I'm trying to learn how to send an email using a Netbeans application. Whenever I run the application, I keep getting the following error:
javax.mail.AuthenticationFailedException: 535-5.7.8 Username and Password not accepted.
I got code from two different sources (specified below) and both give the exact same error. I used the correct .jar files, and the code was copied exactly as shown in the tutorials, but neither works. I also tried using my proper Gmail credentials (made sure they were 100% correct) and I still get the error.
What I want to know is:
What do I use as username and password? (are there predefined ones I need to obtain or do I need to create them, and if so how?)
Sources:
This one does not specify a password anywhere at all: Email: How to send email using java Netbeans [Tutorial] - YouTube
This one specifies a password as String pass = "****"; which I changed to String pass = "pass123";: Send email using Java (in NetBeans)
Okay I found out the answer. The thing that was causing the error was:
Gmail actually prevented the application from sending the email from the Java application because it read it as a "Less secure app" trying to sign in to my account.
A few relevant changes and the application works now
I hope you have downloaded the required jars to fulfill Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files.
Now when you want to connect with Gmail account programmatically then you have to enable the allow less secure apps. You can do that by using the following link.
If you access more times repeatedly then the access can be blocked by Google and even Google will intimate with Critical Security Alerts
Allow Less secured Apps
Related
Currently i am dealing with a conceptional issue in my Java - SFTP Client/Server - Setup.
Basically i got a client who sends files to a remote server and stores them there. BUT: You trigger the upload via a jar file on your computer, so anyone could decrypt the jar file and read the clear java file and obtain the credentials for my sftp.
Is there any technology to solve this issue or some workaround you can advise?
Greetings and Thanks!
It is inadvisable to put credentials into a common / shared JAR file. It can't be done securely, and if you need to get the user to replace them they need to download and install a new JAR.
There is no way that you can keep the credentials private from the user. If your credentials need to be used on the user's machine, then it will be possible for the user to extract them, somehow. No matter what you try. (Assuming that they control their machine ....)
Saving credentials encrypted does not protect them from the user. The application needs the decryption key. The user can find / extract that and then recover the credentials.
It is better to issue distinct upload credentials for each user. That way, if one user loses or abuses his credentials you can invalidate them without affecting other users.
If I'm understanding your issue correctly, it is rooted at the fact that your java sources contain your credentials.
First, I highly recommend using jSch library for a great implementation of SSH2.
Regarding your credentials, you can find your answer here.
In short - save your credentials encrypted.
I'm trying to set up Google Identity Toolkit (GIT) on a test webpage on localhost. I completed all the necessary steps on Google Console and downloaded the Java sample from the tutorial, and it's working.
Now what I want to do is disable self-registration (which I couln't disable), create users on GIT, send them an email link activation and set password for first time. I took a look at the API provided, but there's no way I can figure out how to use it.
I managed to create users and delete them with com.google.identitytoolkit classes like GitkitClient and GitkitUser, as seen in the example, but I cannot get the email activation and password reset working.
If anybody can point me to some good examples on how to do that, I'll really appreciate it.
How do I query the active directory in Java using the current logged on user in windows?
This is possible using C++ with ldap_bind_s and passing null in the credential.
It lets you bind to the AD with the current logged on user and query AD but I could not find its equivalent in Java.
I saw at other places that I can use kerberos but kerberos forces me to generate a keytab file for the user and uses it to communicate with AD using GSSAPI. I want to avoid asking users to generate keytab file.
I see that NTLMLoginModule lets you login without asking for any kind of keytab file or credential but then again there is no java library for binding to AD using the NTLMLoginModule.
Again, I am looking for a solution only for AD and not a generic LDAP solution. I know that a generic LDAP solution will not work this way.
I'm going off of this guy's post. You can go with the commercial Jespa library, which uses NTLMv2. Or you can go with the open source com4j project that uses ADSI, created by Kohsuke Kawaguchi.
I've recently gone into a serious security problem in my Java app. The client application simply works on a FTP and MySQL server, and access information to both of them are stored directly in code. I'm aware that it's an awfull idea and I'm planning to move that informations to a preferences file. But how can it help to raise a security level on my app? Is there any way to properly secure such file? Or should I look for a different solution?
Keep passwords in a keystore (example: http://kingsfleet.blogspot.com/2008/12/storing-password-somewhere-safe.html). Keystore has to be protected with a password, so in order to use client application user needs to give keystore password - I am not sure if this is acceptable in your case.
I need to know if a user entered correct login information to Microsoft Active directory
I want the user to enter username and password on an xpage and it should only return if these values was entered correctly or not.
I know I can use ldap requests and send in credentials but have not seen any working solutions for this.
I need to use java as the code should be able to run on non windows servers
There are a number of approaches you can take:
The easiest would be to link the AD to Domino using DirectoryAssistance and let users login using their AD credentials in the first place.
If IIS is running on the AD server you could send an HTTP request using the Apache HTTPClient (and basic authentication) and see what's coming back
The best working Java libraries are listed in the Apache Directory project. There you would do an LDAP query (e.g. the user herself)
Let us know which one works for you
You can use JNDI to access the Active Directory. There are a lot of ressources on the web on how to do this, for example have a look at http://mhimu.wordpress.com/2009/03/18/active-directory-authentication-using-javajndi/
You have tagged the question as XPage, do you want to do the authentication from inside domino? In that case the domino server could do the authentication.