[JBoss-user] [Security & JAAS/JBoss] - Error when getting Subject
Hi, I've a authenticated web application. When I log on it, I should get the authenticated subject usign this code: AccessControlContext acc = AccessController.getContext(); | Subject subject = Subject.getSubject(acc); But, subject is null. I've seen a workaround for this: Context ctx = new InitialContext(); | org.jboss.security.SubjectSecurityManager mgr = (org.jboss.security.SubjectSecurityManager)ctx.lookup("java:comp/env/security/securityMgr"); | Subject sub = mgr.getActiveSubject(); but i want to know if it is a bug really or I'm doing an mistake. Thanks! View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3934295#3934295 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3934295 --- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642 ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security & JAAS/JBoss] - ERROR WITH LOGIN
Hi, I have a error when i try to sign in my application using DatabaseServerLoginModule and it is: HTTP Status 400 - Invalid direct reference to form login page | | type Status report | | message Invalid direct reference to form login page | | description The request sent by the client was syntactically incorrect (Invalid direct reference to form login page). When I sign in with user and password incorrect the application send to page error.jsp define in web.xml, but when I sign in with user and password correct it throws the last one error. I donĀ“t know where I have to put the page index.jsp for sign in to application. login-config.xml: | | | | | java:jdbc/ConexionMySql | select constrasena from cuenta where usuario=? | select nombre, grupo from role where usuario=? | | | | login.jsp: | | | | | | | | jboss-web.xml: | java:jaas/dominioSeguridad | /PruebaSeguridad | web.xml: | | NombreWebResource | /registrar.jsp | /ingresar.jsp | /index.jsp | GET | POST | | | CO | | | NONE | | | | | FORM | | /login.jsp | /error.jsp | | | | | Role | CO | jboss.xml: | Standard Stateless SessionBean | java:jaas/dominioSeguridad | ejb-jar.xml: | | Descripcion | CO | | | CO | | EJBSession | Remote | * | | | I would like to know how application redirects to index.jsp? View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3905674#3905674 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3905674 --- SF.Net email is sponsored by: Tame your development challenges with Apache's Geronimo App Server. Download it for free - -and be entered to win a 42" plasma tv or your very own Sony(tm)PSP. Click here to play: http://sourceforge.net/geronimo.php ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security & JAAS/JBoss] - ERROR
Hi, I'm migrating our application from 4.0.1 SP1 to 4.0.3. I've applied our application specific changes to the 4.0.3 configuration files: server.xml, jboss-web.xml, and login-config.xml. The app can start but when I attempt a login, I get ERROR [JaasSecurityManagerService] Failed to create sec mgr java.lang.NullPointerException at org.jboss.security.plugins.JaasSecurityManagerService.newSecurityDomainCTX(JaasSecurityManagerService.java:527)... I can't seem to find anything obvious that would cause this. I've specified a security domain in the jboss-web.xml. I've also specified the corresponding application policy in login-config.xml. I have not modified jboss-service.xml but I have verified that there are SecurityConfig, XMLLoginConfig, and JaasSecurityManager mbeans configured. Are there changes to how security is configured in 4.0.3 that I may be missing? Thanks View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3903540#3903540 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3903540 --- This SF.Net email is sponsored by the JBoss Inc. Get Certified Today * Register for a JBoss Training Course Free Certification Exam for All Training Attendees Through End of 2005 Visit http://www.jboss.com/services/certification for more information ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security & JAAS/JBoss] - ERROR [UsersRolesLoginModule] Failed to load users/passwords
