Java Security 03- Export key from Microsoft server, and import into Java keystore

March 17, 2010 in Java | Leave a comment

This post I show you how to grab Microsoft server’s SSL certificate and import into JSE keystore. I have customer only used Microsoft IIS and bought CA certificate from Comodo. They don’t know Java Security and they don’t have CSR in hand, so they have to export it as PFX (Personal Exchange file). When I got *.PFX, then I do

STEP 1. Export your private key and SSL Certificate from Microsoft IIS

but JSE keystore can’t be imported from outside, then
STEP 2. Import private key and certificate into Java Key Store

Reference:
1. Dealing with java keystores

2. OpenSsl/Keytool Cheat Sheet

3. A Step-by-Step Guide to Advanced Certificate Management

4. How to back up a server certificate in Internet Information Services 5.0

Java Security 02 – how to set up JBoss with CAS Single Sign On

March 6, 2010 in Java | 1 comment

Part-1 setup on JBoss server with CAS war

1. Download CAS (Central Authentication Service) from here.
You may like to read their document.

2. Unzip and place CAR web application on C:\jboss-4.2.2.GA\server\default\deploy\cas.war. This is example path.

3. I assume you use JBoss login-config.xml to setup for your LoginContext, so you have the name of application-policy like I configure it as “MyLoginRealm”.

4. Now you can go to ${jboss_server}\cas.war\WEB-INF\deployerConfigContext.xml, and modify

<property name=”authenticationHandlers”>

<bean>
<property name=”realm”><value>MyLoginRealm</value></property>
</bean>

5. Create your host server’s keystore and crt.

Creating the keystore and private key:
a. keytool -genkey -alias jbosskey -keypass changeit -keyalg RSA -validity 3650 -keystore MyServer.keystore

b. keytool -list -keystore MyServer.keystore

Generating and storing the certificate:
c. keytool -export -alias jbosskey -keypass changeit -file MyServer.crt -validity 3650 -keystore MyServer.keystore

d. keytool -import -alias jbosscert -keypass changeit -file MyServer.crt -keystore MyServer.keystore

e. keytool -list -keystore MyServer.keystore

6. Copy MyServer.keystore and MyServer.crt into ${jboss_server}\conf

7. Add

SET JAVA_OPTS=%JAVA_OPTS%  -Djavax.net.ssl.trustStore=${jboss_server}\conf\MyServer.keystore into your JVM option. (usually it is at run.bat)

8. Change server.xml at ${jboss_server}\deploy\jboss-web.deployer. Uncomment the 8443 security port like this

<Connector port=”8443″ protocol=”HTTP/1.1″ SSLEnabled=”true”
maxThreads=”150″ scheme=”https” secure=”true”
clientAuth=”false” sslProtocol=”TLS”
keystoreFile=”conf/MyServer.keystore”
keystorePass=”changeit”/>

Part-2 setup on your web apllicarion with CAS client
Now go to ${your_web_app}\WEB-INF\web.xml, and we need to add this into web.xml

<!-- CAS: Java Client 3.1.3-->
<filter>
<filter-name>CAS Single Sign Out Filter</filter-name>
<filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class>
</filter>

<filter>
<filter-name>CAS Authentication Filter</filter-name>
<filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>
<init-param>
<param-name>casServerLoginUrl</param-name>
<param-value>https://hostname:8443/cas/login</param-value>
</init-param>
<init-param>
<param-name>serverName</param-name>
<param-value>https://hostname:8443</param-value>
</init-param>
<init-param>
<param-name>renew</param-name>
<param-value>false</param-value>
</init-param>
</filter>

<filter>
<filter-name>CAS Validation Filter</filter-name>
<filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class>
<init-param>
<param-name>casServerUrlPrefix</param-name>
<param-value>https://hostname:8443/cas/</param-value>
</init-param>
<init-param>
<param-name>serverName</param-name>
<param-value>https://hostname:8443</param-value>
</init-param>
<init-param>
<param-name>redirectAfterValidation</param-name>
<param-value>true</param-value>
</init-param>
</filter>

<filter>
<filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
<filter-class>org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class>
</filter>

<filter>
<filter-name>CAS Assertion Thread Local Filter</filter-name>
<filter-class>org.jasig.cas.client.util.AssertionThreadLocalFilter</filter-class>
</filter>

<filter-mapping>
<filter-name>CAS Single Sign Out Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>

<filter-mapping>
<filter-name>CAS Authentication Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>

<filter-mapping>
<filter-name>CAS Validation Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>

<filter-mapping>
<filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>

<filter-mapping>
<filter-name>CAS Assertion Thread Local Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>

<listener>
<listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class>
</listener>

Test drive
If you reques this, http://bestsite:8080, it will redirect to CAS login page. You will see like this,
https://bestsite:8443/cas/login?service=https%3A%2F%2Fbestsite%3A8080%2F. That means you are good now.

Java Security 01 – How to create security certificate on Java web server

March 5, 2010 in Java | Leave a comment

Recently I have project about Single Sign On. I want to put all of my research here because I got them from internet and love to share with you.

1. SSL Converter

2. The Most Common Java Keytool Keystore Commands

3. The Most Common OpenSSL Commands

4. Installing an SSL Certificate in Windows Server 2008 (IIS 7.0)

5. How to use SSL Certificates with Exchange 2007

6. How to Create A Self Signed Certificate

7. Portecle is a user friendly GUI application for creating, managing and examining keystores, keys, certificates, certificate requests, certificate revocation lists and more

8. OpenSSL how-to

Fast Web UI design by Google Web Toolkit

January 24, 2010 in Java | Leave a comment

I like web front-end using Java script, AJAX more than Flash/Flex. Although RIA technology is improved , I still love to direct code in HTML, CSS, and Java script. They allow me control the basic foundation stuff, so I can avoid lock-in framework.
I start to use GWT (Google Web Toolkit) from 1.5 and it helps me quick demo UI layout and idea. I like to write a road map to explain how I learn.

