I'm currently writing a Java application to be used with a Windows-Machine authed with an ActiveDirectory. The application basically only needs to know the user's name and hostname. I know there are
System.getProperty("user.name")
and
java.net.InetAddress.getLocalHost().getHostName()
But I am not sure wether System.getProperty("user.name") will function correctly with the VM running on windows (I searched google and found a lot of threads saying it might not work with windows, as it might return something different, depending on the environment-variables
(and I am currently unable to test it [I'm running ubuntu and archLinux]).
So, I wondered if there is a better and more secure way to handle this and stumbled upon NTSystem .
But NTSystem does not seem to be available on Linux (which I use for developing), which - I think - is due to calling native windows code.
My question would hence be: "Is there a secure way to retrieve the logged in user's name in Windows and if yes - how would you accomplish that?"
user.name is inherently insecure because it can be overridden via -Duser.name=XYZ. This might be an issue for you, or it may not be
Obviously NTSystem won't work on Linux but you mention that you are writing a GUI to be run on Windows. Are you trying to validate the Windows user name of the user? You can do this via NTSystem embedded in the code which runs on the Windows client but not (of course) code which runs under the Linux OS.
Or are you trying to validate them on a Linux server? Perhaps you have a kerberos domain you could do this with? (i.e. if there is a kerberos domain, then you can have a secure, authenticated communication between client and server, ensuring that the client is who they say they are)
EDIT: I may be confused by the fact you are saying that you're writing a Java App "in Linux". I took this to mean a Linux server and Windows client - but possibly you just mean that you are using Lenux as your development environment? In this case, you might think of writing a pluggable identification layer which you can switch between using NTSystem on the Windows box and user.name for testing
Use JNA, com.sun.platform.jna.win32 has a number of methods to do this wrapping the Win32 API. Try Advapi32Util.getUserName or Kernel32Util.getUserNameEx.
Related
I have a web application that uses a Java applet to get my clients' system information by executing vbs code in Windows or basic commands in Linux, and network address too with java.net.InetAddress in order to log them into the webapp through ldap.
Due to Java applets will not be supported anymore shortly in the majority of browsers, I'm looking for another way of getting this information. Is there any way of doing it?
Thanks,
xavi
EDIT: Required information: System (OS, RAM, HD, IP, MAC) and network (username, machine name, domain name)
All you basically need is some sort of module that can be downloaded from you application over the network, which would run locally on client machine and would do stuff you require.
Since Applets seems to a little outdated, there are other options as well.
You can use JNLP, it would work just like applets, but the whole package would be downloaded first and would require JRE on client machine to run it.
When developing a Java EE 7 webapp (Win8, eclipse Kepler, JBoss Tools 4.1.1, wildfly8.0CR) I can use the application at localhost:8080/app/
But I wonder what to do, if I want an extern access to that app, e.g. from my other PC. What configuration is needed, or do you need a "real" server for such a purpose?
Thanks in advance
How public to you want your website to be?
If you want to access it from another computer on the same network(for example your home network) you need to adjust your network and firewall settings so that that you would have access from one computer to anoher on the same network. Then if on the computer that contains the app you would access it for example http://localhost:8080/myapp then on another network you would access it http://ip-of-the-comuter-that-contains-the-app:8080/.
If you would like to access it from outside the local network then the process is same, but a static IP would be recommended to the computer that contains the app.
If you would like the general public to use the app, then hosting it from your PC may not be such a good idea and somekind of server solution is adviseable. There are lots of different cloud solutions like http://aws.amazon.com/ec2/ or https://developers.google.com/appengine/ that would provide enough flexibility for majority of apps. Or you could ofcourse have your own server hardware, but this can turn out to be much more expensive to keep stable and secure.
For a quick-and-dirty solution you can choose the "Enable remote access" option on the server (double click the server, and you should see a check box in the server editor).
This will tell the server to start listening on all network interfaces and not just the local one.
btw. we only listen on local network interface by default for security reasons since we don't want you to unintentionally get hacked if a vulnerability is found and used by someone malicious.
I am attempting to run a Java application (specifically Minecraft) at my school on a mac computer. I wish to play online on my personal server, however the way the network is set up here the only way to access the internet is to enter network user/pass (The school uses a websense filter). Each student has one, and when you open a browser window a prompt will automatically ask me for it. The same user/pass is used to log into the machine, and some software will simply pick it up and go online without entering it a second time (ex. Safari just connects, Chrome however prompts for the user/pass).
Java applications however seem to be a mixed bag, some will connect, some will not. However none of them prompt me for the user/pass to the network.
So is there any way to force possibly through command line?) a Java application to log into the network?
Or is there possibly some other problem here?
You can set the proxy at the command line. This should help you: How do I set the proxy to be used by the JVM
In case you can't use your proxy directly you might try and install a local proxy such as CNTLM that connects to your network proxy and authenticates using the credentials you provide. The application would then not have to provide credentials. However, you'd have to provide your network credentials to CNTLM and thus should not forget to remove them when you are done.
What are the options (or is it possible at all) for a web page (running on a remote server, not localhost) to access a data stream (not video) coming in via the USB port of the local computer?
Ideally this would work cross-platform (Windows, Unix, Mac anyway) and the local computer would not have to download/install anything to make it work (beyond what you can reasonably expect a computer to have)
An embedded Java applet seems the only way, but I'm wondering if there's any other technologies that could do it.
If the restriction is lifted so that the user can install something (basic for non-techies, not setting up a local server running node.js for example) does that make more things possible (Flash?)
You can probably create an ActiveX component to do this. I am not sure if it can be portable on different OS.
I can think of one way that you can interact with the usb port: You would have to set up a socket server on the remote host which would redirect your network traffic to the serial / usb port and vice versa.
This doesn't completely fulfil the requirement, but I think it's the only way to do it in Actionscript
Is it possible to invoke an exe on a remote computer, supposing we know the absolute path of the exe where it lies?
I have written a client and a server program and am able to get both work as expected when both are running. But now, all I want to do is to invoke the server program from client if server is not running. Seems like defeating the purpose of server-client model but still.
If that is possible without knowing the login credentials of the remote system, then it'd be cool. Eg: There are softwares like 'PsExec' that need login credentials.
I understand that, such a feature may not be there, as it would mean a serious security threat, but, I am just wondering if there is some sort of a workaround.
If that is possible without knowing
the login credentials of the remote
system, then it'd be cool. Eg: There
are softwares like 'PsExec' that need
login credentials.
I understand that, such a feature may
not be there, as it would mean a
serious security threat, but, I am
just wondering if there is some sort
of a workaround.
Those "inconvenient" security rules are there for a purpose. You simply do not want people to be able to run any old program on your machine without proper authentication and authorization. Not even if you are behind a firewall.
Why?
In one word - Viruses! If some machine on your network gets infected with a virus (or similar malware), then all machines that run a non-authenticated remote execute service would be at serious risk of infection.
Try Gridserver technologies... it's based on grid technology and very efficient and easily deployable.
You could setup a messaging system like a remote procedure call, webservice, or simple tcp socket on the server to do a wake up on the server process.
The only way you can execute an exe is by executing a local application which you have access to. There must be a part of the software running on the computer you want to execute an application on. From there, you can do a remote call from a second program on a remote machine asking the local one to do his job : execute.
As stephen C said, it would be a violent breach of security if I could run exe on your machine without your permision.