I wrote a web-application which is using java library SOCIAL AUTH for oauth .
For this i need to generate a secret with oauth provider like google,twitter .
while generating the key i gave the location of site eg: www.xyz.com .
Now these oauth provider are retuning their response at the location www.xyz.com
But i want to test my application on localhost wheather is going fine or not.So while runnning on localhost oauth provider is coming as null .
IS there any way by which i can use do by which i can say my tomcat to take the properties or response from www.xyz.com .So that it ll be able to read the response coming from oauth provider
One trick for these types of situations is to temporarily change your /etc/hosts file (if you're on Linux or Mac) so that www.xyz.com points to your localhost. That is, put the following line in the file:
127.0.0.1 www.xyz.com
Then, when the remote site redirects you back to www.xyz.com, that will resolve to localhost. You just have to remember to comment out this line in /etc/hosts whenever you want to access the real production system.
(You can do the same thing on Windows, but I can't remember where the equivalent of /etc/hosts is on Windows, and I don't have access to a Windows box right now.)
Related
I have an angularJS application with springboot and it runs on 8090 port number with "index.htm" file. Like below ;
192.168.1.25:8090/index.htm
I just googled about the changing port and I did the change with 80 port number so I can open the web page with
192.168.1.25/index.htm
But, in google there are plenty of angular result and they tell me to change those settings with in angular.json file. I created a temporary angular project and did those with successfully. But, I could not figure out about the angularjs part. I checked the project and I could not find any file like angular.json. After that checking the springboot, I found this part of where I can open the web page with the above second URL address ;
192.168.1.25/index.htm
The code of Spring Boot part is below (There is where I can change the port number) :
Those ones did the trick by the way.
config.getMemberAttributeConfig().setStringAttribute(ServerService.MANAGEMENT_URL_PREFIX, ":80/index.htm");
config.getMemberAttributeConfig().setStringAttribute(ServerService.MANAGEMENT_URL_PREFIX, ":80");
After those steps, I can easily serve my angularjs app on 80 port and start to thinking about editing the /etc/hosts file on the server machine as :
192.168.1.25/index.htm xyz.com
I did reboot when I finished the editing part and I tried again to write xyz.com on firefox browser it does not go to my application.
I am still looking on the google and still could not find any solutions about this problem.
Any help will be really appreciated.
Format for hosts file is
#<ip> <hostname that resolve to the ip>
192.168.1.25 xyz.com
# or a list of names
192.168.1.25 xyz.com myapp.xyz.com
You do not put any port numbers or path parts in it. This will obviously only work if you edit the hosts file on all the computers
you are indending to access the site from and not necessarily on the host running the application itself.
That being said, you should probably read on supported Spring Boot properties because starting an application server on a specific port should be as easy as adding application.properties file in java resources with the following line:
server.port=80
I have a server where I work with a database and files using a java app.
When I start my app I give a report regarding file access to the server using:
public static boolean folderExists(String folderPath) {
File folderToCheck = new File(folderPath);
return folderToCheck.exists();
}
Every time I start my app (after a fresh restart of my computer)
I get a false response, even though the server is on.
The reason is because I must give an authentication as another user.
What I do is access the server through Windows
where I am being asked for username/password,
and after that I get a true response regarding file access to the server.
Is there a way to give the authentication username/password through Java,
and not through Windows?
Thank you
On Windows 'native' Java IO (e.g. java.io.File) always inherits the security context of the user running the JVM process. For example, you could run the Java app as a Windows service with the correct credentials.
The JCIFS project implements CIFS (the Windows SMB file server protocol) and allows you to directly specify the username/password.
See the API for examples.
I am pretty sure, that there is no way to grant fileaccess by java, without a Windows-Call.
You can call cacls file.log /e /t /p Everyone:f but this will be language-dependent.
I had a similar problem: How to change the file ACL in windows, if I only know the SID?
With Java7 there may be a way to do this.
I'm new with this authentication through kerberos protocol so I tried to read a lot of howto on it but seems like I can't find any specifics with my constraints. Here is what I have :
An Active Directory Server on which users authenticate to log into their workstations
Each end user uses IE 7 to connect to my intranet application
An Apache server with load balancing
Some Tomcats servers acting as workers for the Apache server.
on each tomcat, I have 2 jakarta servlet running, users connect only on one servlet (further i will call it the servlet as if there is only one)
my tomcats need to run under jdk5. not jdk6 or jdk4. it's jdk5 period.
