"bmcgovern" wrote : jcollins. I feel your pain in that most of the docs im reading on SSO are specific to EJB set ups. I don't think I can offer you any help in your problem, but i do get the distinct feeling that you are farther along in fixing your problem than I am in mine and hopefully you, or someone paying attention to this thread can help me. |
Hi bmcgovern. I haven't been able to get any JBoss security configuration figured out yet. I have read a lot, and am certainly trying, losing sleep, etc., but as of yet, my knowledge is all theoretical. I read over your forum in hopes that I could help in some way, but it seems to me you are further along than I. :-( I have compiled a list of resources I used to bring myself up to to my current turtle speed on some of the web security details... in the event you or anyone else reading might find them of use. If anyone has any other suggestions, please do share, I would love to read them as well. JBoss Chapter 8 (security on JBoss) : http://docs.jboss.org/jbossas/jboss4guide/r2/html/ch8.chapter.html Some resources that helped me to begin to get a grip on JBoss's implementation of JAAS: JAAS documentation home: http://java.sun.com/products/jaas/reference/docs/index.html JAAS Authentication tutorial: http://java.sun.com/j2se/1.4.2/docs/guide/security/jaas/tutorials/GeneralAcnOnly.html JAAS Authorization tutorial: http://java.sun.com/j2se/1.4.2/docs/guide/security/jaas/tutorials/GeneralAcnAndAzn.html An explanation for use of JBoss's BaseCertLoginModule: http://wiki.jboss.org/wiki/Wiki.jsp?page=BaseCertLoginModule A site that does a (seemingly) thorough job of explaining how to secure an EJB: http://www.csd.abdn.ac.uk/~bscharla/teaching/mtp_software/jboss/secureJBoss.shtml An HP offering that explains how to secure a web app in jboss, --but of course also diverts off to focus on EJB's: http://devresource.hp.com/drc/technical_papers/jaas_jboss/index.jsp http://wiki.jboss.org/wiki/Wiki.jsp?page=ConfiguringAJavaSecurityManager Makes it sound so easy: http://wiki.jboss.org/wiki/Wiki.jsp?page=CreatingACustomLoginModule Some resource that helped me to begin to get a grip on WS-Security: http://www.windowsitlibrary.com/Content/1219/06/1.html http://www.oracle.com/technology/tech/java/newsletter/articles/wsaudit/ws_audit.html http://www-128.ibm.com/developerworks/webservices/library/ws-security.html http://wiki.jboss.org/wiki/Wiki.jsp?page=WSSecurity Some SAML stuff: http://en.wikipedia.org/wiki/SAML http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=securityhttp://xml.coverpages.org/saml.html http://xml.coverpages.org/saml.html http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0.pdf http://www.onjava.com/pub/a/onjava/2005/02/09/wssecurity.html A couple of sun tutorials, that provide good information, but be careful, not all of it is applicable to JBoss implementations: http://java.sun.com/javaee/5/docs/tutorial/doc/index.html http://java.sun.com/webservices/docs/2.0/tutorial/doc/ Hope something here helps, Jeff View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3985448#3985448 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3985448 _______________________________________________ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user