Thursday, November 20, 2008

Glassfish V3 CLI Administration

I installed the Glassfish V3 prelude version on my EC2 instance.
The installation process was very easy, however I kept running into issues managing my multiple domain instances via CLI.

Each time I would try to stop my instance using command line:
asadmin stop-domain --user admin domain1
asadmin stop-domain --user admin domain2

I would get the following error:
com.sun.enterprise.cli.framework.CommandException: Authorization has been refused for credentials [user: admin] given in this request.
(Usually, this means invalid user name and/or password)
Command stop-domain failed.

I checked the admin-realm for my admin user and it was there with the SHA encrypted password.

I then ran:
asadmin login -p 4848
Enter admin user name[Enter to accept default]>admin
Enter admin password>adminadmin
GlassFish v3 Prelude (build b28c)

Login information relevant to admin user name [admin] for host [localhost] and admin port [4849] stored at [/home/glassfish/.asadminpass] successfully.
Make sure that this file remains protected. Information stored in this file will be used by asadmin commands to manage associated domain.
Command login executed successfully.

After successful login the .asadminpass file will be updated in the home directory.

The second domain experienced the same issue so I performed the same asadmin login steps passing my second domain port.

asadmin login -p 4849

The content of my file contains login for both domains.
# Do not edit this file by hand. Use login interface instead.
asadmin://admin@localhost:4848 c4Aba22zdDIwMFg=
asadmin://admin@localhost:4849 c5Aba22zdDIwMFg=

Wednesday, September 17, 2008

JRuby dynamic pool

Working with JRuby I came across this blog entry. Jacob Kessler explains how to configure dynamic pooling in the JRuby module in Glassfish.

Wednesday, August 27, 2008


This link is a good starting point for learning about OAuth.

There is a java implementation of the spec located on the googlecode site:

Also the complete specification is located here.

There is an implementation for the Spring framework.

Monday, July 14, 2008

OpenID the virus is spreading.

I've been introduced to OpenID during its inception and have briefly followed it in recent months. Recently I've been looking at it in more detail for a project that i'm involved with. The project will use OpenID to enable user authentication into the site.
I looked over many resources out there that describe what OpenID is and what it takes to integrate with a provider. I specifically liked the post by Joseph Smarr from Plaxo entitled A Recipe for OpenID-Enabling Your Site. The article provides a step-by-step walk through describing the various best practices around integration with OpenID providers.
Some of the OpenID providers I'm a member of include: myopenid and yahoo to mention a few. More provider listings found here.

Wednesday, June 11, 2008

Sun IdM tricks

In recent months I had the opportunity to implement an identity management project using Sun Identity Manager 7.1 . In the course of development there were many tricky features that required some tweaking. There are 2 articles written by Woogie that helped me with some of the coding. First which deals with XML parsing in XPRESS and the second which describes how to implement a file upload feature.

Tuesday, January 15, 2008

Part 2 of Developing Secure Applications With Sun Access Manager (openSSO), is out!

I finally got around to publishing my last article on fine-grained authorization using Web services.

Really cool that the netbeans folks featured it as a tutorial on

Sunday, November 11, 2007

Open* on my macBook Pro

I recently configured Glassfish v2, Sun AM 7.1 , Sun IDM 7.1 / MySql 5.2 and Open DS on my macBook Pro. The configuration was fairly straight forward, after doing this many times on other platforms. I'm impressed how easy openDS was to setup and integrate with AM/IDM servers.

I wish I googled Jonathan Gershater's blog entry on Sun IDM setup on Mac before attempting it myself but with a little patience I managed to get through it myself.

Eduardo writes some instructions on setting up Glassfish on mac.

Friday, November 02, 2007

Upgrading from my G4 to macBook Pro

I recently upgraded my G4 to a new macBook Pro 2.4Ghz. The process of migrating data from the old to the new laptop was performed using the migration wizard over firewire. I had several gigs of data, therefore the process took a while but for most part it was smooth except for 1 thing:
Permissions to certain old files were denied as I changed the username on my new system.

So in order to access the old files owned by the old user account I had to add my new user to the old group.
The group information is stored in the netinfo database on mac os x unlike traditional unix/linux systems where it is stored in /etc/groups file.

