Latest Entries »

Security is fundamentally about protecting assets. Hence software systems should control the access from unwanted threats. Today there are different types of users in many corporate software systems. These different users has different levels of access to the system and these systems should need to control the access according to the user.

In this post i’m going to explain how to secure your unsecured web service using WSO2 ESB and how to invoke a secured service

  • Prerequisite

How to create a simple web service

How to create a proxy service

Above created web service doesn’t included any security features, as the first step you need to enable the security features to your proxy service using WSO2 ESB.

Enabling Security features in your proxy service 

1. Open the ESB management console

2.Click List under Services in the Main tab to view all available proxy services.

3.Click on the desired proxy service you need to enable security features(in my case OrderProcessingService).

4.Click Security under Quality of Service Configuration in the service dashboard to open the Security for the service page

Screen Shot 2014-09-15 at 2.27.32 PM

5. Select Yes for the Enable Security? field to view the pre-defined security scenarios.

6. Select the required security scenario ( UsernameToken in my case) and click  Next  to open the Activate Security

 PreDefined_Security_Scenarios

7. Select the domain and the role name which you need to enable security and select the admin in the User Groups to apply basic authentication to the admin user group

Screen Shot 2014-09-15 at 2.52.39 PM

8. Click Finish. An information message would appear to indicate that security was applied successfully.

Now you have enabled security to your web service by using WSO2 ESB.

And now its time to do something with your secured web service

Invoking the secure service(Creating secure client)

In the above steps when applying the security feature i have used UserName Token to authenticate users. In another word now our web service expects username and password as a soap header and the service can authenticate user using that information.

Username token is sent over HTTPS transport to secure the message. Therefore users need to specify a trust store which contains the server certificate (public key) with its password. Since this article uses same keystore as in the server by default it contains the server certificate. User name is given as an axis2 client option which is picked by the rampart. The password is picked from a call back handler which is given in the security policy. Following client program can be used to invoke the service with basic authentication.

System.setProperty("javax.net.ssl.trustStore", "/resources/wso2carbon.jks");
System.setProperty("javax.net.ssl.trustStorePassword", "wso2carbon");

CustomerOrderServiceStub stub = new CustomerOrderServiceStub("https://localhost:8243/services/OrderProcessingService");
HttpTransportProperties.Authenticator authenticator = new HttpTransportProperties.Authenticator();
authenticator.setUsername("admin");
authenticator.setPassword("admin");

stub._getServiceClient().getOptions().setProperty(HTTPConstants.AUTHENTICATE, authenticator);
stub._getServiceClient().getOptions().setProperty(Constants.Configuration.ENABLE_REST, Constants.VALUE_TRUE);

Now i will explain what these code snippet actually do…

javax.net.ssl.trustStore – Location of the Java keystore file containing the collection of CA certificates trusted by this application process (trust store).

If a trust store location is not specified using this property, the SunJSSE implementation searches for and uses a keystore file in the following locations (in order):

$JAVA_HOME/lib/security/jssecacerts

$JAVA_HOME/lib/security/cacerts

javax.net.ssl.trustStorePassword – Password to unlock the keystore file (store password) specified by javax.net.ssl.trustStore.

First it creates an Authenticator object and set the user name and password to that. Axis2 commons HTTP transport uses this value to create the HTTP headers. Basic authentication based authentication for User name token only works with the messages with content type application/xml. Therefore it is required to enable to REST to message.

Conclusion

Today Security is one of the major concern of any software system. Web service integration is commonly used to form integrated functionality. Depending on the service integrated such systems can have complex authorization logics. This article demonstrate on how to secure your back-end server using WSO2 ESB by following easy steps. Further that this article demonstrate how to invoke service and how users can be authenticated at the integrated service layer.It uses the Username Token in oder to authenticate the user and mutual authentication to secure the back end services.

Source

https://docs.wso2.com/display/ESB481/Securing+Proxy+Services

http://wso2.com/library/articles/2011/06/securing-web-service-integration/

 

Advertisements

The newer version of the GNOME desktop was released back in September 2013 and comes with a raft of improved features, apps and usability tweaks. From hi-res screen support to new client-side decoration of app windows, GNOME 3.10 is a compelling upgrade.

