Remembering returning vistors logon is nice functionality for your website. Ageci security is nice tool what offers this functionality with just what configuration. This topic will help you configuring the remember me authentification based on a form login with Java Authentication and Authorization Service (JAAS).
Remember me functionality is one of the more insucure features of a website. Remember me functionality works on a client side cookie. A cookie can be tampered with or stolen by an hacker, that is why you should be carefull implementing a remember me service.
Monday, August 13, 2007
Remember me with ageci security
Geplaatst door Mark Baker 0 reacties
Labels: Ageci security, Security, Spring
Friday, August 10, 2007
Tomcat with HTTPS SSL
Tomcat and HTTPS is for me one of the less easy things to do. Several times I set up Tomcat with SSL and HTTPS and never documented it untill now....
In my setup for Tomcat and SSL HTTPS I used tomcat version 5.5.23. Tomcat needs a signed JDK to accept HTTPS request correctly. Your JDK will get signed by generating a certificate and add this to the jks keychain. WARNING generating the certificate use ‘localhost ’ as your name or common name, otherwise tomcat will not except this certificate. This is very importend otherwise Tomcat will not accept your certificate!
$JAVA_HOME\bin\keytool -delete -alias tomcat -keypass changeit
$JAVA_HOME\bin\keytool -genkey -alias tomcat -keypass changeit -keyalg RSA
$JAVA_HOME\bin\keytool -export -alias tomcat -keypass changeit -file server.crt
$JAVA_HOME\bin\keytool -import -file server.crt -keypass changeit -keystore %JAVA_HOME\jre\lib\security\cacerts
$JAVA_HOME\bin\keytool -import -file server.crt -keypass changeit
For tomcat to accept HTTPS request the next few lines should be added to the server.xml. The .keystore file can be found in your home folder.
<Connector port="8443" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" keystoreFile="/path/to/.keystore"
keystorePass="changeit"/>
This should be all to get things running. To test your HTTPS SSL connection just start Tomcat, and point to https://localhost:8443. If everything is okee you should see the standard tomcat startup page, otherwise check the tomcat logs. Common mistakes are JAVA_HOME is not set to the correct JDK, and the certificate is not accepted by tomcat the cause can be a incorrect password. I hope this helps to get Tomcat setup to accept HTTPS SSL
Geplaatst door Mark Baker 0 reacties
Wednesday, August 1, 2007
Multi threaded JMS with Lingo and Jencks
In the previous article about Lingo JMS with Lingo we took care of a simple Lingo implementation. In that article we discussed that Lingo does not support out of the box a multi threaded server side. This article will discuss the steps to take to get your Lingo implementation to the next level.
To get the server side to process server calls on multiple threads we going to use Jencks. Jencks is a implementation of the J2EE Connector Architecture (JCA). For now we are just going to implement a simple multi threaded solution without transactions.
The client side is exactly the same as discused in JMS with Lingo, for more info about how to setup the Lingo client site I refer to this article.
The server side is also the same as discused in JMS with Lingo, but additinal to this configuration for Jecks needs some configuration to take care of multi threading part.
<!-- JCA container -->
<bean id="jencks" class="org.jencks.JCAContainer">
<!-- lets use the default configuration of work manager and transaction manager-->
<property name="bootstrapContext">
<bean class="org.jencks.factory.BootstrapContextFactoryBean">
<property name="threadPoolSize" value="25" />
</bean>
</property>
<!-- the JCA Resource Adapter -->
<property name="resourceAdapter">
<bean id="activeMQResourceAdapter"
class="org.apache.activemq.ra.ActiveMQResourceAdapter">
<property name="serverUrl" value="tcp://localhost:61626" />
</bean>
</property>
</bean>
<!-- an inbound message connector using a stateless, thread safe MessageListener -->
<bean id="inboundMessageA" class="org.jencks.JCAConnector">
<property name="jcaContainer" ref="jencks" />
<!-- subscription details -->
<property name="activationSpec">
<bean class="org.apache.activemq.ra.ActiveMQActivationSpec">
<property name="destination"
value="org.isthisjava.service.jca.ExampleService" />
<property name="destinationType" value="javax.jms.Queue" />
</bean>
</property>
<property name="ref" value="exampleService" />
</bean>
When you want more details for the multi threaded client and server, the complete source code is added at the end of this page. If you want to see it in action just drop the server end client binaries into tomcat. and point your browser to http://locahost:8080/somepathtothemultithreadedclient
TODO add source and binaries
Geplaatst door Mark Baker 0 reacties