trust level of other classes in the same package stackoverflow.comFor an java web application, I got this error when using JRE 1.6.0_22, however, it works fine when using JRE 1.6.0_13. I searched in google, and find the there is a security ... |
30. Specifying access control in a Java EE deployment descriptor stackoverflow.comI'm using JSF 2 with Glassfish 3 and I'm about to configure access control. As I understand it, this is done in web.xml with security-constraint containing web-resource-collection and auth-constraint. Lets say ... |
31. Inter application communication internet wide stackoverflow.comI've done some searching and found lots of answers that don't quite give me what I'm looking for, so here goes. Firstly I'm looking into an area I'm not really familiar with, ... |
32. Java .policy file - how to prevent java.util.Date() from being accessible stackoverflow.comI am playing around with the java .policy file and was wondering how I could go about doing something like preventing calls to java.util.Date(), as an example. I just want to get ... |
33. secure webapplication online stackoverflow.comI have a webapplication which id like to host online. The user logon consists of a hashed password which is saved in the db and verified via the code, simple but ... |
34. How to manage a large number of permissions? stackoverflow.comI am working on a large JEE web-app with CRM functionalit and we are looking for a security approach/library/solution/anything. Basic role-based security won't work since access control must be based on ... |
35. Question on jvm-wide properties and multithreading stackoverflow.com
|
36. Question (again) on eclipse debugging java apis stackoverflow.com
|
37. How to log to application log and security log from the same application stackoverflow.comI have an application that needs to log "application log messages" to an appender and "security log messages" to another appender (security log messages cannot appear in the application log). I ... |
38. Possible causes can be invoking https when the application is not configured for security stackoverflow.comI create web service
|
39. How to add access checks to a method (and create a new method based on the "advised" method) with AspectJ? stackoverflow.comConsider this code:
Is it possible to add an aspect-based ... |
40. How to get the value of an annotation parameter for usage in AspectJ? stackoverflow.comConsider this method:
This pointcut basically matches if the method has an @Access annotation:
But how can I access the field ... |
41. How to add a method to a class where the method name is based on an existing, annotated method in AspectJ? stackoverflow.comConsider this code:
|
42. Security flaws in code with veracode tool stackoverflow.comi ran my application for security compilance in veracode tool.
And whenever the tool find any logging it detected as a flaw in code |
43. How can I provide security in a web-application by jdbcRealm when I have few user tables stackoverflow.comI have a problem with security in Java EE. I have an application that supposed to be a kind of e-shop. I have three entities: User class that is not mapped into ... |
44. HANDSHAKE_FAILURE alert received stackoverflow.comI am writing a Java client (on weblogic 10.3) to invoke a secure web service. I have been provided with a client certificate which I have installed in cacerts, DemoIdentity.jks and DemoTrust,jks In ... |
45. e-commerce website architecture stackoverflow.comI would like to create a rest architecture for an e-commerce website application. In fact, there would be :
|
46. How to change the original requested page used by j_security_check? stackoverflow.comWhen an unauthenticated user request some resources, he will be redirected to a login page but |
47. Use Application Server based User management or Custom User management? stackoverflow.comI'm following the JEE6 tutorial and am reading the part related to security. In the examples, the user management is done using the features provided with the ... |
48. Container Managed Security for Web APplication stackoverflow.comI am completely new to Container managed security and need some help with configuring it in my web application. I want to restrict access to the jsp's within my web application. This ... |
49. How can queues be made private/secure in RabbitMQ in a multitenancy system? stackoverflow.comI have read the Get Started guide provided by RabbitMQ and have even contributed the sixth example to stormed-amqp, so I have an inkling of knowledge about ... |
50. Java client for the X.509 secured web-service stackoverflow.comI have remote web-service which is secured with X.509 certificate. |