Screenshot from 2014-02-04 13:42:21

 

header-bars

The good news is that – providing you’re running Ubuntu 13.10, have a decent internet connection, and some command line aptitude (pun fully intended) – you do n’t have to stick with a stale version of GNOME.

Software requirments

  • Ubuntu 13.10

note : 

  • GNOME 3.10 has NOT been tested with Ubuntu 13.10; you upgrade at your own risk

Steps

First, let’s add the GNOME 3 PPA to Ubuntu’s Software Sources. This can be done using a GUI but it is far easier to achieve using the command line.

  • Open a new Terminal window and enter the following command, entering your user password when asked:
    sudo add-apt-repository ppa:gnome3-team/gnome3-next && sudo apt-get update
  • With the PPA added and our package list updated we can move on to installing GNOME 3.10 itself. To do this run the following command, again entering your user password when prompted:
    sudo apt-get update && sudo apt-get install gnome-shell ubuntu-gnome-desktop 
    
    Attention : It can take a while for all the necessary packages and components to be fetched and installed, so try to be patient.
  • Midway through the installation a prompt will appear in the Terminal asking you to choose what display manager – aka “login screen” – should be used by default.
  • This decision is entirely up to you; both Ubuntu’s Unity Greeter and the GNOME Display Manager let you easily switch between desktop sessions (handy if you want to keep Unity or another desktop around) but only GDM offers GNOME-specific features such as lock-screen notifications.When you’re ready to decide make your selection using the up/down arrow keys and hit ‘Enter/Return’ to confirm. The installation will then proceed. select gdm if you like GNOME Display Manager.

Screenshot from 2014-02-04 13:20:27

  • GNOME 3.10 comes with some great new features, applications – including Gnome weather, Music,Maps, etc, if you willing add those links add them using
    sudo add-apt-repository ppa:gnome3-team/gnome3-staging
    
    sudo add-apt-repository ppa:gnome3-team/gnome3
    sudo apt-get update && sudo apt-get dist-upgrade
  • To add some of the cool apps we mentioned earlier run:
    sudo apt-get install gnome-weather gnome-music gnome-maps cheese gnome-documents

    With that we’re done!

  • To see the effects you need to restart your computer, after appearing the login screen select the desktop manager you need to use.(Gnome or Gnome classic)

In blackberry if you want to create a buttonfiled first you have to create a ButtonField varaible. so from this buttonfield object you only can create predefined fuunctions in that you cannot have colors for the buttons and text. so to customize the button you have to create customize button object.

Here is how to create a it……..

//importing necessary blackberry packages

import net.rim.device.api.system.Display;
import net.rim.device.api.ui.Color;
import net.rim.device.api.ui.Field;
import net.rim.device.api.ui.Font;
import net.rim.device.api.ui.Graphics;
import net.rim.device.api.ui.Keypad;

//Custom buttonfiled will create by extending field class

public class CustomButtonField extends Field
{

private int backgroundColour;
private int highlightColour;
private int colour;
private int fieldWidth;
private int fieldHeight;
private String text;
private int padding = 15;
private double fontWidth;
private Font font;

public CustomButtonField(String text, int highlightColour, int backgroundColour)
{
super();
this.text = text;
this.highlightColour = highlightColour;
this.backgroundColour = backgroundColour;
colour = backgroundColour;

font = Font.getDefault();
fieldHeight = font.getHeight() + padding;
fontWidth = font.getHeight() / 4;
fieldWidth = (Display.getWidth() – 12) / 6;
this.setPadding(2, 2, 2, 2);
}
public CustomButtonField(String text, int highlightColour, int backgroundColour, int width, int height, int padding)
{
super();
this.text = text;
this.highlightColour = highlightColour;
this.backgroundColour = backgroundColour;
colour = backgroundColour;
font = Font.getDefault();
fieldHeight = height;
fieldWidth = width;
this.setPadding(2, padding, 2, padding);
}
public void setFont(Font font){
this.font = font;
}
public void setFocus(){
super.setFocus();
}
public boolean isFocusable(){
return true;
}

protected boolean keyChar(char character, int status, int time) {
if (character == Keypad.KEY_ENTER) {
fieldChangeNotify(0);
return true;
}
return super.keyChar(character, status, time);
}
protected boolean navigationClick(int status, int time)
{
fieldChangeNotify(0);
return true;
}

protected void onFocus(int direction)
{
colour = highlightColour;
invalidate();
}

