I'm building a Play! framework application and i'm required to implement a pki authentication with a smart card. I've been searching for a few weeks and can't seem to find exactly what I'm looking for.
I want that with the client entering the site a window will pop that enables the client to enter his smart card PIN code in order for him to authenticate to the app. After the client enters his PIN code the app will verify him if the code is right and recieve the identity from the card and from that point he will be able to continue freely.
Your web application can not interact directly with your smartcard as it is executed in the sandbox of the browser.
There is no built in API in JavaScript/HTML5 to access smartcard.
So you have to build a bridge between your smartcard and your application. The most common in java is to build an applet that will interact with hardware and expose Javascript methods.
I recommend this article to be read : http://tech.springcard.com/2010/java-pcsc-accessing-smartcards-from-a-web-page/
Related
Is there a way to authenticate a java desktop application with Slack using OAuth2? I am trying to follow Slack's guide.
I am getting stuck because it says you get the access token inside of the redirect uri of your application. But since the app I am making does not exist inside of the web browser, is there anyway I can do this?
Can my java application launch a localhost site that it can communicate with to use as the redirect uri? If so, how?
Desktop app as internal integration
Before we get into more details please note that there is an easy solution if you plan to use your desktop app for your own Slack workspace ONLY. In that case your app does not need to support the full Oauth work flow and you have two options:
Install your app as internal integration via the management page
of your Slack app and then copy & paste the token to your desktop app
Create a legacy token for your Slack workspace and then copy & paste to your desk (not recommended)
I also like to clarify upfront that your app only needs to run the Oauth process ONCE for installing it into a new Slack workspace. The resulting token has no expiration date and has not to be refrehed.
Desktop app for multiple Slack workspaces
If you plan to distribute your desktop app to multiple Slack workspaces you will need to support the full Oauth installation process.
Slack is using Oauth 2.0, so in principle all the standard answers from this older Oauth wiki article should work for Slack too.
However, since you can not assume that the local machines of your users are reachable from the Internet (e.g. redirecting back to a local web server will not work, since Slack will most likely not be able to reach it), you will need a web helper app that runs on a web server and is reachable from the Internet.
This web helper app is basically a small web site, which performs the complete Oauth dance for the installation process into a new Slack workspace. You app can open a browser window and redirect to the web helper app to start the login process. You then have two basic approaches how to handle the connect back to your desktop app:
Show the resulting token to the user and ask him to copy & paste it
to your desktop app (simple approach)
Store the resulting token in your web helper app and provide an API to your desktop app to fetch it automatically. (user-friendly approach)
If you are looking for a starting point for such a web helper app, take a look at this example PHP script for installing Slack apps.
I am trying to add some information from Steam into my Android app.
I see that Steam has Steamworks, but that is only built for Windows, OSX and Linux.
Furthermore, I saw that they also have a Web API that could also be accessed from a mobile application. But all the methods in the API require a 64 bit SteamID, which they say can be retrieved using OpenID. I downloaded the Google Oauth Client Library for JAVA but I reading through the documentation, I don't understand how I can get a SteamID for a user using this library.
Has anyone used this lib or another open source lib to get a SteamID?
UPDATE
To get direct SteamID64.
Login to Steam using a web broswer.
Once logged click on your profile and add ?xml=1 to browser url address
http://steamcommunity.com/id/yourusername/?xml=1 or
http://steamcommunity.com/profiles/yourprofilenumber/?xml=1 (if you have not set a public username yet)
I think this is number in profile link or steamID64 example: http://steamcommunity.com/profiles/76561198113616635
Steamid will be: 76561198113616635
To check it online you can go to https://steamid.io/lookup
In Android app, I think after authorize, steam will give you that number and key.
I am trying to develop a Spring MVC based web application with following requirements.
User will swipe his/her magnetic strip or chip card on a card swiping machine.
The machine will read card information on card and will transport the same to my web application.
My questions are.
Is it possible to transport information from swipe machine on internet (Obviously the machine is connected to internet)
How do I configure the swipe machine to so it would transport information to my web application (should I expose a rest web service).
How do I decode the data which is transported by swipe machine in my Spring controller or web service
Thanks you very much for any help
Anant
Reading a mag strip (there are 3 of them in a card) is a simple job and you can rely on the driver that comes with the machine, or if you feel adventurous, break out the RxTx java library.
It is basically a bunch of letters and numbers - check wikipedia for the format of the CRC - but back to your questions:
Yes. Done that. Pretty simple. The machine has configurations that allow it to dial up or open a secure connection with a server.
Which number it will dial up or which service it will call is all configurable. Merchant will require you to provide your own machine and won't let you touch their existing machines.
Decoding is simple. The swiper comes with a driver and you can use it. However, if you have your own machine (which you will need) then decoding is not needed. The swiper will either call a server at the merchant (the case for restaurants or supermarkets) or it will open an HTTPS connection with the server and send all the data that it is in the card. Your server will get the data in plain text, so no need to read it manually.
Is it possible to transport information from swipe machine on internet (Obviously the machine is connected to internet)
The machine has to have output somewhere, where it does send data when doing something.
How do I configure the swipe machine to so it would transport information to my web application (should I expose a rest web service).
In documentation for machine, there should be info about what does it send and how. Everything else depends on this.
How do I decode the data which is transported by swipe machine in my Spring controller or web service
Same answer as for previous question.
We're developing an app that will be running embedded within a browser using secure sockets to communicate with a server. I want to add the ability for the applet to save its state (locally) so when they next open the page, the app can recall where the user was.
I've been looking into CookieManagers and Java Web Start with JNLP, but I'm unsure where to begin and what would be the best solution.
Any reccomendations? :)
Accomplished using self certification now. The user grants the application permission and then the application can read and write from the file system.
I used this article for signing the app: http://www.jade-cheng.com/uh/ta/signed-applet-tutorial/
I've been thinking about implementing of Google Play licence check on my Java server. Is that even possible? I haven't been able to find anything on this matter. I know Android LVL is written in Java, but I'm not sure if it can run outside of dalvik machine. Is there a posibillty of checking Google account name or some kind of device ID against Google Play to check whether an app has been bought in a Java server application?
The answer above is simply verifying response data (returned by google LVL on android device) on app server.
I think the question is asking if it's possible to call some google web API to do Google Play license check on its app server. But it seems like google doesn't open the web API interface to its licensing server, all LVL calls need to be done using its google play service framework on android device.
Yes it's possible, the java sources are out there and could be downloaded (and afaik, the jar is not dexed until you compile your application) - see some kind of manual over there at developers.android.com to read about how to get the sources
I've heard about a PHP project trying to attempt it, but using java should be no problem at all - you do the same things on the server, the manuals state for the client - and let the client sends the encrypted response from the market directly to the server via SSL (e.g. byte[] post)
You should get a UID from ResponseData.userId
Read some more in this blog post and more info and links in another SO answer