[JBoss-dev] HTTP BASIC authentication is broken (Was: Re: [JBoss-user] JBoss+Tomcat vs. Tomcat: Authentication Differences)
Is HTTP BASIC authentication broken in JBoss-3.2.2RC4_Tomcat-4.1.27? Using UsersRolesLoginModule seems not to work reliably as a replacement for Tomcat's MemoryRealm, at least in the scenario I outlined in my original post four days ago. -- Weiqi Gao [EMAIL PROTECTED] On Fri, 2003-10-10 at 20:28, Weiqi Gao wrote: Hi, I'm trying to setup Simon Brown's Weblog software Pebble 1.3 (http://www.simongbrown.com/blog/readme.html) under JBoss+Tomcat bundle and encountered some difficulties that maybe are related to the way JBoss does authentication for webapps. Deployment-wise, Pebble is very simple. I downloaded the pebble-1.3.war file and exploded it into the jboss-3.2.1_tomcat-4.1.24/server/default/deploy directory. The Pebble deployment instruction calls for adding two roles and a user to standalone Tomcat's tomcat-users.xml file. I mimicked that with two things in JBoss. First, I set up a JBossSX realm named blog using the UsersRolesLoginModule with a user (in users.properties) and two roles (in roles.properties). Second, I added a jboss-web.xml file to pebble-1.3.war/WEB-INF that contains jboss-websecurity-domainjava:jaas/blog/security-domain/jboss-web. This allowed the Pebble to run. (Actually I've been using Pebble 1.1 for the past three months with some success under JBoss 3.2.1 + Tomcat 4.1.24, RH Linux 9.0 and Sun JDK 1.4.2_01.) However certain features of Pebble are missing in JBoss+Tomcat that are present in standalone Tomcat. One example is the comments popup window. Under standalone Tomcat, if I have already logged in, the comments popup window would contain a remove link besides each comment. Under JBoss+Tomcat, even after logging in, the comments popup window would not contain the remove links. It also happens with the TrackBack popup window in the CVS version of Pebble. In general all servlets and JSP pages that does not require user login, but offers more features if the user is logged in would show the extra features in standalone Tomcat but not in JBoss+Tomcat. I would appreciate it very much if anyone can shed some light on my problem. (I tried to post this earlier today on GMANE's news-mailing list gateway but I did not see it show up. I apologize if yo have already seen this.) -- Weiqi Gao [EMAIL PROTECTED] http://www.weiqigao.com --- This SF.net email is sponsored by: SF.net Giveback Program. SourceForge.net hosts over 70,000 Open Source Projects. See the people who have HELPED US provide better services: Click here: http://sourceforge.net/supporters.php ___ JBoss-Development mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-development
[JBoss-dev] Re: [JBoss-user] HTTP BASIC authentication is broken
Scott M Stark wrote: There is nothing wrong with basic auth in JBoss-3.2.2RC4_Tomcat-4.1.27. It sounds like the app is expecting there to be a valid user on non-secured pages and the caching that is required to achive this is disabled in the embedded version because it breaks the ability to transmit the caller credentials from servlets to ejbs. There is no spec mandate that the caller identity is available within a session from unsecured pages. Scott, Here's a comment Simon Brown made. I'm passing it to the jboss-user list: True, the spec may not explicitly mandate this, but section SRV.12.3 Programmatic Security (servlets 2.3) says the following: If no user has been authenticated, the getRemoteUser method returns null, the isUserInRole method always returns false, and the getUserPrincipal method returns null. Clearly this is in contrast because this statement doesn't differentiate protected and unprotected resources. The javadoc of the relevant methods in HttpServletRequest also makes no differentiation between protected and unprotected resources, instead being specific about whether the current user has been authenticated. With our problem, the current user has been authenticated. -- Weiqi Gao [EMAIL PROTECTED] http://www.weiqigao.com --- This SF.net email is sponsored by: SF.net Giveback Program. SourceForge.net hosts over 70,000 Open Source Projects. See the people who have HELPED US provide better services: Click here: http://sourceforge.net/supporters.php ___ JBoss-Development mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-development
[JBoss-dev] jboss-all head build error
There seems to be a typo in jboss-head at jboss-all/tools/etc/buildfragments/libraries.ent Which category should this be reported on SourceForge's bug system? In case someone else is hitting on the same problem, here's the error message (a patch is attached): [weiqi@gao-2001 build]$ ./build.sh build.sh: *WARNING* Ignoring environment value for $ANT_HOME build.sh: Executing: /home/weiqi/projects/jboss-all/tools/bin/ant -logger org.apache.tools.ant.NoBannerLogger Buildfile: build.xml _buildmagic:init: Trying to override old definition of task property configure-modules: Overriding previous definition of reference to jboss.naming.classpath BUILD FAILED file:/home/weiqi/projects/jboss-all/build/../tools/etc/buildfragments/tools.ent:29: taskdef class xdoclet.modules.jmx.JMXDocletTask cannot be found Total time: 4 seconds -- Weiqi Gao [EMAIL PROTECTED] Index: libraries.ent === RCS file: /cvsroot/jboss/tools/etc/buildfragments/libraries.ent,v retrieving revision 1.22 diff -u -r1.22 libraries.ent --- libraries.ent 14 Dec 2002 00:48:14 - 1.22 +++ libraries.ent 14 Dec 2002 14:50:39 - @@ -305,7 +305,7 @@ /path !-- XDoclet -- - property name=xdoclet.xdoclet.root value=${project.thirdparty}/xdoclet-xdoclet/ + property name=xdoclet.xdoclet.root value=${project.thirdparty}/xdoclet/xdoclet/ property name=xdoclet.xdoclet.lib value=${xdoclet.xdoclet.root}/lib/ path id=xdoclet.xdoclet.classpath pathelement path=${xdoclet.xdoclet.lib}/commons-logging.jar/ 2002-12-14 Weiqi Gao [EMAIL PROTECTED] * Fixed the value of the xdoclet.xdoclet.root property.
