All Examples All Security Examples
Even though the client enters its username and password in clear text in this example, the authentication is snoop-proof. The UserInfo implementation serializes the password as the MD5 of the password and the current time. On the server, the corresponding realm checks the user info by comparing MD5 digests for the current and previous time period. As protection against replay, there can be only one successful authentication per time period.
Also included in this directory are build scripts for Windows NT or UNIX.
where xxxxxx is the password for the WebLogic
administrative user, "system." The startup argument "weblogic"
designates the default WebLogic Realm as the realm for snoop proofing.
For example,
Both arguments are optional. They default to "system" and "gumby999."
You should see a message ending with "Successfully pinged server."
Execute the Client class again within 60 seconds. You should see a message
like "Authentication for user doe denied in realm weblogic.snoopProof."
weblogic.rmi.startupClass.snoopProof=examples.security.snoopproof.SnoopProofRealm
weblogic.rmi.startupArgs.snoopProof=weblogic xxxxxx
weblogic.password.doe=abracadabra
$ java examples.security.Client user password
$ java examples.security.snoopproof.Client doe abracadabra