Now I want one to automatically get logged on my servlet. Basically I just need my servlet to retrieve the client's principal then I can manage the rest.
Based on what I understood, my client has a ticket, he ask the KDC for a special ticket for accessing the apache server, then he tries to connect to the Apache server. Based on his keytab, the apache server then decode the auth data and grant/refuse the access to specified resource.
Am I right? please guide me through this, I've been reading pages for 4 days and still no clue on which solution is the more appropriate. I tried mod_auth_kerberos for Apache but instead of grabbing the user's ticket he ask it like a basic auth. Apparently spgneo
Thanks
Ok I got this working :
Install Kerberos 5 + apache 2 + mod_auth_kerb.
On your AD, generate a keytab with only the principal you will use for Apache, I use HTTP/apache.mydom.com#MYDOM.COM
Put this keytab file on your apache server and make it readable only
by your Apache user.
Then edit your apache conf with these directive for your secure
location
apache.conf:
[…]
ServerName apache.mydom.com:80
[…]
LoadModule auth_kerb_module modules/mod_auth_kerb.so
[…]
<LocationMatch /secure)>
[… some other stuff …]
Order allow,deny
Allow from all
AuthType Kerberos
AuthName "Authentification requise"
KrbAuthRealms MYDOM.COM
#this allows user to be saved in the request
KrbSaveCredentials on
#this one force Negotiate AuthType instead of basic fallback
KrbMethodNegotiate on
#this trim the realm from username saved in the request (request.getRemoteUser() will give you "user" instead of "user#MYDOM.COM"
KrbLocalUserMapping on
KrbAuthoritative on
KrbVerifyKDC on
Krb5Keytab /install/binaries/httpd/apache.keytab
KrbServiceName HTTP
require valid-user
</LocationMatch>
And the one thing I almost failed to find on the web, you have to modify your tomcat server config (tomcat/conf/server.xml) :
<Connector [... AJP connector configuration ...] request.tomcatAuthentication="false"/>
This is really important because without it you tomcat won't retrieve any info from tomcat auth.
Don't forget too, DNS is really really really really important for a Kerberos install. If you have any issue try checking your DNS for all of your servers.
We are facing a problem with lastest JRE 6 update 22 and 23. The problem is we are running a site which uses Java Applet to stores/retrieve datas by calling a PHP file. For last 7 years we never had a single issue but now with latest JRE are we having a problem. The Java applet is loaded fine but failed to connect our sever (unix server) which suppose to call the PHP file.
Note: We use Javascript to call a Java function to connect our server, to retrieve data from the PHP file.
Here is the error message found in Java console:
basic: Applet started
basic: Told clients applet is started
Retreiving cmi for sco=778 from ATutor server
network: Connecting http://www.example.com/training/scorm/read.php with proxy=DIRECT
network: Cache entry not found [url: http://xxx.xxx.xxx.xxx/crossdomain.xml, version: null]
network: Connecting http://xxx.xxx.xxx.xxx/crossdomain.xml with proxy=DIRECT
network: Connecting http://xxx.xxx.xxx.xxx:80/ with proxy=DIRECT
network: Server http://xxx.xxx.xxx.xxx/crossdomain.xml requesting to set-cookie with "SESSdba781ab68368f3b7b29ce28e33a2679=983ded5e21e40047871b1f3ce5c259d7; expires=Monday, 07-Mar-11 20:45:53 GMT; path=/"
ATutor cmi retrieval failed.
java.security.AccessControlException: access denied (java.net.SocketPermission xxx.xxx.xxx.xxx:80 connect,resolve)
Oracle has released a note and addressing this issue with a solution,
Website: http://www.oracle.com/technetwork/java/javase/6u22releasenotes-176121.html
The fix for CVE-2010-3560 could cause
certain Java applets running in the
new Java Plug-in to stop working if
they are embedded in web pages which
contain JavaScript that calls into
Java in order to perform actions which
require network security permissions.
