Every time I start netbeans, the first time I launch a web application which is deployed on a Glassfish 3 or Glassfish 3.1 server where I set a password, netbeans asks for my credentials.
This is (and needs to be) a custom glassfish installation.
I know it is possible to tell netbeans not to ask, because it is like it when installing the glassfish that is bundled with netbeans.
What do I need to do?
NetBeans does not do anything to remember the password for GlassFish Server 3.0 and 3.1. It doesn't send a password when commands are sent to the running server via HTTP and so, the server returns a 401. The IDE presents the authorization dialog and retries the HTPP admin command.
There is an open enhancement request for this feature. http://netbeans.org/bugzilla/show_bug.cgi?id=166648
I haven't tested it, but it might be a bug (in which case it would be great if would file an issue).
The default installation of GlassFish has no password set for the admin user (so no password is required).
I recommend:
use a local GlassFish installation with no password for development (deploy with NetBeans)
use a password on your productive GlassFish installation, deploy from your continuous integration server (such as Hudson)
Related
Recently we started to upgrade our clients from Java 6u31 to 8u121.
Here we see an impact on our internal web application written in Java.
Client(s) connects to a web-server which has the JNLP and JARs locally.
However now with the new Java 8u121 we get a pop-up from java : Authentication required.
We can click on cancel and the Java app will load but this is not acceptable for our users.
Is this a Java problem or a Proxy problem?
We started to do a trace with wire-shark to see what happens when the Java pop-up "authentication required" occurs. Here we could see that our proxy server blocks a global-sign site to validate a certificate. Here we made an exception for that site. Now we have no issue anymore and the pop-up is not occurring anymore.
You can prevent that authentication window by setting the property deployment.security.authenticator value to false in the deployment.properties
Normally Plug-in and Web Start install an Authenticator to handle
communication with Authenticating web pages or Authenticating proxies.
This is the default behavior (true). This option can be used to turn
the normal behavior off if, for example, an application communicates
directly with an authenticating web page and needs to install its own
Authenticator.
Location of the deployment.properties
in Windows - \LocalLow\Sun\Java\Deployment\deployment.properties
in Linux - ${user.home}/.java/deployment/deployment.properties
in OS X - ~/Library/Application Support/Oracle/Java/Deployment/deployment.properties
I have been asked to implement seamless SSO authentication against active directory for a weblogic web based application.
After loads of testing and experimentation I have managed to get all the chain working as required.
Users logging in from a windows managed PC and using IE can seamlessly login to the web application.
After that, an apache was configured and installed between the web browser and weblogic in order to perform HTTPS-->HTTP termination. Once this was done the browser stopped performing seamless login - though basic authentication did work;
Investigating further, I noticed that the Authorization header was not forwarded across to weblogic which justifies why the authentication does not take place.
Note that the apache server I am using is 2.2.
Does anybody know if apache explicitly removes the Authorization header? I have also tried increasing the request maximum size to 30KB in case that was the problem
Thank you
We need to install the following package.
apt-get install libapache-mod-auth-kerb
First we have copy the HTTP.keytab (which is generated at "Active Directory") to etc/krb5.keytab like as below.
cp /root/HTTP.keytab /etc/krb5.keytab
Next we will have to give proper permissions.
chown www-data:www-data /etc/krb5.keytab
chmod 400 /etc/krb5.keytab
Next we go to Apache virtual hosts path
vi /etc/apache2/sites-available/default
Add one directory as like below
`<Directory />
AuthName "Kerberos Login"
AuthType Kerberos
Krb5Keytab /etc/krb5.keytab
KrbServiceName HTTP
KrbAuthRealm YOURDOMAIN.LOCAL //It is Domain name of your server
KrbMethodNegotiate on
KrbSaveCredentials on
KrbVerifyKDC on
Require valid-user
</Directory>`
Restart Apache web server
/etc/init.d/apache2 restart
Next go to browser of Active Directory client machine and hit the web server with FQDN of apache server. It will not ask you the password to open that website.
NOTE:
For explorer browser we need set automatic logon with user name and password at security tab
user authentication -> logon -> automatic logon with user name and password
If you found any difficulties please update me.
Im implemeting an SSO login feature for an application. Problem is that tomcat server need to be installed on linux or windows - so i cannt use waffle.
I also dont want to use kerberos because i can't enforce client to generate keytab files and also application runs sometimes on localhost or intranet - SPN name is different for this case. Next problem is that i cant modify Active Directory structure (add new computer user etc.).
Finally i think that i should use NTLM to negotiate access to application. Is it right ?
Is there any library like waffle which can let tomcat to handle negotiate ? Or is there other way to do that ?
Today only I heard about the Thoughtworks GO and started the installation configuration. Windows Installation is went well and I am able to run the server over HTTP using 8153 ports.
Then I have installed agent in the same box using the localhost. What i am not able to figure out is how to connect the agent automatically using HTTP ? I am getting error in the go agent log that is trying to access the https : //localhost :8153 I am right now not concerned with HTTPS and all. all I want to register the Agent.
One more thing just for FYI. I have enabled user authentication file based. that is working fine.
Please suggest if there is alternate way to change the URL Protocol to HTTPS.
Finally I run the manual installation by downloading the zip for the go server and then I got the server running with both HTTP and HTTPS without any additional efforts.
This answer will be useful is the installation is having issue with the windows installer. Use the zip.
Thanks.
Praveen
Where should we get started setting up single sign on for a single Windows (Active Directory) domain with a Java web application?
What I DON'T mean by single sign on is that the user signs into one Java website explicitly, and then stays signed in for other Websphere sites.
We're looking for something that will effectively "detect" the Windows user that is currently logged in on the client browser's PC (Windows XP, soon to be Windows 7), and supply that user's login name to the Java WebSphere application.
The software is Java/WebSphere, with a Flex front end which we can put in a JSP if needed. (Currently it's just an html page, which is preferrable. GraniteDS is used for remoting.)
The server is NOT a Windows server, so Waffle is not an option. Research so far seems to indicate that we need to use something called SPNEGO, but I've yet to find information about what the Java developer's role is when setting it up.
I'd be interested in both server-side (WebSphere) config & requirements as well as Java application configuration & code required (this seems to be difficult to locate even via Google).
The Java application developer only needs to configure the Web application to rely on authentication from the container (Websphere Application Server).
The rest is all up to the configuration of the container to provide the right credentials, etc. The WAS administrator would do something like this for SPNEGO/Kerboros: http://www.redbooks.ibm.com/abstracts/sg247771.html. Further, browser configuration would need to add the site hosted by Websphere to the domains allowed within the Intranet zone and the security mechanism.
A much better 'hack' might be (not tested) to put Websphere behind IIS as in http://www.iis.net/learn/extensions/url-rewrite-module/reverse-proxy-with-url-rewrite-v2-and-application-request-routing.
In all cases, you will still need to figure out how to get Flex to get the browser to do Windows NTLM authentiation, or for it to so itself. Best of luck.