[jboss-user] [Security & JAAS/JBoss] - request.isUserInRole() returns NULL in Jboss 5, beta 4.

[Vellmont]

I'm experiencing a NPE in Jboss 5 when I try to check the request for a 
specific role.  Example code below:

if  (request.isUserInRole("Employee"))
System.out.println("not employee role");
else
System.out.println("employee role");
}

returns:
java.lang.NullPointerException

org.jboss.web.tomcat.security.JBossWebRealm.hasRole(JBossWebRealm.java:528)
org.apache.catalina.connector.Request.isUserInRole(Request.java:2184)

This is through the container performing the authentication.  The same method 
works fine under Jboss 4.0.3SP1, but migrating to Jboss 5 gives this error.

I know my roles are available, as accessing role information through 
SecurityAssociation works fine.

Any help would be appreciated.  I'm unsure if this is a configuration error, or 
an error in Jboss 5.

View the original post : 
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4145586#4145586

Reply to the post : 
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4145586
___
jboss-user mailing list
jboss-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/jboss-user

[jboss-user] [Persistence, JBoss/CMP, Hibernate, Database] - Automatically re-establishing DB connections in pool?

[Vellmont]

Recently the network connection to our database server went down for some 
reason.  This caused our webapps not work properly until jboss was restarted 
and established its DB connection pool again.  We're using DataSource 
connection pooling via JNDI lookups.

My question is:

Is this expected behavior?  Is JBoss supposed to re-establish it's connection 
pool if the connections are lost for some reason, or is something simply not 
configured properly?

It'd be nice to get Jboss to be a bit more robust in its failover procedures.  
Ideally trying to re-establish its connection pool ever N minutes.

View the original post : 
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4048782#4048782

Reply to the post : 
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4048782
___
jboss-user mailing list
jboss-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/jboss-user

[jboss-user] [Security & JAAS/JBoss] - SSO and avoiding a login page for each webapp.

[Vellmont]

I've just got single sign on working for two different webapps  that use form 
based authentication and it works great.  One problem I'd like to avoid is 
maintaining a login/logout/error page for each webapp. 

Is there an easy way to do this so I can maintain just one login page rather 
than one for each webapp?  Or should I look at workarounds like redirecting to 
a central login page?

View the original post : 
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4045902#4045902

Reply to the post : 
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4045902
___
jboss-user mailing list
jboss-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/jboss-user

[jboss-user] [Security & JAAS/JBoss] - Re: The neverending logout topic

[Vellmont]

I think I've found the root of my problem.  Basic Authentication.  

Not many references talk about it, but it would appear that one of the major 
architectural differences between basic, and form based authentication is that 
basic authentication has no concept of a logged in user.  The browser sends the 
credentials every time you access a protected page.  

It's essentially impossible to "logout" a user from a website using basic 
authentication because they aren't logged in.  The only way to make a webpage 
inaccessible to a user with a site using basic authentication is to get their 
browser to throw away the credentials.  That means restarting the browser, or 
clearing out cookies.  

View the original post : 
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4040221#4040221

Reply to the post : 
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4040221
___
jboss-user mailing list
jboss-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/jboss-user

[jboss-user] [Security & JAAS/JBoss] - Re: problem with auto logout client

[Vellmont]

I'd try opening up a bug report, as this sounds like a major problem.  Post the 
example code that demonstrates this problem their.

View the original post : 
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4038580#4038580

Reply to the post : 
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4038580
___
jboss-user mailing list
jboss-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/jboss-user

[jboss-user] [Security & JAAS/JBoss] - Re: The neverending logout topic

[Vellmont]

I've had similar problems with Jboss authentication I inherited from another 
developer.  I'm very interested in the answers to this problem, as currently my 
webapp doesn't seem to have any kind of timeout on logins.

Currently I stay logged into the website until I either close the brower, or 
clear out all cookies and invalidate my session via my browser.  I'm not using 
any EJBs, though I did find some references to login timeouts if you are using 
EJBs

View the original post : 
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4038566#4038566

Reply to the post : 
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4038566
___
jboss-user mailing list
jboss-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/jboss-user