I have a server where I work with a database and files using a java app.
When I start my app I give a report regarding file access to the server using:
public static boolean folderExists(String folderPath) {
File folderToCheck = new File(folderPath);
return folderToCheck.exists();
}
Every time I start my app (after a fresh restart of my computer)
I get a false response, even though the server is on.
The reason is because I must give an authentication as another user.
What I do is access the server through Windows
where I am being asked for username/password,
and after that I get a true response regarding file access to the server.
Is there a way to give the authentication username/password through Java,
and not through Windows?
Thank you
On Windows 'native' Java IO (e.g. java.io.File) always inherits the security context of the user running the JVM process. For example, you could run the Java app as a Windows service with the correct credentials.
The JCIFS project implements CIFS (the Windows SMB file server protocol) and allows you to directly specify the username/password.
See the API for examples.
I am pretty sure, that there is no way to grant fileaccess by java, without a Windows-Call.
You can call cacls file.log /e /t /p Everyone:f but this will be language-dependent.
I had a similar problem: How to change the file ACL in windows, if I only know the SID?
With Java7 there may be a way to do this.
Related
I have a server where I work with a database and files using a java app.
When I start my app I give a report regarding file access to the server using:
public static boolean folderExists(String folderPath) {
File folderToCheck = new File(folderPath);
return folderToCheck.exists();
}
Every time I start my app (after a fresh restart of my computer)
I get a false response, even though the server is on.
The reason is because I must give an authentication as another user.
What I do is access the server through Windows
where I am being asked for username/password,
and after that I get a true response regarding file access to the server.
Is there a way to give the authentication username/password through Java,
and not through Windows?
Thank you
On Windows 'native' Java IO (e.g. java.io.File) always inherits the security context of the user running the JVM process. For example, you could run the Java app as a Windows service with the correct credentials.
The JCIFS project implements CIFS (the Windows SMB file server protocol) and allows you to directly specify the username/password.
See the API for examples.
I am pretty sure, that there is no way to grant fileaccess by java, without a Windows-Call.
You can call cacls file.log /e /t /p Everyone:f but this will be language-dependent.
I had a similar problem: How to change the file ACL in windows, if I only know the SID?
With Java7 there may be a way to do this.
I'm using System.getProperty("user.name") to get the name of localuser. It works fine and now my class need to work on server.
Unfortunately, System.getProperty("user.name") try to catch the user name of the server and return "root".
Is it possible using System.getProperty() I get the name of localuser running the class on the server? If not, is there any way?
System.getProperty("user.name") returns user's account name on which the java process is running. As you mentioned on your local computer you are running it on user "Filiipe" however on server you are running it as a root user. Maybe you are using tomcat/jboss started automatically as a system service, that kind of services are running under root user.
You can also easily check it with ps -ef command on linux - the first column is user that started the service.
You can also try override this parameter by adding additional option to your server starting script -Duser.name=Fellipe. I didn't try it but it may work.
I have an applet running in jnlp. My single jar file is signed. I accept the permissions prompt each time the JNLP client is launched. I can obtain the BasicService but it still throws a url permission denied exception when I try to follow a URI:
file:///D:\temp\test.txt
The file is present on all the Windows client machines I've tried and there are no security issues with opening it.
The issue happens when using a 32 or 64-bit JRE on the client. The server is 32-bit but I would think this irrelevant. The only clue (or red-herring perhaps) is that I get no security exception when the client and server are on the same host. If I use a remote client then I get the exception.
Whilst I needed to include the jnlp.jar file to compile the code, I assume it is not needed on the client if run using Java WebStart.
What else might you need to know? What else should I try?
Later that day...
Now this may or may not be a bug, it may be something wrong with the parameters in my jnlp file but I suspect that I'm using the wrong approach. Just to reitterate I'm trying to open a file:// url.
Here is what I am now doing:
I assumed that the Desktop facilities were only available in a Desktop Application - not an applet. I was wrong (and the documentation is scant - even on this hallowed site the only reference tells me to use JNLP Services for an Applet and Desktop for an Application) - Wrong (thankfully)
So you can use Desktop (having first checked that Desktop.isDesktopSupported() of course) in an applet - as long as you are running through WebStart not embedded as an applet.
I would propose the following approach to anyone.
See if Desktop is supported and use that.
Desktop.getDesktop().open(file);
If not then see if you can get the Basic JNLP Service.
BasicService bs = (BasicService)ServiceManager.lookup("javax.jnlp.BasicService");
and if that is available the use it with boolean openedOK = bs.showDocument(url);
Finally resort to the applet API.
AppletContext context = applet.getAppletContext();
context.showDocument(url, targetFrame);
I wrote a web-application which is using java library SOCIAL AUTH for oauth .
For this i need to generate a secret with oauth provider like google,twitter .
while generating the key i gave the location of site eg: www.xyz.com .
Now these oauth provider are retuning their response at the location www.xyz.com
But i want to test my application on localhost wheather is going fine or not.So while runnning on localhost oauth provider is coming as null .
IS there any way by which i can use do by which i can say my tomcat to take the properties or response from www.xyz.com .So that it ll be able to read the response coming from oauth provider
One trick for these types of situations is to temporarily change your /etc/hosts file (if you're on Linux or Mac) so that www.xyz.com points to your localhost. That is, put the following line in the file:
127.0.0.1 www.xyz.com
Then, when the remote site redirects you back to www.xyz.com, that will resolve to localhost. You just have to remember to comment out this line in /etc/hosts whenever you want to access the real production system.
(You can do the same thing on Windows, but I can't remember where the equivalent of /etc/hosts is on Windows, and I don't have access to a Windows box right now.)
I have a client-side security policy, with a statement that grants permissions. I want to be able to specify it to grant the set of permissions for an RMI server only. For example this works:
grant{
//my permissions
};
But I cant figure out how to link the set of permissions so that they apply to my codebase on the server. Actually anything, as long as its tied to the server would be fine. I have tried:
grant codeBase "file://hostname/-"{
//my permissions
};
With the hostname being the name or IP of the machine, both with and w/o the port number. But this does not work, neither does using http instead of file. If I understand what I read so far correctly the hyphen at the end should apply the permissions to anything located on the server. Anyone know what I need to do to get this to work?
Thanks.
Heres the codebase specified when running the server:
-Djava.rmi.server.codebase=file://home/me/PageServer/build/classes/ pageserver.LoginService pageserver.PlannerService
Where is the local JVM getting the code that should be granted permissions?
If it's downloading the code from an HTTP codebase on the server, you can use a URL starting with "http:".
If it's local code, you can use a URL starting with "file:" and ending with a local path.
Disclaimer: I've written security files for Jini, which is built atop RMI, and it's been a few years. Apologies for anything I've missed.
Use a JAR for the codebase, and specify exactly the HTTP URL in the .policy file that you specified in -Djava.rmi.server.codebase.