Hi all, I have a simple question, but I am not able to resolve alone; when I enter user and name, I get this exception: 21:14:28,001 ERROR [UsersRolesLoginModule] Failed to load users/passwords/role files java.io.IOException: No properties file: users.properties or defaults: defaultUsers.properties found at org.jboss.security.auth.spi.Util.loadProperties(Util.java:249) at org.jboss.security.auth.spi.UsersRolesLoginModule.loadUsers(UsersRolesLoginModule.java:164) at org.jboss.security.auth.spi.UsersRolesLoginModule.initialize(UsersRolesLoginModule.java:111) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:324) at javax.security.auth.login.LoginContext.invoke(LoginContext.java:662) at javax.security.auth.login.LoginContext.access$000(LoginContext.java:129) at javax.security.auth.login.LoginContext$4.run(LoginContext.java:610) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.login.LoginContext.invokeModule(LoginContext.java:607) at javax.security.auth.login.LoginContext.login(LoginContext.java:534) at org.jboss.security.plugins.JaasSecurityManager.defaultLogin(JaasSecurityManager.java:483) at org.jboss.security.plugins.JaasSecurityManager.authenticate(JaasSecurityManager.java:425) at org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurityManager.java:251) at org.jboss.web.tomcat.security.JBossSecurityMgrRealm.authenticate(JBossSecurityMgrRealm.java:230) at org.apache.catalina.authenticator.FormAuthenticator.authenticate(FormAuthenticator.java:256) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:391) at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:59) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:856) at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:744) at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527) at org.apache.tomcat.util.net.MasterSlaveWorkerThread.run(MasterSlaveWorkerThread.java:112) at java.lang.Thread.run(Thread.java:534) I tryied to create a roles users properties file, than I put it in one of the jboss folder, but it doesn't work. could someone help me? Thank you very much View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3881398#3881398 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3881398 --- This SF.Net email is sponsored by: NEC IT Guy Games. How far can you shotput a projector? How fast can you ride your desk chair down the office luge track? If you want to score the big prize, get to know the little guy. Play to win an NEC 61" plasma display: http://www.necitguy.com/?r=20 ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security & JAAS/JBoss] - ERROR [JaasSecurityManagerService] Failed to create sec mgr
Hi all; i'm using JBoss 3.2.6 on Windows XP sp 2 and SDK 1.4.2_07; i have created a my .ear and i have created a my security-domain; well i have modified the auth.conf file by adding: | eng { |// jBoss LoginModule |org.jboss.security.ClientLoginModule required; | |// Put your login modules that need jBoss here | }; | Then i have modifed the login-config.xml in this way: |
[JBoss-user] [Security & JAAS/JBoss] - ERROR [JaasSecurityManagerService] Failed to create sec mgr
Hi all; i'm using JBoss 3.2.6 on Windows XP sp 2 and SDK 1.4.2_07; i have created a my .ear and i have created a my security-domain; well i have modified the auth.conf file by adding: eng { |// jBoss LoginModule |org.jboss.security.ClientLoginModule required; | |// Put your login modules that need jBoss here | }; Then i have modifed the login-config.xml in this way:
[JBoss-user] [Security & JAAS/JBoss] - Error trying to enable JAAS in a struts webapp
I have tryed to follow this howto: http://www.javaworld.com/javaforums/showthreaded.php?Cat=&Board=JavaSecurity&Number=2500&page=&view=&sb=5&o= But all I get is this error: ERROR [UsersRolesLoginModule] Failed to load users/passwords/role files And thats because it can not find me propeties file, and that is because I dont have any. If I create the propeties files, then It works. But I what to use me own DB application-policy. But it is like I do not find me own db login, and always falls back on the standard. Do anybody now what it could be, or some way to test if it is really looking in me login-config and reading me own application-policy. /regards View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3873714#3873714 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3873714 --- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security & JAAS/JBoss] - Error securing web-console.
