I have login and password for RDP. I can connect to remote desktop using standard program in Windows. However, what I need is not to connect and see desktop but check whether the login and password pair is valid or not. And I need to realize it using Java. I have idea to use socket and RDP protocol but it is very low level for me. I need some ready realization over these (library). I hope I explicitly explain my problem.
Related
This is a follow up to:
Using JSch to SFTP when one must also switch user
This issue has been on the back burner since I asked the original question while our server management team reviews their policies, but I am now picking it up again!
What I want to do is to use JSch to connect to a remote server and then use sftp or scp to access some files - as per the code example in the original question. The issue is that these files are owned by another user and so I need to su to that user and then provide a password before issuing the sftp or scp command.
This cannot be done in JSch and this is right because it is a security risk to be able to send the password through the exec channel. So these are options I have going forward as I see them.
Override JSch functionality. Martin has very helpfully provided some guidance in an answer to the original question as to how this could be done by and how the password may be passed in "through the back door". But I am not confident in my own ability to override the JSch code and once again, even if successful, I would be circumventing a security feature that is there for legitimate reasons, so I am reluctant to attempt this.
On the server, grant my user password-less access to the other user. This is a no as my server management team will not agree to this.
Have a server-side .sh script that can be run by my user to gain access to the files. Again, this is a no as my server management team will not agree to it!
Automate a putty session i.e. phsically open putty and pass commands to the putty session line by line from the Java client.
Give up! Should I accept that I am trying to do something here that should not be automated and simply have a manual test instead?
I would be extremely grateful for any thoughts/guidance.
I am trying to do something here that should not be automated.
That's correct in principle.
The only correct automatic solution is to directly login with the user that has access to the files. Everything else is just a hack or working around your security policy. Ideally you should authenticate with a dedicated private key to allow monitoring the access from your application and to be able to control the access (e.g. temporary turning it off, without affecting other uses of the same account).
Though I can imagine that your system administrators won't allow you the direct login, because they cannot foresee what (if any) security issues it brings.
I just wanted to share that I have got a solution working for this question by adapting the sample JSch example, JumpHosts.
http://www.jcraft.com/jsch/examples/JumpHosts.java
Overriding the inherited methods in the static class MyUserInfo allowed me to automatically accept prompt boxes, input boxes, etc without physically having to use the keyboard, so I have a fully automated test as desired.
It's great that the jcraft team provide such useful worked examples. Thanks for everyone who took the time to read and consider my question.
Edit: As per Martin's comment, I should point out that this only works if you have a special rule in SSH configuration that allows direct user2 login from localhost (while not allowing direct remote login). That's not sudo. So this cannot work in general.
I write a web application I have to do signin in that using the windows username..
I tried to get username using system.get property() but its giving the username of server windows name only.but I want to the username of client system..can any one help me?
If I understood you correctly you want to sign in to the web application using the Windows credentials. If so - the problem is that the server machine knows nothing about the client. It can provide you the user info only after successful login (see Get windows username using JAVA or JSP).
You could point your system to some user store (e.g. LDAP) that will be used by both Windows system and your app. In this situation you will be able to sign in to the app using Windows credentials.
The Browser is an application to generate the view based on an HTML code. It wont give access to the client machine.
You can use request.getRemoteUser() to get the user name, that too is possible only if its allowed in the client machine.
If your client is running on a windows machine you can get the user name using this
var wshshell=new ActiveXObject("wscript.shell");
var username=wshshell.ExpandEnvironmentStrings("%username%");
This is a solution for getting the user name, but i will never recommend this, it surely is a bad practice.
Is the entire Java application running on the server? How would your application even know about a specific client machine? And how would it deal with concurrently logged in users? And how would it deal with a primitive client machine which does not have a notion of a user name?
You can instead run a Java applet which is invoked on the client's machine. You could the send this information to the server to process. However, your users would most likely not like that and not grant the required privileges.
Alternatively, you could try to use JavaScript to read the user name, in case that you are communicating via a webpage. I want to stress the word try in this context since there is not universally functional approach and most users will most likely not allow you to read this property either.
In a nutshell: Users do not normally want to share this information with you and therefore you cannot access it. If you could, you would have found a security hole which would most likely get fixed. Rather, ask your application's users to enter a name to use for whatever reason you would require it. Or, if this is an option, organize for example your Windows credentials in a service that can be accessed by a standardized API.
I need to connect to Unix Server using Java via SSH and SFTP protocol and execute specific commands and do File Transfers also. But there is RSA token authentication is enabled on Unix. So I need to get the current RSA token password at run time also along with User's Password.
So how to get this done
via Java? Is there any Java API for this?
FYI, Unix Login steps using putty :
connect using Server IP.
List item
give User Name.
give Password
give the 6 digit SecurID generated Number.
This sounds like keyboard-interactive authentication. In this authentication mechanism the server asks user a question, to which the user must respond. Any number of questions is possible and their order is defined by the server.
Keyboard-interactive authentication is used by many servers, but it's usually reduced to asking for a password, so most software which claims support for this authentication method will just put a password as the answer and that's all.
I don't know if free Java libraries support keyboard-interactive authentication with multiple questions. Our SecureBlackbox classes have an event which passes questions to the application, and the application can either provide an answer itself or ask the human operator to provide the answer.
I have a WebSphere on AIX server,
and a simple java client on windows XP (connects to server over http).
I would like to incorporate SSL for client autherization. Mainly, I have a smartcard reader.
The only problem is - the smartcard is used already once to access Windows and we would like to save the trouble for the client to re-enter PIN during client application startup.
I started reading a lot about SSO - which I was assured can help my problem. This led me to reading about WebSphere's support for SPENGO - in their redbooks. Problem is it involves a lot of support from the Active directory people - and they are not keen on helping - and also I fear they're envolvement can slow down the incorporation.
So now I am looking into OpenSSO, WAFFLE, JOSSO and other frameworks that may help me.
But wait - this all seems like a major overspec. All I wanted was to save my client a second prompt to the smartcard.
What I really want is a method - one of the following:
-A Windows XP and above setting that will enable me to retreive the certificate inside the smart card (along with some access to encryption/decryption capabilities to authenticate the certificate).
-Some sort of access to windows to allow me these options
-Perheps, Some sort of java pkcs#11 method that will enable me to get access to the same connection as Windows.
-Is such an ability vendor specific?
Is this even possible? The wikipedia Single sign-on entry http://en.wikipedia.org/wiki/Single_sign-on speaks of SSO with smartcards - but so far I haven't been able to find any way on how to do it. All I know is that my smartcard is prompts a second time if I try to use it with the regular pkcs#11 code.
To sum up:
1. Is there a windows/verndor specific/java to enable me to SSO using the smartcard.
2. If not or if not recommended, what other SSO solution should I use given that I don't want to depend on the Active directory people?
3. In the worst case, where SSO can only be efficiently acheived with Kerberose and ActiveDirectory - what implementation could be less demanding on the ActiveDirectory side?
Thank you.
Can anyone tell me how to connect to an LDAP server?
I need a username/password authentication to be done by LDAP integrated with IE, which I intend to do using Java. Given that I only know the IP address of the server, is it possible that way I can reach the server so that I can authenticate with it somehow automatically using Java?
Here is link to LDAP Authentication using Java
Do you want to do SSO with NTLM? In this case this might help you. Otherwise you can use the javax.naming package to connect to LDAP. Or have a look at jldap