In my system, I want to have only the administrator account to access the specific folder.
So when client login as himself, click the open file link, I want it switch to the admin account temporary to open the files. After closing the openning file, the account goes back to the original account of the client.
I find it can be done in C# in ASP.NET by this link:
How do I change the logged in user to another?
Wondering if we can do that in Java?
You can perform a task as a different user by calling RUNAS via Runetim.exec()
RUNAS USAGE:
RUNAS [ [/noprofile | /profile] [/env] [/savecred | /netonly] ]
/user:<UserName> program
RUNAS [ [/noprofile | /profile] [/env] [/savecred] ]
/smartcard [/user:<UserName>] program
RUNAS /trustlevel:<TrustLevel> program
/noprofile specifies that the user's profile should not be loaded.
This causes the application to load more quickly, but
can cause some applications to malfunction.
/profile specifies that the user's profile should be loaded.
This is the default.
/env to use current environment instead of user's.
/netonly use if the credentials specified are for remote
access only.
/savecred to use credentials previously saved by the user.
This option is not available on Windows 7 Home or Windows 7 Starter Editions
and will be ignored.
/smartcard use if the credentials are to be supplied from a
smartcard.
/user <UserName> should be in form USER#DOMAIN or DOMAIN\USER
/showtrustlevels displays the trust levels that can be used as arguments
to /trustlevel.
/trustlevel <Level> should be one of levels enumerated
in /showtrustlevels.
program command line for EXE. See below for examples
Examples:
> runas /noprofile /user:mymachine\administrator cmd
> runas /profile /env /user:mydomain\admin "mmc %windir%\system32\dsa.msc"
> runas /env /user:user#domain.microsoft.com "notepad \"my file.txt\""
http://ss64.com/nt/runas.html
If you're using Java EE I think you could use the #RunAs annotation (but I haven't tried):
http://docs.oracle.com/javaee/6/api/javax/annotation/security/RunAs.html
Edit:
And here is a link to more about JAAS "doAs", but I haven't studied it yet:
http://docs.oracle.com/javase/7/docs/technotes/guides/security/jaas/JAASRefGuide.html
Related
I'm logged in to windows 10 with a regular user (no admin privileges). I run my java application with admin privileges, but I need to get the normal logged-in user path (that's unprivileged) at runtime. System.getProperty ("user.home") only returns me the admin user path. Can anyone help me solve this problem?
Thanks a lot
Change "user.home" to "user.name". However, if you run the program as Administrator that is what it will return.
I have a Java application which I want to run it using the JavaService wrapper.
The service works well when the -user parameter is not used (using the defaul user as local system).
For permissions reasons, I need use the administrator user as a owner of service, but the following message apears when I start it.
Translate: It can not start the service due to error in the login.
The service.exe install command is the following:
JavaService.exe -install "ServiceName" "%JAVA_HOME%\bin\client\jvm.dll" -start "ServiceClass" -user ".\Administrador" -password "1234"
UPDATE:
If I change the user of the service using the services.msc console, the result is the same.
My problem is solved.
The Error message 1069 was caused then this user doesn't have permisions to logon as a service.
To add this permision follow the steps:
Open the ocal security settings (start -> run -> secpol.msc) if is not domain or setting the Default Domain Controller GPO is a Domain server.
Expand Local Policies, and then click User Rights Assignment
In the right pane, right-click Log on as a service, and then click Add User or Group
I've installed the latest RabbitMQ server (rabbitmq-server-3.3.0-1.noarch.rpm) on a fresh Centos 5.10 VM according to the instructions on the official site.
I've done this many times before during development and never had any issues. However, this time I cannot log into the management web interface using the default guest/guest user.
In the logs, I see the following:
=ERROR REPORT==== 4-Apr-2014::00:55:15 ===
webmachine error: path="api/whoami"
"Unauthorized"
What could be causing this?
It's new features since the version 3.3.0
http://www.rabbitmq.com/release-notes/README-3.3.0.txt
server
------
...
25603 prevent access using the default guest/guest credentials except via
localhost.
If you want enable the guest user read this or this RabbitMQ 3.3.1 can not login with guest/guest
# remove guest from loopback_users in rabbitmq.config like this
[{rabbit, [{loopback_users, []}]}].
# It is danger for default user and default password for remote access
# better to change password
rabbitmqctl change_password guest NEWPASSWORD
If you want create a new user with admin grants:
rabbitmqctl add_user test test
rabbitmqctl set_user_tags test administrator
rabbitmqctl set_permissions -p / test ".*" ".*" ".*"
Now you can access using test test.
If you still can't access the management console after a fresh install, check if the management console was enabled. To enable it:
Go to the RabbitMQ command prompt.
Type:
rabbitmq-plugins enable rabbitmq_management
Something that just happened to me and caused me some headaches:
I have set up a new Linux RabbitMQ server and used a shell script to set up my own custom users (not guest!).