Book:

Manning- GWT in action

Prentice Hall- Google Web Toolkit application

Apress- Accelerated GWT, Building Enterprise Google Web Toolkit Applications

Useful link:

1. GWT website

2. Born to code

3. GWTSite

4. GWT Widget Library

RESTFul and GWT

1. Restlet ported to GWT !

2. RESTful Client-Side tools for GWT

3. Build a dynamic organization tree using GWT and RESTful Web services

Start up customer java class when Java EE server starts

January 8, 2010 in Java | Leave a comment

To start up customer java class or jar file when Java EE server starts. The solution usually is

1. Via WAR, servlet ; set the = 1 tag for servlet to provide intial invocation while the WAR is deployed.
Like this J2ee Start a class when application server starts

2. Depends on Java EE server setup.
For example, using weblogic startup and shutdown mechanism for EAR, In the weblogic-application.xml ; placed the following

//config xml

<startup>
<startup-class>MyStartup</startup-class>
<startup-uri>MyArchive.jar</startup-uri>
</startup>
<shutdown>
<shutdown-class>MyShutdown</shutdown-class>
<shutdown-uri>MyArchive.jar</shutdown-uri>
</shutdown>

I used second approach, so everytime I redeployed the EAR application the shutdown class main method was executed and then startup class invoked.

3. Using JBoss MBean service

Custom JMX MBeans in JBoss

ExampleHelloWorldService

How can an MBean depend on a SessionBean?

Writing JBoss MBean Services

Service Facades and Data Transfers Objects plus Java persistent

January 7, 2010 in Java | Leave a comment

Most of client server web applications we always have the same issue. How to easily convert client object to server side or reverse?
Here is some posts bring us something.

1. JPA implementation patterns: Service Facades and Data Transfers Objects

2. So, what’s the problem with JPA implementations?

3. Using GWT with Hibernate

Understand JPA Caching in Hibernate, TopLink, and OpenJPA

December 3, 2009 in Java | Leave a comment

1. Understanding the cache of TopLink Essentials(GlassFish JPA)

2. JPA 2.0 Caching

3. Understanding Caching in Hibernate, Part 1-3

4. OpenJPA Caching

5. Wiki: Java Persistence/Caching

6. JPA Under The Hood

7. Intro to Caching,Caching algorithms and caching frameworks, part 1-5

8. Hibernate: Truly Understanding the Second-Level and Query Caches

9. Hibernate Query Cache: A Dirty Little Secret

10. Writing Performant EJB Beans in the Java EE 5

Refactor your java code-15 (Bitwise and Bit Shift Operators)

November 25, 2009 in Java | Leave a comment

This is very basic concept and useful at network stream programming.

1. Primitive Data Types

2. Bitwise and Bit Operators Shift

3. Wiki: Bitwise operation

4. Operators and Assignments – Java Bitwise Shift Operators

5. Java Bitwise Shift Operators

Using JAXB2 commons to generate your JAXB class more convenience

November 9, 2009 in Java | Leave a comment

The JAXB XJC schema binding compiler transforms, or binds, a source XML schema to a set of JAXB content classes in the Java programming language.
But sometimes we need more specific stuff in the generated java class.
For exmaple, the JAXB2 Basics Plugins says “Schema compiler (XJC) produces schema-derived classes which can be used to turn XML into object structures and back. However, generated classes lack by default lack convenience and utility methods like equals(…), hashCode(…), toString() and so on.”

We can use Metro’s JAXB 2.0 commons project to save time.

Reference:
1. JAXB 2.0 commons project
2. Using JAX-WS With Maven
3. JAX-WS Metro and JBossWS
4. Java EE5 JAXB tutorial

Asynchronous Web Service and SOAP over Java Message Service

September 15, 2009 in Java | Leave a comment

There are two principal architectures for Web service interfaces: synchronous Web services and asynchronous Web services. These two architectures are distinguished by their request-response handling. With synchronous services, clients invoke a request on a service and then suspend their processing while they wait for a response. With asynchronous services, clients initiate a request to a service and then resume their processing without waiting for a response. The service handles the client request and returns a response at some later point, at which time the client retrieves the response and proceeds with its processing.

Let’s see some great articles about Asynchronous Web Service.
1. Web Service Interaction Architectures
2. Asynchronous operations and Web services, Part 1: A primer on asynchronous transactions
3. Asynchronous operations and Web services, Part 2
4. Can I call you back? – Asynchronous Web Services
5. Asynchronous Transactions and Web Services
6. Gerard Davison’s Asynchronous web service post

Since we talk about asynchronous web service, I will drill down the underlying basic,  SOAP over JMS. The W3C has just released W3C Candidate Recommendation. See InfoQ: SOAP Over Java Messaging Service.

1. Soap over JMS – what does it mean and why should I care?
2. Building a JMS Web service using SOAP over JMS and WebSphere Studio
3. Using Request-Response SOAP over JMS Web Services
4. SOAP over JMS with Axis2
5. SOAP Over JMS Interoperability

Update: 05-03-2010
1. Asynchronous web services with JBoss WS
2. Using Axis2 and Java for Asynchronous Web Service Invocation on the Client Side
3. Develop asynchronous Web services with Axis2
4. Really Simple Asynchronous Web Services

Follow

Get every new post delivered to your Inbox.