I'm looking into using JAAS/Jboss security for the first time. I thoguht I would try to get the hang of it by securing the web-console and jmx-console with the generic password file method. I looked into the following rescources and followed the directions they contain. http://docs.jboss.org/jbossas/admindevel326/html/ch8.chapter.html http://www.jboss.org/wiki/Wiki.jsp?page=SecureTheJmxConsole After making the changes suggested, my configuration looks like: /usr/local/jboss/server/default/conf/login-config | *SNIPPED* | | | | web-console-users.properties | web-console-roles.properties | | | | *SNIPPED* | /usr/local/jboss/server/default/deploy/management/web-console.war/WEB-INF/jboss-web.xml | | | http://www.jboss.org/j2ee/dtd/jboss-web_3_2.dtd";> | | | | | | jboss.console:sar=console-mgr.sar | | java2ParentDelegation=true | | | |java:/jaas/web-console | | /usr/local/jboss/server/default/deploy/management/web-console.war/WEB-INF/web.xml | *SNIPPED* | | |HtmlAdaptor |An example security config that only allows users with the |role JBossAdmin to access the HTML JMX console web application | |/* |GET |POST | | |JBossAdmin | | | | | | BASIC | JBoss WEB Console | | | | JBossAdmin | | *SNIPPED* | /usr/local/jboss/server/default/deploy/management/web-console.war/WEB-INF/classes/web-console-users.properties | admin=blerg | /usr/local/jboss/server/default/deploy/management/web-console.war/WEB-INF/classes/web-console-roles.properties | admin=JBossAdmin | When I go to http://localhost:8080/web-console/ I am greeted with a login prompt, however, an exception is thrown before I ever even submit the login info. The exception follows: | 14:06:05,419 ERROR [UsersRolesLoginModule] Failed to load users/passwords/role files | java.io.IOException: Properties file users.properties not found | at org.jboss.security.auth.spi.UsersRolesLoginModule.loadProperties(UsersRolesLoginModule.java:217) | at org.jboss.security.auth.spi.UsersRolesLoginModule.loadUsers(UsersRolesLoginModule.java:234) | at org.jboss.security.auth.spi.UsersRolesLoginModule.initialize(UsersRolesLoginModule.java:100) | at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) | at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) | at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) | at java.lang.reflect.Method.invoke(Method.java:324) | at javax.security.auth.login.LoginContext.invoke(LoginContext.java:662) | at javax.security.auth.login.LoginContext.access$000(LoginContext.java:129) | at javax.security.auth.login.LoginContext$4.run(LoginContext.java:610) | at java.security.AccessController.doPrivileged(Native Method) | at javax.security.auth.login.LoginContext.invokeModule(LoginContext.java:607) | at javax.security.auth.login.LoginContext.login(LoginContext.java:534) | at org.apache.catalina.realm.JAASRealm.authenticate(JAASRealm.java:316) | at org.apache.catalina.authenticator.BasicAuthenticator.authenticate(BasicAuthenticator.java:129) | at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:504) | at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102) | at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:54) | at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102) | at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520) | at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:137) | at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104) | at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:118) | at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102) | at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:535) | at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102) | at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520) | at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) | at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104) | at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520) | at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:929) |
[JBoss-user] [Security & JAAS/JBoss] - Error on SessionClient of JAAS Example
Hello I ran the example on my JBoss Server 4.01RC2. It is fine to access from web, but I have got an error for using SessionClient. java.lang.SecurityException: ??? | at com.sun.security.auth.login.ConfigFile.(ConfigFile.java:97) | at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) | at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39) | at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27) | at java.lang.reflect.Constructor.newInstance(Constructor.java:274) | at java.lang.Class.newInstance0(Class.java:308) | at java.lang.Class.newInstance(Class.java:261) | at javax.security.auth.login.Configuration$3.run(Configuration.java:221) | at java.security.AccessController.doPrivileged(Native Method) | at javax.security.auth.login.Configuration.getConfiguration(Configuration.java:215) | at javax.security.auth.login.LoginContext$1.run(LoginContext.java:170) | at java.security.AccessController.doPrivileged(Native Method) | at javax.security.auth.login.LoginContext.init(LoginContext.java:167) | at javax.security.auth.login.LoginContext.