51. How to pass other data with j_security_check? stackoverflow.comI use IBM Websphere Application Server 6.1 and my login screen have controls as:
|
52. Uses of Java Security Manager stackoverflow.comI was reading some article on Java Security, and came across uses of java.policy files for granting permission to the source code coming from different code sources. My question is, do we ... |
53. How to implement a logout when using form based security stackoverflow.comI use a JDBC form based security realm, and i want to implement a logout, but when i click on the link i see this exception: java.lang.RuntimeException: java.security.AccessControlException: access ... |
54. Insecure WAR in a server machine stackoverflow.comI'm going to deploy my webapp (WAR) in a server machine. But, server machine is in client people hand, and they take database dump(so new data can be created), and WAR ... |
55. Cannot modify Quality of Service Security attributes. Use Development Defaults always enabled. forums.netbeans.orgHi all. Having some issues setting the attributes for securing a web service. I am using NB 6.5 and Glassfish 2.1. In the Quality of Service Tab I enable the Secure ... |
56. Security:MessageDigest.isEqual() forums.netbeans.orgHi, i've the following method to encrypt a password and addthe pair(login,hashedPassword) to a hash table. When later i try to compare the byte value of(hashedPassword) in the Hashtable to the ... |
57. Issues w/ J Security Check forums.netbeans.orgUsing form-based authentication with j_security_check in glassfish. The first logon works. User presses back button. The second logon fails. The browser URL after the second logon fails is http://(mydomain/j_security_check. "404 Not ... |
58. RE: Issues w/ J Security Check forums.netbeans.orgThe question has nothing to do with NetBeans and you may have more luck getting a meaningful response in one of the Glassfish forums. I had recently the same problem (but ... |
59. Problems runing simple security scenarios forums.netbeans.orgI'm trying to run sample applications from http://archive.moreservlets.com ilustrating basic and form based web application security. I've create the security realm in my Glassfish server and created a few user with ... |
60. Re: Problems runing simple security scenarios forums.netbeans.orgHi Techy, This may be related to a problem I have found with IE and Ajax. Here is the message that I put up for my users: Due to a quirk ... |
61. Re: Problems runing simple security scenarios forums.netbeans.orgThanks. While it did not change the behavior or IE it inspired me to switch to Mozilla. And, with Mozilla, at least when I manually delete the password cache it does ... |
62. Re: Issues w/ J Security Check forums.netbeans.orgThe question has nothing to do with NetBeans and you may have more luck getting a meaningful response in one of the Glassfish forums. I had recently the same problem (but ... |
63. Applet View Problems -java.security.AccessControlException: access denied (java.lang.RuntimePermission modifyThreadGroup) forums.netbeans.orgI have a relatively large Applet that runs in the browser, but just recently won't run in applet viewer. (In fact nothing will run, even simple blank applets). NB 6.8, Jdk ... |
64. Either bug or mistake? Netbeans and security manager forums.netbeans.orgDear developers, I have already mentioned this earlier, but my question did not receive any attention. I am observing bizzare netbeans behaviour, which may be a bug. Full Netbeans distribution v 6.9.1 Apache Tomcat (comes with netbeans) 6.0.26 How to recreate: 1. create new empty Web Application project, select Apache Tomcat for deployment. 2. right click Apache Tomcat server in Services ... |
65. Security issue forums.netbeans.org |
66. Java EE6 and security constraints forums.netbeans.orgHow do I setup SSL for a Web Service in a Java Enterprise Application? In a Web Application I add a Security Constraint in web.xml, but what about Enterprise Applications? There's no web.xml there. I noticed i can add a standard deployment descriptor (ejb-jar.xml). I'm not sure if it's the same as web.xml and i don't know where i should put ... |
67. Advanced security options forums.netbeans.orgHi, I'm developing a soap web service client that asserts a signed saml assertion token, then signs and encrypt the entire message. The wsdl file for the service indicates those, so I set up everything by setting the web service's attribute. When I print the soap request out, I can see that the message is indeed encrypted and signed. However, the ... |
68. deploy a security realm? forums.netbeans.org |
