HomeDigital EditionSys-Con RadioSearch Java Cd
Advanced Java AWT Book Reviews/Excerpts Client Server Corba Editorials Embedded Java Enterprise Java IDE's Industry Watch Integration Interviews Java Applet Java & Databases Java & Web Services Java Fundamentals Java Native Interface Java Servlets Java Beans J2ME Libraries .NET Object Orientation Observations/IMHO Product Reviews Scalability & Performance Security Server Side Source Code Straight Talking Swing Threads Using Java with others Wireless XML
 

"Security for J2EE Applications"
Vol. 6, Issue 12, p. 24

	


Listing 1

   <html>
   <head>
   </head>
   <body onLoad="document.myForm.submit()">
   <form action="https://loginserver.yourcorp.com/webapp/login
   servlet" name="myForm" method="POST">
   <input type="hidden" name="key" value="!@#$EncryptedString!@#$">
   </form>
   </body>
   </html>


Listing 2

<html>
<head>
<title>Hello World
<SCRIPT language="JavaScript" SRC="https://partner1/servlet/LCMMSServlet/login?data=ALKSDFJQWER...JLQKWE">
</SCRIPT>
<SCRIPT language="JavaScript"
SRC="https://partner2/servlet/LCMMSServlet/login?data=ALKSDFJQWER...JLQKWE">
</SCRIPT>
<SCRIPT language="JavaScript">
function postForm() {
   document.myForm.submit( );
}
</SCRIPT>
</head>

<body bgcolor=#FFFFFF onLoad="postForm()">
<form action="https://myserver/servlet/LCMMSServlet/authenticated" 
method="POST" name="myForm">
<input type="hidden" name="data" value="ALKSDFJQWER...JLQKWE">
<input type="hidden" name="url" value="/requested/url?param1=val1¶m2=val2">
</form>
</body>
</html>  



Listing 3

<FRAMESET ROWS="100%,0%,0%" onLoad="submitViewableFrameForm()">
    <FRAME NAME="viewable" SRC="TempFrame.jsp">
    <!--The frame below logs in the browser to partner1 -->
    <FRAME NAME="setPartner1cookie"
 
SRC="https://partner1:7002/servlet/LCMMSServlet/login?data=ALKSDFJQWER...JLQKWE"> 


    <!--The frame below logs in the browser to partner2 -->
    <FRAME NAME="setPartner2cookie"
 
SRC="https://partner2:7002/servlet/LCMMSServlet/login?data=ALKSDFJQWER...JLQKWE">
</FRAMESET>



Listing 4

<html>
<head>
</head>
<body bgcolor=#FFFFFF>
Put some text here like "Logging in...Please wait."
<form action="https://myserver/servlet/LCMMSServlet/authenticated"
                method="POST" name="myForm" target="_top">
<input type="hidden" name="data" value="ALKSDFJQWER...JLQKWE">
<input type="hidden" name="url" value="/requested/url?param1=val1¶m2=val2">
</form>
</body>
</html>



Listing 5

CryptTool ct = CryptToolFactory.getCryptTool( ... );
Properties p = new Properties ( );
... //Get user Id
String userId = ...;
p.setProperty ("uid",userId);
p.setProperty("anotherProp", someValue);


//The String returned is a hex encoded ciphertext
String encryptedInfo = ct.encrypt(p);
Cookie c = new Cookie ("SSO",encryptedInfo);
c.setMaxAge(-1);
c.setDomain(".yourDomain.com");
c.setPath("/");


//If this is a login server cookie and cookie has to be sent over SSL
c.setSecure(true);


//Send cookie to client
response.addCookie (c );



Listing 6

package jdj.sso.test;


import java.net.*;
import java.io.*;


public class HttPSocketClient {


   public static void main(String[] args) throws Exception {
        String host = null;
        int port = -1;
        String path = null;
        for (int i = 0; i < args.length; i++)
            System.out.println(args[i]);


        if (args.length < 3) {
            System.out.println(
                "USAGE: java HttPSocketClient " +
                "host port requestedfilepath");
            System.exit(-1);
        }
        try {
            host = args[0];
            port = Integer.parseInt(args[1]);
            path = args[2];
        } catch (IllegalArgumentException e) {
             System.out.println("USAGE: java HttPSocketClient " +
                 "host port requestedfilepath");
             System.exit(-1);
        }


        try {



            Socket socket = new Socket(host,port);


            PrintWriter out = new PrintWriter(
                                  new BufferedWriter(
                                  new OutputStreamWriter(
                                  socket.getOutputStream())));


            out.println("GET " + path + " HTTP/1.1");
            out.println();
            out.flush();


            BufferedReader in = new BufferedReader(
                                    new InputStreamReader(
                                    socket.getInputStream()));


            String inputLine;


            while ((inputLine = in.readLine()) != null)
                System.out.println(inputLine);


            in.close();
            out.close();
            socket.close();


        } catch (Exception e) {
            e.printStackTrace();
        }
   }
}



Listing 7

grant CodeBase "file:./Login.jar" {
         permission java.security.AllPermission;
};


grant CodeBase "file:./HttpSocketClient.jar",
        Principal javax.security.auth.kerberos.KerberosPrincipal
                "your_kerb_username@your_realm" {


        permission java.net.SocketPermission "*", "connect";


        permission javax.security.auth.kerberos.ServicePermission
                "krbtgt/your_realm@your_realm",
                "initiate";


        permission javax.security.auth.kerberos.ServicePermission


"server_service_principal@your_realm",
                "initiate";
};

  
 
 

All Rights Reserved
Copyright ©  2004 SYS-CON Media, Inc.
  E-mail: info@sys-con.com

Java and Java-based marks are trademarks or registered trademarks of Sun Microsystems, Inc. in the United States and other countries. SYS-CON Publications, Inc. is independent of Sun Microsystems, Inc.