The script had several of those "code" blocks:
rabbitmqctl add_user test test
rabbitmqctl set_user_tags test administrator
rabbitmqctl set_permissions -p / test ".*" ".*" ".*"
Very similar to the one in Gabriele's answer, so I take his code and don't need to redact passwords.
Still I was not able to log in in the management console. Then I noticed that I had created the setup script in Windows (CR+LF line ending) and converted the file to Linux (LF only), then reran the setup script on my Linux server.
... and was still not able to log in, because it took another 15 minutes until I realized that calling add_user over and over again would not fix the broken passwords (which probably ended with a CR character). I had to call change_password for every user to fix my earlier mistake:
rabbitmqctl change_password test test
(Another solution would have been to delete all users and then call the script again)
If on Windows and installed using chocolatey make sure firewall is allowing the default ports for it:
netsh advfirewall firewall add rule name="RabbitMQ Management" dir=in action=allow protocol=TCP localport=15672
netsh advfirewall firewall add rule name="RabbitMQ" dir=in action=allow protocol=TCP localport=5672
for the remote access.
I also couldn't log in to Rabbit's web interface. in my case, cookies were disabled in the browser for this web interface. I allowed cookies to be saved and rebooted chrome. and I was able to log in again.
If you are in Mac OS, you need to open the /usr/local/etc/rabbitmq/rabbitmq-env.conf and
set NODE_IP_ADDRESS=, it used to be 127.0.0.1. Then add another user as the accepted answer suggested.
After that, restart rabbitMQ, brew services restart rabbitmq
If I open jvisualvm and go to File >> Add Remote Host I am prompted to create a new remote server entry. I enter a host name of myapp01.example.org, and then I see that server show up under the Remote section of the Applications tree on the left-hand side. When I right-click that server, and click Add JMX Connection, I see the following dialog:
Let's say I have a Java app (WAR deployed to Tomcat) running on myapp01.example.org:8443. To SSH into the server, I use username skroob and a password of 12345 (hey, that's the combination on my luggage!):
ssh skroob#myapp01.example.org
skroob#myapp01.example.org's password: 12345
When I fill out the dialog as follows:
Connection: myapp01.example.org:8443
Username: skroob
Password: 12345
I get the following error:
Cannot connect to skroob#myapp01.example.org:8443 using service:jmxLrmi:///jndi/rmi://myapp01.example.org:8443/jmxrmi
I believe this may be because I'm not configuring JMX to be exposed on Tomcat itself. Or maybe I'm just entering the wrong info. Maybe both. Either way:
What do I need to do to configure this with proper JMX info?
What do I need to do to configure this properly for jstatd?
That's not how JMX connection is specified. For tomcat the best way is to create a bin/setenv.sh file This is best because the Apache scripts are already set up to look for it and call it if present.
This is the place where you are intended to set any installation specific parameters.
You will go far with something like this:
#
# PORT for debug
export JPDA_ADDRESS='8000'
echo start with 'jpda start' parameters to enable debugging. Tomcat will listen on $JPDA_ADDRESS
CATALINA_OPTS="\
-Dcom.sun.management.jmxremote \
-Dcom.sun.management.jmxremote.port=1299 \
-Dcom.sun.management.jmxremote.authenticate=true \
-Dcom.sun.management.jmxremote.password.file=../conf/jmxremote.password \
-Dcom.sun.management.jmxremote.access.file=../conf/jmxremote.access \
-Dcom.sun.management.jmxremote.ssl=false
jmxremote.access:
monitorRole readonly
controlRole readwrite
jmxremote.password: This file MUST be READONLY by the ID that starts Tomcat or JMX WILL NOT WORK! i.e. chmod 400 jmxremote.password
monitorRole readpass
controlRole changepass
Basically you are setting up 2 JMX user IDs. One that can access exposed getters. The other that can also access setters and arbitary mbean methods. In practice you'll usually want to supply the latter so you can do more than just look.
SO....
In your dialog above it becomes
Connection: myapp01.example.org:1299
Username: controlRole
Password: changepass
I have a server where I work with a database and files using a java app.
When I start my app I give a report regarding file access to the server using:
public static boolean folderExists(String folderPath) {
File folderToCheck = new File(folderPath);
return folderToCheck.exists();
}
Every time I start my app (after a fresh restart of my computer)
I get a false response, even though the server is on.
The reason is because I must give an authentication as another user.
What I do is access the server through Windows
where I am being asked for username/password,
and after that I get a true response regarding file access to the server.
Is there a way to give the authentication username/password through Java,
and not through Windows?
Thank you
On Windows 'native' Java IO (e.g. java.io.File) always inherits the security context of the user running the JVM process. For example, you could run the Java app as a Windows service with the correct credentials.
The JCIFS project implements CIFS (the Windows SMB file server protocol) and allows you to directly specify the username/password.
See the API for examples.
I am pretty sure, that there is no way to grant fileaccess by java, without a Windows-Call.
You can call cacls file.log /e /t /p Everyone:f but this will be language-dependent.
I had a similar problem: How to change the file ACL in windows, if I only know the SID?
With Java7 there may be a way to do this.