The command I used was:
nicl -raw /var/db/netinfo/local.nidb -append /groups/olduserid users newuserid
I also added myself to the admin group which will give me access to root files.
nicl -raw /var/db/netinfo/local.nidb -append /groups/admin users newuserid

Wednesday, September 12, 2007

Updated article on fine-grained authZ

I recently updated my article on fine-grained access control.

1. CustomClaimsAppPolicyService.xml schema did not properly close the Global element.
2. The following step was added upon import of the schema:
Copy and to Access Manager's local directory, for example, /opt/SUNWam/locale.

Thanks for all the great feedback. Hopefully i'll get the time to write part2 soon!

Sun bloggers discussing OpenSSO

Monday, August 27, 2007


Sun re-branded its trading symbol from SUNW to JAVA. Read more here

Unlocking the iPhone

George Hotz a 17 year old teenager unlocks the iPhone
Mind Blowing!

Goobye Blackberry, Hello iPhone

I got the apple iPhone (8GB) last week. Being an existing at&t subscriber, it was a fairly easy switch from my blackberry 8700c. The data plan had to be upgraded to the iPhone data plan and iphone voice mail plan. I got the international plan to get coverage in Canada. Unfortunately, for 24.99 I only get 20MB. Luckaly it has an great ability to hook into wifi networks, so at home i'm using wifi. It automatically switches from EDGE to WIFI and provides very fast access to data. Last week end I only used approx 1MG of data (stayed home most of the week-end).

The decision to move to the iPhone did not take too long. After getting an overview from colleagues at work, I was sold!
The initial concern was the keypad and lack of native instant messaging software. After just few days the keypad is working out great and Mundu IM satisfies my current IM needs. I will most likely install some additional software by exploring some hacks.

Monday, August 06, 2007

Fine grained access control on OpenSSO

Sebastian Stormacq has provided some great updates to my article when implementing the solution on opensso with netbeans.

Saturday, July 14, 2007

Testing tools

List of performance/benchmark/testing tools:


Sun has upgraded their infrastructure for the site. Seems like the search engine works now.

Friday, July 13, 2007

Securent Entitlement Management

Securent has a solution for fine-grained access control which integrates with Sun Access Manager. There is a webinar that highlights some of the features of both products and the integration points. The Q&A is worth listening to as the speakers outline some additional points that are not covered in the presentation. I'm somewhat puzzled by the need to use securent in conjunction with Sun AM. Securent may have better auditing capabilities but other than that the architecture is same (Policy Agent, Policy Server, Policy Store) and I'm not sure why customers would invest in 2 products, especially that Sun AM can probably fulfill most requirements. I do find some cool things in securent's solution , especially around auditing and operational management of policies. They seem to address all the hurdles in managing fine-grained policies for enterprise applications.
When I have some time I may evaluate the actual product to have a better idea.

Tuesday, June 26, 2007

Access Manager Article (part 1)

I finally got around to publishing an article (part 1 of 2) on Securing Applications with Sun Java Access Manager on Sun Developer Network (SDN). It has been few years since my last publication and I'm really happy with the outcome of this article thanks to many people who have helped. Pat Patterson blogged about it on his web site and on the aquarium as well.

The article describes a very common authorization use case and demonstrates how to extend the current features of Sun Access Manager to satisfy the requirements. There are many variations of this customization but what's important is that the product can be extended without any custom code. Access manager comes with a set of APIs that allow developers to programmatically incorporate security in their applications.

Let me know what you think of it.

Monday, June 18, 2007

Breaking the CAPTCHA!

I was doing some research on CAPTCHAs (Completely Automated Public Turing test to Tell Computers and Humans Apart) and came across a project (PWNTcha) for hacking through various CAPTCHA implementations. The site lists different implementation of CaPTCHA and shows which ones are decoded by PWNTcha and other projects.

Thursday, December 21, 2006

Security Engineering

I discovered this Security Engineering book by Ross Anderson recently and found it to be quite good. If you're involved in any security work, it may be handy despite that it is 2 years old now.

Another book I use as a reference is one written by my friends from Sun, entitled Core Security Patterns.