Re: [JBoss-dev] jboss-all head build error
On Sat, 2002-12-14 at 09:44, David Jencks wrote: You can no longer check out jboss-all on the head revision and build it. The correct checkout is cvs ... co jboss-head for jboss 4 cvs ... co -r Branch_3.2 jboss-3.2 for 3.2 and cvs ... co -r Branch_3.0 jboss-3.0 for 3.0 I think this is now documented on the how to build page, but it certainly took a while for the instructions to be updated :-) Thank you for the info. But where is the *official* and/or *guaranteed to be the most up-to-date* how to build page? I imagine I'm not the only one who were given the run-around at jboss.org. :) -- Weiqi Gao [EMAIL PROTECTED] --- This sf.net email is sponsored by: With Great Power, Comes Great Responsibility Learn to use your power at OSDN's High Performance Computing Channel http://hpc.devchannel.org/ ___ Jboss-development mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-development
[JBoss-dev] Red Hat start up script
Hi, Currently the Quick Start Guide contains a section on how to install JBoss as a Unix service. It contains instructions on how to do it. The jboss-3.0.4_tomcat-4.1.12 bundle also contains a jboss_init_redhat.sh that apparently does not agree with what's in the book. The one in the Quick Start Guide seems to make more sense. Can the scripts mentioned in the book (instead of the jboss_init_redhat.sh) be bundled with the binary distribution? -- Weiqi Gao [EMAIL PROTECTED] --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ___ Jboss-development mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-development
Log4j Dilemma (Was RE: [JBoss-dev] Tyrex...)
Anatoly Akkerman wrote: Must be the Tyrex jar expects a different version of log4j than supplied by JBoss. You might need to adjust Tyrex sources and recompile it. Is this recommended approach for using third party software with JBoss? Adjust the sources and recompile? What if the source is not available? -- Weiqi Gao [EMAIL PROTECTED] --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ___ Jboss-development mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-development
RE: [JBoss-dev] Gosling has Web Services right...
Matt wrote: So, if CORBA is a Web Services framework, under the broad definition of Web Services, what makes it better? How should I compare? Take a look at http://groups.google.com/groups?hl=enlr=ie=UTF-8selm=2d3a5b34.0201081 700.548a508c%40posting.google.comrnum=21 Or, if the above is chopped up by your email client, try this http://tinyurl.com/1ofq -- Weiqi Gao [EMAIL PROTECTED] --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ___ Jboss-development mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-development
[JBoss-dev] The source, the whole source, and nothing but the source
Hi jboss-development, I'm trying to compile JBoss HEAD from the source. I'm following the instructions on the JBoss.3.0QuickStart.Draft3.pdf, which says to get the jboss-all module from the CVS and the cd to build,then run jboss.sh. But that errored out with the following error. Did I miss something: Searching for build.xml ... Buildfile: /home/weiqi/projects/jboss-all/build/build.xml Trying to override old definition of task property _buildmagic:init: _buildmagic:init:local-properties: _buildmagic:init:buildlog: configure: [echo] groups: default [echo] modules: jmx,common,system,j2ee,naming,management,transaction,server,security,messaging,connector,cluster,jetty,varia,jboss.net,iiop init: _buildmagic:modules:most: [execmodules] Missing build file; skipping module: jmx [execmodules] [execmodules] == [execmodules] == Executing 'most' in module 'common'... [execmodules] == _buildmagic:init: configure: init: compile-classes: [javac] Compiling 170 source files to /home/weiqi/projects/jboss-all/common/output/classes [execmodules] /home/weiqi/projects/jboss-all/common/src/main/org/jboss/util/jmx/JMXExceptionDecoder.java:12: package javax.management does not exist [execmodules] import javax.management.MalformedObjectNameException; [execmodules] ^ -- Weiqi Gao [EMAIL PROTECTED] --- This sf.net email is sponsored by: Dice - The leading online job board for high-tech professionals. Search and apply for tech jobs today! http://seeker.dice.com/seeker.epl?rel_code=31 ___ Jboss-development mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-development
Re: [JBoss-dev] The source, the whole source, and nothing but the source
Weiqi Gao wrote: I figured out what I did wrong. I cannot do a cvs co jboss-all once and then do a cd jboss-all; cvs update -dP daily afterwards as I can with other directory based CVS repositories. I have to do a cvs co jboss-all daily. Then David Jencks wrote: cvs -q update -dP works fine for me in jboss-all. Now that I looked at it closely, my initial cvs co jboss-all must have been interrupted by a network outage or a user interrupt or something, which caused my jboss-all directory to not contain all the necessary subdirectories. = Weiqi Gao [EMAIL PROTECTED] __ Do You Yahoo!? Yahoo! Health - Feel better, live better http://health.yahoo.com --- This sf.net email is sponsored by: Dice - The leading online job board for high-tech professionals. Search and apply for tech jobs today! http://seeker.dice.com/seeker.epl?rel_code=31 ___ Jboss-development mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-development