Skip to content

maxrunsoftware/jsas

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

51 Commits
.settings
.settings
 
 
docker
docker
 
 
src
src
 
 
.classpath
.classpath
 
 
.gitattributes
.gitattributes
 
 
.gitignore
.gitignore
 
 
.project
.project
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
pom.xml
pom.xml
 
 
publish.sh
publish.sh
 
 

Repository files navigation

JSAS

Max Run Software

(J)ava (S)imple (A)uthenticator (S)ervice

The goal of this project is to provide a simple solution to retrieving sensitive data from remote systems programmatically without the need of external libraries. Most programming languages have WGet type functionality and support basic authentication. Leveraging these 2 items, we can create a simple HttpGet server that once provided with a username and password will retrieve a specific resource. In this case, the basic authentication username is the resource name to retrieve and the password is the password on the resource. But how are the password and resource name assigned to a file? By utilizing the file name we can embed the password and resource name (username) into the file name...

<password>_<username>.<ext>

This server will serve any resources containing an underscore in the file name.

 

So if you wanted the password to be MyPass and the user name to be MyData you would name your file...

MyPass_MyData.txt

Certain file extensions are sent as UTF-8 text content back to the client.

  • .txt
  • .html
  • .xml
  • .json
  • .js

If the file ends in any other extension then the data is sent back to the client as binary.

A description can be included when naming the file in the format...

<description>_<password>_<username>.<ext>

...which is strictly optional and currently serves no other purpose then to group the files in your serving directory.

A docker-compose.yml file is included in the project to quickly deploy the system into Docker. Setting up an https encryption proxy in front of the app is highly recommended and the docker-compose is setup to serve via HTTPS, just plug in your public and private keys into certificate.crt and certificate.key respectively.

A tester application is included with the Java app. Just...

java -jar jsas.jar https://192.168.0.10 samplePass samplefile

...and JSAS will do a query to test that your application is serving.

Disclaimer: We make no claims in the secureness of this application. It seems to be secure enough for internal use. We would be hesitant to recommend exposing it publically without further testing. If you find a bug or security hole, let us know!

Environment Variables:

  • JSAS_LOGGING      The logging level TRACE/DEBUG/INFO/WARN/ERROR (INFO)
  • JSAS_DIRCACHETIME      The amount of time in milliseconds the directory scanner will cache the directory listing (5000)
  • JSAS_DIR      The directory to pull files from (working directory)
  • JSAS_PORT      Port for the web server (8080)
  • JSAS_MAXTHREADS      Max threads of the web server (100)
  • JSAS_MINTHREADS      Min threads of the web server (10)
  • JSAS_IDLETIMEOUT      Idle timeout of the web server (120)
  • JSAS_JOINTHREAD      Join the webserver thread (true)

About

Java Simple Authenticator Service

Resources

Readme

License

Apache-2.0 license
Activity

Stars

1 star

Watchers

2 watching

Forks

0 forks
Report repository

Releases 1

v1.0.0 Latest
Aug 18, 2021

Packages

No packages published

Contributors 2

  •  
  •  

Languages