Now let see how to use it in the application first import this class in to your project

then after that create  varibale called

private CustomButtonField cmdNext;

To invoke the field we created

cmdNext = new CustomButtonField(“Next”,0x0099FF ,0xDDDDDD);
cmdNext.setFont(Font.getDefault().derive(Font.BOLD));

we need to use it like this in here i’m using my custom color for the button, and i have change the font to bold

Here how it look likes…

in this simple code snippet you can change the size of the button, position of the text etc..

First of all need to clarify what is Push down automation in programming language it is Basically Check the validity of the Syntax

  • Finite Automata cannot recognize all Context Free languages.
  • Why Finite automata cannot recognize all Context Free Languages?
    –Finite automata can keep a record of the history of events (finite).
    –CFLs may generate strings carrying unbounded amount of information.

so in this case we need to check the validity of the context free language for that kind of situation we can have push down automation.

PDA recognizes all and only the context-free languages.
There are two versions of PDA
  • PDA that accepts a string by entering an accepting state.
  • PDA that accepts a string by emptying its stack, regardless of the state it is in.
What PDA actually Do….
First of all PDA will put the Starting symbol in to the stack. and after that in consume a character, then it will go and check with the stack top and pop the element from the stack and check through language’s grammar with the stack top and input symbol. if there is matching production in grammar it will put that matching production’s Non-terminals in to the stack.
as example
S->aA
A->aBC
B->b
C->c
in here if input string is “aabc” first it will put start symbol ‘S’ in to the stack. and after that it will put ‘A’ to the stack because input symbol is ‘a’.
then it goes to the second input in here it is also the ‘a’. now stack top is ‘A’. pop ‘A’ and get the production of ‘A’. it will be A-aBC so now it will put these non terminals of production ‘A’. it will put where as left most Non-terminal becoming stack top.like wise this will do until end of the string.
how to implement…..   
this PDA is developed for S-grammar
S-grammar rules are of the form A => aX where X belongs zero or more none terminals
in this implementation it take a-z characters as  terminals and A-Z characters as Non-terminals

Algorithm used

  • First of all when loading the form system will check the grammar line by line in production.txt file and while going through the text file it will create a parser table

As a example

If grammar is

S->aA

A->aBC|bB|cC

B->b

C->c  parser table for this grammar is

a b c d . . y z
A aBC bB cC
B b
C c
.
.
S aA
.
Z
  • First of all first Non- terminal character will be taken as the start symbol of this grammar. And to indicate the bottom of the stack system will put “$” character to the bottom of the stack at the beginning. After that system will put the start of the symbol grammar to the stack
  • When user input a character it will get input character at a time and get the stack top if it is Non-terminal.
  • By getting the input character and stack top using parser table can check which production should need to apply next.
  • After looking at the parser table it will put it in to the stack
  • Input string will be check with the stack top if it matches (if stack top is terminal) it will pop stack top otherwise it will look parser table according to the input and None-terminal.
  • This process carries out until input string gets end.
  • Or if that string doesn’t match operation will be terminate.

Example usage:

According above mention grammar If  input string is aabc

Data Structures Used

In this system it uses array data structure

  • For maintain parser table it uses a multi-dimensional array.
  • For maintain input string

Stack data structure

  • For maintain automation and for get the next parsing value

Assumptions made

  • All characters from a-z are taken as terminal all characters from A-Z are taken as the Non-terminal
  • Assuming the first character of the production as start symbol
  • Grammar should need to be written correctly

For example there must not be white space characters in production

what is a Netkit

Netkit is a set of tools and commands that can be used easily setup a virtual computer network