[jboss-user] [Security & JAAS/JBoss] - request.isUserInRole() returns NULL in Jboss 5, beta 4.
I'm experiencing a NPE in Jboss 5 when I try to check the request for a specific role. Example code below: if (request.isUserInRole("Employee")) System.out.println("not employee role"); else System.out.println("employee role"); } returns: java.lang.NullPointerException org.jboss.web.tomcat.security.JBossWebRealm.hasRole(JBossWebRealm.java:528) org.apache.catalina.connector.Request.isUserInRole(Request.java:2184) This is through the container performing the authentication. The same method works fine under Jboss 4.0.3SP1, but migrating to Jboss 5 gives this error. I know my roles are available, as accessing role information through SecurityAssociation works fine. Any help would be appreciated. I'm unsure if this is a configuration error, or an error in Jboss 5. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4145586#4145586 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4145586 ___ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user
[jboss-user] [Persistence, JBoss/CMP, Hibernate, Database] - Automatically re-establishing DB connections in pool?
Recently the network connection to our database server went down for some reason. This caused our webapps not work properly until jboss was restarted and established its DB connection pool again. We're using DataSource connection pooling via JNDI lookups. My question is: Is this expected behavior? Is JBoss supposed to re-establish it's connection pool if the connections are lost for some reason, or is something simply not configured properly? It'd be nice to get Jboss to be a bit more robust in its failover procedures. Ideally trying to re-establish its connection pool ever N minutes. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4048782#4048782 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4048782 ___ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user
[jboss-user] [Security & JAAS/JBoss] - SSO and avoiding a login page for each webapp.
I've just got single sign on working for two different webapps that use form based authentication and it works great. One problem I'd like to avoid is maintaining a login/logout/error page for each webapp. Is there an easy way to do this so I can maintain just one login page rather than one for each webapp? Or should I look at workarounds like redirecting to a central login page? View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4045902#4045902 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4045902 ___ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user
[jboss-user] [Security & JAAS/JBoss] - Re: The neverending logout topic
I think I've found the root of my problem. Basic Authentication. Not many references talk about it, but it would appear that one of the major architectural differences between basic, and form based authentication is that basic authentication has no concept of a logged in user. The browser sends the credentials every time you access a protected page. It's essentially impossible to "logout" a user from a website using basic authentication because they aren't logged in. The only way to make a webpage inaccessible to a user with a site using basic authentication is to get their browser to throw away the credentials. That means restarting the browser, or clearing out cookies. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4040221#4040221 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4040221 ___ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user
[jboss-user] [Security & JAAS/JBoss] - Re: problem with auto logout client
I'd try opening up a bug report, as this sounds like a major problem. Post the example code that demonstrates this problem their. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4038580#4038580 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4038580 ___ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user
[jboss-user] [Security & JAAS/JBoss] - Re: The neverending logout topic
I've had similar problems with Jboss authentication I inherited from another developer. I'm very interested in the answers to this problem, as currently my webapp doesn't seem to have any kind of timeout on logins. Currently I stay logged into the website until I either close the brower, or clear out all cookies and invalidate my session via my browser. I'm not using any EJBs, though I did find some references to login timeouts if you are using EJBs View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4038566#4038566 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4038566 ___ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user