69. Security Policy file in windows ? forums.netbeans.orgHowever when I try to run the server I get errors java.security.AccessControlException: access denied (java.net.SocketPermission 127.0.0.1:1099 connect,resolve) at java.security.AccessControlContext.checkPermission(AccessControlContext.java:323) at java.security.AccessController.checkPermission(AccessController.java:546) at java.lang.SecurityManager.checkPermission(SecurityManager.java:532) at java.lang.SecurityManager.checkConnect(SecurityManager.java:1034) at java.net.Socket.connect(Socket.java:513) at java.net.Socket.connect(Socket.java:469) at java.net.Socket. |
70. ehache 1.7.2 Update check posing security threat forums.terracotta.orgSetting it in the pom doesn't necessary mean it'll apply to your app. It means, there's a property in your Maven project. How are you using Ehcache? In a stand alone app? in a webapp? How do you start the app? Or are you running as Maven test? posting your pom.xml would help here. If you're using Linux, you can check ... |
71. security web application coderanch.comI think that you may use a variable in your session. Once you are logged, you set the variable to true (if the login is correct, of course). Every time that you access a ressource, you must first check if your variable is set to true, if not you redirect to login.html, else you continue your business logic. I think there ... |
72. 10 Web App Security Vulnerabilities coderanch.com |
73. Web application security... coderanch.comI'm planning out an admin section for a web site I'm working on, and security is something I have a question about. Typically, I'd set a String to session when a user logs in and check for that variable on every "admin page". This works ok, but the session doesn't always die out until they close the browser window (even after ... |
74. Web App security coderanch.comHello, What are the basic securing methods(implementations) that should be noticed when coding JSP/Servlet/Filter based Web applications? I don't mean just https connections, but things like: login securing URLs that are not meant to used directly security options in web.xml global errorpages defined to web.xml to catch exceptions groups access rights How these are usually handled in Web Application? Are there ... |
75. J2EE Security.. coderanch.com |
76. web app security constraints coderanch.com |
77. implementing security for a web application coderanch.comHi Sejal, this probably varies a little according to what Servlet container you're using. But in general, you'll probably want to get a certificate and configure your app server accordingly. This will let you use https. As for security constraints and other stuff, just follow the standard (declaring security constraints and such in your servlet container's config file) |
79. web app security issues coderanch.comHi, I am trying to implement web app security. I have a web-app called security running on my tomcat. I am able to implement authentication and authorization,but am not able to implement data confidentiality. The problem that I am running into are listed below: 1) Whenever I try to implement data confidentiality, I get a page cannot be displayed error. But ... |
80. Once logged in using J2EE's big 4 (security)...where does it go? coderanch.com |
81. Security constaint in J2ee 1.3 container - Web.xml coderanch.com |
82. web app security authorization question coderanch.comI've tested and used the tomcat-user.xml file in conjunction with the |
83. How to handle Security in a Webapp with a JDBCRealm coderanch.comHello everybody I'm reading a lot about Webapp Security in the Moment and I try to implement this the official way with |
84. J2EE Security coderanch.comI'm trying to set up application security for a project I'm working on and I'm running into a bit of difficulty. In my deployment descriptor, I have this: |
85. Aplication Servers and Row/Column level security coderanch.comIn oracle database there are three methods for implementing row/column level security : - views and access control over these views. - Virtual Private Database. - Oracle Label Security. But all of them use the user account utilized to logging into database. The context of my question is : user --> webServer --> EJBserver --> DataBase In a application server (oracleAS, ... |
86. Security For my web-application coderanch.com |
87. J2EE Security Concerns and Confusions coderanch.comI have no knowledge about j2ee security but I am giving it a second look now. I have been studying this for a while now but cant get my head to understand all the concepts. I have been involved in web projects that runs on the company's local Intranet only. As I have checked, there's no security constraints appended to it. ... |
