I am trying to migrate project from jaas security to elytron security, we are not getting how to migrate it. this is my standalone xml.
How to migrate these login module.
Related
In my environment I have Solr 6.2 running in Cloud mode where I am trying to secure the Solr Admin UI and found couple of article that explains how to achieve it,
https://lucene.apache.org/solr/guide/6_6/securing-solr.html
http://muddyazian.blogspot.in/2013/11/how-to-require-password-authentication.html
My understanding is that securing through Jetty will work only on the standalone deployments and not in the SolrCloud deployments.
Is that right?
I published my web app into Azure web application but I want to provide the security for this application.
I know by using HTTPS we can provide security for web application. I read this link before posting question here.
Rather than using https, are there any other techniques for providing security to web site or web application?
As this document mentioned about the Security Level in Azure App Service:
Infrastructure and platform security - You trust Azure to have the services you need to actually run things securely in the cloud.
Application security - You need to design the app itself securely. This includes how you integrate with Azure Active Directory, how you manage certificates, and how you make sure that you can securely talk to different services.
For Infrastructure and platform security, Azure would isolate your App Service apps and communication of sensitive datas (e.g. sql connectionstring, appId, appSecret,etc.) are always encrypted. Also, App service would provide threat management protects App Service resources from malware, DDoS, MITM, and other threats.
For Application security, you need to develop, manage your application in a security way. The frequent threats would as follows:
SQL Injection
Session hijacking
Cross-site-scripting
Additionally, you could leverage integration with Tinfoil Security to perform penetration testing on your app and follow the instructions to fix possible vulnerability. For a better understanding of it, you could refer to this official tutorial about secure an app in Azure App Service.
We need to integrate data from our application to GP using eConnect. We have GP and eConnect installed in a server.Our application runs from another machine which has to send data to GP in our server using eConnect.
Is that necessary to install eConnect in developer's machine as well as in the server?
As eConnect uses windows authentication, we use integrated security in our application to connect with eConnect. So, we are now able to integrate data from one user's machine whose credentials was given while installing eConnect in server.
Can anyone help?
In short, yes. The eConnect SDK must be installed on every client machine that issues eConnect for requests. If you are building a web application, then you would need the eConnect SDK installed on the webserver from which the requests originate.
If you are developing windows forms application to be installed on each users' PC, then the eConnect SDK must also be installed on each users' PC. Because this is often not a desirable deployment scenario, many people are in the practice of creating a new service to encapsulate the specific eConnect requests that the application needs so that the SDK only needs to be installed on the server.
Another option worth considering is a separate installation for Dynamics GP called the Dynamics GP Web Services. That would allow you to issue web service requests without the need of installing the eConnect SDK. However, installing Web Services for Dynamics GP is not trivial.
Regarding security, the eConnect SDK creates a windows service where credentials are supplied. It is these credentials that are used to authenticate eConnect to Dynamics GP. Keep in mind that Dynamics GP does not support Active Directory authentication for user access. However, one can use a domain service account in the eConnect service and set that up for access directly in SQL Server with DYNGRP role. Normally, this account would be a service account created for this purpose and not the user account.
I have implemented rest web services for my application. Since this should not be a public service ,I want to enforce some type of client authentication. Please throw light on how to do that.
FYI, I am using apache Tomcat 7 and a MYSQL database
You have a lot of options here - anything from container managed security (basic or digest) to Shiro or Spring Security.
I have installed OpenAM (OpenSSO) to work with my liferay portal. So authentication for liferay is going now through the openam server. This works fine.
But now I want to secure my own application (EAR) deployed on my glassfish application server.
I can not find any example how to configure my web module to work with openam/opensso.
Can anybody help me how to configure my web application?
The usual approach is to install an OpenAM Policy Agent onto your Glassfish server. The policy agent will intercept all requests to glassfish before allowing them to be processed by the application server, forcing the user to authenticate first if they need to.
Once your policy agent is installed, you will be able to configure it to do many things. Restricting access to some or all URLs in your applications is the most obvious use. Protected applications can also access user details (such as UID or givenName) provided by the policy agent through HTTP headers.
The Glassfish agent is a J2EE policy agent. See here for configuring a J2EE policy agent in OpenAM:
http://openam.forgerock.org/doc/admin-guide/OpenAM-Admin-Guide/chap-agents.html#configure-j2ee-policy-agent
See here for installing the policy agent into Glassfish:
http://openam.forgerock.org/doc/agent-install-guide/OpenAM-Agent-Install-Guide/chap-glassfish.html