[JBoss-user] [Security & JAAS/JBoss] - Re: JAAS Container managed versus code managed auth
Will do, and thanks for the useful information. I really hate being a noob at something!!! (especially and app server) B View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3946524#3946524 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3946524 --- All the advantages of Linux Managed Hosting--Without the Cost and Risk! Fully trained technicians. The highest number of Red Hat certifications in the hosting industry. Fanatical Support. Click to learn more http://sel.as-us.falkag.net/sel?cmd=lnk&kid=107521&bid=248729&dat=121642 ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security & JAAS/JBoss] - Re: JAAS Container managed versus code managed auth
B, There is no requirement to extend AbstractServerLoginModule. However, your login modules are required to use the Subject usage pattern employed by JBoss. Extending this module ensures this pattern is used. Otherwise, just follow directions at http://docs.jboss.org/jbossas/jboss4guide/r4/html/ch8.chapter.html#ch8.custom.sect in your custom modules. enjoy, cgriffith View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3946498#3946498 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3946498 --- All the advantages of Linux Managed Hosting--Without the Cost and Risk! Fully trained technicians. The highest number of Red Hat certifications in the hosting industry. Fanatical Support. Click to learn more http://sel.as-us.falkag.net/sel?cmd=lnk&kid=107521&bid=248729&dat=121642 ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security & JAAS/JBoss] - Re: JAAS Container managed versus code managed auth
Thanks for the help! One more question though. . . Do I need to extend JBoss's JAAS class, I think AbstractServerLoginContext, to get JBoss to recognize my custom LoginModule? Thanks again for the help. B View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3946084#3946084 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3946084 --- All the advantages of Linux Managed Hosting--Without the Cost and Risk! Fully trained technicians. The highest number of Red Hat certifications in the hosting industry. Fanatical Support. Click to learn more http://sel.as-us.falkag.net/sel?cmd=lnk&kid=107521&bid=248729&dat=121642 ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security & JAAS/JBoss] - Re: JAAS Container managed versus code managed auth
B, If you are using Container Authentication then yes, the container does that for you. Chapter 8 really does describe what you need well if you do not have any unusual circumstances. To summarize... 1.) create your web app and add security-constraints to you web.xml 2.) specify your authentication method (i.e. auth-method) in your web.xml 3.) specify what security domain your web application will use. This is the security-domain in your jboss-web.xml 4.) finally, specify what login modules your security domain will use in $JBOSS_SERVER/conf/login_config.xml You do not need your Bean in the jsp. later, cgriffith View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3944595#3944595 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3944595 --- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security & JAAS/JBoss] - Re: JAAS Container managed versus code managed auth
I'm still having issues here. Is the idea to use some code to always check request.isUserInRole("user"), or does the container do that? B View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3944287#3944287 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3944287 --- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security & JAAS/JBoss] - Re: JAAS Container managed versus code managed auth
Thanks, I've got the server guide for 4.0 but I haven't read it all, though I haven't seen anything yet that describes exactly what I think I need. For instance, how does the container determine if a user is still logged while they are browsing through "protected" pages. I need secure ALL my pages. B View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3943922#3943922 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3943922 --- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security & JAAS/JBoss] - Re: JAAS Container managed versus code managed auth
If you want to use Tomcat embedded in JBoss and use container managed security. Just read chapter 8 of the server guide. Embedded Tomcat security is handled by JBoss. So what you need to learn is how JBoss handles security. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3943917#3943917 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3943917 --- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user