These applets may fail with a network
security exception under some
circumstances if the name service
which resolved the original web page
URL host name does not return a
matching name as the result of a
reverse address lookup. This is most
likely to occur for the new Java
Plug-in running on Solaris and Linux
when configured to use NIS for host to
network address resolution with maps
containing host names which are in
short form (rather than as a fully
qualified domain name).
If an applet is suspected of failing
due to this change you can verify that
by setting the logging level of the
Java Console to 5 and looking for
logging strings beginning with "socket
access restriction" which will
describe the specific cause of the
mismatch and will help in identifying
the correct workaround to use as
described below:
Add a new host name forward map entry
(in /etc/hosts, NIS, or DNS) in a
special form which is recognized by
Java for the purpose of validating
IPv4 and IPv6 name service mappings.
The IPv4 general name form followed by
an /etc/hosts file fragment example
for IP address 10.11.12.13 is:
host.auth.ddd.ccc.bbb.aaa.in-addr.arpa
# /etc/hosts example
10.11.12.13 foo.bar.com.auth.13.12.11.10.in-addr.arpa
There is an equivalent form for IPv6
addresses which uses the IP6.ARPA
domain root format defined in RFC
3596.
For DNS, these would be A (IPv4) or
AAAA (IPv6) entries.
Pre-pend a fully qualified host name
before other mappings to the same
address. For example, in /etc/hosts
format:
#10.11.12.13 foo loghost
10.11.12.13 foo.bar.com foo loghost
As an alternative to updating name
service records, it may be possible to
safely modify the applet to perform
the network action using only it's own
permissions independent of the web
page which contains it by using the
doPrivileged() method of the
java.security.AccessController class.
I am PHP developer and I have very little knowledge on Java. I couldn't understand the solution provided by the Oracle. They want to add new host name in /etc/hosts file, can anyone please explain with more clear example what to add in /etc/hosts.
Also I don't know where to add doPrivileged() method, please help.
Thanks
Paŭlo,
Server admin uploaded a crossdomain.xml file to the root web directory of the site that resolve the public ip. This is the only information I received.
Here is the crossdomain.xml file,
<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>
This fixed the problem and no errors appears in Java console logs.
These errors are fixed,
network: Cache entry not found [url: http://xxx.xxx.xxx.xxx/crossdomain.xml, version: null]
java.security.AccessControlException: access denied (java.net.SocketPermission xxx.xxx.xxx.xxx:80 connect,resolve)
Java applets are only allowed to call their own origin host, and it seems that from the change mentioned by your citation above that Javascript code calling into the applet has no networking rights at all, to avoid that hostile scripts use your applet to connect to your server with the privileges of the applet instead of its own.
If you are sure that no malicious things could happen if your applet method is called (even if called by a malicious script), you can use in this method this call to AccessController.doPrivileged(...), like this:
public String retrieveData(final String params) {
return AccessController.doPrivileged(new PrivilegedAction<String>() {
public String run() {
// here the rest of your networking code
}
};
}
Instead of wrapping the whole method in doPrivileged, maybe only wrap the networking parts (like openConnection() or such).
I have a server where I work with a database and files using a java app.
When I start my app I give a report regarding file access to the server using:
public static boolean folderExists(String folderPath) {
File folderToCheck = new File(folderPath);
return folderToCheck.exists();
}
Every time I start my app (after a fresh restart of my computer)
I get a false response, even though the server is on.
The reason is because I must give an authentication as another user.
What I do is access the server through Windows
where I am being asked for username/password,
and after that I get a true response regarding file access to the server.
Is there a way to give the authentication username/password through Java,
and not through Windows?
Thank you
On Windows 'native' Java IO (e.g. java.io.File) always inherits the security context of the user running the JVM process. For example, you could run the Java app as a Windows service with the correct credentials.
The JCIFS project implements CIFS (the Windows SMB file server protocol) and allows you to directly specify the username/password.
See the API for examples.
I am pretty sure, that there is no way to grant fileaccess by java, without a Windows-Call.
You can call cacls file.log /e /t /p Everyone:f but this will be language-dependent.
I had a similar problem: How to change the file ACL in windows, if I only know the SID?
With Java7 there may be a way to do this.