4 Replies Latest reply on Feb 4, 2003 11:28 AM by the_mike_d

    Smart Card Login

    the_mike_d
    the_mike_d Jan 16, 2003 12:28 PM


      Hi all,

      I am trying to setup a form-login-page (in the web.xml) that calls an applet which read data from a smartcard connected to the local computer and then posts that information to the j_security_check. However it seem when i try to call an applet from the form-login-page I ge the applet error ClassFormatError: Bad Magic Number. If I call the applet from outside the form-login-page everything works fine.

      Anyone have any ideas what might be wrong? I am using JDK1.4 and JBoss 3.

      Mike

      • 3781 Views
      • Tags:
        • 1. Re: Smart Card Login
          gfloodga
          gfloodga Jan 18, 2003 7:54 AM (in response to the_mike_d)

          Hi,

          I have had thought about doing the same thing, (although I haven't yet :( ) - however, I took a slightly different view, which may or may now be of use to you...

          My take on this was that I would engineer a custom login module get jboss to use this for login verification. This module would then do the card reading bit, user data loading, etc. and also seperate your auth/login backend logic from the web container (to which it would neccessarily not be in an applet)

          But hey this is just my 2p worth ...
          If you want to look at writing JAAS login modules I would suggest chapter 8 of the jboss docs, and a good scour of this forum. Also looking ar thw source for the pre-existing jboss modules should help

          I hope this wasn't just random dribble, and of some? user...

          regards

          Gareth Floodgate

            • Actions
          • 2. Re: Smart Card Login
            turnip
            turnip Jan 20, 2003 5:15 AM (in response to the_mike_d)

            Mike,

            "Bad Magic Number" is most likely a result of corrupted .class files(maybe during transport-FTP, ZIP. etc) or an incompatibility between the browser VM and the target version the classes were compiled to.
            I would try:
            * Deleting class files and libraries the applet uses and recompile them with the target equal to the version of the VM the browser is using.
            * Double-check that you are using the same codebase in the test you are doing inside and outside the form-login-page.

            I have been running into problems with applets compiled with jdk1.4 running in a standard browser environment that were resolved by compiling with jdk1.3 or targeting to it.

            It's a long shot, but I hope this helps.

            -Turnip

              • Actions
            • 3. Re: Smart Card Login
              the_mike_d
              the_mike_d Jan 27, 2003 8:52 PM (in response to the_mike_d)


              Good idea, but the smartcard is connected to the local machine, not the server. So how would you be able to read from off the smartcard without doing it through an applet?

              From all my testing applet's just don't work as the form-login-page (web.xml). I think what I have to do is get the information from the smartcard and pass it to the page I setup as form-login-page. But then that data needs to be encrypted, SSL I guess. Not too sure how to do that since I haven't done SSL before. But I'll still keep plugging away...

              Mike

                • Actions
              • 4. Re: Smart Card Login
                the_mike_d
                the_mike_d Feb 4, 2003 11:28 AM (in response to the_mike_d)


                Okay, I figured it out. The problem occured when the applet is inside the protected area. Kinda weird but it works when outside.

                Mike

                  • Actions