88. Recommended Security Architecture coderanch.comI am assigned a task to work on Portal based upon Portlet 2.0 that will be deployed on Tomcat using Jetspeed 2.2.1. However in future this must be deployable on other portlet servers like IBM WebSphere. In first step I have to work out the possible security model for the application. Major requirements for security: - Based on some standard - ... |
89. Encoding action Url for increasing the web app security coderanch.comTo expand on Madhan's recommendation: packet sniffing isn't the issue. Unless every millimetre of the cable between client and server are physically isolated, people can sniff packets. Even then you're not totally safe, since tricks like monitoring the "radio noise" generated by computers and network equipment have been done. The key is to make the "sniffed" data unusable, and that means ... |
90. Installing Site Minder for security reasons to the application coderanch.comOur ALUI Portal is hosted in IIS. For security reasons, we have now included Site Minder. After enabling the site minder, the portlet applications configured in the Portal is not coming up. Getting the following error " |
91. Stripes security question java-forums.orgHi, I have setup a StripesSecurityFilter class which handles authorization and authentication for my site. It works great, but as i am now going back and cleaning up and refactoring some code, i'm realizing it would be great if i could access the ActionBeanContext class from my StripesSecurityFilter class. This is because currently the StripesSecurityFilter class uses hard coded strings such ... |
92. Enforcing security in web applications? forums.oracle.comHello, I am fairly new to Java. Just needed a advise from you. Say suppose i made roles in my web.xml as well as configured login and error page. Now when unauthenticated user comes to site login page is displayed. Then the user enters username and password. But how to determine from the password and username that the user belongs to ... |
93. Validating user security in a Java webapp... forums.oracle.com1) The "Pages (regular)" pages may not need to be secure but the forms generated and submitted to the server MUST be done using HTTPS using POST. 2) The session attribute will be identified by a session Cookie (or something similar). This needs to be impossible to intercept or forge or you are wide open. 3) You should have a 'timeout' ... |
94. Web App Security forums.oracle.comHello, I'll soon be developing a web application in which security is a major concern, and I'd like some advices about some technologies I'm evaluating to get the job done. I couldn't get comparisons on security power offered by each. - Web tier: I have some experience on JSP and JS; besides HTTPS, JSF seems to provide better, out-of-the-box, support for ... |
95. log4j problem with RMI security manager forums.oracle.comIt happens because you haven't granted yourself one or more permissions that log4j needs to initialize itself. Run your program with -Djava.security.debug=access,failure to see what permission(s) it requires and add them to your security .policy file. I find it a bit odd that you have a server log and a client log in the same class, i.e. in the same JVM. ... |
96. jini security policy setting forums.oracle.comhi, I am getting this exception in jini . Please give me solution. what steps is required to solve this problem. how to set ExecOptionPermission is existing policy. rmid: (WARNING) restart service throws: java.security.AccessControlException: access denied (com.sun.rmi.rmid.ExecOptionPermission -Djava.security.policy=c:\policy) at sun.rmi.server.Activation$DefaultExecPolicy.checkPermission(Activation.java:1857) at sun.rmi.server.Activation$DefaultExecPolicy.checkExecCommand(Activation.java:1747) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at sun.rmi.server.Activation.checkArgs(Activation.java:1369) at sun.rmi.server.Activation.access$400(Activation.java:118) at sun.rmi.server.Activation$GroupEntry.getInstantiator(Activation.java:1166) at sun.rmi.server.Activation$GroupEntry.activate(Activation.java:1090) at sun.rmi.server.Activation$GroupEntry.restartServices(Activation.java:800) ... |
97. j2ee security and page flow problem forums.oracle.comTo give more details about the problem I have, user likes to put a URL in the browser, then press enter. User likes to see the running results. However, user is not able to see the results because j2ee security requires user log in. After sucessful login, user is going to see the index page. My question is how user be ... |