(LoginContext.java:404) | at org.jboss.docs.jaas.howto.SessionClient.main(SessionClient.java:65) | Caused by: java.io.IOException: ??? | at com.sun.security.auth.login.ConfigFile.init(ConfigFile.java:206) | at com.sun.security.auth.login.ConfigFile.(ConfigFile.java:95) | ... 14 more Could anybody tell me how to fix it? Thank you View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3862040#3862040 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3862040 --- The SF.Net email is sponsored by: Beat the post-holiday blues Get a FREE limited edition SourceForge.net t-shirt from ThinkGeek. It's fun and FREE -- well, almosthttp://www.thinkgeek.com/sfshirt ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security & JAAS/JBoss] - Error showing while running the client in Jboss
javax.naming.NoInitialContextException: Cannot instantiate class: org.jnp.interf aces.NamingContextFactory [Root exception is java.lang.ClassNotFoundException: o rg.jnp.interfaces.NamingContextFactory] Sholu I change the JNDI properties plz tell me. View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3861253#3861253 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3861253 --- The SF.Net email is sponsored by: Beat the post-holiday blues Get a FREE limited edition SourceForge.net t-shirt from ThinkGeek. It's fun and FREE -- well, almosthttp://www.thinkgeek.com/sfshirt ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security & JAAS/JBoss] - Error about j_security_check
Hello everyone When I use action=j_security_check in my login.jsp, it goes to Http 400 Error on the web page without any error log in the Server.log file. >From broswer >HTTP Status 400 - Invalid direct reference to form login page > > > >type Status report > >message Invalid direct reference to form login page > >description The request sent by the client was syntactically incorrect >(Invalid direct reference to form login page). > > > > >Apache Tomcat/5.0.28 If I inputed a bad password, the server.log file showed bad password. Who can tell me why? Thanks in advance View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3859228#3859228 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3859228 --- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://productguide.itmanagersjournal.com/ ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security & JAAS/JBoss] - error of deploy
It sees the code below: | http://java.sun.com/dtd/ejb-jar_2_0.dtd";> | | Sibnc | | | CustomersBean | ejb.CustomersHome | ejb.Customers | ejb.CustomersBean | Stateless | Container | | | | | everyone | | | everyone | CustomersBean | * | | |CustomersBean |* |Required | | | | | Why ? | | 10:47:28,217 ERROR [MainDeployer] could not create deployment: file:/C:/jboss-3.2.3/server/default/deploy/sibnc.ear | org.jboss.deployment.DeploymentException: Error in ejb-jar.xml, in method-permission: An unchecked element or one or more role-name elements must be specified in method-permission. | | Somebody can help. | | | | View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3846765#3846765 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3846765 --- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_id=5047&alloc_id=10808&op=click ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security & JAAS/JBoss] - Error:
Hi All: Here is my setup: Standalone Tomcat (hosting my WAR) Standalone JBoss (just hosting my EJB's) When I try to access my EJB from Tomcat(through a facade/DAO), I get the following exception in the JBoss prompt: | 13:33:57,340 ERROR [LogInterceptor] EJBException, causedBy: | java.lang.IllegalStateException: No security context set | at org.jboss.ejb.EnterpriseContext$EJBContextImpl.getCallerPrincipal(EnterpriseContext.java:276) I dont write these EJB's. It get shipped to me from a remote place and the place where they write these EJB's, they use Sun's RI for testing. I become paranoid as I dont know if this error is caused due to JAAS or I failed to provide some vendor specific information. Also, I'm pretty new to JAAS. Already I started to read some JAAS stuff, but thought of posting it anyway if someone could give me a fast fix. So, I would appreciate if someone could throw light on my following confusions: 1. Is this error because of JAAS or absence of vendor specific config's. 2. I'm not using any Vendor Specific Config (like jboss.xml). I'm living with whatever comes with ejb-jar.xml. Should I use any vendor specific configuration to avoid the error? Thanks, Pani View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3841423#3841423 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3841423 --- This SF.Net email sponsored by Black Hat Briefings & Training. Attend Black Hat Briefings & Training, Las Vegas July 24-29 - digital self defense, top technical experts, no vendor pitches, unmatched networking opportunities. Visit www.blackhat.com ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user